This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Opensuse First view 2013-03-07
Product Opensuse Last view 2020-02-12
Version 12.3 Type Os
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:o:opensuse:opensuse

Activity : Overall

Related : CVE

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
6.1 2020-02-12 CVE-2013-2637

A Cross-Site Scripting (XSS) Vulnerability exists in OTRS ITSM prior to 3.2.4, 3.1.8, and 3.0.7 and FAQ prior to 2.1.4 and 2.0.8 via changes, workorder items, and FAQ articles, which could let a remote malicious user execute arbitrary code.

8.8 2020-02-06 CVE-2014-2030

Stack-based buffer overflow in the WritePSDImage function in coders/psd.c in ImageMagick, possibly 6.8.8-5, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PSD image, involving the L%06ld string, a different vulnerability than CVE-2014-1947.

8.8 2020-02-06 CVE-2014-1958

Buffer overflow in the DecodePSDPixels function in coders/psd.c in ImageMagick before 6.8.8-5 might allow remote attackers to execute arbitrary code via a crafted PSD image, involving the L%06ld string, a different vulnerability than CVE-2014-2030.

7.5 2019-12-13 CVE-2014-3495

duplicity 0.6.24 has improper verification of SSL certificates

6.5 2019-11-27 CVE-2013-2625

An Access Bypass issue exists in OTRS Help Desk before 3.2.4, 3.1.14, and 3.0.19, OTRS ITSM before 3.2.3, 3.1.8, and 3.0.7, and FAQ before 2.2.3, 2.1.4, and 2.0.8. Access rights by the object linking mechanism is not verified

8.8 2018-04-10 CVE-2014-0158

Heap-based buffer overflow in the JPEG2000 image tile decoder in OpenJPEG before 1.5.2 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file because of incorrect j2k_decode, j2k_read_eoc, and tcd_decode_tile interaction, a related issue to CVE-2013-6045. NOTE: this is not a duplicate of CVE-2013-1447, because the scope of CVE-2013-1447 was specifically defined in http://openwall.com/lists/oss-security/2013/12/04/6 as only "null pointer dereferences, division by zero, and anything that would just fit as DoS."

5 2014-12-28 CVE-2014-8132

Double free vulnerability in the ssh_packet_kexinit function in kex.c in libssh 0.5.x and 0.6.x before 0.6.4 allows remote attackers to cause a denial of service via a crafted kexinit packet.

6.8 2014-12-03 CVE-2014-8104

OpenVPN 2.x before 2.0.11, 2.1.x, 2.2.x before 2.2.3, and 2.3.x before 2.3.6 allows remote authenticated users to cause a denial of service (server crash) via a small control channel packet.

4 2014-11-30 CVE-2014-8961

Directory traversal vulnerability in libraries/error_report.lib.php in the error-reporting feature in phpMyAdmin 4.1.x before 4.1.14.7 and 4.2.x before 4.2.12 allows remote authenticated users to obtain potentially sensitive information about a file's line count via a crafted parameter.

6.5 2014-11-30 CVE-2014-8959

Directory traversal vulnerability in libraries/gis/GIS_Factory.class.php in the GIS editor in phpMyAdmin 4.0.x before 4.0.10.6, 4.1.x before 4.1.14.7, and 4.2.x before 4.2.12 allows remote authenticated users to include and execute arbitrary local files via a crafted geometry-type parameter.

5 2014-11-18 CVE-2014-7829

Directory traversal vulnerability in actionpack/lib/action_dispatch/middleware/static.rb in Action Pack in Ruby on Rails 3.x before 3.2.21, 4.0.x before 4.0.12, 4.1.x before 4.1.8, and 4.2.x before 4.2.0.beta4, when serve_static_assets is enabled, allows remote attackers to determine the existence of files outside the application root via vectors involving a \ (backslash) character, a similar issue to CVE-2014-7818.

7.5 2014-11-16 CVE-2014-0250

Multiple integer overflows in client/X11/xf_graphics.c in FreeRDP allow remote attackers to have an unspecified impact via the width and height to the (1) xf_Pointer_New or (2) xf_Bitmap_Decompress function, which causes an incorrect amount of memory to be allocated.

