Opensuse

opensuse

Vendor: Opensuse • 1,454 CVEs

CVEs (1,454)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2015-0564 4Debian OpensuseOracle+1 more 5Debian Linux LinuxOpensuse+2 more May 6, 2026 Jan 10, 2015 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Buffer underflow in the ssl_decrypt_record function in epan/dissectors/packet-ssl-utils.c in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 allows remote attackers to cause a denial of service (application cras...Show more Buffer underflow in the ssl_decrypt_record function in epan/dissectors/packet-ssl-utils.c in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 allows remote attackers to cause a denial of service (application crash) via a crafted packet that is improperly handled during decryption of an SSL session.Show less
CVE-2015-0563 2Opensuse Wireshark 2Opensuse Wireshark May 6, 2026 Jan 10, 2015 N/A· v4 N/A· v3 5.0 MEDIUM· v2 epan/dissectors/packet-smtp.c in the SMTP dissector in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 uses an incorrect length value for certain string-append operations, which allows remote attackers to cause...Show more epan/dissectors/packet-smtp.c in the SMTP dissector in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 uses an incorrect length value for certain string-append operations, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.Show less
CVE-2015-0561 3Opensuse OracleWireshark 3Opensuse SolarisWireshark May 6, 2026 Jan 10, 2015 N/A· v4 N/A· v3 5.0 MEDIUM· v2 asn1/lpp/lpp.cnf in the LPP dissector in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 does not validate a certain index value, which allows remote attackers to cause a denial of service (out-of-bounds memory...Show more asn1/lpp/lpp.cnf in the LPP dissector in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 does not validate a certain index value, which allows remote attackers to cause a denial of service (out-of-bounds memory access and application crash) via a crafted packet.Show less
CVE-2015-0560 2Opensuse Wireshark 2Opensuse Wireshark May 6, 2026 Jan 10, 2015 N/A· v4 N/A· v3 5.0 MEDIUM· v2 The dissect_wccp2r1_address_table_info function in epan/dissectors/packet-wccp.c in the WCCP dissector in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 does not initialize certain data structures, which allows...Show more The dissect_wccp2r1_address_table_info function in epan/dissectors/packet-wccp.c in the WCCP dissector in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 does not initialize certain data structures, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.Show less
CVE-2015-0559 2Opensuse Wireshark 2Opensuse Wireshark May 6, 2026 Jan 10, 2015 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Multiple use-after-free vulnerabilities in epan/dissectors/packet-wccp.c in the WCCP dissector in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 allow remote attackers to cause a denial of service (application...Show more Multiple use-after-free vulnerabilities in epan/dissectors/packet-wccp.c in the WCCP dissector in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 allow remote attackers to cause a denial of service (application crash) via a crafted packet, related to the use of packet-scope memory instead of pinfo-scope memory.Show less
CVE-2014-9585 7Canonical DebianFedoraproject+4 more 19Debian Linux Enterprise Linux AusEnterprise Linux Desktop+16 more May 6, 2026 Jan 9, 2015 N/A· v4 N/A· v3 2.1 LOW· v2 The vdso_addr function in arch/x86/vdso/vma.c in the Linux kernel through 3.18.2 does not properly choose memory locations for the vDSO area, which makes it easier for local users to bypass the ASLR protection mechanism...Show more The vdso_addr function in arch/x86/vdso/vma.c in the Linux kernel through 3.18.2 does not properly choose memory locations for the vDSO area, which makes it easier for local users to bypass the ASLR protection mechanism by guessing a location at the end of a PMD.Show less
CVE-2014-9584 7Canonical DebianLinux+4 more 19Debian Linux Enterprise Linux AusEnterprise Linux Desktop+16 more May 6, 2026 Jan 9, 2015 N/A· v4 N/A· v3 2.1 LOW· v2 The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel before 3.18.2 does not validate a length value in the Extensions Reference (ER) System Use Field, which allows local users to obtain sen...Show more The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel before 3.18.2 does not validate a length value in the Extensions Reference (ER) System Use Field, which allows local users to obtain sensitive information from kernel memory via a crafted iso9660 image.Show less
CVE-2014-9529 6Canonical DebianFedoraproject+3 more 11Debian Linux Enterprise Linux DesktopEnterprise Linux Server+8 more May 6, 2026 Jan 9, 2015 N/A· v4 N/A· v3 6.9 MEDIUM· v2 Race condition in the key_gc_unused_keys function in security/keys/gc.c in the Linux kernel through 3.18.2 allows local users to cause a denial of service (memory corruption or panic) or possibly have unspecified other i...Show more Race condition in the key_gc_unused_keys function in security/keys/gc.c in the Linux kernel through 3.18.2 allows local users to cause a denial of service (memory corruption or panic) or possibly have unspecified other impact via keyctl commands that trigger access to a key structure member during garbage collection of a key.Show less
CVE-2015-0361 2Opensuse Xen 2Opensuse Xen May 6, 2026 Jan 7, 2015 N/A· v4 N/A· v3 7.8 HIGH· v2 Use-after-free vulnerability in Xen 4.2.x, 4.3.x, and 4.4.x allows remote domains to cause a denial of service (system crash) via a crafted hypercall during HVM guest teardown.
