Vulnerabilities > Opensuse > Opensuse > 12.2

DATE CVE VULNERABILITY TITLE RISK
2020-02-12 CVE-2013-2637 Cross-site Scripting vulnerability in multiple products
A Cross-Site Scripting (XSS) Vulnerability exists in OTRS ITSM prior to 3.2.4, 3.1.8, and 3.0.7 and FAQ prior to 2.1.4 and 2.0.8 via changes, workorder items, and FAQ articles, which could let a remote malicious user execute arbitrary code.
network
otrs opensuse CWE-79
4.3
2020-01-09 CVE-2012-2142 Security vulnerability in Poppler and xpdf
The error function in Error.cc in poppler before 0.21.4 allows remote attackers to execute arbitrary commands via a PDF containing an escape sequence for a terminal emulator.
6.8
2019-11-27 CVE-2013-2625 Improper Privilege Management vulnerability in multiple products
An Access Bypass issue exists in OTRS Help Desk before 3.2.4, 3.1.14, and 3.0.19, OTRS ITSM before 3.2.3, 3.1.8, and 3.0.7, and FAQ before 2.2.3, 2.1.4, and 2.0.8.
network
low complexity
otrs debian opensuse CWE-269
6.4
2014-02-10 CVE-2012-2328 Cryptographic Issues vulnerability in multiple products
internal/cimxml/sax/NodeFactory.java in Standards-Based Linux Instrumentation for Manageability (SBLIM) Common Information Model (CIM) Client (aka sblim-cim-client2) before 2.1.12 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted XML file.
5.0
2014-02-08 CVE-2013-2191 Improper Input Validation vulnerability in multiple products
python-bugzilla before 0.9.0 does not validate X.509 certificates, which allows man-in-the-middle attackers to spoof Bugzilla servers via a crafted certificate.
4.3
2014-01-23 CVE-2014-0979 Local Denial of Service vulnerability in LightDM GTK+ Greeter
The start_authentication function in lightdm-gtk-greeter.c in LightDM GTK+ Greeter before 1.7.1 does not properly handle the return value from the lightdm_greeter_get_authentication_user function, which allows local users to cause a denial of service (NULL pointer dereference) via an empty username.
local
low complexity
opensuse lightdm-gtk-greeter-project
2.1
2013-12-11 CVE-2013-6673 Cryptographic Issues vulnerability in multiple products
Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 do not recognize a user's removal of trust from an EV X.509 certificate, which makes it easier for man-in-the-middle attackers to spoof SSL servers in opportunistic circumstances via a valid certificate that is unacceptable to the user.
4.3
2013-12-11 CVE-2013-6672 Information Exposure vulnerability in multiple products
Mozilla Firefox before 26.0 and SeaMonkey before 2.23 on Linux allow user-assisted remote attackers to read clipboard data by leveraging certain middle-click paste operations.
4.3
2013-12-11 CVE-2013-6671 Code Injection vulnerability in multiple products
The nsGfxScrollFrameInner::IsLTR function in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary code via crafted use of JavaScript code for ordered list elements.
network
low complexity
mozilla canonical redhat suse opensuse fedoraproject CWE-94
critical
10.0
2013-12-11 CVE-2013-5619 Integer Overflow OR Wraparound vulnerability in multiple products
Multiple integer overflows in the binary-search implementation in SpiderMonkey in Mozilla Firefox before 26.0 and SeaMonkey before 2.23 might allow remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted JavaScript code.
7.5