Filtered by vendor Opensuse
Subscribe
Total
3251 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2014-2323 | 4 Debian, Lighttpd, Opensuse and 1 more | 5 Debian Linux, Lighttpd, Opensuse and 2 more | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
SQL injection vulnerability in mod_mysql_vhost.c in lighttpd before 1.4.35 allows remote attackers to execute arbitrary SQL commands via the host name, related to request_check_hostname. | |||||
CVE-2014-0250 | 2 Freerdp, Opensuse | 2 Freerdp, Opensuse | 2023-12-10 | 7.5 HIGH | N/A |
Multiple integer overflows in client/X11/xf_graphics.c in FreeRDP allow remote attackers to have an unspecified impact via the width and height to the (1) xf_Pointer_New or (2) xf_Bitmap_Decompress function, which causes an incorrect amount of memory to be allocated. | |||||
CVE-2013-6646 | 6 Apple, Debian, Google and 3 more | 6 Mac Os X, Debian Linux, Chrome and 3 more | 2023-12-10 | 7.5 HIGH | N/A |
Use-after-free vulnerability in the Web Workers implementation in Google Chrome before 32.0.1700.76 on Windows and before 32.0.1700.77 on Mac OS X and Linux allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the shutting down of a worker process. | |||||
CVE-2011-2198 | 3 Gnome, Opensuse, Oracle | 3 Gnome-terminal, Opensuse, Solaris | 2023-12-10 | 3.5 LOW | N/A |
The "insert-blank-characters" capability in caps.c in gnome-terminal (vte) before 0.28.1 allows remote authenticated users to cause a denial of service (CPU and memory consumption and crash) via a crafted file, as demonstrated by a file containing the string "\033[100000000000000000@". | |||||
CVE-2014-9657 | 7 Canonical, Debian, Fedoraproject and 4 more | 12 Ubuntu Linux, Debian Linux, Fedora and 9 more | 2023-12-10 | 7.5 HIGH | N/A |
The tt_face_load_hdmx function in truetype/ttpload.c in FreeType before 2.5.4 does not establish a minimum record size, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted TrueType font. | |||||
CVE-2013-7336 | 2 Opensuse, Redhat | 2 Opensuse, Libvirt | 2023-12-10 | 1.9 LOW | N/A |
The qemuMigrationWaitForSpice function in qemu/qemu_migration.c in libvirt before 1.1.3 does not properly enter a monitor when performing seamless SPICE migration, which allows local users to cause a denial of service (NULL pointer dereference and libvirtd crash) by causing domblkstat to be called at the same time as the qemuMonitorGetSpiceMigrationStatus function. | |||||
CVE-2015-2155 | 5 Debian, Fedoraproject, Opensuse and 2 more | 5 Debian Linux, Fedora, Opensuse and 2 more | 2023-12-10 | 7.5 HIGH | N/A |
The force printer in tcpdump before 4.7.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors. | |||||
CVE-2014-1505 | 7 Canonical, Debian, Mozilla and 4 more | 17 Ubuntu Linux, Debian Linux, Firefox and 14 more | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
The SVG filter implementation in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to obtain sensitive displacement-correlation information, and possibly bypass the Same Origin Policy and read text from a different domain, via a timing attack involving feDisplacementMap elements, a related issue to CVE-2013-1693. | |||||
CVE-2014-8594 | 3 Debian, Opensuse, Xen | 3 Debian Linux, Opensuse, Xen | 2023-12-10 | 5.4 MEDIUM | N/A |
The do_mmu_update function in arch/x86/mm.c in Xen 4.x through 4.4.x does not properly restrict updates to only PV page tables, which allows remote PV guests to cause a denial of service (NULL pointer dereference) by leveraging hardware emulation services for HVM guests using Hardware Assisted Paging (HAP). | |||||
CVE-2015-0354 | 7 Adobe, Apple, Linux and 4 more | 11 Flash Player, Mac Os X, Linux Kernel and 8 more | 2023-12-10 | 10.0 HIGH | N/A |
Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0347, CVE-2015-0350, CVE-2015-0352, CVE-2015-0353, CVE-2015-0355, CVE-2015-0360, CVE-2015-3038, CVE-2015-3041, CVE-2015-3042, and CVE-2015-3043. | |||||
CVE-2014-1553 | 2 Mozilla, Opensuse | 5 Firefox, Firefox Esr, Thunderbird and 2 more | 2023-12-10 | 10.0 HIGH | N/A |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 32.0, Firefox ESR 31.x before 31.1, and Thunderbird 31.x before 31.1 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | |||||
CVE-2014-8157 | 4 Debian, Jasper Project, Opensuse and 1 more | 4 Debian Linux, Jasper, Opensuse and 1 more | 2023-12-10 | 7.5 HIGH | N/A |
Off-by-one error in the jpc_dec_process_sot function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted JPEG 2000 image, which triggers a heap-based buffer overflow. | |||||
CVE-2014-9638 | 3 Fedoraproject, Opensuse, Xiph | 3 Fedora, Opensuse, Vorbis-tools | 2023-12-10 | 5.0 MEDIUM | N/A |
oggenc in vorbis-tools 1.4.0 allows remote attackers to cause a denial of service (divide-by-zero error and crash) via a WAV file with the number of channels set to zero. | |||||
CVE-2014-7155 | 4 Debian, Fedoraproject, Opensuse and 1 more | 4 Debian Linux, Fedora, Opensuse and 1 more | 2023-12-10 | 5.8 MEDIUM | N/A |
The x86_emulate function in arch/x86/x86_emulate/x86_emulate.c in Xen 4.4.x and earlier does not properly check supervisor mode permissions, which allows local HVM users to cause a denial of service (guest crash) or gain guest kernel mode privileges via vectors involving an (1) HLT, (2) LGDT, (3) LIDT, or (4) LMSW instruction. | |||||
CVE-2014-9640 | 2 Opensuse, Xiph | 2 Opensuse, Vorbis-tools | 2023-12-10 | 5.0 MEDIUM | N/A |
oggenc/oggenc.c in vorbis-tools 1.4.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted raw file. | |||||
CVE-2015-0561 | 3 Opensuse, Oracle, Wireshark | 3 Opensuse, Solaris, Wireshark | 2023-12-10 | 5.0 MEDIUM | N/A |
asn1/lpp/lpp.cnf in the LPP dissector in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 does not validate a certain index value, which allows remote attackers to cause a denial of service (out-of-bounds memory access and application crash) via a crafted packet. | |||||
CVE-2014-9584 | 7 Canonical, Debian, Linux and 4 more | 19 Ubuntu Linux, Debian Linux, Linux Kernel and 16 more | 2023-12-10 | 2.1 LOW | N/A |
The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel before 3.18.2 does not validate a length value in the Extensions Reference (ER) System Use Field, which allows local users to obtain sensitive information from kernel memory via a crafted iso9660 image. | |||||
CVE-2015-1863 | 5 Canonical, Debian, Opensuse and 2 more | 10 Ubuntu Linux, Debian Linux, Opensuse and 7 more | 2023-12-10 | 5.8 MEDIUM | N/A |
Heap-based buffer overflow in wpa_supplicant 1.0 through 2.4 allows remote attackers to cause a denial of service (crash), read memory, or possibly execute arbitrary code via crafted SSID information in a management frame when creating or updating P2P entries. | |||||
CVE-2014-3985 | 2 Miniupnp Project, Opensuse | 2 Miniupnp, Opensuse | 2023-12-10 | 5.0 MEDIUM | N/A |
The getHTTPResponse function in miniwget.c in MiniUPnP 1.9 allows remote attackers to cause a denial of service (crash) via crafted headers that trigger an out-of-bounds read. | |||||
CVE-2014-8961 | 2 Opensuse, Phpmyadmin | 2 Opensuse, Phpmyadmin | 2023-12-10 | 4.0 MEDIUM | N/A |
Directory traversal vulnerability in libraries/error_report.lib.php in the error-reporting feature in phpMyAdmin 4.1.x before 4.1.14.7 and 4.2.x before 4.2.12 allows remote authenticated users to obtain potentially sensitive information about a file's line count via a crafted parameter. |