This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Opensuse First view 2009-05-01
Product Opensuse Last view 2020-01-23
Version 13.2 Type Os
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:o:opensuse:opensuse

Activity : Overall

Related : CVE

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
9.8 2020-01-23 CVE-2015-5334

Off-by-one error in the OBJ_obj2txt function in LibreSSL before 2.3.1 allows remote attackers to cause a denial of service (program crash) or possible execute arbitrary code via a crafted X.509 certificate, which triggers a stack-based buffer overflow. Note: this vulnerability exists because of an incorrect fix for CVE-2014-3508.

7.5 2020-01-23 CVE-2015-5333

Memory leak in the OBJ_obj2txt function in LibreSSL before 2.3.1 allows remote attackers to cause a denial of service (memory consumption) via a large number of ASN.1 object identifiers in X.509 certificates.

5.5 2020-01-14 CVE-2015-2326

The pcre_compile2 function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code and cause a denial of service (out-of-bounds read) via regular expression with a group containing both a forward referencing subroutine call and a recursive back reference, as demonstrated by "((?+1)(\1))/".

7.8 2020-01-14 CVE-2015-2325

The compile_branch function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code, cause a denial of service (out-of-bounds heap read and crash), or possibly have other unspecified impact via a regular expression with a group containing a forward reference repeated a large number of times within a repeated outer group that has a zero minimum quantifier.

7.5 2019-12-17 CVE-2014-8179

Docker Engine before 1.8.3 and CS Docker Engine before 1.6.2-CS7 does not properly validate and extract the manifest object from its JSON representation during a pull, which allows attackers to inject new attributes in a JSON object and bypass pull-by-digest validation.

5.5 2019-12-17 CVE-2014-8178

Docker Engine before 1.8.3 and CS Docker Engine before 1.6.2-CS7 do not use a globally unique identifier to store image layers, which makes it easier for attackers to poison the image cache via a crafted image in pull or push commands.

8.8 2019-12-03 CVE-2016-1000104

A security Bypass vulnerability exists in the FcgidPassHeader Proxy in mod_fcgid through 2016-07-07.

3.3 2019-11-05 CVE-2016-4983

A postinstall script in the dovecot rpm allows local users to read the contents of newly created SSL/TLS key files.

5.3 2019-11-05 CVE-2013-6365

Horde Groupware Web mail 5.1.2 has CSRF with requests to change permissions

7.8 2019-11-04 CVE-2017-5333

Integer overflow in the extract_group_icon_cursor_resource function in b/wrestool/extract.c in icoutils before 0.31.1 allows local users to cause a denial of service (process crash) or execute arbitrary code via a crafted executable file.

7.8 2019-11-04 CVE-2017-5332

The extract_group_icon_cursor_resource in wrestool/extract.c in icoutils before 0.31.1 can access unallocated memory, which allows local users to cause a denial of service (process crash) and execute arbitrary code via a crafted executable.

7.8 2019-11-04 CVE-2017-5331

Integer overflow in the check_offset function in b/wrestool/fileread.c in icoutils before 0.31.1 allows local users to cause a denial of service (process crash) and execute arbitrary code via a crafted executable.

7.8 2018-06-08 CVE-2014-5220

The mdcheck script of the mdadm package for openSUSE 13.2 prior to version 3.3.1-5.14.1 does not properly sanitize device names, which allows local attackers to execute arbitrary commands as root.

8.8 2018-03-11 CVE-2016-5314

Buffer overflow in the PixarLogDecode function in tif_pixarlog.c in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted TIFF image, as demonstrated by overwriting the vgetparent function pointer with rgb2ycbcr.

7.5 2017-12-05 CVE-2016-1254

Tor before 0.2.8.12 might allow remote attackers to cause a denial of service (client crash) via a crafted hidden service descriptor.

7.5 2017-08-07 CVE-2014-3462

The ".encfs6.xml" configuration file in encfs before 1.7.5 allows remote attackers to access sensitive data by setting "blockMACBytes" to 0 and adding 8 to "blockMACRandBytes".

5.5 2017-08-02 CVE-2015-5203

Double free vulnerability in the jasper_image_stop_load function in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via a crafted JPEG 2000 image file.

5.5 2017-07-25 CVE-2015-5221

Use-after-free vulnerability in the mif_process_cmpt function in libjasper/mif/mif_cod.c in the JasPer JPEG-2000 library before 1.900.2 allows remote attackers to cause a denial of service (crash) via a crafted JPEG 2000 image file.

