Filtered by vendor Opensuse
Subscribe
Total
3287 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-3629 | 2 Docker, Opensuse | 2 Libcontainer, Opensuse | 2025-04-12 | 7.2 HIGH | 7.8 HIGH |
| Libcontainer 1.6.0, as used in Docker Engine, allows local users to escape containerization ("mount namespace breakout") and write to arbitrary file on the host system via a symlink attack in an image when respawning a container. | |||||
| CVE-2014-3638 | 3 D-bus Project, Freedesktop, Opensuse | 3 D-bus, Dbus, Opensuse | 2025-04-12 | 2.1 LOW | N/A |
| The bus_connections_check_reply function in config-parser.c in D-Bus before 1.6.24 and 1.8.x before 1.8.8 allows local users to cause a denial of service (CPU consumption) via a large number of method calls. | |||||
| CVE-2015-2712 | 2 Mozilla, Opensuse | 2 Firefox, Opensuse | 2025-04-12 | 7.5 HIGH | N/A |
| The asm.js implementation in Mozilla Firefox before 38.0 does not properly determine heap lengths during identification of cases in which bounds checking may be safely skipped, which allows remote attackers to trigger out-of-bounds write operations and possibly execute arbitrary code, or trigger out-of-bounds read operations and possibly obtain sensitive information from process memory, via crafted JavaScript. | |||||
| CVE-2016-3679 | 3 Canonical, Google, Opensuse | 4 Ubuntu Linux, Chrome, V8 and 1 more | 2025-04-12 | 9.3 HIGH | 8.8 HIGH |
| Multiple unspecified vulnerabilities in Google V8 before 4.9.385.33, as used in Google Chrome before 49.0.2623.108, allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | |||||
| CVE-2016-2801 | 5 Mozilla, Opensuse, Oracle and 2 more | 6 Firefox, Leap, Opensuse and 3 more | 2025-04-12 | 6.8 MEDIUM | 8.8 HIGH |
| The graphite2::TtfUtil::CmapSubtable12Lookup function in TtfUtil.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font, a different vulnerability than CVE-2016-2797. | |||||
| CVE-2015-0802 | 3 Canonical, Mozilla, Opensuse | 3 Ubuntu Linux, Firefox, Opensuse | 2025-04-12 | 5.0 MEDIUM | N/A |
| Mozilla Firefox before 37.0 relies on docshell type information instead of page principal information for Window.webidl access control, which might allow remote attackers to execute arbitrary JavaScript code with chrome privileges via certain content navigation that leverages the reachability of a privileged window with an unintended persistence of access to restricted internal methods. | |||||
| CVE-2014-9323 | 4 Canonical, Debian, Firebirdsql and 1 more | 4 Ubuntu Linux, Debian Linux, Firebird and 1 more | 2025-04-12 | 5.0 MEDIUM | N/A |
| The xdr_status_vector function in Firebird before 2.1.7 and 2.5.x before 2.5.3 SU1 allows remote attackers to cause a denial of service (NULL pointer dereference, segmentation fault, and crash) via an op_response action with a non-empty status. | |||||
| CVE-2014-4165 | 2 Ntop, Opensuse | 2 Ntop, Opensuse | 2025-04-12 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in ntop allows remote attackers to inject arbitrary web script or HTML via the title parameter in a list action to plugins/rrdPlugin. | |||||
| CVE-2014-6300 | 2 Opensuse, Phpmyadmin | 2 Opensuse, Phpmyadmin | 2025-04-12 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the micro history implementation in phpMyAdmin 4.0.x before 4.0.10.3, 4.1.x before 4.1.14.4, and 4.2.x before 4.2.8.1 allows remote attackers to inject arbitrary web script or HTML, and consequently conduct a cross-site request forgery (CSRF) attack to create a root account, via a crafted URL, related to js/ajax.js. | |||||
| CVE-2016-2039 | 3 Fedoraproject, Opensuse, Phpmyadmin | 4 Fedora, Leap, Opensuse and 1 more | 2025-04-12 | 5.0 MEDIUM | 5.3 MEDIUM |
