Opensuse

opensuse

Vendor: Opensuse • 1,454 CVEs

CVEs (1,454)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2015-0828 3Mozilla OpensuseOracle 3Firefox OpensuseSolaris May 6, 2026 Feb 25, 2015 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Double free vulnerability in the nsXMLHttpRequest::GetResponse function in Mozilla Firefox before 36.0, when a nonstandard memory allocator is used, allows remote attackers to execute arbitrary code or cause a denial of...Show more Double free vulnerability in the nsXMLHttpRequest::GetResponse function in Mozilla Firefox before 36.0, when a nonstandard memory allocator is used, allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via crafted JavaScript code that makes an XMLHttpRequest call with zero bytes of data.Show less
CVE-2015-0826 3Canonical MozillaOpensuse 3Firefox OpensuseUbuntu Linux May 6, 2026 Feb 25, 2015 N/A· v4 N/A· v3 6.8 MEDIUM· v2 The nsTransformedTextRun::SetCapitalization function in Mozilla Firefox before 36.0 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read of heap memory) via a crafted Cascadi...Show more The nsTransformedTextRun::SetCapitalization function in Mozilla Firefox before 36.0 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read of heap memory) via a crafted Cascading Style Sheets (CSS) token sequence that triggers a restyle or reflow operation.Show less
CVE-2015-0825 3Canonical MozillaOpensuse 3Firefox OpensuseUbuntu Linux May 6, 2026 Feb 25, 2015 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Stack-based buffer underflow in the mozilla::MP3FrameParser::ParseBuffer function in Mozilla Firefox before 36.0 allows remote attackers to obtain sensitive information from process memory via a malformed MP3 file that i...Show more Stack-based buffer underflow in the mozilla::MP3FrameParser::ParseBuffer function in Mozilla Firefox before 36.0 allows remote attackers to obtain sensitive information from process memory via a malformed MP3 file that improperly interacts with memory allocation during playback.Show less
CVE-2015-0824 3Canonical MozillaOpensuse 3Firefox OpensuseUbuntu Linux May 6, 2026 Feb 25, 2015 N/A· v4 N/A· v3 5.0 MEDIUM· v2 The mozilla::layers::BufferTextureClient::AllocateForSurface function in Mozilla Firefox before 36.0 allows remote attackers to cause a denial of service (out-of-bounds write of zero values, and application crash) via ve...Show more The mozilla::layers::BufferTextureClient::AllocateForSurface function in Mozilla Firefox before 36.0 allows remote attackers to cause a denial of service (out-of-bounds write of zero values, and application crash) via vectors that trigger use of DrawTarget and the Cairo library for image drawing.Show less
CVE-2015-0823 4Canonical MozillaOpensuse+1 more 4Firefox OpensuseOpentype Sanitiser+1 more May 6, 2026 Feb 25, 2015 N/A· v4 N/A· v3 7.5 HIGH· v2 Multiple use-after-free vulnerabilities in OpenType Sanitiser, as used in Mozilla Firefox before 36.0, might allow remote attackers to trigger problematic Developer Console information or possibly have unspecified other...Show more Multiple use-after-free vulnerabilities in OpenType Sanitiser, as used in Mozilla Firefox before 36.0, might allow remote attackers to trigger problematic Developer Console information or possibly have unspecified other impact by leveraging incorrect macro expansion, related to the ots::ots_gasp_parse function.Show less
CVE-2015-0821 3Canonical MozillaOpensuse 3Firefox OpensuseUbuntu Linux May 6, 2026 Feb 25, 2015 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Mozilla Firefox before 36.0 allows user-assisted remote attackers to read arbitrary files or execute arbitrary JavaScript code with chrome privileges via a crafted web site that is accessed with unspecified mouse and key...Show more Mozilla Firefox before 36.0 allows user-assisted remote attackers to read arbitrary files or execute arbitrary JavaScript code with chrome privileges via a crafted web site that is accessed with unspecified mouse and keyboard actions.Show less
