Vulnerabilities (CVE)

Filtered by vendor Opensuse Subscribe
Filtered by product Opensuse
Total 1465 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2015-5333 2 Openbsd, Opensuse 2 Libressl, Opensuse 2024-02-28 5.0 MEDIUM 7.5 HIGH
Memory leak in the OBJ_obj2txt function in LibreSSL before 2.3.1 allows remote attackers to cause a denial of service (memory consumption) via a large number of ASN.1 object identifiers in X.509 certificates.
CVE-2013-6365 3 Debian, Horde, Opensuse 3 Debian Linux, Groupware, Opensuse 2024-02-28 2.6 LOW 5.3 MEDIUM
Horde Groupware Web mail 5.1.2 has CSRF with requests to change permissions
CVE-2015-2326 4 Mariadb, Opensuse, Pcre and 1 more 4 Mariadb, Opensuse, Pcre and 1 more 2024-02-28 4.3 MEDIUM 5.5 MEDIUM
The pcre_compile2 function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code and cause a denial of service (out-of-bounds read) via regular expression with a group containing both a forward referencing subroutine call and a recursive back reference, as demonstrated by "((?+1)(\1))/".
CVE-2013-3718 4 Debian, Gnome, Opensuse and 1 more 4 Debian Linux, Evince, Opensuse and 1 more 2024-02-28 4.3 MEDIUM 5.5 MEDIUM
evince is missing a check on number of pages which can lead to a segmentation fault
CVE-2013-2637 2 Opensuse, Otrs 3 Opensuse, Faq, Otrs Itsm 2024-02-28 4.3 MEDIUM 6.1 MEDIUM
A Cross-Site Scripting (XSS) Vulnerability exists in OTRS ITSM prior to 3.2.4, 3.1.8, and 3.0.7 and FAQ prior to 2.1.4 and 2.0.8 via changes, workorder items, and FAQ articles, which could let a remote malicious user execute arbitrary code.
CVE-2013-7370 4 Debian, Opensuse, Redhat and 1 more 4 Debian Linux, Opensuse, Openshift and 1 more 2024-02-28 4.3 MEDIUM 6.1 MEDIUM
node-connect before 2.8.1 has XSS in the Sencha Labs Connect middleware
CVE-2011-1490 3 Debian, Opensuse, Rsyslog 3 Debian Linux, Opensuse, Rsyslog 2024-02-28 2.1 LOW 5.5 MEDIUM
A memory leak in rsyslog before 5.7.6 was found in the way deamon processed log messages are logged when multiple rulesets were used and some output batches contained messages belonging to more than one ruleset. A local attacker could cause denial of the rsyslogd daemon service via a log message belonging to more than one ruleset
CVE-2010-4661 5 Debian, Fedoraproject, Opensuse and 2 more 5 Debian Linux, Fedora, Opensuse and 2 more 2024-02-28 4.6 MEDIUM 7.8 HIGH
udisks before 1.0.3 allows a local user to load arbitrary Linux kernel modules.
CVE-2006-7246 3 Gnome, Opensuse, Suse 4 Networkmanager, Opensuse, Linux Enterprise Desktop and 1 more 2024-02-28 3.2 LOW 6.8 MEDIUM
NetworkManager 0.9.x does not pin a certificate's subject to an ESSID when 802.11X authentication is used.
CVE-2014-8178 2 Docker, Opensuse 3 Cs Engine, Docker, Opensuse 2024-02-28 1.9 LOW 5.5 MEDIUM
Docker Engine before 1.8.3 and CS Docker Engine before 1.6.2-CS7 do not use a globally unique identifier to store image layers, which makes it easier for attackers to poison the image cache via a crafted image in pull or push commands.
CVE-2014-2387 3 Debian, Opensuse, Pen Project 3 Debian Linux, Opensuse, Pen 2024-02-28 4.6 MEDIUM 4.4 MEDIUM
Pen 0.18.0 has Insecure Temporary File Creation vulnerabilities
CVE-2016-5314 4 Debian, Libtiff, Opensuse and 1 more 5 Debian Linux, Libtiff, Leap and 2 more 2024-02-28 6.8 MEDIUM 8.8 HIGH
Buffer overflow in the PixarLogDecode function in tif_pixarlog.c in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted TIFF image, as demonstrated by overwriting the vgetparent function pointer with rgb2ycbcr.
