Opensuse

Opensuse

1454 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.2

CVE-2012-0427

Exploit
  • EPSS 0.05%
  • Veröffentlicht 02.12.2013 04:36:26
  • Zuletzt bearbeitet 11.04.2025 00:51:21

yast2-add-on-creator in SUSE inst-source-utils 2008.11.26 before 2008.11.26-0.9.1 and 2012.9.13 before 2012.9.13-0.8.1 allows local users to gain privileges via a crafted (1) file name or (2) directory name.

5

CVE-2013-6712

  • EPSS 22.79%
  • Veröffentlicht 28.11.2013 04:37:39
  • Zuletzt bearbeitet 11.04.2025 00:51:21

The scan function in ext/date/lib/parse_iso_intervals.c in PHP through 5.5.6 does not properly restrict creation of DateInterval objects, which might allow remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted inte...

1.9

CVE-2013-4509

  • EPSS 0.08%
  • Veröffentlicht 23.11.2013 19:55:03
  • Zuletzt bearbeitet 11.04.2025 00:51:21

The default configuration of IBUS 1.5.4, and possibly 1.5.2 and earlier, when IBus.InputPurpose.PASSWORD is not set and used with GNOME 3, does not obscure the entered password characters, which allows physically proximate attackers to obtain a user ...

4.3

CVE-2013-0221

Exploit
  • EPSS 6.01%
  • Veröffentlicht 23.11.2013 18:55:04
  • Zuletzt bearbeitet 11.04.2025 00:51:21

The SUSE coreutils-i18n.patch for GNU coreutils allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a long string to the sort command, when using the (1) -d or (2) -M switch, which triggers a stack-based...

2.1

CVE-2013-0222

  • EPSS 0.14%
  • Veröffentlicht 23.11.2013 18:55:04
  • Zuletzt bearbeitet 11.04.2025 00:51:21

The SUSE coreutils-i18n.patch for GNU coreutils allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a long string to the uniq command, which triggers a stack-based buffer overflow in the alloca function.

1.9

CVE-2013-0223

Exploit
  • EPSS 0.14%
  • Veröffentlicht 23.11.2013 18:55:04
  • Zuletzt bearbeitet 11.04.2025 00:51:21

The SUSE coreutils-i18n.patch for GNU coreutils allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a long string to the join command, when using the -i switch, which triggers a stack-based buffer overfl...

7.5

CVE-2013-4547

  • EPSS 93.55%
  • Veröffentlicht 23.11.2013 18:55:04
  • Zuletzt bearbeitet 11.04.2025 00:51:21

nginx 0.8.41 through 1.4.3 and 1.5.x before 1.5.7 allows remote attackers to bypass intended restrictions via an unescaped space character in a URI.

4.3

CVE-2013-6858

  • EPSS 0.76%
  • Veröffentlicht 23.11.2013 17:55:03
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Multiple cross-site scripting (XSS) vulnerabilities in OpenStack Dashboard (Horizon) 2013.2 and earlier allow local users to inject arbitrary web script or HTML via an instance name to (1) "Volumes" or (2) "Network Topology" page.

7.9

CVE-2013-6375

  • EPSS 0.63%
  • Veröffentlicht 23.11.2013 11:55:04
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Xen 4.2.x and 4.3.x, when using Intel VT-d for PCI passthrough, does not properly flush the TLB after clearing a present translation table entry, which allows local guest administrators to cause a denial of service or gain privileges via unspecified ...

5

CVE-2013-4487

Exploit
  • EPSS 0.34%
  • Veröffentlicht 20.11.2013 14:12:30
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Off-by-one error in the dane_raw_tlsa in the DANE library (libdane) in GnuTLS 3.1.x before 3.1.16 and 3.2.x before 3.2.6 allows remote servers to cause a denial of service (memory corruption) via a response with more than four DANE entries. NOTE: th...