Filtered by vendor Opensuse
Subscribe
Total
3285 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-2913 | 2 Nagios, Opensuse | 2 Remote Plugin Executor, Opensuse | 2025-04-12 | 7.5 HIGH | N/A |
| Incomplete blacklist vulnerability in nrpe.c in Nagios Remote Plugin Executor (NRPE) 2.15 and earlier allows remote attackers to execute arbitrary commands via a newline character in the -a option to libexec/check_nrpe. NOTE: this issue is disputed by multiple parties. It has been reported that the vendor allows newlines as "expected behavior." Also, this issue can only occur when the administrator enables the "dont_blame_nrpe" option in nrpe.conf despite the "HIGH security risk" warning within the comments | |||||
| CVE-2015-0560 | 2 Opensuse, Wireshark | 2 Opensuse, Wireshark | 2025-04-12 | 5.0 MEDIUM | N/A |
| The dissect_wccp2r1_address_table_info function in epan/dissectors/packet-wccp.c in the WCCP dissector in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 does not initialize certain data structures, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. | |||||
| CVE-2016-0646 | 6 Debian, Ibm, Mariadb and 3 more | 7 Debian Linux, Powerkvm, Mariadb and 4 more | 2025-04-12 | 4.0 MEDIUM | 5.5 MEDIUM |
| Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect availability via vectors related to DML. | |||||
| CVE-2014-9585 | 7 Canonical, Debian, Fedoraproject and 4 more | 19 Ubuntu Linux, Debian Linux, Fedora and 16 more | 2025-04-12 | 2.1 LOW | N/A |
| The vdso_addr function in arch/x86/vdso/vma.c in the Linux kernel through 3.18.2 does not properly choose memory locations for the vDSO area, which makes it easier for local users to bypass the ASLR protection mechanism by guessing a location at the end of a PMD. | |||||
| CVE-2015-5291 | 5 Arm, Debian, Fedoraproject and 2 more | 6 Mbed Tls, Debian Linux, Fedora and 3 more | 2025-04-12 | 6.8 MEDIUM | N/A |
| Heap-based buffer overflow in PolarSSL 1.x before 1.2.17 and ARM mbed TLS (formerly PolarSSL) 1.3.x before 1.3.14 and 2.x before 2.1.2 allows remote SSL servers to cause a denial of service (client crash) and possibly execute arbitrary code via a long hostname to the server name indication (SNI) extension, which is not properly handled when creating a ClientHello message. NOTE: this identifier has been SPLIT per ADT3 due to different affected version ranges. See CVE-2015-8036 for the session ticket issue that was introduced in 1.3.0. | |||||
| CVE-2015-0458 | 3 Novell, Opensuse, Oracle | 4 Suse Linux Enterprise Desktop, Opensuse, Jdk and 1 more | 2025-04-12 | 7.6 HIGH | N/A |
| Unspecified vulnerability in in Oracle Java SE 6u91, 7u76, and 8u40 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. | |||||
| CVE-2014-7943 | 5 Canonical, Chromium, Google and 2 more | 8 Ubuntu Linux, Chromium, Chrome and 5 more | 2025-04-12 | 5.0 MEDIUM | N/A |
| Skia, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. | |||||
| CVE-2015-0832 | 3 Canonical, Mozilla, Opensuse | 3 Ubuntu Linux, Firefox, Opensuse | 2025-04-12 | 5.0 MEDIUM | N/A |
| Mozilla Firefox before 36.0 does not properly recognize the equivalence of domain names with and without a trailing . (dot) character, which allows man-in-the-middle attackers to bypass the HPKP and HSTS protection mechanisms by constructing a URL with this character and leveraging access to an X.509 certificate for a domain with this character. | |||||
| CVE-2016-5701 | 2 Opensuse, Phpmyadmin | 3 Leap, Opensuse, Phpmyadmin | 2025-04-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| setup/frames/index.inc.php in phpMyAdmin 4.0.10.x before 4.0.10.16, 4.4.15.x before 4.4.15.7, and 4.6.x before 4.6.3 allows remote attackers to conduct BBCode injection attacks against HTTP sessions via a crafted URI. | |||||
| CVE-2016-2315 | 3 Git-scm, Opensuse, Suse | 8 Git, Leap, Opensuse and 5 more | 2025-04-12 | 10.0 HIGH | 9.8 CRITICAL |
| revision.c in git before 2.7.4 uses an incorrect integer data type, which allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, leading to a heap-based buffer overflow. | |||||
