Opensuse

opensuse

Vendor: Opensuse • 1,454 CVEs

CVEs (1,454)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2009-0946 6Apple CanonicalDebian+3 more 9Debian Linux FreetypeIphone Os+6 more Apr 23, 2026 Apr 17, 2009 N/A· v4 N/A· v3 7.5 HIGH· v2 Multiple integer overflows in FreeType 2.3.9 and earlier allow remote attackers to execute arbitrary code via vectors related to large values in certain inputs in (1) smooth/ftsmooth.c, (2) sfnt/ttcmap.c, and (3) cff/cff...Show more Multiple integer overflows in FreeType 2.3.9 and earlier allow remote attackers to execute arbitrary code via vectors related to large values in certain inputs in (1) smooth/ftsmooth.c, (2) sfnt/ttcmap.c, and (3) cff/cffload.c.Show less
CVE-2009-1242 5Canonical DebianFedoraproject+2 more 5Debian Linux FedoraLinux Kernel+2 more Apr 23, 2026 Apr 6, 2009 N/A· v4 N/A· v3 4.9 MEDIUM· v2 The vmx_set_msr function in arch/x86/kvm/vmx.c in the VMX implementation in the KVM subsystem in the Linux kernel before 2.6.29.1 on the i386 platform allows guest OS users to cause a denial of service (OOPS) by setting...Show more The vmx_set_msr function in arch/x86/kvm/vmx.c in the VMX implementation in the KVM subsystem in the Linux kernel before 2.6.29.1 on the i386 platform allows guest OS users to cause a denial of service (OOPS) by setting the EFER_LME (aka "Long mode enable") bit in the Extended Feature Enable Register (EFER) model-specific register, which is specific to the x86_64 platform.Show less
CVE-2009-0115 8Avaya Christophe.varoquiDebian+5 more 11Ctpview Debian LinuxFedora+8 more Apr 23, 2026 Mar 30, 2009 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 The Device Mapper multipathing driver (aka multipath-tools or device-mapper-multipath) 0.4.8, as used in SUSE openSUSE, SUSE Linux Enterprise Server (SLES), Fedora, and possibly other operating systems, uses world-writab...Show more The Device Mapper multipathing driver (aka multipath-tools or device-mapper-multipath) 0.4.8, as used in SUSE openSUSE, SUSE Linux Enterprise Server (SLES), Fedora, and possibly other operating systems, uses world-writable permissions for the socket file (aka /var/run/multipathd.sock), which allows local users to send arbitrary commands to the multipath daemon.Show less
CVE-2009-1072 6Canonical DebianLinux+3 more 11Debian Linux EsxLinux Enterprise Desktop+8 more Apr 23, 2026 Mar 25, 2009 N/A· v4 N/A· v3 4.9 MEDIUM· v2 nfsd in the Linux kernel before 2.6.28.9 does not drop the CAP_MKNOD capability before handling a user request in a thread, which allows local users to create device nodes, as demonstrated on a filesystem that has been e...Show more nfsd in the Linux kernel before 2.6.28.9 does not drop the CAP_MKNOD capability before handling a user request in a thread, which allows local users to create device nodes, as demonstrated on a filesystem that has been exported with the root_squash option.Show less
CVE-2009-0848 1Opensuse 1Opensuse Apr 23, 2026 Mar 11, 2009 N/A· v4 N/A· v3 4.4 MEDIUM· v2 Untrusted search path vulnerability in GTK2 in OpenSUSE 11.0 and 11.1 allows local users to execute arbitrary code via a Trojan horse GTK module in an unspecified "relative search path."