5 2014-11-13 CVE-2014-8564

The _gnutls_ecc_ansi_x963_export function in gnutls_ecc.c in GnuTLS 3.x before 3.1.28, 3.2.x before 3.2.20, and 3.3.x before 3.3.10 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted (1) Elliptic Curve Cryptography (ECC) certificate or (2) certificate signing requests (CSR), related to generating key IDs.

4.3 2014-11-08 CVE-2014-7818

Directory traversal vulnerability in actionpack/lib/action_dispatch/middleware/static.rb in Action Pack in Ruby on Rails 3.x before 3.2.20, 4.0.x before 4.0.11, 4.1.x before 4.1.7, and 4.2.x before 4.2.0.beta3, when serve_static_assets is enabled, allows remote attackers to determine the existence of files outside the application root via a /..%2F sequence.

4.3 2014-11-08 CVE-2014-6300

Cross-site scripting (XSS) vulnerability in the micro history implementation in phpMyAdmin 4.0.x before 4.0.10.3, 4.1.x before 4.1.14.4, and 4.2.x before 4.2.8.1 allows remote attackers to inject arbitrary web script or HTML, and consequently conduct a cross-site request forgery (CSRF) attack to create a root account, via a crafted URL, related to js/ajax.js.

5 2014-11-06 CVE-2014-8483

The blowfishECB function in core/cipher.cpp in Quassel IRC 0.10.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a malformed string.

7.5 2014-11-04 CVE-2013-4540

Buffer overflow in scoop_gpio_handler_update in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via a large (1) prev_level, (2) gpio_level, or (3) gpio_dir value in a savevm image.

5 2014-11-03 CVE-2014-8080

The REXML parser in Ruby 1.9.x before 1.9.3-p550, 2.0.x before 2.0.0-p594, and 2.1.x before 2.1.4 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document, aka an XML Entity Expansion (XEE) attack.

6.4 2014-10-29 CVE-2014-3694

The (1) bundled GnuTLS SSL/TLS plugin and the (2) bundled OpenSSL SSL/TLS plugin in libpurple in Pidgin before 2.10.10 do not properly consider the Basic Constraints extension during verification of X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

1.9 2014-10-25 CVE-2014-3636

D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8 allows local users to (1) cause a denial of service (prevention of new connections and connection drop) by queuing the maximum number of file descriptors or (2) cause a denial of service (disconnect) via multiple messages that combine to have more than the allowed number of file descriptors for a single sendmsg call.

6.8 2014-10-15 CVE-2014-2576

plugins/rssyl/feed.c in Claws Mail before 3.10.0 disables the CURLOPT_SSL_VERIFYHOST check for CN or SAN host name fields, which makes it easier for remote attackers to spoof servers and conduct man-in-the-middle (MITM) attacks.

3.4 2014-10-14 CVE-2014-3566

The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue.

5.8 2014-10-02 CVE-2014-7155

The x86_emulate function in arch/x86/x86_emulate/x86_emulate.c in Xen 4.4.x and earlier does not properly check supervisor mode permissions, which allows local HVM users to cause a denial of service (guest crash) or gain guest kernel mode privileges via vectors involving an (1) HLT, (2) LGDT, (3) LIDT, or (4) LMSW instruction.

6.1 2014-10-02 CVE-2014-7154

Race condition in HVMOP_track_dirty_vram in Xen 4.0.0 through 4.4.x does not ensure possession of the guarding lock for dirty video RAM tracking, which allows certain local guest domains to cause a denial of service via unspecified vectors.

2.1 2014-09-22 CVE-2014-3639

The dbus-daemon in D-Bus before 1.6.24 and 1.8.x before 1.8.8 does not properly close old connections, which allows local users to cause a denial of service (incomplete connection consumption and prevention of new connections) via a large number of incomplete connections.

CWE : Common Weakness Enumeration

%idName
20% (26) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
14% (19) CWE-20 Improper Input Validation
14% (18) CWE-189 Numeric Errors
7% (10) CWE-399 Resource Management Errors
6% (8) CWE-264 Permissions, Privileges, and Access Controls
3% (4) CWE-416 Use After Free
3% (4) CWE-310 Cryptographic Issues
3% (4) CWE-269 Improper Privilege Management
3% (4) CWE-59 Improper Link Resolution Before File Access ('Link Following')
3% (4) CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path ...
2% (3) CWE-787 Out-of-bounds Write
2% (3) CWE-362 Race Condition
2% (3) CWE-125 Out-of-bounds Read
2% (3) CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflo...
2% (3) CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting')
1% (2) CWE-200 Information Exposure
1% (2) CWE-94 Failure to Control Generation of Code ('Code Injection')
0% (1) CWE-326 Inadequate Encryption Strength
0% (1) CWE-297 Improper Validation of Host-specific Certificate Data
0% (1) CWE-295 Certificate Issues
0% (1) CWE-287 Improper Authentication
0% (1) CWE-255 Credentials Management
0% (1) CWE-134 Uncontrolled Format String
0% (1) CWE-17 Code

ExploitDB Exploits

id Description
34461 NRPE 2.15 - Remote Code Execution Vulnerability
32998 Heartbleed OpenSSL - Information Leak Exploit (2) - DTLS Support
32791 Heartbleed OpenSSL - Information Leak Exploit (1)
32764 OpenSSL 1.0.1f TLS Heartbeat Extension - Memory Disclosure (Multiple SSL/TLS ...
32745 OpenSSL TLS Heartbeat Extension - Memory Disclosure
30395 PHP openssl_x509_parse() - Memory Corruption Vulnerability
27778 Samba nttrans Reply - Integer Overflow Vulnerability
24922 OTRS FAQ Module - Persistent XSS

OpenVAS Exploits

id Description
2014-10-16 Name : POODLE SSLv3 Protocol CBC ciphers Information Disclosure Vulnerability
File : nvt/gb_poodel_sslv3_info_disc_vuln.nasl

Information Assurance Vulnerability Management (IAVM)

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2015-A-0154 Multiple Vulnerabilities in Oracle Fusion Middleware
Severity: Category I - VMSKEY: V0061081
2015-B-0012 Multiple Vulnerabilities in VMware ESXi 5.0
Severity: Category I - VMSKEY: V0058517
2015-B-0013 Multiple Vulnerabilities in VMware ESXi 5.1
Severity: Category I - VMSKEY: V0058515
2015-B-0014 Multiple Vulnerabilities in VMware ESXi 5.5
Severity: Category I - VMSKEY: V0058513
2014-B-0161 Multiple Vulnerabilities in VMware ESXi 5.1
Severity: Category I - VMSKEY: V0057717
2014-A-0062 Multiple Vulnerabilities In McAfee Email Gateway
Severity: Category I - VMSKEY: V0050005
2014-B-0050 McAfee Web Gateway Information Disclosure Vulnerability
Severity: Category I - VMSKEY: V0050003
2014-A-0063 Multiple Vulnerabilities in McAfee VirusScan Enterprise for Linux
Severity: Category I - VMSKEY: V0050009
2014-A-0064 Multiple Vulnerabilities in Mozilla Products
Severity: Category I - VMSKEY: V0050011
2014-B-0046 Multiple Vulnerabilities in HP System Management Homepage (SMH)
Severity: Category I - VMSKEY: V0049737
2014-B-0041 Multiple Vulnerabilities in Splunk
Severity: Category I - VMSKEY: V0049577
2014-A-0057 Multiple Vulnerabilities in Oracle MySQL Products
Severity: Category I - VMSKEY: V0049591
2014-A-0053 Multiple Vulnerabilities in Juniper Network JUNOS
Severity: Category I - VMSKEY: V0049589
2014-A-0054 Multiple Vulnerabilities in Oracle Database
Severity: Category I - VMSKEY: V0049587
2014-A-0055 Multiple Vulnerabilities in Oracle Fusion Middleware
Severity: Category I - VMSKEY: V0049585
2014-A-0056 Multiple Vulnerabilities in Oracle Java SE
Severity: Category I - VMSKEY: V0049583
2014-A-0058 Multiple Vulnerabilities in Oracle & Sun Systems Product Suite
Severity: Category I - VMSKEY: V0049579
2014-B-0042 Stunnel Information Disclosure Vulnerability
Severity: Category I - VMSKEY: V0049575
2014-B-0039 Multiple Vulnerabilities in Google Chrome
Severity: Category I - VMSKEY: V0048683
2014-A-0051 OpenSSL Information Disclosure Vulnerability
Severity: Category I - VMSKEY: V0048667
2014-A-0043 Multiple Vulnerabilities in Mozilla Products
Severity: Category I - VMSKEY: V0046769
2014-A-0030 Apple Mac OS X Security Update 2014-001
Severity: Category I - VMSKEY: V0044547
2014-A-0021 Multiple Vulnerabilities in Mozilla Products
Severity: Category I - VMSKEY: V0043921
2014-B-0007 Multiple Security Vulnerabilities in Google Chrome
Severity: Category I - VMSKEY: V0043878
2014-A-0017 Multiple Vulnerabilities in Cisco TelePresence Video Communication Server
Severity: Category I - VMSKEY: V0043846

