Vulnerabilities (CVE)

Filtered by vendor Opensuse Subscribe
Total 3285 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2015-8551 4 Debian, Linux, Opensuse and 1 more 8 Debian Linux, Linux Kernel, Opensuse and 5 more 2025-04-12 4.7 MEDIUM 6.0 MEDIUM
The PCI backend driver in Xen, when running on an x86 system and using Linux 3.1.x through 4.3.x as the driver domain, allows local guest administrators to hit BUG conditions and cause a denial of service (NULL pointer dereference and host OS crash) by leveraging a system with access to a passed-through MSI or MSI-X capable physical PCI device and a crafted sequence of XEN_PCI_OP_* operations, aka "Linux pciback missing sanity checks."
CVE-2014-8148 2 Midgard-project, Opensuse 2 Midgard2, Opensuse 2025-04-12 7.2 HIGH N/A
The default D-Bus access control rule in Midgard2 10.05.7.1 allows local users to send arbitrary method calls or signals to any process on the system bus and possibly execute arbitrary code with root privileges.
CVE-2014-8132 5 Canonical, Debian, Fedoraproject and 2 more 5 Ubuntu Linux, Debian Linux, Fedora and 2 more 2025-04-12 5.0 MEDIUM N/A
Double free vulnerability in the ssh_packet_kexinit function in kex.c in libssh 0.5.x and 0.6.x before 0.6.4 allows remote attackers to cause a denial of service via a crafted kexinit packet.
CVE-2016-2829 3 Canonical, Mozilla, Opensuse 4 Ubuntu Linux, Firefox, Leap and 1 more 2025-04-12 4.3 MEDIUM 6.5 MEDIUM
Mozilla Firefox before 47.0 allows remote attackers to spoof permission notifications via a crafted web site that rapidly triggers permission requests, as demonstrated by the microphone permission or the geolocation permission.
CVE-2015-7212 3 Fedoraproject, Mozilla, Opensuse 4 Fedora, Firefox, Leap and 1 more 2025-04-12 7.5 HIGH N/A
Integer overflow in the mozilla::layers::BufferTextureClient::AllocateForSurface function in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allows remote attackers to execute arbitrary code by triggering a graphics operation that requires a large texture allocation.
CVE-2014-9661 6 Canonical, Debian, Fedoraproject and 3 more 11 Ubuntu Linux, Debian Linux, Fedora and 8 more 2025-04-12 7.5 HIGH N/A
type42/t42parse.c in FreeType before 2.5.4 does not consider that scanning can be incomplete without triggering an error, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted Type42 font.
CVE-2015-0412 6 Canonical, Debian, Novell and 3 more 8 Ubuntu Linux, Debian Linux, Suse Linux Enterprise Desktop and 5 more 2025-04-12 7.2 HIGH N/A
Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAX-WS.
CVE-2015-4116 2 Opensuse, Php 2 Leap, Php 2025-04-12 7.5 HIGH 9.8 CRITICAL
Use-after-free vulnerability in the spl_ptr_heap_insert function in ext/spl/spl_heap.c in PHP before 5.5.27 and 5.6.x before 5.6.11 allows remote attackers to execute arbitrary code by triggering a failed SplMinHeap::compare operation.
CVE-2014-1524 7 Canonical, Debian, Fedoraproject and 4 more 16 Ubuntu Linux, Debian Linux, Fedora and 13 more 2025-04-12 7.5 HIGH 9.8 CRITICAL
The nsXBLProtoImpl::InstallImplementation function in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 does not properly check whether objects are XBL objects, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow) via crafted JavaScript code that accesses a non-XBL object as if it were an XBL object.
CVE-2016-1685 5 Debian, Google, Opensuse and 2 more 8 Debian Linux, Chrome, Leap and 5 more 2025-04-12 4.3 MEDIUM 6.5 MEDIUM
core/fxge/ge/fx_ge_text.cpp in PDFium, as used in Google Chrome before 51.0.2704.63, miscalculates certain index values, which allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PDF document.
