Filtered by vendor Opensuse
Subscribe
Total
3283 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2015-2648 | 6 Canonical, Debian, Mariadb and 3 more | 12 Ubuntu Linux, Debian Linux, Mariadb and 9 more | 2024-02-28 | 4.0 MEDIUM | N/A |
Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to DML. | |||||
CVE-2016-5153 | 2 Google, Opensuse | 2 Chrome, Leap | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
The Web Animations implementation in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, improperly relies on list iteration, which allows remote attackers to cause a denial of service (use-after-destruction) or possibly have unspecified other impact via a crafted web site. | |||||
CVE-2015-4625 | 3 Fedoraproject, Opensuse, Polkit Project | 3 Fedora, Opensuse, Polkit | 2024-02-28 | 4.6 MEDIUM | N/A |
Integer overflow in the authentication_agent_new_cookie function in PolicyKit (aka polkit) before 0.113 allows local users to gain privileges by creating a large number of connections, which triggers the issuance of a duplicate cookie value. | |||||
CVE-2016-0746 | 5 Apple, Canonical, Debian and 2 more | 5 Xcode, Ubuntu Linux, Debian Linux and 2 more | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
Use-after-free vulnerability in the resolver in nginx 0.6.18 through 1.8.0 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service (worker process crash) or possibly have unspecified other impact via a crafted DNS response related to CNAME response processing. | |||||
CVE-2016-5421 | 5 Canonical, Debian, Fedoraproject and 2 more | 6 Ubuntu Linux, Debian Linux, Fedora and 3 more | 2024-02-28 | 6.8 MEDIUM | 8.1 HIGH |
Use-after-free vulnerability in libcurl before 7.50.1 allows attackers to control which connection is used or possibly have unspecified other impact via unknown vectors. | |||||
CVE-2016-6153 | 3 Fedoraproject, Opensuse, Sqlite | 3 Fedora, Leap, Sqlite | 2024-02-28 | 4.6 MEDIUM | 5.9 MEDIUM |
os_unix.c in SQLite before 3.13.0 improperly implements the temporary directory search algorithm, which might allow local users to obtain sensitive information, cause a denial of service (application crash), or have unspecified other impact by leveraging use of the current working directory for temporary files. | |||||
CVE-2015-5605 | 2 Google, Opensuse | 2 Chrome, Opensuse | 2024-02-28 | 5.0 MEDIUM | N/A |
The regular-expression implementation in Google V8, as used in Google Chrome before 44.0.2403.89, mishandles interrupts, which allows remote attackers to cause a denial of service (application crash) via crafted JavaScript code, as demonstrated by an error in garbage collection during allocation of a stack-overflow exception message. | |||||
CVE-2016-1937 | 2 Mozilla, Opensuse | 3 Firefox, Leap, Opensuse | 2024-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
The protocol-handler dialog in Mozilla Firefox before 44.0 allows remote attackers to conduct clickjacking attacks via a crafted web site that triggers a single-click action in a situation where a double-click action was intended. | |||||
CVE-2016-2799 | 5 Mozilla, Opensuse, Oracle and 2 more | 7 Firefox, Firefox Esr, Leap and 4 more | 2024-02-28 | 9.3 HIGH | 8.8 HIGH |
Heap-based buffer overflow in the graphite2::Slot::setAttr function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted Graphite smart font. | |||||
CVE-2016-6132 | 3 Debian, Libgd, Opensuse | 3 Debian Linux, Libgd, Leap | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
The gdImageCreateFromTgaCtx function in the GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA file. | |||||
CVE-2015-2059 | 3 Fedoraproject, Gnu, Opensuse | 3 Fedora, Libidn, Opensuse | 2024-02-28 | 7.5 HIGH | N/A |
The stringprep_utf8_to_ucs4 function in libin before 1.31, as used in jabberd2, allows context-dependent attackers to read system memory and possibly have other unspecified impact via invalid UTF-8 characters in a string, which triggers an out-of-bounds read. | |||||
CVE-2016-5131 | 8 Apple, Canonical, Debian and 5 more | 14 Iphone Os, Mac Os X, Tvos and 11 more | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function. | |||||
CVE-2015-1288 | 4 Debian, Google, Opensuse and 1 more | 7 Debian Linux, Chrome, Opensuse and 4 more | 2024-02-28 | 6.8 MEDIUM | N/A |
The Spellcheck API implementation in Google Chrome before 44.0.2403.89 does not use an HTTPS session for downloading a Hunspell dictionary, which allows man-in-the-middle attackers to deliver incorrect spelling suggestions or possibly have unspecified other impact via a crafted file, a related issue to CVE-2015-1263. | |||||
CVE-2015-4473 | 4 Canonical, Debian, Mozilla and 1 more | 5 Ubuntu Linux, Debian Linux, Firefox and 2 more | 2024-02-28 | 10.0 HIGH | N/A |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | |||||
CVE-2016-2801 | 5 Mozilla, Opensuse, Oracle and 2 more | 7 Firefox, Firefox Esr, Leap and 4 more | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
The graphite2::TtfUtil::CmapSubtable12Lookup function in TtfUtil.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font, a different vulnerability than CVE-2016-2797. | |||||
CVE-2015-7204 | 3 Fedoraproject, Mozilla, Opensuse | 4 Fedora, Firefox, Leap and 1 more | 2024-02-28 | 6.8 MEDIUM | N/A |
Mozilla Firefox before 43.0 does not properly store the properties of unboxed objects, which allows remote attackers to execute arbitrary code via crafted JavaScript variable assignments. | |||||
CVE-2015-5218 | 3 Kernel, Opensuse, Opensuse Project | 3 Util-linux, Opensuse, Leap | 2024-02-28 | 2.1 LOW | N/A |
Buffer overflow in text-utils/colcrt.c in colcrt in util-linux before 2.27 allows local users to cause a denial of service (crash) via a crafted file, related to the page global variable. | |||||
CVE-2015-8872 | 3 Canonical, Dosfstools Project, Opensuse | 4 Ubuntu Linux, Dosfstools, Leap and 1 more | 2024-02-28 | 2.1 LOW | 6.2 MEDIUM |
The set_fat function in fat.c in dosfstools before 4.0 might allow attackers to corrupt a FAT12 filesystem or cause a denial of service (invalid memory read and crash) by writing an odd number of clusters to the third to last entry on a FAT12 filesystem, which triggers an "off-by-two error." | |||||
CVE-2015-2710 | 3 Mozilla, Novell, Opensuse | 7 Firefox, Firefox Esr, Thunderbird and 4 more | 2024-02-28 | 6.8 MEDIUM | N/A |
Heap-based buffer overflow in the SVGTextFrame class in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code via crafted SVG graphics data in conjunction with a crafted Cascading Style Sheets (CSS) token sequence. | |||||
CVE-2015-5125 | 5 Adobe, Apple, Linux and 2 more | 8 Air, Air Sdk, Air Sdk \& Compiler and 5 more | 2024-02-28 | 10.0 HIGH | N/A |
Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler before 18.0.0.199 allow attackers to cause a denial of service (vector-length corruption) or possibly have unspecified other impact via unknown vectors. |