Filtered by vendor Opensuse
Subscribe
Total
3131 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-5609 | 6 Canonical, Fedoraproject, Mozilla and 3 more | 17 Ubuntu Linux, Fedora, Firefox and 14 more | 2025-04-11 | 10.0 HIGH | 9.8 CRITICAL |
| Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | |||||
| CVE-2014-1489 | 6 Canonical, Mozilla, Opensuse and 3 more | 8 Ubuntu Linux, Firefox, Opensuse and 5 more | 2025-04-11 | 4.3 MEDIUM | N/A |
| Mozilla Firefox before 27.0 does not properly restrict access to about:home buttons by script on other pages, which allows user-assisted remote attackers to cause a denial of service (session restore) via a crafted web site. | |||||
| CVE-2012-6139 | 2 Opensuse, Xmlsoft | 2 Opensuse, Libxslt | 2025-04-11 | 5.0 MEDIUM | N/A |
| libxslt before 1.1.28 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an (1) empty match attribute in a XSL key to the xsltAddKey function in keys.c or (2) uninitialized variable to the xsltDocumentFunction function in functions.c. | |||||
| CVE-2013-0882 | 5 Apple, Google, Linux and 2 more | 5 Mac Os X, Chrome, Linux Kernel and 2 more | 2025-04-11 | 7.5 HIGH | N/A |
| Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service (incorrect memory access) or possibly have unspecified other impact via a large number of SVG parameters. | |||||
| CVE-2013-4115 | 2 Opensuse, Squid-cache | 2 Opensuse, Squid | 2025-04-11 | 7.5 HIGH | N/A |
| Buffer overflow in the idnsALookup function in dns_internal.cc in Squid 3.2 through 3.2.11 and 3.3 through 3.3.6 allows remote attackers to cause a denial of service (memory corruption and server termination) via a long name in a DNS lookup request. | |||||
| CVE-2012-5133 | 2 Google, Opensuse | 2 Chrome, Opensuse | 2025-04-11 | 7.5 HIGH | N/A |
| Use-after-free vulnerability in Google Chrome before 23.0.1271.91 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to SVG filters. | |||||
| CVE-2013-6671 | 6 Canonical, Fedoraproject, Mozilla and 3 more | 17 Ubuntu Linux, Fedora, Firefox and 14 more | 2025-04-11 | 10.0 HIGH | 9.8 CRITICAL |
| The nsGfxScrollFrameInner::IsLTR function in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary code via crafted use of JavaScript code for ordered list elements. | |||||
| CVE-2012-5829 | 6 Canonical, Debian, Mozilla and 3 more | 14 Ubuntu Linux, Debian Linux, Firefox and 11 more | 2025-04-11 | 9.3 HIGH | N/A |
| Heap-based buffer overflow in the nsWindow::OnExposeEvent function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code via unspecified vectors. | |||||
| CVE-2013-2765 | 3 Apache, Opensuse, Trustwave | 3 Http Server, Opensuse, Modsecurity | 2025-04-11 | 5.0 MEDIUM | N/A |
| The ModSecurity module before 2.7.4 for the Apache HTTP Server allows remote attackers to cause a denial of service (NULL pointer dereference, process crash, and disk consumption) via a POST request with a large body and a crafted Content-Type header. | |||||
| CVE-2013-1896 | 4 Apache, Canonical, Opensuse and 1 more | 10 Http Server, Ubuntu Linux, Opensuse and 7 more | 2025-04-11 | 4.3 MEDIUM | N/A |
| mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service (segmentation fault) via a MERGE request in which the URI is configured for handling by the mod_dav_svn module, but a certain href attribute in XML data refers to a non-DAV URI. | |||||
| CVE-2013-4124 | 5 Canonical, Fedoraproject, Opensuse and 2 more | 5 Ubuntu Linux, Fedora, Opensuse and 2 more | 2025-04-11 | 5.0 MEDIUM | N/A |
| Integer overflow in the read_nttrans_ea_list function in nttrans.c in smbd in Samba 3.x before 3.5.22, 3.6.x before 3.6.17, and 4.x before 4.0.8 allows remote attackers to cause a denial of service (memory consumption) via a malformed packet. | |||||
| CVE-2011-3043 | 3 Apple, Google, Opensuse | 5 Iphone Os, Itunes, Safari and 2 more | 2025-04-11 | 6.8 MEDIUM | N/A |
| Use-after-free vulnerability in Google Chrome before 17.0.963.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving a flexbox (aka flexible box) in conjunction with the floating of elements. | |||||
| CVE-2012-1970 | 6 Canonical, Debian, Mozilla and 3 more | 15 Ubuntu Linux, Debian Linux, Firefox and 12 more | 2025-04-11 | 10.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | |||||
| CVE-2013-4547 | 3 F5, Opensuse, Suse | 5 Nginx, Opensuse, Lifecycle Management Server and 2 more | 2025-04-11 | 7.5 HIGH | N/A |
| nginx 0.8.41 through 1.4.3 and 1.5.x before 1.5.7 allows remote attackers to bypass intended restrictions via an unescaped space character in a URI. | |||||
| CVE-2010-0205 | 7 Apple, Canonical, Debian and 4 more | 7 Mac Os X, Ubuntu Linux, Debian Linux and 4 more | 2025-04-11 | 4.3 MEDIUM | N/A |
| The png_decompress_chunk function in pngrutil.c in libpng 1.0.x before 1.0.53, 1.2.x before 1.2.43, and 1.4.x before 1.4.1 does not properly handle compressed ancillary-chunk data that has a disproportionately large uncompressed representation, which allows remote attackers to cause a denial of service (memory and CPU consumption, and application hang) via a crafted PNG file, as demonstrated by use of the deflate compression method on data composed of many occurrences of the same character, related to a "decompression bomb" attack. | |||||
| CVE-2014-0081 | 4 Opensuse, Opensuse Project, Redhat and 1 more | 6 Opensuse, Opensuse, Cloudforms and 3 more | 2025-04-11 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in actionview/lib/action_view/helpers/number_helper.rb in Ruby on Rails before 3.2.17, 4.0.x before 4.0.3, and 4.1.x before 4.1.0.beta2 allow remote attackers to inject arbitrary web script or HTML via the (1) format, (2) negative_format, or (3) units parameter to the (a) number_to_currency, (b) number_to_percentage, or (c) number_to_human helper. | |||||
| CVE-2013-3329 | 8 Adobe, Apple, Google and 5 more | 14 Adobe Air, Adobe Air Sdk, Flash Player and 11 more | 2025-04-11 | 10.0 HIGH | N/A |
| Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x; Adobe AIR before 3.7.0.1860; and Adobe AIR SDK & Compiler before 3.7.0.1860 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2728, CVE-2013-3324, CVE-2013-3325, CVE-2013-3326, CVE-2013-3327, CVE-2013-3328, CVE-2013-3330, CVE-2013-3331, CVE-2013-3332, CVE-2013-3333, CVE-2013-3334, and CVE-2013-3335. | |||||
| CVE-2010-2532 | 1 Opensuse | 1 Opensuse | 2025-04-11 | 7.2 HIGH | N/A |
| ** DISPUTED ** lxsession-logout in lxsession in LXDE, as used on SUSE openSUSE 11.3 and other platforms, does not lock the screen when the Suspend or Hibernate button is pressed, which might make it easier for physically proximate attackers to access an unattended laptop via a resume action. NOTE: there is no general agreement that this is a vulnerability, because separate control over locking can be an equally secure, or more secure, behavior in some threat environments. | |||||
| CVE-2012-5838 | 4 Canonical, Mozilla, Opensuse and 1 more | 9 Ubuntu Linux, Firefox, Seamonkey and 6 more | 2025-04-11 | 9.3 HIGH | N/A |
| The copyTexImage2D implementation in the WebGL subsystem in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via large image dimensions. | |||||
| CVE-2013-4288 | 4 Canonical, Opensuse, Polkit Project and 1 more | 4 Ubuntu Linux, Opensuse, Polkit and 1 more | 2025-04-11 | 7.2 HIGH | N/A |
| Race condition in PolicyKit (aka polkit) allows local users to bypass intended PolicyKit restrictions and gain privileges by starting a setuid or pkexec process before the authorization check is performed, related to (1) the polkit_unix_process_new API function, (2) the dbus API, or (3) the --process (unix-process) option for authorization to pkcheck. | |||||