Vulnerabilities > Opensuse > Opensuse > 13.2
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2013-09-30 | CVE-2013-0211 | Numeric Errors vulnerability in multiple products Integer signedness error in the archive_write_zip_data function in archive_write_set_format_zip.c in libarchive 3.1.2 and earlier, when running on 64-bit machines, allows context-dependent attackers to cause a denial of service (crash) via unspecified vectors, which triggers an improper conversion between unsigned and signed types, leading to a buffer overflow. | 5.0 |
2013-08-29 | CVE-2013-5589 | SQL Injection vulnerability in multiple products SQL injection vulnerability in cacti/host.php in Cacti 0.8.8b and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
2013-08-29 | CVE-2013-5588 | Cross-Site Scripting vulnerability in multiple products Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.8b and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the step parameter to install/index.php or (2) the id parameter to cacti/host.php. | 4.3 |
2013-08-28 | CVE-2013-3495 | Permissions, Privileges, and Access Controls vulnerability in multiple products The Intel VT-d Interrupt Remapping engine in Xen 3.3.x through 4.3.x allows local guests to cause a denial of service (kernel panic) via a malformed Message Signaled Interrupt (MSI) from a PCI device that is bus mastering capable that triggers a System Error Reporting (SERR) Non-Maskable Interrupt (NMI). | 4.7 |
2012-11-11 | CVE-2012-4540 | Numeric Errors vulnerability in multiple products Off-by-one error in the invoke function in IcedTeaScriptablePluginObject.cc in IcedTea-Web 1.1.x before 1.1.7, 1.2.x before 1.2.2, 1.3.x before 1.3.1, and 1.4.x before 1.4.1 allows remote attackers to obtain sensitive information, cause a denial of service (crash), or possibly execute arbitrary code via a crafted webpage that triggers a heap-based buffer overflow, related to an error message and a "triggering event attached to applet." NOTE: the 1.4.x versions were originally associated with CVE-2013-4349, but that entry has been MERGED with this one. | 6.8 |
2012-08-31 | CVE-2012-3534 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products GNU Gatekeeper before 3.1 does not limit the number of connections to the status port, which allows remote attackers to cause a denial of service (connection and thread consumption) via a large number of connections. | 5.0 |
2012-05-01 | CVE-2011-3079 | Resource Management Errors vulnerability in multiple products The Inter-process Communication (IPC) implementation in Google Chrome before 18.0.1025.168, as used in Mozilla Firefox before 38.0 and other products, does not properly validate messages, which has unspecified impact and attack vectors. | 10.0 |
2009-05-01 | CVE-2009-1364 | Remote Code Execution vulnerability in libwmf WMF Image File Use-after-free vulnerability in the embedded GD library in libwmf 0.2.8.4 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted WMF file. | 7.5 |