Filtered by vendor Opensuse
Subscribe
Total
3278 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-1477 | 7 Canonical, Debian, Fedoraproject and 4 more | 18 Ubuntu Linux, Debian Linux, Fedora and 15 more | 2024-02-14 | 6.8 MEDIUM | 9.8 CRITICAL |
| Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | |||||
| CVE-2009-3231 | 5 Canonical, Fedoraproject, Opensuse and 2 more | 6 Ubuntu Linux, Fedora, Opensuse and 3 more | 2024-02-13 | 6.8 MEDIUM | N/A |
| The core server component in PostgreSQL 8.3 before 8.3.8 and 8.2 before 8.2.14, when using LDAP authentication with anonymous binds, allows remote attackers to bypass authentication via an empty password. | |||||
| CVE-2009-1699 | 3 Apple, Canonical, Opensuse | 4 Iphone Os, Safari, Ubuntu Linux and 1 more | 2024-02-10 | 7.1 HIGH | 7.5 HIGH |
| The XSL stylesheet implementation in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle XML external entities, which allows remote attackers to read arbitrary files via a crafted DTD, as demonstrated by a file:///etc/passwd URL in an entity declaration, related to an "XXE attack." | |||||
| CVE-2016-3627 | 7 Canonical, Debian, Hp and 4 more | 14 Ubuntu Linux, Debian Linux, Icewall Federation Agent and 11 more | 2024-02-10 | 5.0 MEDIUM | 7.5 HIGH |
| The xmlStringGetNodeList function in tree.c in libxml2 2.9.3 and earlier, when used in recovery mode, allows context-dependent attackers to cause a denial of service (infinite recursion, stack consumption, and application crash) via a crafted XML document. | |||||
| CVE-2014-0038 | 2 Linux, Opensuse | 2 Linux Kernel, Opensuse | 2024-02-09 | 6.9 MEDIUM | N/A |
| The compat_sys_recvmmsg function in net/compat.c in the Linux kernel before 3.13.2, when CONFIG_X86_X32 is enabled, allows local users to gain privileges via a recvmmsg system call with a crafted timeout pointer parameter. | |||||
| CVE-2009-0269 | 4 Canonical, Debian, Linux and 1 more | 4 Ubuntu Linux, Debian Linux, Linux Kernel and 1 more | 2024-02-09 | 4.9 MEDIUM | N/A |
| fs/ecryptfs/inode.c in the eCryptfs subsystem in the Linux kernel before 2.6.28.1 allows local users to cause a denial of service (fault or memory corruption), or possibly have unspecified other impact, via a readlink call that results in an error, leading to use of a -1 return value as an array index. | |||||
| CVE-2009-0040 | 6 Apple, Debian, Fedoraproject and 3 more | 9 Iphone Os, Mac Os X, Debian Linux and 6 more | 2024-02-09 | 6.8 MEDIUM | N/A |
| The PNG reference library (aka libpng) before 1.0.43, and 1.2.x before 1.2.35, as used in pngcrush and other applications, allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file that triggers a free of an uninitialized pointer in (1) the png_read_png function, (2) pCAL chunk handling, or (3) setup of 16-bit gamma tables. | |||||
| CVE-2009-1721 | 6 Apple, Canonical, Debian and 3 more | 6 Mac Os X, Ubuntu Linux, Debian Linux and 3 more | 2024-02-09 | 6.8 MEDIUM | N/A |
| The decompression implementation in the Imf::hufUncompress function in OpenEXR 1.2.2 and 1.6.1 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger a free of an uninitialized pointer. | |||||
| CVE-2008-3188 | 1 Opensuse | 1 Opensuse | 2024-02-09 | 5.0 MEDIUM | 7.5 HIGH |
| libxcrypt in SUSE openSUSE 11.0 uses the DES algorithm when the configuration specifies the MD5 algorithm, which makes it easier for attackers to conduct brute-force attacks against hashed passwords. | |||||
| CVE-2008-4989 | 6 Canonical, Debian, Fedoraproject and 3 more | 7 Ubuntu Linux, Debian Linux, Fedora and 4 more | 2024-02-09 | 4.3 MEDIUM | 5.9 MEDIUM |
| The _gnutls_x509_verify_certificate function in lib/x509/verify.c in libgnutls in GnuTLS before 2.6.1 trusts certificate chains in which the last certificate is an arbitrary trusted, self-signed certificate, which allows man-in-the-middle attackers to insert a spoofed certificate for any Distinguished Name (DN). | |||||
| CVE-2008-0063 | 7 Apple, Canonical, Debian and 4 more | 11 Mac Os X, Mac Os X Server, Ubuntu Linux and 8 more | 2024-02-09 | 4.3 MEDIUM | 7.5 HIGH |
| The Kerberos 4 support in KDC in MIT Kerberos 5 (krb5kdc) does not properly clear the unused portion of a buffer when generating an error message, which might allow remote attackers to obtain sensitive information, aka "Uninitialized stack values." | |||||
| CVE-2009-3620 | 6 Canonical, Fedoraproject, Linux and 3 more | 8 Ubuntu Linux, Fedora, Linux Kernel and 5 more | 2024-02-09 | 4.9 MEDIUM | 7.8 HIGH |
| The ATI Rage 128 (aka r128) driver in the Linux kernel before 2.6.31-git11 does not properly verify Concurrent Command Engine (CCE) state initialization, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly gain privileges via unspecified ioctl calls. | |||||
| CVE-2009-0949 | 5 Apple, Canonical, Debian and 2 more | 7 Cups, Mac Os X, Mac Os X Server and 4 more | 2024-02-09 | 5.0 MEDIUM | 7.5 HIGH |
| The ippReadIO function in cups/ipp.c in cupsd in CUPS before 1.3.10 does not properly initialize memory for IPP request packets, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a scheduler request with two consecutive IPP_TAG_UNSUPPORTED tags. | |||||
| CVE-2008-4636 | 3 Novell, Opensuse, Suse | 7 Linux Desktop, Open Enterprise Server, Opensuse and 4 more | 2024-02-08 | 7.2 HIGH | N/A |
| yast2-backup 2.14.2 through 2.16.6 on SUSE Linux and Novell Linux allows local users to gain privileges via shell metacharacters in filenames used by the backup process. | |||||
| CVE-2010-1866 | 3 Opensuse, Php, Suse | 3 Opensuse, Php, Linux Enterprise | 2024-02-08 | 7.5 HIGH | 9.8 CRITICAL |
| The dechunk filter in PHP 5.3 through 5.3.2, when decoding an HTTP chunked encoding stream, allows context-dependent attackers to cause a denial of service (crash) and possibly trigger memory corruption via a negative chunk size, which bypasses a signed comparison, related to an integer overflow in the chunk size decoder. | |||||
| CVE-2009-3289 | 3 Gnome, Opensuse, Suse | 3 Glib, Opensuse, Suse Linux Enterprise Server | 2024-02-08 | 4.4 MEDIUM | 7.8 HIGH |
| The g_file_copy function in glib 2.0 sets the permissions of a target file to the permissions of a symbolic link (777), which allows user-assisted local users to modify files of other users, as demonstrated by using Nautilus to modify the permissions of the user home directory. | |||||
| CVE-2019-20916 | 4 Debian, Opensuse, Oracle and 1 more | 5 Debian Linux, Leap, Communications Cloud Native Core Network Function Cloud Native Environment and 2 more | 2024-02-08 | 5.0 MEDIUM | 7.5 HIGH |
| The pip package before 19.2 for Python allows Directory Traversal when a URL is given in an install command, because a Content-Disposition header can have ../ in a filename, as demonstrated by overwriting the /root/.ssh/authorized_keys file. This occurs in _download_http_url in _internal/download.py. | |||||
| CVE-2013-0913 | 2 Linux, Opensuse | 2 Linux Kernel, Opensuse | 2024-02-05 | 7.2 HIGH | N/A |
| Integer overflow in drivers/gpu/drm/i915/i915_gem_execbuffer.c in the i915 driver in the Direct Rendering Manager (DRM) subsystem in the Linux kernel through 3.8.3, as used in Google Chrome OS before 25.0.1364.173 and other products, allows local users to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted application that triggers many relocation copies, and potentially leads to a race condition. | |||||
| CVE-2020-28049 | 4 Debian, Fedoraproject, Opensuse and 1 more | 4 Debian Linux, Fedora, Leap and 1 more | 2024-02-03 | 3.3 LOW | 6.3 MEDIUM |
| An issue was discovered in SDDM before 0.19.0. It incorrectly starts the X server in a way that - for a short time period - allows local unprivileged users to create a connection to the X server without providing proper authentication. A local attacker can thus access X server display contents and, for example, intercept keystrokes or access the clipboard. This is caused by a race condition during Xauthority file creation. | |||||
| CVE-2010-2753 | 3 Mozilla, Opensuse, Suse | 7 Firefox, Seamonkey, Thunderbird and 4 more | 2024-02-03 | 9.3 HIGH | 8.8 HIGH |
| Integer overflow in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 allows remote attackers to execute arbitrary code via a large selection attribute in a XUL tree element, which triggers a use-after-free. | |||||