7.5 2017-07-21 CVE-2015-5300

The panic_gate check in NTP before 4.2.8p5 is only re-enabled after the first change to the system clock that was greater than 128 milliseconds by default, which allows remote attackers to set NTP to an arbitrary time when started with the -g option, or to alter the time by up to 900 seconds otherwise by responding to an unspecified number of requests from trusted sources, and leveraging a resulting denial of service (abort and restart).

6.5 2017-06-26 CVE-2014-8127

LibTIFF 4.0.3 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted TIFF image to the (1) checkInkNamesString function in tif_dir.c in the thumbnail tool, (2) compresscontig function in tiff2bw.c in the tiff2bw tool, (3) putcontig8bitCIELab function in tif_getimage.c in the tiff2rgba tool, LZWPreDecode function in tif_lzw.c in the (4) tiff2ps or (5) tiffdither tool, (6) NeXTDecode function in tif_next.c in the tiffmedian tool, or (7) TIFFWriteDirectoryTagLongLong8Array function in tif_dirwrite.c in the tiffset tool.

9.8 2017-05-23 CVE-2016-9843

The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving big-endian CRC calculation.

8.8 2017-05-23 CVE-2016-9842

The inflateMark function in inflate.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving left shifts of negative integers.

9.8 2017-05-23 CVE-2016-9841

inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.

8.8 2017-05-23 CVE-2016-9840

inftrees.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.

9.8 2017-05-23 CVE-2016-5178

Multiple unspecified vulnerabilities in Google Chrome before 53.0.2785.143 allow remote attackers to cause a denial of service or possibly have other impact via unknown vectors.

CWE : Common Weakness Enumeration

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
%idName
30% (151) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
7% (39) CWE-200 Information Exposure
7% (38) CWE-189 Numeric Errors
7% (36) CWE-20 Improper Input Validation
5% (28) CWE-264 Permissions, Privileges, and Access Controls
4% (23) CWE-399 Resource Management Errors
4% (23) CWE-284 Access Control (Authorization) Issues
4% (23) CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting')
3% (19) CWE-17 Code
3% (16) CWE-125 Out-of-bounds Read
2% (13) CWE-254 Security Features
2% (13) CWE-19 Data Handling
1% (9) CWE-310 Cryptographic Issues
1% (7) CWE-787 Out-of-bounds Write
1% (6) CWE-476 NULL Pointer Dereference
1% (6) CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path ...
1% (5) CWE-416 Use After Free
1% (5) CWE-362 Race Condition
1% (5) CWE-59 Improper Link Resolution Before File Access ('Link Following')
0% (4) CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')
0% (3) CWE-190 Integer Overflow or Wraparound
0% (3) CWE-89 Improper Sanitization of Special Elements used in an SQL Command ('...
0% (2) CWE-415 Double Free
0% (2) CWE-369 Divide By Zero
0% (2) CWE-352 Cross-Site Request Forgery (CSRF)

Open Source Vulnerability Database (OSVDB)

id Description
56286 libwmf Embedded GD Library WMF File Handling Use-After-Free Arbitrary Code Ex...

ExploitDB Exploits

id Description
35359 tcpdump 4.6.2 Geonet Decoder Denial of Service
29519 Horde Groupware Web Mail Edition 5.1.2 - CSRF Vulnerability

