Filtered by vendor Opensuse
Subscribe
Total
3283 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2016-5706 | 2 Opensuse, Phpmyadmin | 3 Leap, Opensuse, Phpmyadmin | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
js/get_scripts.js.php in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allows remote attackers to cause a denial of service via a large array in the scripts parameter. | |||||
CVE-2016-3186 | 2 Libtiff, Opensuse | 2 Libtiff, Opensuse | 2024-02-28 | 5.0 MEDIUM | 6.2 MEDIUM |
Buffer overflow in the readextension function in gif2tiff.c in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (application crash) via a crafted GIF file. | |||||
CVE-2016-6161 | 3 Debian, Libgd, Opensuse | 3 Debian Linux, Libgd, Leap | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
The output function in gd_gif_out.c in the GD Graphics Library (aka libgd) allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted image. | |||||
CVE-2016-4143 | 8 Adobe, Apple, Google and 5 more | 16 Flash Player, Flash Player Desktop Runtime, Macos and 13 more | 2024-02-28 | 9.3 HIGH | 8.8 HIGH |
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083. | |||||
CVE-2015-3227 | 2 Opensuse, Rubyonrails | 2 Opensuse, Rails | 2024-02-28 | 5.0 MEDIUM | N/A |
The (1) jdom.rb and (2) rexml.rb components in Active Support in Ruby on Rails before 4.1.11 and 4.2.x before 4.2.2, when JDOM or REXML is enabled, allow remote attackers to cause a denial of service (SystemStackError) via a large XML document depth. | |||||
CVE-2016-1656 | 3 Google, Opensuse, Suse | 4 Android, Chrome, Leap and 1 more | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
The download implementation in Google Chrome before 50.0.2661.75 on Android allows remote attackers to bypass intended pathname restrictions via unspecified vectors. | |||||
CVE-2016-3068 | 6 Debian, Fedoraproject, Mercurial and 3 more | 14 Debian Linux, Fedora, Mercurial and 11 more | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a crafted git ext:: URL when cloning a subrepository. | |||||
CVE-2016-1682 | 6 Canonical, Debian, Google and 3 more | 9 Ubuntu Linux, Debian Linux, Chrome and 6 more | 2024-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
The ServiceWorkerContainer::registerServiceWorkerImpl function in WebKit/Source/modules/serviceworkers/ServiceWorkerContainer.cpp in Blink, as used in Google Chrome before 51.0.2704.63, allows remote attackers to bypass the Content Security Policy (CSP) protection mechanism via a ServiceWorker registration. | |||||
CVE-2014-9765 | 4 Canonical, Debian, Opensuse and 1 more | 4 Ubuntu Linux, Debian Linux, Opensuse and 1 more | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
Buffer overflow in the main_get_appheader function in xdelta3-main.h in xdelta3 before 3.0.9 allows remote attackers to execute arbitrary code via a crafted input file. | |||||
CVE-2015-2141 | 2 Cryptopp, Opensuse | 2 Crypto\+\+ Library, Opensuse | 2024-02-28 | 5.0 MEDIUM | N/A |
The InvertibleRWFunction::CalculateInverse function in rw.cpp in libcrypt++ 5.6.2 does not properly blind private key operations for the Rabin-Williams digital signature algorithm, which allows remote attackers to obtain private keys via a timing attack. | |||||
CVE-2015-0794 | 2 Dracut Project, Opensuse | 2 Dracut, Opensuse | 2024-02-28 | 3.6 LOW | N/A |
modules.d/90crypt/module-setup.sh in the dracut package before 037-17.30.1 in openSUSE 13.2 allows local users to have unspecified impact via a symlink attack on /tmp/dracut_block_uuid.map. | |||||
CVE-2016-1654 | 5 Canonical, Debian, Google and 2 more | 5 Ubuntu Linux, Debian Linux, Chrome and 2 more | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
The media subsystem in Google Chrome before 50.0.2661.75 does not initialize an unspecified data structure, which allows remote attackers to cause a denial of service (invalid read operation) via unknown vectors. | |||||
CVE-2014-9756 | 3 Canonical, Libsndfile Project, Opensuse | 4 Ubuntu Linux, Libsndfile, Leap and 1 more | 2024-02-28 | 5.0 MEDIUM | N/A |
The psf_fwrite function in file_io.c in libsndfile allows attackers to cause a denial of service (divide-by-zero error and application crash) via unspecified vectors related to the headindex variable. | |||||
CVE-2016-1956 | 4 Linux, Mozilla, Novell and 1 more | 5 Linux Kernel, Firefox, Suse Package Hub For Suse Linux Enterprise and 2 more | 2024-02-28 | 7.1 HIGH | 6.5 MEDIUM |
Mozilla Firefox before 45.0 on Linux, when an Intel video driver is used, allows remote attackers to cause a denial of service (memory consumption or stack memory corruption) by triggering use of a WebGL shader. | |||||
CVE-2016-4132 | 8 Adobe, Apple, Google and 5 more | 16 Flash Player, Flash Player Desktop Runtime, Macos and 13 more | 2024-02-28 | 9.3 HIGH | 8.8 HIGH |
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083. | |||||
CVE-2016-0502 | 3 Mariadb, Opensuse, Oracle | 4 Mariadb, Leap, Opensuse and 1 more | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
Unspecified vulnerability in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer. | |||||
CVE-2016-1286 | 7 Canonical, Debian, Fedoraproject and 4 more | 47 Ubuntu Linux, Debian Linux, Fedora and 44 more | 2024-02-28 | 5.0 MEDIUM | 8.6 HIGH |
named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted signature record for a DNAME record, related to db.c and resolver.c. | |||||
CVE-2016-4128 | 8 Adobe, Apple, Google and 5 more | 14 Flash Player, Flash Player Desktop Runtime, Mac Os X and 11 more | 2024-02-28 | 9.3 HIGH | 8.8 HIGH |
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083. | |||||
CVE-2016-1285 | 7 Canonical, Debian, Fedoraproject and 4 more | 47 Ubuntu Linux, Debian Linux, Fedora and 44 more | 2024-02-28 | 4.3 MEDIUM | 6.8 MEDIUM |
named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 does not properly handle DNAME records when parsing fetch reply messages, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a malformed packet to the rndc (aka control channel) interface, related to alist.c and sexpr.c. | |||||
CVE-2016-1676 | 5 Debian, Google, Opensuse and 2 more | 8 Debian Linux, Chrome, Leap and 5 more | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
extensions/renderer/resources/binding.js in the extension bindings in Google Chrome before 51.0.2704.63 does not properly use prototypes, which allows remote attackers to bypass the Same Origin Policy via unspecified vectors. |