Vulnerabilities > Opensuse > Opensuse > 12.3

DATE CVE VULNERABILITY TITLE RISK
2020-02-12 CVE-2013-2637 Cross-site Scripting vulnerability in multiple products
A Cross-Site Scripting (XSS) Vulnerability exists in OTRS ITSM prior to 3.2.4, 3.1.8, and 3.0.7 and FAQ prior to 2.1.4 and 2.0.8 via changes, workorder items, and FAQ articles, which could let a remote malicious user execute arbitrary code.
network
otrs opensuse CWE-79
4.3
2020-02-06 CVE-2014-2030 Out-of-bounds Write vulnerability in multiple products
Stack-based buffer overflow in the WritePSDImage function in coders/psd.c in ImageMagick, possibly 6.8.8-5, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PSD image, involving the L%06ld string, a different vulnerability than CVE-2014-1947.
6.8
2020-02-06 CVE-2014-1958 Classic Buffer Overflow vulnerability in Imagemagick
Buffer overflow in the DecodePSDPixels function in coders/psd.c in ImageMagick before 6.8.8-5 might allow remote attackers to execute arbitrary code via a crafted PSD image, involving the L%06ld string, a different vulnerability than CVE-2014-2030.
6.8
2019-12-13 CVE-2014-3495 Improper Certificate Validation vulnerability in multiple products
duplicity 0.6.24 has improper verification of SSL certificates
network
low complexity
debian opensuse CWE-295
5.0
2019-11-27 CVE-2013-2625 Improper Privilege Management vulnerability in multiple products
An Access Bypass issue exists in OTRS Help Desk before 3.2.4, 3.1.14, and 3.0.19, OTRS ITSM before 3.2.3, 3.1.8, and 3.0.7, and FAQ before 2.2.3, 2.1.4, and 2.0.8.
network
low complexity
otrs debian opensuse CWE-269
6.4
2018-04-10 CVE-2014-0158 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Heap-based buffer overflow in the JPEG2000 image tile decoder in OpenJPEG before 1.5.2 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file because of incorrect j2k_decode, j2k_read_eoc, and tcd_decode_tile interaction, a related issue to CVE-2013-6045.
6.8
2014-12-29 CVE-2014-8132 Double free vulnerability in the ssh_packet_kexinit function in kex.c in libssh 0.5.x and 0.6.x before 0.6.4 allows remote attackers to cause a denial of service via a crafted kexinit packet.
network
low complexity
libssh debian opensuse fedoraproject canonical
5.0
2014-12-03 CVE-2014-8104 Resource Management Errors vulnerability in multiple products
OpenVPN 2.x before 2.0.11, 2.1.x, 2.2.x before 2.2.3, and 2.3.x before 2.3.6 allows remote authenticated users to cause a denial of service (server crash) via a small control channel packet.
network
low complexity
mageia debian opensuse openvpn canonical CWE-399
6.8
2014-11-30 CVE-2014-8961 Path Traversal vulnerability in multiple products
Directory traversal vulnerability in libraries/error_report.lib.php in the error-reporting feature in phpMyAdmin 4.1.x before 4.1.14.7 and 4.2.x before 4.2.12 allows remote authenticated users to obtain potentially sensitive information about a file's line count via a crafted parameter.
network
low complexity
phpmyadmin opensuse CWE-22
4.0
2014-11-30 CVE-2014-8959 Path Traversal vulnerability in multiple products
Directory traversal vulnerability in libraries/gis/GIS_Factory.class.php in the GIS editor in phpMyAdmin 4.0.x before 4.0.10.6, 4.1.x before 4.1.14.7, and 4.2.x before 4.2.12 allows remote authenticated users to include and execute arbitrary local files via a crafted geometry-type parameter.
network
low complexity
opensuse phpmyadmin CWE-22
6.5