Opensuse

opensuse

Vendor: Opensuse • 1,454 CVEs

CVEs (1,454)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2014-5459 3Opensuse OraclePhp 4Evergreen OpensusePhp+1 more May 6, 2026 Sep 27, 2014 N/A· v4 N/A· v3 3.6 LOW· v2 The PEAR_REST class in REST.php in PEAR in PHP through 5.6.0 allows local users to write to arbitrary files via a symlink attack on a (1) rest.cachefile or (2) rest.cacheid file in /tmp/pear/cache/, related to the retrie...Show more The PEAR_REST class in REST.php in PEAR in PHP through 5.6.0 allows local users to write to arbitrary files via a symlink attack on a (1) rest.cachefile or (2) rest.cacheid file in /tmp/pear/cache/, related to the retrieveCacheFirst and useLocalCache functions.Show less
CVE-2014-7169 17Apple AristaCanonical+14 more 74Arx Firmware BashBig Ip Access Policy Manager+71 more Apr 22, 2026 Sep 25, 2014 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown oth...Show more GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271.Show less
CVE-2014-6271 17Apple AristaCanonical+14 more 74Arx Firmware BashBig Ip Access Policy Manager+71 more Apr 22, 2026 Sep 24, 2014 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vec...Show more GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka "ShellShock." NOTE: the original fix for this issue was incorrect; CVE-2014-7169 has been assigned to cover the vulnerability that is still present after the incorrect fix.Show less
CVE-2014-3639 3D Bus Project FreedesktopOpensuse 3D Bus DbusOpensuse May 6, 2026 Sep 22, 2014 N/A· v4 N/A· v3 2.1 LOW· v2 The dbus-daemon in D-Bus before 1.6.24 and 1.8.x before 1.8.8 does not properly close old connections, which allows local users to cause a denial of service (incomplete connection consumption and prevention of new connec...Show more The dbus-daemon in D-Bus before 1.6.24 and 1.8.x before 1.8.8 does not properly close old connections, which allows local users to cause a denial of service (incomplete connection consumption and prevention of new connections) via a large number of incomplete connections.Show less
CVE-2014-3638 3D Bus Project FreedesktopOpensuse 3D Bus DbusOpensuse May 6, 2026 Sep 22, 2014 N/A· v4 N/A· v3 2.1 LOW· v2 The bus_connections_check_reply function in config-parser.c in D-Bus before 1.6.24 and 1.8.x before 1.8.8 allows local users to cause a denial of service (CPU consumption) via a large number of method calls.
CVE-2014-3637 2Freedesktop Opensuse 2Dbus Opensuse May 6, 2026 Sep 22, 2014 N/A· v4 N/A· v3 2.1 LOW· v2 D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8 does not properly close connections for processes that have terminated, which allows local users to cause a denial of service via a D-bus message containing...Show more D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8 does not properly close connections for processes that have terminated, which allows local users to cause a denial of service via a D-bus message containing a D-Bus connection file descriptor.Show less
CVE-2014-3635 3D Bus Project FreedesktopOpensuse 3D Bus DbusOpensuse May 6, 2026 Sep 22, 2014 N/A· v4 N/A· v3 4.4 MEDIUM· v2 Off-by-one error in D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8, when running on a 64-bit system and the max_message_unix_fds limit is set to an odd number, allows local users to cause a denial of serv...Show more Off-by-one error in D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8, when running on a 64-bit system and the max_message_unix_fds limit is set to an odd number, allows local users to cause a denial of service (dbus-daemon crash) or possibly execute arbitrary code by sending one more file descriptor than the limit, which triggers a heap-based buffer overflow or an assertion failure.Show less
CVE-2014-3985 2Miniupnp Project Opensuse 2Miniupnp Opensuse May 6, 2026 Sep 11, 2014 N/A· v4 N/A· v3 5.0 MEDIUM· v2 The getHTTPResponse function in miniwget.c in MiniUPnP 1.9 allows remote attackers to cause a denial of service (crash) via crafted headers that trigger an out-of-bounds read.
CVE-2014-0553 3Adobe OpensuseSuse 5Adobe Air Adobe Air SdkFlash Player+2 more May 6, 2026 Sep 10, 2014 N/A· v4 N/A· v3 10.0 HIGH· v2 Use-after-free vulnerability in Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows and OS X and before 11.2.202.406 on Linux, Adobe AIR before 15.0.0.249 on Windows and OS X and before 15...Show more Use-after-free vulnerability in Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows and OS X and before 11.2.202.406 on Linux, Adobe AIR before 15.0.0.249 on Windows and OS X and before 15.0.0.252 on Android, Adobe AIR SDK before 15.0.0.249, and Adobe AIR SDK & Compiler before 15.0.0.249 allows attackers to execute arbitrary code via unspecified vectors.Show less
CVE-2014-5461 5Canonical DebianLua+2 more 5Debian Linux LuaMageia+2 more May 6, 2026 Sep 4, 2014 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Buffer overflow in the vararg functions in ldo.c in Lua 5.1 through 5.2.x before 5.2.3 allows context-dependent attackers to cause a denial of service (crash) via a small number of arguments to a function with a large nu...Show more Buffer overflow in the vararg functions in ldo.c in Lua 5.1 through 5.2.x before 5.2.3 allows context-dependent attackers to cause a denial of service (crash) via a small number of arguments to a function with a large number of fixed arguments.Show less
CVE-2014-1564 2Mozilla Opensuse 4Evergreen FirefoxOpensuse+1 more May 6, 2026 Sep 3, 2014 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Mozilla Firefox before 32.0, Firefox ESR 31.x before 31.1, and Thunderbird 31.x before 31.1 do not properly initialize memory for GIF rendering, which allows remote attackers to obtain sensitive information from process...Show more Mozilla Firefox before 32.0, Firefox ESR 31.x before 31.1, and Thunderbird 31.x before 31.1 do not properly initialize memory for GIF rendering, which allows remote attackers to obtain sensitive information from process memory via crafted web script that interacts with a CANVAS element associated with a malformed GIF image.Show less