CVE-2009-0834 6Canonical DebianLinux+3 more 12Debian Linux Enterprise Linux DesktopEnterprise Linux Eus+9 more Apr 23, 2026 Mar 6, 2009 N/A· v4 N/A· v3 3.6 LOW· v2 The audit_syscall_entry function in the Linux kernel 2.6.28.7 and earlier on the x86_64 platform does not properly handle (1) a 32-bit process making a 64-bit syscall or (2) a 64-bit process making a 32-bit syscall, whic...Show more The audit_syscall_entry function in the Linux kernel 2.6.28.7 and earlier on the x86_64 platform does not properly handle (1) a 32-bit process making a 64-bit syscall or (2) a 64-bit process making a 32-bit syscall, which allows local users to bypass certain syscall audit configurations via crafted syscalls, a related issue to CVE-2009-0342 and CVE-2009-0343.Show less
CVE-2009-0749 3Opensuse Optipng ProjectSuse 3Linux Enterprise OpensuseOptipng Apr 23, 2026 Mar 2, 2009 N/A· v4 7.8 HIGH· v3 9.3 HIGH· v2 Use-after-free vulnerability in the GIFReadNextExtension function in lib/pngxtern/gif/gifread.c in OptiPNG 0.6.2 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a craft...Show more Use-after-free vulnerability in the GIFReadNextExtension function in lib/pngxtern/gif/gifread.c in OptiPNG 0.6.2 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a crafted GIF image that causes the realloc function to return a new pointer, which triggers memory corruption when the old pointer is accessed.Show less
CVE-2009-0040 6Apple DebianFedoraproject+3 more 9Debian Linux FedoraIphone Os+6 more Apr 23, 2026 Feb 22, 2009 N/A· v4 N/A· v3 6.8 MEDIUM· v2 The PNG reference library (aka libpng) before 1.0.43, and 1.2.x before 1.2.35, as used in pngcrush and other applications, allows context-dependent attackers to cause a denial of service (application crash) or possibly e...Show more The PNG reference library (aka libpng) before 1.0.43, and 1.2.x before 1.2.35, as used in pngcrush and other applications, allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file that triggers a free of an uninitialized pointer in (1) the png_read_png function, (2) pCAL chunk handling, or (3) setup of 16-bit gamma tables.Show less
CVE-2009-0310 1Opensuse 1Opensuse Apr 23, 2026 Feb 18, 2009 N/A· v4 N/A· v3 7.2 HIGH· v2 Buffer overflow in SUSE blinux (aka sbl) in SUSE openSUSE 10.3 through 11.0 has unknown impact and attack vectors related to "incoming data and authentication-strings."
CVE-2008-6123 4Net Snmp OpensuseRedhat+1 more 4Enterprise Linux Linux EnterpriseNet Snmp+1 more Apr 23, 2026 Feb 12, 2009 N/A· v4 N/A· v3 5.0 MEDIUM· v2 The netsnmp_udp_fmtaddr function (snmplib/snmpUDPDomain.c) in net-snmp 5.0.9 through 5.4.2.1, when using TCP wrappers for client authorization, does not properly parse hosts.allow rules, which allows remote attackers to...Show more The netsnmp_udp_fmtaddr function (snmplib/snmpUDPDomain.c) in net-snmp 5.0.9 through 5.4.2.1, when using TCP wrappers for client authorization, does not properly parse hosts.allow rules, which allows remote attackers to bypass intended access restrictions and execute SNMP queries, related to "source/destination IP address confusion."Show less
CVE-2009-0269 4Canonical DebianLinux+1 more 4Debian Linux Linux KernelOpensuse+1 more Apr 23, 2026 Jan 26, 2009 N/A· v4 N/A· v3 4.9 MEDIUM· v2 fs/ecryptfs/inode.c in the eCryptfs subsystem in the Linux kernel before 2.6.28.1 allows local users to cause a denial of service (fault or memory corruption), or possibly have unspecified other impact, via a readlink ca...Show more fs/ecryptfs/inode.c in the eCryptfs subsystem in the Linux kernel before 2.6.28.1 allows local users to cause a denial of service (fault or memory corruption), or possibly have unspecified other impact, via a readlink call that results in an error, leading to use of a -1 return value as an array index.Show less
CVE-2008-5183 3Apple DebianOpensuse 5Cups Debian LinuxMac Os X+2 more Apr 23, 2026 Nov 21, 2008 N/A· v4 7.5 HIGH· v3 4.3 MEDIUM· v2 cupsd in CUPS 1.3.9 and earlier allows local users, and possibly remote attackers, to cause a denial of service (daemon crash) by adding a large number of RSS Subscriptions, which triggers a NULL pointer dereference. NO...Show more cupsd in CUPS 1.3.9 and earlier allows local users, and possibly remote attackers, to cause a denial of service (daemon crash) by adding a large number of RSS Subscriptions, which triggers a NULL pointer dereference. NOTE: this issue can be triggered remotely by leveraging CVE-2008-5184.Show less
