Vulnerabilities > Opensuse > Opensuse > 12.2
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-02-12 | CVE-2013-2637 | Cross-site Scripting vulnerability in multiple products A Cross-Site Scripting (XSS) Vulnerability exists in OTRS ITSM prior to 3.2.4, 3.1.8, and 3.0.7 and FAQ prior to 2.1.4 and 2.0.8 via changes, workorder items, and FAQ articles, which could let a remote malicious user execute arbitrary code. | 4.3 |
2020-01-09 | CVE-2012-2142 | Security vulnerability in Poppler and xpdf The error function in Error.cc in poppler before 0.21.4 allows remote attackers to execute arbitrary commands via a PDF containing an escape sequence for a terminal emulator. | 6.8 |
2019-11-27 | CVE-2013-2625 | Improper Privilege Management vulnerability in multiple products An Access Bypass issue exists in OTRS Help Desk before 3.2.4, 3.1.14, and 3.0.19, OTRS ITSM before 3.2.3, 3.1.8, and 3.0.7, and FAQ before 2.2.3, 2.1.4, and 2.0.8. | 6.4 |
2014-02-10 | CVE-2012-2328 | Cryptographic Issues vulnerability in multiple products internal/cimxml/sax/NodeFactory.java in Standards-Based Linux Instrumentation for Manageability (SBLIM) Common Information Model (CIM) Client (aka sblim-cim-client2) before 2.1.12 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted XML file. | 5.0 |
2014-02-08 | CVE-2013-2191 | Improper Input Validation vulnerability in multiple products python-bugzilla before 0.9.0 does not validate X.509 certificates, which allows man-in-the-middle attackers to spoof Bugzilla servers via a crafted certificate. | 4.3 |
2014-01-23 | CVE-2014-0979 | Local Denial of Service vulnerability in LightDM GTK+ Greeter The start_authentication function in lightdm-gtk-greeter.c in LightDM GTK+ Greeter before 1.7.1 does not properly handle the return value from the lightdm_greeter_get_authentication_user function, which allows local users to cause a denial of service (NULL pointer dereference) via an empty username. | 2.1 |
2013-12-11 | CVE-2013-6673 | Cryptographic Issues vulnerability in multiple products Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 do not recognize a user's removal of trust from an EV X.509 certificate, which makes it easier for man-in-the-middle attackers to spoof SSL servers in opportunistic circumstances via a valid certificate that is unacceptable to the user. | 4.3 |
2013-12-11 | CVE-2013-6672 | Information Exposure vulnerability in multiple products Mozilla Firefox before 26.0 and SeaMonkey before 2.23 on Linux allow user-assisted remote attackers to read clipboard data by leveraging certain middle-click paste operations. | 4.3 |
2013-12-11 | CVE-2013-6671 | Code Injection vulnerability in multiple products The nsGfxScrollFrameInner::IsLTR function in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary code via crafted use of JavaScript code for ordered list elements. | 10.0 |
2013-12-11 | CVE-2013-5619 | Integer Overflow OR Wraparound vulnerability in multiple products Multiple integer overflows in the binary-search implementation in SpiderMonkey in Mozilla Firefox before 26.0 and SeaMonkey before 2.23 might allow remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted JavaScript code. | 7.5 |