Vulnerabilities (CVE)

Filtered by vendor Opensuse Subscribe
Filtered by product Opensuse
Total 1465 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2013-3793 6 Canonical, Debian, Mariadb and 3 more 9 Ubuntu Linux, Debian Linux, Mariadb and 6 more 2024-02-28 4.0 MEDIUM N/A
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Data Manipulation Language.
CVE-2013-5029 2 Opensuse, Phpmyadmin 2 Opensuse, Phpmyadmin 2024-02-28 4.3 MEDIUM N/A
phpMyAdmin 3.5.x and 4.0.x before 4.0.5 allows remote attackers to bypass the clickjacking protection mechanism via certain vectors related to Header.class.php.
CVE-2013-1862 5 Apache, Canonical, Opensuse and 2 more 11 Http Server, Ubuntu Linux, Opensuse and 8 more 2024-02-28 5.1 MEDIUM N/A
mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator.
CVE-2012-2886 2 Google, Opensuse 2 Chrome, Opensuse 2024-02-28 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Google Chrome before 22.0.1229.79 allows remote attackers to inject arbitrary web script or HTML via vectors related to the Google V8 bindings, aka "Universal XSS (UXSS)."
CVE-2013-3804 6 Canonical, Debian, Mariadb and 3 more 8 Ubuntu Linux, Debian Linux, Mariadb and 5 more 2024-02-28 4.0 MEDIUM N/A
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.
CVE-2013-4077 3 Debian, Opensuse, Wireshark 3 Debian Linux, Opensuse, Wireshark 2024-02-28 5.0 MEDIUM N/A
Array index error in the NBAP dissector in Wireshark 1.8.x before 1.8.8 allows remote attackers to cause a denial of service (application crash) via a crafted packet, related to nbap.cnf and packet-nbap.c.
CVE-2013-5018 2 Opensuse, Strongswan 2 Opensuse, Strongswan 2024-02-28 4.3 MEDIUM N/A
The is_asn1 function in strongSwan 4.1.11 through 5.0.4 does not properly validate the return value of the asn1_length function, which allows remote attackers to cause a denial of service (segmentation fault) via a (1) XAuth username, (2) EAP identity, or (3) PEM encoded file that starts with a 0x04, 0x30, or 0x31 character followed by an ASN.1 length value that triggers an integer overflow.
CVE-2012-6093 3 Canonical, Opensuse, Qt 3 Ubuntu Linux, Opensuse, Qt 2024-02-28 4.3 MEDIUM N/A
The QSslSocket::sslErrors function in Qt before 4.6.5, 4.7.x before 4.7.6, 4.8.x before 4.8.5, when using certain versions of openSSL, uses an "incompatible structure layout" that can read memory from the wrong location, which causes Qt to report an incorrect error when certificate validation fails and might cause users to make unsafe security decisions to accept a certificate.
CVE-2013-0834 2 Google, Opensuse 2 Chrome, Opensuse 2024-02-28 5.0 MEDIUM N/A
Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service (out-of-bounds read) via vectors involving glyphs.
CVE-2013-4365 4 Apache, Debian, Opensuse and 1 more 6 Http Server, Mod Fcgid, Debian Linux and 3 more 2024-02-28 7.5 HIGH N/A
Heap-based buffer overflow in the fcgid_header_bucket_read function in fcgid_bucket.c in the mod_fcgid module before 2.3.9 for the Apache HTTP Server allows remote attackers to have an unspecified impact via unknown vectors.
CVE-2013-3562 3 Debian, Opensuse, Wireshark 3 Debian Linux, Opensuse, Wireshark 2024-02-28 5.0 MEDIUM N/A
Multiple integer signedness errors in the tvb_unmasked function in epan/dissectors/packet-websocket.c in the Websocket dissector in Wireshark 1.8.x before 1.8.7 allow remote attackers to cause a denial of service (application crash) via a malformed packet.
CVE-2012-5145 2 Google, Opensuse 2 Chrome, Opensuse 2024-02-28 7.5 HIGH N/A
Use-after-free vulnerability in Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to SVG layout.
CVE-2013-5589 3 Cacti, Debian, Opensuse 3 Cacti, Debian Linux, Opensuse 2024-02-28 7.5 HIGH N/A
SQL injection vulnerability in cacti/host.php in Cacti 0.8.8b and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2013-1090 1 Opensuse 1 Opensuse 2024-02-28 7.2 HIGH N/A
The SUSE horde5 package before 5.0.2-2.4.1 sets incorrect ownership for certain configuration files and directories including /etc/apache2/vhosts.d, which allows local wwwrun users to gain privileges via unspecified vectors.
CVE-2012-2039 8 Adobe, Apple, Google and 5 more 13 Air, Flash Player, Macos and 10 more 2024-02-28 9.3 HIGH N/A
Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on Windows and Mac OS X; before 10.3.183.20 and 11.x before 11.2.202.236 on Linux; before 11.1.111.10 on Android 2.x and 3.x; and before 11.1.115.9 on Android 4.x, and Adobe AIR before 3.3.0.3610, allows attackers to execute arbitrary code or cause a denial of service (NULL pointer dereference) via unspecified vectors.
CVE-2012-2872 2 Google, Opensuse 2 Chrome, Opensuse 2024-02-28 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in an SSL interstitial page in Google Chrome before 21.0.1180.89 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2013-6858 3 Canonical, Openstack, Opensuse 3 Ubuntu Linux, Horizon, Opensuse 2024-02-28 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in OpenStack Dashboard (Horizon) 2013.2 and earlier allow local users to inject arbitrary web script or HTML via an instance name to (1) "Volumes" or (2) "Network Topology" page.
CVE-2013-3801 4 Mariadb, Opensuse, Oracle and 1 more 6 Mariadb, Opensuse, Mysql and 3 more 2024-02-28 5.0 MEDIUM N/A
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.30 and earlier and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Server Options.
CVE-2013-3328 8 Adobe, Apple, Google and 5 more 14 Adobe Air, Adobe Air Sdk, Flash Player and 11 more 2024-02-28 10.0 HIGH N/A
Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x; Adobe AIR before 3.7.0.1860; and Adobe AIR SDK & Compiler before 3.7.0.1860 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2728, CVE-2013-3324, CVE-2013-3325, CVE-2013-3326, CVE-2013-3327, CVE-2013-3329, CVE-2013-3330, CVE-2013-3331, CVE-2013-3332, CVE-2013-3333, CVE-2013-3334, and CVE-2013-3335.
CVE-2013-4389 3 Debian, Opensuse, Rubyonrails 3 Debian Linux, Opensuse, Rails 2024-02-28 4.3 MEDIUM N/A
Multiple format string vulnerabilities in log_subscriber.rb files in the log subscriber component in Action Mailer in Ruby on Rails 3.x before 3.2.15 allow remote attackers to cause a denial of service via a crafted e-mail address that is improperly handled during construction of a log message.