Opensuse

opensuse

Vendor: Opensuse • 1,454 CVEs

CVEs (1,454)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2015-2317 6Canonical DebianDjangoproject+3 more 6Debian Linux DjangoFedora+3 more May 6, 2026 Mar 25, 2015 N/A· v4 N/A· v3 4.3 MEDIUM· v2 The utils.http.is_safe_url function in Django before 1.4.20, 1.5.x, 1.6.x before 1.6.11, 1.7.x before 1.7.7, and 1.8.x before 1.8c1 does not properly validate URLs, which allows remote attackers to conduct cross-site scr...Show more The utils.http.is_safe_url function in Django before 1.4.20, 1.5.x, 1.6.x before 1.6.11, 1.7.x before 1.7.7, and 1.8.x before 1.8c1 does not properly validate URLs, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a control character in a URL, as demonstrated by a \x08javascript: URL.Show less
CVE-2015-2316 5Canonical DjangoprojectFedoraproject+2 more 5Django FedoraOpensuse+2 more May 6, 2026 Mar 25, 2015 N/A· v4 N/A· v3 5.0 MEDIUM· v2 The utils.html.strip_tags function in Django 1.6.x before 1.6.11, 1.7.x before 1.7.7, and 1.8.x before 1.8c1, when using certain versions of Python, allows remote attackers to cause a denial of service (infinite loop) by...Show more The utils.html.strip_tags function in Django 1.6.x before 1.6.11, 1.7.x before 1.7.7, and 1.8.x before 1.8c1, when using certain versions of Python, allows remote attackers to cause a denial of service (infinite loop) by increasing the length of the input string.Show less
CVE-2015-0295 3Digia FedoraprojectOpensuse 3Fedora OpensuseQt May 6, 2026 Mar 25, 2015 N/A· v4 N/A· v3 5.0 MEDIUM· v2 The BMP decoder in QtGui in QT before 5.5 does not properly calculate the masks used to extract the color components, which allows remote attackers to cause a denial of service (divide-by-zero and crash) via a crafted BM...Show more The BMP decoder in QtGui in QT before 5.5 does not properly calculate the masks used to extract the color components, which allows remote attackers to cause a denial of service (divide-by-zero and crash) via a crafted BMP file.Show less
CVE-2015-2155 5Debian FedoraprojectOpensuse+2 more 5Debian Linux FedoraOpensuse+2 more May 6, 2026 Mar 24, 2015 N/A· v4 N/A· v3 7.5 HIGH· v2 The force printer in tcpdump before 4.7.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors.
CVE-2014-8169 3Automount Project OpensuseRedhat 6Automount Enterprise Linux DesktopEnterprise Linux Hpc Node+3 more May 6, 2026 Mar 18, 2015 N/A· v4 N/A· v3 4.4 MEDIUM· v2 automount 5.0.8, when a program map uses certain interpreted languages, uses the calling user's USER and HOME environment variable values instead of the values for the user used to run the mapped program, which allows lo...Show more automount 5.0.8, when a program map uses certain interpreted languages, uses the calling user's USER and HOME environment variable values instead of the values for the user used to run the mapped program, which allows local users to gain privileges via a Trojan horse program in the user home directory.Show less
CVE-2015-0778 3Fedoraproject OpensuseSuse 3Fedora OpensuseOpensuse Osc May 6, 2026 Mar 16, 2015 N/A· v4 N/A· v3 7.5 HIGH· v2 osc before 0.151.0 allows remote attackers to execute arbitrary commands via shell metacharacters in a _service file.
CVE-2015-2304 3Canonical LibarchiveOpensuse 3Libarchive OpensuseUbuntu Linux May 6, 2026 Mar 15, 2015 N/A· v4 N/A· v3 6.4 MEDIUM· v2 Absolute path traversal vulnerability in bsdcpio in libarchive 3.1.2 and earlier allows remote attackers to write to arbitrary files via a full pathname in an archive.