CVE-2014-9221 5Canonical DebianFedoraproject+2 more 5Debian Linux FedoraOpensuse+2 more May 6, 2026 Jan 7, 2015 N/A· v4 N/A· v3 5.0 MEDIUM· v2 strongSwan 4.5.x through 5.2.x before 5.2.1 allows remote attackers to cause a denial of service (invalid pointer dereference) via a crafted IKEv2 Key Exchange (KE) message with Diffie-Hellman (DH) group 1025.
CVE-2014-8132 5Canonical DebianFedoraproject+2 more 5Debian Linux FedoraLibssh+2 more May 6, 2026 Dec 29, 2014 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Double free vulnerability in the ssh_packet_kexinit function in kex.c in libssh 0.5.x and 0.6.x before 0.6.4 allows remote attackers to cause a denial of service via a crafted kexinit packet.
CVE-2014-8136 4Canonical MageiaOpensuse+1 more 8Enterprise Linux Desktop Enterprise Linux Hpc NodeEnterprise Linux Server+5 more May 6, 2026 Dec 19, 2014 N/A· v4 N/A· v3 2.1 LOW· v2 The (1) qemuDomainMigratePerform and (2) qemuDomainMigrateFinish2 functions in qemu/qemu_driver.c in libvirt do not unlock the domain when an ACL check fails, which allow local users to cause a denial of service via unsp...Show more The (1) qemuDomainMigratePerform and (2) qemuDomainMigrateFinish2 functions in qemu/qemu_driver.c in libvirt do not unlock the domain when an ACL check fails, which allow local users to cause a denial of service via unspecified vectors.Show less
CVE-2014-5353 7Canonical DebianFedoraproject+4 more 12Debian Linux Enterprise Linux DesktopEnterprise Linux Eus+9 more May 6, 2026 Dec 16, 2014 N/A· v4 N/A· v3 3.5 LOW· v2 The krb5_ldap_get_password_policy_from_dn function in plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c in MIT Kerberos 5 (aka krb5) before 1.13.1, when the KDC uses LDAP, allows remote authenticated users to cause a denial...Show more The krb5_ldap_get_password_policy_from_dn function in plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c in MIT Kerberos 5 (aka krb5) before 1.13.1, when the KDC uses LDAP, allows remote authenticated users to cause a denial of service (daemon crash) via a successful LDAP query with no results, as demonstrated by using an incorrect object type for a password policy.Show less
CVE-2014-8964 6Fedoraproject MariadbOpensuse+3 more 11Enterprise Linux Desktop Enterprise Linux EusEnterprise Linux Server+8 more May 6, 2026 Dec 16, 2014 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Heap-based buffer overflow in PCRE 8.36 and earlier allows remote attackers to cause a denial of service (crash) or have other unspecified impact via a crafted regular expression, related to an assertion that allows zero...Show more Heap-based buffer overflow in PCRE 8.36 and earlier allows remote attackers to cause a denial of service (crash) or have other unspecified impact via a crafted regular expression, related to an assertion that allows zero repeats.Show less
CVE-2014-8134 5Canonical LinuxOpensuse+2 more 6Evergreen LinuxLinux Kernel+3 more May 6, 2026 Dec 12, 2014 N/A· v4 3.3 LOW· v3 1.9 LOW· v2 The paravirt_ops_setup function in arch/x86/kernel/kvm.c in the Linux kernel through 3.18 uses an improper paravirt_enabled setting for KVM guest kernels, which makes it easier for guest OS users to bypass the ASLR prote...Show more The paravirt_ops_setup function in arch/x86/kernel/kvm.c in the Linux kernel through 3.18 uses an improper paravirt_enabled setting for KVM guest kernels, which makes it easier for guest OS users to bypass the ASLR protection mechanism via a crafted application that reads a 16-bit value.Show less
