This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Opensuse First view 2007-10-30
Product Opensuse Last view 2010-11-16
Version 11.1 Type Os
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:o:opensuse:opensuse

Activity : Overall

Related : CVE

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
4.3 2010-11-16 CVE-2010-4008

libxml2 before 2.7.8, as used in Google Chrome before 7.0.517.44, Apple Safari 5.0.2 and earlier, and other products, reads from invalid memory locations during processing of malformed XPath expressions, which allows context-dependent attackers to cause a denial of service (application crash) via a crafted XML document.

7.5 2010-11-05 CVE-2010-3702

The Gfx::getPos function in the PDF parser in xpdf before 3.02pl5, poppler 0.8.7 and possibly other versions up to 0.15.1, CUPS, kdegraphics, and possibly other products allows context-dependent attackers to cause a denial of service (crash) via unknown vectors that trigger an uninitialized pointer dereference.

7.8 2010-10-21 CVE-2010-4040

Google Chrome before 7.0.517.41 does not properly handle animated GIF images, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted image.

2.1 2010-09-30 CVE-2010-3297

The eql_g_master_cfg function in drivers/net/eql.c in the Linux kernel before 2.6.36-rc5 does not properly initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via an EQL_GETMASTRCFG ioctl call.

2.1 2010-09-30 CVE-2010-3296

The cxgb_extension_ioctl function in drivers/net/cxgb3/cxgb3_main.c in the Linux kernel before 2.6.36-rc5 does not properly initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via a CHELSIO_GET_QSET_NUM ioctl call.

7.2 2010-09-21 CVE-2010-3080

Double free vulnerability in the snd_seq_oss_open function in sound/core/seq/oss/seq_oss_init.c in the Linux kernel before 2.6.36-rc4 might allow local users to cause a denial of service or possibly have unspecified other impact via an unsuccessful attempt to open the /dev/sequencer device.

5.5 2010-09-21 CVE-2010-3078

The xfs_ioc_fsgetxattr function in fs/xfs/linux-2.6/xfs_ioctl.c in the Linux kernel before 2.6.36-rc4 does not initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via an ioctl call.

5.5 2010-09-21 CVE-2010-2942

The actions implementation in the network queueing functionality in the Linux kernel before 2.6.36-rc2 does not properly initialize certain structure members when performing dump operations, which allows local users to obtain potentially sensitive information from kernel memory via vectors related to (1) the tcf_gact_dump function in net/sched/act_gact.c, (2) the tcf_mirred_dump function in net/sched/act_mirred.c, (3) the tcf_nat_dump function in net/sched/act_nat.c, (4) the tcf_simp_dump function in net/sched/act_simple.c, and (5) the tcf_skbedit_dump function in net/sched/act_skbedit.c.

2.1 2010-09-08 CVE-2010-2955

The cfg80211_wext_giwessid function in net/wireless/wext-compat.c in the Linux kernel before 2.6.36-rc3-next-20100831 does not properly initialize certain structure members, which allows local users to leverage an off-by-one error in the ioctl_standard_iw_point function in net/wireless/wext-core.c, and obtain potentially sensitive information from kernel heap memory, via vectors involving an SIOCGIWESSID ioctl call that specifies a large buffer size.

1.9 2010-09-08 CVE-2010-2803

The drm_ioctl function in drivers/gpu/drm/drm_drv.c in the Direct Rendering Manager (DRM) subsystem in the Linux kernel before 2.6.27.53, 2.6.32.x before 2.6.32.21, 2.6.34.x before 2.6.34.6, and 2.6.35.x before 2.6.35.4 allows local users to obtain potentially sensitive information from kernel memory by requesting a large memory-allocation amount.

7.8 2010-09-08 CVE-2010-2798

The gfs2_dirent_find_space function in fs/gfs2/dir.c in the Linux kernel before 2.6.35 uses an incorrect size value in calculations associated with sentinel directory entries, which allows local users to cause a denial of service (NULL pointer dereference and panic) and possibly have unspecified other impact by renaming a file in a GFS2 filesystem, related to the gfs2_rename function in fs/gfs2/ops_inode.c.

6.5 2010-06-30 CVE-2010-2249

Memory leak in pngrutil.c in libpng before 1.2.44, and 1.4.x before 1.4.3, allows remote attackers to cause a denial of service (memory consumption and application crash) via a PNG image containing malformed Physical Scale (aka sCAL) chunks.

