Filtered by vendor Opensuse
Subscribe
Total
3124 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-1546 | 3 Apple, Openldap, Opensuse | 3 Mac Os X, Openldap, Opensuse | 2024-02-04 | 5.0 MEDIUM | N/A |
| Double free vulnerability in the get_vrFilter function in servers/slapd/filter.c in OpenLDAP 2.4.40 allows remote attackers to cause a denial of service (crash) via a crafted search query with a matched values control. | |||||
| CVE-2014-9066 | 2 Opensuse, Xen | 2 Opensuse, Xen | 2024-02-04 | 4.7 MEDIUM | N/A |
| Xen 4.4.x and earlier, when using a large number of VCPUs, does not properly handle read and write locks, which allows local x86 guest users to cause a denial of service (write denial or NMI watchdog timeout and host crash) via a large number of read requests, a different vulnerability than CVE-2014-9065. | |||||
| CVE-2014-9220 | 3 Fedoraproject, Opensuse, Openvas | 3 Fedora, Opensuse, Openvas Manager | 2024-02-04 | 7.5 HIGH | N/A |
| SQL injection vulnerability in OpenVAS Manager before 4.0.6 and 5.x before 5.0.7 allows remote attackers to execute arbitrary SQL commands via the timezone parameter in a modify_schedule OMP command. | |||||
| CVE-2015-2157 | 5 Debian, Fedoraproject, Opensuse and 2 more | 5 Debian Linux, Fedora, Opensuse and 2 more | 2024-02-04 | 2.1 LOW | N/A |
| The (1) ssh2_load_userkey and (2) ssh2_save_userkey functions in PuTTY 0.51 through 0.63 do not properly wipe SSH-2 private keys from memory, which allows local users to obtain sensitive information by reading the memory. | |||||
| CVE-2014-3647 | 7 Canonical, Debian, Linux and 4 more | 7 Ubuntu Linux, Debian Linux, Linux Kernel and 4 more | 2024-02-04 | 1.9 LOW | 5.5 MEDIUM |
| arch/x86/kvm/emulate.c in the KVM subsystem in the Linux kernel through 3.17.2 does not properly perform RIP changes, which allows guest OS users to cause a denial of service (guest OS crash) via a crafted application. | |||||
| CVE-2015-2331 | 5 Debian, Fedoraproject, Nih and 2 more | 5 Debian Linux, Fedora, Libzip and 2 more | 2024-02-04 | 7.5 HIGH | N/A |
| Integer overflow in the _zip_cdir_new function in zip_dirent.c in libzip 0.11.2 and earlier, as used in the ZIP extension in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a ZIP archive that contains many entries, leading to a heap-based buffer overflow. | |||||
| CVE-2012-1095 | 1 Opensuse | 2 Opensuse, Osc | 2024-02-04 | 4.3 MEDIUM | N/A |
| osc before 0.134 might allow remote OBS repository servers or package maintainers to execute arbitrary commands via a crafted (1) build log or (2) build status that contains an escape sequence for a terminal emulator. | |||||
| CVE-2015-1210 | 7 Apple, Canonical, Google and 4 more | 11 Macos, Ubuntu Linux, Chrome and 8 more | 2024-02-04 | 5.0 MEDIUM | N/A |
| The V8ThrowException::createDOMException function in bindings/core/v8/V8ThrowException.cpp in the V8 bindings in Blink, as used in Google Chrome before 40.0.2214.111 on Windows, OS X, and Linux and before 40.0.2214.109 on Android, does not properly consider frame access restrictions during the throwing of an exception, which allows remote attackers to bypass the Same Origin Policy via a crafted web site. | |||||
| CVE-2014-9667 | 6 Canonical, Debian, Fedoraproject and 3 more | 11 Ubuntu Linux, Debian Linux, Fedora and 8 more | 2024-02-04 | 6.8 MEDIUM | N/A |
| sfnt/ttload.c in FreeType before 2.5.4 proceeds with offset+length calculations without restricting the values, which allows remote attackers to cause a denial of service (integer overflow and out-of-bounds read) or possibly have unspecified other impact via a crafted SFNT table. | |||||
| CVE-2014-2309 | 3 Linux, Opensuse, Suse | 3 Linux Kernel, Opensuse, Linux Enterprise Server | 2024-02-04 | 6.1 MEDIUM | N/A |