CVE-2015-2192 2Opensuse Wireshark 2Opensuse Wireshark May 6, 2026 Mar 8, 2015 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Integer overflow in the dissect_osd2_cdb_continuation function in epan/dissectors/packet-scsi-osd.c in the SCSI OSD dissector in Wireshark 1.12.x before 1.12.4 allows remote attackers to cause a denial of service (infini...Show more Integer overflow in the dissect_osd2_cdb_continuation function in epan/dissectors/packet-scsi-osd.c in the SCSI OSD dissector in Wireshark 1.12.x before 1.12.4 allows remote attackers to cause a denial of service (infinite loop) via a crafted length field in a packet.Show less
CVE-2015-2191 4Debian MageiaOpensuse+1 more 4Debian Linux MageiaOpensuse+1 more May 6, 2026 Mar 8, 2015 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Integer overflow in the dissect_tnef function in epan/dissectors/packet-tnef.c in the TNEF dissector in Wireshark 1.10.x before 1.10.13 and 1.12.x before 1.12.4 allows remote attackers to cause a denial of service (infin...Show more Integer overflow in the dissect_tnef function in epan/dissectors/packet-tnef.c in the TNEF dissector in Wireshark 1.10.x before 1.10.13 and 1.12.x before 1.12.4 allows remote attackers to cause a denial of service (infinite loop) via a crafted length field in a packet.Show less
CVE-2015-2190 3Opensuse OracleWireshark 3Opensuse SolarisWireshark May 6, 2026 Mar 8, 2015 N/A· v4 N/A· v3 5.0 MEDIUM· v2 epan/proto.c in Wireshark 1.12.x before 1.12.4 does not properly handle integer data types greater than 32 bits in size, which allows remote attackers to cause a denial of service (assertion failure and application exit)...Show more epan/proto.c in Wireshark 1.12.x before 1.12.4 does not properly handle integer data types greater than 32 bits in size, which allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted packet that is improperly handled by the LLDP dissector.Show less
CVE-2015-2189 5Debian MageiaOpensuse+2 more 6Debian Linux LinuxMageia+3 more May 6, 2026 Mar 8, 2015 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Off-by-one error in the pcapng_read function in wiretap/pcapng.c in the pcapng file parser in Wireshark 1.10.x before 1.10.13 and 1.12.x before 1.12.4 allows remote attackers to cause a denial of service (out-of-bounds r...Show more Off-by-one error in the pcapng_read function in wiretap/pcapng.c in the pcapng file parser in Wireshark 1.10.x before 1.10.13 and 1.12.x before 1.12.4 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via an invalid Interface Statistics Block (ISB) interface ID in a crafted packet.Show less
CVE-2015-2188 5Debian MageiaOpensuse+2 more 6Debian Linux LinuxMageia+3 more May 6, 2026 Mar 8, 2015 N/A· v4 N/A· v3 5.0 MEDIUM· v2 epan/dissectors/packet-wcp.c in the WCP dissector in Wireshark 1.10.x before 1.10.13 and 1.12.x before 1.12.4 does not properly initialize a data structure, which allows remote attackers to cause a denial of service (out...Show more epan/dissectors/packet-wcp.c in the WCP dissector in Wireshark 1.10.x before 1.10.13 and 1.12.x before 1.12.4 does not properly initialize a data structure, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet that is improperly handled during decompression.Show less
CVE-2015-2187 2Opensuse Wireshark 2Opensuse Wireshark May 6, 2026 Mar 8, 2015 N/A· v4 N/A· v3 5.0 MEDIUM· v2 The dissect_atn_cpdlc_heur function in asn1/atn-cpdlc/packet-atn-cpdlc-template.c in the ATN-CPDLC dissector in Wireshark 1.12.x before 1.12.4 does not properly follow the TRY/ENDTRY code requirements, which allows remot...Show more The dissect_atn_cpdlc_heur function in asn1/atn-cpdlc/packet-atn-cpdlc-template.c in the ATN-CPDLC dissector in Wireshark 1.12.x before 1.12.4 does not properly follow the TRY/ENDTRY code requirements, which allows remote attackers to cause a denial of service (stack memory corruption and application crash) via a crafted packet.Show less
