Opensuse

opensuse

Vendor: Opensuse • 1,454 CVEs

CVEs (1,454)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2014-8104 5Canonical DebianMageia+2 more 6Debian Linux MageiaOpensuse+3 more May 6, 2026 Dec 3, 2014 N/A· v4 N/A· v3 6.8 MEDIUM· v2 OpenVPN 2.x before 2.0.11, 2.1.x, 2.2.x before 2.2.3, and 2.3.x before 2.3.6 allows remote authenticated users to cause a denial of service (server crash) via a small control channel packet.
CVE-2014-9220 3Fedoraproject OpensuseOpenvas 3Fedora OpensuseOpenvas Manager May 6, 2026 Dec 3, 2014 N/A· v4 N/A· v3 7.5 HIGH· v2 SQL injection vulnerability in OpenVAS Manager before 4.0.6 and 5.x before 5.0.7 allows remote attackers to execute arbitrary SQL commands via the timezone parameter in a modify_schedule OMP command.
CVE-2014-8867 4Debian OpensuseRedhat+1 more 5Debian Linux Enterprise LinuxEnterprise Linux Desktop+2 more May 6, 2026 Dec 1, 2014 N/A· v4 N/A· v3 4.9 MEDIUM· v2 The acceleration support for the "REP MOVS" instruction in Xen 4.4.x, 3.2.x, and earlier lacks properly bounds checking for memory mapped I/O (MMIO) emulated in the hypervisor, which allows local HVM guests to cause a de...Show more The acceleration support for the "REP MOVS" instruction in Xen 4.4.x, 3.2.x, and earlier lacks properly bounds checking for memory mapped I/O (MMIO) emulated in the hypervisor, which allows local HVM guests to cause a denial of service (host crash) via unspecified vectors.Show less
CVE-2014-8866 3Debian OpensuseXen 3Debian Linux OpensuseXen May 6, 2026 Dec 1, 2014 N/A· v4 N/A· v3 4.7 MEDIUM· v2 The compatibility mode hypercall argument translation in Xen 3.3.x through 4.4.x, when running on a 64-bit hypervisor, allows local 32-bit HVM guests to cause a denial of service (host crash) via vectors involving alteri...Show more The compatibility mode hypercall argument translation in Xen 3.3.x through 4.4.x, when running on a 64-bit hypervisor, allows local 32-bit HVM guests to cause a denial of service (host crash) via vectors involving altering the high halves of registers while in 64-bit mode.Show less
CVE-2014-8961 2Opensuse Phpmyadmin 2Opensuse Phpmyadmin May 6, 2026 Nov 30, 2014 N/A· v4 N/A· v3 4.0 MEDIUM· v2 Directory traversal vulnerability in libraries/error_report.lib.php in the error-reporting feature in phpMyAdmin 4.1.x before 4.1.14.7 and 4.2.x before 4.2.12 allows remote authenticated users to obtain potentially sensi...Show more Directory traversal vulnerability in libraries/error_report.lib.php in the error-reporting feature in phpMyAdmin 4.1.x before 4.1.14.7 and 4.2.x before 4.2.12 allows remote authenticated users to obtain potentially sensitive information about a file's line count via a crafted parameter.Show less
CVE-2014-8959 2Opensuse Phpmyadmin 2Opensuse Phpmyadmin May 6, 2026 Nov 30, 2014 N/A· v4 N/A· v3 6.5 MEDIUM· v2 Directory traversal vulnerability in libraries/gis/GIS_Factory.class.php in the GIS editor in phpMyAdmin 4.0.x before 4.0.10.6, 4.1.x before 4.1.14.7, and 4.2.x before 4.2.12 allows remote authenticated users to include...Show more Directory traversal vulnerability in libraries/gis/GIS_Factory.class.php in the GIS editor in phpMyAdmin 4.0.x before 4.0.10.6, 4.1.x before 4.1.14.7, and 4.2.x before 4.2.12 allows remote authenticated users to include and execute arbitrary local files via a crafted geometry-type parameter.Show less
CVE-2014-9030 3Debian OpensuseXen 3Debian Linux OpensuseXen May 6, 2026 Nov 24, 2014 N/A· v4 N/A· v3 7.1 HIGH· v2 The do_mmu_update function in arch/x86/mm.c in Xen 3.2.x through 4.4.x does not properly manage page references, which allows remote domains to cause a denial of service by leveraging control over an HVM guest and a craf...Show more The do_mmu_update function in arch/x86/mm.c in Xen 3.2.x through 4.4.x does not properly manage page references, which allows remote domains to cause a denial of service by leveraging control over an HVM guest and a crafted MMU_MACHPHYS_UPDATE.Show less
CVE-2014-7817 4Canonical DebianGnu+1 more 4Debian Linux GlibcOpensuse+1 more May 6, 2026 Nov 24, 2014 N/A· v4 N/A· v3 4.6 MEDIUM· v2 The wordexp function in GNU C Library (aka glibc) 2.21 does not enforce the WRDE_NOCMD flag, which allows context-dependent attackers to execute arbitrary commands, as demonstrated by input containing "$((`...`))".