CVE-2014-1563 3Mozilla OpensuseOracle 5Evergreen FirefoxOpensuse+2 more May 6, 2026 Sep 3, 2014 N/A· v4 N/A· v3 10.0 HIGH· v2 Use-after-free vulnerability in the mozilla::DOMSVGLength::GetTearOff function in Mozilla Firefox before 32.0, Firefox ESR 31.x before 31.1, and Thunderbird 31.x before 31.1 allows remote attackers to execute arbitrary c...Show more Use-after-free vulnerability in the mozilla::DOMSVGLength::GetTearOff function in Mozilla Firefox before 32.0, Firefox ESR 31.x before 31.1, and Thunderbird 31.x before 31.1 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via an SVG animation with DOM interaction that triggers incorrect cycle collection.Show less
CVE-2014-1553 2Mozilla Opensuse 4Evergreen FirefoxOpensuse+1 more May 6, 2026 Sep 3, 2014 N/A· v4 N/A· v3 10.0 HIGH· v2 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 32.0, Firefox ESR 31.x before 31.1, and Thunderbird 31.x before 31.1 allow remote attackers to cause a denial of service (memory corrup...Show more Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 32.0, Firefox ESR 31.x before 31.1, and Thunderbird 31.x before 31.1 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.Show less
CVE-2014-3169 3Debian GoogleOpensuse 3Chrome Debian LinuxOpensuse May 6, 2026 Aug 27, 2014 N/A· v4 N/A· v3 7.5 HIGH· v2 Use-after-free vulnerability in core/dom/ContainerNode.cpp in the DOM implementation in Blink, as used in Google Chrome before 37.0.2062.94, allows remote attackers to cause a denial of service or possibly have unspecifi...Show more Use-after-free vulnerability in core/dom/ContainerNode.cpp in the DOM implementation in Blink, as used in Google Chrome before 37.0.2062.94, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging script execution that occurs before notification of node removal.Show less
CVE-2014-3168 3Debian GoogleOpensuse 3Chrome Debian LinuxOpensuse May 6, 2026 Aug 27, 2014 N/A· v4 N/A· v3 7.5 HIGH· v2 Use-after-free vulnerability in the SVG implementation in Blink, as used in Google Chrome before 37.0.2062.94, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging...Show more Use-after-free vulnerability in the SVG implementation in Blink, as used in Google Chrome before 37.0.2062.94, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging improper caching associated with animation.Show less
CVE-2014-2528 2Kdirstat Project Opensuse 2Kdirstat Opensuse May 6, 2026 Aug 26, 2014 N/A· v4 N/A· v3 6.8 MEDIUM· v2 kcleanup.cpp in KDirStat 2.7.3 does not properly quote strings when deleting a directory, which allows remote attackers to execute arbitrary commands via a ' (single quote) character in the directory name, a different vu...Show more kcleanup.cpp in KDirStat 2.7.3 does not properly quote strings when deleting a directory, which allows remote attackers to execute arbitrary commands via a ' (single quote) character in the directory name, a different vulnerability than CVE-2014-2527.Show less
CVE-2014-2527 2Kdirstat Project Opensuse 2Kdirstat Opensuse May 6, 2026 Aug 26, 2014 N/A· v4 N/A· v3 6.8 MEDIUM· v2 kcleanup.cpp in KDirStat 2.7.0 does not properly quote strings when deleting a directory, which allows remote attackers to execute arbitrary commands via a " (double quote) character in the directory name, a different vu...Show more kcleanup.cpp in KDirStat 2.7.0 does not properly quote strings when deleting a directory, which allows remote attackers to execute arbitrary commands via a " (double quote) character in the directory name, a different vulnerability than CVE-2014-2528.Show less
CVE-2014-0483 2Djangoproject Opensuse 2Django Opensuse May 6, 2026 Aug 26, 2014 N/A· v4 N/A· v3 3.5 LOW· v2 The administrative interface (contrib.admin) in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3 does not check if a field represents a relationship between models, which a...Show more The administrative interface (contrib.admin) in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3 does not check if a field represents a relationship between models, which allows remote authenticated users to obtain sensitive information via a to_field parameter in a popup action to an admin change form page, as demonstrated by a /admin/auth/user/?pop=1&t=password URI.Show less
CVE-2014-0482 2Djangoproject Opensuse 2Django Opensuse May 6, 2026 Aug 26, 2014 N/A· v4 N/A· v3 6.0 MEDIUM· v2 The contrib.auth.middleware.RemoteUserMiddleware middleware in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3, when using the contrib.auth.backends.RemoteUserBackend back...Show more The contrib.auth.middleware.RemoteUserMiddleware middleware in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3, when using the contrib.auth.backends.RemoteUserBackend backend, allows remote authenticated users to hijack web sessions via vectors related to the REMOTE_USER header.Show less
CVE-2014-0481 4Debian DjangoprojectOpensuse+1 more 4Debian Linux DjangoOpensuse+1 more May 6, 2026 Aug 26, 2014 N/A· v4 N/A· v3 4.3 MEDIUM· v2 The default configuration for the file upload handling system in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3 uses a sequential file name generation process when a file...Show more The default configuration for the file upload handling system in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3 uses a sequential file name generation process when a file with a conflicting name is uploaded, which allows remote attackers to cause a denial of service (CPU consumption) by unloading a multiple files with the same name.Show less

Previous 1...383940...73 Next