Vulnerabilities (CVE)

Filtered by vendor Opensuse Subscribe
Total 3285 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2014-9601 4 Fedoraproject, Opensuse, Oracle and 1 more 4 Fedora, Opensuse, Solaris and 1 more 2025-04-12 5.0 MEDIUM N/A
Pillow before 2.7.0 allows remote attackers to cause a denial of service via a compressed text chunk in a PNG image that has a large size when it is decompressed.
CVE-2015-8866 4 Canonical, Opensuse, Php and 1 more 6 Ubuntu Linux, Leap, Opensuse and 3 more 2025-04-12 6.8 MEDIUM 9.6 CRITICAL
ext/libxml/libxml.c in PHP before 5.5.22 and 5.6.x before 5.6.6, when PHP-FPM is used, does not isolate each thread from libxml_disable_entity_loader changes in other threads, which allows remote attackers to conduct XML External Entity (XXE) and XML Entity Expansion (XEE) attacks via a crafted XML document, a related issue to CVE-2015-5161.
CVE-2016-2793 5 Mozilla, Opensuse, Oracle and 2 more 6 Firefox, Leap, Opensuse and 3 more 2025-04-12 6.8 MEDIUM 8.8 HIGH
CachedCmap.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font.
CVE-2016-3190 2 Cairographics, Opensuse 2 Cairo, Opensuse 2025-04-12 5.0 MEDIUM 7.5 HIGH
The fill_xrgb32_lerp_opaque_spans function in cairo-image-compositor.c in cairo before 1.14.2 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a negative span length.
CVE-2016-1933 2 Mozilla, Opensuse 3 Firefox, Leap, Opensuse 2025-04-12 4.3 MEDIUM 6.5 MEDIUM
Integer overflow in the image-deinterlacing functionality in Mozilla Firefox before 44.0 allows remote attackers to cause a denial of service (memory consumption or application crash) via a crafted GIF image.
CVE-2014-9640 2 Opensuse, Xiph 2 Opensuse, Vorbis-tools 2025-04-12 5.0 MEDIUM N/A
oggenc/oggenc.c in vorbis-tools 1.4.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted raw file.
CVE-2014-7155 4 Debian, Fedoraproject, Opensuse and 1 more 4 Debian Linux, Fedora, Opensuse and 1 more 2025-04-12 5.8 MEDIUM N/A
The x86_emulate function in arch/x86/x86_emulate/x86_emulate.c in Xen 4.4.x and earlier does not properly check supervisor mode permissions, which allows local HVM users to cause a denial of service (guest crash) or gain guest kernel mode privileges via vectors involving an (1) HLT, (2) LGDT, (3) LIDT, or (4) LMSW instruction.
CVE-2015-4752 6 Canonical, Debian, Mariadb and 3 more 12 Ubuntu Linux, Debian Linux, Mariadb and 9 more 2025-04-12 4.0 MEDIUM N/A
Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to Server : I_S.
CVE-2016-0747 5 Apple, Canonical, Debian and 2 more 5 Xcode, Ubuntu Linux, Debian Linux and 2 more 2025-04-12 5.0 MEDIUM 5.3 MEDIUM
The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 does not properly limit CNAME resolution, which allows remote attackers to cause a denial of service (worker process resource consumption) via vectors related to arbitrary name resolution.
CVE-2015-5231 2 Criu, Opensuse 2 Checkpoint\/restore In Userspace, Opensuse 2025-04-12 2.1 LOW 5.5 MEDIUM
The service daemon in CRIU does not properly restrict access to non-dumpable processes, which allows local users to obtain sensitive information via (1) process dumps or (2) ptrace access.
CVE-2016-6323 3 Fedoraproject, Gnu, Opensuse 3 Fedora, Glibc, Opensuse 2025-04-12 5.0 MEDIUM 7.5 HIGH
The makecontext function in the GNU C Library (aka glibc or libc6) before 2.25 creates execution contexts incompatible with the unwinder on ARM EABI (32-bit) platforms, which might allow context-dependent attackers to cause a denial of service (hang), as demonstrated by applications compiled using gccgo, related to backtrace generation.
CVE-2014-3566 11 Apple, Debian, Fedoraproject and 8 more 20 Mac Os X, Debian Linux, Fedora and 17 more 2025-04-12 4.3 MEDIUM 3.4 LOW
The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue.
CVE-2016-1675 6 Canonical, Debian, Google and 3 more 9 Ubuntu Linux, Debian Linux, Chrome and 6 more 2025-04-12 6.8 MEDIUM 8.8 HIGH
Blink, as used in Google Chrome before 51.0.2704.63, allows remote attackers to bypass the Same Origin Policy by leveraging the mishandling of Document reattachment during destruction, related to FrameLoader.cpp and LocalFrame.cpp.
CVE-2014-1830 2 Opensuse, Python 2 Opensuse, Requests 2025-04-12 5.0 MEDIUM N/A
Requests (aka python-requests) before 2.3.0 allows remote servers to obtain sensitive information by reading the Proxy-Authorization header in a redirected request.
CVE-2014-8600 3 Kde, Opensuse, Urs Wolfer 4 Kde-runtime, Kio-extras, Opensuse and 1 more 2025-04-12 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in KDE-Runtime 4.14.3 and earlier, kwebkitpart 1.3.4 and earlier, and kio-extras 5.1.1 and earlier allow remote attackers to inject arbitrary web script or HTML via a crafted URI using the (1) zip, (2) trash, (3) tar, (4) thumbnail, (5) smtps, (6) smtp, (7) smb, (8) remote, (9) recentdocuments, (10) nntps, (11) nntp, (12) network, (13) mbox, (14) ldaps, (15) ldap, (16) fonts, (17) file, (18) desktop, (19) cgi, (20) bookmarks, or (21) ar scheme, which is not properly handled in an error message.
CVE-2014-0467 2 Mutt, Opensuse 2 Mutt, Opensuse 2025-04-12 5.0 MEDIUM N/A
Buffer overflow in copy.c in Mutt before 1.5.23 allows remote attackers to cause a denial of service (crash) via a crafted RFC2047 header line, related to address expansion.
CVE-2015-3113 8 Adobe, Apple, Hp and 5 more 18 Flash Player, Mac Os X, Insight Orchestration and 15 more 2025-04-12 10.0 HIGH 9.8 CRITICAL
Heap-based buffer overflow in Adobe Flash Player before 13.0.0.296 and 14.x through 18.x before 18.0.0.194 on Windows and OS X and before 11.2.202.468 on Linux allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in June 2015.
CVE-2015-0805 3 Canonical, Mozilla, Opensuse 3 Ubuntu Linux, Firefox, Opensuse 2025-04-12 7.5 HIGH N/A
The Off Main Thread Compositing (OMTC) implementation in Mozilla Firefox before 37.0 makes an incorrect memset call during interaction with the mozilla::layers::BufferTextureClient::AllocateForSurface function, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors that trigger rendering of 2D graphics content.
CVE-2014-9657 7 Canonical, Debian, Fedoraproject and 4 more 12 Ubuntu Linux, Debian Linux, Fedora and 9 more 2025-04-12 7.5 HIGH N/A
The tt_face_load_hdmx function in truetype/ttpload.c in FreeType before 2.5.4 does not establish a minimum record size, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted TrueType font.
CVE-2014-8483 4 Canonical, Debian, Opensuse and 1 more 4 Ubuntu Linux, Debian Linux, Opensuse and 1 more 2025-04-12 5.0 MEDIUM N/A
The blowfishECB function in core/cipher.cpp in Quassel IRC 0.10.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a malformed string.