Search Results (Refine Search)
- CPE Product Version: cpe:/o:opensuse:opensuse:12.2
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2013-5610 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 26.0 and SeaMonkey before 2.23 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Published: December 11, 2013; 10:55:07 AM -0500 |
V3.x:(not available) V2.0: 10.0 HIGH |
CVE-2013-5609 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Published: December 11, 2013; 10:55:07 AM -0500 |
V3.1: 9.8 CRITICAL V2.0: 10.0 HIGH |
CVE-2013-6712 |
The scan function in ext/date/lib/parse_iso_intervals.c in PHP through 5.5.6 does not properly restrict creation of DateInterval objects, which might allow remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted interval specification. Published: November 27, 2013; 11:37:39 PM -0500 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2013-4547 |
nginx 0.8.41 through 1.4.3 and 1.5.x before 1.5.7 allows remote attackers to bypass intended restrictions via an unescaped space character in a URI. Published: November 23, 2013; 1:55:04 PM -0500 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2013-0223 |
The SUSE coreutils-i18n.patch for GNU coreutils allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a long string to the join command, when using the -i switch, which triggers a stack-based buffer overflow in the alloca function. Published: November 23, 2013; 1:55:04 PM -0500 |
V3.x:(not available) V2.0: 1.9 LOW |
CVE-2013-0222 |
The SUSE coreutils-i18n.patch for GNU coreutils allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a long string to the uniq command, which triggers a stack-based buffer overflow in the alloca function. Published: November 23, 2013; 1:55:04 PM -0500 |
V3.x:(not available) V2.0: 2.1 LOW |
CVE-2013-0221 |
The SUSE coreutils-i18n.patch for GNU coreutils allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a long string to the sort command, when using the (1) -d or (2) -M switch, which triggers a stack-based buffer overflow in the alloca function. Published: November 23, 2013; 1:55:04 PM -0500 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2013-4559 |
lighttpd before 1.4.33 does not check the return value of the (1) setuid, (2) setgid, or (3) setgroups functions, which might cause lighttpd to run as root if it is restarted and allows remote attackers to gain privileges, as demonstrated by multiple calls to the clone function that cause setuid to fail when the user process limit is reached. Published: November 20, 2013; 9:12:30 AM -0500 |
V3.x:(not available) V2.0: 7.6 HIGH |
CVE-2013-4560 |
Use-after-free vulnerability in lighttpd before 1.4.33 allows remote attackers to cause a denial of service (segmentation fault and crash) via unspecified vectors that trigger FAMMonitorDirectory failures. Published: November 20, 2013; 9:12:30 AM -0500 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2013-6629 |
The get_sos function in jdmarker.c in (1) libjpeg 6b and (2) libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48, Ghostscript, and other products, does not check for certain duplications of component data during the reading of segments that follow Start Of Scan (SOS) JPEG markers, which allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted JPEG image. Published: November 18, 2013; 11:50:56 PM -0500 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2013-1418 |
The setup_server_realm function in main.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.7, when multiple realms are configured, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request. Published: November 17, 2013; 10:55:05 PM -0500 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2013-6621 |
Use-after-free vulnerability in Google Chrome before 31.0.1650.48 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the x-webkit-speech attribute in a text INPUT element. Published: November 13, 2013; 10:55:04 AM -0500 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2013-4508 |
lighttpd before 1.4.34, when SNI is enabled, configures weak SSL ciphers, which makes it easier for remote attackers to hijack sessions by inserting packets into the client-server data stream or obtain sensitive information by sniffing the network. Published: November 07, 2013; 11:47:22 PM -0500 |
V3.1: 7.5 HIGH V2.0: 4.3 MEDIUM |
CVE-2013-2065 |
(1) DL and (2) Fiddle in Ruby 1.9 before 1.9.3 patchlevel 426, and 2.0 before 2.0.0 patchlevel 195, do not perform taint checking for native functions, which allows context-dependent attackers to bypass intended $SAFE level restrictions. Published: November 02, 2013; 3:55:04 PM -0400 |
V3.x:(not available) V2.0: 6.4 MEDIUM |
CVE-2013-4365 |
Heap-based buffer overflow in the fcgid_header_bucket_read function in fcgid_bucket.c in the mod_fcgid module before 2.3.9 for the Apache HTTP Server allows remote attackers to have an unspecified impact via unknown vectors. Published: October 17, 2013; 7:55:04 PM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2013-2190 |
The translate_hierarchy_event function in x11/clutter-device-manager-xi2.c in Clutter, when resuming the system, does not properly handle XIQueryDevice errors when a device has "disappeared," which causes the gnome-shell to crash and allows physically proximate attackers to access the previous gnome-shell session via unspecified vectors. Published: October 17, 2013; 7:55:04 PM -0400 |
V3.x:(not available) V2.0: 2.1 LOW |
CVE-2013-4389 |
Multiple format string vulnerabilities in log_subscriber.rb files in the log subscriber component in Action Mailer in Ruby on Rails 3.x before 3.2.15 allow remote attackers to cause a denial of service via a crafted e-mail address that is improperly handled during construction of a log message. Published: October 16, 2013; 8:55:03 PM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2013-2927 |
Use-after-free vulnerability in the HTMLFormElement::prepareForSubmission function in core/html/HTMLFormElement.cpp in Blink, as used in Google Chrome before 30.0.1599.101, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to submission for FORM elements. Published: October 16, 2013; 4:55:06 PM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2013-4288 |
Race condition in PolicyKit (aka polkit) allows local users to bypass intended PolicyKit restrictions and gain privileges by starting a setuid or pkexec process before the authorization check is performed, related to (1) the polkit_unix_process_new API function, (2) the dbus API, or (3) the --process (unix-process) option for authorization to pkcheck. Published: October 03, 2013; 5:55:04 PM -0400 |
V3.x:(not available) V2.0: 7.2 HIGH |
CVE-2013-2919 |
Google V8, as used in Google Chrome before 30.0.1599.66, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. Published: October 02, 2013; 6:35:35 AM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |