CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Opensuse : Security Vulnerabilities (CVSS score between 5 and 5.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2018-12467 264 2018-08-01 2018-10-15
5.5
None Remote Low Single system None Partial Partial
Authorized users of the openbuildservice before 2.9.4 could delete packages by using a malicious request against projects having the OBS:InitializeDevelPackage attribute, a similar issue to CVE-2018-7689.
2 CVE-2018-12466 264 2018-08-01 2018-10-09
5.5
None Remote Low Single system None Partial Partial
openSUSE openbuildservice before 9.2.4 allowed authenticated users to delete packages on specific projects with project links.
3 CVE-2017-14804 20 2018-03-01 2018-03-26
5.0
None Remote Low Not required None Partial None
The build package before 20171128 did not check directory names during extraction of build results that allowed untrusted builds to write outside of the target system,allowing escape out of buildroots.
4 CVE-2017-13086 254 2017-10-17 2018-05-16
5.4
None Local Network Medium Not required Partial Partial Partial
Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Tunneled Direct-Link Setup (TDLS) Peer Key (TPK) during the TDLS handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames.
5 CVE-2017-13084 254 2017-10-17 2018-05-10
5.4
None Local Network Medium Not required Partial Partial Partial
Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Station-To-Station-Link (STSL) Transient Key (STK) during the PeerKey handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames.
6 CVE-2017-13082 254 2017-10-17 2018-11-02
5.8
None Local Network Low Not required Partial Partial Partial
Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11r allows reinstallation of the Pairwise Transient Key (PTK) Temporal Key (TK) during the fast BSS transmission (FT) handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames.
7 CVE-2017-13077 254 2017-10-16 2018-11-13
5.4
None Local Network Medium Not required Partial Partial Partial
Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Pairwise Transient Key (PTK) Temporal Key (TK) during the four-way handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames.
8 CVE-2017-6594 284 Bypass 2017-08-28 2018-10-30
5.0
None Remote Low Not required None Partial None
The transit path validation code in Heimdal before 7.3 might allow attackers to bypass the capath policy protection mechanism by leveraging failure to add the previous hop realm to the transit path of issued tickets.
9 CVE-2017-6318 200 +Info 2017-03-20 2018-10-30
5.0
None Remote Low Not required Partial None None
saned in sane-backends 1.0.25 allows remote attackers to obtain sensitive memory information via a crafted SANE_NET_CONTROL_OPTION packet.
10 CVE-2017-5335 125 DoS 2017-03-24 2018-10-30
5.0
None Remote Low Not required None None Partial
The stream reading functions in lib/opencdk/read-packet.c in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allow remote attackers to cause a denial of service (out-of-memory error and crash) via a crafted OpenPGP certificate.
11 CVE-2017-5188 200 +Info 2018-03-01 2018-03-22
5.0
None Remote Low Not required Partial None None
The bs_worker code in open build service before 20170320 followed relative symlinks, allowing reading of files outside of the package source directory during build, allowing leakage of private information.
12 CVE-2016-10207 119 DoS Overflow 2017-02-28 2018-02-01
5.0
None Remote Low Not required None None Partial
The Xvnc server in TigerVNC allows remote attackers to cause a denial of service (invalid memory access and crash) by terminating a TLS handshake early.
13 CVE-2016-10165 125 DoS +Info 2017-02-03 2018-10-30
5.8
None Remote Medium Not required Partial None Partial
The Type_MLU_Read function in cmstypes.c in Little CMS (aka lcms2) allows remote attackers to obtain sensitive information or cause a denial of service via an image with a crafted ICC profile, which triggers an out-of-bounds heap read.
14 CVE-2016-9597 119 DoS Overflow 2018-07-30 2018-10-30
5.0
None Remote Low Not required None None Partial
It was found that Red Hat JBoss Core Services erratum RHSA-2016:2957 for CVE-2016-3705 did not actually include the fix for the issue found in libxml2, making it vulnerable to a Denial of Service attack due to a Stack Overflow. This is a regression CVE for the same issue as CVE-2016-3705.
15 CVE-2016-9448 476 DoS 2017-01-27 2018-10-30
5.0
None Remote Low Not required None None Partial
The TIFFFetchNormalTag function in LibTiff 4.0.6 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) by setting the tags TIFF_SETGET_C16ASCII or TIFF_SETGET_C32_ASCII to values that access 0-byte arrays. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-9297.
16 CVE-2016-9398 DoS 2017-03-23 2018-10-30
5.0
None Remote Low Not required None None Partial
The jpc_floorlog2 function in jpc_math.c in JasPer before 1.900.17 allows remote attackers to cause a denial of service (assertion failure) via unspecified vectors.
17 CVE-2016-8689 125 DoS 2017-02-15 2018-11-30
5.0
None Remote Low Not required None None Partial
The read_Header function in archive_read_support_format_7zip.c in libarchive 3.2.1 allows remote attackers to cause a denial of service (out-of-bounds read) via multiple EmptyStream attributes in a header in a 7zip archive.
