This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Opensuse First view 2012-07-22
Product Opensuse Last view 2020-02-12
Version 12.2 Type Os
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:o:opensuse:opensuse

Activity : Overall

Related : CVE

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
6.1 2020-02-12 CVE-2013-2637

A Cross-Site Scripting (XSS) Vulnerability exists in OTRS ITSM prior to 3.2.4, 3.1.8, and 3.0.7 and FAQ prior to 2.1.4 and 2.0.8 via changes, workorder items, and FAQ articles, which could let a remote malicious user execute arbitrary code.

7.8 2020-01-09 CVE-2012-2142

The error function in Error.cc in poppler before 0.21.4 allows remote attackers to execute arbitrary commands via a PDF containing an escape sequence for a terminal emulator.

6.5 2019-11-27 CVE-2013-2625

An Access Bypass issue exists in OTRS Help Desk before 3.2.4, 3.1.14, and 3.0.19, OTRS ITSM before 3.2.3, 3.1.8, and 3.0.7, and FAQ before 2.2.3, 2.1.4, and 2.0.8. Access rights by the object linking mechanism is not verified

5 2014-02-10 CVE-2012-2328

internal/cimxml/sax/NodeFactory.java in Standards-Based Linux Instrumentation for Manageability (SBLIM) Common Information Model (CIM) Client (aka sblim-cim-client2) before 2.1.12 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted XML file.

4.3 2014-02-07 CVE-2013-2191

python-bugzilla before 0.9.0 does not validate X.509 certificates, which allows man-in-the-middle attackers to spoof Bugzilla servers via a crafted certificate.

2.1 2014-01-22 CVE-2014-0979

The start_authentication function in lightdm-gtk-greeter.c in LightDM GTK+ Greeter before 1.7.1 does not properly handle the return value from the lightdm_greeter_get_authentication_user function, which allows local users to cause a denial of service (NULL pointer dereference) via an empty username.

5 2014-01-18 CVE-2013-6425

Integer underflow in the pixman_trapezoid_valid macro in pixman.h in Pixman before 0.32.0, as used in X.Org server and cairo, allows context-dependent attackers to cause a denial of service (crash) via a negative bottom value.

7.5 2013-12-16 CVE-2013-6420

The asn1_time_to_time_t function in ext/openssl/openssl.c in PHP before 5.3.28, 5.4.x before 5.4.23, and 5.5.x before 5.5.7 does not properly parse (1) notBefore and (2) notAfter timestamps in X.509 certificates, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted certificate that is not properly handled by the openssl_x509_parse function.

2.1 2013-12-13 CVE-2013-0348

thttpd.c in sthttpd before 2.26.4-r2 and thttpd 2.25b use world-readable permissions for /var/log/thttpd.log, which allows local users to obtain sensitive information by reading the file.

5.9 2013-12-11 CVE-2013-6673

Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 do not recognize a user's removal of trust from an EV X.509 certificate, which makes it easier for man-in-the-middle attackers to spoof SSL servers in opportunistic circumstances via a valid certificate that is unacceptable to the user.

4.3 2013-12-11 CVE-2013-6672

Mozilla Firefox before 26.0 and SeaMonkey before 2.23 on Linux allow user-assisted remote attackers to read clipboard data by leveraging certain middle-click paste operations.

9.8 2013-12-11 CVE-2013-6671

The nsGfxScrollFrameInner::IsLTR function in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary code via crafted use of JavaScript code for ordered list elements.

7.5 2013-12-11 CVE-2013-5619

Multiple integer overflows in the binary-search implementation in SpiderMonkey in Mozilla Firefox before 26.0 and SeaMonkey before 2.23 might allow remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted JavaScript code.

9.8 2013-12-11 CVE-2013-5618

Use-after-free vulnerability in the nsNodeUtils::LastRelease function in the table-editing user interface in the editor component in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary code by triggering improper garbage collection.

