Filtered by vendor Opensuse
Subscribe
Total
3278 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-2039 | 3 Fedoraproject, Opensuse, Phpmyadmin | 4 Fedora, Leap, Opensuse and 1 more | 2018-10-30 | 5.0 MEDIUM | 5.3 MEDIUM |
| libraries/session.inc.php in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 does not properly generate CSRF token values, which allows remote attackers to bypass intended access restrictions by predicting a value. | |||||
| CVE-2015-0802 | 3 Canonical, Mozilla, Opensuse | 3 Ubuntu Linux, Firefox, Opensuse | 2018-10-30 | 5.0 MEDIUM | N/A |
| Mozilla Firefox before 37.0 relies on docshell type information instead of page principal information for Window.webidl access control, which might allow remote attackers to execute arbitrary JavaScript code with chrome privileges via certain content navigation that leverages the reachability of a privileged window with an unintended persistence of access to restricted internal methods. | |||||
| CVE-2015-7215 | 3 Fedoraproject, Mozilla, Opensuse | 4 Fedora, Firefox, Leap and 1 more | 2018-10-30 | 5.0 MEDIUM | N/A |
| The importScripts function in the Web Workers API implementation in Mozilla Firefox before 43.0 allows remote attackers to bypass the Same Origin Policy by triggering use of the no-cors mode in the fetch API to attempt resource access that throws an exception, leading to information disclosure after a rethrow. | |||||
| CVE-2015-7203 | 3 Fedoraproject, Mozilla, Opensuse | 4 Fedora, Firefox, Leap and 1 more | 2018-10-30 | 10.0 HIGH | N/A |
| Buffer overflow in the DirectWriteFontInfo::LoadFontFamilyData function in gfx/thebes/gfxDWriteFontList.cpp in Mozilla Firefox before 43.0 might allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted font-family name. | |||||
| CVE-2016-2825 | 3 Canonical, Mozilla, Opensuse | 4 Ubuntu Linux, Firefox, Leap and 1 more | 2018-10-30 | 4.3 MEDIUM | 6.5 MEDIUM |
| Mozilla Firefox before 47.0 allows remote attackers to bypass the Same Origin Policy and modify the location.host property via an invalid data: URL. | |||||
| CVE-2016-1947 | 3 Canonical, Mozilla, Opensuse | 4 Ubuntu Linux, Firefox, Leap and 1 more | 2018-10-30 | 4.3 MEDIUM | 4.7 MEDIUM |
| Mozilla Firefox 43.x mishandles attempts to connect to the Application Reputation service, which makes it easier for remote attackers to trigger an unintended download by leveraging the absence of reputation data. | |||||
| CVE-2015-2059 | 3 Fedoraproject, Gnu, Opensuse | 3 Fedora, Libidn, Opensuse | 2018-10-30 | 7.5 HIGH | N/A |
| The stringprep_utf8_to_ucs4 function in libin before 1.31, as used in jabberd2, allows context-dependent attackers to read system memory and possibly have other unspecified impact via invalid UTF-8 characters in a string, which triggers an out-of-bounds read. | |||||
| CVE-2014-5146 | 2 Opensuse, Xen | 2 Opensuse, Xen | 2018-10-30 | 4.7 MEDIUM | N/A |
| Certain MMU virtualization operations in Xen 4.2.x through 4.4.x before the xsa97-hap patch, when using Hardware Assisted Paging (HAP), are not preemptible, which allows local HVM guest to cause a denial of service (vcpu consumption) by invoking these operations, which process every page assigned to a guest, a different vulnerability than CVE-2014-5149. | |||||
| CVE-2015-2717 | 2 Mozilla, Opensuse | 2 Firefox, Opensuse | 2018-10-30 | 6.8 MEDIUM | N/A |
| Integer overflow in libstagefright in Mozilla Firefox before 38.0 allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow and out-of-bounds read) via an MP4 video file containing invalid metadata. | |||||
| CVE-2014-9066 | 2 Opensuse, Xen | 2 Opensuse, Xen | 2018-10-30 | 4.7 MEDIUM | N/A |
| Xen 4.4.x and earlier, when using a large number of VCPUs, does not properly handle read and write locks, which allows local x86 guest users to cause a denial of service (write denial or NMI watchdog timeout and host crash) via a large number of read requests, a different vulnerability than CVE-2014-9065. | |||||