CVE-2015-0820 3Canonical MozillaOpensuse 3Firefox OpensuseUbuntu Linux May 6, 2026 Feb 25, 2015 N/A· v4 N/A· v3 2.6 LOW· v2 Mozilla Firefox before 36.0 does not properly restrict transitions of JavaScript objects from a non-extensible state to an extensible state, which allows remote attackers to bypass a Caja Compiler sandbox protection mech...Show more Mozilla Firefox before 36.0 does not properly restrict transitions of JavaScript objects from a non-extensible state to an extensible state, which allows remote attackers to bypass a Caja Compiler sandbox protection mechanism or a Secure EcmaScript sandbox protection mechanism via a crafted web site.Show less
CVE-2015-0819 3Canonical MozillaOpensuse 3Firefox OpensuseUbuntu Linux May 6, 2026 Feb 25, 2015 N/A· v4 N/A· v3 4.3 MEDIUM· v2 The UITour::onPageEvent function in Mozilla Firefox before 36.0 does not ensure that an API call originates from a foreground tab, which allows remote attackers to conduct spoofing and clickjacking attacks by leveraging...Show more The UITour::onPageEvent function in Mozilla Firefox before 36.0 does not ensure that an API call originates from a foreground tab, which allows remote attackers to conduct spoofing and clickjacking attacks by leveraging access to a UI Tour web site.Show less
CVE-2014-9402 3Canonical GnuOpensuse 3Glibc OpensuseUbuntu Linux May 6, 2026 Feb 24, 2015 N/A· v4 N/A· v3 7.8 HIGH· v2 The nss_dns implementation of getnetbyname in GNU C Library (aka glibc) before 2.21, when the DNS backend in the Name Service Switch configuration is enabled, allows remote attackers to cause a denial of service (infinit...Show more The nss_dns implementation of getnetbyname in GNU C Library (aka glibc) before 2.21, when the DNS backend in the Name Service Switch configuration is enabled, allows remote attackers to cause a denial of service (infinite loop) by sending a positive answer while a network name is being process.Show less
CVE-2013-7423 4Canonical GnuOpensuse+1 more 4Enterprise Linux Server Aus GlibcOpensuse+1 more May 6, 2026 Feb 24, 2015 N/A· v4 N/A· v3 5.0 MEDIUM· v2 The send_dg function in resolv/res_send.c in GNU C Library (aka glibc or libc6) before 2.20 does not properly reuse file descriptors, which allows remote attackers to send DNS queries to unintended locations via a large...Show more The send_dg function in resolv/res_send.c in GNU C Library (aka glibc or libc6) before 2.20 does not properly reuse file descriptors, which allows remote attackers to send DNS queries to unintended locations via a large number of requests that trigger a call to the getaddrinfo function.Show less
CVE-2015-0255 2Opensuse X.org 2Opensuse X Server May 6, 2026 Feb 13, 2015 N/A· v4 N/A· v3 6.4 MEDIUM· v2 X.Org Server (aka xserver and xorg-server) before 1.16.3 and 1.17.x before 1.17.1 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (crash) via a crafted string leng...Show more X.Org Server (aka xserver and xorg-server) before 1.16.3 and 1.17.x before 1.17.1 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (crash) via a crafted string length value in a XkbSetGeometry request.Show less
CVE-2015-0245 2Freedesktop Opensuse 2Dbus Opensuse May 6, 2026 Feb 13, 2015 N/A· v4 N/A· v3 1.9 LOW· v2 D-Bus 1.4.x through 1.6.x before 1.6.30, 1.8.x before 1.8.16, and 1.9.x before 1.9.10 does not validate the source of ActivationFailure signals, which allows local users to cause a denial of service (activation failure e...Show more D-Bus 1.4.x through 1.6.x before 1.6.30, 1.8.x before 1.8.16, and 1.9.x before 1.9.10 does not validate the source of ActivationFailure signals, which allows local users to cause a denial of service (activation failure error returned) by leveraging a race condition involving sending an ActivationFailure signal before systemd responds.Show less
CVE-2013-2027 2Jython Project Opensuse 2Jython Opensuse May 6, 2026 Feb 13, 2015 N/A· v4 N/A· v3 4.6 MEDIUM· v2 Jython 2.2.1 uses the current umask to set the privileges of the class cache files, which allows local users to bypass intended access restrictions via unspecified vectors.