9.8 2013-12-11 CVE-2013-5616

Use-after-free vulnerability in the nsEventListenerManager::HandleEventSubType function in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors related to mListeners event listeners.

9.8 2013-12-11 CVE-2013-5615

The JavaScript implementation in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 does not properly enforce certain typeset restrictions on the generation of GetElementIC typed array stubs, which has unspecified impact and remote attack vectors.

4.3 2013-12-11 CVE-2013-5614

Mozilla Firefox before 26.0 and SeaMonkey before 2.23 do not properly consider the sandbox attribute of an IFRAME element during processing of a contained OBJECT element, which allows remote attackers to bypass intended sandbox restrictions via a crafted web site.

9.8 2013-12-11 CVE-2013-5613

Use-after-free vulnerability in the PresShell::DispatchSynthMouseMove function in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors involving synthetic mouse movement, related to the RestyleManager::GetHoverGeneration function.

4.3 2013-12-11 CVE-2013-5612

Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 26.0 and SeaMonkey before 2.23 makes it easier for remote attackers to inject arbitrary web script or HTML by leveraging a Same Origin Policy violation triggered by lack of a charset parameter in a Content-Type HTTP header.

10 2013-12-11 CVE-2013-5610

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 26.0 and SeaMonkey before 2.23 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

9.8 2013-12-11 CVE-2013-5609

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

5 2013-11-27 CVE-2013-6712

The scan function in ext/date/lib/parse_iso_intervals.c in PHP through 5.5.6 does not properly restrict creation of DateInterval objects, which might allow remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted interval specification.

7.5 2013-11-23 CVE-2013-4547

nginx 0.8.41 through 1.4.3 and 1.5.x before 1.5.7 allows remote attackers to bypass intended restrictions via an unescaped space character in a URI.

1.9 2013-11-23 CVE-2013-0223

The SUSE coreutils-i18n.patch for GNU coreutils allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a long string to the join command, when using the -i switch, which triggers a stack-based buffer overflow in the alloca function.

2.1 2013-11-23 CVE-2013-0222

The SUSE coreutils-i18n.patch for GNU coreutils allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a long string to the uniq command, which triggers a stack-based buffer overflow in the alloca function.

CWE : Common Weakness Enumeration

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
%idName
21% (42) CWE-416 Use After Free
19% (39) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
10% (21) CWE-20 Improper Input Validation
7% (15) CWE-399 Resource Management Errors
7% (15) CWE-189 Numeric Errors
5% (11) CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting')
4% (8) CWE-787 Out-of-bounds Write
3% (6) CWE-264 Permissions, Privileges, and Access Controls
3% (6) CWE-200 Information Exposure
2% (5) CWE-94 Failure to Control Generation of Code ('Code Injection')
2% (4) CWE-310 Cryptographic Issues
2% (4) CWE-190 Integer Overflow or Wraparound
2% (4) CWE-125 Out-of-bounds Read
1% (3) CWE-362 Race Condition
1% (2) CWE-476 NULL Pointer Dereference
1% (2) CWE-326 Inadequate Encryption Strength
1% (2) CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflo...
0% (1) CWE-611 Information Leak Through XML External Entity File Disclosure
0% (1) CWE-352 Cross-Site Request Forgery (CSRF)
0% (1) CWE-295 Certificate Issues
0% (1) CWE-287 Improper Authentication
0% (1) CWE-269 Improper Privilege Management
0% (1) CWE-191 Integer Underflow (Wrap or Wraparound)
0% (1) CWE-134 Uncontrolled Format String
0% (1) CWE-116 Improper Encoding or Escaping of Output

SAINT Exploits

Description Link
Nagios Remote Plugin Executor Metacharacter Filtering Omission More info here
Mozilla Firefox XMLSerializer serializeToStream Use-after-free Vulnerability More info here

ExploitDB Exploits

id Description
30395 PHP openssl_x509_parse() - Memory Corruption Vulnerability
27778 Samba nttrans Reply - Integer Overflow Vulnerability
24922 OTRS FAQ Module - Persistent XSS