18 CVE-2016-8687 119 DoS Overflow 2017-02-15 2018-11-30
5.0
None Remote Low Not required None None Partial
Stack-based buffer overflow in the safe_fprintf function in tar/util.c in libarchive 3.2.1 allows remote attackers to cause a denial of service via a crafted non-printable multibyte character in a filename.
19 CVE-2016-8682 125 DoS 2017-02-15 2018-10-30
5.0
None Remote Low Not required None None Partial
The ReadSCTImage function in coders/sct.c in GraphicsMagick 1.3.25 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted SCT header.
20 CVE-2016-7972 399 DoS 2017-03-03 2018-10-30
5.0
None Remote Low Not required None None Partial
The check_allocations function in libass/ass_shaper.c in libass before 0.13.4 allows remote attackers to cause a denial of service (memory allocation failure) via unspecified vectors.
21 CVE-2016-7969 125 DoS 2017-03-03 2018-10-30
5.0
None Remote Low Not required None None Partial
The wrap_lines_smart function in ass_render.c in libass before 0.13.4 allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors, related to "0/3 line wrapping equalization."
22 CVE-2016-7800 119 DoS Overflow 2017-02-06 2018-10-30
5.0
None Remote Low Not required None None Partial
Integer underflow in the parse8BIM function in coders/meta.c in GraphicsMagick 1.3.25 and earlier allows remote attackers to cause a denial of service (application crash) via a crafted 8BIM chunk, which triggers a heap-based buffer overflow.
23 CVE-2016-7797 254 DoS 2017-03-24 2018-10-30
5.0
None Remote Low Not required None None Partial
Pacemaker before 1.1.15, when using pacemaker remote, might allow remote attackers to cause a denial of service (node disconnection) via an unauthenticated connection.
24 CVE-2016-7449 125 DoS 2017-02-06 2018-10-30
5.0
None Remote Low Not required None None Partial
The TIFFGetField function in coders/tiff.c in GraphicsMagick 1.3.24 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a file containing an "unterminated" string.
25 CVE-2016-7445 476 DoS 2016-10-03 2018-10-30
5.0
None Remote Low Not required None None Partial
convert.c in OpenJPEG before 2.1.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors involving the variable s.
26 CVE-2016-7141 287 2016-10-03 2018-11-13
5.0
None Remote Low Not required None Partial None
curl and libcurl before 7.50.2, when built with NSS and the libnsspem.so library is available at runtime, allow remote attackers to hijack the authentication of a TLS connection by leveraging reuse of a previously loaded client certificate from file for a connection for which no certificate has been set, a different vulnerability than CVE-2016-5420.
27 CVE-2016-6855 787 DoS 2016-09-07 2018-10-30
5.0
None Remote Low Not required None None Partial
Eye of GNOME (aka eog) 3.16.5, 3.17.x, 3.18.x before 3.18.3, 3.19.x, and 3.20.x before 3.20.4, when used with glib before 2.44.1, allow remote attackers to cause a denial of service (out-of-bounds write and crash) via vectors involving passing invalid UTF-8 to GMarkup.
28 CVE-2016-6352 787 DoS 2016-10-03 2018-10-30
5.0
None Remote Low Not required None None Partial
The OneLine32 function in io-ico.c in gdk-pixbuf before 2.35.3 allows remote attackers to cause a denial of service (out-of-bounds write and crash) via crafted dimensions in an ICO file.
29 CVE-2016-6323 284 DoS 2016-10-07 2018-10-30
5.0
None Remote Low Not required None None Partial
The makecontext function in the GNU C Library (aka glibc or libc6) before 2.25 creates execution contexts incompatible with the unwinder on ARM EABI (32-bit) platforms, which might allow context-dependent attackers to cause a denial of service (hang), as demonstrated by applications compiled using gccgo, related to backtrace generation.
30 CVE-2016-6262 125 +Info 2016-09-07 2018-10-30
5.0
None Remote Low Not required Partial None None
idn in libidn before 1.33 might allow remote attackers to obtain sensitive memory information by reading a zero byte as input, which triggers an out-of-bounds read, a different vulnerability than CVE-2015-8948.
31 CVE-2016-6261 125 DoS 2016-09-07 2018-10-30
5.0
None Remote Low Not required None None Partial
The idna_to_ascii_4i function in lib/idna.c in libidn before 1.33 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via 64 bytes of input.
32 CVE-2016-6128 20 DoS 2016-08-07 2018-10-30
5.0
None Remote Low Not required None None Partial
The gdImageCropThreshold function in gd_crop.c in the GD Graphics Library (aka libgd) before 2.2.3, as used in PHP before 7.0.9, allows remote attackers to cause a denial of service (application crash) via an invalid color index.
33 CVE-2016-5739 200 +Info CSRF 2016-07-02 2018-10-30
5.0
None Remote Low Not required Partial None None
The Transformation implementation in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 does not use the no-referrer Content Security Policy (CSP) protection mechanism, which makes it easier for remote attackers to conduct CSRF attacks by reading an authentication token in a Referer header, related to libraries/Header.php.
