Filtered by vendor Suse
Subscribe
Total
1183 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-2808 | 9 Canonical, Debian, Fujitsu and 6 more | 99 Ubuntu Linux, Debian Linux, Sparc Enterprise M3000 and 96 more | 2025-04-12 | 5.0 MEDIUM | N/A |
| The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic that occasionally relies on keys affected by the Invariance Weakness, and then using a brute-force approach involving LSB values, aka the "Bar Mitzvah" issue. | |||||
| CVE-2016-1656 | 3 Google, Opensuse, Suse | 4 Android, Chrome, Leap and 1 more | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
| The download implementation in Google Chrome before 50.0.2661.75 on Android allows remote attackers to bypass intended pathname restrictions via unspecified vectors. | |||||
| CVE-2015-4000 | 12 Apple, Canonical, Debian and 9 more | 25 Iphone Os, Mac Os X, Safari and 22 more | 2025-04-12 | 4.3 MEDIUM | 3.7 LOW |
| The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue. | |||||
| CVE-2014-3687 | 8 Canonical, Debian, Linux and 5 more | 12 Ubuntu Linux, Debian Linux, Linux Kernel and 9 more | 2025-04-12 | 7.8 HIGH | 7.5 HIGH |
| The sctp_assoc_lookup_asconf_ack function in net/sctp/associola.c in the SCTP implementation in the Linux kernel through 3.17.2 allows remote attackers to cause a denial of service (panic) via duplicate ASCONF chunks that trigger an incorrect uncork within the side-effect interpreter. | |||||
| CVE-2016-2792 | 5 Mozilla, Opensuse, Oracle and 2 more | 6 Firefox, Leap, Opensuse and 3 more | 2025-04-12 | 6.8 MEDIUM | 8.8 HIGH |
| The graphite2::Slot::getAttr function in Slot.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font, a different vulnerability than CVE-2016-2800. | |||||
| CVE-2016-4136 | 8 Adobe, Apple, Google and 5 more | 16 Flash Player, Flash Player Desktop Runtime, Macos and 13 more | 2025-04-12 | 9.3 HIGH | 8.8 HIGH |
| Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083. | |||||
| CVE-2015-0484 | 3 Opensuse, Oracle, Suse | 5 Opensuse, Javafx, Jdk and 2 more | 2025-04-12 | 6.8 MEDIUM | N/A |
| Unspecified vulnerability in Oracle Java SE 7u76 and 8u40, and Java FX 2.2.76, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2015-0492. | |||||
| CVE-2016-1659 | 5 Canonical, Debian, Google and 2 more | 5 Ubuntu Linux, Debian Linux, Chrome and 2 more | 2025-04-12 | 10.0 HIGH | 9.8 CRITICAL |
| Multiple unspecified vulnerabilities in Google Chrome before 50.0.2661.75 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | |||||
| CVE-2015-3038 | 7 Adobe, Apple, Linux and 4 more | 11 Flash Player, Mac Os X, Linux Kernel and 8 more | 2025-04-12 | 10.0 HIGH | N/A |
| Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0347, CVE-2015-0350, CVE-2015-0352, CVE-2015-0353, CVE-2015-0354, CVE-2015-0355, CVE-2015-0360, CVE-2015-3041, CVE-2015-3042, and CVE-2015-3043. | |||||
| CVE-2015-8808 | 3 Fedoraproject, Graphicsmagick, Suse | 5 Fedora, Graphicsmagick, Linux Enterprise Debuginfo and 2 more | 2025-04-12 | 4.3 MEDIUM | 5.5 MEDIUM |
| The DecodeImage function in coders/gif.c in GraphicsMagick 1.3.18 allows remote attackers to cause a denial of service (uninitialized memory access) via a crafted GIF file. | |||||
| CVE-2015-0354 | 7 Adobe, Apple, Linux and 4 more | 11 Flash Player, Mac Os X, Linux Kernel and 8 more | 2025-04-12 | 10.0 HIGH | N/A |
| Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0347, CVE-2015-0350, CVE-2015-0352, CVE-2015-0353, CVE-2015-0355, CVE-2015-0360, CVE-2015-3038, CVE-2015-3041, CVE-2015-3042, and CVE-2015-3043. | |||||