9.8 2010-06-30 CVE-2010-1205

Buffer overflow in pngpread.c in libpng before 1.2.44 and 1.4.x before 1.4.3, as used in progressive applications, might allow remote attackers to execute arbitrary code via a PNG image that triggers an additional data row.

6.8 2010-05-19 CVE-2010-1321

The kg_accept_krb5 function in krb5/accept_sec_context.c in the GSS-API library in MIT Kerberos 5 (aka krb5) through 1.7.1 and 1.8 before 1.8.2, as used in kadmind and other applications, does not properly check for invalid GSS-API tokens, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via an AP-REQ message in which the authenticator's checksum field is missing.

4.3 2010-03-03 CVE-2010-0205

The png_decompress_chunk function in pngrutil.c in libpng 1.0.x before 1.0.53, 1.2.x before 1.2.43, and 1.4.x before 1.4.1 does not properly handle compressed ancillary-chunk data that has a disproportionately large uncompressed representation, which allows remote attackers to cause a denial of service (memory and CPU consumption, and application hang) via a crafted PNG file, as demonstrated by use of the deflate compression method on data composed of many occurrences of the same character, related to a "decompression bomb" attack.

7.2 2009-11-20 CVE-2009-3080

Array index error in the gdth_read_event function in drivers/scsi/gdth.c in the Linux kernel before 2.6.32-rc8 allows local users to cause a denial of service or possibly gain privileges via a negative event index in an IOCTL request.

4.4 2009-10-23 CVE-2009-1297

iscsi_discovery in open-iscsi in SUSE openSUSE 10.3 through 11.1 and SUSE Linux Enterprise (SLE) 10 SP2 and 11, and other operating systems, allows local users to overwrite arbitrary files via a symlink attack on an unspecified temporary file that has a predictable name.

5 2009-09-08 CVE-2009-3095

The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pack Professional 8.11.

5 2009-08-06 CVE-2009-2625

XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop and application hang) via malformed XML input, as demonstrated by the Codenomicon XML fuzzing framework.

4.3 2009-07-22 CVE-2009-2472

Mozilla Firefox before 3.0.12 does not always use XPCCrossOriginWrapper when required during object construction, which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via a crafted document, related to a "cross origin wrapper bypass."

4.4 2009-05-14 CVE-2009-1630

The nfs_permission function in fs/nfs/dir.c in the NFS client implementation in the Linux kernel 2.6.29.3 and earlier, when atomic_open is available, does not check execute (aka EXEC or MAY_EXEC) permission bits, which allows local users to bypass permissions and execute files, as demonstrated by files on an NFSv4 fileserver.

7.5 2009-04-16 CVE-2009-0946

Multiple integer overflows in FreeType 2.3.9 and earlier allow remote attackers to execute arbitrary code via vectors related to large values in certain inputs in (1) smooth/ftsmooth.c, (2) sfnt/ttcmap.c, and (3) cff/cffload.c.

4.9 2009-04-06 CVE-2009-1242

The vmx_set_msr function in arch/x86/kvm/vmx.c in the VMX implementation in the KVM subsystem in the Linux kernel before 2.6.29.1 on the i386 platform allows guest OS users to cause a denial of service (OOPS) by setting the EFER_LME (aka "Long mode enable") bit in the Extended Feature Enable Register (EFER) model-specific register, which is specific to the x86_64 platform.

4.9 2009-03-24 CVE-2009-1072

nfsd in the Linux kernel before 2.6.28.9 does not drop the CAP_MKNOD capability before handling a user request in a thread, which allows local users to create device nodes, as demonstrated on a filesystem that has been exported with the root_squash option.

4.4 2009-03-11 CVE-2009-0848

Untrusted search path vulnerability in GTK2 in OpenSUSE 11.0 and 11.1 allows local users to execute arbitrary code via a Trojan horse GTK module in an unspecified "relative search path."

CWE : Common Weakness Enumeration

%idName
13% (3) CWE-476 NULL Pointer Dereference
13% (3) CWE-200 Information Exposure
8% (2) CWE-401 Failure to Release Memory Before Removing Last Reference ('Memory L...
8% (2) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
8% (2) CWE-20 Improper Input Validation
4% (1) CWE-415 Double Free
4% (1) CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')
4% (1) CWE-264 Permissions, Privileges, and Access Controls
4% (1) CWE-193 Off-by-one Error
4% (1) CWE-190 Integer Overflow or Wraparound
4% (1) CWE-129 Improper Validation of Array Index
4% (1) CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflo...
4% (1) CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting')
4% (1) CWE-78 Improper Sanitization of Special Elements used in an OS Command ('O...
4% (1) CWE-59 Improper Link Resolution Before File Access ('Link Following')
4% (1) CWE-16 Configuration

