Opensuse

opensuse

Vendor: Opensuse • 1,454 CVEs

CVEs (1,454)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2014-8326 2Opensuse Phpmyadmin 2Opensuse Phpmyadmin May 6, 2026 Nov 5, 2014 N/A· v4 N/A· v3 3.5 LOW· v2 Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.5, 4.1.x before 4.1.14.6, and 4.2.x before 4.2.10.1 allow remote authenticated users to inject arbitrary web script or HTML via a craf...Show more Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.5, 4.1.x before 4.1.14.6, and 4.2.x before 4.2.10.1 allow remote authenticated users to inject arbitrary web script or HTML via a crafted (1) database name or (2) table name, related to the libraries/DatabaseInterface.class.php code for SQL debug output and the js/server_status_monitor.js code for the server monitor page.Show less
CVE-2013-4540 2Opensuse Qemu 2Opensuse Qemu May 6, 2026 Nov 4, 2014 N/A· v4 N/A· v3 7.5 HIGH· v2 Buffer overflow in scoop_gpio_handler_update in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via a large (1) prev_level, (2) gpio_level, or (3) gpio_dir value in a savevm image.
CVE-2014-8080 4Canonical OpensuseRedhat+1 more 4Enterprise Linux OpensuseRuby+1 more May 6, 2026 Nov 3, 2014 N/A· v4 N/A· v3 5.0 MEDIUM· v2 The REXML parser in Ruby 1.9.x before 1.9.3-p550, 2.0.x before 2.0.0-p594, and 2.1.x before 2.1.4 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document, aka an XML Entity Ex...Show more The REXML parser in Ruby 1.9.x before 1.9.3-p550, 2.0.x before 2.0.0-p594, and 2.1.x before 2.1.4 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document, aka an XML Entity Expansion (XEE) attack.Show less
CVE-2014-3615 5Canonical DebianOpensuse+2 more 12Debian Linux Enterprise Linux DesktopEnterprise Linux Eus+9 more May 6, 2026 Nov 1, 2014 N/A· v4 N/A· v3 2.1 LOW· v2 The VGA emulator in QEMU allows local guest users to read host memory by setting the display to a high resolution.
CVE-2014-3475 2Openstack Opensuse 2Horizon Opensuse May 6, 2026 Oct 31, 2014 N/A· v4 N/A· v3 3.5 LOW· v2 Cross-site scripting (XSS) vulnerability in the Users panel (admin/users/) in OpenStack Dashboard (Horizon) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 allows remote administrators to inject arbitrary...Show more Cross-site scripting (XSS) vulnerability in the Users panel (admin/users/) in OpenStack Dashboard (Horizon) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 allows remote administrators to inject arbitrary web script or HTML via a user email address, a different vulnerability than CVE-2014-8578.Show less
CVE-2014-3474 2Openstack Opensuse 2Horizon Opensuse May 6, 2026 Oct 31, 2014 N/A· v4 N/A· v3 3.5 LOW· v2 Cross-site scripting (XSS) vulnerability in horizon/static/horizon/js/horizon.instances.js in the Launch Instance menu in OpenStack Dashboard (Horizon) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 allo...Show more Cross-site scripting (XSS) vulnerability in horizon/static/horizon/js/horizon.instances.js in the Launch Instance menu in OpenStack Dashboard (Horizon) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 allows remote authenticated users to inject arbitrary web script or HTML via a network name.Show less
CVE-2014-3473 2Openstack Opensuse 2Horizon Opensuse May 6, 2026 Oct 31, 2014 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Cross-site scripting (XSS) vulnerability in the Orchestration/Stack section in the Horizon Orchestration dashboard in OpenStack Dashboard (Horizon) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2, when us...Show more Cross-site scripting (XSS) vulnerability in the Orchestration/Stack section in the Horizon Orchestration dashboard in OpenStack Dashboard (Horizon) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2, when used with Heat, allows remote Orchestration template owners or catalogs to inject arbitrary web script or HTML via a crafted template.Show less
CVE-2013-0334 3Bundler FedoraprojectOpensuse 3Bundler FedoraOpensuse May 6, 2026 Oct 31, 2014 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Bundler before 1.7, when multiple top-level source lines are used, allows remote attackers to install arbitrary gems by creating a gem with the same name as another gem in a different source.
