Opensuse

opensuse

Vendor: Opensuse • 1,454 CVEs

CVEs (1,454)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2014-0480 2Djangoproject Opensuse 2Django Opensuse May 6, 2026 Aug 26, 2014 N/A· v4 N/A· v3 5.8 MEDIUM· v2 The core.urlresolvers.reverse function in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3 does not properly validate URLs, which allows remote attackers to conduct phishin...Show more The core.urlresolvers.reverse function in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3 does not properly validate URLs, which allows remote attackers to conduct phishing attacks via a // (slash slash) in a URL, which triggers a scheme-relative URL to be generated.Show less
CVE-2014-3589 3Debian OpensusePython 3Opensuse PillowPython Imaging May 6, 2026 Aug 25, 2014 N/A· v4 N/A· v3 5.0 MEDIUM· v2 PIL/IcnsImagePlugin.py in Python Imaging Library (PIL) and Pillow before 2.3.2 and 2.5.x before 2.5.2 allows remote attackers to cause a denial of service via a crafted block size.
CVE-2014-5149 2Opensuse Xen 2Opensuse Xen May 6, 2026 Aug 22, 2014 N/A· v4 N/A· v3 4.7 MEDIUM· v2 Certain MMU virtualization operations in Xen 4.2.x through 4.4.x, when using shadow pagetables, are not preemptible, which allows local HVM guest to cause a denial of service (vcpu consumption) by invoking these operatio...Show more Certain MMU virtualization operations in Xen 4.2.x through 4.4.x, when using shadow pagetables, are not preemptible, which allows local HVM guest to cause a denial of service (vcpu consumption) by invoking these operations, which process every page assigned to a guest, a different vulnerability than CVE-2014-5146.Show less
CVE-2014-5146 2Opensuse Xen 2Opensuse Xen May 6, 2026 Aug 22, 2014 N/A· v4 N/A· v3 4.7 MEDIUM· v2 Certain MMU virtualization operations in Xen 4.2.x through 4.4.x before the xsa97-hap patch, when using Hardware Assisted Paging (HAP), are not preemptible, which allows local HVM guest to cause a denial of service (vcpu...Show more Certain MMU virtualization operations in Xen 4.2.x through 4.4.x before the xsa97-hap patch, when using Hardware Assisted Paging (HAP), are not preemptible, which allows local HVM guest to cause a denial of service (vcpu consumption) by invoking these operations, which process every page assigned to a guest, a different vulnerability than CVE-2014-5149.Show less
CVE-2014-3594 2Openstack Opensuse 2Horizon Opensuse May 6, 2026 Aug 22, 2014 N/A· v4 N/A· v3 3.5 LOW· v2 Cross-site scripting (XSS) vulnerability in the Host Aggregates interface in OpenStack Dashboard (Horizon) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-3 allows remote administrators to inject arbitrary...Show more Cross-site scripting (XSS) vulnerability in the Host Aggregates interface in OpenStack Dashboard (Horizon) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-3 allows remote administrators to inject arbitrary web script or HTML via a new host aggregate name.Show less
CVE-2014-5274 2Opensuse Phpmyadmin 2Opensuse Phpmyadmin May 6, 2026 Aug 22, 2014 N/A· v4 N/A· v3 3.5 LOW· v2 Cross-site scripting (XSS) vulnerability in the view operations page in phpMyAdmin 4.1.x before 4.1.14.3 and 4.2.x before 4.2.7.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted vie...Show more Cross-site scripting (XSS) vulnerability in the view operations page in phpMyAdmin 4.1.x before 4.1.14.3 and 4.2.x before 4.2.7.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted view name, related to js/functions.js.Show less
CVE-2014-2524 4Fedoraproject GnuMageia+1 more 4Fedora MageiaOpensuse+1 more May 6, 2026 Aug 20, 2014 N/A· v4 N/A· v3 3.3 LOW· v2 The _rl_tropen function in util.c in GNU readline before 6.3 patch 3 allows local users to create or overwrite arbitrary files via a symlink attack on a /var/tmp/rltrace.[PID] file.