CVE-2008-5021 7Canonical DebianFedoraproject+4 more 13Debian Linux FedoraFirefox+10 more Apr 23, 2026 Nov 13, 2008 N/A· v4 N/A· v3 9.3 HIGH· v2 nsFrameManager in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) and possibly execute...Show more nsFrameManager in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by modifying properties of a file input element while it is still being initialized, then using the blur method to access uninitialized memory.Show less
CVE-2008-4989 6Canonical DebianFedoraproject+3 more 7Debian Linux FedoraGnutls+4 more Apr 23, 2026 Nov 13, 2008 N/A· v4 5.9 MEDIUM· v3 4.3 MEDIUM· v2 The _gnutls_x509_verify_certificate function in lib/x509/verify.c in libgnutls in GnuTLS before 2.6.1 trusts certificate chains in which the last certificate is an arbitrary trusted, self-signed certificate, which allows...Show more The _gnutls_x509_verify_certificate function in lib/x509/verify.c in libgnutls in GnuTLS before 2.6.1 trusts certificate chains in which the last certificate is an arbitrary trusted, self-signed certificate, which allows man-in-the-middle attackers to insert a spoofed certificate for any Distinguished Name (DN).Show less
CVE-2008-4577 4Canonical DovecotFedoraproject+1 more 4Dovecot FedoraOpensuse+1 more Apr 23, 2026 Oct 15, 2008 N/A· v4 7.5 HIGH· v3 6.4 MEDIUM· v2 The ACL plugin in Dovecot before 1.1.4 treats negative access rights as if they are positive access rights, which allows attackers to bypass intended access restrictions.
CVE-2007-6716 6Canonical DebianLinux+3 more 7Debian Linux Linux DesktopLinux Kernel+4 more Apr 23, 2026 Sep 4, 2008 N/A· v4 5.5 MEDIUM· v3 4.9 MEDIUM· v2 fs/direct-io.c in the dio subsystem in the Linux kernel before 2.6.23 does not properly zero out the dio struct, which allows local users to cause a denial of service (OOPS), as demonstrated by a certain fio test.
CVE-2008-1945 6Canonical DebianOpensuse+3 more 9Debian Linux Enterprise Linux DesktopEnterprise Linux Eus+6 more Apr 23, 2026 Aug 8, 2008 N/A· v4 N/A· v3 2.1 LOW· v2 QEMU 0.9.0 does not properly handle changes to removable media, which allows guest OS users to read arbitrary files on the host OS by using the diskformat: parameter in the -usbdevice option to modify the disk-image head...Show more QEMU 0.9.0 does not properly handle changes to removable media, which allows guest OS users to read arbitrary files on the host OS by using the diskformat: parameter in the -usbdevice option to modify the disk-image header to identify a different format, a related issue to CVE-2008-2004.Show less
CVE-2008-2939 4Apache AppleCanonical+1 more 4Http Server Mac Os XOpensuse+1 more Apr 23, 2026 Aug 6, 2008 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote at...Show more Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary web script or HTML via a wildcard in the last directory component in the pathname in an FTP URI.Show less
CVE-2008-3188 1Opensuse 1Opensuse Apr 23, 2026 Jul 22, 2008 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 libxcrypt in SUSE openSUSE 11.0 uses the DES algorithm when the configuration specifies the MD5 algorithm, which makes it easier for attackers to conduct brute-force attacks against hashed passwords.
CVE-2008-2931 5Canonical DebianLinux+2 more 6Debian Linux Linux KernelOpensuse+3 more Apr 23, 2026 Jul 9, 2008 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 The do_change_type function in fs/namespace.c in the Linux kernel before 2.6.22 does not verify that the caller has the CAP_SYS_ADMIN capability, which allows local users to gain privileges or cause a denial of service b...Show more The do_change_type function in fs/namespace.c in the Linux kernel before 2.6.22 does not verify that the caller has the CAP_SYS_ADMIN capability, which allows local users to gain privileges or cause a denial of service by modifying the properties of a mountpoint.Show less

Previous 1...69 70 717273 Next