Vulnerabilities
Vulnerable Software
Opensuse:  >> Opensuse  Security Vulnerabilities
IBM InfoSphere Master Data Management Server 11.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 186324.
CVSS Score
6.5
EPSS Score
0.001
Published
2021-07-16
A UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of exim in openSUSE Factory allows local attackers to escalate from user mail to root. This issue affects: openSUSE Factory exim versions prior to 4.93.0.4-3.1.
CVSS Score
8.4
EPSS Score
0.001
Published
2020-04-02
A Cross-Site Scripting (XSS) Vulnerability exists in OTRS ITSM prior to 3.2.4, 3.1.8, and 3.0.7 and FAQ prior to 2.1.4 and 2.0.8 via changes, workorder items, and FAQ articles, which could let a remote malicious user execute arbitrary code.
CVSS Score
6.1
EPSS Score
0.014
Published
2020-02-12
Buffer overflow in the DecodePSDPixels function in coders/psd.c in ImageMagick before 6.8.8-5 might allow remote attackers to execute arbitrary code via a crafted PSD image, involving the L%06ld string, a different vulnerability than CVE-2014-2030.
CVSS Score
8.8
EPSS Score
0.013
Published
2020-02-06
Stack-based buffer overflow in the WritePSDImage function in coders/psd.c in ImageMagick, possibly 6.8.8-5, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PSD image, involving the L%06ld string, a different vulnerability than CVE-2014-1947.
CVSS Score
8.8
EPSS Score
0.208
Published
2020-02-06
Multiple cross-site scripting (XSS) vulnerabilities in the HTTP Interface in VideoLAN VLC Media Player before 2.0.7 allow remote attackers to inject arbitrary web script or HTML via the (1) command parameter to requests/vlm_cmd.xml, (2) dir parameter to requests/browse.xml, or (3) URI in a request, which is returned in an error message through share/lua/intf/http.lua.
CVSS Score
6.1
EPSS Score
0.004
Published
2020-01-31
NetworkManager 0.9.x does not pin a certificate's subject to an ESSID when 802.11X authentication is used.
CVSS Score
6.8
EPSS Score
0.001
Published
2020-01-27
Memory leak in the OBJ_obj2txt function in LibreSSL before 2.3.1 allows remote attackers to cause a denial of service (memory consumption) via a large number of ASN.1 object identifiers in X.509 certificates.
CVSS Score
7.5
EPSS Score
0.021
Published
2020-01-23
Off-by-one error in the OBJ_obj2txt function in LibreSSL before 2.3.1 allows remote attackers to cause a denial of service (program crash) or possible execute arbitrary code via a crafted X.509 certificate, which triggers a stack-based buffer overflow. Note: this vulnerability exists because of an incorrect fix for CVE-2014-3508.
CVSS Score
9.8
EPSS Score
0.099
Published
2020-01-23
The compile_branch function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code, cause a denial of service (out-of-bounds heap read and crash), or possibly have other unspecified impact via a regular expression with a group containing a forward reference repeated a large number of times within a repeated outer group that has a zero minimum quantifier.
CVSS Score
7.8
EPSS Score
0.007
Published
2020-01-14


Contact Us

Shodan ® - All rights reserved