OpenVAS Exploits

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2012-11-15 Name : Fedora Update for icedtea-web FEDORA-2012-17745
File : nvt/gb_fedora_2012_17745_icedtea-web_fc16.nasl
2012-11-15 Name : Fedora Update for icedtea-web FEDORA-2012-17762
File : nvt/gb_fedora_2012_17762_icedtea-web_fc17.nasl
2012-11-09 Name : Ubuntu Update for icedtea-web USN-1625-1
File : nvt/gb_ubuntu_USN_1625_1.nasl
2012-11-09 Name : CentOS Update for icedtea-web CESA-2012:1434 centos6
File : nvt/gb_CESA-2012_1434_icedtea-web_centos6.nasl
2012-11-09 Name : RedHat Update for icedtea-web RHSA-2012:1434-01
File : nvt/gb_RHSA-2012_1434-01_icedtea-web.nasl
2012-09-07 Name : FreeBSD Ports: gatekeeper
File : nvt/freebsd_gatekeeper0.nasl
2012-05-31 Name : FreeBSD Ports: chromium
File : nvt/freebsd_chromium13.nasl
2012-05-07 Name : Google Chrome Multiple Denial of Service Vulnerabilities - May 12 (Windows)
File : nvt/gb_google_chrome_mult_dos_vuln_may12_win.nasl
2012-05-07 Name : Google Chrome Multiple Denial of Service Vulnerabilities - May 12 (Mac OS X)
File : nvt/gb_google_chrome_mult_dos_vuln_may12_macosx.nasl
2012-05-07 Name : Google Chrome Multiple Denial of Service Vulnerabilities - May 12 (Linux)
File : nvt/gb_google_chrome_mult_dos_vuln_may12_lin.nasl
2011-08-09 Name : CentOS Update for libwmf CESA-2009:0457 centos4 i386
File : nvt/gb_CESA-2009_0457_libwmf_centos4_i386.nasl
2011-08-09 Name : CentOS Update for libwmf CESA-2009:0457 centos5 i386
File : nvt/gb_CESA-2009_0457_libwmf_centos5_i386.nasl
2009-12-10 Name : Mandriva Security Advisory MDVSA-2009:106-1 (libwmf)
File : nvt/mdksa_2009_106_1.nasl
2009-07-06 Name : Gentoo Security Advisory GLSA 200907-01 (libwmf)
File : nvt/glsa_200907_01.nasl
2009-06-15 Name : SuSE Security Summary SUSE-SR:2009:011
File : nvt/suse_sr_2009_011.nasl
2009-06-05 Name : Ubuntu USN-769-1 (libwmf)
File : nvt/ubuntu_769_1.nasl
2009-06-05 Name : Ubuntu USN-771-1 (libmodplug)
File : nvt/ubuntu_771_1.nasl
2009-06-05 Name : Ubuntu USN-772-1 (mpfr)
File : nvt/ubuntu_772_1.nasl
2009-06-05 Name : Ubuntu USN-773-1 (pango1.0)
File : nvt/ubuntu_773_1.nasl
2009-06-05 Name : Mandrake Security Advisory MDVSA-2009:106 (libwmf)
File : nvt/mdksa_2009_106.nasl
2009-06-05 Name : Fedora Core 10 FEDORA-2009-5524 (libwmf)
File : nvt/fcore_2009_5524.nasl
2009-06-05 Name : Fedora Core 11 FEDORA-2009-5518 (libwmf)
File : nvt/fcore_2009_5518.nasl
2009-06-05 Name : Fedora Core 9 FEDORA-2009-5517 (libwmf)
File : nvt/fcore_2009_5517.nasl
2009-05-20 Name : FreeBSD Ports: libwmf
File : nvt/freebsd_libwmf.nasl
2009-05-20 Name : CentOS Security Advisory CESA-2009:0457 (libwmf)
File : nvt/ovcesa2009_0457.nasl

Information Assurance Vulnerability Management (IAVM)

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2015-A-0199 Multiple Vulnerabilities in Apple Mac OS X
Severity: Category I - VMSKEY: V0061337
2015-A-0174 Multiple Vulnerabilities in Apache HTTP Server
Severity: Category I - VMSKEY: V0061135
2015-A-0160 Multiple Vulnerabilities in Oracle Linux and Virtualization
Severity: Category I - VMSKEY: V0061123
2015-A-0113 Multiple Vulnerabilities in Juniper Networks CTPOS
Severity: Category I - VMSKEY: V0060737
2015-A-0038 Multiple Vulnerabilities in GNU C Library (glibc)
Severity: Category I - VMSKEY: V0058753
2014-B-0103 Multiple Vulnerabilities in VMware Horizon View Client
Severity: Category I - VMSKEY: V0053509
2014-B-0102 Multiple Vulnerabilities in VMware vCenter Converter Standalone 5.5
Severity: Category I - VMSKEY: V0053507
2014-B-0101 Multiple Vulnerabilities in VMware vCenter Converter Standalone 5.1
Severity: Category I - VMSKEY: V0053505
2014-A-0115 Multiple Vulnerabilities in VMware Horizon View
Severity: Category I - VMSKEY: V0053501
2014-B-0097 Multiple Vulnerabilities in VMware ESXi 5.0
Severity: Category I - VMSKEY: V0053319
2014-A-0111 Multiple Vulnerabilities in VMware Workstation
Severity: Category I - VMSKEY: V0053179
2014-A-0103 Multiple Vulnerabilities in Oracle E-Business
Severity: Category I - VMSKEY: V0053195
2014-A-0109 Multiple Vulnerabilities in VMware Fusion
Severity: Category I - VMSKEY: V0053183
2014-A-0110 Multiple Vulnerabilities in VMware Player
Severity: Category I - VMSKEY: V0053181
2014-B-0095 Multiple Vulnerabilities in Splunk
Severity: Category I - VMSKEY: V0053177
2014-B-0088 Multiple Vulnerabilities in VMware ESXi 5.5
Severity: Category I - VMSKEY: V0052911
2014-B-0089 Multiple Vulnerabilities in VMware ESXi 5.1
Severity: Category I - VMSKEY: V0052909
2014-B-0091 Multiple Vulnerabilities in VMware vCenter Update Manager 5.5
Severity: Category I - VMSKEY: V0052907
2014-B-0084 HP Onboard Administrator Information Disclosure Vulnerability
Severity: Category I - VMSKEY: V0052901
2014-B-0085 Multiple Vulnerabilities in HP System Management Homepage (SMH)
Severity: Category I - VMSKEY: V0052899
2014-B-0092 Multiple Vulnerabilities in VMware vSphere Client 5.5
Severity: Category I - VMSKEY: V0052893
2014-A-0089 Multiple Vulnerabilities in Juniper Pulse Secure Access Service (IVE)
Severity: Category I - VMSKEY: V0052805
2014-B-0079 Multiple Vulnerabilities in IBM AIX
Severity: Category I - VMSKEY: V0052641
2014-B-0078 Multiple Vulnerabilities in Blue Coat ProxySG
Severity: Category I - VMSKEY: V0052639
2014-A-0087 Multiple Vulnerabilities in McAfee ePolicy Orchestrator
Severity: Category I - VMSKEY: V0052637