CVE-2015-0228 4Apache AppleCanonical+1 more 5Http Server Mac Os XMac Os X Server+2 more May 6, 2026 Mar 8, 2015 N/A· v4 N/A· v3 5.0 MEDIUM· v2 The lua_websocket_read function in lua_request.c in the mod_lua module in the Apache HTTP Server through 2.4.12 allows remote attackers to cause a denial of service (child-process crash) by sending a crafted WebSocket Pi...Show more The lua_websocket_read function in lua_request.c in the mod_lua module in the Apache HTTP Server through 2.4.12 allows remote attackers to cause a denial of service (child-process crash) by sending a crafted WebSocket Ping frame after a Lua script has called the wsupgrade function.Show less
CVE-2014-8160 6Canonical DebianLinux+3 more 15Debian Linux Enterprise Linux DesktopEnterprise Linux Server+12 more May 6, 2026 Mar 2, 2015 N/A· v4 N/A· v3 5.0 MEDIUM· v2 net/netfilter/nf_conntrack_proto_generic.c in the Linux kernel before 3.18 generates incorrect conntrack entries during handling of certain iptables rule sets for the SCTP, DCCP, GRE, and UDP-Lite protocols, which allows...Show more net/netfilter/nf_conntrack_proto_generic.c in the Linux kernel before 3.18 generates incorrect conntrack entries during handling of certain iptables rule sets for the SCTP, DCCP, GRE, and UDP-Lite protocols, which allows remote attackers to bypass intended access restrictions via packets with disallowed port numbers.Show less
CVE-2015-0834 3Canonical MozillaOpensuse 3Firefox OpensuseUbuntu Linux May 6, 2026 Feb 25, 2015 N/A· v4 N/A· v3 4.3 MEDIUM· v2 The WebRTC subsystem in Mozilla Firefox before 36.0 recognizes turns: and stuns: URIs but accesses the TURN or STUN server without using TLS, which makes it easier for man-in-the-middle attackers to discover credentials...Show more The WebRTC subsystem in Mozilla Firefox before 36.0 recognizes turns: and stuns: URIs but accesses the TURN or STUN server without using TLS, which makes it easier for man-in-the-middle attackers to discover credentials by spoofing a server and completing a brute-force attack within a short time window.Show less
CVE-2015-0833 2Mozilla Opensuse 5Evergreen FirefoxFirefox Esr+2 more May 6, 2026 Feb 25, 2015 N/A· v4 N/A· v3 6.9 MEDIUM· v2 Multiple untrusted search path vulnerabilities in updater.exe in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 on Windows, when the Maintenance Service is not used, allow local us...Show more Multiple untrusted search path vulnerabilities in updater.exe in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 on Windows, when the Maintenance Service is not used, allow local users to gain privileges via a Trojan horse DLL in (1) the current working directory or (2) a temporary directory, as demonstrated by bcrypt.dll.Show less
CVE-2015-0832 3Canonical MozillaOpensuse 3Firefox OpensuseUbuntu Linux May 6, 2026 Feb 25, 2015 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Mozilla Firefox before 36.0 does not properly recognize the equivalence of domain names with and without a trailing . (dot) character, which allows man-in-the-middle attackers to bypass the HPKP and HSTS protection mecha...Show more Mozilla Firefox before 36.0 does not properly recognize the equivalence of domain names with and without a trailing . (dot) character, which allows man-in-the-middle attackers to bypass the HPKP and HSTS protection mechanisms by constructing a URL with this character and leveraging access to an X.509 certificate for a domain with this character.Show less
CVE-2015-0830 3Canonical MozillaOpensuse 3Firefox OpensuseUbuntu Linux May 6, 2026 Feb 25, 2015 N/A· v4 N/A· v3 5.0 MEDIUM· v2 The WebGL implementation in Mozilla Firefox before 36.0 does not properly allocate memory for copying an unspecified string to a shader's compilation log, which allows remote attackers to cause a denial of service (appli...Show more The WebGL implementation in Mozilla Firefox before 36.0 does not properly allocate memory for copying an unspecified string to a shader's compilation log, which allows remote attackers to cause a denial of service (application crash) via crafted WebGL content.Show less
CVE-2015-0829 4Canonical MozillaOpensuse+1 more 4Firefox OpensuseSolaris+1 more May 6, 2026 Feb 25, 2015 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Buffer overflow in libstagefright in Mozilla Firefox before 36.0 allows remote attackers to execute arbitrary code via a crafted MP4 video that is improperly handled during playback.

Previous 1...303132...73 Next