Total
1434 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-2554 | 2 Opensuse, Otrs | 2 Opensuse, Otrs | 2018-10-30 | 4.3 MEDIUM | N/A |
| OTRS 3.1.x before 3.1.21, 3.2.x before 3.2.16, and 3.3.x before 3.3.6 allows remote attackers to conduct clickjacking attacks via an IFRAME element. | |||||
| CVE-2014-0482 | 2 Djangoproject, Opensuse | 2 Django, Opensuse | 2018-10-30 | 6.0 MEDIUM | N/A |
| The contrib.auth.middleware.RemoteUserMiddleware middleware in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3, when using the contrib.auth.backends.RemoteUserBackend backend, allows remote authenticated users to hijack web sessions via vectors related to the REMOTE_USER header. | |||||
| CVE-2013-3713 | 1 Opensuse | 1 Opensuse | 2018-10-30 | 4.4 MEDIUM | N/A |
| The image creation configuration in aaa_base before 16.26.1 for openSUSE 13.1 KDE adds the root user to the "users" group when installing from a live image, which allows local users to obtain sensitive information and possibly have other unspecified impacts, as demonstrated by reading /etc/shadow. | |||||
| CVE-2014-3522 | 4 Apache, Apple, Canonical and 1 more | 4 Subversion, Xcode, Ubuntu Linux and 1 more | 2018-10-30 | 4.0 MEDIUM | N/A |
| The Serf RA layer in Apache Subversion 1.4.0 through 1.7.x before 1.7.18 and 1.8.x before 1.8.10 does not properly handle wildcards in the Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof servers via a crafted certificate. | |||||
| CVE-2013-6650 | 3 Debian, Google, Opensuse | 3 Debian Linux, Chrome, Opensuse | 2018-10-30 | 7.5 HIGH | N/A |
| The StoreBuffer::ExemptPopularPages function in store-buffer.cc in Google V8 before 3.22.24.16, as used in Google Chrome before 32.0.1700.102, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via vectors that trigger incorrect handling of "popular pages." | |||||
| CVE-2014-2893 | 2 Llvm, Opensuse | 2 Clang, Opensuse | 2018-10-30 | 1.9 LOW | N/A |
| The GetHTMLRunDir function in the scan-build utility in Clang 3.5 and earlier allows local users to obtain sensitive information or overwrite arbitrary files via a symlink attack on temporary directories with predictable names. | |||||
| CVE-2014-2576 | 2 Claws-mail, Opensuse | 2 Claws-mail, Opensuse | 2018-10-30 | 6.8 MEDIUM | N/A |
| plugins/rssyl/feed.c in Claws Mail before 3.10.0 disables the CURLOPT_SSL_VERIFYHOST check for CN or SAN host name fields, which makes it easier for remote attackers to spoof servers and conduct man-in-the-middle (MITM) attacks. | |||||
| CVE-2014-6300 | 2 Opensuse, Phpmyadmin | 2 Opensuse, Phpmyadmin | 2018-10-30 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the micro history implementation in phpMyAdmin 4.0.x before 4.0.10.3, 4.1.x before 4.1.14.4, and 4.2.x before 4.2.8.1 allows remote attackers to inject arbitrary web script or HTML, and consequently conduct a cross-site request forgery (CSRF) attack to create a root account, via a crafted URL, related to js/ajax.js. | |||||
| CVE-2013-4487 | 2 Gnu, Opensuse | 2 Gnutls, Opensuse | 2018-10-30 | 5.0 MEDIUM | N/A |
| Off-by-one error in the dane_raw_tlsa in the DANE library (libdane) in GnuTLS 3.1.x before 3.1.16 and 3.2.x before 3.2.6 allows remote servers to cause a denial of service (memory corruption) via a response with more than four DANE entries. NOTE: this issue is due to an incomplete fix for CVE-2013-4466. | |||||
| CVE-2014-0019 | 3 Dest-unreach, Fedoraproject, Opensuse | 3 Socat, Fedora, Opensuse | 2018-10-30 | 1.9 LOW | N/A |
| Stack-based buffer overflow in socat 1.3.0.0 through 1.7.2.2 and 2.0.0-b1 through 2.0.0-b6 allows local users to cause a denial of service (segmentation fault) via a long server name in the PROXY-CONNECT address in the command line. | |||||
| CVE-2014-3528 | 5 Apache, Apple, Canonical and 2 more | 9 Subversion, Xcode, Ubuntu Linux and 6 more | 2018-10-30 | 4.0 MEDIUM | N/A |
