Search Results (Refine Search)
- Keyword (text search): cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*
- CPE Name Search: true
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2015-8078 |
Integer overflow in the index_urlfetch function in imap/index.c in Cyrus IMAP 2.3.19, 2.4.18, and 2.5.6 allows remote attackers to have unspecified impact via vectors related to urlfetch range checks and the section_offset variable. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-8076. Published: December 03, 2015; 3:59:10 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2015-8077 |
Integer overflow in the index_urlfetch function in imap/index.c in Cyrus IMAP 2.3.19, 2.4.18, and 2.5.6 allows remote attackers to have unspecified impact via vectors related to urlfetch range checks and the start_octet variable. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-8076. Published: December 03, 2015; 3:59:09 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2015-8076 |
The index_urlfetch function in index.c in Cyrus IMAP 2.3.x before 2.3.19, 2.4.x before 2.4.18, 2.5.x before 2.5.4 allows remote attackers to obtain sensitive information or possibly have unspecified other impact via vectors related to the urlfetch range, which triggers an out-of-bounds heap read. Published: December 03, 2015; 3:59:07 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2015-0794 |
modules.d/90crypt/module-setup.sh in the dracut package before 037-17.30.1 in openSUSE 13.2 allows local users to have unspecified impact via a symlink attack on /tmp/dracut_block_uuid.map. Published: November 19, 2015; 3:59:02 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 3.6 LOW |
CVE-2014-9756 |
The psf_fwrite function in file_io.c in libsndfile allows attackers to cause a denial of service (divide-by-zero error and application crash) via unspecified vectors related to the headindex variable. Published: November 19, 2015; 3:59:00 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2015-7805 |
Heap-based buffer overflow in libsndfile 1.0.25 allows remote attackers to have unspecified impact via the headindex value in the header in an AIFF file. Published: November 17, 2015; 10:59:12 AM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2015-8126 |
Multiple buffer overflows in the (1) png_set_PLTE and (2) png_get_PLTE functions in libpng before 1.0.64, 1.1.x and 1.2.x before 1.2.54, 1.3.x and 1.4.x before 1.4.17, 1.5.x before 1.5.24, and 1.6.x before 1.6.19 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image. Published: November 12, 2015; 10:59:05 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2015-8105 |
Cross-site scripting (XSS) vulnerability in program/js/app.js in Roundcube webmail before 1.0.7 and 1.1.x before 1.1.3 allows remote authenticated users to inject arbitrary web script or HTML via the file name in a drag-n-drop file upload. Published: November 10, 2015; 12:59:13 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 3.5 LOW |
CVE-2015-8041 |
Multiple integer overflows in the NDEF record parser in hostapd before 2.5 and wpa_supplicant before 2.5 allow remote attackers to cause a denial of service (process crash or infinite loop) via a large payload length field value in an (1) WPS or (2) P2P NFC NDEF record, which triggers an out-of-bounds read. Published: November 09, 2015; 11:59:10 AM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2015-7940 |
The Bouncy Castle Java library before 1.51 does not validate a point is withing the elliptic curve, which makes it easier for remote attackers to obtain private keys via a series of crafted elliptic curve Diffie Hellman (ECDH) key exchanges, aka an "invalid curve attack." Published: November 09, 2015; 11:59:09 AM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2015-5218 |
Buffer overflow in text-utils/colcrt.c in colcrt in util-linux before 2.27 allows local users to cause a denial of service (crash) via a crafted file, related to the page global variable. Published: November 09, 2015; 11:59:06 AM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 2.1 LOW |
CVE-2015-2697 |
The build_principal_va function in lib/krb5/krb/bld_princ.c in MIT Kerberos 5 (aka krb5) before 1.14 allows remote authenticated users to cause a denial of service (out-of-bounds read and KDC crash) via an initial '\0' character in a long realm field within a TGS request. Published: November 08, 2015; 10:59:03 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 4.0 MEDIUM |
CVE-2015-2696 |
lib/gssapi/krb5/iakerb.c in MIT Kerberos 5 (aka krb5) before 1.14 relies on an inappropriate context handle, which allows remote attackers to cause a denial of service (incorrect pointer read and process crash) via a crafted IAKERB packet that is mishandled during a gss_inquire_context call. Published: November 08, 2015; 10:59:02 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 7.1 HIGH |
CVE-2015-2695 |
lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) before 1.14 relies on an inappropriate context handle, which allows remote attackers to cause a denial of service (incorrect pointer read and process crash) via a crafted SPNEGO packet that is mishandled during a gss_inquire_context call. Published: November 08, 2015; 10:59:00 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2014-9749 |
Squid 3.4.4 through 3.4.11 and 3.5.0.1 through 3.5.1, when Digest authentication is used, allow remote authenticated users to retain access by leveraging a stale nonce, aka "Nonce replay vulnerability." Published: November 06, 2015; 4:59:00 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 4.0 MEDIUM |
CVE-2015-8036 |
Heap-based buffer overflow in ARM mbed TLS (formerly PolarSSL) 1.3.x before 1.3.14 and 2.x before 2.1.2 allows remote SSL servers to cause a denial of service (client crash) and possibly execute arbitrary code via a long session ticket name to the session ticket extension, which is not properly handled when creating a ClientHello message to resume a session. NOTE: this identifier was SPLIT from CVE-2015-5291 per ADT3 due to different affected version ranges. Published: November 02, 2015; 2:59:16 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2015-6031 |
Buffer overflow in the IGDstartelt function in igd_desc_parse.c in the MiniUPnP client (aka MiniUPnPc) before 1.9.20150917 allows remote UPNP servers to cause a denial of service (application crash) and possibly execute arbitrary code via an "oversized" XML element name. Published: November 02, 2015; 2:59:14 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2015-5291 |
Heap-based buffer overflow in PolarSSL 1.x before 1.2.17 and ARM mbed TLS (formerly PolarSSL) 1.3.x before 1.3.14 and 2.x before 2.1.2 allows remote SSL servers to cause a denial of service (client crash) and possibly execute arbitrary code via a long hostname to the server name indication (SNI) extension, which is not properly handled when creating a ClientHello message. NOTE: this identifier has been SPLIT per ADT3 due to different affected version ranges. See CVE-2015-8036 for the session ticket issue that was introduced in 1.3.0. Published: November 02, 2015; 2:59:05 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2015-4625 |
Integer overflow in the authentication_agent_new_cookie function in PolicyKit (aka polkit) before 0.113 allows local users to gain privileges by creating a large number of connections, which triggers the issuance of a duplicate cookie value. Published: October 26, 2015; 3:59:05 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 4.6 MEDIUM |
CVE-2015-3256 |
PolicyKit (aka polkit) before 0.113 allows local users to cause a denial of service (memory corruption and polkitd daemon crash) and possibly gain privileges via unspecified vectors, related to "javascript rule evaluation." Published: October 26, 2015; 3:59:04 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 4.6 MEDIUM |