VYPR

Vendor CVEs

OpenSUSE

All CVEs

1,697 total · sorted by risk
  • CVE-2014-2527Aug 26, 2014
    risk 0.00cvss epss 0.03

    kcleanup.cpp in KDirStat 2.7.0 does not properly quote strings when deleting a directory, which allows remote attackers to execute arbitrary commands via a " (double quote) character in the directory name, a different vulnerability than CVE-2014-2528.

  • CVE-2014-0483Aug 26, 2014
    risk 0.00cvss epss 0.02

    The administrative interface (contrib.admin) in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3 does not check if a field represents a relationship between models, which allows remote authenticated users to obtain sensitive…

  • CVE-2014-0482Aug 26, 2014
    risk 0.00cvss epss 0.02

    The contrib.auth.middleware.RemoteUserMiddleware middleware in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3, when using the contrib.auth.backends.RemoteUserBackend backend, allows remote authenticated users to hijack web…

  • CVE-2014-0481Aug 26, 2014
    risk 0.00cvss epss 0.02

    The default configuration for the file upload handling system in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3 uses a sequential file name generation process when a file with a conflicting name is uploaded, which allows remote…

  • CVE-2014-0480Aug 26, 2014
    risk 0.00cvss epss 0.02

    The core.urlresolvers.reverse function in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3 does not properly validate URLs, which allows remote attackers to conduct phishing attacks via a // (slash slash) in a URL, which triggers a…

  • CVE-2014-3589Aug 25, 2014
    risk 0.00cvss epss 0.04

    PIL/IcnsImagePlugin.py in Python Imaging Library (PIL) and Pillow before 2.3.2 and 2.5.x before 2.5.2 allows remote attackers to cause a denial of service via a crafted block size.

  • CVE-2014-5149Aug 22, 2014
    risk 0.00cvss epss 0.00

    Certain MMU virtualization operations in Xen 4.2.x through 4.4.x, when using shadow pagetables, are not preemptible, which allows local HVM guest to cause a denial of service (vcpu consumption) by invoking these operations, which process every page assigned to a guest, a…

  • CVE-2014-5146Aug 22, 2014
    risk 0.00cvss epss 0.00

    Certain MMU virtualization operations in Xen 4.2.x through 4.4.x before the xsa97-hap patch, when using Hardware Assisted Paging (HAP), are not preemptible, which allows local HVM guest to cause a denial of service (vcpu consumption) by invoking these operations, which process…

  • CVE-2014-3594Aug 22, 2014
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in the Host Aggregates interface in OpenStack Dashboard (Horizon) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-3 allows remote administrators to inject arbitrary web script or HTML via a new host aggregate name.

  • CVE-2014-5274Aug 22, 2014
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the view operations page in phpMyAdmin 4.1.x before 4.1.14.3 and 4.2.x before 4.2.7.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted view name, related to js/functions.js.

  • CVE-2014-2524Aug 20, 2014
    risk 0.00cvss epss 0.00

    The _rl_tropen function in util.c in GNU readline before 6.3 patch 3 allows local users to create or overwrite arbitrary files via a symlink attack on a /var/tmp/rltrace.[PID] file.

  • CVE-2014-3522Aug 19, 2014
    risk 0.00cvss epss 0.06

    The Serf RA layer in Apache Subversion 1.4.0 through 1.7.x before 1.7.18 and 1.8.x before 1.8.10 does not properly handle wildcards in the Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof servers via a crafted…

  • CVE-2014-3429Aug 7, 2014
    risk 0.00cvss epss 0.05

    IPython Notebook 0.12 through 1.x before 1.2 does not validate the origin of websocket requests, which allows remote attackers to execute arbitrary code by leveraging knowledge of the kernel id and a crafted page.

  • CVE-2013-4159Aug 6, 2014
    risk 0.00cvss epss 0.02

    ctdb before 2.3 in OpenSUSE 12.3 and 13.1 does not create temporary files securely, which has unspecified impact related to "several temp file vulnerabilities" in (1) tcp/tcp_connect.c, (2) server/eventscript.c, (3) tools/ctdb_diagnostics, (4) config/gdb_backtrace, and (5)…

  • CVE-2014-5177Aug 3, 2014
    risk 0.00cvss epss 0.01

    libvirt 1.0.0 through 1.2.x before 1.2.5, when fine grained access control is enabled, allows local users to read arbitrary files via a crafted XML document containing an XML external entity declaration in conjunction with an entity reference to the (1) virDomainDefineXML, (2)…

  • CVE-2014-0179Aug 3, 2014
    risk 0.00cvss epss 0.01

    libvirt 0.7.5 through 1.2.x before 1.2.5 allows local users to cause a denial of service (read block and hang) via a crafted XML document containing an XML external entity declaration in conjunction with an entity reference to the (1) virConnectCompareCPU or (2)…

  • CVE-2014-4987Jul 20, 2014
    risk 0.00cvss epss 0.01

    server_user_groups.php in phpMyAdmin 4.1.x before 4.1.14.2 and 4.2.x before 4.2.6 allows remote authenticated users to bypass intended access restrictions and read the MySQL user list via a viewUsers request.