Snort® IPS/IDS

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
Date Description
2020-01-21 OpenSSL SSL ChangeCipherSpec man-in-the-middle attempt
RuleID : 52487 - Type : SERVER-OTHER - Revision : 1
2018-12-07 out-of-bounds write attempt with malicious MAR file detected
RuleID : 48296 - Type : FILE-OTHER - Revision : 2
2018-12-07 out-of-bounds write attempt with malicious MAR file detected
RuleID : 48295 - Type : FILE-OTHER - Revision : 2
2018-06-21 Mozilla Firefox nsHTMLDocument SetBody use-after-free attempt
RuleID : 46781 - Type : BROWSER-FIREFOX - Revision : 2
2018-06-21 Mozilla Firefox nsHTMLDocument SetBody use-after-free attempt
RuleID : 46767 - Type : BROWSER-FIREFOX - Revision : 4
2018-06-21 Mozilla Firefox nsHTMLDocument SetBody use-after-free attempt
RuleID : 46766 - Type : BROWSER-FIREFOX - Revision : 2
2018-06-21 Mozilla Firefox nsHTMLDocument SetBody use-after-free attempt
RuleID : 46765 - Type : BROWSER-FIREFOX - Revision : 2
2018-03-23 NTP crypto-NAK denial of service attempt
RuleID : 45693 - Type : SERVER-OTHER - Revision : 3
2018-02-03 Adobe Flash Player ConvolutionFilter Matrix use after free attempt
RuleID : 45310 - Type : FILE-FLASH - Revision : 1
2018-02-03 Adobe Flash Player ConvolutionFilter Matrix use after free attempt
RuleID : 45309 - Type : FILE-FLASH - Revision : 1
2017-12-13 LibYAML yaml_parser_scan_uri_escapes heap buffer overflow attempt
RuleID : 44759 - Type : FILE-OTHER - Revision : 2
2017-12-13 LibYAML yaml_parser_scan_uri_escapes heap buffer overflow attempt
RuleID : 44758 - Type : FILE-OTHER - Revision : 2
2017-12-13 LibYAML yaml_parser_scan_uri_escapes heap buffer overflow attempt
RuleID : 44757 - Type : FILE-OTHER - Revision : 2
2017-12-13 NTP crypto-NAK denial of service attempt
RuleID : 44756 - Type : SERVER-OTHER - Revision : 3
2017-04-12 cURL and libcurl set-cookie remote code execution attempt
RuleID : 41853 - Type : OS-LINUX - Revision : 4
2017-01-12 Nitro Pro PDF Reader out of bounds write attempt
RuleID : 41197 - Type : FILE-PDF - Revision : 5
2017-01-12 Nitro Pro PDF Reader out of bounds write attempt
RuleID : 41196 - Type : FILE-PDF - Revision : 5
2016-11-08 Mozilla Firefox CSP report-uri arbitrary file write attempt
RuleID : 40363 - Type : BROWSER-FIREFOX - Revision : 2
2016-07-13 iperf3 heap overflow remote code execution attempt
RuleID : 39165 - Type : SERVER-WEBAPP - Revision : 2
2016-06-09 Google Chrome PDFium jpeg2000 SIZ segment check failure heap buffer overflow ...
RuleID : 39162 - Type : FILE-PDF - Revision : 4
2016-06-09 Google Chrome PDFium jpeg2000 SIZ segment check failure heap buffer overflow ...
RuleID : 39161 - Type : FILE-PDF - Revision : 4
2016-07-01 ImageMagick and GraphicsMagick OpenBlob command injection attempt
RuleID : 39097 - Type : FILE-IMAGE - Revision : 2
2016-07-01 ImageMagick and GraphicsMagick OpenBlob command injection attempt
RuleID : 39096 - Type : FILE-IMAGE - Revision : 2
2016-07-01 ImageMagick and GraphicsMagick OpenBlob command injection attempt
RuleID : 39095 - Type : FILE-IMAGE - Revision : 2
2016-07-01 ImageMagick and GraphicsMagick OpenBlob command injection attempt
RuleID : 39094 - Type : FILE-IMAGE - Revision : 2