OpenVAS Exploits

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2013-09-18 Name : Debian Security Advisory DSA 2553-1 (iceweasel - several vulnerabilities)
File : nvt/deb_2553_1.nasl
2013-09-18 Name : Debian Security Advisory DSA 2583-1 (iceweasel - several vulnerabilities)
File : nvt/deb_2583_1.nasl
2013-09-18 Name : Debian Security Advisory DSA 2584-1 (iceape - several vulnerabilities)
File : nvt/deb_2584_1.nasl
2013-09-18 Name : Debian Security Advisory DSA 2588-1 (icedove - several vulnerabilities)
File : nvt/deb_2588_1.nasl
2012-12-26 Name : Mandriva Update for apache-mod_security MDVSA-2012:182 (apache-mod_security)
File : nvt/gb_mandriva_MDVSA_2012_182.nasl
2012-12-18 Name : Fedora Update for xen FEDORA-2012-19828
File : nvt/gb_fedora_2012_19828_xen_fc16.nasl
2012-12-14 Name : Fedora Update for xen FEDORA-2012-19717
File : nvt/gb_fedora_2012_19717_xen_fc17.nasl
2012-12-14 Name : Google Chrome Multiple Vulnerabilities-03 Dec2012 (Linux)
File : nvt/gb_google_chrome_mult_vuln03_dec12_lin.nasl
2012-12-14 Name : Google Chrome Multiple Vulnerabilities-03 Dec2012 (Mac OS X)
File : nvt/gb_google_chrome_mult_vuln03_dec12_macosx.nasl
2012-12-14 Name : Google Chrome Multiple Vulnerabilities-03 Dec2012 (Windows)
File : nvt/gb_google_chrome_mult_vuln03_dec12_win.nasl
2012-12-14 Name : SuSE Update for Chromium openSUSE-SU-2012:1637-1 (Chromium)
File : nvt/gb_suse_2012_1637_1.nasl
2012-12-13 Name : SuSE Update for MozillaFirefox openSUSE-SU-2012:1064-1 (MozillaFirefox)
File : nvt/gb_suse_2012_1064_1.nasl
2012-12-13 Name : SuSE Update for qemu openSUSE-SU-2012:1170-1 (qemu)
File : nvt/gb_suse_2012_1170_1.nasl
2012-12-13 Name : SuSE Update for Security openSUSE-SU-2012:1172-1 (Security)
File : nvt/gb_suse_2012_1172_1.nasl
2012-12-13 Name : SuSE Update for Security openSUSE-SU-2012:1174-1 (Security)
File : nvt/gb_suse_2012_1174_1.nasl
2012-12-13 Name : SuSE Update for chromium openSUSE-SU-2012:1215-1 (chromium)
File : nvt/gb_suse_2012_1215_1.nasl
2012-12-13 Name : SuSE Update for update openSUSE-SU-2012:1376-1 (update)
File : nvt/gb_suse_2012_1376_1.nasl
2012-12-13 Name : SuSE Update for Mozilla Suite openSUSE-SU-2012:1412-1 (Mozilla Suite)
File : nvt/gb_suse_2012_1412_1.nasl
2012-12-13 Name : SuSE Update for XEN openSUSE-SU-2012:1572-1 (XEN)
File : nvt/gb_suse_2012_1572_1.nasl
2012-12-06 Name : Fedora Update for seamonkey FEDORA-2012-18931
File : nvt/gb_fedora_2012_18931_seamonkey_fc16.nasl
2012-12-06 Name : Fedora Update for seamonkey FEDORA-2012-18952
File : nvt/gb_fedora_2012_18952_seamonkey_fc17.nasl
2012-12-05 Name : Apache Tomcat Partial HTTP Requests DoS Vulnerability (Windows)
File : nvt/gb_apache_tomcat_partial_http_req_dos_vuln_win.nasl
2012-12-04 Name : FreeBSD Ports: chromium
File : nvt/freebsd_chromium23.nasl
2012-12-04 Name : FreeBSD Ports: chromium
File : nvt/freebsd_chromium24.nasl
2012-12-04 Name : Fedora Update for mod_security_crs FEDORA-2012-18315
File : nvt/gb_fedora_2012_18315_mod_security_crs_fc17.nasl

