ReportizFlow
Filtered by vendor Opensuse
Subscriptions
Filtered by product Opensuse
Subscriptions
Total
1465 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2015-0245 | 2 Freedesktop, Opensuse | 2 Dbus, Opensuse | 2025-04-12 | N/A |
| D-Bus 1.4.x through 1.6.x before 1.6.30, 1.8.x before 1.8.16, and 1.9.x before 1.9.10 does not validate the source of ActivationFailure signals, which allows local users to cause a denial of service (activation failure error returned) by leveraging a race condition involving sending an ActivationFailure signal before systemd responds. | ||||
| CVE-2015-5228 | 2 Criu, Opensuse | 2 Checkpoint\/restore In Userspace, Opensuse | 2025-04-12 | N/A |
| The service daemon in CRIU creates log and dump files insecurely, which allows local users to create arbitrary files and take ownership of existing files via unspecified vectors related to a directory path. | ||||
| CVE-2014-2309 | 4 Linux, Opensuse, Redhat and 1 more | 4 Linux Kernel, Opensuse, Enterprise Mrg and 1 more | 2025-04-12 | N/A |
| The ip6_route_add function in net/ipv6/route.c in the Linux kernel through 3.13.6 does not properly count the addition of routes, which allows remote attackers to cause a denial of service (memory consumption) via a flood of ICMPv6 Router Advertisement packets. | ||||
| CVE-2015-2695 | 6 Canonical, Debian, Mit and 3 more | 9 Ubuntu Linux, Debian Linux, Kerberos 5 and 6 more | 2025-04-12 | N/A |
| lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) before 1.14 relies on an inappropriate context handle, which allows remote attackers to cause a denial of service (incorrect pointer read and process crash) via a crafted SPNEGO packet that is mishandled during a gss_inquire_context call. | ||||
| CVE-2016-2806 | 5 Debian, Mozilla, Opensuse and 2 more | 6 Debian Linux, Firefox, Leap and 3 more | 2025-04-12 | N/A |
| Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 46.0 and Firefox ESR 45.x before 45.1 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||||
| CVE-2016-2807 | 4 Mozilla, Opensuse, Redhat and 1 more | 5 Firefox, Leap, Opensuse and 2 more | 2025-04-12 | N/A |
| Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 46.0, Firefox ESR 38.x before 38.8, and Firefox ESR 45.x before 45.1 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||||
| CVE-2015-1196 | 3 Gnu, Opensuse, Oracle | 3 Patch, Opensuse, Solaris | 2025-04-12 | N/A |
| GNU patch 2.7.1 allows remote attackers to write to arbitrary files via a symlink attack in a patch file. | ||||
| CVE-2016-4578 | 5 Canonical, Debian, Linux and 2 more | 13 Ubuntu Linux, Debian Linux, Linux Kernel and 10 more | 2025-04-12 | N/A |
| sound/core/timer.c in the Linux kernel through 4.6 does not initialize certain r1 data structures, which allows local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface, related to the (1) snd_timer_user_ccallback and (2) snd_timer_user_tinterrupt functions. | ||||
| CVE-2014-8158 | 4 Debian, Jasper Project, Opensuse and 1 more | 5 Debian Linux, Jasper, Opensuse and 2 more | 2025-04-12 | N/A |
| Multiple stack-based buffer overflows in jpc_qmfb.c in JasPer 1.900.1 and earlier allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted JPEG 2000 image. | ||||
| CVE-2016-4953 | 5 Ntp, Opensuse, Oracle and 2 more | 15 Ntp, Leap, Opensuse and 12 more | 2025-04-12 | 7.5 High |
| ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (ephemeral-association demobilization) by sending a spoofed crypto-NAK packet with incorrect authentication data at a certain time. | ||||
| CVE-2016-5098 | 2 Opensuse, Phpmyadmin | 2 Opensuse, Phpmyadmin | 2025-04-12 | N/A |
| Directory traversal vulnerability in libraries/error_report.lib.php in phpMyAdmin before 4.6.2-prerelease allows remote attackers to determine the existence of arbitrary files by triggering an error. | ||||
| CVE-2016-5118 | 8 Canonical, Debian, Graphicsmagick and 5 more | 15 Ubuntu Linux, Debian Linux, Graphicsmagick and 12 more | 2025-04-12 | 9.8 Critical |
| The OpenBlob function in blob.c in GraphicsMagick before 1.3.24 and ImageMagick allows remote attackers to execute arbitrary code via a | (pipe) character at the start of a filename. | ||||
| CVE-2016-0600 | 6 Canonical, Debian, Mariadb and 3 more | 17 Ubuntu Linux, Debian Linux, Mariadb and 14 more | 2025-04-12 | N/A |
| Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to InnoDB. | ||||
| CVE-2014-9765 | 4 Canonical, Debian, Opensuse and 1 more | 4 Ubuntu Linux, Debian Linux, Opensuse and 1 more | 2025-04-12 | N/A |
| Buffer overflow in the main_get_appheader function in xdelta3-main.h in xdelta3 before 3.0.9 allows remote attackers to execute arbitrary code via a crafted input file. | ||||
| CVE-2016-0598 | 6 Canonical, Debian, Mariadb and 3 more | 17 Ubuntu Linux, Debian Linux, Mariadb and 14 more | 2025-04-12 | N/A |
| Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via vectors related to DML. | ||||
| CVE-2014-3967 | 2 Opensuse, Xen | 2 Opensuse, Xen | 2025-04-12 | N/A |
| The HVMOP_inject_msi function in Xen 4.2.x, 4.3.x, and 4.4.x does not properly check the return value from the IRQ setup check, which allows local HVM guest administrators to cause a denial of service (NULL pointer dereference and crash) via unspecified vectors. | ||||
| CVE-2016-3623 | 2 Libtiff, Opensuse | 2 Libtiff, Opensuse | 2025-04-12 | N/A |
| The rgb2ycbcr tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (divide-by-zero) by setting the (1) v or (2) h parameter to 0. | ||||
| CVE-2014-3474 | 3 Openstack, Opensuse, Redhat | 3 Horizon, Opensuse, Openstack | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in horizon/static/horizon/js/horizon.instances.js in the Launch Instance menu in OpenStack Dashboard (Horizon) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 allows remote authenticated users to inject arbitrary web script or HTML via a network name. | ||||
| CVE-2016-1622 | 4 Debian, Google, Opensuse and 1 more | 4 Debian Linux, Chrome, Opensuse and 1 more | 2025-04-12 | N/A |
| The Extensions subsystem in Google Chrome before 48.0.2564.109 does not prevent use of the Object.defineProperty method to override intended extension behavior, which allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code. | ||||
| CVE-2016-1690 | 5 Debian, Google, Opensuse and 2 more | 9 Debian Linux, Chrome, Leap and 6 more | 2025-04-12 | N/A |
| The Autofill implementation in Google Chrome before 51.0.2704.63 mishandles the interaction between field updates and JavaScript code that triggers a frame deletion, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted web site, a different vulnerability than CVE-2016-1701. | ||||