| CVE-2014-1498 | 5 Mozilla, Opensuse, Opensuse Project and 2 more | 8 Firefox, Seamonkey, Opensuse and 5 more | 2025-04-12 | 5.0 MEDIUM | N/A |
| The crypto.generateCRMFRequest method in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 does not properly validate a certain key type, which allows remote attackers to cause a denial of service (application crash) via vectors that trigger generation of a key that supports the Elliptic Curve ec-dual-use algorithm. | |||||
| CVE-2014-8134 | 5 Canonical, Linux, Opensuse and 2 more | 6 Ubuntu Linux, Linux Kernel, Evergreen and 3 more | 2025-04-12 | 1.9 LOW | 3.3 LOW |
| The paravirt_ops_setup function in arch/x86/kernel/kvm.c in the Linux kernel through 3.18 uses an improper paravirt_enabled setting for KVM guest kernels, which makes it easier for guest OS users to bypass the ASLR protection mechanism via a crafted application that reads a 16-bit value. | |||||
| CVE-2015-6855 | 6 Arista, Canonical, Debian and 3 more | 7 Eos, Ubuntu Linux, Debian Linux and 4 more | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
| hw/ide/core.c in QEMU does not properly restrict the commands accepted by an ATAPI device, which allows guest users to cause a denial of service or possibly have unspecified other impact via certain IDE commands, as demonstrated by a WIN_READ_NATIVE_MAX command to an empty drive, which triggers a divide-by-zero error and instance crash. | |||||
| CVE-2014-3647 | 7 Canonical, Debian, Linux and 4 more | 7 Ubuntu Linux, Debian Linux, Linux Kernel and 4 more | 2025-04-12 | 1.9 LOW | 5.5 MEDIUM |
| arch/x86/kvm/emulate.c in the KVM subsystem in the Linux kernel through 3.17.2 does not properly perform RIP changes, which allows guest OS users to cause a denial of service (guest OS crash) via a crafted application. | |||||
| CVE-2015-5707 | 4 Canonical, Debian, Linux and 1 more | 5 Ubuntu Linux, Debian Linux, Linux Kernel and 2 more | 2025-04-12 | 4.6 MEDIUM | N/A |
| Integer overflow in the sg_start_req function in drivers/scsi/sg.c in the Linux kernel 2.6.x through 4.x before 4.1 allows local users to cause a denial of service or possibly have unspecified other impact via a large iov_count value in a write request. | |||||
| CVE-2016-4150 | 8 Adobe, Apple, Google and 5 more | 14 Flash Player, Flash Player Desktop Runtime, Mac Os X and 11 more | 2025-04-12 | 9.3 HIGH | 8.8 HIGH |
| Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083. | |||||
| CVE-2016-1683 | 7 Canonical, Debian, Google and 4 more | 10 Ubuntu Linux, Debian Linux, Chrome and 7 more | 2025-04-12 | 5.1 MEDIUM | 7.5 HIGH |
| numbers.c in libxslt before 1.1.29, as used in Google Chrome before 51.0.2704.63, mishandles namespace nodes, which allows remote attackers to cause a denial of service (out-of-bounds heap memory access) or possibly have unspecified other impact via a crafted document. | |||||
| CVE-2015-0352 | 7 Adobe, Apple, Linux and 4 more | 11 Flash Player, Mac Os X, Linux Kernel and 8 more | 2025-04-12 | 10.0 HIGH | N/A |
| Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0347, CVE-2015-0350, CVE-2015-0353, CVE-2015-0354, CVE-2015-0355, CVE-2015-0360, CVE-2015-3038, CVE-2015-3041, CVE-2015-3042, and CVE-2015-3043. | |||||
| CVE-2016-4141 | 8 Adobe, Apple, Google and 5 more | 16 Flash Player, Flash Player Desktop Runtime, Macos and 13 more | 2025-04-12 | 9.3 HIGH | 8.8 HIGH |
| Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083. | |||||