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2019-01-16 Name: The remote database server is affected by multiple vulnerabilities
File: mariadb_10_0_37.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-242f6c1a41.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-55b875c1ac.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-924da855e1.nasl - Type: ACT_GATHER_INFO
2018-12-18 Name: The remote device is missing a vendor-supplied security patch.
File: f5_bigip_SOL06493172.nasl - Type: ACT_GATHER_INFO
2018-12-18 Name: The remote device is missing a vendor-supplied security patch.
File: f5_bigip_SOL16365.nasl - Type: ACT_GATHER_INFO
2018-12-07 Name: The remote Amazon Linux AMI host is missing a security update.
File: ala_ALAS-2018-1114.nasl - Type: ACT_GATHER_INFO
2018-12-07 Name: The remote Amazon Linux AMI host is missing a security update.
File: ala_ALAS-2018-1115.nasl - Type: ACT_GATHER_INFO
2018-12-07 Name: The remote Amazon Linux AMI host is missing a security update.
File: ala_ALAS-2018-1116.nasl - Type: ACT_GATHER_INFO
2018-11-27 Name: The remote Fedora host is missing a security update.
File: fedora_2018-192148f4ff.nasl - Type: ACT_GATHER_INFO
2018-11-23 Name: The remote Debian host is missing a security update.
File: debian_DLA-1583.nasl - Type: ACT_GATHER_INFO
2018-11-21 Name: The remote EulerOS Virtualization host is missing a security update.
File: EulerOS_SA-2018-1376.nasl - Type: ACT_GATHER_INFO
2018-11-06 Name: The remote Slackware host is missing a security update.
File: Slackware_SSA_2018-309-01.nasl - Type: ACT_GATHER_INFO
2018-10-26 Name: The remote EulerOS Virtualization host is missing multiple security updates.
File: EulerOS_SA-2018-1344.nasl - Type: ACT_GATHER_INFO
2018-10-22 Name: The remote FreeBSD host is missing one or more security-related updates.
File: freebsd_pkg_ec5072b0d43a11e8a6d2b499baebfeaf.nasl - Type: ACT_GATHER_INFO
2018-10-19 Name: The remote database server is affected by multiple vulnerabilities.
File: mysql_5_5_62.nasl - Type: ACT_GATHER_INFO
2018-10-19 Name: The remote database server is affected by multiple vulnerabilities.
File: mysql_5_6_42.nasl - Type: ACT_GATHER_INFO
2018-10-19 Name: The remote database server is affected by multiple vulnerabilities.
File: mysql_5_7_24.nasl - Type: ACT_GATHER_INFO
2018-10-19 Name: The remote database server is affected by multiple vulnerabilities.
File: mysql_8_0_13.nasl - Type: ACT_GATHER_INFO
2018-10-18 Name: The remote host is missing a macOS update that fixes multiple security vulner...
File: macos_10_14.nasl - Type: ACT_GATHER_INFO
2018-09-18 Name: The remote EulerOS Virtualization host is missing a security update.
File: EulerOS_SA-2018-1272.nasl - Type: ACT_GATHER_INFO
2018-08-17 Name: The remote PhotonOS host is missing multiple security updates.
File: PhotonOS_PHSA-2016-0011.nasl - Type: ACT_GATHER_INFO
2018-08-17 Name: The remote PhotonOS host is missing multiple security updates.
File: PhotonOS_PHSA-2016-0013.nasl - Type: ACT_GATHER_INFO
2018-08-17 Name: The remote PhotonOS host is missing multiple security updates.
File: PhotonOS_PHSA-2017-0008.nasl - Type: ACT_GATHER_INFO
2018-08-17 Name: The remote PhotonOS host is missing multiple security updates.
File: PhotonOS_PHSA-2017-0013.nasl - Type: ACT_GATHER_INFO