Open Source Vulnerability Database (OSVDB)

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
70083 Oracle Database MIT Kerberos 5 kg_accept_krb5 Remote Denial of Service
69205 libxml2 Crafted XML File XPath Axis Traversal DoS
69064 Poppler Gfx::getPos PDF Handling Uninitialized Pointer Dereference DoS
68841 Google Chrome Crafted Animated GIF Handling Memory Corruption
68306 Linux Kernel drivers/net/eql.c eql_g_master_cfg Function EQL_GETMASTRCFG IOCT...
68305 Linux Kernel drivers/net/cxgb3/cxgb3_main.c cxgb_extension_ioctl Function CHE...
68176 Linux Kernel sound/core/seq/oss/seq_oss_init.c snd_seq_oss_open Function Doub...
68173 Linux Kernel net/sched/act_skbedit.c tcf_skbedit_dump Function Network Queuei...
68172 Linux Kernel net/sched/act_simple.c tcf_simp_dump Function Network Queueing A...
68171 Linux Kernel net/sched/act_nat.c tcf_nat_dump Function Network Queueing Actio...
68170 Linux Kernel net/sched/act_mirred.c tcf_mirred_dump Function Network Queueing...
68169 Linux Kernel net/sched/act_gact.c tcf_gact_dump Function Network Queueing Act...
67881 Linux Kernel fs/xfs/linux-2.6/xfs_ioctl.c xfs_ioc_fsgetxattr() Function Stack...
67742 Linux Kernel net/wireless/wext-compat.c cfg80211_wext_giwessid Function Craft...
67366 Linux Kernel fs/gfs2/dir.c gfs2_dirent_find_space Function GFS2 File System R...
67334 Linux Kernel drivers/gpu/drm/drm_drv.c drm_ioctl() Function Crafted IOCTL Ker...
66600 Mozilla Multiple Products PNG File Handling Overflow
65853 libpng pngrutil.c sCAL Chunk Memory Corruption DoS
65852 libpng pngpread.c PNG Image Data Height Overflow
64744 Kerberos GSS-API AP-REQ Authenticator NULL Dereference Remote DoS
62670 libpng pngrutil.c png_decompress_chunk Function Ancillary Chunks PNG File Dec...
60311 Linux Kernel drivers/scsi/gdth.c gdth_read_event() Function IOCTL Handling Lo...
59271 open-iscsi iscsi_discovery in SUSE Unspecified Temporary File Symlink Arbitra...
57882 Apache HTTP Server mod_proxy_ftp Authorization HTTP Header Arbitrary FTP Comm...
56984 Apache Xerces2 Java Malformed XML Input DoS