| CVE-2015-4146 | 2 Opensuse, W1.fi | 3 Opensuse, Hostapd, Wpa Supplicant | 2018-10-30 | 5.0 MEDIUM | N/A |
| The EAP-pwd peer implementation in hostapd and wpa_supplicant 1.0 through 2.4 does not clear the L (Length) and M (More) flags before determining if a response should be fragmented, which allows remote attackers to cause a denial of service (crash) via a crafted message. | |||||
| CVE-2014-8483 | 4 Canonical, Debian, Opensuse and 1 more | 4 Ubuntu Linux, Debian Linux, Opensuse and 1 more | 2018-10-30 | 5.0 MEDIUM | N/A |
| The blowfishECB function in core/cipher.cpp in Quassel IRC 0.10.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a malformed string. | |||||
| CVE-2015-7758 | 2 Gummi Project, Opensuse | 3 Gummi, Leap, Opensuse | 2018-10-30 | 2.1 LOW | 3.3 LOW |
| Gummi 0.6.5 allows local users to write to arbitrary files via a symlink attack on a temporary dot file that uses the name of an existing file and a (1) .aux, (2) .log, (3) .out, (4) .pdf, or (5) .toc extension for the file name, as demonstrated by .thesis.tex.aux. | |||||
| CVE-2015-2316 | 5 Canonical, Djangoproject, Fedoraproject and 2 more | 5 Ubuntu Linux, Django, Fedora and 2 more | 2018-10-30 | 5.0 MEDIUM | N/A |
| The utils.html.strip_tags function in Django 1.6.x before 1.6.11, 1.7.x before 1.7.7, and 1.8.x before 1.8c1, when using certain versions of Python, allows remote attackers to cause a denial of service (infinite loop) by increasing the length of the input string. | |||||
| CVE-2015-4143 | 2 Opensuse, W1.fi | 3 Opensuse, Hostapd, Wpa Supplicant | 2018-10-30 | 5.0 MEDIUM | N/A |
| The EAP-pwd server and peer implementation in hostapd and wpa_supplicant 1.0 through 2.4 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted (1) Commit or (2) Confirm message payload. | |||||
| CVE-2015-0255 | 2 Opensuse, X.org | 2 Opensuse, Xorg-server | 2018-10-30 | 6.4 MEDIUM | N/A |
| X.Org Server (aka xserver and xorg-server) before 1.16.3 and 1.17.x before 1.17.1 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (crash) via a crafted string length value in a XkbSetGeometry request. | |||||
| CVE-2015-2712 | 2 Mozilla, Opensuse | 2 Firefox, Opensuse | 2018-10-30 | 7.5 HIGH | N/A |
| The asm.js implementation in Mozilla Firefox before 38.0 does not properly determine heap lengths during identification of cases in which bounds checking may be safely skipped, which allows remote attackers to trigger out-of-bounds write operations and possibly execute arbitrary code, or trigger out-of-bounds read operations and possibly obtain sensitive information from process memory, via crafted JavaScript. | |||||
| CVE-2015-7210 | 3 Fedoraproject, Mozilla, Opensuse | 5 Fedora, Firefox, Firefox Esr and 2 more | 2018-10-30 | 7.5 HIGH | N/A |
| Use-after-free vulnerability in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allows remote attackers to execute arbitrary code by triggering attempted use of a data channel that has been closed by a WebRTC function. | |||||
| CVE-2014-9667 | 6 Canonical, Debian, Fedoraproject and 3 more | 11 Ubuntu Linux, Debian Linux, Fedora and 8 more | 2018-10-30 | 6.8 MEDIUM | N/A |
| sfnt/ttload.c in FreeType before 2.5.4 proceeds with offset+length calculations without restricting the values, which allows remote attackers to cause a denial of service (integer overflow and out-of-bounds read) or possibly have unspecified other impact via a crafted SFNT table. | |||||
| CVE-2015-4475 | 3 Canonical, Mozilla, Opensuse | 4 Ubuntu Linux, Firefox, Firefox Esr and 1 more | 2018-10-30 | 7.5 HIGH | N/A |
| The mozilla::AudioSink function in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 mishandles inconsistent sample formats within MP3 audio data, which allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via a malformed file. | |||||