CVE-2014-2525 2 Opensuse, Pyyaml 3 Leap, Opensuse, Libyaml 2025-04-12 6.8 MEDIUM N/A
Heap-based buffer overflow in the yaml_parser_scan_uri_escapes function in LibYAML before 0.1.6 allows context-dependent attackers to execute arbitrary code via a long sequence of percent-encoded characters in a URI in a YAML file.
CVE-2015-0383 7 Canonical, Debian, Fedoraproject and 4 more 10 Ubuntu Linux, Debian Linux, Fedora and 7 more 2025-04-12 5.4 MEDIUM N/A
Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25; Java SE Embedded 7u71 and 8u6; and JRockit R27.8.4 and R28.3.4 allows local users to affect integrity and availability via unknown vectors related to Hotspot.
CVE-2016-1688 6 Canonical, Debian, Google and 3 more 10 Ubuntu Linux, Debian Linux, Chrome and 7 more 2025-04-12 4.3 MEDIUM 6.5 MEDIUM
The regexp (aka regular expression) implementation in Google V8 before 5.0.71.40, as used in Google Chrome before 51.0.2704.63, mishandles external string sizes, which allows remote attackers to cause a denial of service (out-of-bounds read) via crafted JavaScript code.
CVE-2016-4544 4 Debian, Fedoraproject, Opensuse and 1 more 5 Debian Linux, Fedora, Leap and 2 more 2025-04-12 7.5 HIGH 9.8 CRITICAL
The exif_process_TIFF_in_JPEG function in ext/exif/exif.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 does not validate TIFF start data, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via crafted header data.
CVE-2016-2313 2 Cacti, Opensuse 3 Cacti, Leap, Opensuse 2025-04-12 6.5 MEDIUM 8.8 HIGH
auth_login.php in Cacti before 0.8.8g allows remote authenticated users who use web authentication to bypass intended access restrictions by logging in as a user not in the cacti database.
CVE-2016-1658 4 Debian, Google, Novell and 1 more 4 Debian Linux, Chrome, Suse Package Hub For Suse Linux Enterprise and 1 more 2025-04-12 4.3 MEDIUM 4.3 MEDIUM
The Extensions subsystem in Google Chrome before 50.0.2661.75 incorrectly relies on GetOrigin method calls for origin comparisons, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted extension.
CVE-2016-4134 8 Adobe, Apple, Google and 5 more 16 Flash Player, Flash Player Desktop Runtime, Macos and 13 more 2025-04-12 9.3 HIGH 8.8 HIGH
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.
CVE-2015-7645 7 Adobe, Apple, Linux and 4 more 13 Flash Player, Mac Os X, Linux Kernel and 10 more 2025-04-12 9.3 HIGH 7.8 HIGH
Adobe Flash Player 18.x through 18.0.0.252 and 19.x through 19.0.0.207 on Windows and OS X and 11.x through 11.2.202.535 on Linux allows remote attackers to execute arbitrary code via a crafted SWF file, as exploited in the wild in October 2015.
CVE-2016-1938 2 Mozilla, Opensuse 4 Firefox, Nss, Leap and 1 more 2025-04-12 6.4 MEDIUM 6.5 MEDIUM
The s_mp_div function in lib/freebl/mpi/mpi.c in Mozilla Network Security Services (NSS) before 3.21, as used in Mozilla Firefox before 44.0, improperly divides numbers, which might make it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging use of the (1) mp_div or (2) mp_exptmod function.
CVE-2016-7422 3 Opensuse, Qemu, Redhat 5 Leap, Qemu, Enterprise Linux and 2 more 2025-04-12 2.1 LOW 6.0 MEDIUM
The virtqueue_map_desc function in hw/virtio/virtio.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (NULL pointer dereference and QEMU process crash) via a large I/O descriptor buffer length value.