Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Opensuse
(Opensuse)Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2013-11-23 | CVE-2013-6858 | Multiple cross-site scripting (XSS) vulnerabilities in OpenStack Dashboard (Horizon) 2013.2 and earlier allow local users to inject arbitrary web script or HTML via an instance name to (1) "Volumes" or (2) "Network Topology" page. | Ubuntu_linux, Horizon, Opensuse | N/A | ||
2013-11-20 | CVE-2013-4560 | Use-after-free vulnerability in lighttpd before 1.4.33 allows remote attackers to cause a denial of service (segmentation fault and crash) via unspecified vectors that trigger FAMMonitorDirectory failures. | Debian_linux, Lighttpd, Opensuse | N/A | ||
2011-03-02 | CVE-2011-0762 | The vsf_filename_passes_filter function in ls.c in vsftpd before 2.3.3 allows remote authenticated users to cause a denial of service (CPU consumption and process slot exhaustion) via crafted glob expressions in STAT commands in multiple FTP sessions, a different vulnerability than CVE-2010-2632. | Ubuntu_linux, Debian_linux, Fedora, Opensuse, Linux_enterprise_server, Vsftpd | N/A | ||
2014-03-14 | CVE-2014-2323 | SQL injection vulnerability in mod_mysql_vhost.c in lighttpd before 1.4.35 allows remote attackers to execute arbitrary SQL commands via the host name, related to request_check_hostname. | Debian_linux, Lighttpd, Opensuse, Linux_enterprise_high_availability_extension, Linux_enterprise_software_development_kit | 9.8 | ||
2013-11-20 | CVE-2013-4559 | lighttpd before 1.4.33 does not check the return value of the (1) setuid, (2) setgid, or (3) setgroups functions, which might cause lighttpd to run as root if it is restarted and allows remote attackers to gain privileges, as demonstrated by multiple calls to the clone function that cause setuid to fail when the user process limit is reached. | Debian_linux, Lighttpd, Opensuse | N/A | ||
2013-11-08 | CVE-2013-4508 | lighttpd before 1.4.34, when SNI is enabled, configures weak SSL ciphers, which makes it easier for remote attackers to hijack sessions by inserting packets into the client-server data stream or obtain sensitive information by sniffing the network. | Debian_linux, Lighttpd, Opensuse | 7.5 | ||
2014-03-14 | CVE-2014-2324 | Multiple directory traversal vulnerabilities in (1) mod_evhost and (2) mod_simple_vhost in lighttpd before 1.4.35 allow remote attackers to read arbitrary files via a .. (dot dot) in the host name, related to request_check_hostname. | Sv\-Cpt\-Mc310_firmware, Debian_linux, Lighttpd, Opensuse, Linux_enterprise_high_availability_extension, Linux_enterprise_software_development_kit | N/A | ||
2013-04-25 | CVE-2013-1915 | ModSecurity before 2.7.3 allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via an XML external entity declaration in conjunction with an entity reference, aka an XML External Entity (XXE) vulnerability. | Debian_linux, Fedora, Opensuse, Modsecurity | N/A | ||
2012-12-28 | CVE-2012-4528 | The mod_security2 module before 2.7.0 for the Apache HTTP Server allows remote attackers to bypass rules, and deliver arbitrary POST data to a PHP application, via a multipart request in which an invalid part precedes the crafted data. | Fedora, Opensuse, Modsecurity | N/A | ||
2012-07-22 | CVE-2009-5031 | ModSecurity before 2.5.11 treats request parameter values containing single quotes as files, which allows remote attackers to bypass filtering rules and perform other attacks such as cross-site scripting (XSS) attacks via a single quote in a request parameter in the Content-Disposition field of a request with a multipart/form-data Content-Type header. | Opensuse, Modsecurity | N/A |