ExploitDB Exploits

id Description
14422 libpng <= 1.4.2 Denial of Service Vulnerability

OpenVAS Exploits

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2012-08-24 Name : CentOS Update for tetex CESA-2012:1201 centos5
File : nvt/gb_CESA-2012_1201_tetex_centos5.nasl
2012-08-24 Name : RedHat Update for tetex RHSA-2012:1201-01
File : nvt/gb_RHSA-2012_1201-01_tetex.nasl
2012-07-30 Name : CentOS Update for libxml2 CESA-2012:0017 centos5
File : nvt/gb_CESA-2012_0017_libxml2_centos5.nasl
2012-07-13 Name : VMSA-2012-0012 VMware ESXi update addresses several security issues.
File : nvt/gb_VMSA-2012-0012.nasl
2012-07-09 Name : RedHat Update for libxml2 RHSA-2011:1749-03
File : nvt/gb_RHSA-2011_1749-03_libxml2.nasl
2012-06-06 Name : RedHat Update for kernel RHSA-2011:0421-01
File : nvt/gb_RHSA-2011_0421-01_kernel.nasl
2012-06-06 Name : RedHat Update for xerces-j2 RHSA-2011:0858-01
File : nvt/gb_RHSA-2011_0858-01_xerces-j2.nasl
2012-06-05 Name : RedHat Update for kernel RHSA-2011:0007-01
File : nvt/gb_RHSA-2011_0007-01_kernel.nasl
2012-04-16 Name : VMSA-2010-0009: ESXi utilities and ESX Service Console third party updates
File : nvt/gb_VMSA-2010-0009.nasl
2012-03-16 Name : VMSA-2011-0003.2 Third party component updates for VMware vCenter Server, vCe...
File : nvt/gb_VMSA-2011-0003.nasl
2012-03-16 Name : VMSA-2011-0009.3 VMware hosted product updates, ESX patches and VI Client upd...
File : nvt/gb_VMSA-2011-0009.nasl
2012-03-16 Name : VMSA-2011-0012.3 VMware ESXi and ESX updates to third party libraries and ESX...
File : nvt/gb_VMSA-2011-0012.nasl
2012-03-15 Name : VMSA-2010-0016 VMware ESXi and ESX third party updates for Service Console an...
File : nvt/gb_VMSA-2010-0016.nasl
2012-03-15 Name : VMSA-2011-0013.2 VMware third party component updates for VMware vCenter Serv...
File : nvt/gb_VMSA-2011-0013.nasl
2012-02-12 Name : Gentoo Security Advisory GLSA 201110-26 (libxml2)
File : nvt/glsa_201110_26.nasl
2012-02-12 Name : Gentoo Security Advisory GLSA 201201-13 (mit-krb5)
File : nvt/glsa_201201_13.nasl
2012-01-13 Name : RedHat Update for libxml2 RHSA-2012:0017-01
File : nvt/gb_RHSA-2012_0017-01_libxml2.nasl
2011-10-21 Name : Ubuntu Update for open-iscsi USN-1235-1
File : nvt/gb_ubuntu_USN_1235_1.nasl
2011-09-16 Name : Ubuntu Update for linux-ti-omap4 USN-1202-1
File : nvt/gb_ubuntu_USN_1202_1.nasl
2011-09-07 Name : Mac OS X v10.6.4 Multiple Vulnerabilities (2010-007)
File : nvt/gb_macosx_su10-007.nasl
2011-08-27 Name : Ubuntu Update for webkit USN-1195-1
File : nvt/gb_ubuntu_USN_1195_1.nasl
2011-08-26 Name : Apple iTunes Multiple Vulnerabilities (Mac OS X)
File : nvt/secpod_itunes_mult_vuln_macosx.nasl
2011-08-26 Name : Mac OS X v10.6.6 Multiple Vulnerabilities (2011-001)
File : nvt/secpod_macosx_su11-001.nasl
2011-08-12 Name : Apple Safari Multiple Vulnerabilities - March 2011 (Mac OS X)
File : nvt/gb_apple_safari_mult_vuln_mar11_macosx.nasl
2011-08-09 Name : CentOS Update for freetype CESA-2009:0329 centos3 i386
File : nvt/gb_CESA-2009_0329_freetype_centos3_i386.nasl

Information Assurance Vulnerability Management (IAVM)

id Description
2012-A-0153 Multiple Vulnerabilities in VMware ESX 4.0 and ESXi 4.0
Severity: Category I - VMSKEY: V0033884
2012-A-0073 Multiple Vulnerabilities in VMware ESXi 4.1 and ESX 4.1
Severity: Category I - VMSKEY: V0032171
2011-A-0160 Multiple Vulnerabilities in VMware vCenter Server 4.0 and vCenter Update Mana...
Severity: Category I - VMSKEY: V0030769
2011-A-0147 Multiple Vulnerabilities in VMware ESX and ESXi
Severity: Category I - VMSKEY: V0030545
2011-A-0075 Multiple Vulnerabilities in VMware Products
Severity: Category I - VMSKEY: V0028311
2011-A-0066 Multiple Vulnerabilities in VMware Products
Severity: Category I - VMSKEY: V0027158
2010-A-0015 Multiple Vulnerabilities in Red Hat Linux Kernel
Severity: Category I - VMSKEY: V0022631
2010-A-0001 Multiple Vulnerabilities in Linux Kernel
Severity: Category I - VMSKEY: V0022180

Snort® IPS/IDS

Date Description
2019-12-24 Mutiple products libpng extra row heap overflow attempt
RuleID : 52307 - Type : FILE-IMAGE - Revision : 1
2019-12-24 Mutiple products libpng extra row heap overflow attempt
RuleID : 52306 - Type : FILE-IMAGE - Revision : 1
2014-01-10 Linux Kernel nfsd v4 CAP_MKNOD security bypass attempt
RuleID : 17749 - Type : PROTOCOL-RPC - Revision : 7
2014-01-10 Linux Kernel nfsd v3 tcp CAP_MKNOD security bypass attempt
RuleID : 16702 - Type : PROTOCOL-RPC - Revision : 7
2014-01-10 Linux Kernel nfsd v3 udp CAP_MKNOD security bypass attempt
RuleID : 16701 - Type : PROTOCOL-RPC - Revision : 8
2014-01-10 Linux Kernel nfsd v2 tcp CAP_MKNOD security bypass attempt
RuleID : 16700 - Type : PROTOCOL-RPC - Revision : 7
2014-01-10 Linux Kernel nfsd v2 udp CAP_MKNOD security bypass attempt
RuleID : 16699 - Type : PROTOCOL-RPC - Revision : 8