CVE-2014-0158 2 Opensuse, Uclouvain 2 Opensuse, Openjpeg 2024-02-28 6.8 MEDIUM 8.8 HIGH
Heap-based buffer overflow in the JPEG2000 image tile decoder in OpenJPEG before 1.5.2 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file because of incorrect j2k_decode, j2k_read_eoc, and tcd_decode_tile interaction, a related issue to CVE-2013-6045. NOTE: this is not a duplicate of CVE-2013-1447, because the scope of CVE-2013-1447 was specifically defined in http://openwall.com/lists/oss-security/2013/12/04/6 as only "null pointer dereferences, division by zero, and anything that would just fit as DoS."
CVE-2014-5220 2 Mdadm Project, Opensuse 2 Mdadm, Opensuse 2024-02-28 7.2 HIGH 7.8 HIGH
The mdcheck script of the mdadm package for openSUSE 13.2 prior to version 3.3.1-5.14.1 does not properly sanitize device names, which allows local attackers to execute arbitrary commands as root.
CVE-2015-5221 4 Fedoraproject, Jasper Project, Opensuse and 1 more 5 Fedora, Jasper, Leap and 2 more 2024-02-28 4.3 MEDIUM 5.5 MEDIUM
Use-after-free vulnerability in the mif_process_cmpt function in libjasper/mif/mif_cod.c in the JasPer JPEG-2000 library before 1.900.2 allows remote attackers to cause a denial of service (crash) via a crafted JPEG 2000 image file.
CVE-2014-8127 2 Libtiff, Opensuse 2 Libtiff, Opensuse 2024-02-28 4.3 MEDIUM 6.5 MEDIUM
LibTIFF 4.0.3 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted TIFF image to the (1) checkInkNamesString function in tif_dir.c in the thumbnail tool, (2) compresscontig function in tiff2bw.c in the tiff2bw tool, (3) putcontig8bitCIELab function in tif_getimage.c in the tiff2rgba tool, LZWPreDecode function in tif_lzw.c in the (4) tiff2ps or (5) tiffdither tool, (6) NeXTDecode function in tif_next.c in the tiffmedian tool, or (7) TIFFWriteDirectoryTagLongLong8Array function in tif_dirwrite.c in the tiffset tool.
CVE-2014-4616 4 Opensuse, Opensuse Project, Python and 1 more 4 Opensuse, Opensuse, Python and 1 more 2024-02-28 4.3 MEDIUM 5.9 MEDIUM
Array index error in the scanstring function in the _json module in Python 2.7 through 3.5 and simplejson before 2.6.1 allows context-dependent attackers to read arbitrary process memory via a negative index value in the idx argument to the raw_decode function.
CVE-2015-5300 7 Canonical, Debian, Fedoraproject and 4 more 20 Ubuntu Linux, Debian Linux, Fedora and 17 more 2024-02-28 5.0 MEDIUM 7.5 HIGH
The panic_gate check in NTP before 4.2.8p5 is only re-enabled after the first change to the system clock that was greater than 128 milliseconds by default, which allows remote attackers to set NTP to an arbitrary time when started with the -g option, or to alter the time by up to 900 seconds otherwise by responding to an unspecified number of requests from trusted sources, and leveraging a resulting denial of service (abort and restart).
CVE-2015-5203 4 Fedoraproject, Jasper Project, Opensuse and 1 more 5 Fedora, Jasper, Leap and 2 more 2024-02-28 4.3 MEDIUM 5.5 MEDIUM
Double free vulnerability in the jasper_image_stop_load function in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via a crafted JPEG 2000 image file.
CVE-2016-1254 5 Debian, Fedoraproject, Opensuse and 2 more 6 Debian Linux, Fedora, Leap and 3 more 2024-02-28 5.0 MEDIUM 7.5 HIGH
Tor before 0.2.8.12 might allow remote attackers to cause a denial of service (client crash) via a crafted hidden service descriptor.