Filtered by vendor Opensuse
Subscribe
Total
3251 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-18900 | 2 Opensuse, Suse | 3 Libzypp, Caas Platform, Suse Linux Enterprise Server | 2020-02-27 | 2.1 LOW | 3.3 LOW |
| : Incorrect Default Permissions vulnerability in libzypp of SUSE CaaS Platform 3.0, SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15 allowed local attackers to read a cookie store used by libzypp, exposing private cookies. This issue affects: SUSE CaaS Platform 3.0 libzypp versions prior to 16.21.2-27.68.1. SUSE Linux Enterprise Server 12 libzypp versions prior to 16.21.2-2.45.1. SUSE Linux Enterprise Server 15 17.19.0-3.34.1. | |||||
| CVE-2017-5930 | 2 Opensuse, Postfixadmin Project | 2 Leap, Postfixadmin | 2020-02-26 | 3.5 LOW | 2.7 LOW |
| The AliasHandler component in PostfixAdmin before 3.0.2 allows remote authenticated domain admins to delete protected aliases via the delete parameter to delete.php, involving a missing permission check. | |||||
| CVE-2013-2637 | 2 Opensuse, Otrs | 3 Opensuse, Faq, Otrs Itsm | 2020-02-18 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Cross-Site Scripting (XSS) Vulnerability exists in OTRS ITSM prior to 3.2.4, 3.1.8, and 3.0.7 and FAQ prior to 2.1.4 and 2.0.8 via changes, workorder items, and FAQ articles, which could let a remote malicious user execute arbitrary code. | |||||
| CVE-2014-1958 | 3 Canonical, Imagemagick, Opensuse | 3 Ubuntu Linux, Imagemagick, Opensuse | 2020-02-12 | 6.8 MEDIUM | 8.8 HIGH |
| Buffer overflow in the DecodePSDPixels function in coders/psd.c in ImageMagick before 6.8.8-5 might allow remote attackers to execute arbitrary code via a crafted PSD image, involving the L%06ld string, a different vulnerability than CVE-2014-2030. | |||||
| CVE-2014-2030 | 3 Canonical, Imagemagick, Opensuse | 3 Ubuntu Linux, Imagemagick, Opensuse | 2020-02-11 | 6.8 MEDIUM | 8.8 HIGH |
| Stack-based buffer overflow in the WritePSDImage function in coders/psd.c in ImageMagick, possibly 6.8.8-5, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PSD image, involving the L%06ld string, a different vulnerability than CVE-2014-1947. | |||||
| CVE-2016-1000104 | 2 Apache, Opensuse | 3 Mod Fcgid, Leap, Opensuse | 2020-02-03 | 6.5 MEDIUM | 8.8 HIGH |
| A security Bypass vulnerability exists in the FcgidPassHeader Proxy in mod_fcgid through 2016-07-07. | |||||
| CVE-2015-7542 | 3 Aquamaniac, Debian, Opensuse | 3 Gwenhywfar, Debian Linux, Leap | 2020-02-03 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability exists in libgwenhywfar through 4.12.0 due to the usage of outdated bundled CA certificates. | |||||
| CVE-2006-7246 | 3 Gnome, Opensuse, Suse | 4 Networkmanager, Opensuse, Linux Enterprise Desktop and 1 more | 2020-01-31 | 3.2 LOW | 6.8 MEDIUM |
| NetworkManager 0.9.x does not pin a certificate's subject to an ESSID when 802.11X authentication is used. | |||||
| CVE-2015-5334 | 2 Openbsd, Opensuse | 2 Libressl, Opensuse | 2020-01-30 | 7.5 HIGH | 9.8 CRITICAL |
| Off-by-one error in the OBJ_obj2txt function in LibreSSL before 2.3.1 allows remote attackers to cause a denial of service (program crash) or possible execute arbitrary code via a crafted X.509 certificate, which triggers a stack-based buffer overflow. Note: this vulnerability exists because of an incorrect fix for CVE-2014-3508. | |||||
