CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Novell » Opensuse » 13.1 : Security Vulnerabilities

Cpe Name:cpe:/o:novell:opensuse:13.1
Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2015-4588 119 DoS Exec Code Overflow 2015-07-01 2015-07-02
6.8
None Remote Medium Not required Partial Partial Partial
Heap-based buffer overflow in the DecodeImage function in libwmf 0.2.8.4 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted "run-length count" in an image in a WMF file.
2 CVE-2015-4156 59 2015-06-02 2015-06-03
3.6
None Local Low Not required None Partial Partial
GNU Parallel before 20150522 (Nepal), when using (1) --cat or (2) --fifo with --sshlogin, allows local users to write to arbitrary files via a symlink attack on a temporary file.
3 CVE-2015-4146 DoS 2015-06-15 2015-06-16
5.0
None Remote Low Not required None None Partial
The EAP-pwd peer implementation in hostapd and wpa_supplicant 1.0 through 2.4 does not clear the L (Length) and M (More) flags before determining if a response should be fragmented, which allows remote attackers to cause a denial of service (crash) via a crafted message.
4 CVE-2015-4145 399 DoS 2015-06-15 2015-06-16
5.0
None Remote Low Not required None None Partial
The EAP-pwd server and peer implementation in hostapd and wpa_supplicant 1.0 through 2.4 does not validate a fragment is already being processed, which allows remote attackers to cause a denial of service (memory leak) via a crafted message.
5 CVE-2015-4144 119 DoS Overflow 2015-06-15 2015-06-16
5.0
None Remote Low Not required None None Partial
The EAP-pwd server and peer implementation in hostapd and wpa_supplicant 1.0 through 2.4 does not validate that a message is long enough to contain the Total-Length field, which allows remote attackers to cause a denial of service (crash) via a crafted message.
6 CVE-2015-4143 119 DoS Overflow 2015-06-15 2015-06-16
5.0
None Remote Low Not required None None Partial
The EAP-pwd server and peer implementation in hostapd and wpa_supplicant 1.0 through 2.4 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted (1) Commit or (2) Confirm message payload.
7 CVE-2015-4142 119 DoS Overflow 2015-06-15 2015-06-16
4.3
None Remote Medium Not required None None Partial
Integer underflow in the WMM Action frame parser in hostapd 0.5.5 through 2.4 and wpa_supplicant 0.7.0 through 2.4, when used for AP mode MLME/SME functionality, allows remote attackers to cause a denial of service (crash) via a crafted frame, which triggers an out-of-bounds read.
8 CVE-2015-4141 119 DoS Overflow 2015-06-15 2015-06-16
4.3
None Remote Medium Not required None None Partial
The WPS UPnP function in hostapd, when using WPS AP, and wpa_supplicant, when using WPS external registrar (ER), 0.7.0 through 2.4 allows remote attackers to cause a denial of service (crash) via a negative chunk length, which triggers an out-of-bounds read or heap-based buffer overflow.
9 CVE-2015-3026 DoS 2015-04-29 2015-05-11
5.0
None Remote Low Not required None None Partial
Icecast before 2.4.2, when a stream_auth handler is defined for URL authentication, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a request without login credentials, as demonstrated by a request to "admin/killsource?mount=/test.ogg."
10 CVE-2015-2718 200 Bypass +Info 2015-05-14 2015-07-01
4.3
None Remote Medium Not required Partial None None
The WebChannel.jsm module in Mozilla Firefox before 38.0 allows remote attackers to bypass the Same Origin Policy and obtain sensitive webchannel-response data via a crafted web site containing an IFRAME element referencing a different web site that is intended to read this data.
11 CVE-2015-2717 189 DoS Exec Code Overflow 2015-05-14 2015-06-30
6.8
None Remote Medium Not required Partial Partial Partial
Integer overflow in libstagefright in Mozilla Firefox before 38.0 allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow and out-of-bounds read) via an MP4 video file containing invalid metadata.
12 CVE-2015-2709 DoS Exec Code Mem. Corr. 2015-05-14 2015-06-25
7.5
None Remote Low Not required Partial Partial Partial
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 38.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
13 CVE-2015-2331 189 DoS Exec Code Overflow 2015-03-30 2015-04-13
7.5
None Remote Low Not required Partial Partial Partial
Integer overflow in the _zip_cdir_new function in zip_dirent.c in libzip 0.11.2 and earlier, as used in the ZIP extension in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a ZIP archive that contains many entries, leading to a heap-based buffer overflow.