Information Assurance Vulnerability Management (IAVM)

id Description
2014-B-0161 Multiple Vulnerabilities in VMware ESXi 5.1
Severity: Category I - VMSKEY: V0057717
2014-A-0062 Multiple Vulnerabilities In McAfee Email Gateway
Severity: Category I - VMSKEY: V0050005
2014-A-0030 Apple Mac OS X Security Update 2014-001
Severity: Category I - VMSKEY: V0044547
2013-A-0233 Multiple Vulnerabilities in Mozilla Products
Severity: Category I - VMSKEY: V0042596
2013-A-0219 Multiple Vulnerabilities in Juniper Networks and Security Manager
Severity: Category I - VMSKEY: V0042384
2013-B-0124 Multiple Vulnerabilities in Google Chrome
Severity: Category I - VMSKEY: V0042301
2013-B-0130 MIT Kerberos Denial of Service Vulnerabilities
Severity: Category I - VMSKEY: V0042308
2013-B-0119 Multiple Vulnerabilities in Google Chrome
Severity: Category I - VMSKEY: V0041067
2013-B-0112 Multiple Vulnerabilities in Google Chrome
Severity: Category I - VMSKEY: V0040762
2013-B-0082 Samba Denial of Service Vulnerability
Severity: Category I - VMSKEY: V0039910
2013-B-0061 Multiple Vulnerabilities in Red Hat Enterprise Linux Version 6 Products
Severity: Category I - VMSKEY: V0038873
2013-B-0044 MIT Kerberos Denial of Service Vulnerabilities
Severity: Category I - VMSKEY: V0037773

Snort® IPS/IDS

Date Description
2015-03-27 MIT Kerberos KDC as-req sname null pointer dereference attempt
RuleID : 8888889 - Type : SERVER-OTHER - Revision : 1
2015-03-27 MIT Kerberos KDC as-req sname null pointer dereference attempt
RuleID : 8888888 - Type : SERVER-OTHER - Revision : 1
2019-09-24 MIT Kerberos kpasswd UDP denial of service attempt
RuleID : 51212 - Type : SERVER-OTHER - Revision : 1
2015-06-23 MIT Kerberos KDC as-req sname null pointer dereference attempt
RuleID : 34972 - Type : SERVER-OTHER - Revision : 2
2015-06-23 MIT Kerberos KDC as-req sname null pointer dereference attempt
RuleID : 34971 - Type : SERVER-OTHER - Revision : 2
2015-03-31 nginx URI processing security bypass attempt
RuleID : 33581 - Type : SERVER-WEBAPP - Revision : 3
2015-02-11 Mozilla Firefox XMLSerializer serializeToStream use-after-free attempt
RuleID : 32994 - Type : BROWSER-FIREFOX - Revision : 6
2015-02-11 Mozilla Firefox XMLSerializer serializeToStream use-after-free attempt
RuleID : 32993 - Type : BROWSER-FIREFOX - Revision : 6
2014-04-17 PHP DateInterval heap buffer overread denial of service attempt
RuleID : 30200 - Type : SERVER-WEBAPP - Revision : 3
2014-04-17 PHP DateInterval heap buffer overread denial of service attempt
RuleID : 30199 - Type : SERVER-WEBAPP - Revision : 3
2014-01-10 PyLoris http DoS tool
RuleID : 28532 - Type : MALWARE-TOOLS - Revision : 3
2014-01-10 MIT Kerberos KDC prep_reprocess_req null pointer dereference attempt
RuleID : 27906 - Type : SERVER-OTHER - Revision : 3
2014-01-10 Nailed exploit kit Firefox exploit download - autopwn
RuleID : 27080 - Type : EXPLOIT-KIT - Revision : 2
2014-01-10 Nagios NRPE command execution attempt
RuleID : 26491 - Type : SERVER-OTHER - Revision : 6
2014-01-10 multiple vendors host buffer overflow attempt
RuleID : 21248 - Type : SERVER-OTHER - Revision : 7