CVE-2014-3528 5Apache AppleCanonical+2 more 9Enterprise Linux Desktop Enterprise Linux Hpc NodeEnterprise Linux Server+6 more May 6, 2026 Aug 19, 2014 N/A· v4 N/A· v3 4.0 MEDIUM· v2 Apache Subversion 1.0.0 through 1.7.x before 1.7.17 and 1.8.x before 1.8.10 uses an MD5 hash of the URL and authentication realm to store cached credentials, which makes it easier for remote servers to obtain the credent...Show more Apache Subversion 1.0.0 through 1.7.x before 1.7.17 and 1.8.x before 1.8.10 uses an MD5 hash of the URL and authentication realm to store cached credentials, which makes it easier for remote servers to obtain the credentials via a crafted authentication realm.Show less
CVE-2014-3522 4Apache AppleCanonical+1 more 4Opensuse SubversionUbuntu Linux+1 more May 6, 2026 Aug 19, 2014 N/A· v4 N/A· v3 4.0 MEDIUM· v2 The Serf RA layer in Apache Subversion 1.4.0 through 1.7.x before 1.7.18 and 1.8.x before 1.8.10 does not properly handle wildcards in the Common Name (CN) or subjectAltName field of the X.509 certificate, which allows m...Show more The Serf RA layer in Apache Subversion 1.4.0 through 1.7.x before 1.7.18 and 1.8.x before 1.8.10 does not properly handle wildcards in the Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof servers via a crafted certificate.Show less
CVE-2014-3429 3Ipython MageiaOpensuse 3Ipython Notebook MageiaOpensuse May 6, 2026 Aug 7, 2014 N/A· v4 N/A· v3 6.8 MEDIUM· v2 IPython Notebook 0.12 through 1.x before 1.2 does not validate the origin of websocket requests, which allows remote attackers to execute arbitrary code by leveraging knowledge of the kernel id and a crafted page.
CVE-2013-4159 3Ctdb Project MageiaOpensuse 3Ctdb MageiaOpensuse May 6, 2026 Aug 6, 2014 N/A· v4 N/A· v3 7.5 HIGH· v2 ctdb before 2.3 in OpenSUSE 12.3 and 13.1 does not create temporary files securely, which has unspecified impact related to "several temp file vulnerabilities" in (1) tcp/tcp_connect.c, (2) server/eventscript.c, (3) tool...Show more ctdb before 2.3 in OpenSUSE 12.3 and 13.1 does not create temporary files securely, which has unspecified impact related to "several temp file vulnerabilities" in (1) tcp/tcp_connect.c, (2) server/eventscript.c, (3) tools/ctdb_diagnostics, (4) config/gdb_backtrace, and (5) include/ctdb_private.h.Show less
CVE-2014-5177 2Opensuse Redhat 4Enterprise Linux Enterprise VirtualizationLibvirt+1 more May 6, 2026 Aug 3, 2014 N/A· v4 N/A· v3 1.2 LOW· v2 libvirt 1.0.0 through 1.2.x before 1.2.5, when fine grained access control is enabled, allows local users to read arbitrary files via a crafted XML document containing an XML external entity declaration in conjunction wi...Show more libvirt 1.0.0 through 1.2.x before 1.2.5, when fine grained access control is enabled, allows local users to read arbitrary files via a crafted XML document containing an XML external entity declaration in conjunction with an entity reference to the (1) virDomainDefineXML, (2) virNetworkCreateXML, (3) virNetworkDefineXML, (4) virStoragePoolCreateXML, (5) virStoragePoolDefineXML, (6) virStorageVolCreateXML, (7) virDomainCreateXML, (8) virNodeDeviceCreateXML, (9) virInterfaceDefineXML, (10) virStorageVolCreateXMLFrom, (11) virConnectDomainXMLFromNative, (12) virConnectDomainXMLToNative, (13) virSecretDefineXML, (14) virNWFilterDefineXML, (15) virDomainSnapshotCreateXML, (16) virDomainSaveImageDefineXML, (17) virDomainCreateXMLWithFiles, (18) virConnectCompareCPU, or (19) virConnectBaselineCPU API method, related to an XML External Entity (XXE) issue. NOTE: this issue was SPLIT from CVE-2014-0179 per ADT3 due to different affected versions of some vectors.Show less
CVE-2014-0179 2Opensuse Redhat 4Enterprise Linux Enterprise VirtualizationLibvirt+1 more May 6, 2026 Aug 3, 2014 N/A· v4 N/A· v3 1.9 LOW· v2 libvirt 0.7.5 through 1.2.x before 1.2.5 allows local users to cause a denial of service (read block and hang) via a crafted XML document containing an XML external entity declaration in conjunction with an entity refere...Show more libvirt 0.7.5 through 1.2.x before 1.2.5 allows local users to cause a denial of service (read block and hang) via a crafted XML document containing an XML external entity declaration in conjunction with an entity reference to the (1) virConnectCompareCPU or (2) virConnectBaselineCPU API method, related to an XML External Entity (XXE) issue. NOTE: this issue was SPLIT per ADT3 due to different affected versions of some vectors. CVE-2014-5177 is used for other API methods.Show less
CVE-2014-4987 2Opensuse Phpmyadmin 2Opensuse Phpmyadmin May 6, 2026 Jul 20, 2014 N/A· v4 N/A· v3 4.0 MEDIUM· v2 server_user_groups.php in phpMyAdmin 4.1.x before 4.1.14.2 and 4.2.x before 4.2.6 allows remote authenticated users to bypass intended access restrictions and read the MySQL user list via a viewUsers request.
