This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Opensuse First view 2010-06-15
Product Opensuse Last view 2020-01-27
Version 11.3 Type Os
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:o:opensuse:opensuse

Activity : Overall

Related : CVE

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
6.8 2020-01-27 CVE-2006-7246

NetworkManager 0.9.x does not pin a certificate's subject to an ESSID when 802.11X authentication is used.

7.8 2019-11-14 CVE-2011-1145

The SQLDriverConnect() function in unixODBC before 2.2.14p2 have a possible buffer overflow condition when specifying a large value for SAVEFILE parameter in the connection string.

7.8 2019-11-13 CVE-2010-4661

udisks before 1.0.3 allows a local user to load arbitrary Linux kernel modules.

5.1 2014-06-18 CVE-2014-4049

Heap-based buffer overflow in the php_parserr function in ext/standard/dns.c in PHP 5.6.0beta4 and earlier allows remote servers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted DNS TXT record, related to the dns_get_record function.

6.3 2014-04-16 CVE-2011-0460

The init script in kbd, possibly 1.14.1 and earlier, allows local users to overwrite arbitrary files via a symlink attack on /dev/shm/defkeymap.map.

5.8 2014-02-10 CVE-2011-4093

Integer overflow in inc/server.hpp in libnet6 (aka net6) before 1.3.14 might allow remote attackers to hijack connections and gain privileges as other users by making a large number of connections until the overflow occurs and an ID of another user is provided.

5 2014-02-10 CVE-2011-4091

The libobby server in inc/server.hpp in libnet6 (aka net6) before 1.3.14 does not perform authentication before checking the user name, which allows remote attackers to obtain sensitive information such as server-usage patterns by a particular user and color preferences.

9.3 2012-06-15 CVE-2011-3193

Heap-based buffer overflow in the Lookup_MarkMarkPos function in the HarfBuzz module (harfbuzz-gpos.c), as used by Qt before 4.7.4 and Pango, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted font file.

6.9 2011-04-04 CVE-2011-0468

The aaa_base package before 11.3-8.9.1 in SUSE openSUSE 11.3, and before 11.4-54.62.1 in openSUSE 11.4, allows local users to gain privileges via shell metacharacters in a filename, related to tab expansion.

6.3 2011-04-04 CVE-2011-0461

/etc/init.d/boot.localfs in the aaa_base package before 11.2-43.48.1 in SUSE openSUSE 11.2, and before 11.3-8.7.1 in openSUSE 11.3, allows local users to overwrite arbitrary files via a symlink attack on /dev/shm/mtab.

1.9 2011-01-03 CVE-2010-3876

net/packet/af_packet.c in the Linux kernel before 2.6.37-rc2 does not properly initialize certain structure members, which allows local users to obtain potentially sensitive information from kernel stack memory by leveraging the CAP_NET_RAW capability to read copies of the applicable structures.

2.1 2010-12-10 CVE-2010-3861

The ethtool_get_rxnfc function in net/core/ethtool.c in the Linux kernel before 2.6.36 does not initialize a certain block of heap memory, which allows local users to obtain potentially sensitive information via an ETHTOOL_GRXCLSRLALL ethtool command with a large info.rule_cnt value, a different vulnerability than CVE-2010-2478.

7.5 2010-12-07 CVE-2010-4494

Double free vulnerability in libxml2 2.7.8 and other versions, as used in Google Chrome before 8.0.552.215 and other products, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to XPath handling.

1.9 2010-11-30 CVE-2010-4082

The viafb_ioctl_get_viafb_info function in drivers/video/via/ioctl.c in the Linux kernel before 2.6.36-rc5 does not properly initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via a VIAFB_GET_INFO ioctl call.

1.9 2010-11-30 CVE-2010-4081

The snd_hdspm_hwdep_ioctl function in sound/pci/rme9652/hdspm.c in the Linux kernel before 2.6.36-rc6 does not initialize a certain structure, which allows local users to obtain potentially sensitive information from kernel stack memory via an SNDRV_HDSPM_IOCTL_GET_CONFIG_INFO ioctl call.