| libraries/session.inc.php in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 does not properly generate CSRF token values, which allows remote attackers to bypass intended access restrictions by predicting a value. | |||||
| CVE-2014-7941 | 4 Chromium, Google, Opensuse and 1 more | 7 Chromium, Chrome, Opensuse and 4 more | 2025-04-12 | 5.0 MEDIUM | N/A |
| The SelectionOwner::ProcessTarget function in ui/base/x/selection_owner.cc in the UI implementation in Google Chrome before 40.0.2214.91 uses an incorrect data type for a certain length value, which allows remote attackers to cause a denial of service (out-of-bounds read) via crafted X11 data. | |||||
| CVE-2016-5155 | 2 Google, Opensuse | 2 Chrome, Leap | 2025-04-12 | 4.3 MEDIUM | 6.5 MEDIUM |
| Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not properly validate access to the initial document, which allows remote attackers to spoof the address bar via a crafted web site. | |||||
| CVE-2014-2327 | 3 Cacti, Debian, Opensuse | 3 Cacti, Debian Linux, Opensuse | 2025-04-12 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in Cacti 0.8.7g, 0.8.8b, and earlier allows remote attackers to hijack the authentication of users for unspecified commands, as demonstrated by requests that (1) modify binary files, (2) modify configurations, or (3) add arbitrary users. | |||||
| CVE-2016-2807 | 3 Mozilla, Opensuse, Suse | 4 Firefox, Leap, Opensuse and 1 more | 2025-04-12 | 10.0 HIGH | 8.8 HIGH |
| Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 46.0, Firefox ESR 38.x before 38.8, and Firefox ESR 45.x before 45.1 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | |||||
| CVE-2015-4870 | 7 Canonical, Debian, Fedoraproject and 4 more | 15 Ubuntu Linux, Debian Linux, Fedora and 12 more | 2025-04-12 | 4.0 MEDIUM | N/A |
| Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Parser. | |||||
| CVE-2016-0644 | 6 Debian, Ibm, Mariadb and 3 more | 7 Debian Linux, Powerkvm, Mariadb and 4 more | 2025-04-12 | 4.0 MEDIUM | 5.5 MEDIUM |
| Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect availability via vectors related to DDL. | |||||
| CVE-2016-5098 | 2 Opensuse, Phpmyadmin | 2 Opensuse, Phpmyadmin | 2025-04-12 | 5.0 MEDIUM | 5.3 MEDIUM |
| Directory traversal vulnerability in libraries/error_report.lib.php in phpMyAdmin before 4.6.2-prerelease allows remote attackers to determine the existence of arbitrary files by triggering an error. | |||||
| CVE-2014-3487 | 5 Debian, File Project, Opensuse and 2 more | 5 Debian Linux, File, Opensuse and 2 more | 2025-04-12 | 4.3 MEDIUM | N/A |
| The cdf_read_property_info function in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, does not properly validate a stream offset, which allows remote attackers to cause a denial of service (application crash) via a crafted CDF file. | |||||
| CVE-2016-1937 | 2 Mozilla, Opensuse | 3 Firefox, Leap, Opensuse | 2025-04-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| The protocol-handler dialog in Mozilla Firefox before 44.0 allows remote attackers to conduct clickjacking attacks via a crafted web site that triggers a single-click action in a situation where a double-click action was intended. | |||||
| CVE-2016-2819 | 4 Canonical, Debian, Mozilla and 1 more | 5 Ubuntu Linux, Debian Linux, Firefox and 2 more | 2025-04-12 | 6.8 MEDIUM | 8.8 HIGH |
| Heap-based buffer overflow in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allows remote attackers to execute arbitrary code via foreign-context HTML5 fragments, as demonstrated by fragments within an SVG element. | |||||