Snort® IPS/IDS

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
Date Description
2019-05-24 Mozilla Firefox DOMSVGLength appendItem use after free attempt
RuleID : 49918 - Type : BROWSER-FIREFOX - Revision : 1
2019-05-24 Mozilla Firefox DOMSVGLength appendItem use after free attempt
RuleID : 49917 - Type : BROWSER-FIREFOX - Revision : 1
2016-03-15 Mozilla Firefox IDL fragment privilege escalation attempt
RuleID : 37626 - Type : BROWSER-FIREFOX - Revision : 2
2015-08-09 Mozilla Firefox DOMSVGLength initialize use after free attempt
RuleID : 35075 - Type : BROWSER-FIREFOX - Revision : 3
2015-08-09 Mozilla Firefox DOMSVGLength replaceItem use after free attempt
RuleID : 35074 - Type : BROWSER-FIREFOX - Revision : 3
2015-08-09 Mozilla Firefox DOMSVGLength insertItemBefore use after free attempt
RuleID : 35073 - Type : BROWSER-FIREFOX - Revision : 3
2015-08-09 Mozilla Firefox DOMSVGLength initialize use after free attempt
RuleID : 35072 - Type : BROWSER-FIREFOX - Revision : 3
2015-08-09 Mozilla Firefox DOMSVGLength replaceItem use after free attempt
RuleID : 35071 - Type : BROWSER-FIREFOX - Revision : 3
2015-08-09 Mozilla Firefox DOMSVGLength insertItemBefore use after free attempt
RuleID : 35070 - Type : BROWSER-FIREFOX - Revision : 3
2015-08-04 Mozilla Firefox IDL fragment privilege escalation attempt
RuleID : 35052 - Type : BROWSER-FIREFOX - Revision : 2
2015-08-04 Mozilla Firefox IDL fragment privilege escalation attempt
RuleID : 35051 - Type : BROWSER-FIREFOX - Revision : 2
2015-01-15 Adobe Flash Player corrupt MP4 video denial of service attempt
RuleID : 32818 - Type : FILE-FLASH - Revision : 8
2015-01-15 Adobe Flash Player corrupt MP4 video denial of service attempt
RuleID : 32817 - Type : FILE-FLASH - Revision : 8
2014-12-18 SSLv3 CBC client connection attempt
RuleID : 32566 - Type : POLICY-OTHER - Revision : 2
2014-11-19 SSLv3 POODLE CBC padding brute force attempt
RuleID : 32205 - Type : SERVER-OTHER - Revision : 5
2014-11-19 SSLv3 POODLE CBC padding brute force attempt
RuleID : 32204 - Type : SERVER-OTHER - Revision : 5
2014-11-16 Nagios NRPE command execution attempt
RuleID : 31337 - Type : SERVER-OTHER - Revision : 3
2014-04-25 OpenSSL TLSv1.2 large heartbeat response - possible ssl heartbleed attempt
RuleID : 30788-community - Type : SERVER-OTHER - Revision : 4
2014-05-24 OpenSSL TLSv1.2 large heartbeat response - possible ssl heartbleed attempt
RuleID : 30788 - Type : SERVER-OTHER - Revision : 4
2014-04-25 OpenSSL TLSv1.1 large heartbeat response - possible ssl heartbleed attempt
RuleID : 30787-community - Type : SERVER-OTHER - Revision : 4
2014-05-24 OpenSSL TLSv1.1 large heartbeat response - possible ssl heartbleed attempt
RuleID : 30787 - Type : SERVER-OTHER - Revision : 4
2014-04-25 OpenSSL TLSv1 large heartbeat response - possible ssl heartbleed attempt
RuleID : 30786-community - Type : SERVER-OTHER - Revision : 4
2014-05-24 OpenSSL TLSv1 large heartbeat response - possible ssl heartbleed attempt
RuleID : 30786 - Type : SERVER-OTHER - Revision : 4
2014-04-25 OpenSSL SSLv3 large heartbeat response - possible ssl heartbleed attempt
RuleID : 30785-community - Type : SERVER-OTHER - Revision : 4
2014-05-24 OpenSSL SSLv3 large heartbeat response - possible ssl heartbleed attempt
RuleID : 30785 - Type : SERVER-OTHER - Revision : 4