| Apache Subversion 1.0.0 through 1.7.x before 1.7.17 and 1.8.x before 1.8.10 uses an MD5 hash of the URL and authentication realm to store cached credentials, which makes it easier for remote servers to obtain the credentials via a crafted authentication realm. | |||||
| CVE-2014-0187 | 3 Canonical, Openstack, Opensuse | 3 Ubuntu Linux, Neutron, Opensuse | 2018-10-30 | 9.0 HIGH | N/A |
| The openvswitch-agent process in OpenStack Neutron 2013.1 before 2013.2.4 and 2014.1 before 2014.1.1 allows remote authenticated users to bypass security group restrictions via an invalid CIDR in a security group rule, which prevents further rules from being applied. | |||||
| CVE-2016-3125 | 3 Fedoraproject, Opensuse, Proftpd | 3 Fedora, Opensuse, Proftpd | 2018-10-30 | 5.0 MEDIUM | 7.5 HIGH |
| The mod_tls module in ProFTPD before 1.3.5b and 1.3.6 before 1.3.6rc2 does not properly handle the TLSDHParamFile directive, which might cause a weaker than intended Diffie-Hellman (DH) key to be used and consequently allow attackers to have unspecified impact via unknown vectors. | |||||
| CVE-2015-0295 | 3 Digia, Fedoraproject, Opensuse | 3 Qt, Fedora, Opensuse | 2018-10-30 | 5.0 MEDIUM | N/A |
| The BMP decoder in QtGui in QT before 5.5 does not properly calculate the masks used to extract the color components, which allows remote attackers to cause a denial of service (divide-by-zero and crash) via a crafted BMP file. | |||||
| CVE-2014-1553 | 2 Mozilla, Opensuse | 5 Firefox, Firefox Esr, Thunderbird and 2 more | 2018-10-30 | 10.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 32.0, Firefox ESR 31.x before 31.1, and Thunderbird 31.x before 31.1 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | |||||
| CVE-2014-7155 | 4 Debian, Fedoraproject, Opensuse and 1 more | 4 Debian Linux, Fedora, Opensuse and 1 more | 2018-10-30 | 5.8 MEDIUM | N/A |
| The x86_emulate function in arch/x86/x86_emulate/x86_emulate.c in Xen 4.4.x and earlier does not properly check supervisor mode permissions, which allows local HVM users to cause a denial of service (guest crash) or gain guest kernel mode privileges via vectors involving an (1) HLT, (2) LGDT, (3) LIDT, or (4) LMSW instruction. | |||||
| CVE-2014-8600 | 3 Kde, Opensuse, Urs Wolfer | 4 Kde-runtime, Kio-extras, Opensuse and 1 more | 2018-10-30 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in KDE-Runtime 4.14.3 and earlier, kwebkitpart 1.3.4 and earlier, and kio-extras 5.1.1 and earlier allow remote attackers to inject arbitrary web script or HTML via a crafted URI using the (1) zip, (2) trash, (3) tar, (4) thumbnail, (5) smtps, (6) smtp, (7) smb, (8) remote, (9) recentdocuments, (10) nntps, (11) nntp, (12) network, (13) mbox, (14) ldaps, (15) ldap, (16) fonts, (17) file, (18) desktop, (19) cgi, (20) bookmarks, or (21) ar scheme, which is not properly handled in an error message. | |||||
| CVE-2014-1838 | 2 Logilab, Opensuse | 2 Logilab-common, Opensuse | 2018-10-30 | 4.4 MEDIUM | N/A |
| The (1) extract_keys_from_pdf and (2) fill_pdf functions in pdf_ext.py in logilab-commons before 0.61.0 allows local users to overwrite arbitrary files and possibly have other unspecified impact via a symlink attack on /tmp/toto.fdf. | |||||
| CVE-2014-2528 | 2 Kdirstat Project, Opensuse | 2 Kdirstat, Opensuse | 2018-10-30 | 6.8 MEDIUM | N/A |
| kcleanup.cpp in KDirStat 2.7.3 does not properly quote strings when deleting a directory, which allows remote attackers to execute arbitrary commands via a ' (single quote) character in the directory name, a different vulnerability than CVE-2014-2527. | |||||
| CVE-2014-1830 | 2 Opensuse, Python | 2 Opensuse, Requests | 2018-10-30 | 5.0 MEDIUM | N/A |
| Requests (aka python-requests) before 2.3.0 allows remote servers to obtain sensitive information by reading the Proxy-Authorization header in a redirected request. | |||||