Vulnerabilities > Opensuse > Opensuse > 13.2
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2014-12-09 | CVE-2014-9065 | Code vulnerability in multiple products common/spinlock.c in Xen 4.4.x and earlier does not properly handle read and write locks, which allows local x86 guest users to cause a denial of service (write denial or NMI watchdog timeout and host crash) via a large number of read requests, a different vulnerability to CVE-2014-9066. | 4.4 |
| 2014-12-08 | CVE-2014-9273 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products lib/handle.c in Hivex before 1.3.11 allows local users to execute arbitrary code and gain privileges via a small hive files, which triggers an out-of-bounds read or write. | 4.6 |
| 2014-12-03 | CVE-2014-8104 | Resource Management Errors vulnerability in multiple products OpenVPN 2.x before 2.0.11, 2.1.x, 2.2.x before 2.2.3, and 2.3.x before 2.3.6 allows remote authenticated users to cause a denial of service (server crash) via a small control channel packet. | 6.8 |
| 2014-12-03 | CVE-2014-9220 | SQL Injection vulnerability in multiple products SQL injection vulnerability in OpenVAS Manager before 4.0.6 and 5.x before 5.0.7 allows remote attackers to execute arbitrary SQL commands via the timezone parameter in a modify_schedule OMP command. | 7.5 |
| 2014-12-01 | CVE-2014-8867 | Code vulnerability in multiple products The acceleration support for the "REP MOVS" instruction in Xen 4.4.x, 3.2.x, and earlier lacks properly bounds checking for memory mapped I/O (MMIO) emulated in the hypervisor, which allows local HVM guests to cause a denial of service (host crash) via unspecified vectors. | 4.9 |
| 2014-12-01 | CVE-2014-8866 | Code vulnerability in multiple products The compatibility mode hypercall argument translation in Xen 3.3.x through 4.4.x, when running on a 64-bit hypervisor, allows local 32-bit HVM guests to cause a denial of service (host crash) via vectors involving altering the high halves of registers while in 64-bit mode. | 4.7 |
| 2014-11-30 | CVE-2014-8961 | Path Traversal vulnerability in multiple products Directory traversal vulnerability in libraries/error_report.lib.php in the error-reporting feature in phpMyAdmin 4.1.x before 4.1.14.7 and 4.2.x before 4.2.12 allows remote authenticated users to obtain potentially sensitive information about a file's line count via a crafted parameter. | 4.0 |
| 2014-11-30 | CVE-2014-8959 | Path Traversal vulnerability in multiple products Directory traversal vulnerability in libraries/gis/GIS_Factory.class.php in the GIS editor in phpMyAdmin 4.0.x before 4.0.10.6, 4.1.x before 4.1.14.7, and 4.2.x before 4.2.12 allows remote authenticated users to include and execute arbitrary local files via a crafted geometry-type parameter. | 6.5 |
| 2014-11-24 | CVE-2014-9030 | Improper Input Validation vulnerability in multiple products The do_mmu_update function in arch/x86/mm.c in Xen 3.2.x through 4.4.x does not properly manage page references, which allows remote domains to cause a denial of service by leveraging control over an HVM guest and a crafted MMU_MACHPHYS_UPDATE. | 7.1 |
| 2014-11-20 | CVE-2014-8768 | Integer Underflow (Wrap OR Wraparound) vulnerability in multiple products Multiple Integer underflows in the geonet_print function in tcpdump 4.5.0 through 4.6.2, when in verbose mode, allow remote attackers to cause a denial of service (segmentation fault and crash) via a crafted length value in a Geonet frame. | 5.0 |