2.1 2010-11-30 CVE-2010-4080

The snd_hdsp_hwdep_ioctl function in sound/pci/rme9652/hdsp.c in the Linux kernel before 2.6.36-rc6 does not initialize a certain structure, which allows local users to obtain potentially sensitive information from kernel stack memory via an SNDRV_HDSP_IOCTL_GET_CONFIG_INFO ioctl call.

1.9 2010-11-29 CVE-2010-4078

The sisfb_ioctl function in drivers/video/sis/sis_main.c in the Linux kernel before 2.6.36-rc6 does not properly initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via an FBIOGET_VBLANK ioctl call.

1.9 2010-11-29 CVE-2010-4073

The ipc subsystem in the Linux kernel before 2.6.37-rc1 does not initialize certain structures, which allows local users to obtain potentially sensitive information from kernel stack memory via vectors related to the (1) compat_sys_semctl, (2) compat_sys_msgctl, and (3) compat_sys_shmctl functions in ipc/compat.c; and the (4) compat_sys_mq_open and (5) compat_sys_mq_getsetattr functions in ipc/compat_mq.c.

4.9 2010-11-22 CVE-2010-4169

Use-after-free vulnerability in mm/mprotect.c in the Linux kernel before 2.6.37-rc2 allows local users to cause a denial of service via vectors involving an mprotect system call.

4.9 2010-11-22 CVE-2010-4165

The do_tcp_setsockopt function in net/ipv4/tcp.c in the Linux kernel before 2.6.37-rc2 does not properly restrict TCP_MAXSEG (aka MSS) values, which allows local users to cause a denial of service (OOPS) via a setsockopt call that specifies a small value, leading to a divide-by-zero error or incorrect use of a signed integer.

4.3 2010-11-16 CVE-2010-4008

libxml2 before 2.7.8, as used in Google Chrome before 7.0.517.44, Apple Safari 5.0.2 and earlier, and other products, reads from invalid memory locations during processing of malformed XPath expressions, which allows context-dependent attackers to cause a denial of service (application crash) via a crafted XML document.

9.8 2010-10-21 CVE-2010-4042

Google Chrome before 7.0.517.41 does not properly handle element maps, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to "stale elements."

7.8 2010-10-21 CVE-2010-4040

Google Chrome before 7.0.517.41 does not properly handle animated GIF images, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted image.

7.2 2010-10-12 CVE-2010-3110

Multiple buffer overflows in the Novell Client novfs module for the Linux kernel in SUSE Linux Enterprise 11 SP1 and openSUSE 11.3 allow local users to gain privileges via unspecified vectors.

4.7 2010-10-04 CVE-2010-3442

Multiple integer overflows in the snd_ctl_new function in sound/core/control.c in the Linux kernel before 2.6.36-rc5-next-20100929 allow local users to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a crafted (1) SNDRV_CTL_IOCTL_ELEM_ADD or (2) SNDRV_CTL_IOCTL_ELEM_REPLACE ioctl call.

CWE : Common Weakness Enumeration

%idName
15% (5) CWE-200 Information Exposure
15% (5) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
6% (2) CWE-476 NULL Pointer Dereference
6% (2) CWE-416 Use After Free
6% (2) CWE-264 Permissions, Privileges, and Access Controls
6% (2) CWE-190 Integer Overflow or Wraparound
6% (2) CWE-59 Improper Link Resolution Before File Access ('Link Following')
6% (2) CWE-20 Improper Input Validation
3% (1) CWE-787 Out-of-bounds Write
3% (1) CWE-704 Incorrect Type Conversion or Cast
3% (1) CWE-434 Unrestricted Upload of File with Dangerous Type
3% (1) CWE-415 Double Free
3% (1) CWE-401 Failure to Release Memory Before Removing Last Reference ('Memory L...
3% (1) CWE-369 Divide By Zero
3% (1) CWE-295 Certificate Issues
3% (1) CWE-287 Improper Authentication
3% (1) CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflo...
3% (1) CWE-94 Failure to Control Generation of Code ('Code Injection')
3% (1) CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting')

