Opensuse

Opensuse

1454 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.8

CVE-2013-5611

  • EPSS 0.88%
  • Published 11.12.2013 15:55:12
  • Last modified 11.04.2025 00:51:21

Mozilla Firefox before 26.0 does not properly remove the Application Installation doorhanger, which makes it easier for remote attackers to spoof a Web App installation site by controlling the timing of page navigation.

4.3

CVE-2013-5612

  • EPSS 0.74%
  • Published 11.12.2013 15:55:12
  • Last modified 11.04.2025 00:51:21

Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 26.0 and SeaMonkey before 2.23 makes it easier for remote attackers to inject arbitrary web script or HTML by leveraging a Same Origin Policy violation triggered by lack of a charset ...

10

CVE-2013-5613

Exploit
  • EPSS 11.06%
  • Published 11.12.2013 15:55:12
  • Last modified 11.04.2025 00:51:21

Use-after-free vulnerability in the PresShell::DispatchSynthMouseMove function in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary code or cause...

4.3

CVE-2013-5614

  • EPSS 0.28%
  • Published 11.12.2013 15:55:12
  • Last modified 11.04.2025 00:51:21

Mozilla Firefox before 26.0 and SeaMonkey before 2.23 do not properly consider the sandbox attribute of an IFRAME element during processing of a contained OBJECT element, which allows remote attackers to bypass intended sandbox restrictions via a cra...

9.8

CVE-2013-5615

Exploit
  • EPSS 2.01%
  • Published 11.12.2013 15:55:12
  • Last modified 11.04.2025 00:51:21

The JavaScript implementation in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 does not properly enforce certain typeset restrictions on the generation of GetElementIC typed array stubs,...

9.8

CVE-2013-5616

Exploit
  • EPSS 2.87%
  • Published 11.12.2013 15:55:12
  • Last modified 11.04.2025 00:51:21

Use-after-free vulnerability in the nsEventListenerManager::HandleEventSubType function in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary code...

10

CVE-2013-5609

Exploit
  • EPSS 2.75%
  • Published 11.12.2013 15:55:07
  • Last modified 11.04.2025 00:51:21

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allow remote attackers to cause a denial of service (memory corruption and app...

10

CVE-2013-5610

  • EPSS 0.88%
  • Published 11.12.2013 15:55:07
  • Last modified 11.04.2025 00:51:21

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 26.0 and SeaMonkey before 2.23 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via u...

7.2

CVE-2013-1090

  • EPSS 0.05%
  • Published 06.12.2013 17:55:04
  • Last modified 11.04.2025 00:51:21

The SUSE horde5 package before 5.0.2-2.4.1 sets incorrect ownership for certain configuration files and directories including /etc/apache2/vhosts.d, which allows local wwwrun users to gain privileges via unspecified vectors.

7.8

CVE-2012-0425

  • EPSS 0.25%
  • Published 02.12.2013 04:36:26
  • Last modified 11.04.2025 00:51:21

LanItems.ycp in save_y2logs in yast2-network before 2.24.4 in SUSE YaST writes cleartext Wi-Fi credentials to the y2log log file, which allows context-dependent attackers to obtain sensitive information by reading the (1) WIRELESS_WPA_PASSWORD or (2)...