Opensuse

opensuse

Vendor: Opensuse • 1,454 CVEs

CVEs (1,454)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2014-0207 5Christos Zoulas DebianOpensuse+2 more 5Debian Linux FileLinux+2 more May 6, 2026 Jul 9, 2014 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 The cdf_read_short_sector function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, allows remote attackers to cause a denial of service (assertion failure and...Show more The cdf_read_short_sector function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted CDF file.Show less
CVE-2014-0247 5Canonical FedoraprojectLibreoffice+2 more 7Enterprise Linux Desktop Enterprise Linux ServerEnterprise Linux Workstation+4 more May 6, 2026 Jul 3, 2014 N/A· v4 N/A· v3 10.0 HIGH· v2 LibreOffice 4.2.4 executes unspecified VBA macros automatically, which has unspecified impact and attack vectors, possibly related to doc/docmacromode.cxx.
CVE-2014-4002 2Cacti Opensuse 2Cacti Opensuse May 6, 2026 Jul 3, 2014 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.8b allow remote attackers to inject arbitrary web script or HTML via the (1) drp_action parameter to cdef.php, (2) data_input.php, (3) data_queries.php, (4...Show more Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.8b allow remote attackers to inject arbitrary web script or HTML via the (1) drp_action parameter to cdef.php, (2) data_input.php, (3) data_queries.php, (4) data_sources.php, (5) data_templates.php, (6) graph_templates.php, (7) graphs.php, (8) host.php, or (9) host_templates.php or the (10) graph_template_input_id or (11) graph_template_id parameter to graph_templates_inputs.php.Show less
CVE-2014-4608 4Canonical LinuxOpensuse+1 more 5Linux Enterprise Real Time Extension Linux Enterprise ServerLinux Kernel+2 more May 6, 2026 Jul 3, 2014 N/A· v4 7.3 HIGH· v3 7.5 HIGH· v2 Multiple integer overflows in the lzo1x_decompress_safe function in lib/lzo/lzo1x_decompress_safe.c in the LZO decompressor in the Linux kernel before 3.15.2 allow context-dependent attackers to cause a denial of service...Show more Multiple integer overflows in the lzo1x_decompress_safe function in lib/lzo/lzo1x_decompress_safe.c in the LZO decompressor in the Linux kernel before 3.15.2 allow context-dependent attackers to cause a denial of service (memory corruption) via a crafted Literal Run. NOTE: the author of the LZO algorithms says "the Linux kernel is not affected; media hype.Show less
CVE-2014-3494 2Kde Opensuse 2Kdelibs Opensuse May 6, 2026 Jul 1, 2014 N/A· v4 N/A· v3 4.3 MEDIUM· v2 kio/usernotificationhandler.cpp in the POP3 kioslave in kdelibs 4.10.95 before 4.13.3 does not properly generate warning notifications, which allows man-in-the-middle attackers to obtain sensitive information via an inva...Show more kio/usernotificationhandler.cpp in the POP3 kioslave in kdelibs 4.10.95 before 4.13.3 does not properly generate warning notifications, which allows man-in-the-middle attackers to obtain sensitive information via an invalid certificate.Show less
CVE-2014-4617 3Debian GnupgOpensuse 3Debian Linux GnupgOpensuse May 6, 2026 Jun 25, 2014 N/A· v4 N/A· v3 5.0 MEDIUM· v2 The do_uncompress function in g10/compress.c in GnuPG 1.x before 1.4.17 and 2.x before 2.0.24 allows context-dependent attackers to cause a denial of service (infinite loop) via malformed compressed packets, as demonstra...Show more The do_uncompress function in g10/compress.c in GnuPG 1.x before 1.4.17 and 2.x before 2.0.24 allows context-dependent attackers to cause a denial of service (infinite loop) via malformed compressed packets, as demonstrated by an a3 01 5b ff byte sequence.Show less
CVE-2014-4049 3Debian OpensusePhp 3Debian Linux OpensusePhp May 6, 2026 Jun 18, 2014 N/A· v4 N/A· v3 5.1 MEDIUM· v2 Heap-based buffer overflow in the php_parserr function in ext/standard/dns.c in PHP 5.6.0beta4 and earlier allows remote servers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted DNS...Show more Heap-based buffer overflow in the php_parserr function in ext/standard/dns.c in PHP 5.6.0beta4 and earlier allows remote servers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted DNS TXT record, related to the dns_get_record function.Show less
CVE-2014-4165 2Ntop Opensuse 2Ntop Opensuse May 6, 2026 Jun 16, 2014 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Cross-site scripting (XSS) vulnerability in ntop allows remote attackers to inject arbitrary web script or HTML via the title parameter in a list action to plugins/rrdPlugin.
