Filtered by vendor Opensuse Subscriptions
Filtered by product Opensuse Subscriptions
Total 1465 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2014-2893 2 Llvm, Opensuse 2 Clang, Opensuse 2024-11-21 N/A
The GetHTMLRunDir function in the scan-build utility in Clang 3.5 and earlier allows local users to obtain sensitive information or overwrite arbitrary files via a symlink attack on temporary directories with predictable names.
CVE-2014-2576 2 Claws-mail, Opensuse 2 Claws-mail, Opensuse 2024-11-21 N/A
plugins/rssyl/feed.c in Claws Mail before 3.10.0 disables the CURLOPT_SSL_VERIFYHOST check for CN or SAN host name fields, which makes it easier for remote attackers to spoof servers and conduct man-in-the-middle (MITM) attacks.
CVE-2014-2554 2 Opensuse, Otrs 2 Opensuse, Otrs 2024-11-21 N/A
OTRS 3.1.x before 3.1.21, 3.2.x before 3.2.16, and 3.3.x before 3.3.6 allows remote attackers to conduct clickjacking attacks via an IFRAME element.
CVE-2014-2528 2 Kdirstat Project, Opensuse 2 Kdirstat, Opensuse 2024-11-21 N/A
kcleanup.cpp in KDirStat 2.7.3 does not properly quote strings when deleting a directory, which allows remote attackers to execute arbitrary commands via a ' (single quote) character in the directory name, a different vulnerability than CVE-2014-2527.
CVE-2014-2527 2 Kdirstat Project, Opensuse 2 Kdirstat, Opensuse 2024-11-21 N/A
kcleanup.cpp in KDirStat 2.7.0 does not properly quote strings when deleting a directory, which allows remote attackers to execute arbitrary commands via a " (double quote) character in the directory name, a different vulnerability than CVE-2014-2528.
CVE-2014-2525 3 Opensuse, Pyyaml, Redhat 6 Leap, Opensuse, Libyaml and 3 more 2024-11-21 N/A
Heap-based buffer overflow in the yaml_parser_scan_uri_escapes function in LibYAML before 0.1.6 allows context-dependent attackers to execute arbitrary code via a long sequence of percent-encoded characters in a URI in a YAML file.
CVE-2014-2524 4 Fedoraproject, Gnu, Mageia and 1 more 4 Fedora, Readline, Mageia and 1 more 2024-11-21 N/A
The _rl_tropen function in util.c in GNU readline before 6.3 patch 3 allows local users to create or overwrite arbitrary files via a symlink attack on a /var/tmp/rltrace.[PID] file.
CVE-2014-2387 3 Debian, Opensuse, Pen Project 3 Debian Linux, Opensuse, Pen 2024-11-21 4.4 Medium
Pen 0.18.0 has Insecure Temporary File Creation vulnerabilities
CVE-2014-2386 2 Icinga, Opensuse 2 Icinga, Opensuse 2024-11-21 N/A
Multiple off-by-one errors in Icinga, possibly 1.10.2 and earlier, allow remote attackers to cause a denial of service (crash) via unspecified vectors to the (1) display_nav_table, (2) print_export_link, (3) page_num_selector, or (4) page_limit_selector function in cgi/cgiutils.c or (5) status_page_num_selector function in cgi/status.c, which triggers a stack-based buffer overflow.
CVE-2014-2328 4 Cacti, Debian, Fedoraproject and 1 more 4 Cacti, Debian Linux, Fedora and 1 more 2024-11-21 N/A
lib/graph_export.php in Cacti 0.8.7g, 0.8.8b, and earlier allows remote authenticated users to execute arbitrary commands via shell metacharacters in unspecified vectors.
CVE-2014-2327 3 Cacti, Debian, Opensuse 3 Cacti, Debian Linux, Opensuse 2024-11-21 N/A
Cross-site request forgery (CSRF) vulnerability in Cacti 0.8.7g, 0.8.8b, and earlier allows remote attackers to hijack the authentication of users for unspecified commands, as demonstrated by requests that (1) modify binary files, (2) modify configurations, or (3) add arbitrary users.
CVE-2014-2326 4 Cacti, Debian, Fedoraproject and 1 more 4 Cacti, Debian Linux, Fedora and 1 more 2024-11-21 N/A
Cross-site scripting (XSS) vulnerability in cdef.php in Cacti 0.8.7g, 0.8.8b, and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2014-2324 5 Contec, Debian, Lighttpd and 2 more 7 Sv-cpt-mc310, Sv-cpt-mc310 Firmware, Debian Linux and 4 more 2024-11-21 N/A
Multiple directory traversal vulnerabilities in (1) mod_evhost and (2) mod_simple_vhost in lighttpd before 1.4.35 allow remote attackers to read arbitrary files via a .. (dot dot) in the host name, related to request_check_hostname.
CVE-2014-2323 4 Debian, Lighttpd, Opensuse and 1 more 5 Debian Linux, Lighttpd, Opensuse and 2 more 2024-11-21 9.8 Critical
SQL injection vulnerability in mod_mysql_vhost.c in lighttpd before 1.4.35 allows remote attackers to execute arbitrary SQL commands via the host name, related to request_check_hostname.
CVE-2014-2309 4 Linux, Opensuse, Redhat and 1 more 4 Linux Kernel, Opensuse, Enterprise Mrg and 1 more 2024-11-21 N/A
The ip6_route_add function in net/ipv6/route.c in the Linux kernel through 3.13.6 does not properly count the addition of routes, which allows remote attackers to cause a denial of service (memory consumption) via a flood of ICMPv6 Router Advertisement packets.
CVE-2014-2270 6 Canonical, Debian, File Project and 3 more 7 Ubuntu Linux, Debian Linux, File and 4 more 2024-11-21 N/A
softmagic.c in file before 5.17 and libmagic allows context-dependent attackers to cause a denial of service (out-of-bounds memory access and crash) via crafted offsets in the softmagic of a PE executable.
CVE-2014-2030 3 Canonical, Imagemagick, Opensuse 3 Ubuntu Linux, Imagemagick, Opensuse 2024-11-21 8.8 High
Stack-based buffer overflow in the WritePSDImage function in coders/psd.c in ImageMagick, possibly 6.8.8-5, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PSD image, involving the L%06ld string, a different vulnerability than CVE-2014-1947.
CVE-2014-1958 3 Canonical, Imagemagick, Opensuse 3 Ubuntu Linux, Imagemagick, Opensuse 2024-11-21 8.8 High
Buffer overflow in the DecodePSDPixels function in coders/psd.c in ImageMagick before 6.8.8-5 might allow remote attackers to execute arbitrary code via a crafted PSD image, involving the L%06ld string, a different vulnerability than CVE-2014-2030.
CVE-2014-1934 2 Opensuse, Travis Shirk 2 Opensuse, Eyed3 2024-11-21 N/A
tag.py in eyeD3 (aka python-eyed3) 7.0.3, 0.6.18, and earlier for Python allows local users to modify arbitrary files via a symlink attack on a temporary file.
CVE-2014-1909 2 Google, Opensuse 3 Android Debug Bridge, Android Sdk Platform Tools, Opensuse 2024-11-21 N/A
Integer signedness error in system/core/adb/adb_client.c in Android Debug Bridge (ADB) for Android 4.4 in the Android SDK Platform Tools 18.0.1 allows ADB servers to execute arbitrary code via a negative length value, which bypasses a signed comparison and triggers a stack-based buffer overflow.