CVE-2014-3694 4Canonical DebianOpensuse+1 more 4Debian Linux OpensusePidgin+1 more May 6, 2026 Oct 29, 2014 N/A· v4 N/A· v3 6.4 MEDIUM· v2 The (1) bundled GnuTLS SSL/TLS plugin and the (2) bundled OpenSSL SSL/TLS plugin in libpurple in Pidgin before 2.10.10 do not properly consider the Basic Constraints extension during verification of X.509 certificates fr...Show more The (1) bundled GnuTLS SSL/TLS plugin and the (2) bundled OpenSSL SSL/TLS plugin in libpurple in Pidgin before 2.10.10 do not properly consider the Basic Constraints extension during verification of X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.Show less
CVE-2014-3636 3D Bus Project FreedesktopOpensuse 3D Bus DbusOpensuse May 6, 2026 Oct 25, 2014 N/A· v4 N/A· v3 1.9 LOW· v2 D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8 allows local users to (1) cause a denial of service (prevention of new connections and connection drop) by queuing the maximum number of file descriptors or...Show more D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8 allows local users to (1) cause a denial of service (prevention of new connections and connection drop) by queuing the maximum number of file descriptors or (2) cause a denial of service (disconnect) via multiple messages that combine to have more than the allowed number of file descriptors for a single sendmsg call.Show less
CVE-2014-5026 3Cacti DebianOpensuse 3Cacti Debian LinuxOpensuse May 6, 2026 Oct 20, 2014 N/A· v4 N/A· v3 3.5 LOW· v2 Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.8b allow remote authenticated users with console access to inject arbitrary web script or HTML via a (1) Graph Tree Title in a delete or (2) edit action; (...Show more Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.8b allow remote authenticated users with console access to inject arbitrary web script or HTML via a (1) Graph Tree Title in a delete or (2) edit action; (3) CDEF Name, (4) Data Input Method Name, or (5) Host Templates Name in a delete action; (6) Data Source Title; (7) Graph Title; or (8) Graph Template Name in a delete or (9) duplicate action.Show less
CVE-2014-5025 3Cacti DebianOpensuse 3Cacti Debian LinuxOpensuse May 6, 2026 Oct 20, 2014 N/A· v4 N/A· v3 3.5 LOW· v2 Cross-site scripting (XSS) vulnerability in data_sources.php in Cacti 0.8.8b allows remote authenticated users with console access to inject arbitrary web script or HTML via the name_cache parameter in a ds_edit action.
CVE-2014-2576 2Claws Mail Opensuse 2Claws Mail Opensuse May 6, 2026 Oct 15, 2014 N/A· v4 N/A· v3 6.8 MEDIUM· v2 plugins/rssyl/feed.c in Claws Mail before 3.10.0 disables the CURLOPT_SSL_VERIFYHOST check for CN or SAN host name fields, which makes it easier for remote attackers to spoof servers and conduct man-in-the-middle (MITM)...Show more plugins/rssyl/feed.c in Claws Mail before 3.10.0 disables the CURLOPT_SSL_VERIFYHOST check for CN or SAN host name fields, which makes it easier for remote attackers to spoof servers and conduct man-in-the-middle (MITM) attacks.Show less
CVE-2014-1830 2Opensuse Python 2Opensuse Requests May 6, 2026 Oct 15, 2014 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Requests (aka python-requests) before 2.3.0 allows remote servers to obtain sensitive information by reading the Proxy-Authorization header in a redirected request.
