Opensuse

opensuse

Vendor: Opensuse • 1,454 CVEs

CVEs (1,454)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2015-3622 3Fedoraproject GnuOpensuse 3Fedora Libtasn1Opensuse May 6, 2026 May 12, 2015 N/A· v4 N/A· v3 4.3 MEDIUM· v2 The _asn1_extract_der_octet function in lib/decoding.c in GNU Libtasn1 before 4.5 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted certificate.
CVE-2015-3451 5Canonical DebianFedoraproject+2 more 5Debian Linux FedoraOpensuse+2 more May 6, 2026 May 12, 2015 N/A· v4 N/A· v3 5.0 MEDIUM· v2 The _clone function in XML::LibXML before 2.0119 does not properly set the expand_entities option, which allows remote attackers to conduct XML external entity (XXE) attacks via crafted XML data to the (1) new or (2) loa...Show more The _clone function in XML::LibXML before 2.0119 does not properly set the expand_entities option, which allows remote attackers to conduct XML external entity (XXE) attacks via crafted XML data to the (1) new or (2) load_xml function.Show less
CVE-2014-3598 2Opensuse Python 2Opensuse Pillow May 6, 2026 May 1, 2015 N/A· v4 N/A· v3 5.0 MEDIUM· v2 The Jpeg2KImagePlugin plugin in Pillow before 2.5.3 allows remote attackers to cause a denial of service via a crafted image.
CVE-2015-3026 3Debian OpensuseXiph 3Debian Linux IcecastOpensuse May 6, 2026 Apr 29, 2015 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Icecast before 2.4.2, when a stream_auth handler is defined for URL authentication, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a request without login credentials, as de...Show more Icecast before 2.4.2, when a stream_auth handler is defined for URL authentication, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a request without login credentials, as demonstrated by a request to "admin/killsource?mount=/test.ogg."Show less
CVE-2015-3340 5Debian FedoraprojectOpensuse+2 more 9Debian Linux FedoraLinux Enterprise Desktop+6 more May 6, 2026 Apr 28, 2015 N/A· v4 N/A· v3 2.9 LOW· v2 Xen 4.2.x through 4.5.x does not initialize certain fields, which allows certain remote service domains to obtain sensitive information from memory via a (1) XEN_DOMCTL_gettscinfo or (2) XEN_SYSCTL_getdomaininfolist requ...Show more Xen 4.2.x through 4.5.x does not initialize certain fields, which allows certain remote service domains to obtain sensitive information from memory via a (1) XEN_DOMCTL_gettscinfo or (2) XEN_SYSCTL_getdomaininfolist request.Show less
CVE-2015-1863 5Canonical DebianOpensuse+2 more 10Debian Linux Enterprise Linux DesktopEnterprise Linux Hpc Node+7 more May 6, 2026 Apr 28, 2015 N/A· v4 N/A· v3 5.8 MEDIUM· v2 Heap-based buffer overflow in wpa_supplicant 1.0 through 2.4 allows remote attackers to cause a denial of service (crash), read memory, or possibly execute arbitrary code via crafted SSID information in a management fram...Show more Heap-based buffer overflow in wpa_supplicant 1.0 through 2.4 allows remote attackers to cause a denial of service (crash), read memory, or possibly execute arbitrary code via crafted SSID information in a management frame when creating or updating P2P entries.Show less
CVE-2015-3148 7Apple CanonicalDebian+4 more 8Curl Debian LinuxFedora+5 more May 6, 2026 Apr 24, 2015 N/A· v4 N/A· v3 5.0 MEDIUM· v2 cURL and libcurl 7.10.6 through 7.41.0 do not properly re-use authenticated Negotiate connections, which allows remote attackers to connect as other users via a request.
CVE-2015-3145 8Apple CanonicalDebian+5 more 9Curl Debian LinuxFedora+6 more May 6, 2026 Apr 24, 2015 N/A· v4 N/A· v3 7.5 HIGH· v2 The sanitize_cookie_path function in cURL and libcurl 7.31.0 through 7.41.0 does not properly calculate an index, which allows remote attackers to cause a denial of service (out-of-bounds write and crash) or possibly hav...Show more The sanitize_cookie_path function in cURL and libcurl 7.31.0 through 7.41.0 does not properly calculate an index, which allows remote attackers to cause a denial of service (out-of-bounds write and crash) or possibly have other unspecified impact via a cookie path containing only a double-quote character.Show less
CVE-2015-3336 3Debian GoogleOpensuse 3Chrome Debian LinuxOpensuse May 6, 2026 Apr 19, 2015 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Google Chrome before 42.0.2311.90 does not always ask the user before proceeding with CONTENT_SETTINGS_TYPE_FULLSCREEN and CONTENT_SETTINGS_TYPE_MOUSELOCK changes, which allows user-assisted remote attackers to cause a d...Show more Google Chrome before 42.0.2311.90 does not always ask the user before proceeding with CONTENT_SETTINGS_TYPE_FULLSCREEN and CONTENT_SETTINGS_TYPE_MOUSELOCK changes, which allows user-assisted remote attackers to cause a denial of service (UI disruption) by constructing a crafted HTML document containing JavaScript code with requestFullScreen and requestPointerLock calls, and arranging for the user to access this document with a file: URL.Show less