CVE-2014-4943 5Debian LinuxOpensuse+2 more 6Debian Linux Enterprise Linux Server AusLinux Enterprise Desktop+3 more May 6, 2026 Jul 19, 2014 N/A· v4 N/A· v3 6.9 MEDIUM· v2 The PPPoL2TP feature in net/l2tp/l2tp_ppp.c in the Linux kernel through 3.15.6 allows local users to gain privileges by leveraging data-structure differences between an l2tp socket and an inet socket.
CVE-2014-3533 4Debian FreedesktopMageia Project+1 more 4Dbus Debian LinuxMageia+1 more May 6, 2026 Jul 19, 2014 N/A· v4 N/A· v3 2.1 LOW· v2 dbus 1.3.0 before 1.6.22 and 1.8.x before 1.8.6 allows local users to cause a denial of service (disconnect) via a certain sequence of crafted messages that cause the dbus-daemon to forward a message containing an invali...Show more dbus 1.3.0 before 1.6.22 and 1.8.x before 1.8.6 allows local users to cause a denial of service (disconnect) via a certain sequence of crafted messages that cause the dbus-daemon to forward a message containing an invalid file descriptor.Show less
CVE-2014-3532 5Debian FreedesktopMageia+2 more 5Dbus Debian LinuxMageia+2 more May 6, 2026 Jul 19, 2014 N/A· v4 N/A· v3 2.1 LOW· v2 dbus 1.3.0 before 1.6.22 and 1.8.x before 1.8.6, when running on Linux 2.6.37-rc4 or later, allows local users to cause a denial of service (system-bus disconnect of other services or applications) by sending a message c...Show more dbus 1.3.0 before 1.6.22 and 1.8.x before 1.8.6, when running on Linux 2.6.37-rc4 or later, allows local users to cause a denial of service (system-bus disconnect of other services or applications) by sending a message containing a file descriptor, then exceeding the maximum recursion depth before the initial message is forwarded.Show less
CVE-2014-3487 5Debian File ProjectOpensuse+2 more 5Debian Linux FileLinux+2 more May 6, 2026 Jul 9, 2014 N/A· v4 N/A· v3 4.3 MEDIUM· v2 The cdf_read_property_info function in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, does not properly validate a stream offset, which allows remote attackers to cause...Show more The cdf_read_property_info function in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, does not properly validate a stream offset, which allows remote attackers to cause a denial of service (application crash) via a crafted CDF file.Show less
CVE-2014-3480 5Debian File ProjectOpensuse+2 more 5Debian Linux FileLinux+2 more May 6, 2026 Jul 9, 2014 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 The cdf_count_chain function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, does not properly validate sector-count data, which allows remote attackers to ca...Show more The cdf_count_chain function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, does not properly validate sector-count data, which allows remote attackers to cause a denial of service (application crash) via a crafted CDF file.Show less
CVE-2014-3479 5Debian File ProjectOpensuse+2 more 5Debian Linux FileLinux+2 more May 6, 2026 Jul 9, 2014 N/A· v4 N/A· v3 4.3 MEDIUM· v2 The cdf_check_stream_offset function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, relies on incorrect sector-size data, which allows remote attackers to ca...Show more The cdf_check_stream_offset function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, relies on incorrect sector-size data, which allows remote attackers to cause a denial of service (application crash) via a crafted stream offset in a CDF file.Show less

Previous 1...394041...73 Next