CVE-2014-8124 4Fedoraproject OpenstackOpensuse+1 more 4Fedora HorizonOpensuse+1 more May 6, 2026 Dec 12, 2014 N/A· v4 N/A· v3 5.0 MEDIUM· v2 OpenStack Dashboard (Horizon) before 2014.1.3 and 2014.2.x before 2014.2.1 does not properly handle session records when using a db or memcached session engine, which allows remote attackers to cause a denial of service...Show more OpenStack Dashboard (Horizon) before 2014.1.3 and 2014.2.x before 2014.2.1 does not properly handle session records when using a db or memcached session engine, which allows remote attackers to cause a denial of service via a large number of requests to the login page.Show less
CVE-2014-9066 2Opensuse Xen 2Opensuse Xen May 6, 2026 Dec 9, 2014 N/A· v4 N/A· v3 4.7 MEDIUM· v2 Xen 4.4.x and earlier, when using a large number of VCPUs, does not properly handle read and write locks, which allows local x86 guest users to cause a denial of service (write denial or NMI watchdog timeout and host cra...Show more Xen 4.4.x and earlier, when using a large number of VCPUs, does not properly handle read and write locks, which allows local x86 guest users to cause a denial of service (write denial or NMI watchdog timeout and host crash) via a large number of read requests, a different vulnerability than CVE-2014-9065.Show less
CVE-2014-9065 2Opensuse Xen 2Opensuse Xen May 6, 2026 Dec 9, 2014 N/A· v4 N/A· v3 4.4 MEDIUM· v2 common/spinlock.c in Xen 4.4.x and earlier does not properly handle read and write locks, which allows local x86 guest users to cause a denial of service (write denial or NMI watchdog timeout and host crash) via a large...Show more common/spinlock.c in Xen 4.4.x and earlier does not properly handle read and write locks, which allows local x86 guest users to cause a denial of service (write denial or NMI watchdog timeout and host crash) via a large number of read requests, a different vulnerability to CVE-2014-9066.Show less
CVE-2014-9273 3Debian OpensuseRedhat 6Enterprise Linux Desktop Enterprise Linux Hpc NodeEnterprise Linux Server+3 more May 6, 2026 Dec 8, 2014 N/A· v4 N/A· v3 4.6 MEDIUM· v2 lib/handle.c in Hivex before 1.3.11 allows local users to execute arbitrary code and gain privileges via a small hive files, which triggers an out-of-bounds read or write.
CVE-2014-8600 3Kde OpensuseUrs Wolfer 4Kde Runtime Kio ExtrasKwebkitpart+1 more May 6, 2026 Dec 8, 2014 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Multiple cross-site scripting (XSS) vulnerabilities in KDE-Runtime 4.14.3 and earlier, kwebkitpart 1.3.4 and earlier, and kio-extras 5.1.1 and earlier allow remote attackers to inject arbitrary web script or HTML via a c...Show more Multiple cross-site scripting (XSS) vulnerabilities in KDE-Runtime 4.14.3 and earlier, kwebkitpart 1.3.4 and earlier, and kio-extras 5.1.1 and earlier allow remote attackers to inject arbitrary web script or HTML via a crafted URI using the (1) zip, (2) trash, (3) tar, (4) thumbnail, (5) smtps, (6) smtp, (7) smb, (8) remote, (9) recentdocuments, (10) nntps, (11) nntp, (12) network, (13) mbox, (14) ldaps, (15) ldap, (16) fonts, (17) file, (18) desktop, (19) cgi, (20) bookmarks, or (21) ar scheme, which is not properly handled in an error message.Show less

Previous 1...353637...73 Next