  • CVE-2014-4943Jul 19, 2014
    risk 0.00cvss epss 0.02

    The PPPoL2TP feature in net/l2tp/l2tp_ppp.c in the Linux kernel through 3.15.6 allows local users to gain privileges by leveraging data-structure differences between an l2tp socket and an inet socket.

  • CVE-2014-3533Jul 19, 2014
    risk 0.00cvss epss 0.00

    dbus 1.3.0 before 1.6.22 and 1.8.x before 1.8.6 allows local users to cause a denial of service (disconnect) via a certain sequence of crafted messages that cause the dbus-daemon to forward a message containing an invalid file descriptor.

  • CVE-2014-3532Jul 19, 2014
    risk 0.00cvss epss 0.00

    dbus 1.3.0 before 1.6.22 and 1.8.x before 1.8.6, when running on Linux 2.6.37-rc4 or later, allows local users to cause a denial of service (system-bus disconnect of other services or applications) by sending a message containing a file descriptor, then exceeding the maximum…

  • CVE-2014-4258Jul 17, 2014
    risk 0.00cvss epss 0.03

    Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier and 5.6.17 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to SRINFOSC.

  • CVE-2014-3487Jul 9, 2014
    risk 0.00cvss epss 0.15

    The cdf_read_property_info function in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, does not properly validate a stream offset, which allows remote attackers to cause a denial of service (application crash) via a crafted CDF…

  • CVE-2014-3479Jul 9, 2014
    risk 0.00cvss epss 0.15

    The cdf_check_stream_offset function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, relies on incorrect sector-size data, which allows remote attackers to cause a denial of service (application crash) via a crafted…

  • CVE-2014-0247Jul 3, 2014
    risk 0.00cvss epss 0.04

    LibreOffice 4.2.4 executes unspecified VBA macros automatically, which has unspecified impact and attack vectors, possibly related to doc/docmacromode.cxx.

  • CVE-2014-4002Jul 3, 2014
    risk 0.00cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.8b allow remote attackers to inject arbitrary web script or HTML via the (1) drp_action parameter to cdef.php, (2) data_input.php, (3) data_queries.php, (4) data_sources.php, (5) data_templates.php, (6)…

  • CVE-2014-3494Jul 1, 2014
    risk 0.00cvss epss 0.01

    kio/usernotificationhandler.cpp in the POP3 kioslave in kdelibs 4.10.95 before 4.13.3 does not properly generate warning notifications, which allows man-in-the-middle attackers to obtain sensitive information via an invalid certificate.

  • CVE-2014-4617Jun 25, 2014
    risk 0.00cvss epss 0.03

    The do_uncompress function in g10/compress.c in GnuPG 1.x before 1.4.17 and 2.x before 2.0.24 allows context-dependent attackers to cause a denial of service (infinite loop) via malformed compressed packets, as demonstrated by an a3 01 5b ff byte sequence.

  • CVE-2014-4049Jun 18, 2014
    risk 0.00cvss epss 0.11

    Heap-based buffer overflow in the php_parserr function in ext/standard/dns.c in PHP 5.6.0beta4 and earlier allows remote servers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted DNS TXT record, related to the dns_get_record function.

  • CVE-2014-4165Jun 16, 2014
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in ntop allows remote attackers to inject arbitrary web script or HTML via the title parameter in a list action to plugins/rrdPlugin.

  • CVE-2014-2978Jun 11, 2014
    risk 0.00cvss epss 0.06

    The Dispatch_Write function in proxy/dispatcher/idirectfbsurface_dispatcher.c in DirectFB 1.4.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the Voodoo interface, which triggers an out-of-bounds write.

  • CVE-2014-1542Jun 11, 2014
    risk 0.00cvss epss 0.05

    Buffer overflow in the Speex resampler in the Web Audio subsystem in Mozilla Firefox before 30.0 allows remote attackers to execute arbitrary code via vectors related to a crafted AudioBuffer channel count and sample rate.

  • CVE-2014-3968Jun 5, 2014
    risk 0.00cvss epss 0.01

    The HVMOP_inject_msi function in Xen 4.2.x, 4.3.x, and 4.4.x allows local guest HVM administrators to cause a denial of service (host crash) via a large number of crafted requests, which trigger an error messages to be logged.

  • CVE-2014-3967Jun 5, 2014
    risk 0.00cvss epss 0.01

    The HVMOP_inject_msi function in Xen 4.2.x, 4.3.x, and 4.4.x does not properly check the return value from the IRQ setup check, which allows local HVM guest administrators to cause a denial of service (NULL pointer dereference and crash) via unspecified vectors.

