Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
opensuse project vulnerabilities and exploits
(subscribe to this query)
6.8
CVSSv2
CVE-2016-2347
Integer underflow in the decode_level3_header function in lib/lha_file_header.c in Lhasa prior to 0.3.1 allows remote malicious users to execute arbitrary code via a crafted archive.
Opensuse Opensuse 13.2
Opensuse Leap 42.1
Debian Debian Linux 8.0
Debian Debian Linux 7.0
Lhasa Project Lhasa
4.9
CVSSv2
CVE-2016-3992
cronic prior to 3 allows local users to write to arbitrary files via a symlink attack on a (1) cronic.out.$$, (2) cronic.err.$$, or (3) cronic.trace.$$ file in /tmp.
Cronic Project Cronic 2
Debian Debian Linux 8.0
Debian Debian Linux 7.0
Opensuse Leap 42.1
Opensuse Opensuse 13.2
5
CVSSv2
CVE-2016-7969
The wrap_lines_smart function in ass_render.c in libass prior to 0.13.4 allows remote malicious users to cause a denial of service (out-of-bounds read) via unspecified vectors, related to "0/3 line wrapping equalization."
Opensuse Leap 42.1
Opensuse Opensuse 13.2
Fedoraproject Fedora 25
Fedoraproject Fedora 24
Fedoraproject Fedora 23
Libass Project Libass
5
CVSSv2
CVE-2016-7972
The check_allocations function in libass/ass_shaper.c in libass prior to 0.13.4 allows remote malicious users to cause a denial of service (memory allocation failure) via unspecified vectors.
Opensuse Leap 42.1
Opensuse Opensuse 13.2
Fedoraproject Fedora 25
Fedoraproject Fedora 24
Fedoraproject Fedora 23
Libass Project Libass
5
CVSSv2
CVE-2020-6095
An exploitable denial of service vulnerability exists in the GstRTSPAuth functionality of GStreamer/gst-rtsp-server 1.14.5. A specially crafted RTSP setup request can cause a null pointer deference resulting in denial-of-service. An attacker can send a malicious packet to trigger...
Gstreamer Project Gst-rtsp-server 1.14.5
Opensuse Leap 15.1
Opensuse Backports Sle 15.0
6.5
CVSSv2
CVE-2020-24972
The Kleopatra component prior to 3.1.12 (and prior to 20.07.80) for GnuPG allows remote malicious users to execute arbitrary code because openpgp4fpr: URLs are supported without safe handling of command-line options. The Qt platformpluginpath command-line option can be used to lo...
Kleopatra Project Kleopatra
Fedoraproject Fedora 32
Opensuse Leap 15.1
Opensuse Backports Sle 15.0
4.3
CVSSv2
CVE-2017-5938
Cross-site scripting (XSS) vulnerability in the nav_path function in lib/viewvc.py in ViewVC prior to 1.0.14 and 1.1.x prior to 1.1.26 allows remote malicious users to inject arbitrary web script or HTML via the nav_data name.
Debian Debian Linux 8.0
Opensuse Leap 42.2
Opensuse Project Leap 42.1
Viewvc Viewvc
5
CVSSv2
CVE-2020-25032
An issue exists in Flask-CORS (aka CORS Middleware for Flask) prior to 3.0.9. It allows ../ directory traversal to access private resources because resource matching does not ensure that pathnames are in a canonical format.
Flask-cors Project Flask-cors
Debian Debian Linux 10.0
Opensuse Leap 15.1
Opensuse Backports Sle 15.0
Opensuse Leap 15.2
5
CVSSv2
CVE-2014-9756
The psf_fwrite function in file_io.c in libsndfile allows malicious users to cause a denial of service (divide-by-zero error and application crash) via unspecified vectors related to the headindex variable.
Libsndfile Project Libsndfile
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 15.04
Canonical Ubuntu Linux 15.10
Opensuse Leap 42.1
Opensuse Opensuse 13.1
Opensuse Opensuse 13.2
4.6
CVSSv2
CVE-2017-5331
Integer overflow in the check_offset function in b/wrestool/fileread.c in icoutils prior to 0.31.1 allows local users to cause a denial of service (process crash) and execute arbitrary code via a crafted executable.
Icoutils Project Icoutils
Canonical Ubuntu Linux 12.04
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Opensuse Leap 42.1
Opensuse Opensuse 13.2
Opensuse Leap 42.2
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-38002
CVE-2006-4304
CVE-2024-4336
CVE-2024-33437
CVE-2024-4340
CVE-2024-27956
privilege
insecure direct object reference
XSS
item search icon">CVE-2024-25938
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »