Vulnerabilities (CVE)

Filtered by vendor Opensuse Subscribe
Total 3285 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2015-1284 3 Google, Opensuse, Redhat 5 Chrome, Opensuse, Enterprise Linux Desktop Supplementary and 2 more 2025-04-12 7.5 HIGH N/A
The LocalFrame::isURLAllowed function in core/frame/LocalFrame.cpp in Blink, as used in Google Chrome before 44.0.2403.89, does not properly check for a page's maximum number of frames, which allows remote attackers to cause a denial of service (invalid count value and use-after-free) or possibly have unspecified other impact via crafted JavaScript code that makes many createElement calls for IFRAME elements.
CVE-2016-5163 2 Google, Opensuse 2 Chrome, Leap 2025-04-12 4.3 MEDIUM 4.3 MEDIUM
The bidirectional-text implementation in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not ensure left-to-right (LTR) rendering of URLs, which allows remote attackers to spoof the address bar via crafted right-to-left (RTL) Unicode text, related to omnibox/SuggestionView.java and omnibox/UrlBar.java in Chrome for Android.
CVE-2016-0611 4 Canonical, Opensuse, Oracle and 1 more 5 Ubuntu Linux, Leap, Opensuse and 2 more 2025-04-12 4.0 MEDIUM N/A
Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier and 5.7.9 allows remote authenticated users to affect availability via unknown vectors related to Optimizer.
CVE-2016-4156 8 Adobe, Apple, Google and 5 more 16 Flash Player, Flash Player Desktop Runtime, Macos and 13 more 2025-04-12 9.3 HIGH 8.8 HIGH
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.
CVE-2014-2270 5 Canonical, Debian, File Project and 2 more 5 Ubuntu Linux, Debian Linux, File and 2 more 2025-04-12 4.3 MEDIUM N/A
softmagic.c in file before 5.17 and libmagic allows context-dependent attackers to cause a denial of service (out-of-bounds memory access and crash) via crafted offsets in the softmagic of a PE executable.
CVE-2014-1518 7 Canonical, Debian, Fedoraproject and 4 more 16 Ubuntu Linux, Debian Linux, Fedora and 13 more 2025-04-12 9.3 HIGH 8.8 HIGH
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
CVE-2014-3528 5 Apache, Apple, Canonical and 2 more 9 Subversion, Xcode, Ubuntu Linux and 6 more 2025-04-12 4.0 MEDIUM N/A
Apache Subversion 1.0.0 through 1.7.x before 1.7.17 and 1.8.x before 1.8.10 uses an MD5 hash of the URL and authentication realm to store cached credentials, which makes it easier for remote servers to obtain the credentials via a crafted authentication realm.
CVE-2016-2801 5 Mozilla, Opensuse, Oracle and 2 more 6 Firefox, Leap, Opensuse and 3 more 2025-04-12 6.8 MEDIUM 8.8 HIGH
The graphite2::TtfUtil::CmapSubtable12Lookup function in TtfUtil.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font, a different vulnerability than CVE-2016-2797.
CVE-2016-1653 5 Canonical, Debian, Google and 2 more 5 Ubuntu Linux, Debian Linux, Chrome and 2 more 2025-04-12 9.3 HIGH 8.8 HIGH
The LoadBuffer implementation in Google V8, as used in Google Chrome before 50.0.2661.75, mishandles data types, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that triggers an out-of-bounds write operation, related to compiler/pipeline.cc and compiler/simplified-lowering.cc.
CVE-2016-3714 5 Canonical, Debian, Imagemagick and 2 more 6 Ubuntu Linux, Debian Linux, Imagemagick and 3 more 2025-04-12 10.0 HIGH 8.4 HIGH
The (1) EPHEMERAL, (2) HTTPS, (3) MVG, (4) MSL, (5) TEXT, (6) SHOW, (7) WIN, and (8) PLT coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to execute arbitrary code via shell metacharacters in a crafted image, aka "ImageTragick."
CVE-2016-1698 5 Debian, Google, Opensuse and 2 more 8 Debian Linux, Chrome, Leap and 5 more 2025-04-12 4.3 MEDIUM 6.5 MEDIUM
The createCustomType function in extensions/renderer/resources/binding.js in the extension bindings in Google Chrome before 51.0.2704.79 does not validate module types, which might allow attackers to load arbitrary modules or obtain sensitive information by leveraging a poisoned definition.
CVE-2016-3706 2 Gnu, Opensuse 2 Glibc, Opensuse 2025-04-12 5.0 MEDIUM 7.5 HIGH
Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in the GNU C Library (aka glibc or libc6) allows remote attackers to cause a denial of service (crash) via vectors involving hostent conversion. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4458.
CVE-2015-4141 2 Opensuse, W1.fi 3 Opensuse, Hostapd, Wpa Supplicant 2025-04-12 4.3 MEDIUM N/A
The WPS UPnP function in hostapd, when using WPS AP, and wpa_supplicant, when using WPS external registrar (ER), 0.7.0 through 2.4 allows remote attackers to cause a denial of service (crash) via a negative chunk length, which triggers an out-of-bounds read or heap-based buffer overflow.
CVE-2014-8154 2 Gnome, Opensuse 2 Vala, Opensuse 2025-04-12 7.5 HIGH N/A
The Gst.MapInfo function in Vala 0.26.0 and 0.26.1 uses an incorrect buffer length declaration for the Gstreamer bindings, which allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via unspecified vectors, which trigger a heap-based buffer overflow.
CVE-2015-8041 2 Opensuse, W1.fi 3 Opensuse, Hostapd, Wpa Supplicant 2025-04-12 5.0 MEDIUM N/A
Multiple integer overflows in the NDEF record parser in hostapd before 2.5 and wpa_supplicant before 2.5 allow remote attackers to cause a denial of service (process crash or infinite loop) via a large payload length field value in an (1) WPS or (2) P2P NFC NDEF record, which triggers an out-of-bounds read.
CVE-2012-0871 2 Opensuse, Systemd Project 2 Opensuse, Systemd 2025-04-12 6.3 MEDIUM N/A
The session_link_x11_socket function in login/logind-session.c in systemd-logind in systemd, possibly 37 and earlier, allows local users to create or overwrite arbitrary files via a symlink attack on the X11 user directory in /run/user/.
CVE-2016-4538 3 Fedoraproject, Opensuse, Php 3 Fedora, Leap, Php 2025-04-12 7.5 HIGH 9.8 CRITICAL
The bcpowmod function in ext/bcmath/bcmath.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 modifies certain data structures without considering whether they are copies of the _zero_, _one_, or _two_ global variable, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted call.
CVE-2016-1897 3 Canonical, Ffmpeg, Opensuse 3 Ubuntu Linux, Ffmpeg, Leap 2025-04-12 4.3 MEDIUM 5.5 MEDIUM
FFmpeg 2.x allows remote attackers to conduct cross-origin attacks and read arbitrary files by using the concat protocol in an HTTP Live Streaming (HLS) M3U8 file, leading to an external HTTP request in which the URL string contains the first line of a local file.
CVE-2016-5118 7 Canonical, Debian, Graphicsmagick and 4 more 14 Ubuntu Linux, Debian Linux, Graphicsmagick and 11 more 2025-04-12 10.0 HIGH 9.8 CRITICAL
The OpenBlob function in blob.c in GraphicsMagick before 1.3.24 and ImageMagick allows remote attackers to execute arbitrary code via a | (pipe) character at the start of a filename.
CVE-2016-1655 5 Canonical, Debian, Google and 2 more 5 Ubuntu Linux, Debian Linux, Chrome and 2 more 2025-04-12 6.8 MEDIUM 8.8 HIGH
Google Chrome before 50.0.2661.75 does not properly consider that frame removal may occur during callback execution, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted extension.