Latest opensuse opensuse Vulnerabilities

CVE-2020-4675
IBM InfoSphere Master Data Management Server is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the we...
IBM InfoSphere Master Data Management<=11.6
IBM InfoSphere Master Data Management Server=11.6
IBM AIX
Ibm Linux On Ibm Z
Linux Linux kernel
Microsoft Windows
and 1 more
CVE-2020-8015
A UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of exim in openSUSE Factory allows local attackers to escalate from user mail to root. This issue affects: openSUSE Factory exim...
Exim Exim<4.93.0.4-3.1
Opensuse Opensuse
CVE-2013-2637
A Cross-Site Scripting (XSS) Vulnerability exists in OTRS ITSM prior to 3.2.4, 3.1.8, and 3.0.7 and FAQ prior to 2.1.4 and 2.0.8 via changes, workorder items, and FAQ articles, which could let a remot...
Otrs Faq<2.0.8
Otrs Faq>=2.1.0<2.1.4
Otrs Otrs Itsm<3.0.7
Otrs Otrs Itsm>=3.1.0<3.1.8
Otrs Otrs Itsm>=3.2.0<3.2.4
Opensuse Opensuse=12.2
and 1 more
CVE-2014-1958
Buffer overflow in the DecodePSDPixels function in coders/psd.c in ImageMagick before 6.8.8-5 might allow remote attackers to execute arbitrary code via a crafted PSD image, involving the L%06ld strin...
ImageMagick ImageMagick<6.8.8-5
Canonical Ubuntu Linux=12.04
Canonical Ubuntu Linux=12.10
Canonical Ubuntu Linux=13.10
Opensuse Opensuse=11.4
Opensuse Opensuse=12.3
and 1 more
CVE-2014-2030
Stack-based buffer overflow in the WritePSDImage function in coders/psd.c in ImageMagick, possibly 6.8.8-5, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary ...
ImageMagick ImageMagick=6.8.8-5
Canonical Ubuntu Linux=12.04
Canonical Ubuntu Linux=12.10
Canonical Ubuntu Linux=13.10
Opensuse Opensuse=11.4
Opensuse Opensuse=12.3
and 1 more
CVE-2006-7246
NetworkManager 0.9.x does not pin a certificate's subject to an ESSID when 802.11X authentication is used.
GNOME NetworkManager>=0.9.0<=0.9.9.98
Opensuse Opensuse=11.4
Opensuse Opensuse=11.3
Opensuse Opensuse=12.1
SUSE Linux Enterprise Desktop=11-sp1
SUSE Linux Enterprise Server=11-sp1
CVE-2015-2326
The pcre_compile2 function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code and cause a denial of service (out-of-bounds read) via regular expression with a group conta...
Pcre Pcre<8.37
Opensuse Opensuse=13.1
Opensuse Opensuse=13.2
Mariadb Mariadb>=10.0.0<10.0.18
PHP PHP>=5.4.0<5.4.41
PHP PHP>=5.5.0<5.5.26
and 1 more
CVE-2015-2325
The compile_branch function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code, cause a denial of service (out-of-bounds heap read and crash), or possibly have other unsp...
Pcre Pcre<8.37
Opensuse Opensuse=13.1
Opensuse Opensuse=13.2
Mariadb Mariadb<10.0.18
PHP PHP>=5.4.0<5.4.41
PHP PHP>=5.5.0<5.5.26
and 1 more
CVE-2012-2142
The error function in Error.cc in poppler before 0.21.4 allows remote attackers to execute arbitrary commands via a PDF containing an escape sequence for a terminal emulator.
freedesktop poppler<0.21.4
Xpdfreader Xpdf=3.02
Redhat Enterprise Linux=5.0
Redhat Enterprise Linux=6.0
Opensuse Opensuse=12.2
CVE-2012-2736
In NetworkManager 0.9.2.0, when a new wireless network was created with WPA/WPA2 security in AdHoc mode, it created an open/insecure network.
GNOME NetworkManager=0.9.2.0
Debian Debian Linux=8.0
Debian Debian Linux=9.0
Debian Debian Linux=10.0
Canonical Ubuntu Linux=10.04
Canonical Ubuntu Linux=11.04
and 3 more
CVE-2014-8179
Docker Engine before 1.8.3 and CS Docker Engine before 1.6.2-CS7 does not properly validate and extract the manifest object from its JSON representation during a pull, which allows attackers to inject...
Docker Cs Engine<1.6.2-cs7
Docker Docker<1.8.3
Opensuse Opensuse=13.2
CVE-2014-8178
Docker Engine before 1.8.3 and CS Docker Engine before 1.6.2-CS7 do not use a globally unique identifier to store image layers, which makes it easier for attackers to poison the image cache via a craf...