CVE-2014-8768 4Canonical OpensuseOracle+1 more 4Opensuse SolarisTcpdump+1 more May 6, 2026 Nov 20, 2014 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Multiple Integer underflows in the geonet_print function in tcpdump 4.5.0 through 4.6.2, when in verbose mode, allow remote attackers to cause a denial of service (segmentation fault and crash) via a crafted length value...Show more Multiple Integer underflows in the geonet_print function in tcpdump 4.5.0 through 4.6.2, when in verbose mode, allow remote attackers to cause a denial of service (segmentation fault and crash) via a crafted length value in a Geonet frame.Show less
CVE-2014-8595 3Debian OpensuseXen 3Debian Linux OpensuseXen May 6, 2026 Nov 19, 2014 N/A· v4 N/A· v3 1.9 LOW· v2 arch/x86/x86_emulate/x86_emulate.c in Xen 3.2.1 through 4.4.x does not properly check privileges, which allows local HVM guest users to gain privileges or cause a denial of service (crash) via a crafted (1) CALL, (2) JMP...Show more arch/x86/x86_emulate/x86_emulate.c in Xen 3.2.1 through 4.4.x does not properly check privileges, which allows local HVM guest users to gain privileges or cause a denial of service (crash) via a crafted (1) CALL, (2) JMP, (3) RETF, (4) LCALL, (5) LJMP, or (6) LRET far branch instruction.Show less
CVE-2014-8594 3Debian OpensuseXen 3Debian Linux OpensuseXen May 6, 2026 Nov 19, 2014 N/A· v4 N/A· v3 5.4 MEDIUM· v2 The do_mmu_update function in arch/x86/mm.c in Xen 4.x through 4.4.x does not properly restrict updates to only PV page tables, which allows remote PV guests to cause a denial of service (NULL pointer dereference) by lev...Show more The do_mmu_update function in arch/x86/mm.c in Xen 4.x through 4.4.x does not properly restrict updates to only PV page tables, which allows remote PV guests to cause a denial of service (NULL pointer dereference) by leveraging hardware emulation services for HVM guests using Hardware Assisted Paging (HAP).Show less
CVE-2014-7829 2Opensuse Rubyonrails 3Opensuse RailsRuby On Rails May 6, 2026 Nov 18, 2014 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Directory traversal vulnerability in actionpack/lib/action_dispatch/middleware/static.rb in Action Pack in Ruby on Rails 3.x before 3.2.21, 4.0.x before 4.0.12, 4.1.x before 4.1.8, and 4.2.x before 4.2.0.beta4, when serv...Show more Directory traversal vulnerability in actionpack/lib/action_dispatch/middleware/static.rb in Action Pack in Ruby on Rails 3.x before 3.2.21, 4.0.x before 4.0.12, 4.1.x before 4.1.8, and 4.2.x before 4.2.0.beta4, when serve_static_assets is enabled, allows remote attackers to determine the existence of files outside the application root via vectors involving a \ (backslash) character, a similar issue to CVE-2014-7818.Show less
CVE-2014-0250 2Freerdp Opensuse 2Freerdp Opensuse May 6, 2026 Nov 16, 2014 N/A· v4 N/A· v3 7.5 HIGH· v2 Multiple integer overflows in client/X11/xf_graphics.c in FreeRDP allow remote attackers to have an unspecified impact via the width and height to the (1) xf_Pointer_New or (2) xf_Bitmap_Decompress function, which causes...Show more Multiple integer overflows in client/X11/xf_graphics.c in FreeRDP allow remote attackers to have an unspecified impact via the width and height to the (1) xf_Pointer_New or (2) xf_Bitmap_Decompress function, which causes an incorrect amount of memory to be allocated.Show less
CVE-2014-3707 6Apple CanonicalDebian+3 more 6Debian Linux HyperionLibcurl+3 more May 6, 2026 Nov 15, 2014 N/A· v4 N/A· v3 4.3 MEDIUM· v2 The curl_easy_duphandle function in libcurl 7.17.1 through 7.38.0, when running with the CURLOPT_COPYPOSTFIELDS option, does not properly copy HTTP POST data for an easy handle, which triggers an out-of-bounds read that...Show more The curl_easy_duphandle function in libcurl 7.17.1 through 7.38.0, when running with the CURLOPT_COPYPOSTFIELDS option, does not properly copy HTTP POST data for an easy handle, which triggers an out-of-bounds read that allows remote web servers to read sensitive memory information.Show less
