Vulnerabilities > Opensuse > Opensuse > 13.1

DATE CVE VULNERABILITY TITLE RISK
2020-02-06 CVE-2014-2030 Out-of-bounds Write vulnerability in multiple products
Stack-based buffer overflow in the WritePSDImage function in coders/psd.c in ImageMagick, possibly 6.8.8-5, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PSD image, involving the L%06ld string, a different vulnerability than CVE-2014-1947.
6.8
2020-02-06 CVE-2014-1958 Classic Buffer Overflow vulnerability in Imagemagick
Buffer overflow in the DecodePSDPixels function in coders/psd.c in ImageMagick before 6.8.8-5 might allow remote attackers to execute arbitrary code via a crafted PSD image, involving the L%06ld string, a different vulnerability than CVE-2014-2030.
6.8
2020-01-31 CVE-2013-3565 Cross-site Scripting vulnerability in multiple products
Multiple cross-site scripting (XSS) vulnerabilities in the HTTP Interface in VideoLAN VLC Media Player before 2.0.7 allow remote attackers to inject arbitrary web script or HTML via the (1) command parameter to requests/vlm_cmd.xml, (2) dir parameter to requests/browse.xml, or (3) URI in a request, which is returned in an error message through share/lua/intf/http.lua.
network
low complexity
videolan opensuse CWE-79
6.1
2020-01-14 CVE-2015-2326 Out-of-bounds Read vulnerability in multiple products
The pcre_compile2 function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code and cause a denial of service (out-of-bounds read) via regular expression with a group containing both a forward referencing subroutine call and a recursive back reference, as demonstrated by "((?+1)(\1))/".
local
low complexity
pcre opensuse mariadb php CWE-125
5.5
2020-01-14 CVE-2015-2325 Out-of-bounds Write vulnerability in multiple products
The compile_branch function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code, cause a denial of service (out-of-bounds heap read and crash), or possibly have other unspecified impact via a regular expression with a group containing a forward reference repeated a large number of times within a repeated outer group that has a zero minimum quantifier.
6.8
2019-12-13 CVE-2014-3495 Improper Certificate Validation vulnerability in multiple products
duplicity 0.6.24 has improper verification of SSL certificates
network
low complexity
debian opensuse CWE-295
5.0
2019-12-13 CVE-2014-2387 Exposure of Resource to Wrong Sphere vulnerability in multiple products
Pen 0.18.0 has Insecure Temporary File Creation vulnerabilities
local
low complexity
pen-project opensuse debian CWE-668
4.6
2019-12-11 CVE-2013-7370 Cross-site Scripting vulnerability in multiple products
node-connect before 2.8.1 has XSS in the Sencha Labs Connect middleware
4.3
2019-11-27 CVE-2012-6655 Incorrect Permission Assignment for Critical Resource vulnerability in multiple products
An issue exists AccountService 0.6.37 in the user_change_password_authorized_cb() function in user.c which could let a local users obtain encrypted passwords.
2.1
2019-11-05 CVE-2013-6365 Cross-Site Request Forgery (CSRF) vulnerability in multiple products
Horde Groupware Web mail 5.1.2 has CSRF with requests to change permissions
network
high complexity
horde opensuse debian CWE-352
2.6