14 CVE-2015-2305 189 Exec Code Overflow 2015-03-30 2015-06-03
6.8
None Remote Medium Not required Partial Partial Partial
Integer overflow in the regcomp implementation in the Henry Spencer BSD regex library (aka rxspencer) alpha3.8.g5 on 32-bit platforms, as used in NetBSD through 6.1.5 and other products, might allow context-dependent attackers to execute arbitrary code via a large regular expression that leads to a heap-based buffer overflow.
15 CVE-2015-2301 DoS 2015-03-30 2015-05-21
7.5
None Remote Low Not required Partial Partial Partial
Use-after-free vulnerability in the phar_rename_archive function in phar_object.c in PHP before 5.5.22 and 5.6.x before 5.6.6 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an attempted renaming of a Phar archive to the name of an existing file.
16 CVE-2015-2192 189 DoS Overflow 2015-03-07 2015-03-23
5.0
None Remote Low Not required None None Partial
Integer overflow in the dissect_osd2_cdb_continuation function in epan/dissectors/packet-scsi-osd.c in the SCSI OSD dissector in Wireshark 1.12.x before 1.12.4 allows remote attackers to cause a denial of service (infinite loop) via a crafted length field in a packet.
17 CVE-2015-2191 189 DoS Overflow 2015-03-07 2015-04-06
5.0
None Remote Low Not required None None Partial
Integer overflow in the dissect_tnef function in epan/dissectors/packet-tnef.c in the TNEF dissector in Wireshark 1.10.x before 1.10.13 and 1.12.x before 1.12.4 allows remote attackers to cause a denial of service (infinite loop) via a crafted length field in a packet.
18 CVE-2015-2190 19 DoS 2015-03-07 2015-03-23
5.0
None Remote Low Not required None None Partial
epan/proto.c in Wireshark 1.12.x before 1.12.4 does not properly handle integer data types greater than 32 bits in size, which allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted packet that is improperly handled by the LLDP dissector.
19 CVE-2015-2189 189 DoS 2015-03-07 2015-04-06
5.0
None Remote Low Not required None None Partial
Off-by-one error in the pcapng_read function in wiretap/pcapng.c in the pcapng file parser in Wireshark 1.10.x before 1.10.13 and 1.12.x before 1.12.4 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via an invalid Interface Statistics Block (ISB) interface ID in a crafted packet.
20 CVE-2015-2188 19 DoS 2015-03-07 2015-04-06
5.0
None Remote Low Not required None None Partial
epan/dissectors/packet-wcp.c in the WCP dissector in Wireshark 1.10.x before 1.10.13 and 1.12.x before 1.12.4 does not properly initialize a data structure, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet that is improperly handled during decompression.
21 CVE-2015-2187 20 DoS Mem. Corr. 2015-03-07 2015-03-23
5.0
None Remote Low Not required None None Partial
The dissect_atn_cpdlc_heur function in asn1/atn-cpdlc/packet-atn-cpdlc-template.c in the ATN-CPDLC dissector in Wireshark 1.12.x before 1.12.4 does not properly follow the TRY/ENDTRY code requirements, which allows remote attackers to cause a denial of service (stack memory corruption and application crash) via a crafted packet.
22 CVE-2015-2157 200 +Info 2015-03-27 2015-03-31
2.1
None Local Low Not required Partial None None
The (1) ssh2_load_userkey and (2) ssh2_save_userkey functions in PuTTY 0.51 through 0.63 do not properly wipe SSH-2 private keys from memory, which allows local users to obtain sensitive information by reading the memory.
23 CVE-2015-1419 Bypass 2015-01-28 2015-01-28
5.0
None Remote Low Not required None Partial None
Unspecified vulnerability in vsftp 3.0.2 and earlier allows remote attackers to bypass access restrictions via unknown vectors, related to deny_file parsing.
24 CVE-2015-1382 20 DoS 2015-02-03 2015-02-19
5.0
None Remote Low Not required None None Partial
parsers.c in Privoxy before 3.0.23 allows remote attackers to cause a denial of service (invalid read and crash) via vectors related to an HTTP time header.
25 CVE-2015-1381 399 DoS 2015-02-03 2015-02-19
5.0
None Remote Low Not required None None Partial
Multiple unspecified vulnerabilities in pcrs.c in Privoxy before 3.0.23 allow remote attackers to cause a denial of service (segmentation fault or memory consumption) via unspecified vectors.