| The ip6_route_add function in net/ipv6/route.c in the Linux kernel through 3.13.6 does not properly count the addition of routes, which allows remote attackers to cause a denial of service (memory consumption) via a flood of ICMPv6 Router Advertisement packets. | |||||
| CVE-2014-7817 | 4 Canonical, Debian, Gnu and 1 more | 4 Ubuntu Linux, Debian Linux, Glibc and 1 more | 2024-02-04 | 4.6 MEDIUM | N/A |
| The wordexp function in GNU C Library (aka glibc) 2.21 does not enforce the WRDE_NOCMD flag, which allows context-dependent attackers to execute arbitrary commands, as demonstrated by input containing "$((`...`))". | |||||
| CVE-2014-7939 | 4 Chromium, Google, Opensuse and 1 more | 7 Chromium, Chrome, Opensuse and 4 more | 2024-02-04 | 4.3 MEDIUM | N/A |
| Google Chrome before 40.0.2214.91, when the Harmony proxy in Google V8 is enabled, allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code with Proxy.create and console.log calls, related to HTTP responses that lack an "X-Content-Type-Options: nosniff" header. | |||||
| CVE-2012-0871 | 2 Opensuse, Systemd Project | 2 Opensuse, Systemd | 2024-02-04 | 6.3 MEDIUM | N/A |
| The session_link_x11_socket function in login/logind-session.c in systemd-logind in systemd, possibly 37 and earlier, allows local users to create or overwrite arbitrary files via a symlink attack on the X11 user directory in /run/user/. | |||||
| CVE-2014-0483 | 2 Djangoproject, Opensuse | 2 Django, Opensuse | 2024-02-04 | 3.5 LOW | N/A |
| The administrative interface (contrib.admin) in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3 does not check if a field represents a relationship between models, which allows remote authenticated users to obtain sensitive information via a to_field parameter in a popup action to an admin change form page, as demonstrated by a /admin/auth/user/?pop=1&t=password URI. | |||||
| CVE-2014-3601 | 4 Canonical, Linux, Opensuse and 1 more | 6 Ubuntu Linux, Linux Kernel, Evergreen and 3 more | 2024-02-04 | 4.3 MEDIUM | N/A |
| The kvm_iommu_map_pages function in virt/kvm/iommu.c in the Linux kernel through 3.16.1 miscalculates the number of pages during the handling of a mapping failure, which allows guest OS users to (1) cause a denial of service (host OS memory corruption) or possibly have unspecified other impact by triggering a large gfn value or (2) cause a denial of service (host OS memory consumption) by triggering a small gfn value that leads to permanently pinned pages. | |||||
| CVE-2014-7942 | 5 Canonical, Chromium, Google and 2 more | 8 Ubuntu Linux, Chromium, Chrome and 5 more | 2024-02-04 | 7.5 HIGH | N/A |
| The Fonts implementation in Google Chrome before 40.0.2214.91 does not initialize memory for a data structure, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | |||||
| CVE-2014-3638 | 3 D-bus Project, Freedesktop, Opensuse | 3 D-bus, Dbus, Opensuse | 2024-02-04 | 2.1 LOW | N/A |
| The bus_connections_check_reply function in config-parser.c in D-Bus before 1.6.24 and 1.8.x before 1.8.8 allows local users to cause a denial of service (CPU consumption) via a large number of method calls. | |||||
| CVE-2014-5461 | 5 Canonical, Debian, Lua and 2 more | 5 Ubuntu Linux, Debian Linux, Lua and 2 more | 2024-02-04 | 5.0 MEDIUM | N/A |
| Buffer overflow in the vararg functions in ldo.c in Lua 5.1 through 5.2.x before 5.2.3 allows context-dependent attackers to cause a denial of service (crash) via a small number of arguments to a function with a large number of fixed arguments. | |||||
| CVE-2014-1518 | 7 Canonical, Debian, Fedoraproject and 4 more | 16 Ubuntu Linux, Debian Linux, Fedora and 13 more | 2024-02-04 | 9.3 HIGH | 8.8 HIGH |
| Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | |||||
| CVE-2014-6601 | 6 Canonical, Debian, Novell and 3 more | 8 Ubuntu Linux, Debian Linux, Suse Linux Enterprise Desktop and 5 more | 2024-02-04 | 10.0 HIGH | N/A |
| Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot. | |||||