Docker Cs Engine<1.6.2-cs7
Docker Docker<1.8.3
Opensuse Opensuse=13.2
CVE-2014-3495
duplicity 0.6.24 has improper verification of SSL certificates
Debian Duplicity=0.6.24
Debian Debian Linux=8.0
Debian Debian Linux=9.0
Debian Debian Linux=10.0
Opensuse Opensuse=12.3
Opensuse Opensuse=13.1
and 1 more
CVE-2014-2387
Pen 0.18.0 has Insecure Temporary File Creation vulnerabilities
Pen Project Pen=0.18.0
Opensuse Opensuse=13.1
Debian Debian Linux=8.0
Debian Debian Linux=9.0
Debian Debian Linux=10.0
debian/pen
CVE-2013-7370
node-connect before 2.8.1 has XSS in the Sencha Labs Connect middleware
IBM Robotic Process Automation as a Service=2.0
Sencha Connect<2.8.1
Opensuse Opensuse=13.1
Debian Debian Linux=8.0
Debian Debian Linux=9.0
Debian Debian Linux=10.0
and 1 more
CVE-2016-1000104
A security Bypass vulnerability exists in the FcgidPassHeader Proxy in mod_fcgid through 2016-07-07.
Apache Mod Fcgid<=2016-07-07
openSUSE Leap=42.1
Opensuse Opensuse=13.2
CVE-2013-2625
An Access Bypass issue exists in OTRS Help Desk before 3.2.4, 3.1.14, and 3.0.19, OTRS ITSM before 3.2.3, 3.1.8, and 3.0.7, and FAQ before 2.2.3, 2.1.4, and 2.0.8. Access rights by the object linking ...
Otrs Faq>=2.0.0<2.0.8
Otrs Faq>=2.1.0<2.1.4
Otrs Faq>=2.2.0<2.2.3
Otrs Otrs Help Desk>=3.0.0<3.0.19
Otrs Otrs Help Desk>=3.1.0<3.1.14
Otrs Otrs Help Desk>3.2.0<3.2.4
and 9 more
CVE-2012-6655
An issue exists AccountService 0.6.37 in the user_change_password_authorized_cb() function in user.c which could let a local users obtain encrypted passwords.
Accountsservice Project Accountsservice=0.6.37
Opensuse Opensuse=13.1
Debian Debian Linux=8.0
Debian Debian Linux=9.0
Debian Debian Linux=10.0
Redhat Enterprise Linux=7.0
and 3 more
CVE-2011-1588
Thunar before 1.3.1 could crash when copy and pasting a file name with % format characters due to a format string error.
Xfce Thunar=1.2.1
Xfce Thunar=1.2.0
Opensuse Opensuse=11.4
Debian Debian Linux=8.0
Debian Debian Linux=9.0
Debian Debian Linux=10.0
and 1 more
CVE-2011-1145
The SQLDriverConnect() function in unixODBC before 2.2.14p2 have a possible buffer overflow condition when specifying a large value for SAVEFILE parameter in the connection string.
Unixodbc Unixodbc<=2.2.14
Debian Debian Linux=8.0
Debian Debian Linux=9.0
Debian Debian Linux=10.0
Opensuse Opensuse=11.4
Opensuse Opensuse=11.3
and 4 more
CVE-2011-1489
A memory leak in rsyslog before 5.7.6 was found in the way deamon processed log messages were logged when multiple rulesets were used and some output batches contained messages belonging to more than ...
Rsyslog Rsyslog<5.7.6
Opensuse Opensuse=11.4
Debian Debian Linux=8.0
Debian Debian Linux=9.0
Debian Debian Linux=10.0
debian/rsyslog
CVE-2011-1490
A memory leak in rsyslog before 5.7.6 was found in the way deamon processed log messages are logged when multiple rulesets were used and some output batches contained messages belonging to more than o...
Rsyslog Rsyslog<5.7.6
Debian Debian Linux=8.0
Debian Debian Linux=9.0
Debian Debian Linux=10.0
Opensuse Opensuse=11.4
debian/rsyslog
CVE-2013-6365
Horde Groupware Web mail 5.1.2 has CSRF with requests to change permissions
debian/php-horde
debian/php-horde-kronolith
Horde Groupware=5.1.2
Opensuse Opensuse=13.1
Opensuse Opensuse=13.2
Debian Debian Linux=8.0
and 2 more
CVE-2013-3718
evince is missing a check on number of pages which can lead to a segmentation fault
GNOME evince=3.8.2
GNOME evince=3.9.2
Debian Debian Linux=8.0
Debian Debian Linux=9.0
Debian Debian Linux=10.0
Opensuse Opensuse=13.1
and 2 more
CVE-2015-5334
LibreSSL. Multiple issues were addressed by updating to libressl version 2.6.4.
Openbsd Libressl<2.3.1
Opensuse Opensuse=13.2
Apple macOS Mojave<10.14
CVE-2015-5333
LibreSSL. Multiple issues were addressed by updating to libressl version 2.6.4.
Openbsd Libressl<2.3.1
Opensuse Opensuse=13.2
Apple macOS Mojave<10.14
CVE-2014-5220
The mdcheck script of the mdadm package for openSUSE 13.2 prior to version 3.3.1-5.14.1 does not properly sanitize device names, which allows local attackers to execute arbitrary commands as root.
Opensuse Opensuse=13.2
Mdadm Project Mdadm<3.3.3

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203