Total
1432 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2011-1145 | 4 Debian, Opensuse, Redhat and 1 more | 4 Debian Linux, Opensuse, Enterprise Linux and 1 more | 2023-12-10 | 4.6 MEDIUM | 7.8 HIGH |
The SQLDriverConnect() function in unixODBC before 2.2.14p2 have a possible buffer overflow condition when specifying a large value for SAVEFILE parameter in the connection string. | |||||
CVE-2015-5334 | 2 Openbsd, Opensuse | 2 Libressl, Opensuse | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Off-by-one error in the OBJ_obj2txt function in LibreSSL before 2.3.1 allows remote attackers to cause a denial of service (program crash) or possible execute arbitrary code via a crafted X.509 certificate, which triggers a stack-based buffer overflow. Note: this vulnerability exists because of an incorrect fix for CVE-2014-3508. | |||||
CVE-2014-8179 | 2 Docker, Opensuse | 3 Cs Engine, Docker, Opensuse | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
Docker Engine before 1.8.3 and CS Docker Engine before 1.6.2-CS7 does not properly validate and extract the manifest object from its JSON representation during a pull, which allows attackers to inject new attributes in a JSON object and bypass pull-by-digest validation. | |||||
CVE-2012-2142 | 4 Freedesktop, Opensuse, Redhat and 1 more | 4 Poppler, Opensuse, Enterprise Linux and 1 more | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
The error function in Error.cc in poppler before 0.21.4 allows remote attackers to execute arbitrary commands via a PDF containing an escape sequence for a terminal emulator. | |||||
CVE-2013-3718 | 4 Debian, Gnome, Opensuse and 1 more | 4 Debian Linux, Evince, Opensuse and 1 more | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
evince is missing a check on number of pages which can lead to a segmentation fault | |||||
CVE-2014-2387 | 3 Debian, Opensuse, Pen Project | 3 Debian Linux, Opensuse, Pen | 2023-12-10 | 4.6 MEDIUM | 4.4 MEDIUM |
Pen 0.18.0 has Insecure Temporary File Creation vulnerabilities | |||||
CVE-2013-2625 | 3 Debian, Opensuse, Otrs | 5 Debian Linux, Opensuse, Faq and 2 more | 2023-12-10 | 6.4 MEDIUM | 6.5 MEDIUM |
An Access Bypass issue exists in OTRS Help Desk before 3.2.4, 3.1.14, and 3.0.19, OTRS ITSM before 3.2.3, 3.1.8, and 3.0.7, and FAQ before 2.2.3, 2.1.4, and 2.0.8. Access rights by the object linking mechanism is not verified | |||||
CVE-2015-5333 | 2 Openbsd, Opensuse | 2 Libressl, Opensuse | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
Memory leak in the OBJ_obj2txt function in LibreSSL before 2.3.1 allows remote attackers to cause a denial of service (memory consumption) via a large number of ASN.1 object identifiers in X.509 certificates. | |||||
CVE-2013-6365 | 3 Debian, Horde, Opensuse | 3 Debian Linux, Groupware, Opensuse | 2023-12-10 | 2.6 LOW | 5.3 MEDIUM |
Horde Groupware Web mail 5.1.2 has CSRF with requests to change permissions | |||||
CVE-2013-7370 | 4 Debian, Opensuse, Redhat and 1 more | 4 Debian Linux, Opensuse, Openshift and 1 more | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
node-connect before 2.8.1 has XSS in the Sencha Labs Connect middleware | |||||
CVE-2017-5332 | 5 Canonical, Debian, Icoutils Project and 2 more | 11 Ubuntu Linux, Debian Linux, Icoutils and 8 more | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
The extract_group_icon_cursor_resource in wrestool/extract.c in icoutils before 0.31.1 can access unallocated memory, which allows local users to cause a denial of service (process crash) and execute arbitrary code via a crafted executable. | |||||
CVE-2015-2325 | 4 Mariadb, Opensuse, Pcre and 1 more | 4 Mariadb, Opensuse, Pcre and 1 more | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
The compile_branch function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code, cause a denial of service (out-of-bounds heap read and crash), or possibly have other unspecified impact via a regular expression with a group containing a forward reference repeated a large number of times within a repeated outer group that has a zero minimum quantifier. | |||||
CVE-2012-2736 | 4 Canonical, Debian, Gnome and 1 more | 4 Ubuntu Linux, Debian Linux, Networkmanager and 1 more | 2023-12-10 | 3.3 LOW | 4.4 MEDIUM |
In NetworkManager 0.9.2.0, when a new wireless network was created with WPA/WPA2 security in AdHoc mode, it created an open/insecure network. | |||||
CVE-2014-2030 | 3 Canonical, Imagemagick, Opensuse | 3 Ubuntu Linux, Imagemagick, Opensuse | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
Stack-based buffer overflow in the WritePSDImage function in coders/psd.c in ImageMagick, possibly 6.8.8-5, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PSD image, involving the L%06ld string, a different vulnerability than CVE-2014-1947. | |||||
CVE-2014-3495 | 2 Debian, Opensuse | 3 Debian Linux, Duplicity, Opensuse | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
duplicity 0.6.24 has improper verification of SSL certificates | |||||
CVE-2014-1958 | 3 Canonical, Imagemagick, Opensuse | 3 Ubuntu Linux, Imagemagick, Opensuse | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
Buffer overflow in the DecodePSDPixels function in coders/psd.c in ImageMagick before 6.8.8-5 might allow remote attackers to execute arbitrary code via a crafted PSD image, involving the L%06ld string, a different vulnerability than CVE-2014-2030. | |||||
CVE-2016-4983 | 3 Dovecot, Opensuse, Redhat | 4 Dovecot, Leap, Opensuse and 1 more | 2023-12-10 | 2.1 LOW | 3.3 LOW |
A postinstall script in the dovecot rpm allows local users to read the contents of newly created SSL/TLS key files. | |||||
CVE-2006-7246 | 3 Gnome, Opensuse, Suse | 4 Networkmanager, Opensuse, Linux Enterprise Desktop and 1 more | 2023-12-10 | 3.2 LOW | 6.8 MEDIUM |
NetworkManager 0.9.x does not pin a certificate's subject to an ESSID when 802.11X authentication is used. | |||||
CVE-2010-4661 | 5 Debian, Fedoraproject, Opensuse and 2 more | 5 Debian Linux, Fedora, Opensuse and 2 more | 2023-12-10 | 4.6 MEDIUM | 7.8 HIGH |
udisks before 1.0.3 allows a local user to load arbitrary Linux kernel modules. | |||||
CVE-2011-1489 | 3 Debian, Opensuse, Rsyslog | 3 Debian Linux, Opensuse, Rsyslog | 2023-12-10 | 2.1 LOW | 5.5 MEDIUM |
A memory leak in rsyslog before 5.7.6 was found in the way deamon processed log messages were logged when multiple rulesets were used and some output batches contained messages belonging to more than one ruleset. A local attacker could cause denial of the rsyslogd daemon service via a log message belonging to more than one ruleset. |