CVE-2015-3335 2Google Opensuse 2Chrome Opensuse May 6, 2026 Apr 19, 2015 N/A· v4 N/A· v3 7.5 HIGH· v2 The NaClSandbox::InitializeLayerTwoSandbox function in components/nacl/loader/sandbox_linux/nacl_sandbox_linux.cc in Google Chrome before 42.0.2311.90 does not have RLIMIT_AS and RLIMIT_DATA limits for Native Client (aka...Show more The NaClSandbox::InitializeLayerTwoSandbox function in components/nacl/loader/sandbox_linux/nacl_sandbox_linux.cc in Google Chrome before 42.0.2311.90 does not have RLIMIT_AS and RLIMIT_DATA limits for Native Client (aka NaCl) processes, which might make it easier for remote attackers to conduct row-hammer attacks or have unspecified other impact by leveraging the ability to run a crafted program in the NaCl sandbox.Show less
CVE-2015-3334 3Debian GoogleOpensuse 3Chrome Debian LinuxOpensuse May 6, 2026 Apr 19, 2015 N/A· v4 N/A· v3 4.3 MEDIUM· v2 browser/ui/website_settings/website_settings.cc in Google Chrome before 42.0.2311.90 does not always display "Media: Allowed by you" in a Permissions table after the user has granted camera permission to a web site, whic...Show more browser/ui/website_settings/website_settings.cc in Google Chrome before 42.0.2311.90 does not always display "Media: Allowed by you" in a Permissions table after the user has granted camera permission to a web site, which might make it easier for user-assisted remote attackers to obtain sensitive video data from a device's physical environment via a crafted web site that turns on the camera at a time when the user believes that camera access is prohibited.Show less
CVE-2015-1241 6Canonical DebianGoogle+3 more 11Chrome Debian LinuxEnterprise Linux Desktop+8 more May 6, 2026 Apr 19, 2015 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Google Chrome before 42.0.2311.90 does not properly consider the interaction of page navigation with the handling of touch events and gesture events, which allows remote attackers to trigger unintended UI actions via a c...Show more Google Chrome before 42.0.2311.90 does not properly consider the interaction of page navigation with the handling of touch events and gesture events, which allows remote attackers to trigger unintended UI actions via a crafted web site that conducts a "tapjacking" attack.Show less
CVE-2015-0492 3Opensuse OracleSuse 5Javafx JdkJre+2 more May 6, 2026 Apr 16, 2015 N/A· v4 N/A· v3 9.3 HIGH· v2 Unspecified vulnerability in Oracle Java SE 7u76 and 8u40, and JavaFX 2.2.76, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2015-04...Show more Unspecified vulnerability in Oracle Java SE 7u76 and 8u40, and JavaFX 2.2.76, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2015-0484.Show less
CVE-2015-0491 3Opensuse OracleSuse 5Javafx JdkJre+2 more May 6, 2026 Apr 16, 2015 N/A· v4 N/A· v3 10.0 HIGH· v2 Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40, and Java FX 2.2.76, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different...Show more Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40, and Java FX 2.2.76, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than CVE-2015-0459.Show less
CVE-2015-0486 2Opensuse Oracle 3Jdk JreOpensuse May 6, 2026 Apr 16, 2015 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Unspecified vulnerability in Oracle Java SE 8u40 allows remote attackers to affect confidentiality via unknown vectors related to Deployment.
CVE-2015-0484 3Opensuse OracleSuse 5Javafx JdkJre+2 more May 6, 2026 Apr 16, 2015 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Unspecified vulnerability in Oracle Java SE 7u76 and 8u40, and Java FX 2.2.76, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2015-0...Show more Unspecified vulnerability in Oracle Java SE 7u76 and 8u40, and Java FX 2.2.76, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2015-0492.Show less
CVE-2015-0459 3Novell OpensuseOracle 5Javafx JdkJre+2 more May 6, 2026 Apr 16, 2015 N/A· v4 N/A· v3 10.0 HIGH· v2 Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40, and JavaFX 2.2.76, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different v...Show more Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40, and JavaFX 2.2.76, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than CVE-2015-0491.Show less
CVE-2015-0458 3Novell OpensuseOracle 4Jdk JreOpensuse+1 more May 6, 2026 Apr 16, 2015 N/A· v4 N/A· v3 7.6 HIGH· v2 Unspecified vulnerability in in Oracle Java SE 6u91, 7u76, and 8u40 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.
CVE-2015-3044 4Adobe NovellOpensuse+1 more 9Enterprise Linux Desktop Supplementary Enterprise Linux Server SupplementaryEnterprise Linux Server Supplementary Eus+6 more May 6, 2026 Apr 14, 2015 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to bypass intended access restrictions and obtain sensitive information v...Show more Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors.Show less
CVE-2015-3043 4Adobe NovellOpensuse+1 more 11Enterprise Linux Desktop Enterprise Linux EusEnterprise Linux Server+8 more Apr 21, 2026 Apr 14, 2015 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption...Show more Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, as exploited in the wild in April 2015, a different vulnerability than CVE-2015-0347, CVE-2015-0350, CVE-2015-0352, CVE-2015-0353, CVE-2015-0354, CVE-2015-0355, CVE-2015-0360, CVE-2015-3038, CVE-2015-3041, and CVE-2015-3042.Show less

Previous 1...272829...73 Next