Open Source Vulnerability Database (OSVDB)

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
77301 NetworkManager ESSID PEAP / EAP-TTLS 802.11x Authentication MitM Weakness
76741 net6 basic_server::id_counter Overflow Session Hijacking
76739 net6 libobby Color Collision Check User Enumeration
75652 Qt src/3rdparty/harfbuzz/src/harfbuzz-gpos.c Font Handling Overflow
75100 SUSE aaa_base /etc/init.d/boot.localfs Temporary File Symlink Arbitrary File ...
74930 SUSE kbd /etc/init.d/kbd /dev/shm/defkeymap.map File Creation Weakness Symlin...
73748 udisks mount(8) Command Arbitrary Kernel Module Loading
71478 unixODBC SQLDriverConnect() SAVEFILE Parameter Overflow
71253 openSUSE aaa_base Metacharacter Tab Expansion Filename Handling Command Execu...
69787 Linux Kernel net/core/ethtool.c ethtool_get_rxnfc Function ETHTOOL_GRXCLSRLAL...
69673 Google Chrome XPath Handling Double-free Remote DoS
69554 Linux Kernel drivers/video/via/ioctl.c viafb_ioctl_get_viafb_info VIAFB_GET_I...
69553 Linux Kernel sound/pci/rme9652/hdspm.c snd_hdspm_hwdep_ioctl Function SNDRV_H...
69552 Linux Kernel sound/pci/rme9652/hdsp.c snd_hdsp_hwdep_ioctl Function SNDRV_HDS...
69531 Linux Kernel ipc Subsystem ipc/compat_mq.c Multiple Function Local Memory Dis...
69530 Linux Kernel ipc Subsystem ipc/compat.c Multiple Function Local Memory Disclo...
69525 Linux Kernel drivers/video/sis/sis_main.c sisfb_ioctl Function FBIOGET_VBLANK...
69425 Linux Kernel mm/mprotect.c mprotect System Call Use-after-free Local DoS
69241 Linux Kernel TCP MSS Divide-by-zero DoS
69205 libxml2 Crafted XML File XPath Axis Traversal DoS
69162 Linux Kernel net/packet/af_packet.c Multiple Function Stack Memory Disclosure
68843 Google Chrome Stale Element Map Handling DoS
68841 Google Chrome Crafted Animated GIF Handling Memory Corruption
68370 Linux Kernel drivers/block/pktcdvd.c pkt_find_dev_from_minor Function PKT_CTR...
68365 Google Chrome WebKit Variable Casting Weakness Malformed SVG Document Handlin...

ExploitDB Exploits

id Description
17787 Linux Kernel < 2.6.36.2 Econet Privilege Escalation Exploit
16952 Linux Kernel < 2.6.37-rc2 TCP_MAXSEG Kernel Panic DoS
16263 Linux Kernel <= 2.6.37 Local Kernel Denial of Service
15150 Linux Kernel < 2.6.36-rc6 pktcdvd Kernel Memory Disclosure