| CVE-2014-2977 | 3 Directfb, Opensuse, Suse | 6 Directfb, Opensuse, Linux Enterprise Desktop and 3 more | 2025-04-12 | 10.0 HIGH | N/A |
| Multiple integer signedness errors in the Dispatch_Write function in proxy/dispatcher/idirectfbsurface_dispatcher.c in DirectFB 1.4.13 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the Voodoo interface, which triggers a stack-based buffer overflow. | |||||
| CVE-2015-2191 | 4 Debian, Mageia, Opensuse and 1 more | 4 Debian Linux, Mageia, Opensuse and 1 more | 2025-04-12 | 5.0 MEDIUM | N/A |
| Integer overflow in the dissect_tnef function in epan/dissectors/packet-tnef.c in the TNEF dissector in Wireshark 1.10.x before 1.10.13 and 1.12.x before 1.12.4 allows remote attackers to cause a denial of service (infinite loop) via a crafted length field in a packet. | |||||
| CVE-2015-0778 | 3 Fedoraproject, Opensuse, Suse | 3 Fedora, Opensuse, Opensuse Osc | 2025-04-12 | 7.5 HIGH | N/A |
| osc before 0.151.0 allows remote attackers to execute arbitrary commands via shell metacharacters in a _service file. | |||||
| CVE-2015-5123 | 7 Adobe, Apple, Linux and 4 more | 12 Flash Player, Flash Player Desktop Runtime, Macos and 9 more | 2025-04-12 | 10.0 HIGH | 9.8 CRITICAL |
| Use-after-free vulnerability in the BitmapData class in the ActionScript 3 (AS3) implementation in Adobe Flash Player 13.x through 13.0.0.302 on Windows and OS X, 14.x through 18.0.0.203 on Windows and OS X, 11.x through 11.2.202.481 on Linux, and 12.x through 18.0.0.204 on Linux Chrome installations allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content that overrides a valueOf function, as exploited in the wild in July 2015. | |||||
| CVE-2015-0805 | 3 Canonical, Mozilla, Opensuse | 3 Ubuntu Linux, Firefox, Opensuse | 2025-04-12 | 7.5 HIGH | N/A |
| The Off Main Thread Compositing (OMTC) implementation in Mozilla Firefox before 37.0 makes an incorrect memset call during interaction with the mozilla::layers::BufferTextureClient::AllocateForSurface function, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors that trigger rendering of 2D graphics content. | |||||
| CVE-2016-1652 | 4 Debian, Google, Opensuse and 1 more | 4 Debian Linux, Chrome, Leap and 1 more | 2025-04-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the ModuleSystem::RequireForJsInner function in extensions/renderer/module_system.cc in the Extensions subsystem in Google Chrome before 50.0.2661.75 allows remote attackers to inject arbitrary web script or HTML via a crafted web site, aka "Universal XSS (UXSS)." | |||||
| CVE-2015-7575 | 3 Canonical, Mozilla, Opensuse | 5 Ubuntu Linux, Firefox, Network Security Services and 2 more | 2025-04-12 | 4.3 MEDIUM | 5.9 MEDIUM |
| Mozilla Network Security Services (NSS) before 3.20.2, as used in Mozilla Firefox before 43.0.2 and Firefox ESR 38.x before 38.5.2, does not reject MD5 signatures in Server Key Exchange messages in TLS 1.2 Handshake Protocol traffic, which makes it easier for man-in-the-middle attackers to spoof servers by triggering a collision. | |||||
| CVE-2014-0207 | 5 Christos Zoulas, Debian, Opensuse and 2 more | 5 File, Debian Linux, Opensuse and 2 more | 2025-04-12 | 4.3 MEDIUM | N/A |
| The cdf_read_short_sector function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted CDF file. | |||||
| CVE-2015-3164 | 2 Opensuse, X.org | 2 Opensuse, Xorg-server | 2025-04-12 | 3.6 LOW | N/A |
| The authentication setup in XWayland 1.16.x and 1.17.x before 1.17.2 starts the server in non-authenticating mode, which allows local users to read from or send information to arbitrary X11 clients via vectors involving a UNIX socket. | |||||
| CVE-2014-1500 | 5 Mozilla, Opensuse, Opensuse Project and 2 more | 8 Firefox, Seamonkey, Opensuse and 5 more | 2025-04-12 | 5.0 MEDIUM | N/A |
| Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote attackers to cause a denial of service (resource consumption and application hang) via onbeforeunload events that trigger background JavaScript execution. | |||||