本頁列出影響 opensuse opensuse 的已公開 CVE 漏洞(透過 NVD CPE 關聯)。每列包含嚴重程度評分、摘要與發布日期,便於識別與分析安全議題。
| CVE | 摘要 | 來源 | 最高 CVSS | EPSS % | 公開時間 | 更新時間 |
|---|---|---|---|---|---|---|
| CVE-2013-2637 | A Cross-Site Scripting (XSS) Vulnerability exists in OTRS ITSM prior to 3.2.4, 3.1.8, and 3.0.7 and FAQ prior to 2.1.4 and 2.0.8 via changes, workorder items, and FAQ articles, which could let a remote malicious user execute arbitrary code. | [email protected] | 6.1 | 1.43% | 2020-02-12 | 2024-11-21 |
| CVE-2014-2030 | Stack-based buffer overflow in the WritePSDImage function in coders/psd.c in ImageMagick, possibly 6.8.8-5, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PSD image, involving the L%06ld string, a different vulnerability than CVE-2014-1947. | [email protected] | 8.8 | 16.41% | 2020-02-06 | 2024-11-21 |
| CVE-2014-1958 | Buffer overflow in the DecodePSDPixels function in coders/psd.c in ImageMagick before 6.8.8-5 might allow remote attackers to execute arbitrary code via a crafted PSD image, involving the L%06ld string, a different vulnerability than CVE-2014-2030. | [email protected] | 8.8 | 1.24% | 2020-02-06 | 2024-11-21 |
| CVE-2013-3565 | Multiple cross-site scripting (XSS) vulnerabilities in the HTTP Interface in VideoLAN VLC Media Player before 2.0.7 allow remote attackers to inject arbitrary web script or HTML via the (1) command parameter to requests/vlm_cmd.xml, (2) dir parameter to requests/browse.xml, or (3) URI in a request, which is returned in an error message through share/lua/intf/http.lua. | [email protected] | 6.1 | 0.28% | 2020-01-31 | 2024-11-21 |
| CVE-2006-7246 | NetworkManager 0.9.x does not pin a certificate's subject to an ESSID when 802.11X authentication is used. | [email protected] | 6.8 | 0.14% | 2020-01-27 | 2024-11-21 |
| CVE-2015-5333 | Memory leak in the OBJ_obj2txt function in LibreSSL before 2.3.1 allows remote attackers to cause a denial of service (memory consumption) via a large number of ASN.1 object identifiers in X.509 certificates. | [email protected] | 7.5 | 2.09% | 2020-01-23 | 2024-11-21 |
| CVE-2015-5334 | Off-by-one error in the OBJ_obj2txt function in LibreSSL before 2.3.1 allows remote attackers to cause a denial of service (program crash) or possible execute arbitrary code via a crafted X.509 certificate, which triggers a stack-based buffer overflow. Note: this vulnerability exists because of an incorrect fix for CVE-2014-3508. | [email protected] | 9.8 | 9.91% | 2020-01-23 | 2024-11-21 |
| CVE-2015-2326 | The pcre_compile2 function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code and cause a denial of service (out-of-bounds read) via regular expression with a group containing both a forward referencing subroutine call and a recursive back reference, as demonstrated by "((?+1)(\1))/". | [email protected] | 5.5 | 0.59% | 2020-01-14 | 2024-11-21 |
| CVE-2015-2325 | The compile_branch function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code, cause a denial of service (out-of-bounds heap read and crash), or possibly have other unspecified impact via a regular expression with a group containing a forward reference repeated a large number of times within a repeated outer group that has a zero minimum quantifier. | [email protected] | 7.8 | 0.47% | 2020-01-14 | 2024-11-21 |
| CVE-2012-2142 | The error function in Error.cc in poppler before 0.21.4 allows remote attackers to execute arbitrary commands via a PDF containing an escape sequence for a terminal emulator. | [email protected] | 7.8 | 0.40% | 2020-01-09 | 2024-11-21 |
| CVE-2012-2736 | In NetworkManager 0.9.2.0, when a new wireless network was created with WPA/WPA2 security in AdHoc mode, it created an open/insecure network. | [email protected] | 4.4 | 0.05% | 2019-12-26 | 2024-11-21 |
| CVE-2014-8179 | Docker Engine before 1.8.3 and CS Docker Engine before 1.6.2-CS7 does not properly validate and extract the manifest object from its JSON representation during a pull, which allows attackers to inject new attributes in a JSON object and bypass pull-by-digest validation. | [email protected] | 7.5 | 1.60% | 2019-12-17 | 2024-11-21 |
| CVE-2014-8178 | Docker Engine before 1.8.3 and CS Docker Engine before 1.6.2-CS7 do not use a globally unique identifier to store image layers, which makes it easier for attackers to poison the image cache via a crafted image in pull or push commands. | [email protected] | 5.5 | 0.27% | 2019-12-17 | 2024-11-21 |
| CVE-2014-3495 | duplicity 0.6.24 has improper verification of SSL certificates | [email protected] | 7.5 | 0.28% | 2019-12-13 | 2024-11-21 |
| CVE-2014-2387 | Pen 0.18.0 has Insecure Temporary File Creation vulnerabilities | [email protected] | 4.4 | 0.06% | 2019-12-13 | 2024-11-21 |
| CVE-2013-7370 | node-connect before 2.8.1 has XSS in the Sencha Labs Connect middleware | [email protected] | 6.1 | 1.08% | 2019-12-11 | 2024-11-21 |
| CVE-2016-1000104 | A security Bypass vulnerability exists in the FcgidPassHeader Proxy in mod_fcgid through 2016-07-07. | [email protected] | 8.8 | 0.41% | 2019-12-03 | 2024-11-21 |
| CVE-2013-2625 | An Access Bypass issue exists in OTRS Help Desk before 3.2.4, 3.1.14, and 3.0.19, OTRS ITSM before 3.2.3, 3.1.8, and 3.0.7, and FAQ before 2.2.3, 2.1.4, and 2.0.8. Access rights by the object linking mechanism is not verified | [email protected] | 6.5 | 0.18% | 2019-11-27 | 2024-11-21 |
| CVE-2012-6655 | An issue exists AccountService 0.6.37 in the user_change_password_authorized_cb() function in user.c which could let a local users obtain encrypted passwords. | [email protected] | 3.3 | 0.03% | 2019-11-27 | 2024-11-21 |
| CVE-2011-1588 | Thunar before 1.3.1 could crash when copy and pasting a file name with % format characters due to a format string error. | [email protected] | 7.8 | 0.32% | 2019-11-14 | 2024-11-21 |