Vulnerabilities (CVE)

Filtered by vendor Opensuse Subscribe
Total 3278 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2014-5177 2 Opensuse, Redhat 4 Opensuse, Enterprise Linux, Enterprise Virtualization and 1 more 2019-04-22 1.2 LOW N/A
libvirt 1.0.0 through 1.2.x before 1.2.5, when fine grained access control is enabled, allows local users to read arbitrary files via a crafted XML document containing an XML external entity declaration in conjunction with an entity reference to the (1) virDomainDefineXML, (2) virNetworkCreateXML, (3) virNetworkDefineXML, (4) virStoragePoolCreateXML, (5) virStoragePoolDefineXML, (6) virStorageVolCreateXML, (7) virDomainCreateXML, (8) virNodeDeviceCreateXML, (9) virInterfaceDefineXML, (10) virStorageVolCreateXMLFrom, (11) virConnectDomainXMLFromNative, (12) virConnectDomainXMLToNative, (13) virSecretDefineXML, (14) virNWFilterDefineXML, (15) virDomainSnapshotCreateXML, (16) virDomainSaveImageDefineXML, (17) virDomainCreateXMLWithFiles, (18) virConnectCompareCPU, or (19) virConnectBaselineCPU API method, related to an XML External Entity (XXE) issue. NOTE: this issue was SPLIT from CVE-2014-0179 per ADT3 due to different affected versions of some vectors.
CVE-2013-2217 3 Jeff Ortel, Opensuse, Redhat 3 Suds, Opensuse, Enterprise Linux 2019-04-22 1.2 LOW N/A
cache.py in Suds 0.4, when tempdir is set to None, allows local users to redirect SOAP queries and possibly have other unspecified impact via a symlink attack on a cache file with a predictable name in /tmp/suds/.
CVE-2016-0655 5 Debian, Mariadb, Opensuse and 2 more 5 Debian Linux, Mariadb, Leap and 2 more 2019-04-22 3.5 LOW 4.7 MEDIUM
Unspecified vulnerability in Oracle MySQL 5.6.29 and earlier and 5.7.11 and earlier and MariaDB 10.0.x before 10.0.25 and 10.1.x before 10.1.14 allows local users to affect availability via vectors related to InnoDB.
CVE-2016-0643 6 Debian, Ibm, Mariadb and 3 more 6 Debian Linux, Powerkvm, Mariadb and 3 more 2019-04-22 4.0 MEDIUM 3.3 LOW
Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows local users to affect confidentiality via vectors related to DML.
CVE-2016-0610 6 Canonical, Debian, Mariadb and 3 more 7 Ubuntu Linux, Debian Linux, Mariadb and 4 more 2019-04-22 3.5 LOW N/A
Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier and MariaDB before 10.0.22 and 10.1.x before 10.1.9 allows remote authenticated users to affect availability via unknown vectors related to InnoDB.
CVE-2013-4854 10 Fedoraproject, Freebsd, Hp and 7 more 12 Fedora, Freebsd, Hp-ux and 9 more 2019-04-22 7.8 HIGH N/A
The RFC 5011 implementation in rdata.c in ISC BIND 9.7.x and 9.8.x before 9.8.5-P2, 9.8.6b1, 9.9.x before 9.9.3-P2, and 9.9.4b1, and DNSco BIND 9.9.3-S1 before 9.9.3-S1-P1 and 9.9.4-S1b1, allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query with a malformed RDATA section that is not properly handled during construction of a log message, as exploited in the wild in July 2013.
CVE-2016-2150 5 Debian, Microsoft, Opensuse and 2 more 12 Debian Linux, Windows, Leap and 9 more 2019-04-22 3.6 LOW 7.1 HIGH
SPICE allows local guest OS users to read from or write to arbitrary host memory locations via crafted primary surface parameters, a similar issue to CVE-2015-5261.
CVE-2013-2174 4 Canonical, Haxx, Opensuse and 1 more 5 Ubuntu Linux, Curl, Libcurl and 2 more 2019-04-22 6.8 MEDIUM N/A
Heap-based buffer overflow in the curl_easy_unescape function in lib/escape.c in cURL and libcurl 7.7 through 7.30.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted string ending in a "%" (percent) character.
CVE-2016-0607 4 Canonical, Opensuse, Oracle and 1 more 5 Ubuntu Linux, Leap, Opensuse and 2 more 2019-04-22 2.8 LOW N/A
Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier and 5.7.9 allows remote authenticated users to affect availability via unknown vectors related to replication.