OpenVAS Exploits

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2012-09-26 Name : Gentoo Security Advisory GLSA 201209-02 (tiff)
File : nvt/glsa_201209_02.nasl
2012-07-30 Name : CentOS Update for kernel CESA-2010:0936 centos4 x86_64
File : nvt/gb_CESA-2010_0936_kernel_centos4_x86_64.nasl
2012-07-30 Name : CentOS Update for kernel CESA-2011:0004 centos5 x86_64
File : nvt/gb_CESA-2011_0004_kernel_centos5_x86_64.nasl
2012-07-30 Name : CentOS Update for kernel CESA-2011:0162 centos4 x86_64
File : nvt/gb_CESA-2011_0162_kernel_centos4_x86_64.nasl
2012-07-30 Name : CentOS Update for qt4 CESA-2011:1324 centos5 x86_64
File : nvt/gb_CESA-2011_1324_qt4_centos5_x86_64.nasl
2012-07-30 Name : CentOS Update for evolution28-pango CESA-2011:1325 centos4 x86_64
File : nvt/gb_CESA-2011_1325_evolution28-pango_centos4_x86_64.nasl
2012-07-30 Name : CentOS Update for pango CESA-2011:1326 centos5 x86_64
File : nvt/gb_CESA-2011_1326_pango_centos5_x86_64.nasl
2012-07-30 Name : CentOS Update for frysk CESA-2011:1327 centos4 x86_64
File : nvt/gb_CESA-2011_1327_frysk_centos4_x86_64.nasl
2012-07-30 Name : CentOS Update for libxml2 CESA-2012:0017 centos5
File : nvt/gb_CESA-2012_0017_libxml2_centos5.nasl
2012-07-16 Name : Ubuntu Update for qt4-x11 USN-1504-1
File : nvt/gb_ubuntu_USN_1504_1.nasl
2012-07-13 Name : VMSA-2012-0012 VMware ESXi update addresses several security issues.
File : nvt/gb_VMSA-2012-0012.nasl
2012-07-09 Name : RedHat Update for kernel RHSA-2011:0283-01
File : nvt/gb_RHSA-2011_0283-01_kernel.nasl
2012-07-09 Name : RedHat Update for qt RHSA-2011:1323-01
File : nvt/gb_RHSA-2011_1323-01_qt.nasl
2012-07-09 Name : RedHat Update for libxml2 RHSA-2011:1749-03
File : nvt/gb_RHSA-2011_1749-03_libxml2.nasl
2012-06-05 Name : RedHat Update for kernel RHSA-2011:0007-01
File : nvt/gb_RHSA-2011_0007-01_kernel.nasl
2012-04-02 Name : Fedora Update for net6 FEDORA-2011-15363
File : nvt/gb_fedora_2011_15363_net6_fc16.nasl
2012-03-16 Name : VMSA-2011-0012.3 VMware ESXi and ESX updates to third party libraries and ESX...
File : nvt/gb_VMSA-2011-0012.nasl
2012-02-12 Name : Gentoo Security Advisory GLSA 201110-26 (libxml2)
File : nvt/glsa_201110_26.nasl
2012-01-13 Name : RedHat Update for libxml2 RHSA-2012:0017-01
File : nvt/gb_RHSA-2012_0017-01_libxml2.nasl
2011-12-05 Name : SuSE Update for NetworkManager, wpa_supplicant, NetworkManager-gnome SUSE-SA:...
File : nvt/gb_suse_2011_045.nasl
2011-12-02 Name : Fedora Update for kernel FEDORA-2011-16346
File : nvt/gb_fedora_2011_16346_kernel_fc14.nasl
2011-11-25 Name : Fedora Update for net6 FEDORA-2011-15326
File : nvt/gb_fedora_2011_15326_net6_fc15.nasl
2011-11-25 Name : Fedora Update for net6 FEDORA-2011-15332
File : nvt/gb_fedora_2011_15332_net6_fc14.nasl
2011-11-08 Name : Fedora Update for kernel FEDORA-2011-15241
File : nvt/gb_fedora_2011_15241_kernel_fc14.nasl
2011-10-31 Name : Fedora Update for kernel FEDORA-2011-14747
File : nvt/gb_fedora_2011_14747_kernel_fc14.nasl

Information Assurance Vulnerability Management (IAVM)

id Description
2014-B-0086 Multiple Vulnerabilities in PHP
Severity: Category I - VMSKEY: V0052897
2012-A-0153 Multiple Vulnerabilities in VMware ESX 4.0 and ESXi 4.0
Severity: Category I - VMSKEY: V0033884
2012-A-0073 Multiple Vulnerabilities in VMware ESXi 4.1 and ESX 4.1
Severity: Category I - VMSKEY: V0032171
2011-A-0147 Multiple Vulnerabilities in VMware ESX and ESXi
Severity: Category I - VMSKEY: V0030545