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2017-09-01 Name: The remote OracleVM host is missing one or more security updates.
File: oraclevm_OVMSA-2017-0147.nasl - Type: ACT_GATHER_INFO
2016-11-30 Name: The remote FreeBSD host is missing a security-related update.
File: freebsd_pkg_18449f92ab3911e68011005056925db4.nasl - Type: ACT_GATHER_INFO
2016-03-08 Name: The remote VMware ESX host is missing a security-related patch.
File: vmware_VMSA-2010-0002_remote.nasl - Type: ACT_GATHER_INFO
2016-03-08 Name: The remote VMware ESX / ESXi host is missing a security-related patch.
File: vmware_VMSA-2010-0009_remote.nasl - Type: ACT_GATHER_INFO
2016-03-08 Name: The remote VMware ESX host is missing a security-related patch.
File: vmware_VMSA-2010-0013_remote.nasl - Type: ACT_GATHER_INFO
2016-03-04 Name: The remote VMware ESX / ESXi host is missing a security-related patch.
File: vmware_VMSA-2011-0003_remote.nasl - Type: ACT_GATHER_INFO
2016-03-04 Name: The remote VMware ESX / ESXi host is missing a security-related patch.
File: vmware_VMSA-2011-0009_remote.nasl - Type: ACT_GATHER_INFO
2016-03-04 Name: The remote VMware ESX / ESXi host is missing a security-related patch.
File: vmware_VMSA-2011-0012_remote.nasl - Type: ACT_GATHER_INFO
2016-03-04 Name: The remote VMware ESX / ESXi host is missing a security-related patch.
File: vmware_VMSA-2011-0013_remote.nasl - Type: ACT_GATHER_INFO
2016-03-03 Name: The remote host is missing a security-related patch.
File: vmware_VMSA-2009-0016_remote.nasl - Type: ACT_GATHER_INFO
2016-03-03 Name: The remote VMware ESX host is missing a security-related patch.
File: vmware_VMSA-2012-0008_remote.nasl - Type: ACT_GATHER_INFO
2016-02-29 Name: The remote VMware ESX / ESXi host is missing a security-related patch.
File: vmware_VMSA-2012-0012_remote.nasl - Type: ACT_GATHER_INFO
2015-01-19 Name: The remote Solaris system is missing a security patch for third-party software.
File: solaris11_libxml2_20120821.nasl - Type: ACT_GATHER_INFO
2014-12-15 Name: The remote device is missing a vendor-supplied security patch.
File: f5_bigip_SOL15905.nasl - Type: ACT_GATHER_INFO
2014-12-15 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201412-08.nasl - Type: ACT_GATHER_INFO
2014-12-15 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201412-11.nasl - Type: ACT_GATHER_INFO
2014-11-26 Name: The remote OracleVM host is missing one or more security updates.
File: oraclevm_OVMSA-2008-2007.nasl - Type: ACT_GATHER_INFO
2014-11-26 Name: The remote OracleVM host is missing a security update.
File: oraclevm_OVMSA-2009-0012.nasl - Type: ACT_GATHER_INFO
2014-11-26 Name: The remote OracleVM host is missing one or more security updates.
File: oraclevm_OVMSA-2009-0014.nasl - Type: ACT_GATHER_INFO
2014-11-26 Name: The remote OracleVM host is missing one or more security updates.
File: oraclevm_OVMSA-2011-0015.nasl - Type: ACT_GATHER_INFO
2014-11-26 Name: The remote OracleVM host is missing one or more security updates.
File: oraclevm_OVMSA-2013-0039.nasl - Type: ACT_GATHER_INFO
2014-11-17 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2012-0168.nasl - Type: ACT_GATHER_INFO
2014-11-08 Name: The remote Red Hat host is missing a security update.
File: redhat-RHSA-2012-1537.nasl - Type: ACT_GATHER_INFO
2014-06-13 Name: The remote openSUSE host is missing a security update.
File: suse_11_3_Kernel-100824.nasl - Type: ACT_GATHER_INFO
2014-06-13 Name: The remote openSUSE host is missing a security update.
File: suse_11_3_MozillaFirefox-100727.nasl - Type: ACT_GATHER_INFO