Total
1385 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2012-2872 | 2 Google, Opensuse | 2 Chrome, Opensuse | 2018-10-30 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in an SSL interstitial page in Google Chrome before 21.0.1180.89 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2012-2869 | 2 Google, Opensuse | 2 Chrome, Opensuse | 2018-10-30 | 7.5 HIGH | N/A |
Google Chrome before 21.0.1180.89 does not properly load URLs, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger a "stale buffer." | |||||
CVE-2012-2868 | 2 Google, Opensuse | 2 Chrome, Opensuse | 2018-10-30 | 6.8 MEDIUM | N/A |
Race condition in Google Chrome before 21.0.1180.89 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving improper interaction between worker processes and an XMLHttpRequest (aka XHR) object. | |||||
CVE-2012-2867 | 2 Google, Opensuse | 2 Chrome, Opensuse | 2018-10-30 | 5.0 MEDIUM | N/A |
The SPDY implementation in Google Chrome before 21.0.1180.89 allows remote attackers to cause a denial of service (application crash) via unspecified vectors. | |||||
CVE-2012-2866 | 2 Google, Opensuse | 2 Chrome, Opensuse | 2018-10-30 | 7.5 HIGH | N/A |
Google Chrome before 21.0.1180.89 does not properly perform a cast of an unspecified variable during handling of run-in elements, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document. | |||||
CVE-2012-2865 | 2 Google, Opensuse | 2 Chrome, Opensuse | 2018-10-30 | 4.3 MEDIUM | N/A |
Google Chrome before 21.0.1180.89 does not properly perform line breaking, which allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted document. | |||||
CVE-2012-2881 | 2 Google, Opensuse | 2 Chrome, Opensuse | 2018-10-30 | 7.5 HIGH | N/A |
Google Chrome before 22.0.1229.79 does not properly handle plug-ins, which allows remote attackers to cause a denial of service (DOM tree corruption) or possibly have unspecified other impact via unknown vectors. | |||||
CVE-2012-2328 | 2 Opensuse, Standards Based Linux Instrumentation Project | 2 Opensuse, Standards-based Linux Common Information Model Client | 2018-10-30 | 5.0 MEDIUM | N/A |
internal/cimxml/sax/NodeFactory.java in Standards-Based Linux Instrumentation for Manageability (SBLIM) Common Information Model (CIM) Client (aka sblim-cim-client2) before 2.1.12 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted XML file. | |||||
CVE-2012-1095 | 1 Opensuse | 2 Opensuse, Osc | 2018-10-30 | 4.3 MEDIUM | N/A |
osc before 0.134 might allow remote OBS repository servers or package maintainers to execute arbitrary commands via a crafted (1) build log or (2) build status that contains an escape sequence for a terminal emulator. | |||||
CVE-2012-2880 | 2 Google, Opensuse | 2 Chrome, Opensuse | 2018-10-30 | 7.5 HIGH | N/A |
Race condition in Google Chrome before 22.0.1229.79 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the plug-in paint buffer. | |||||
CVE-2012-0427 | 1 Opensuse | 1 Opensuse | 2018-10-30 | 7.2 HIGH | N/A |
yast2-add-on-creator in SUSE inst-source-utils 2008.11.26 before 2008.11.26-0.9.1 and 2012.9.13 before 2012.9.13-0.8.1 allows local users to gain privileges via a crafted (1) file name or (2) directory name. | |||||
CVE-2012-0425 | 1 Opensuse | 1 Opensuse | 2018-10-30 | 7.8 HIGH | N/A |
LanItems.ycp in save_y2logs in yast2-network before 2.24.4 in SUSE YaST writes cleartext Wi-Fi credentials to the y2log log file, which allows context-dependent attackers to obtain sensitive information by reading the (1) WIRELESS_WPA_PASSWORD or (2) WIRELESS_CLIENT_KEY_PASSWORD field. | |||||
CVE-2012-2879 | 2 Google, Opensuse | 2 Chrome, Opensuse | 2018-10-30 | 4.3 MEDIUM | N/A |
Google Chrome before 22.0.1229.79 allows remote attackers to cause a denial of service (DOM topology corruption) via a crafted document. | |||||
CVE-2011-3377 | 3 Canonical, Opensuse, Redhat | 3 Ubuntu Linux, Opensuse, Icedtea-web | 2018-10-30 | 4.3 MEDIUM | N/A |
The web browser plug-in in IcedTea-Web 1.0.x before 1.0.6 and 1.1.x before 1.1.4 allows remote attackers to bypass the Same Origin Policy (SOP) and execute arbitrary script or establish network connections to unintended hosts via an applet whose origin has the same second-level domain, but a different sub-domain than the targeted domain. | |||||
CVE-2011-3098 | 3 Google, Microsoft, Opensuse | 3 Chrome, Windows, Opensuse | 2018-10-30 | 7.2 HIGH | N/A |
Google Chrome before 19.0.1084.46 on Windows uses an incorrect search path for the Windows Media Player plug-in, which might allow local users to gain privileges via a Trojan horse plug-in in an unspecified directory. | |||||
CVE-2011-3079 | 3 Google, Mozilla, Opensuse | 6 Chrome, Firefox, Firefox Esr and 3 more | 2018-10-30 | 10.0 HIGH | N/A |
The Inter-process Communication (IPC) implementation in Google Chrome before 18.0.1025.168, as used in Mozilla Firefox before 38.0 and other products, does not properly validate messages, which has unspecified impact and attack vectors. | |||||
CVE-2011-2725 | 3 Canonical, Kde, Opensuse | 4 Ubuntu Linux, Ark, Kde Sc and 1 more | 2018-10-30 | 6.8 MEDIUM | N/A |
Directory traversal vulnerability in Ark 4.7.x and earlier allows remote attackers to delete and force the display of arbitrary files via .. (dot dot) sequences in a zip file. | |||||
CVE-2011-2198 | 3 Gnome, Opensuse, Oracle | 3 Gnome-terminal, Opensuse, Solaris | 2018-10-30 | 3.5 LOW | N/A |
The "insert-blank-characters" capability in caps.c in gnome-terminal (vte) before 0.28.1 allows remote authenticated users to cause a denial of service (CPU and memory consumption and crash) via a crafted file, as demonstrated by a file containing the string "\033[100000000000000000@". | |||||
CVE-2011-0468 | 1 Opensuse | 1 Opensuse | 2018-10-30 | 6.9 MEDIUM | N/A |
The aaa_base package before 11.3-8.9.1 in SUSE openSUSE 11.3, and before 11.4-54.62.1 in openSUSE 11.4, allows local users to gain privileges via shell metacharacters in a filename, related to tab expansion. | |||||
CVE-2011-0461 | 1 Opensuse | 1 Opensuse | 2018-10-30 | 6.3 MEDIUM | N/A |
/etc/init.d/boot.localfs in the aaa_base package before 11.2-43.48.1 in SUSE openSUSE 11.2, and before 11.3-8.7.1 in openSUSE 11.3, allows local users to overwrite arbitrary files via a symlink attack on /dev/shm/mtab. |