Snort® IPS/IDS

Date Description
2014-11-16 PHP DNS parsing heap overflow attempt
RuleID : 31460 - Type : SERVER-WEBAPP - Revision : 3

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2016-08-29 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2016-1638-1.nasl - Type: ACT_GATHER_INFO
2016-04-05 Name: The remote Fedora host is missing one or more security updates.
File: fedora_2016-cd218eef79.nasl - Type: ACT_GATHER_INFO
2016-03-04 Name: The remote VMware ESX / ESXi host is missing a security-related patch.
File: vmware_VMSA-2011-0012_remote.nasl - Type: ACT_GATHER_INFO
2016-03-03 Name: The remote VMware ESX host is missing a security-related patch.
File: vmware_VMSA-2012-0008_remote.nasl - Type: ACT_GATHER_INFO
2016-02-29 Name: The remote VMware ESX / ESXi host is missing a security-related patch.
File: vmware_VMSA-2012-0012_remote.nasl - Type: ACT_GATHER_INFO
2015-04-10 Name: The remote host is missing a Mac OS X update that fixes multiple security vul...
File: macosx_10_10_3.nasl - Type: ACT_GATHER_INFO
2015-04-10 Name: The remote host is missing a Mac OS X update that fixes multiple security vul...
File: macosx_SecUpd2015-004.nasl - Type: ACT_GATHER_INFO
2015-03-30 Name: The remote Mandriva Linux host is missing one or more security updates.
File: mandriva_MDVSA-2015-080.nasl - Type: ACT_GATHER_INFO
2015-03-26 Name: The remote Debian host is missing a security update.
File: debian_DLA-117.nasl - Type: ACT_GATHER_INFO
2015-03-26 Name: The remote Debian host is missing a security update.
File: debian_DLA-67.nasl - Type: ACT_GATHER_INFO
2015-01-19 Name: The remote Solaris system is missing a security patch for third-party software.
File: solaris11_libxml2_20120821.nasl - Type: ACT_GATHER_INFO
2014-12-15 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201412-09.nasl - Type: ACT_GATHER_INFO
2014-11-26 Name: The remote OracleVM host is missing one or more security updates.
File: oraclevm_OVMSA-2013-0039.nasl - Type: ACT_GATHER_INFO
2014-11-17 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2012-0168.nasl - Type: ACT_GATHER_INFO
2014-10-12 Name: The remote Amazon Linux AMI host is missing a security update.
File: ala_ALAS-2014-367.nasl - Type: ACT_GATHER_INFO
2014-10-12 Name: The remote Amazon Linux AMI host is missing a security update.
File: ala_ALAS-2014-372.nasl - Type: ACT_GATHER_INFO
2014-10-12 Name: The remote Amazon Linux AMI host is missing a security update.
File: ala_ALAS-2014-393.nasl - Type: ACT_GATHER_INFO
2014-09-18 Name: The remote host is missing a Mac OS X update that fixes multiple vulnerabilit...
File: macosx_10_9_5.nasl - Type: ACT_GATHER_INFO
2014-09-17 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2014-546.nasl - Type: ACT_GATHER_INFO
2014-09-12 Name: The remote Mandriva Linux host is missing one or more security updates.
File: mandriva_MDVSA-2014-172.nasl - Type: ACT_GATHER_INFO
2014-08-30 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201408-11.nasl - Type: ACT_GATHER_INFO
2014-08-22 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-3008.nasl - Type: ACT_GATHER_INFO
2014-08-19 Name: The remote FreeBSD host is missing a security-related update.
File: freebsd_pkg_d2a892b9260511e49da000a0986f28c4.nasl - Type: ACT_GATHER_INFO
2014-08-07 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2014-1012.nasl - Type: ACT_GATHER_INFO
2014-08-07 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2014-1013.nasl - Type: ACT_GATHER_INFO