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2018-02-01 Name: The remote Debian host is missing a security update.
File: debian_DLA-1265.nasl - Type: ACT_GATHER_INFO
2017-07-31 Name: The remote device is affected by multiple vulnerabilities.
File: juniper_jsa10804.nasl - Type: ACT_GATHER_INFO
2017-05-02 Name: An application installed on the remote host is affected by multiple vulnerabi...
File: oracle_secure_global_desktop_apr_2017_cpu.nasl - Type: ACT_GATHER_INFO
2017-04-06 Name: The remote Scientific Linux host is missing one or more security updates.
File: sl_20170321_wireshark_on_SL6_x.nasl - Type: ACT_GATHER_INFO
2017-04-05 Name: The remote Amazon Linux AMI host is missing a security update.
File: ala_ALAS-2017-813.nasl - Type: ACT_GATHER_INFO
2017-03-30 Name: The remote Oracle Linux host is missing one or more security updates.
File: oraclelinux_ELSA-2017-0631.nasl - Type: ACT_GATHER_INFO
2017-03-27 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2017-0631.nasl - Type: ACT_GATHER_INFO
2017-03-22 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2017-0631.nasl - Type: ACT_GATHER_INFO
2016-10-13 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2016-1178.nasl - Type: ACT_GATHER_INFO
2016-09-02 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2016-1996-1.nasl - Type: ACT_GATHER_INFO
2016-09-02 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2016-2089-1.nasl - Type: ACT_GATHER_INFO
2016-07-25 Name: An application installed on the remote host is affected by multiple vulnerabi...
File: oracle_secure_global_desktop_jul_2016_cpu.nasl - Type: ACT_GATHER_INFO
2016-06-22 Name: The remote OracleVM host is missing a security update.
File: oraclevm_OVMSA-2016-0062.nasl - Type: ACT_GATHER_INFO
2016-06-01 Name: The remote Debian host is missing a security update.
File: debian_DLA-497.nasl - Type: ACT_GATHER_INFO
2016-04-07 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201604-03.nasl - Type: ACT_GATHER_INFO
2016-03-04 Name: The remote VMware ESX / ESXi host is missing a security-related patch.
File: vmware_esx_VMSA-2013-0009_remote.nasl - Type: ACT_GATHER_INFO
2016-02-22 Name: The remote device is missing a vendor-supplied security patch.
File: f5_bigip_SOL75253136.nasl - Type: ACT_GATHER_INFO
2016-01-06 Name: The remote device is missing a vendor-supplied security patch.
File: f5_bigip_SOL13405416.nasl - Type: ACT_GATHER_INFO
2015-12-30 Name: The remote VMware ESXi host is missing a security-related patch.
File: vmware_VMSA-2014-0012_remote.nasl - Type: ACT_GATHER_INFO
2015-11-13 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-2810-1.nasl - Type: ACT_GATHER_INFO
2015-09-14 Name: The remote device is missing a vendor-supplied security patch.
File: f5_bigip_SOL16859.nasl - Type: ACT_GATHER_INFO
2015-06-12 Name: The remote OracleVM host is missing one or more security updates.
File: oraclevm_OVMSA-2015-0068.nasl - Type: ACT_GATHER_INFO
2015-06-02 Name: The remote FreeBSD host is missing one or more security-related updates.
File: freebsd_pkg_65b14d39d01f419cb0b85df60b929973.nasl - Type: ACT_GATHER_INFO
2015-06-01 Name: The remote Debian host is missing a security update.
File: debian_DLA-235.nasl - Type: ACT_GATHER_INFO
2015-05-26 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2015-381.nasl - Type: ACT_GATHER_INFO