| CVE-2015-5333 | 2 Openbsd, Opensuse | 2 Libressl, Opensuse | 2020-01-29 | 5.0 MEDIUM | 7.5 HIGH |
| Memory leak in the OBJ_obj2txt function in LibreSSL before 2.3.1 allows remote attackers to cause a denial of service (memory consumption) via a large number of ASN.1 object identifiers in X.509 certificates. | |||||
| CVE-2019-19727 | 2 Opensuse, Schedmd | 2 Leap, Slurm | 2020-01-23 | 2.1 LOW | 5.5 MEDIUM |
| SchedMD Slurm before 18.08.9 and 19.x before 19.05.5 has weak slurmdbd.conf permissions. | |||||
| CVE-2016-3119 | 2 Mit, Opensuse | 3 Kerberos 5, Leap, Opensuse | 2020-01-21 | 3.5 LOW | 5.3 MEDIUM |
| The process_db_args function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the LDAP KDB module in kadmind in MIT Kerberos 5 (aka krb5) through 1.13.4 and 1.14.x through 1.14.1 mishandles the DB argument, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request to modify a principal. | |||||
| CVE-2019-17008 | 2 Mozilla, Opensuse | 4 Firefox, Firefox Esr, Thunderbird and 1 more | 2020-01-16 | 6.8 MEDIUM | 8.8 HIGH |
| When using nested workers, a use-after-free could occur during worker destruction. This resulted in a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71. | |||||
| CVE-2012-2142 | 4 Freedesktop, Opensuse, Redhat and 1 more | 4 Poppler, Opensuse, Enterprise Linux and 1 more | 2020-01-15 | 6.8 MEDIUM | 7.8 HIGH |
| The error function in Error.cc in poppler before 0.21.4 allows remote attackers to execute arbitrary commands via a PDF containing an escape sequence for a terminal emulator. | |||||
| CVE-2016-9453 | 3 Debian, Libtiff, Opensuse | 3 Debian Linux, Libtiff, Opensuse | 2019-12-31 | 6.8 MEDIUM | 7.8 HIGH |
| The t2p_readwrite_pdf_image_tile function in LibTIFF allows remote attackers to cause a denial of service (out-of-bounds write and crash) or possibly execute arbitrary code via a JPEG file with a TIFFTAG_JPEGTABLES of length one. | |||||
| CVE-2016-0649 | 6 Debian, Ibm, Mariadb and 3 more | 7 Debian Linux, Powerkvm, Mariadb and 4 more | 2019-12-27 | 4.0 MEDIUM | 5.5 MEDIUM |
| Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect availability via vectors related to PS. | |||||
| CVE-2016-1935 | 3 Mozilla, Opensuse, Oracle | 5 Firefox, Firefox Esr, Leap and 2 more | 2019-12-27 | 9.3 HIGH | 8.8 HIGH |
| Buffer overflow in the BufferSubData function in Mozilla Firefox before 44.0 and Firefox ESR 38.x before 38.6 allows remote attackers to execute arbitrary code via crafted WebGL content. | |||||
| CVE-2016-2797 | 5 Mozilla, Opensuse, Oracle and 2 more | 7 Firefox, Firefox Esr, Leap and 4 more | 2019-12-27 | 6.8 MEDIUM | 8.8 HIGH |
| The graphite2::TtfUtil::CmapSubtable12Lookup function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font, a different vulnerability than CVE-2016-2801. | |||||
| CVE-2016-1962 | 3 Mozilla, Opensuse, Oracle | 4 Firefox, Firefox Esr, Opensuse and 1 more | 2019-12-27 | 10.0 HIGH | 9.8 CRITICAL |
| Use-after-free vulnerability in the mozilla::DataChannelConnection::Close function in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code by leveraging mishandling of WebRTC data-channel connections. | |||||
| CVE-2016-0647 | 6 Debian, Ibm, Mariadb and 3 more | 7 Debian Linux, Powerkvm, Mariadb and 4 more | 2019-12-27 | 4.0 MEDIUM | 5.5 MEDIUM |
| Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows local users to affect availability via vectors related to FTS. | |||||