Opensuse

opensuse

Vendor: Opensuse • 1,454 CVEs

CVEs (1,454)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2016-1670 3Debian GoogleOpensuse 3Chrome Debian LinuxOpensuse May 6, 2026 May 14, 2016 N/A· v4 5.3 MEDIUM· v3 2.6 LOW· v2 Race condition in the ResourceDispatcherHostImpl::BeginRequest function in content/browser/loader/resource_dispatcher_host_impl.cc in Google Chrome before 50.0.2661.102 allows remote attackers to make arbitrary HTTP requ...Show more Race condition in the ResourceDispatcherHostImpl::BeginRequest function in content/browser/loader/resource_dispatcher_host_impl.cc in Google Chrome before 50.0.2661.102 allows remote attackers to make arbitrary HTTP requests by leveraging access to a renderer process and reusing a request ID.Show less
CVE-2016-1669 5Canonical DebianGoogle+2 more 6Chrome Debian LinuxNode.js+3 more May 6, 2026 May 14, 2016 N/A· v4 8.8 HIGH· v3 9.3 HIGH· v2 The Zone::New function in zone.cc in Google V8 before 5.0.71.47, as used in Google Chrome before 50.0.2661.102, does not properly determine when to expand certain memory allocations, which allows remote attackers to caus...Show more The Zone::New function in zone.cc in Google V8 before 5.0.71.47, as used in Google Chrome before 50.0.2661.102, does not properly determine when to expand certain memory allocations, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via crafted JavaScript code.Show less
CVE-2016-1668 3Debian GoogleOpensuse 3Chrome Debian LinuxOpensuse May 6, 2026 May 14, 2016 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 The forEachForBinding function in WebKit/Source/bindings/core/v8/Iterable.h in the V8 bindings in Blink, as used in Google Chrome before 50.0.2661.102, uses an improper creation context, which allows remote attackers to...Show more The forEachForBinding function in WebKit/Source/bindings/core/v8/Iterable.h in the V8 bindings in Blink, as used in Google Chrome before 50.0.2661.102, uses an improper creation context, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.Show less
CVE-2016-1667 3Debian GoogleOpensuse 3Chrome Debian LinuxOpensuse May 6, 2026 May 14, 2016 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 The TreeScope::adoptIfNeeded function in WebKit/Source/core/dom/TreeScope.cpp in the DOM implementation in Blink, as used in Google Chrome before 50.0.2661.102, does not prevent script execution during node-adoption oper...Show more The TreeScope::adoptIfNeeded function in WebKit/Source/core/dom/TreeScope.cpp in the DOM implementation in Blink, as used in Google Chrome before 50.0.2661.102, does not prevent script execution during node-adoption operations, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.Show less
CVE-2016-1666 3Google OpensuseRedhat 6Chrome Enterprise Linux Desktop SupplementaryEnterprise Linux Server Supplementary+3 more May 6, 2026 May 14, 2016 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Multiple unspecified vulnerabilities in Google Chrome before 50.0.2661.94 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
CVE-2016-1665 3Google OpensuseRedhat 6Chrome Enterprise Linux Desktop SupplementaryEnterprise Linux Server Supplementary+3 more May 6, 2026 May 14, 2016 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 The JSGenericLowering class in compiler/js-generic-lowering.cc in Google V8, as used in Google Chrome before 50.0.2661.94, mishandles comparison operators, which allows remote attackers to obtain sensitive information vi...Show more The JSGenericLowering class in compiler/js-generic-lowering.cc in Google V8, as used in Google Chrome before 50.0.2661.94, mishandles comparison operators, which allows remote attackers to obtain sensitive information via crafted JavaScript code.Show less
CVE-2016-1664 3Google OpensuseRedhat 6Chrome Enterprise Linux Desktop SupplementaryEnterprise Linux Server Supplementary+3 more May 6, 2026 May 14, 2016 N/A· v4 4.3 MEDIUM· v3 4.3 MEDIUM· v2 The HistoryController::UpdateForCommit function in content/renderer/history_controller.cc in Google Chrome before 50.0.2661.94 mishandles the interaction between subframe forward navigations and other forward navigations...Show more The HistoryController::UpdateForCommit function in content/renderer/history_controller.cc in Google Chrome before 50.0.2661.94 mishandles the interaction between subframe forward navigations and other forward navigations, which allows remote attackers to spoof the address bar via a crafted web site.Show less
CVE-2016-1663 3Google OpensuseRedhat 6Chrome Enterprise Linux Desktop SupplementaryEnterprise Linux Server Supplementary+3 more May 6, 2026 May 14, 2016 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 The SerializedScriptValue::transferArrayBuffers function in WebKit/Source/bindings/core/v8/SerializedScriptValue.cpp in the V8 bindings in Blink, as used in Google Chrome before 50.0.2661.94, mishandles certain array-buf...Show more The SerializedScriptValue::transferArrayBuffers function in WebKit/Source/bindings/core/v8/SerializedScriptValue.cpp in the V8 bindings in Blink, as used in Google Chrome before 50.0.2661.94, mishandles certain array-buffer data structures, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted web site.Show less
CVE-2016-1662 3Google OpensuseRedhat 6Chrome Enterprise Linux Desktop SupplementaryEnterprise Linux Server Supplementary+3 more May 6, 2026 May 14, 2016 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 extensions/renderer/gc_callback.cc in Google Chrome before 50.0.2661.94 does not prevent fallback execution once the Garbage Collection callback has started, which allows remote attackers to cause a denial of service (us...Show more extensions/renderer/gc_callback.cc in Google Chrome before 50.0.2661.94 does not prevent fallback execution once the Garbage Collection callback has started, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via unknown vectors.Show less