  • CVE-2011-2198May 21, 2014
    risk 0.00cvss epss 0.02

    The "insert-blank-characters" capability in caps.c in gnome-terminal (vte) before 0.28.1 allows remote authenticated users to cause a denial of service (CPU and memory consumption and crash) via a crafted file, as demonstrated by a file containing the string…

  • CVE-2014-3730May 16, 2014
    risk 0.00cvss epss 0.03

    The django.util.http.is_safe_url function in Django 1.4 before 1.4.13, 1.5 before 1.5.8, 1.6 before 1.6.5, and 1.7 before 1.7b4 does not properly validate URLs, which allows remote attackers to conduct open redirect attacks via a malformed URL, as demonstrated by…

  • CVE-2014-1909May 14, 2014
    risk 0.00cvss epss 0.02

    Integer signedness error in system/core/adb/adb_client.c in Android Debug Bridge (ADB) for Android 4.4 in the Android SDK Platform Tools 18.0.1 allows ADB servers to execute arbitrary code via a negative length value, which bypasses a signed comparison and triggers a stack-based…

  • CVE-2012-1600May 14, 2014
    risk 0.00cvss epss 0.03

    Multiple cross-site scripting (XSS) vulnerabilities in functions.php in phpPgAdmin before 5.0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) type of a function.

  • CVE-2014-1934May 8, 2014
    risk 0.00cvss epss 0.00

    tag.py in eyeD3 (aka python-eyed3) 7.0.3, 0.6.18, and earlier for Python allows local users to modify arbitrary files via a symlink attack on a temporary file.

  • CVE-2014-0190May 8, 2014
    risk 0.00cvss epss 0.04

    The GIF decoder in QtGui in Qt before 5.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via invalid width and height values in a GIF image.

  • CVE-2014-1528Apr 30, 2014
    risk 0.00cvss epss 0.06

    The sse2_composite_src_x888_8888 function in Pixman, as used in Cairo in Mozilla Firefox 28.0 and SeaMonkey 2.25 on Windows, allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds write and application crash) by painting on a CANVAS element.

  • CVE-2014-1526Apr 30, 2014
    risk 0.00cvss epss 0.02

    The XrayWrapper implementation in Mozilla Firefox before 29.0 and SeaMonkey before 2.26 allows user-assisted remote attackers to bypass intended access restrictions via a crafted web site that is visited in the debugger, leading to unwrapping operations and calls to DOM methods…

  • CVE-2014-1525Apr 30, 2014
    risk 0.00cvss epss 0.04

    The mozilla::dom::TextTrack::AddCue function in Mozilla Firefox before 29.0 and SeaMonkey before 2.26 does not properly perform garbage collection for Text Track Manager variables, which allows remote attackers to execute arbitrary code or cause a denial of service…

  • CVE-2014-1522Apr 30, 2014
    risk 0.00cvss epss 0.05

    The mozilla::dom::OscillatorNodeEngine::ComputeCustom function in the Web Audio subsystem in Mozilla Firefox before 29.0 and SeaMonkey before 2.26 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read, memory corruption, and…

  • CVE-2014-1519Apr 30, 2014
    risk 0.00cvss epss 0.05

    Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 29.0 and SeaMonkey before 2.26 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

  • CVE-2014-0187Apr 28, 2014
    risk 0.00cvss epss 0.03

    The openvswitch-agent process in OpenStack Neutron 2013.1 before 2013.2.4 and 2014.1 before 2014.1.1 allows remote authenticated users to bypass security group restrictions via an invalid CIDR in a security group rule, which prevents further rules from being applied.

  • CVE-2014-0181Apr 27, 2014
    risk 0.00cvss epss 0.01

    The Netlink implementation in the Linux kernel through 3.14.1 does not provide a mechanism for authorizing socket operations based on the opener of a socket, which allows local users to bypass intended access restrictions and modify network configurations by using a Netlink…

  • CVE-2014-2893Apr 23, 2014
    risk 0.00cvss epss 0.00

    The GetHTMLRunDir function in the scan-build utility in Clang 3.5 and earlier allows local users to obtain sensitive information or overwrite arbitrary files via a symlink attack on temporary directories with predictable names.

  • CVE-2014-2554Apr 23, 2014
    risk 0.00cvss epss 0.01

    OTRS 3.1.x before 3.1.21, 3.2.x before 3.2.16, and 3.3.x before 3.3.6 allows remote attackers to conduct clickjacking attacks via an IFRAME element.

  • CVE-2014-2328Apr 23, 2014
    risk 0.00cvss epss 0.04

    lib/graph_export.php in Cacti 0.8.7g, 0.8.8b, and earlier allows remote authenticated users to execute arbitrary commands via shell metacharacters in unspecified vectors.

  • CVE-2014-2327Apr 23, 2014
    risk 0.00cvss epss 0.02

    Cross-site request forgery (CSRF) vulnerability in Cacti 0.8.7g, 0.8.8b, and earlier allows remote attackers to hijack the authentication of users for unspecified commands, as demonstrated by requests that (1) modify binary files, (2) modify configurations, or (3) add arbitrary…

Page 25 of 34