Search Results (Refine Search)
- CPE Product Version: cpe:/o:opensuse:opensuse:12.1
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2006-7246 |
NetworkManager 0.9.x does not pin a certificate's subject to an ESSID when 802.11X authentication is used. Published: January 27, 2020; 10:15:10 AM -0500 |
V3.1: 6.8 MEDIUM V2.0: 3.2 LOW |
CVE-2012-2736 |
In NetworkManager 0.9.2.0, when a new wireless network was created with WPA/WPA2 security in AdHoc mode, it created an open/insecure network. Published: December 26, 2019; 3:15:11 PM -0500 |
V3.1: 4.4 MEDIUM V2.0: 3.3 LOW |
CVE-2016-9959 |
game-music-emu before 0.6.1 allows remote attackers to generate out of bounds 8-bit values. Published: April 12, 2017; 4:59:00 PM -0400 |
V3.0: 7.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2016-9958 |
game-music-emu before 0.6.1 allows remote attackers to write to arbitrary memory locations. Published: April 12, 2017; 4:59:00 PM -0400 |
V3.0: 7.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2016-9957 |
Stack-based buffer overflow in game-music-emu before 0.6.1. Published: April 12, 2017; 4:59:00 PM -0400 |
V3.0: 7.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2011-2198 |
The "insert-blank-characters" capability in caps.c in gnome-terminal (vte) before 0.28.1 allows remote authenticated users to cause a denial of service (CPU and memory consumption and crash) via a crafted file, as demonstrated by a file containing the string "\033[100000000000000000@". Published: May 21, 2014; 10:55:05 AM -0400 |
V3.x:(not available) V2.0: 3.5 LOW |
CVE-2012-1600 |
Multiple cross-site scripting (XSS) vulnerabilities in functions.php in phpPgAdmin before 5.0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) type of a function. Published: May 13, 2014; 8:55:06 PM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2012-0871 |
The session_link_x11_socket function in login/logind-session.c in systemd-logind in systemd, possibly 37 and earlier, allows local users to create or overwrite arbitrary files via a symlink attack on the X11 user directory in /run/user/. Published: April 18, 2014; 10:55:25 AM -0400 |
V3.x:(not available) V2.0: 6.3 MEDIUM |
CVE-2012-2328 |
internal/cimxml/sax/NodeFactory.java in Standards-Based Linux Instrumentation for Manageability (SBLIM) Common Information Model (CIM) Client (aka sblim-cim-client2) before 2.1.12 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted XML file. Published: February 10, 2014; 1:15:09 PM -0500 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2012-1095 |
osc before 0.134 might allow remote OBS repository servers or package maintainers to execute arbitrary commands via a crafted (1) build log or (2) build status that contains an escape sequence for a terminal emulator. Published: February 06, 2014; 12:00:03 PM -0500 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2011-3377 |
The web browser plug-in in IcedTea-Web 1.0.x before 1.0.6 and 1.1.x before 1.1.4 allows remote attackers to bypass the Same Origin Policy (SOP) and execute arbitrary script or establish network connections to unintended hosts via an applet whose origin has the same second-level domain, but a different sub-domain than the targeted domain. Published: February 05, 2014; 2:55:28 PM -0500 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2012-0425 |
LanItems.ycp in save_y2logs in yast2-network before 2.24.4 in SUSE YaST writes cleartext Wi-Fi credentials to the y2log log file, which allows context-dependent attackers to obtain sensitive information by reading the (1) WIRELESS_WPA_PASSWORD or (2) WIRELESS_CLIENT_KEY_PASSWORD field. Published: December 01, 2013; 11:36:26 PM -0500 |
V3.x:(not available) V2.0: 7.8 HIGH |
CVE-2013-0223 |
The SUSE coreutils-i18n.patch for GNU coreutils allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a long string to the join command, when using the -i switch, which triggers a stack-based buffer overflow in the alloca function. Published: November 23, 2013; 1:55:04 PM -0500 |
V3.x:(not available) V2.0: 1.9 LOW |
CVE-2013-0222 |
The SUSE coreutils-i18n.patch for GNU coreutils allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a long string to the uniq command, which triggers a stack-based buffer overflow in the alloca function. Published: November 23, 2013; 1:55:04 PM -0500 |
V3.x:(not available) V2.0: 2.1 LOW |
CVE-2013-0221 |
The SUSE coreutils-i18n.patch for GNU coreutils allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a long string to the sort command, when using the (1) -d or (2) -M switch, which triggers a stack-based buffer overflow in the alloca function. Published: November 23, 2013; 1:55:04 PM -0500 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2013-1362 |
Incomplete blacklist vulnerability in nrpc.c in Nagios Remote Plug-In Executor (NRPE) before 2.14 might allow remote attackers to execute arbitrary shell commands via "$()" shell metacharacters, which are processed by bash. Published: July 09, 2013; 1:55:00 PM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2013-1846 |
The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via a LOCK on an activity URL. Published: May 02, 2013; 10:55:05 AM -0400 |
V3.x:(not available) V2.0: 4.0 MEDIUM |
CVE-2013-1845 |
The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (memory consumption) by (1) setting or (2) deleting a large number of properties for a file or directory. Published: May 02, 2013; 10:55:05 AM -0400 |
V3.x:(not available) V2.0: 2.1 LOW |
CVE-2013-0338 |
libxml2 2.9.0 and earlier allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via an XML file containing an entity declaration with long replacement text and many references to this entity, aka "internal entity expansion" with linear complexity. Published: April 25, 2013; 7:55:01 PM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2013-1416 |
The prep_reprocess_req function in do_tgs_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.5 does not properly perform service-principal realm referral, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted TGS-REQ request. Published: April 19, 2013; 7:44:26 AM -0400 |
V3.x:(not available) V2.0: 4.0 MEDIUM |