Filtered by vendor Opensuse
Subscribe
Total
3283 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2015-0796 | 1 Opensuse | 1 Open Buildservice | 2024-02-28 | 4.6 MEDIUM | 7.8 HIGH |
In open buildservice 2.6 before 2.6.3, 2.5 before 2.5.7 and 2.4 before 2.4.8 the source service patch application could generate non-standard files like symlinks or device nodes, which could allow buildservice users to break of confinement or cause denial of service attacks on the source service. | |||||
CVE-2014-0594 | 1 Opensuse | 1 Open Build Service | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
In the Open Build Service (OBS) before version 2.4.6 the CSRF protection is incorrectly disabled in the web interface, allowing for requests without the user's consent. | |||||
CVE-2018-11685 | 3 Canonical, Liblouis, Opensuse | 3 Ubuntu Linux, Liblouis, Leap | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
Liblouis 3.5.0 has a stack-based Buffer Overflow in the function compileHyphenation in compileTranslationTable.c. | |||||
CVE-2014-0158 | 2 Opensuse, Uclouvain | 2 Opensuse, Openjpeg | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
Heap-based buffer overflow in the JPEG2000 image tile decoder in OpenJPEG before 1.5.2 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file because of incorrect j2k_decode, j2k_read_eoc, and tcd_decode_tile interaction, a related issue to CVE-2013-6045. NOTE: this is not a duplicate of CVE-2013-1447, because the scope of CVE-2013-1447 was specifically defined in http://openwall.com/lists/oss-security/2013/12/04/6 as only "null pointer dereferences, division by zero, and anything that would just fit as DoS." | |||||
CVE-2018-11212 | 7 Canonical, Debian, Ijg and 4 more | 13 Ubuntu Linux, Debian Linux, Libjpeg and 10 more | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
An issue was discovered in libjpeg 9a and 9d. The alloc_sarray function in jmemmgr.c allows remote attackers to cause a denial of service (divide-by-zero error) via a crafted file. | |||||
CVE-2011-4182 | 1 Opensuse | 1 Sysconfig | 2024-02-28 | 6.8 MEDIUM | 8.1 HIGH |
Missing escaping of ESSID values in sysconfig of SUSE Linux Enterprise allows attackers controlling an access point to cause execute arbitrary code. Affected releases are sysconfig prior to 0.83.7-2.1. | |||||
CVE-2018-11684 | 3 Canonical, Liblouis, Opensuse | 3 Ubuntu Linux, Liblouis, Leap | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
Liblouis 3.5.0 has a stack-based Buffer Overflow in the function includeFile in compileTranslationTable.c. | |||||
CVE-2018-1000613 | 4 Bouncycastle, Netapp, Opensuse and 1 more | 24 Legion-of-the-bouncy-castle-java-crytography-api, Oncommand Workflow Automation, Leap and 21 more | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
Legion of the Bouncy Castle Legion of the Bouncy Castle Java Cryptography APIs 1.58 up to but not including 1.60 contains a CWE-470: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in XMSS/XMSS^MT private key deserialization that can result in Deserializing an XMSS/XMSS^MT private key can result in the execution of unexpected code. This attack appear to be exploitable via A handcrafted private key can include references to unexpected classes which will be picked up from the class path for the executing application. This vulnerability appears to have been fixed in 1.60 and later. | |||||
CVE-2011-4181 | 1 Opensuse | 1 Open Build Service | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
A vulnerability in open build service allows remote attackers to gain access to source files even though source access is disabled. Affected releases are SUSE open build service up to and including version 2.1.15 (for 2.1) and before version 2.3. | |||||
CVE-2018-10861 | 4 Ceph, Debian, Opensuse and 1 more | 9 Ceph, Debian Linux, Leap and 6 more | 2024-02-28 | 5.5 MEDIUM | 8.1 HIGH |
A flaw was found in the way ceph mon handles user requests. Any authenticated ceph user having read access to ceph can delete, create ceph storage pools and corrupt snapshot images. Ceph branches master, mimic, luminous and jewel are believed to be affected. | |||||
CVE-2018-10380 | 3 Debian, Kde, Opensuse | 3 Debian Linux, Plasma, Leap | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
kwallet-pam in KDE KWallet before 5.12.6 allows local users to obtain ownership of arbitrary files via a symlink attack. | |||||
CVE-2014-5220 | 2 Mdadm Project, Opensuse | 2 Mdadm, Opensuse | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
The mdcheck script of the mdadm package for openSUSE 13.2 prior to version 3.3.1-5.14.1 does not properly sanitize device names, which allows local attackers to execute arbitrary commands as root. | |||||
CVE-2018-11440 | 3 Canonical, Liblouis, Opensuse | 3 Ubuntu Linux, Liblouis, Leap | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
Liblouis 3.5.0 has a stack-based Buffer Overflow in the function parseChars in compileTranslationTable.c. | |||||
CVE-2018-7858 | 4 Canonical, Opensuse, Qemu and 1 more | 9 Ubuntu Linux, Leap, Qemu and 6 more | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
Quick Emulator (aka QEMU), when built with the Cirrus CLGD 54xx VGA Emulator support, allows local guest OS privileged users to cause a denial of service (out-of-bounds access and QEMU process crash) by leveraging incorrect region calculation when updating VGA display. | |||||
CVE-2018-13099 | 4 Canonical, Debian, Linux and 1 more | 4 Ubuntu Linux, Debian Linux, Linux Kernel and 1 more | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
An issue was discovered in fs/f2fs/inline.c in the Linux kernel through 4.4. A denial of service (out-of-bounds memory access and BUG) can occur for a modified f2fs filesystem image in which an inline inode contains an invalid reserved blkaddr. | |||||
CVE-2017-9268 | 1 Opensuse | 1 Open Build Service | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
In the open build service before 201707022 the wipetrigger and rebuild actions checked the wrong project for permissions, allowing authenticated users to cause operations on projects where they did not have permissions leading to denial of service (resource consumption). | |||||
CVE-2016-9961 | 5 Fedoraproject, Game-music-emu Project, Novell and 2 more | 7 Fedora, Game-music-emu, Suse Linux Enterprise Desktop and 4 more | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
game-music-emu before 0.6.1 mishandles unspecified integer values. | |||||
CVE-2015-5221 | 4 Fedoraproject, Jasper Project, Opensuse and 1 more | 5 Fedora, Jasper, Leap and 2 more | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
Use-after-free vulnerability in the mif_process_cmpt function in libjasper/mif/mif_cod.c in the JasPer JPEG-2000 library before 1.900.2 allows remote attackers to cause a denial of service (crash) via a crafted JPEG 2000 image file. | |||||
CVE-2016-9960 | 5 Fedoraproject, Game-music-emu Project, Novell and 2 more | 7 Fedora, Game-music-emu, Suse Linux Enterprise Desktop and 4 more | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
game-music-emu before 0.6.1 allows local users to cause a denial of service (divide by zero and process crash). | |||||
CVE-2014-8127 | 2 Libtiff, Opensuse | 2 Libtiff, Opensuse | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
LibTIFF 4.0.3 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted TIFF image to the (1) checkInkNamesString function in tif_dir.c in the thumbnail tool, (2) compresscontig function in tiff2bw.c in the tiff2bw tool, (3) putcontig8bitCIELab function in tif_getimage.c in the tiff2rgba tool, LZWPreDecode function in tif_lzw.c in the (4) tiff2ps or (5) tiffdither tool, (6) NeXTDecode function in tif_next.c in the tiffmedian tool, or (7) TIFFWriteDirectoryTagLongLong8Array function in tif_dirwrite.c in the tiffset tool. |