Vulnerabilities > Opensuse > Opensuse > 12.2

DATE CVE VULNERABILITY TITLE RISK
2020-02-12 CVE-2013-2637 Cross-site Scripting vulnerability in multiple products
A Cross-Site Scripting (XSS) Vulnerability exists in OTRS ITSM prior to 3.2.4, 3.1.8, and 3.0.7 and FAQ prior to 2.1.4 and 2.0.8 via changes, workorder items, and FAQ articles, which could let a remote malicious user execute arbitrary code.
network
low complexity
otrs opensuse CWE-79
6.1
2020-01-09 CVE-2012-2142 The error function in Error.cc in poppler before 0.21.4 allows remote attackers to execute arbitrary commands via a PDF containing an escape sequence for a terminal emulator.
local
low complexity
freedesktop xpdfreader redhat opensuse
7.8
2019-11-27 CVE-2013-2625 Improper Privilege Management vulnerability in multiple products
An Access Bypass issue exists in OTRS Help Desk before 3.2.4, 3.1.14, and 3.0.19, OTRS ITSM before 3.2.3, 3.1.8, and 3.0.7, and FAQ before 2.2.3, 2.1.4, and 2.0.8.
network
low complexity
otrs debian opensuse CWE-269
6.5
2013-12-11 CVE-2013-6673 Cryptographic Issues vulnerability in multiple products
Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 do not recognize a user's removal of trust from an EV X.509 certificate, which makes it easier for man-in-the-middle attackers to spoof SSL servers in opportunistic circumstances via a valid certificate that is unacceptable to the user.
5.9
2013-12-11 CVE-2013-6671 Code Injection vulnerability in multiple products
The nsGfxScrollFrameInner::IsLTR function in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary code via crafted use of JavaScript code for ordered list elements.
network
low complexity
mozilla canonical redhat opensuse suse fedoraproject CWE-94
critical
9.8
2013-12-11 CVE-2013-5618 Use After Free vulnerability in multiple products
Use-after-free vulnerability in the nsNodeUtils::LastRelease function in the table-editing user interface in the editor component in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary code by triggering improper garbage collection.
network
low complexity
mozilla fedoraproject opensuse suse canonical redhat CWE-416
critical
9.8
2013-12-11 CVE-2013-5616 Use After Free vulnerability in multiple products
Use-after-free vulnerability in the nsEventListenerManager::HandleEventSubType function in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors related to mListeners event listeners.
network
low complexity
mozilla fedoraproject opensuse suse redhat canonical CWE-416
critical
9.8
2013-12-11 CVE-2013-5615 The JavaScript implementation in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 does not properly enforce certain typeset restrictions on the generation of GetElementIC typed array stubs, which has unspecified impact and remote attack vectors.
network
low complexity
mozilla canonical opensuse suse fedoraproject
critical
9.8
2013-12-11 CVE-2013-5613 Use After Free vulnerability in multiple products
Use-after-free vulnerability in the PresShell::DispatchSynthMouseMove function in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors involving synthetic mouse movement, related to the RestyleManager::GetHoverGeneration function.
network
low complexity
mozilla fedoraproject opensuse suse redhat canonical CWE-416
critical
9.8
2013-12-11 CVE-2013-5609 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
network
low complexity
mozilla fedoraproject opensuse suse canonical redhat
critical
9.8