CVE-2014-0569 3Adobe OpensuseSuse 7Air Desktop Runtime Air SdkEvergreen+4 more May 6, 2026 Oct 15, 2014 N/A· v4 N/A· v3 9.3 HIGH· v2 Integer overflow in Adobe Flash Player before 13.0.0.250 and 14.x and 15.x before 15.0.0.189 on Windows and OS X and before 11.2.202.411 on Linux, Adobe AIR before 15.0.0.293, Adobe AIR SDK before 15.0.0.302, and Adobe A...Show more Integer overflow in Adobe Flash Player before 13.0.0.250 and 14.x and 15.x before 15.0.0.189 on Windows and OS X and before 11.2.202.411 on Linux, Adobe AIR before 15.0.0.293, Adobe AIR SDK before 15.0.0.302, and Adobe AIR SDK & Compiler before 15.0.0.302 allows attackers to execute arbitrary code via unspecified vectors.Show less
CVE-2014-0564 3Adobe OpensuseSuse 7Air Desktop Runtime Air SdkEvergreen+4 more May 6, 2026 Oct 15, 2014 N/A· v4 N/A· v3 10.0 HIGH· v2 Adobe Flash Player before 13.0.0.250 and 14.x and 15.x before 15.0.0.189 on Windows and OS X and before 11.2.202.411 on Linux, Adobe AIR before 15.0.0.293, Adobe AIR SDK before 15.0.0.302, and Adobe AIR SDK & Compiler be...Show more Adobe Flash Player before 13.0.0.250 and 14.x and 15.x before 15.0.0.189 on Windows and OS X and before 11.2.202.411 on Linux, Adobe AIR before 15.0.0.293, Adobe AIR SDK before 15.0.0.302, and Adobe AIR SDK & Compiler before 15.0.0.302 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-0558.Show less
CVE-2014-3566 11Apple DebianFedoraproject+8 more 20Aix DatabaseDebian Linux+17 more May 28, 2026 Oct 15, 2014 N/A· v4 3.4 LOW· v3 4.3 MEDIUM· v2 The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, a...Show more The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue.Show less
CVE-2014-4043 2Gnu Opensuse 2Glibc Opensuse May 6, 2026 Oct 6, 2014 N/A· v4 N/A· v3 7.5 HIGH· v2 The posix_spawn_file_actions_addopen function in glibc before 2.20 does not copy its path argument in accordance with the POSIX specification, which allows context-dependent attackers to trigger use-after-free vulnerabil...Show more The posix_spawn_file_actions_addopen function in glibc before 2.20 does not copy its path argument in accordance with the POSIX specification, which allows context-dependent attackers to trigger use-after-free vulnerabilities.Show less
CVE-2014-7155 4Debian FedoraprojectOpensuse+1 more 4Debian Linux FedoraOpensuse+1 more May 6, 2026 Oct 2, 2014 N/A· v4 N/A· v3 5.8 MEDIUM· v2 The x86_emulate function in arch/x86/x86_emulate/x86_emulate.c in Xen 4.4.x and earlier does not properly check supervisor mode permissions, which allows local HVM users to cause a denial of service (guest crash) or gain...Show more The x86_emulate function in arch/x86/x86_emulate/x86_emulate.c in Xen 4.4.x and earlier does not properly check supervisor mode permissions, which allows local HVM users to cause a denial of service (guest crash) or gain guest kernel mode privileges via vectors involving an (1) HLT, (2) LGDT, (3) LIDT, or (4) LMSW instruction.Show less
CVE-2014-7154 4Debian FedoraprojectOpensuse+1 more 4Debian Linux FedoraOpensuse+1 more May 6, 2026 Oct 2, 2014 N/A· v4 N/A· v3 6.1 MEDIUM· v2 Race condition in HVMOP_track_dirty_vram in Xen 4.0.0 through 4.4.x does not ensure possession of the guarding lock for dirty video RAM tracking, which allows certain local guest domains to cause a denial of service via...Show more Race condition in HVMOP_track_dirty_vram in Xen 4.0.0 through 4.4.x does not ensure possession of the guarding lock for dirty video RAM tracking, which allows certain local guest domains to cause a denial of service via unspecified vectors.Show less

Previous 1...373839...73 Next