CVE-2014-8564 4Canonical GnuOpensuse+1 more 7Enterprise Linux Desktop Enterprise Linux Hpc NodeEnterprise Linux Server+4 more May 6, 2026 Nov 13, 2014 N/A· v4 N/A· v3 5.0 MEDIUM· v2 The _gnutls_ecc_ansi_x963_export function in gnutls_ecc.c in GnuTLS 3.x before 3.1.28, 3.2.x before 3.2.20, and 3.3.x before 3.3.10 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted...Show more The _gnutls_ecc_ansi_x963_export function in gnutls_ecc.c in GnuTLS 3.x before 3.1.28, 3.2.x before 3.2.20, and 3.3.x before 3.3.10 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted (1) Elliptic Curve Cryptography (ECC) certificate or (2) certificate signing requests (CSR), related to generating key IDs.Show less
CVE-2014-8559 6Canonical LinuxNovell+3 more 11Evergreen LinuxLinux Enterprise Real Time Extension+8 more May 6, 2026 Nov 10, 2014 N/A· v4 5.5 MEDIUM· v3 4.9 MEDIUM· v2 The d_walk function in fs/dcache.c in the Linux kernel through 3.17.2 does not properly maintain the semantics of rename_lock, which allows local users to cause a denial of service (deadlock and system hang) via a crafte...Show more The d_walk function in fs/dcache.c in the Linux kernel through 3.17.2 does not properly maintain the semantics of rename_lock, which allows local users to cause a denial of service (deadlock and system hang) via a crafted application.Show less
CVE-2014-7818 2Opensuse Rubyonrails 3Opensuse RailsRuby On Rails May 6, 2026 Nov 8, 2014 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Directory traversal vulnerability in actionpack/lib/action_dispatch/middleware/static.rb in Action Pack in Ruby on Rails 3.x before 3.2.20, 4.0.x before 4.0.11, 4.1.x before 4.1.7, and 4.2.x before 4.2.0.beta3, when serv...Show more Directory traversal vulnerability in actionpack/lib/action_dispatch/middleware/static.rb in Action Pack in Ruby on Rails 3.x before 3.2.20, 4.0.x before 4.0.11, 4.1.x before 4.1.7, and 4.2.x before 4.2.0.beta3, when serve_static_assets is enabled, allows remote attackers to determine the existence of files outside the application root via a /..%2F sequence.Show less
CVE-2014-6300 2Opensuse Phpmyadmin 2Opensuse Phpmyadmin May 6, 2026 Nov 8, 2014 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Cross-site scripting (XSS) vulnerability in the micro history implementation in phpMyAdmin 4.0.x before 4.0.10.3, 4.1.x before 4.1.14.4, and 4.2.x before 4.2.8.1 allows remote attackers to inject arbitrary web script or...Show more Cross-site scripting (XSS) vulnerability in the micro history implementation in phpMyAdmin 4.0.x before 4.0.10.3, 4.1.x before 4.1.14.4, and 4.2.x before 4.2.8.1 allows remote attackers to inject arbitrary web script or HTML, and consequently conduct a cross-site request forgery (CSRF) attack to create a root account, via a crafted URL, related to js/ajax.js.Show less
CVE-2014-3693 4Canonical LibreofficeOpensuse+1 more 6Enterprise Linux Desktop Enterprise Linux ServerEnterprise Linux Workstation+3 more May 6, 2026 Nov 7, 2014 N/A· v4 N/A· v3 7.5 HIGH· v2 Use-after-free vulnerability in the socket manager of Impress Remote in LibreOffice 4.x before 4.2.7 and 4.3.x before 4.3.3 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code...Show more Use-after-free vulnerability in the socket manager of Impress Remote in LibreOffice 4.x before 4.2.7 and 4.3.x before 4.3.3 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted request to TCP port 1599.Show less
CVE-2014-8483 4Canonical DebianOpensuse+1 more 4Debian Linux OpensuseQuassel Irc+1 more May 6, 2026 Nov 6, 2014 N/A· v4 N/A· v3 5.0 MEDIUM· v2 The blowfishECB function in core/cipher.cpp in Quassel IRC 0.10.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a malformed string.

Previous 1...363738...73 Next