Filtered by vendor Opensuse
Subscribe
Total
3251 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2015-0255 | 2 Opensuse, X.org | 2 Opensuse, Xorg-server | 2023-12-10 | 6.4 MEDIUM | N/A |
X.Org Server (aka xserver and xorg-server) before 1.16.3 and 1.17.x before 1.17.1 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (crash) via a crafted string length value in a XkbSetGeometry request. | |||||
CVE-2015-0563 | 2 Opensuse, Wireshark | 2 Opensuse, Wireshark | 2023-12-10 | 5.0 MEDIUM | N/A |
epan/dissectors/packet-smtp.c in the SMTP dissector in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 uses an incorrect length value for certain string-append operations, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. | |||||
CVE-2014-2554 | 2 Opensuse, Otrs | 2 Opensuse, Otrs | 2023-12-10 | 4.3 MEDIUM | N/A |
OTRS 3.1.x before 3.1.21, 3.2.x before 3.2.16, and 3.3.x before 3.3.6 allows remote attackers to conduct clickjacking attacks via an IFRAME element. | |||||
CVE-2015-0458 | 3 Novell, Opensuse, Oracle | 4 Suse Linux Enterprise Desktop, Opensuse, Jdk and 1 more | 2023-12-10 | 7.6 HIGH | N/A |
Unspecified vulnerability in in Oracle Java SE 6u91, 7u76, and 8u40 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. | |||||
CVE-2014-8867 | 4 Debian, Opensuse, Redhat and 1 more | 5 Debian Linux, Opensuse, Enterprise Linux and 2 more | 2023-12-10 | 4.9 MEDIUM | N/A |
The acceleration support for the "REP MOVS" instruction in Xen 4.4.x, 3.2.x, and earlier lacks properly bounds checking for memory mapped I/O (MMIO) emulated in the hypervisor, which allows local HVM guests to cause a denial of service (host crash) via unspecified vectors. | |||||
CVE-2015-3039 | 7 Adobe, Apple, Linux and 4 more | 11 Flash Player, Mac Os X, Linux Kernel and 8 more | 2023-12-10 | 10.0 HIGH | N/A |
Use-after-free vulnerability in Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-0349, CVE-2015-0351, and CVE-2015-0358. | |||||
CVE-2015-0819 | 3 Canonical, Mozilla, Opensuse | 3 Ubuntu Linux, Firefox, Opensuse | 2023-12-10 | 4.3 MEDIUM | N/A |
The UITour::onPageEvent function in Mozilla Firefox before 36.0 does not ensure that an API call originates from a foreground tab, which allows remote attackers to conduct spoofing and clickjacking attacks by leveraging access to a UI Tour web site. | |||||
CVE-2014-1518 | 7 Canonical, Debian, Fedoraproject and 4 more | 16 Ubuntu Linux, Debian Linux, Fedora and 13 more | 2023-12-10 | 9.3 HIGH | 8.8 HIGH |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | |||||
CVE-2014-4043 | 2 Gnu, Opensuse | 2 Glibc, Opensuse | 2023-12-10 | 7.5 HIGH | N/A |
The posix_spawn_file_actions_addopen function in glibc before 2.20 does not copy its path argument in accordance with the POSIX specification, which allows context-dependent attackers to trigger use-after-free vulnerabilities. | |||||
CVE-2014-0160 | 11 Canonical, Debian, Fedoraproject and 8 more | 33 Ubuntu Linux, Debian Linux, Fedora and 30 more | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug. | |||||
CVE-2014-1504 | 4 Mozilla, Opensuse, Oracle and 1 more | 7 Firefox, Seamonkey, Opensuse and 4 more | 2023-12-10 | 2.6 LOW | N/A |
The session-restore feature in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 does not consider the Content Security Policy of a data: URL, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted document that is accessed after a browser restart. | |||||
CVE-2015-0228 | 4 Apache, Apple, Canonical and 1 more | 5 Http Server, Mac Os X, Mac Os X Server and 2 more | 2023-12-10 | 5.0 MEDIUM | N/A |
The lua_websocket_read function in lua_request.c in the mod_lua module in the Apache HTTP Server through 2.4.12 allows remote attackers to cause a denial of service (child-process crash) by sending a crafted WebSocket Ping frame after a Lua script has called the wsupgrade function. | |||||
CVE-2015-1196 | 3 Gnu, Opensuse, Oracle | 3 Patch, Opensuse, Solaris | 2023-12-10 | 4.3 MEDIUM | N/A |
GNU patch 2.7.1 allows remote attackers to write to arbitrary files via a symlink attack in a patch file. | |||||
CVE-2015-0825 | 3 Canonical, Mozilla, Opensuse | 3 Ubuntu Linux, Firefox, Opensuse | 2023-12-10 | 4.3 MEDIUM | N/A |
Stack-based buffer underflow in the mozilla::MP3FrameParser::ParseBuffer function in Mozilla Firefox before 36.0 allows remote attackers to obtain sensitive information from process memory via a malformed MP3 file that improperly interacts with memory allocation during playback. | |||||
CVE-2014-2327 | 3 Cacti, Debian, Opensuse | 3 Cacti, Debian Linux, Opensuse | 2023-12-10 | 6.8 MEDIUM | N/A |
Cross-site request forgery (CSRF) vulnerability in Cacti 0.8.7g, 0.8.8b, and earlier allows remote attackers to hijack the authentication of users for unspecified commands, as demonstrated by requests that (1) modify binary files, (2) modify configurations, or (3) add arbitrary users. | |||||
CVE-2013-6393 | 5 Canonical, Debian, Opensuse and 2 more | 6 Ubuntu Linux, Debian Linux, Leap and 3 more | 2023-12-10 | 6.8 MEDIUM | N/A |
The yaml_parser_scan_tag_uri function in scanner.c in LibYAML before 0.1.5 performs an incorrect cast, which allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted tags in a YAML document, which triggers a heap-based buffer overflow. | |||||
CVE-2015-0491 | 3 Opensuse, Oracle, Suse | 5 Opensuse, Javafx, Jdk and 2 more | 2023-12-10 | 10.0 HIGH | N/A |
Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40, and Java FX 2.2.76, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than CVE-2015-0459. | |||||
CVE-2012-2328 | 2 Opensuse, Standards Based Linux Instrumentation Project | 2 Opensuse, Standards-based Linux Common Information Model Client | 2023-12-10 | 5.0 MEDIUM | N/A |
internal/cimxml/sax/NodeFactory.java in Standards-Based Linux Instrumentation for Manageability (SBLIM) Common Information Model (CIM) Client (aka sblim-cim-client2) before 2.1.12 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted XML file. | |||||
CVE-2014-8104 | 5 Canonical, Debian, Mageia and 2 more | 6 Ubuntu Linux, Debian Linux, Mageia and 3 more | 2023-12-10 | 6.8 MEDIUM | N/A |
OpenVPN 2.x before 2.0.11, 2.1.x, 2.2.x before 2.2.3, and 2.3.x before 2.3.6 allows remote authenticated users to cause a denial of service (server crash) via a small control channel packet. | |||||
CVE-2011-3377 | 3 Canonical, Opensuse, Redhat | 3 Ubuntu Linux, Opensuse, Icedtea-web | 2023-12-10 | 4.3 MEDIUM | N/A |
The web browser plug-in in IcedTea-Web 1.0.x before 1.0.6 and 1.1.x before 1.1.4 allows remote attackers to bypass the Same Origin Policy (SOP) and execute arbitrary script or establish network connections to unintended hosts via an applet whose origin has the same second-level domain, but a different sub-domain than the targeted domain. |