26 CVE-2015-1380 20 DoS 2015-02-03 2015-02-19
5.0
None Remote Low Not required None None Partial
jcc.c in Privoxy before 3.0.23 allows remote attackers to cause a denial of service (abort) via a crafted chunk-encoded body.
27 CVE-2015-1196 59 2015-01-21 2015-02-11
4.3
None Remote Medium Not required None Partial None
GNU patch 2.7.1 allows remote attackers to write to arbitrary files via a symlink attack in a patch file.
28 CVE-2015-0848 119 DoS Exec Code Overflow 2015-07-01 2015-07-02
6.8
None Remote Medium Not required Partial Partial Partial
Heap-based buffer overflow in libwmf 0.2.8.4 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted BMP image.
29 CVE-2015-0778 77 Exec Code 2015-03-16 2015-04-09
7.5
None Remote Low Not required Partial Partial Partial
osc before 0.151.0 allows remote attackers to execute arbitrary commands via shell metacharacters in a _service file.
30 CVE-2015-0552 22 Dir. Trav. 2015-01-15 2015-02-17
6.4
None Remote Low Not required None Partial Partial
Directory traversal vulnerability in the gcab_folder_extract function in libgcab/gcab-folder.c in gcab 0.4 allows remote attackers to write to arbitrary files via crafted path in a CAB file, as demonstrated by "\tmp\moo."
31 CVE-2015-0295 189 DoS 2015-03-25 2015-03-27
5.0
None Remote Low Not required None None Partial
The BMP decoder in QtGui in QT before 5.5 does not properly calculate the masks used to extract the color components, which allows remote attackers to cause a denial of service (divide-by-zero and crash) via a crafted BMP file.
32 CVE-2015-0255 200 DoS +Info 2015-02-13 2015-04-14
6.4
None Remote Low Not required Partial None Partial
X.Org Server (aka xserver and xorg-server) before 1.16.3 and 1.17.x before 1.17.1 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (crash) via a crafted string length value in a XkbSetGeometry request.
33 CVE-2015-0245 362 DoS 2015-02-13 2015-04-14
1.9
None Local Medium Not required None None Partial
D-Bus 1.4.x through 1.6.x before 1.6.30, 1.8.x before 1.8.16, and 1.9.x before 1.9.10 does not validate the source of ActivationFailure signals, which allows local users to cause a denial of service (activation failure error returned) by leveraging a race condition involving sending an ActivationFailure signal before systemd responds.
34 CVE-2014-9709 119 DoS Overflow 2015-03-30 2015-05-21
5.0
None Remote Low Not required None None Partial
The GetCode_ function in gd_gif_in.c in GD 2.1.1 and earlier, as used in PHP before 5.5.21 and 5.6.x before 5.6.5, allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted GIF image that is improperly handled by the gdImageCreateFromGif function.
35 CVE-2014-9640 119 DoS Overflow 2015-01-23 2015-04-17
5.0
None Remote Low Not required None None Partial
oggenc/oggenc.c in vorbis-tools 1.4.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted raw file.
36 CVE-2014-9512 59 2015-02-12 2015-02-12
6.4
None Remote Low Not required None Partial Partial
rsync 3.1.1 allows remote attackers to write to arbitrary files via a symlink attack on a file in the synchronization path.
37 CVE-2014-9496 119 Overflow 2015-01-16 2015-03-23
10.0
None Remote Low Not required Complete Complete Complete
The sd2_parse_rsrc_fork function in sd2.c in libsndfile allows attackers to have unspecified impact via vectors related to a (1) map offset or (2) rsrc marker, which triggers an out-of-bounds read.
38 CVE-2014-9488 119 Overflow 2015-04-14 2015-04-15
10.0
None Remote Low Not required Complete Complete Complete
The is_utf8_well_formed function in GNU less before 475 allows remote attackers to have unspecified impact via malformed UTF-8 characters, which triggers an out-of-bounds read.
39 CVE-2014-9462 20 Exec Code 2015-03-31 2015-04-01
7.5
None Remote Low Not required Partial Partial Partial
The _validaterepo function in sshpeer in Mercurial before 3.2.4 allows remote attackers to execute arbitrary commands via a crafted repository name in a clone command.
40 CVE-2014-9402 399 DoS 2015-02-24 2015-06-03
7.8
None Remote Low Not required None None Complete
The nss_dns implementation of getnetbyname in GNU C Library (aka glibc) before 2.21, when the DNS backend in the Name Service Switch configuration is enabled, allows remote attackers to cause a denial of service (infinite loop) by sending a positive answer while a network name is being process.