CVE-2018-17294 3 Canonical, Liblouis, Opensuse 3 Ubuntu Linux, Liblouis, Leap 2019-04-18 4.3 MEDIUM 6.5 MEDIUM
The matchCurrentInput function inside lou_translateString.c of Liblouis prior to 3.7 does not check the input string's length, allowing attackers to cause a denial of service (application crash via out-of-bounds read) by crafting an input file with certain translation dictionaries.
CVE-2018-14522 3 Aubio, Opensuse, Suse 3 Aubio, Leap, Linux Enterprise 2019-04-17 6.8 MEDIUM 8.8 HIGH
An issue was discovered in aubio 0.4.6. A SEGV signal can occur in aubio_pitch_set_unit in pitch/pitch.c, as demonstrated by aubionotes.
CVE-2016-7447 3 Debian, Graphicsmagick, Opensuse 4 Debian Linux, Graphicsmagick, Leap and 1 more 2019-04-15 7.5 HIGH 9.8 CRITICAL
Heap-based buffer overflow in the EscapeParenthesis function in GraphicsMagick before 1.3.25 allows remote attackers to have unspecified impact via unknown vectors.
CVE-2016-7446 3 Debian, Graphicsmagick, Opensuse 4 Debian Linux, Graphicsmagick, Leap and 1 more 2019-04-15 7.5 HIGH 9.8 CRITICAL
Buffer overflow in the MVG and SVG rendering code in GraphicsMagick 1.3.24 allows remote attackers to have unspecified impact via unknown vectors. Note: This vulnerability exists due to an incomplete patch for CVE-2016-2317.
CVE-2016-5241 3 Debian, Graphicsmagick, Opensuse 4 Debian Linux, Graphicsmagick, Leap and 1 more 2019-04-12 4.3 MEDIUM 5.5 MEDIUM
magick/render.c in GraphicsMagick before 1.3.24 allows remote attackers to cause a denial of service (arithmetic exception and application crash) via a crafted svg file.
CVE-2016-7449 3 Debian, Graphicsmagick, Opensuse 4 Debian Linux, Graphicsmagick, Leap and 1 more 2019-04-12 5.0 MEDIUM 7.5 HIGH
The TIFFGetField function in coders/tiff.c in GraphicsMagick 1.3.24 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a file containing an "unterminated" string.
CVE-2016-7800 3 Debian, Graphicsmagick, Opensuse 4 Debian Linux, Graphicsmagick, Leap and 1 more 2019-04-12 5.0 MEDIUM 7.5 HIGH
Integer underflow in the parse8BIM function in coders/meta.c in GraphicsMagick 1.3.25 and earlier allows remote attackers to cause a denial of service (application crash) via a crafted 8BIM chunk, which triggers a heap-based buffer overflow.
CVE-2016-7448 3 Debian, Graphicsmagick, Opensuse 4 Debian Linux, Graphicsmagick, Leap and 1 more 2019-04-12 7.8 HIGH 7.5 HIGH
The Utah RLE reader in GraphicsMagick before 1.3.25 allows remote attackers to cause a denial of service (CPU consumption or large memory allocations) via vectors involving the header information and the file size.
CVE-2016-10065 2 Imagemagick, Opensuse 2 Imagemagick, Leap 2019-04-12 6.8 MEDIUM 7.8 HIGH
The ReadVIFFImage function in coders/viff.c in ImageMagick before 7.0.1-0 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file.
CVE-2018-10916 3 Canonical, Lftp Project, Opensuse 3 Ubuntu Linux, Lftp, Leap 2019-04-02 7.8 HIGH 6.5 MEDIUM
It has been discovered that lftp up to and including version 4.8.3 does not properly sanitize remote file names, leading to a loss of integrity on the local system when reverse mirroring is used. A remote attacker may trick a user to use reverse mirroring on an attacker controlled FTP server, resulting in the removal of all files in the current working directory of the victim's system.
CVE-2016-4578 5 Canonical, Debian, Linux and 2 more 11 Ubuntu Linux, Debian Linux, Linux Kernel and 8 more 2019-03-25 2.1 LOW 5.5 MEDIUM
sound/core/timer.c in the Linux kernel through 4.6 does not initialize certain r1 data structures, which allows local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface, related to the (1) snd_timer_user_ccallback and (2) snd_timer_user_tinterrupt functions.