U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
There are 674 matching records.
Displaying matches 1 through 20.
Vuln ID Summary CVSS Severity
CVE-2014-2030

Stack-based buffer overflow in the WritePSDImage function in coders/psd.c in ImageMagick, possibly 6.8.8-5, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PSD image, involving the L%06ld string, a different vulnerability than CVE-2014-1947.

Published: February 06, 2020; 10:15:10 AM -0500
V3.1: 8.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2014-1958

Buffer overflow in the DecodePSDPixels function in coders/psd.c in ImageMagick before 6.8.8-5 might allow remote attackers to execute arbitrary code via a crafted PSD image, involving the L%06ld string, a different vulnerability than CVE-2014-2030.

Published: February 06, 2020; 10:15:10 AM -0500
V3.1: 8.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2013-3565

Multiple cross-site scripting (XSS) vulnerabilities in the HTTP Interface in VideoLAN VLC Media Player before 2.0.7 allow remote attackers to inject arbitrary web script or HTML via the (1) command parameter to requests/vlm_cmd.xml, (2) dir parameter to requests/browse.xml, or (3) URI in a request, which is returned in an error message through share/lua/intf/http.lua.

Published: January 31, 2020; 5:15:10 PM -0500
V3.1: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2015-2326

The pcre_compile2 function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code and cause a denial of service (out-of-bounds read) via regular expression with a group containing both a forward referencing subroutine call and a recursive back reference, as demonstrated by "((?+1)(\1))/".

Published: January 14, 2020; 12:15:12 PM -0500
V3.1: 5.5 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2015-2325

The compile_branch function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code, cause a denial of service (out-of-bounds heap read and crash), or possibly have other unspecified impact via a regular expression with a group containing a forward reference repeated a large number of times within a repeated outer group that has a zero minimum quantifier.

Published: January 14, 2020; 12:15:12 PM -0500
V3.1: 7.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2014-3495

duplicity 0.6.24 has improper verification of SSL certificates

Published: December 13, 2019; 9:15:12 AM -0500
V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2014-2387

Pen 0.18.0 has Insecure Temporary File Creation vulnerabilities

Published: December 13, 2019; 9:15:11 AM -0500
V3.1: 4.4 MEDIUM
V2.0: 4.6 MEDIUM
CVE-2013-7370

node-connect before 2.8.1 has XSS in the Sencha Labs Connect middleware

Published: December 11, 2019; 9:15:09 AM -0500
V3.1: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2012-6655

An issue exists AccountService 0.6.37 in the user_change_password_authorized_cb() function in user.c which could let a local users obtain encrypted passwords.

Published: November 27, 2019; 1:15:11 PM -0500
V3.1: 3.3 LOW
V2.0: 2.1 LOW
CVE-2013-6365

Horde Groupware Web mail 5.1.2 has CSRF with requests to change permissions

Published: November 05, 2019; 9:15:13 AM -0500
V3.1: 5.3 MEDIUM
V2.0: 2.6 LOW
CVE-2013-3718

evince is missing a check on number of pages which can lead to a segmentation fault

Published: November 01, 2019; 9:15:11 AM -0400
V3.1: 5.5 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2014-0158

Heap-based buffer overflow in the JPEG2000 image tile decoder in OpenJPEG before 1.5.2 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file because of incorrect j2k_decode, j2k_read_eoc, and tcd_decode_tile interaction, a related issue to CVE-2013-6045. NOTE: this is not a duplicate of CVE-2013-1447, because the scope of CVE-2013-1447 was specifically defined in http://openwall.com/lists/oss-security/2013/12/04/6 as only "null pointer dereferences, division by zero, and anything that would just fit as DoS."

Published: April 10, 2018; 11:29:00 AM -0400
V3.0: 8.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2016-5314

Buffer overflow in the PixarLogDecode function in tif_pixarlog.c in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted TIFF image, as demonstrated by overwriting the vgetparent function pointer with rgb2ycbcr.

Published: March 11, 2018; 10:29:00 PM -0400
V3.0: 8.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2014-4616

Array index error in the scanstring function in the _json module in Python 2.7 through 3.5 and simplejson before 2.6.1 allows context-dependent attackers to read arbitrary process memory via a negative index value in the idx argument to the raw_decode function.

Published: August 24, 2017; 4:29:00 PM -0400
V3.1: 5.9 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2015-5203

Double free vulnerability in the jasper_image_stop_load function in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via a crafted JPEG 2000 image file.

Published: August 02, 2017; 3:29:00 PM -0400
V3.0: 5.5 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2015-5221

Use-after-free vulnerability in the mif_process_cmpt function in libjasper/mif/mif_cod.c in the JasPer JPEG-2000 library before 1.900.2 allows remote attackers to cause a denial of service (crash) via a crafted JPEG 2000 image file.

Published: July 25, 2017; 2:29:00 PM -0400
V3.0: 5.5 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2014-8127

LibTIFF 4.0.3 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted TIFF image to the (1) checkInkNamesString function in tif_dir.c in the thumbnail tool, (2) compresscontig function in tiff2bw.c in the tiff2bw tool, (3) putcontig8bitCIELab function in tif_getimage.c in the tiff2rgba tool, LZWPreDecode function in tif_lzw.c in the (4) tiff2ps or (5) tiffdither tool, (6) NeXTDecode function in tif_next.c in the tiffmedian tool, or (7) TIFFWriteDirectoryTagLongLong8Array function in tif_dirwrite.c in the tiffset tool.

Published: June 26, 2017; 11:29:00 AM -0400
V3.0: 6.5 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2016-4068

Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 1.0.9 and 1.1.x before 1.1.5 allows remote attackers to inject arbitrary web script or HTML via a crafted SVG, a different vulnerability than CVE-2015-8864.

Published: April 13, 2017; 10:59:01 AM -0400
V3.0: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2015-8864

Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 1.0.9 and 1.1.x before 1.1.5 allows remote attackers to inject arbitrary web script or HTML via a crafted SVG, a different vulnerability than CVE-2016-4068.

Published: April 13, 2017; 10:59:01 AM -0400
V3.0: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2014-9114

Blkid in util-linux before 2.26rc-1 allows local users to execute arbitrary code.

Published: March 31, 2017; 12:59:00 PM -0400
V3.0: 7.8 HIGH
V2.0: 7.2 HIGH