Vulnerabilities (CVE)

Filtered by vendor Opensuse Subscribe
Filtered by product Opensuse
Total 1465 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2012-0444 5 Canonical, Debian, Mozilla and 2 more 9 Ubuntu Linux, Debian Linux, Firefox and 6 more 2024-11-21 10.0 HIGH N/A
Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 do not properly initialize nsChildView data structures, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted Ogg Vorbis file.
CVE-2012-0442 4 Debian, Mozilla, Opensuse and 1 more 8 Debian Linux, Firefox, Seamonkey and 5 more 2024-11-21 9.3 HIGH N/A
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
CVE-2012-0427 1 Opensuse 1 Opensuse 2024-11-21 7.2 HIGH N/A
yast2-add-on-creator in SUSE inst-source-utils 2008.11.26 before 2008.11.26-0.9.1 and 2012.9.13 before 2012.9.13-0.8.1 allows local users to gain privileges via a crafted (1) file name or (2) directory name.
CVE-2012-0425 1 Opensuse 1 Opensuse 2024-11-21 7.8 HIGH N/A
LanItems.ycp in save_y2logs in yast2-network before 2.24.4 in SUSE YaST writes cleartext Wi-Fi credentials to the y2log log file, which allows context-dependent attackers to obtain sensitive information by reading the (1) WIRELESS_WPA_PASSWORD or (2) WIRELESS_CLIENT_KEY_PASSWORD field.
CVE-2012-0260 5 Canonical, Debian, Imagemagick and 2 more 11 Ubuntu Linux, Debian Linux, Imagemagick and 8 more 2024-11-21 4.3 MEDIUM 6.5 MEDIUM
The JPEGWarningHandler function in coders/jpeg.c in ImageMagick before 6.7.6-3 allows remote attackers to cause a denial of service (memory consumption) via a JPEG image with a crafted sequence of restart markers.
CVE-2012-0259 4 Canonical, Debian, Imagemagick and 1 more 4 Ubuntu Linux, Debian Linux, Imagemagick and 1 more 2024-11-21 4.3 MEDIUM 6.5 MEDIUM
The GetEXIFProperty function in magick/property.c in ImageMagick before 6.7.6-3 allows remote attackers to cause a denial of service (crash) via a zero value in the component count of an EXIF XResolution tag in a JPEG file, which triggers an out-of-bounds read.
CVE-2012-0053 5 Apache, Debian, Opensuse and 2 more 12 Http Server, Debian Linux, Opensuse and 9 more 2024-11-21 4.3 MEDIUM N/A
protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request (aka 400) error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors involving a (1) long or (2) malformed header in conjunction with crafted web script.
CVE-2012-0031 5 Apache, Debian, Opensuse and 2 more 13 Http Server, Debian Linux, Opensuse and 10 more 2024-11-21 4.6 MEDIUM N/A
scoreboard.c in the Apache HTTP Server 2.2.21 and earlier might allow local users to cause a denial of service (daemon crash during shutdown) or possibly have unspecified other impact by modifying a certain type field within a scoreboard shared memory segment, leading to an invalid call to the free function.
CVE-2011-4862 8 Debian, Fedoraproject, Freebsd and 5 more 10 Debian Linux, Fedora, Freebsd and 7 more 2024-11-21 10.0 HIGH N/A
Buffer overflow in libtelnet/encrypt.c in telnetd in FreeBSD 7.3 through 9.0, MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.2 and earlier, Heimdal 1.5.1 and earlier, GNU inetutils, and possibly other products allows remote attackers to execute arbitrary code via a long encryption key, as exploited in the wild in December 2011.
CVE-2011-4093 4 Armin Burgmeier, Opensuse, Opensuse Project and 1 more 4 Net6, Opensuse, Opensuse and 1 more 2024-11-21 5.8 MEDIUM N/A
Integer overflow in inc/server.hpp in libnet6 (aka net6) before 1.3.14 might allow remote attackers to hijack connections and gain privileges as other users by making a large number of connections until the overflow occurs and an ID of another user is provided.
CVE-2011-4091 3 Armin Burgmeier, Opensuse, Oracle 3 Net6, Opensuse, Solaris 2024-11-21 5.0 MEDIUM N/A
The libobby server in inc/server.hpp in libnet6 (aka net6) before 1.3.14 does not perform authentication before checking the user name, which allows remote attackers to obtain sensitive information such as server-usage patterns by a particular user and color preferences.
CVE-2011-3659 3 Mozilla, Opensuse, Suse 7 Firefox, Seamonkey, Thunderbird and 4 more 2024-11-21 9.3 HIGH N/A
Use-after-free vulnerability in Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 might allow remote attackers to execute arbitrary code via vectors related to incorrect AttributeChildRemoved notifications that affect access to removed nsDOMAttribute child nodes.
CVE-2011-3377 3 Canonical, Opensuse, Redhat 3 Ubuntu Linux, Opensuse, Icedtea-web 2024-11-21 4.3 MEDIUM N/A
The web browser plug-in in IcedTea-Web 1.0.x before 1.0.6 and 1.1.x before 1.1.4 allows remote attackers to bypass the Same Origin Policy (SOP) and execute arbitrary script or establish network connections to unintended hosts via an applet whose origin has the same second-level domain, but a different sub-domain than the targeted domain.
CVE-2011-3193 5 Canonical, Gnome, Opensuse and 2 more 8 Ubuntu Linux, Pango, Opensuse and 5 more 2024-11-21 9.3 HIGH N/A
Heap-based buffer overflow in the Lookup_MarkMarkPos function in the HarfBuzz module (harfbuzz-gpos.c), as used by Qt before 4.7.4 and Pango, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted font file.
CVE-2011-3192 4 Apache, Canonical, Opensuse and 1 more 5 Http Server, Ubuntu Linux, Opensuse and 2 more 2024-11-21 7.8 HIGH N/A
The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a different vulnerability than CVE-2007-0086.
CVE-2011-3098 3 Google, Microsoft, Opensuse 3 Chrome, Windows, Opensuse 2024-11-21 7.2 HIGH N/A
Google Chrome before 19.0.1084.46 on Windows uses an incorrect search path for the Windows Media Player plug-in, which might allow local users to gain privileges via a Trojan horse plug-in in an unspecified directory.
CVE-2011-3079 3 Google, Mozilla, Opensuse 6 Chrome, Firefox, Firefox Esr and 3 more 2024-11-21 10.0 HIGH N/A
The Inter-process Communication (IPC) implementation in Google Chrome before 18.0.1025.168, as used in Mozilla Firefox before 38.0 and other products, does not properly validate messages, which has unspecified impact and attack vectors.
CVE-2011-3056 3 Apple, Google, Opensuse 4 Iphone Os, Safari, Chrome and 1 more 2024-11-21 6.8 MEDIUM N/A
Google Chrome before 17.0.963.83 allows remote attackers to bypass the Same Origin Policy via vectors involving a "magic iframe."
CVE-2011-3055 2 Google, Opensuse 2 Chrome, Opensuse 2024-11-21 4.3 MEDIUM N/A
The browser native UI in Google Chrome before 17.0.963.83 does not require user confirmation before an unpacked extension installation, which allows user-assisted remote attackers to have an unspecified impact via a crafted extension.
CVE-2011-3054 2 Google, Opensuse 2 Chrome, Opensuse 2024-11-21 4.3 MEDIUM N/A
The WebUI privilege implementation in Google Chrome before 17.0.963.83 does not properly perform isolation, which allows remote attackers to bypass intended access restrictions via unspecified vectors.