41 CVE-2014-8643 264 Bypass 2015-01-14 2015-02-27
7.1
None Remote Medium Not required None Complete None
Mozilla Firefox before 35.0 on Windows allows remote attackers to bypass the Gecko Media Plugin (GMP) sandbox protection mechanism by leveraging access to the GMP process, as demonstrated by the OpenH264 plugin's process.
42 CVE-2014-8642 310 +Info 2015-01-14 2015-02-27
4.3
None Remote Medium Not required Partial None None
Mozilla Firefox before 35.0 and SeaMonkey before 2.32 do not consider the id-pkix-ocsp-nocheck extension in deciding whether to trust an OCSP responder, which makes it easier for remote attackers to obtain sensitive information by sniffing the network during a session in which there was an incorrect decision to accept a compromised and revoked certificate.
43 CVE-2014-8640 362 DoS 2015-01-14 2015-03-17
5.0
None Remote Low Not required None None Partial
The mozilla::dom::AudioParamTimeline::AudioNodeInputValue function in the Web Audio API implementation in Mozilla Firefox before 35.0 and SeaMonkey before 2.32 does not properly restrict timeline operations, which allows remote attackers to cause a denial of service (uninitialized-memory read and application crash) via crafted API calls.
44 CVE-2014-8169 264 +Priv 2015-03-18 2015-03-18
4.4
None Local Medium Not required Partial Partial Partial
automount 5.0.8, when a program map uses certain interpreted languages, uses the calling user's USER and HOME environment variable values instead of the values for the user used to run the mapped program, which allows local users to gain privileges via a Trojan horse program in the user home directory.
45 CVE-2014-8158 119 DoS Exec Code Overflow 2015-01-26 2015-04-02
6.8
None Remote Medium Not required Partial Partial Partial
Multiple stack-based buffer overflows in jpc_qmfb.c in JasPer 1.900.1 and earlier allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted JPEG 2000 image.
46 CVE-2014-8157 189 DoS Exec Code Overflow 2015-01-26 2015-04-02
7.5
None Remote Low Not required Partial Partial Partial
Off-by-one error in the jpc_dec_process_sot function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted JPEG 2000 image, which triggers a heap-based buffer overflow.
47 CVE-2014-8148 264 Exec Code 2015-01-26 2015-03-05
7.2
Admin Local Low Not required Complete Complete Complete
The default D-Bus access control rule in Midgard2 10.05.7.1 allows local users to send arbitrary method calls or signals to any process on the system bus and possibly execute arbitrary code with root privileges.
48 CVE-2014-8080 DoS 2014-11-03 2015-04-22
5.0
None Remote Low Not required None None Partial
The REXML parser in Ruby 1.9.x before 1.9.3-p550, 2.0.x before 2.0.0-p594, and 2.1.x before 2.1.4 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document, aka an XML Entity Expansion (XEE) attack.
49 CVE-2014-7817 20 Exec Code 2014-11-24 2015-03-17
4.6
None Local Low Not required Partial Partial Partial
The wordexp function in GNU C Library (aka glibc) 2.21 does not enforce the WRDE_NOCMD flag, which allows context-dependent attackers to execute arbitrary commands, as demonstrated by input containing "$((`...`))".
50 CVE-2014-5177 20 2014-08-03 2014-12-23
1.2
None Local High Not required Partial None None
libvirt 1.0.0 through 1.2.x before 1.2.5, when fine grained access control is enabled, allows local users to read arbitrary files via a crafted XML document containing an XML external entity declaration in conjunction with an entity reference to the (1) virDomainDefineXML, (2) virNetworkCreateXML, (3) virNetworkDefineXML, (4) virStoragePoolCreateXML, (5) virStoragePoolDefineXML, (6) virStorageVolCreateXML, (7) virDomainCreateXML, (8) virNodeDeviceCreateXML, (9) virInterfaceDefineXML, (10) virStorageVolCreateXMLFrom, (11) virConnectDomainXMLFromNative, (12) virConnectDomainXMLToNative, (13) virSecretDefineXML, (14) virNWFilterDefineXML, (15) virDomainSnapshotCreateXML, (16) virDomainSaveImageDefineXML, (17) virDomainCreateXMLWithFiles, (18) virConnectCompareCPU, or (19) virConnectBaselineCPU API method, related to an XML External Entity (XXE) issue. NOTE: this issue was SPLIT from CVE-2014-0179 per ADT3 due to different affected versions of some vectors.
Total number of vulnerabilities : 74   Page : 1 (This Page)2
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.