34 CVE-2016-5730 200 +Info 2016-07-02 2018-10-30
5.0
None Remote Low Not required Partial None None
phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allows remote attackers to obtain sensitive information via vectors involving (1) an array value to FormDisplay.php, (2) incorrect data to validate.php, (3) unexpected data to Validator.php, (4) a missing config directory during setup, or (5) an incorrect OpenID identifier data type, which reveals the full path in an error message.
35 CVE-2016-5706 399 DoS 2016-07-02 2018-10-30
5.0
None Remote Low Not required None None Partial
js/get_scripts.js.php in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allows remote attackers to cause a denial of service via a large array in the scripts parameter.
36 CVE-2016-5420 285 2016-08-10 2018-11-13
5.0
None Remote Low Not required None Partial None
curl and libcurl before 7.50.1 do not check the client certificate when choosing the TLS connection to reuse, which might allow remote attackers to hijack the authentication of the connection by leveraging a previously created connection with a different client certificate.
37 CVE-2016-5419 310 Bypass 2016-08-10 2018-11-13
5.0
None Remote Low Not required Partial None None
curl and libcurl before 7.50.1 do not prevent TLS session resumption when the client certificate has changed, which allows remote attackers to bypass intended restrictions by resuming a session.
38 CVE-2016-5323 369 DoS 2017-01-20 2018-10-30
5.0
None Remote Low Not required None None Partial
The _TIFFFax3fillruns function in libtiff before 4.0.6 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted Tiff image.
39 CVE-2016-5301 20 DoS 2016-06-30 2018-10-30
5.0
None Remote Low Not required None None Partial
The parse_chunk_header function in libtorrent before 1.1.1 allows remote attackers to cause a denial of service (crash) via a crafted (1) HTTP response or possibly a (2) UPnP broadcast.
40 CVE-2016-5104 284 Bypass 2016-06-13 2018-10-30
5.0
None Remote Low Not required None Partial None
The socket_create function in common/socket.c in libimobiledevice and libusbmuxd allows remote attackers to bypass intended access restrictions and communicate with services on iOS devices by connecting to an IPv4 TCP socket.
41 CVE-2016-5098 22 Dir. Trav. 2016-07-04 2018-10-30
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in libraries/error_report.lib.php in phpMyAdmin before 4.6.2-prerelease allows remote attackers to determine the existence of arbitrary files by triggering an error.
42 CVE-2016-5097 200 +Info 2016-07-04 2018-10-30
5.0
None Remote Low Not required Partial None None
phpMyAdmin before 4.6.2 places tokens in query strings and does not arrange for them to be stripped before external navigation, which allows remote attackers to obtain sensitive information by reading (1) HTTP requests or (2) server logs.
43 CVE-2016-4957 20 DoS 2016-07-04 2018-10-30
5.0
None Remote Low Not required None None Partial
ntpd in NTP before 4.2.8p8 allows remote attackers to cause a denial of service (daemon crash) via a crypto-NAK packet. NOTE: this vulnerability exists because of an incorrect fix for CVE-2016-1547.
44 CVE-2016-4956 19 DoS 2016-07-04 2018-10-30
5.0
None Remote Low Not required None None Partial
ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (interleaved-mode transition and time change) via a spoofed broadcast packet. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-1548.
45 CVE-2016-4579 20 DoS 2016-06-13 2018-10-30
5.0
None Remote Low Not required None None Partial
Libksba before 1.3.4 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via unspecified vectors, related to the "returned length of the object from _ksba_ber_parse_tl."
46 CVE-2016-4574 189 DoS 2016-06-13 2018-10-30
5.0
None Remote Low Not required None None Partial
Off-by-one error in the append_utf8_value function in the DN decoder (dn.c) in Libksba before 1.3.4 allows remote attackers to cause a denial of service (out-of-bounds read) via invalid utf-8 encoded data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-4356.
47 CVE-2016-4478 119 DoS Overflow 2016-06-13 2018-10-30
5.0
None Remote Low Not required None None Partial
Buffer overflow in the xmlrpc_char_encode function in modules/transport/xmlrpc/xmlrpclib.c in Atheme before 7.2.7 allows remote attackers to cause a denial of service via vectors related to XMLRPC response encoding.
48 CVE-2016-4414 DoS 2016-06-13 2018-10-30
5.0
None Remote Low Not required None None Partial
The onReadyRead function in core/coreauthhandler.cpp in Quassel before 0.12.4 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via invalid handshake data.
49 CVE-2016-4348 20 DoS 2016-05-20 2018-10-30
5.0
None Remote Low Not required None None Partial
The _rsvg_css_normalize_font_size function in librsvg 2.40.2 allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via circular definitions in an SVG document.
50 CVE-2016-4049 20 DoS 2016-05-23 2018-10-30
5.0
None Remote Low Not required None None Partial
The bgp_dump_routes_func function in bgpd/bgp_dump.c in Quagga does not perform size checks when dumping data, which might allow remote attackers to cause a denial of service (assertion failure and daemon crash) via a large BGP packet.
Total number of vulnerabilities : 248   Page : 1 (This Page)2 3 4 5
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.