CVE-2015-1546 3Apple OpenldapOpensuse 3Mac Os X OpenldapOpensuse May 6, 2026 Feb 12, 2015 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Double free vulnerability in the get_vrFilter function in servers/slapd/filter.c in OpenLDAP 2.4.40 allows remote attackers to cause a denial of service (crash) via a crafted search query with a matched values control.
CVE-2015-1345 2Gnu Opensuse 2Grep Opensuse May 6, 2026 Feb 12, 2015 N/A· v4 N/A· v3 2.1 LOW· v2 The bmexec_trans function in kwset.c in grep 2.19 through 2.21 allows local users to cause a denial of service (out-of-bounds heap read and crash) via crafted input when using the -F option.
CVE-2014-9512 3Opensuse OracleSamba 3Opensuse RsyncSolaris May 6, 2026 Feb 12, 2015 N/A· v4 N/A· v3 6.4 MEDIUM· v2 rsync 3.1.1 allows remote attackers to write to arbitrary files via a symlink attack on a file in the synchronization path.
CVE-2014-9675 6Canonical DebianFedoraproject+3 more 11Debian Linux Enterprise Linux DesktopEnterprise Linux Hpc Node+8 more May 6, 2026 Feb 8, 2015 N/A· v4 N/A· v3 5.0 MEDIUM· v2 bdf/bdflib.c in FreeType before 2.5.4 identifies property names by only verifying that an initial substring is present, which allows remote attackers to discover heap pointer values and bypass the ASLR protection mechani...Show more bdf/bdflib.c in FreeType before 2.5.4 identifies property names by only verifying that an initial substring is present, which allows remote attackers to discover heap pointer values and bypass the ASLR protection mechanism via a crafted BDF font.Show less
CVE-2014-9674 6Canonical FedoraprojectFreetype+3 more 11Enterprise Linux Desktop Enterprise Linux Hpc NodeEnterprise Linux Hpc Node Eus+8 more May 6, 2026 Feb 8, 2015 N/A· v4 N/A· v3 7.5 HIGH· v2 The Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.5.4 proceeds with adding to length values without validating the original values, which allows remote attackers to cause a denial of service (inte...Show more The Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.5.4 proceeds with adding to length values without validating the original values, which allows remote attackers to cause a denial of service (integer overflow and heap-based buffer overflow) or possibly have unspecified other impact via a crafted Mac font.Show less
CVE-2014-9673 5Canonical DebianFreetype+2 more 10Debian Linux Enterprise Linux DesktopEnterprise Linux Hpc Node+7 more May 6, 2026 Feb 8, 2015 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Integer signedness error in the Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.5.4 allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified oth...Show more Integer signedness error in the Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.5.4 allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted Mac font.Show less
CVE-2014-9672 5Canonical DebianFreetype+2 more 5Debian Linux FreetypeOpensuse+2 more May 6, 2026 Feb 8, 2015 N/A· v4 N/A· v3 5.8 MEDIUM· v2 Array index error in the parse_fond function in base/ftmac.c in FreeType before 2.5.4 allows remote attackers to cause a denial of service (out-of-bounds read) or obtain sensitive information from process memory via a cr...Show more Array index error in the parse_fond function in base/ftmac.c in FreeType before 2.5.4 allows remote attackers to cause a denial of service (out-of-bounds read) or obtain sensitive information from process memory via a crafted FOND resource in a Mac font file.Show less

Previous 1...313233...73 Next