CVE-2014-3004 3Castor Project OpensuseOpensuse Project 3Castor OpensuseOpensuse May 6, 2026 Jun 11, 2014 N/A· v4 N/A· v3 4.3 MEDIUM· v2 The default configuration for the Xerces SAX Parser in Castor before 1.3.3 allows context-dependent attackers to conduct XML External Entity (XXE) attacks via a crafted XML document.
CVE-2014-2978 3Directfb OpensuseSuse 6Directfb Linux Enterprise DesktopLinux Enterprise Software Development Kit+3 more May 6, 2026 Jun 11, 2014 N/A· v4 N/A· v3 10.0 HIGH· v2 The Dispatch_Write function in proxy/dispatcher/idirectfbsurface_dispatcher.c in DirectFB 1.4.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the Voodoo interface, w...Show more The Dispatch_Write function in proxy/dispatcher/idirectfbsurface_dispatcher.c in DirectFB 1.4.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the Voodoo interface, which triggers an out-of-bounds write.Show less
CVE-2014-2977 3Directfb OpensuseSuse 6Directfb Linux Enterprise DesktopLinux Enterprise Software Development Kit+3 more May 6, 2026 Jun 11, 2014 N/A· v4 N/A· v3 10.0 HIGH· v2 Multiple integer signedness errors in the Dispatch_Write function in proxy/dispatcher/idirectfbsurface_dispatcher.c in DirectFB 1.4.13 allow remote attackers to cause a denial of service (crash) and possibly execute arbi...Show more Multiple integer signedness errors in the Dispatch_Write function in proxy/dispatcher/idirectfbsurface_dispatcher.c in DirectFB 1.4.13 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the Voodoo interface, which triggers a stack-based buffer overflow.Show less
CVE-2014-1542 4Mozilla OpensuseOpensuse Project+1 more 4Firefox OpensuseOpensuse+1 more May 6, 2026 Jun 11, 2014 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Buffer overflow in the Speex resampler in the Web Audio subsystem in Mozilla Firefox before 30.0 allows remote attackers to execute arbitrary code via vectors related to a crafted AudioBuffer channel count and sample rat...Show more Buffer overflow in the Speex resampler in the Web Audio subsystem in Mozilla Firefox before 30.0 allows remote attackers to execute arbitrary code via vectors related to a crafted AudioBuffer channel count and sample rate.Show less
CVE-2014-3153 6Canonical LinuxOpensuse+3 more 9Enterprise Linux Server Aus LinuxLinux Enterprise Desktop+6 more Apr 21, 2026 Jun 7, 2014 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 The futex_requeue function in kernel/futex.c in the Linux kernel through 3.14.5 does not ensure that calls have two different futex addresses, which allows local users to gain privileges via a crafted FUTEX_REQUEUE comma...Show more The futex_requeue function in kernel/futex.c in the Linux kernel through 3.14.5 does not ensure that calls have two different futex addresses, which allows local users to gain privileges via a crafted FUTEX_REQUEUE command that facilitates unsafe waiter modification.Show less
CVE-2014-3470 6Fedoraproject MariadbOpenssl+3 more 11Enterprise Linux FedoraLeap+8 more May 6, 2026 Jun 5, 2014 N/A· v4 N/A· v3 4.3 MEDIUM· v2 The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h, when an anonymous ECDH cipher suite is used, allows remote attackers to cause a denial of s...Show more The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h, when an anonymous ECDH cipher suite is used, allows remote attackers to cause a denial of service (NULL pointer dereference and client crash) by triggering a NULL certificate value.Show less
CVE-2014-0224 9Fedoraproject Filezilla ProjectMariadb+6 more 16Application Processing Engine Firmware Cp1543 1 FirmwareEnterprise Linux+13 more May 6, 2026 Jun 5, 2014 N/A· v4 7.4 HIGH· v3 5.8 MEDIUM· v2 OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key...Show more OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the "CCS Injection" vulnerability.Show less
CVE-2014-0221 6Fedoraproject MariadbOpenssl+3 more 11Enterprise Linux FedoraLeap+8 more May 6, 2026 Jun 5, 2014 N/A· v4 N/A· v3 4.3 MEDIUM· v2 The dtls1_get_message_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote attackers to cause a denial of service (recursion and client crash) via a DTLS he...Show more The dtls1_get_message_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote attackers to cause a denial of service (recursion and client crash) via a DTLS hello message in an invalid DTLS handshake.Show less
CVE-2014-0195 4Fedoraproject MariadbOpenssl+1 more 5Fedora LeapMariadb+2 more May 6, 2026 Jun 5, 2014 N/A· v4 N/A· v3 6.8 MEDIUM· v2 The dtls1_reassemble_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly validate fragment lengths in DTLS ClientHello messages, which allows remote at...Show more The dtls1_reassemble_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly validate fragment lengths in DTLS ClientHello messages, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a long non-initial fragment.Show less
CVE-2014-3968 2Opensuse Xen 2Opensuse Xen May 6, 2026 Jun 5, 2014 N/A· v4 N/A· v3 5.5 MEDIUM· v2 The HVMOP_inject_msi function in Xen 4.2.x, 4.3.x, and 4.4.x allows local guest HVM administrators to cause a denial of service (host crash) via a large number of crafted requests, which trigger an error messages to be l...Show more The HVMOP_inject_msi function in Xen 4.2.x, 4.3.x, and 4.4.x allows local guest HVM administrators to cause a denial of service (host crash) via a large number of crafted requests, which trigger an error messages to be logged.Show less
CVE-2014-3967 2Opensuse Xen 2Opensuse Xen May 6, 2026 Jun 5, 2014 N/A· v4 N/A· v3 5.5 MEDIUM· v2 The HVMOP_inject_msi function in Xen 4.2.x, 4.3.x, and 4.4.x does not properly check the return value from the IRQ setup check, which allows local HVM guest administrators to cause a denial of service (NULL pointer deref...Show more The HVMOP_inject_msi function in Xen 4.2.x, 4.3.x, and 4.4.x does not properly check the return value from the IRQ setup check, which allows local HVM guest administrators to cause a denial of service (NULL pointer dereference and crash) via unspecified vectors.Show less
CVE-2011-2198 3Gnome OpensuseOracle 3Gnome Terminal OpensuseSolaris May 6, 2026 May 21, 2014 N/A· v4 N/A· v3 3.5 LOW· v2 The "insert-blank-characters" capability in caps.c in gnome-terminal (vte) before 0.28.1 allows remote authenticated users to cause a denial of service (CPU and memory consumption and crash) via a crafted file, as demons...Show more The "insert-blank-characters" capability in caps.c in gnome-terminal (vte) before 0.28.1 allows remote authenticated users to cause a denial of service (CPU and memory consumption and crash) via a crafted file, as demonstrated by a file containing the string "\033[100000000000000000@".Show less

Previous 1...404142...73 Next