Vulnerabilities (CVE)

Filtered by vendor Opensuse Subscribe
Total 3249 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2016-0753 4 Debian, Fedoraproject, Opensuse and 1 more 4 Debian Linux, Fedora, Leap and 1 more 2023-12-10 5.0 MEDIUM 5.3 MEDIUM
Active Model in Ruby on Rails 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 supports the use of instance-level writers for class accessors, which allows remote attackers to bypass intended validation steps via crafted parameters.
CVE-2015-7201 3 Fedoraproject, Mozilla, Opensuse 5 Fedora, Firefox, Firefox Esr and 2 more 2023-12-10 10.0 HIGH N/A
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
CVE-2016-2792 5 Mozilla, Opensuse, Oracle and 2 more 7 Firefox, Firefox Esr, Leap and 4 more 2023-12-10 6.8 MEDIUM 8.8 HIGH
The graphite2::Slot::getAttr function in Slot.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font, a different vulnerability than CVE-2016-2800.
CVE-2016-1690 5 Debian, Google, Opensuse and 2 more 8 Debian Linux, Chrome, Leap and 5 more 2023-12-10 5.1 MEDIUM 7.5 HIGH
The Autofill implementation in Google Chrome before 51.0.2704.63 mishandles the interaction between field updates and JavaScript code that triggers a frame deletion, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted web site, a different vulnerability than CVE-2016-1701.
CVE-2016-2798 5 Mozilla, Opensuse, Oracle and 2 more 7 Firefox, Firefox Esr, Leap and 4 more 2023-12-10 6.8 MEDIUM 8.8 HIGH
The graphite2::GlyphCache::Loader::Loader function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font.
CVE-2016-4124 8 Adobe, Apple, Google and 5 more 14 Flash Player, Flash Player Desktop Runtime, Mac Os X and 11 more 2023-12-10 9.3 HIGH 8.8 HIGH
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.
CVE-2015-2709 3 Mozilla, Novell, Opensuse 5 Firefox, Suse Linux Enterprise Desktop, Suse Linux Enterprise Server and 2 more 2023-12-10 7.5 HIGH N/A
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 38.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
CVE-2016-4143 8 Adobe, Apple, Google and 5 more 16 Flash Player, Flash Player Desktop Runtime, Macos and 13 more 2023-12-10 9.3 HIGH 8.8 HIGH
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.
CVE-2016-0502 3 Mariadb, Opensuse, Oracle 4 Mariadb, Leap, Opensuse and 1 more 2023-12-10 4.0 MEDIUM 6.5 MEDIUM
Unspecified vulnerability in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.
CVE-2015-4492 4 Canonical, Mozilla, Opensuse and 1 more 5 Ubuntu Linux, Firefox, Firefox Esr and 2 more 2023-12-10 7.5 HIGH N/A
Use-after-free vulnerability in the XMLHttpRequest::Open implementation in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 might allow remote attackers to execute arbitrary code via a SharedWorker object that makes recursive calls to the open method of an XMLHttpRequest object.
CVE-2016-4151 8 Adobe, Apple, Google and 5 more 14 Flash Player, Flash Player Desktop Runtime, Mac Os X and 11 more 2023-12-10 9.3 HIGH 8.8 HIGH
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.
CVE-2014-9770 1 Opensuse 1 Opensuse 2023-12-10 2.1 LOW 3.3 LOW
tmpfiles.d/systemd.conf in systemd before 214 uses weak permissions for journal files under (1) /run/log/journal/%m and (2) /var/log/journal/%m, which allows local users to obtain sensitive information by reading these files.
CVE-2016-1701 5 Debian, Google, Opensuse and 2 more 8 Debian Linux, Chrome, Leap and 5 more 2023-12-10 6.8 MEDIUM 8.8 HIGH
The Autofill implementation in Google Chrome before 51.0.2704.79 mishandles the interaction between field updates and JavaScript code that triggers a frame deletion, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted web site, a different vulnerability than CVE-2016-1690.
CVE-2015-4480 3 Canonical, Mozilla, Opensuse 4 Ubuntu Linux, Firefox, Firefox Esr and 1 more 2023-12-10 9.3 HIGH N/A
Integer overflow in the stagefright::SampleTable::isValid function in libstagefright in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allows remote attackers to execute arbitrary code via crafted MPEG-4 video data with H.264 encoding.
CVE-2016-1698 5 Debian, Google, Opensuse and 2 more 8 Debian Linux, Chrome, Leap and 5 more 2023-12-10 4.3 MEDIUM 6.5 MEDIUM
The createCustomType function in extensions/renderer/resources/binding.js in the extension bindings in Google Chrome before 51.0.2704.79 does not validate module types, which might allow attackers to load arbitrary modules or obtain sensitive information by leveraging a poisoned definition.
CVE-2015-7552 1 Opensuse 1 Opensuse 2023-12-10 9.3 HIGH 7.8 HIGH
Heap-based buffer overflow in the gdk_pixbuf_flip function in gdk-pixbuf-scale.c in gdk-pixbuf 2.30.x allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted BMP file.
CVE-2016-1930 3 Mozilla, Opensuse, Oracle 5 Firefox, Firefox Esr, Leap and 2 more 2023-12-10 10.0 HIGH 9.8 CRITICAL
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 44.0 and Firefox ESR 38.x before 38.6 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
CVE-2016-2801 5 Mozilla, Opensuse, Oracle and 2 more 7 Firefox, Firefox Esr, Leap and 4 more 2023-12-10 6.8 MEDIUM 8.8 HIGH
The graphite2::TtfUtil::CmapSubtable12Lookup function in TtfUtil.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font, a different vulnerability than CVE-2016-2797.
CVE-2015-7217 4 Fedoraproject, Gnome, Mozilla and 1 more 5 Fedora, Gnome, Firefox and 2 more 2023-12-10 4.3 MEDIUM N/A
The gdk-pixbuf configuration in Mozilla Firefox before 43.0 on Linux GNOME platforms incorrectly enables the TGA decoder, which allows remote attackers to cause a denial of service (heap-based buffer overflow) via a crafted Truevision TGA image.
CVE-2015-8842 1 Opensuse 1 Opensuse 2023-12-10 2.1 LOW 3.3 LOW
tmpfiles.d/systemd.conf in systemd before 229 uses weak permissions for /var/log/journal/%m/system.journal, which allows local users to obtain sensitive information by reading the file.