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2018-11-21 Name: The remote EulerOS Virtualization host is missing multiple security updates.
File: EulerOS_SA-2018-1374.nasl - Type: ACT_GATHER_INFO
2017-12-07 Name: The remote host is potentially affected by an SSL/TLS vulnerability.
File: check_point_gaia_sk103683.nasl - Type: ACT_GATHER_INFO
2017-10-02 Name: The remote Debian host is missing a security update.
File: debian_DLA-1119.nasl - Type: ACT_GATHER_INFO
2017-09-08 Name: The remote EulerOS host is missing multiple security updates.
File: EulerOS_SA-2017-1165.nasl - Type: ACT_GATHER_INFO
2017-09-08 Name: The remote EulerOS host is missing multiple security updates.
File: EulerOS_SA-2017-1166.nasl - Type: ACT_GATHER_INFO
2017-08-25 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2017-1854.nasl - Type: ACT_GATHER_INFO
2017-08-22 Name: The remote Scientific Linux host is missing one or more security updates.
File: sl_20170801_pidgin_on_SL7_x.nasl - Type: ACT_GATHER_INFO
2017-08-09 Name: The remote Oracle Linux host is missing one or more security updates.
File: oraclelinux_ELSA-2017-1854.nasl - Type: ACT_GATHER_INFO
2017-08-08 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-3380-1.nasl - Type: ACT_GATHER_INFO
2017-08-02 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2017-1854.nasl - Type: ACT_GATHER_INFO
2017-07-31 Name: The remote device is affected by multiple vulnerabilities.
File: juniper_jsa10804.nasl - Type: ACT_GATHER_INFO
2017-07-20 Name: The remote database server is affected by multiple vulnerabilities.
File: oracle_rdbms_cpu_jul_2017.nasl - Type: ACT_GATHER_INFO
2017-05-16 Name: The remote device is missing a vendor-supplied security patch.
File: f5_bigip_SOL21284031.nasl - Type: ACT_GATHER_INFO
2017-05-02 Name: An application installed on the remote host is affected by multiple vulnerabi...
File: oracle_secure_global_desktop_apr_2017_cpu.nasl - Type: ACT_GATHER_INFO
2017-05-01 Name: The remote EulerOS host is missing multiple security updates.
File: EulerOS_SA-2016-1037.nasl - Type: ACT_GATHER_INFO
2017-04-12 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2017-459.nasl - Type: ACT_GATHER_INFO
2017-04-06 Name: The remote Scientific Linux host is missing one or more security updates.
File: sl_20170321_wireshark_on_SL6_x.nasl - Type: ACT_GATHER_INFO
2017-04-05 Name: The remote Amazon Linux AMI host is missing a security update.
File: ala_ALAS-2017-813.nasl - Type: ACT_GATHER_INFO
2017-03-30 Name: The remote Oracle Linux host is missing one or more security updates.
File: oraclelinux_ELSA-2017-0631.nasl - Type: ACT_GATHER_INFO
2017-03-27 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2017-0631.nasl - Type: ACT_GATHER_INFO
2017-03-22 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2017-0631.nasl - Type: ACT_GATHER_INFO
2017-01-23 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201701-53.nasl - Type: ACT_GATHER_INFO
2017-01-10 Name: The remote FreeBSD host is missing a security-related update.
File: freebsd_pkg_03532a19d68e11e6917114dae9d210b8.nasl - Type: ACT_GATHER_INFO
2016-11-23 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2016-1339.nasl - Type: ACT_GATHER_INFO
2016-10-13 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2016-1178.nasl - Type: ACT_GATHER_INFO