CVE-2016-1661 3Google OpensuseRedhat 6Chrome Enterprise Linux Desktop SupplementaryEnterprise Linux Server Supplementary+3 more May 6, 2026 May 14, 2016 N/A· v4 8.0 HIGH· v3 8.3 HIGH· v2 Blink, as used in Google Chrome before 50.0.2661.94, does not ensure that frames satisfy a check for the same renderer process in addition to a Same Origin Policy check, which allows remote attackers to cause a denial of...Show more Blink, as used in Google Chrome before 50.0.2661.94, does not ensure that frames satisfy a check for the same renderer process in addition to a Same Origin Policy check, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted web site, related to BindingSecurity.cpp and DOMWindow.cpp.Show less
CVE-2016-1660 3Google OpensuseRedhat 6Chrome Enterprise Linux Desktop SupplementaryEnterprise Linux Server Supplementary+3 more May 6, 2026 May 14, 2016 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Blink, as used in Google Chrome before 50.0.2661.94, mishandles assertions in the WTF::BitArray and WTF::double_conversion::Vector classes, which allows remote attackers to cause a denial of service (out-of-bounds write)...Show more Blink, as used in Google Chrome before 50.0.2661.94, mishandles assertions in the WTF::BitArray and WTF::double_conversion::Vector classes, which allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via a crafted web site.Show less
CVE-2016-4024 3Debian EnlightenmentOpensuse 3Debian Linux Imlib2Opensuse May 6, 2026 May 13, 2016 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Integer overflow in imlib2 before 1.4.9 on 32-bit platforms allows remote attackers to execute arbitrary code via large dimensions in an image, which triggers an out-of-bounds heap memory write operation.
CVE-2016-2099 2Apache Opensuse 2Opensuse Xerces C++ May 6, 2026 May 13, 2016 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 Use-after-free vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++ 3.1.3 and earlier allows context-dependent attackers to have unspecified impact via an invalid character in an XML document.
CVE-2016-4117 4Adobe OpensuseRedhat+1 more 9Enterprise Linux Desktop Enterprise Linux ServerEnterprise Linux Server From Rhui+6 more Apr 21, 2026 May 11, 2016 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 Adobe Flash Player 21.0.0.226 and earlier allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in May 2016.
CVE-2015-8863 2Jq Project Opensuse 3Jq LeapOpensuse May 6, 2026 May 6, 2016 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 Off-by-one error in the tokenadd function in jv_parse.c in jq allows remote attackers to cause a denial of service (crash) via a long JSON-encoded number, which triggers a heap-based buffer overflow.
CVE-2016-4008 4Canonical FedoraprojectGnu+1 more 4Fedora Libtasn1Opensuse+1 more May 6, 2026 May 5, 2016 N/A· v4 5.9 MEDIUM· v3 4.3 MEDIUM· v2 The _asn1_extract_der_octet function in lib/decoding.c in GNU Libtasn1 before 4.8, when used without the ASN1_DECODE_FLAG_STRICT_DER flag, allows remote attackers to cause a denial of service (infinite recursion) via a c...Show more The _asn1_extract_der_octet function in lib/decoding.c in GNU Libtasn1 before 4.8, when used without the ASN1_DECODE_FLAG_STRICT_DER flag, allows remote attackers to cause a denial of service (infinite recursion) via a crafted certificate.Show less
CVE-2016-3718 6Canonical ImagemagickOpensuse+3 more 30Enterprise Linux Desktop Enterprise Linux EusEnterprise Linux For Ibm Z Systems+27 more Apr 22, 2026 May 5, 2016 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 The (1) HTTP and (2) FTP coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted image.
CVE-2016-3715 6Canonical ImagemagickOpensuse+3 more 30Enterprise Linux Desktop Enterprise Linux EusEnterprise Linux For Ibm Z Systems+27 more Apr 22, 2026 May 5, 2016 N/A· v4 5.5 MEDIUM· v3 5.8 MEDIUM· v2 The EPHEMERAL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to delete arbitrary files via a crafted image.
CVE-2016-3714 5Canonical DebianImagemagick+2 more 6Debian Linux ImagemagickLeap+3 more Apr 21, 2026 May 5, 2016 N/A· v4 8.4 HIGH· v3 10.0 HIGH· v2 The (1) EPHEMERAL, (2) HTTPS, (3) MVG, (4) MSL, (5) TEXT, (6) SHOW, (7) WIN, and (8) PLT coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to execute arbitrary code via shell metacharact...Show more The (1) EPHEMERAL, (2) HTTPS, (3) MVG, (4) MSL, (5) TEXT, (6) SHOW, (7) WIN, and (8) PLT coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to execute arbitrary code via shell metacharacters in a crafted image, aka "ImageTragick."Show less
CVE-2016-2107 8Canonical DebianGoogle+5 more 15Android Debian LinuxEnterprise Linux Desktop+12 more May 6, 2026 May 5, 2016 N/A· v4 5.9 MEDIUM· v3 2.6 LOW· v2 The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h does not consider memory allocation during a certain padding check, which allows remote attackers to obtain sensitive cleartext information via a...Show more The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h does not consider memory allocation during a certain padding check, which allows remote attackers to obtain sensitive cleartext information via a padding-oracle attack against an AES CBC session. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-0169.Show less

Previous 1...121314...73 Next