opensuse opensuse 12.3 vulnerabilities and exploits

(subscribe to this query)

The SUSE horde5 package prior to 5.0.2-2.4.1 sets incorrect ownership for certain configuration files and directories including /etc/apache2/vhosts.d, which allows local wwwrun users to gain privileges via unspecified vectors.

Opensuse Opensuse 12.3

Heap-based buffer overflow in the JPEG2000 image tile decoder in OpenJPEG prior to 1.5.2 allows remote malicious users to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file because of incorrect j2k_decode, j2k_read_eoc, and ...

Uclouvain Openjpeg Opensuse Opensuse 12.3 Opensuse Opensuse 13.1

Use-after-free vulnerability in the FormAssociatedElement::formRemovedFromTree function in core/html/FormAssociatedElement.cpp in Blink, as used in Google Chrome prior to 32.0.1700.76 on Windows and prior to 32.0.1700.77 on Mac OS X and Linux, allows remote malicious users to cau...

Google Chrome Opensuse Opensuse 12.3 Opensuse Opensuse 13.1

The ModSecurity module prior to 2.7.4 for the Apache HTTP Server allows remote malicious users to cause a denial of service (NULL pointer dereference, process crash, and disk consumption) via a POST request with a large body and a crafted Content-Type header.

Trustwave Modsecurity Opensuse Opensuse 11.4 Opensuse Opensuse 12.2 Opensuse Opensuse 12.3

1 EDB exploit

ModSecurity prior to 2.5.11 treats request parameter values containing single quotes as files, which allows remote malicious users to bypass filtering rules and perform other attacks such as cross-site scripting (XSS) attacks via a single quote in a request parameter in the Conte...

Trustwave Modsecurity Opensuse Opensuse 11.4 Opensuse Opensuse 12.2 Opensuse Opensuse 12.3

The (1) extract_keys_from_pdf and (2) fill_pdf functions in pdf_ext.py in logilab-commons prior to 0.61.0 allows local users to overwrite arbitrary files and possibly have other unspecified impact via a symlink attack on /tmp/toto.fdf.

Opensuse Opensuse 12.3 Opensuse Opensuse 13.1 Logilab Logilab-common

The translate_hierarchy_event function in x11/clutter-device-manager-xi2.c in Clutter, when resuming the system, does not properly handle XIQueryDevice errors when a device has "disappeared," which causes the gnome-shell to crash and allows physically proximate maliciou...

Clutter Project Clutter -Opensuse Opensuse 12.2 Opensuse Opensuse 12.3

The Execute class in shellutils in logilab-commons prior to 0.61.0 uses tempfile.mktemp, which allows local users to have an unspecified impact by pre-creating the temporary file.

Opensuse Opensuse 12.3 Opensuse Opensuse 13.1 Logilab Logilab-common

Array index error in the kvm_vm_ioctl_create_vcpu function in virt/kvm/kvm_main.c in the KVM subsystem in the Linux kernel up to and including 3.12.5 allows local users to gain privileges via a large id value.

Linux Linux Kernel Opensuse Opensuse 11.4 Opensuse Opensuse 12.3 Opensuse Opensuse 13.1

plugins/rssyl/feed.c in Claws Mail prior to 3.10.0 disables the CURLOPT_SSL_VERIFYHOST check for CN or SAN host name fields, which makes it easier for remote malicious users to spoof servers and conduct man-in-the-middle (MITM) attacks.

Claws-mail Claws-mail Opensuse Opensuse 12.3 Opensuse Opensuse 13.1

1 2 3 4 5 NEXT »

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook