Vulnerabilities (CVE)

Filtered by vendor Opensuse Subscribe
Total 3285 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2016-4537 3 Fedoraproject, Opensuse, Php 3 Fedora, Leap, Php 2025-04-12 7.5 HIGH 9.8 CRITICAL
The bcpowmod function in ext/bcmath/bcmath.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 accepts a negative integer for the scale argument, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted call.
CVE-2015-1196 3 Gnu, Opensuse, Oracle 3 Patch, Opensuse, Solaris 2025-04-12 4.3 MEDIUM N/A
GNU patch 2.7.1 allows remote attackers to write to arbitrary files via a symlink attack in a patch file.
CVE-2016-1682 6 Canonical, Debian, Google and 3 more 9 Ubuntu Linux, Debian Linux, Chrome and 6 more 2025-04-12 4.3 MEDIUM 6.1 MEDIUM
The ServiceWorkerContainer::registerServiceWorkerImpl function in WebKit/Source/modules/serviceworkers/ServiceWorkerContainer.cpp in Blink, as used in Google Chrome before 51.0.2704.63, allows remote attackers to bypass the Content Security Policy (CSP) protection mechanism via a ServiceWorker registration.
CVE-2016-0749 5 Debian, Microsoft, Opensuse and 2 more 12 Debian Linux, Windows, Leap and 9 more 2025-04-12 10.0 HIGH 9.8 CRITICAL
The smartcard interaction in SPICE allows remote attackers to cause a denial of service (QEMU-KVM process crash) or possibly execute arbitrary code via vectors related to connecting to a guest VM, which triggers a heap-based buffer overflow.
CVE-2016-1697 6 Canonical, Debian, Google and 3 more 9 Ubuntu Linux, Debian Linux, Chrome and 6 more 2025-04-12 6.8 MEDIUM 8.8 HIGH
The FrameLoader::startLoad function in WebKit/Source/core/loader/FrameLoader.cpp in Blink, as used in Google Chrome before 51.0.2704.79, does not prevent frame navigations during DocumentLoader detach operations, which allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code.
CVE-2014-6590 2 Opensuse, Oracle 2 Opensuse, Vm Virtualbox 2025-04-12 3.2 LOW N/A
Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 4.3.20 allows local users to affect integrity and availability via vectors related to VMSVGA virtual graphics device, a different vulnerability than CVE-2014-6588, CVE-2014-6589, CVE-2014-6595, and CVE-2015-0427.
CVE-2014-1505 7 Canonical, Debian, Mozilla and 4 more 17 Ubuntu Linux, Debian Linux, Firefox and 14 more 2025-04-12 5.0 MEDIUM 7.5 HIGH
The SVG filter implementation in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to obtain sensitive displacement-correlation information, and possibly bypass the Same Origin Policy and read text from a different domain, via a timing attack involving feDisplacementMap elements, a related issue to CVE-2013-1693.
CVE-2016-4144 8 Adobe, Apple, Google and 5 more 16 Flash Player, Flash Player Desktop Runtime, Macos and 13 more 2025-04-12 9.3 HIGH 8.8 HIGH
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.
CVE-2016-1629 4 Debian, Google, Novell and 1 more 5 Debian Linux, Chrome, Suse Package Hub For Suse Linux Enterprise and 2 more 2025-04-12 10.0 HIGH 9.8 CRITICAL
Google Chrome before 48.0.2564.116 allows remote attackers to bypass the Blink Same Origin Policy and a sandbox protection mechanism via unspecified vectors.
CVE-2015-0824 3 Canonical, Mozilla, Opensuse 3 Ubuntu Linux, Firefox, Opensuse 2025-04-12 5.0 MEDIUM N/A
The mozilla::layers::BufferTextureClient::AllocateForSurface function in Mozilla Firefox before 36.0 allows remote attackers to cause a denial of service (out-of-bounds write of zero values, and application crash) via vectors that trigger use of DrawTarget and the Cairo library for image drawing.
CVE-2015-2715 2 Mozilla, Opensuse 2 Firefox, Opensuse 2025-04-12 6.8 MEDIUM N/A
Race condition in the nsThreadManager::RegisterCurrentThread function in Mozilla Firefox before 38.0 allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and heap memory corruption) by leveraging improper Media Decoder Thread creation at the time of a shutdown.
CVE-2016-1647 4 Canonical, Debian, Google and 1 more 4 Ubuntu Linux, Debian Linux, Chrome and 1 more 2025-04-12 9.3 HIGH 8.8 HIGH
Use-after-free vulnerability in the RenderWidgetHostImpl::Destroy function in content/browser/renderer_host/render_widget_host_impl.cc in the Navigation implementation in Google Chrome before 49.0.2623.108 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
CVE-2016-5739 2 Opensuse, Phpmyadmin 3 Leap, Opensuse, Phpmyadmin 2025-04-12 5.0 MEDIUM 7.5 HIGH
The Transformation implementation in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 does not use the no-referrer Content Security Policy (CSP) protection mechanism, which makes it easier for remote attackers to conduct CSRF attacks by reading an authentication token in a Referer header, related to libraries/Header.php.
CVE-2014-9066 2 Opensuse, Xen 2 Opensuse, Xen 2025-04-12 4.7 MEDIUM N/A
Xen 4.4.x and earlier, when using a large number of VCPUs, does not properly handle read and write locks, which allows local x86 guest users to cause a denial of service (write denial or NMI watchdog timeout and host crash) via a large number of read requests, a different vulnerability than CVE-2014-9065.
CVE-2016-1945 2 Mozilla, Opensuse 3 Firefox, Leap, Opensuse 2025-04-12 9.3 HIGH 8.8 HIGH
The nsZipArchive function in Mozilla Firefox before 44.0 might allow remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging incorrect use of a pointer during processing of a ZIP archive.
CVE-2015-7221 3 Fedoraproject, Mozilla, Opensuse 4 Fedora, Firefox, Leap and 1 more 2025-04-12 10.0 HIGH N/A
Buffer overflow in the nsDeque::GrowCapacity function in xpcom/glue/nsDeque.cpp in Mozilla Firefox before 43.0 might allow remote attackers to cause a denial of service or possibly have unspecified other impact by triggering a deque size change.
CVE-2016-1952 4 Mozilla, Novell, Opensuse and 1 more 6 Firefox, Thunderbird, Suse Package Hub For Suse Linux Enterprise and 3 more 2025-04-12 6.8 MEDIUM 8.8 HIGH
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
CVE-2014-0564 7 Adobe, Apple, Google and 4 more 14 Air Desktop Runtime, Air Sdk, Flash Player and 11 more 2025-04-12 10.0 HIGH N/A
Adobe Flash Player before 13.0.0.250 and 14.x and 15.x before 15.0.0.189 on Windows and OS X and before 11.2.202.411 on Linux, Adobe AIR before 15.0.0.293, Adobe AIR SDK before 15.0.0.302, and Adobe AIR SDK & Compiler before 15.0.0.302 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-0558.
CVE-2014-2270 5 Canonical, Debian, File Project and 2 more 5 Ubuntu Linux, Debian Linux, File and 2 more 2025-04-12 4.3 MEDIUM N/A
softmagic.c in file before 5.17 and libmagic allows context-dependent attackers to cause a denial of service (out-of-bounds memory access and crash) via crafted offsets in the softmagic of a PE executable.
CVE-2015-3145 8 Apple, Canonical, Debian and 5 more 9 Mac Os X, Ubuntu Linux, Debian Linux and 6 more 2025-04-12 7.5 HIGH N/A
The sanitize_cookie_path function in cURL and libcurl 7.31.0 through 7.41.0 does not properly calculate an index, which allows remote attackers to cause a denial of service (out-of-bounds write and crash) or possibly have other unspecified impact via a cookie path containing only a double-quote character.