National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • CPE Product Version: cpe:/o:opensuse:opensuse:13.1
There are 536 matching records.
Displaying matches 1 through 20.
Vuln ID Summary CVSS Severity
CVE-2015-2326

The pcre_compile2 function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code and cause a denial of service (out-of-bounds read) via regular expression with a group containing both a forward referencing subroutine call and a recursive back reference, as demonstrated by "((?+1)(\1))/".

Published: January 14, 2020; 12:15:12 PM -05:00
V3.1: 5.5 MEDIUM
    V2: 4.3 MEDIUM
CVE-2015-2325

The compile_branch function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code, cause a denial of service (out-of-bounds heap read and crash), or possibly have other unspecified impact via a regular expression with a group containing a forward reference repeated a large number of times within a repeated outer group that has a zero minimum quantifier.

Published: January 14, 2020; 12:15:12 PM -05:00
V3.1: 7.8 HIGH
    V2: 6.8 MEDIUM
CVE-2014-3495

duplicity 0.6.24 has improper verification of SSL certificates

Published: December 13, 2019; 09:15:12 AM -05:00
V3.1: 7.5 HIGH
    V2: 5.0 MEDIUM
CVE-2014-2387

Pen 0.18.0 has Insecure Temporary File Creation vulnerabilities

Published: December 13, 2019; 09:15:11 AM -05:00
V3.1: 4.4 MEDIUM
    V2: 4.6 MEDIUM
CVE-2013-7370

node-connect before 2.8.1 has XSS in the Sencha Labs Connect middleware

Published: December 11, 2019; 09:15:09 AM -05:00
V3.1: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2012-6655

An issue exists AccountService 0.6.37 in the user_change_password_authorized_cb() function in user.c which could let a local users obtain encrypted passwords.

Published: November 27, 2019; 01:15:11 PM -05:00
V3.1: 3.3 LOW
    V2: 2.1 LOW
CVE-2013-6365

Horde Groupware Web mail 5.1.2 has CSRF with requests to change permissions

Published: November 05, 2019; 09:15:13 AM -05:00
V3.1: 5.3 MEDIUM
    V2: 2.6 LOW
CVE-2013-3718

evince is missing a check on number of pages which can lead to a segmentation fault

Published: November 01, 2019; 09:15:11 AM -04:00
V3.1: 5.5 MEDIUM
    V2: 4.3 MEDIUM
CVE-2014-0158

Heap-based buffer overflow in the JPEG2000 image tile decoder in OpenJPEG before 1.5.2 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file because of incorrect j2k_decode, j2k_read_eoc, and tcd_decode_tile interaction, a related issue to CVE-2013-6045. NOTE: this is not a duplicate of CVE-2013-1447, because the scope of CVE-2013-1447 was specifically defined in http://openwall.com/lists/oss-security/2013/12/04/6 as only "null pointer dereferences, division by zero, and anything that would just fit as DoS."

Published: April 10, 2018; 11:29:00 AM -04:00
V3.0: 8.8 HIGH
    V2: 6.8 MEDIUM
CVE-2016-5314

Buffer overflow in the PixarLogDecode function in tif_pixarlog.c in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted TIFF image, as demonstrated by overwriting the vgetparent function pointer with rgb2ycbcr.

Published: March 11, 2018; 10:29:00 PM -04:00
V3.0: 8.8 HIGH
    V2: 6.8 MEDIUM
CVE-2014-4616

Array index error in the scanstring function in the _json module in Python 2.7 through 3.5 and simplejson before 2.6.1 allows context-dependent attackers to read arbitrary process memory via a negative index value in the idx argument to the raw_decode function.

Published: August 24, 2017; 04:29:00 PM -04:00
V3.0: 5.9 MEDIUM
    V2: 4.3 MEDIUM
CVE-2015-5203

Double free vulnerability in the jasper_image_stop_load function in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via a crafted JPEG 2000 image file.

Published: August 02, 2017; 03:29:00 PM -04:00
V3.0: 5.5 MEDIUM
    V2: 4.3 MEDIUM
CVE-2015-5221

Use-after-free vulnerability in the mif_process_cmpt function in libjasper/mif/mif_cod.c in the JasPer JPEG-2000 library before 1.900.2 allows remote attackers to cause a denial of service (crash) via a crafted JPEG 2000 image file.

Published: July 25, 2017; 02:29:00 PM -04:00
V3.0: 5.5 MEDIUM
    V2: 4.3 MEDIUM
CVE-2014-8127

LibTIFF 4.0.3 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted TIFF image to the (1) checkInkNamesString function in tif_dir.c in the thumbnail tool, (2) compresscontig function in tiff2bw.c in the tiff2bw tool, (3) putcontig8bitCIELab function in tif_getimage.c in the tiff2rgba tool, LZWPreDecode function in tif_lzw.c in the (4) tiff2ps or (5) tiffdither tool, (6) NeXTDecode function in tif_next.c in the tiffmedian tool, or (7) TIFFWriteDirectoryTagLongLong8Array function in tif_dirwrite.c in the tiffset tool.

Published: June 26, 2017; 11:29:00 AM -04:00
V3.0: 6.5 MEDIUM
    V2: 4.3 MEDIUM
CVE-2016-4068

Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 1.0.9 and 1.1.x before 1.1.5 allows remote attackers to inject arbitrary web script or HTML via a crafted SVG, a different vulnerability than CVE-2015-8864.

Published: April 13, 2017; 10:59:01 AM -04:00
V3.0: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2015-8864

Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 1.0.9 and 1.1.x before 1.1.5 allows remote attackers to inject arbitrary web script or HTML via a crafted SVG, a different vulnerability than CVE-2016-4068.

Published: April 13, 2017; 10:59:01 AM -04:00
V3.0: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2014-9114

Blkid in util-linux before 2.26rc-1 allows local users to execute arbitrary code.

Published: March 31, 2017; 12:59:00 PM -04:00
V3.0: 7.8 HIGH
    V2: 7.2 HIGH
CVE-2016-5321

The DumpModeDecode function in libtiff 4.0.6 and earlier allows attackers to cause a denial of service (invalid read and crash) via a crafted tiff image.

Published: January 20, 2017; 10:59:00 AM -05:00
V3.0: 6.5 MEDIUM
    V2: 4.3 MEDIUM
CVE-2016-5317

Buffer overflow in the PixarLogDecode function in libtiff.so in the PixarLogDecode function in libtiff 4.0.6 and earlier, as used in GNOME nautilus, allows attackers to cause a denial of service attack (crash) via a crafted TIFF file.

Published: January 20, 2017; 10:59:00 AM -05:00
V3.0: 6.5 MEDIUM
    V2: 4.3 MEDIUM
CVE-2016-5316

Out-of-bounds read in the PixarLogCleanup function in tif_pixarlog.c in libtiff 4.0.6 and earlier allows remote attackers to crash the application by sending a crafted TIFF image to the rgb2ycbcr tool.

Published: January 20, 2017; 10:59:00 AM -05:00
V3.0: 6.5 MEDIUM
    V2: 4.3 MEDIUM