Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:o:opensuse:opensuse:12.1:*:*:*:*:*:*:*
There are 226 matching records.
Displaying matches 1 through 20.
Vuln ID Summary CVSS Severity
CVE-2006-7246

NetworkManager 0.9.x does not pin a certificate's subject to an ESSID when 802.11X authentication is used.

Published: January 27, 2020; 10:15:10 AM -0500
V3.1: 6.8 MEDIUM
V2.0: 3.2 LOW
CVE-2012-2736

In NetworkManager 0.9.2.0, when a new wireless network was created with WPA/WPA2 security in AdHoc mode, it created an open/insecure network.

Published: December 26, 2019; 3:15:11 PM -0500
V3.1: 4.4 MEDIUM
V2.0: 3.3 LOW
CVE-2016-9959

game-music-emu before 0.6.1 allows remote attackers to generate out of bounds 8-bit values.

Published: April 12, 2017; 4:59:00 PM -0400
V3.0: 7.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2016-9958

game-music-emu before 0.6.1 allows remote attackers to write to arbitrary memory locations.

Published: April 12, 2017; 4:59:00 PM -0400
V3.0: 7.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2016-9957

Stack-based buffer overflow in game-music-emu before 0.6.1.

Published: April 12, 2017; 4:59:00 PM -0400
V3.0: 7.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2011-2198

The "insert-blank-characters" capability in caps.c in gnome-terminal (vte) before 0.28.1 allows remote authenticated users to cause a denial of service (CPU and memory consumption and crash) via a crafted file, as demonstrated by a file containing the string "\033[100000000000000000@".

Published: May 21, 2014; 10:55:05 AM -0400
V3.x:(not available)
V2.0: 3.5 LOW
CVE-2012-1600

Multiple cross-site scripting (XSS) vulnerabilities in functions.php in phpPgAdmin before 5.0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) type of a function.

Published: May 13, 2014; 8:55:06 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2012-0871

The session_link_x11_socket function in login/logind-session.c in systemd-logind in systemd, possibly 37 and earlier, allows local users to create or overwrite arbitrary files via a symlink attack on the X11 user directory in /run/user/.

Published: April 18, 2014; 10:55:25 AM -0400
V3.x:(not available)
V2.0: 6.3 MEDIUM
CVE-2012-2328

internal/cimxml/sax/NodeFactory.java in Standards-Based Linux Instrumentation for Manageability (SBLIM) Common Information Model (CIM) Client (aka sblim-cim-client2) before 2.1.12 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted XML file.

Published: February 10, 2014; 1:15:09 PM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2012-1095

osc before 0.134 might allow remote OBS repository servers or package maintainers to execute arbitrary commands via a crafted (1) build log or (2) build status that contains an escape sequence for a terminal emulator.

Published: February 06, 2014; 12:00:03 PM -0500
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2011-3377

The web browser plug-in in IcedTea-Web 1.0.x before 1.0.6 and 1.1.x before 1.1.4 allows remote attackers to bypass the Same Origin Policy (SOP) and execute arbitrary script or establish network connections to unintended hosts via an applet whose origin has the same second-level domain, but a different sub-domain than the targeted domain.

Published: February 05, 2014; 2:55:28 PM -0500
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2012-0425

LanItems.ycp in save_y2logs in yast2-network before 2.24.4 in SUSE YaST writes cleartext Wi-Fi credentials to the y2log log file, which allows context-dependent attackers to obtain sensitive information by reading the (1) WIRELESS_WPA_PASSWORD or (2) WIRELESS_CLIENT_KEY_PASSWORD field.

Published: December 01, 2013; 11:36:26 PM -0500
V3.x:(not available)
V2.0: 7.8 HIGH
CVE-2013-0223

The SUSE coreutils-i18n.patch for GNU coreutils allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a long string to the join command, when using the -i switch, which triggers a stack-based buffer overflow in the alloca function.

Published: November 23, 2013; 1:55:04 PM -0500
V3.x:(not available)
V2.0: 1.9 LOW
CVE-2013-0222

The SUSE coreutils-i18n.patch for GNU coreutils allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a long string to the uniq command, which triggers a stack-based buffer overflow in the alloca function.

Published: November 23, 2013; 1:55:04 PM -0500
V3.x:(not available)
V2.0: 2.1 LOW
CVE-2013-0221

The SUSE coreutils-i18n.patch for GNU coreutils allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a long string to the sort command, when using the (1) -d or (2) -M switch, which triggers a stack-based buffer overflow in the alloca function.

Published: November 23, 2013; 1:55:04 PM -0500
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2013-1362

Incomplete blacklist vulnerability in nrpc.c in Nagios Remote Plug-In Executor (NRPE) before 2.14 might allow remote attackers to execute arbitrary shell commands via "$()" shell metacharacters, which are processed by bash.

Published: July 09, 2013; 1:55:00 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2013-1846

The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via a LOCK on an activity URL.

Published: May 02, 2013; 10:55:05 AM -0400
V3.x:(not available)
V2.0: 4.0 MEDIUM
CVE-2013-1845

The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (memory consumption) by (1) setting or (2) deleting a large number of properties for a file or directory.

Published: May 02, 2013; 10:55:05 AM -0400
V3.x:(not available)
V2.0: 2.1 LOW
CVE-2013-0338

libxml2 2.9.0 and earlier allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via an XML file containing an entity declaration with long replacement text and many references to this entity, aka "internal entity expansion" with linear complexity.

Published: April 25, 2013; 7:55:01 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2012-6139

libxslt before 1.1.28 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an (1) empty match attribute in a XSL key to the xsltAddKey function in keys.c or (2) uninitialized variable to the xsltDocumentFunction function in functions.c.

Published: April 12, 2013; 6:55:01 PM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM