Opensuse

opensuse

Vendor: Opensuse • 1,454 CVEs

CVEs (1,454)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2013-5211 3Ntp OpensuseOracle 3Linux NtpOpensuse Apr 29, 2026 Jan 2, 2014 N/A· v4 N/A· v3 5.0 MEDIUM· v2 The monlist feature in ntp_request.c in ntpd in NTP before 4.2.7p26 allows remote attackers to cause a denial of service (traffic amplification) via forged (1) REQ_MON_GETLIST or (2) REQ_MON_GETLIST_1 requests, as exploi...Show more The monlist feature in ntp_request.c in ntpd in NTP before 4.2.7p26 allows remote attackers to cause a denial of service (traffic amplification) via forged (1) REQ_MON_GETLIST or (2) REQ_MON_GETLIST_1 requests, as exploited in the wild in December 2013.Show less
CVE-2013-6420 3Apple OpensusePhp 3Mac Os X OpensusePhp Apr 29, 2026 Dec 17, 2013 N/A· v4 N/A· v3 7.5 HIGH· v2 The asn1_time_to_time_t function in ext/openssl/openssl.c in PHP before 5.3.28, 5.4.x before 5.4.23, and 5.5.x before 5.5.7 does not properly parse (1) notBefore and (2) notAfter timestamps in X.509 certificates, which a...Show more The asn1_time_to_time_t function in ext/openssl/openssl.c in PHP before 5.3.28, 5.4.x before 5.4.23, and 5.5.x before 5.5.7 does not properly parse (1) notBefore and (2) notAfter timestamps in X.509 certificates, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted certificate that is not properly handled by the openssl_x509_parse function.Show less
CVE-2013-4587 2Linux Opensuse 2Linux Kernel Opensuse Apr 29, 2026 Dec 14, 2013 N/A· v4 N/A· v3 7.2 HIGH· v2 Array index error in the kvm_vm_ioctl_create_vcpu function in virt/kvm/kvm_main.c in the KVM subsystem in the Linux kernel through 3.12.5 allows local users to gain privileges via a large id value.
CVE-2013-6394 2Opensuse Percona 2Opensuse Xtrabackup Apr 29, 2026 Dec 13, 2013 N/A· v4 N/A· v3 2.1 LOW· v2 Percona XtraBackup before 2.1.6 uses a constant string for the initialization vector (IV), which makes it easier for local users to defeat cryptographic protection mechanisms and conduct plaintext attacks.
CVE-2013-0348 5Acme FedoraprojectGentoo+2 more 5Fedora LinuxOpensuse+2 more Apr 29, 2026 Dec 13, 2013 N/A· v4 N/A· v3 2.1 LOW· v2 thttpd.c in sthttpd before 2.26.4-r2 and thttpd 2.25b use world-readable permissions for /var/log/thttpd.log, which allows local users to obtain sensitive information by reading the file.
CVE-2013-6673 5Canonical FedoraprojectMozilla+2 more 9Fedora FirefoxLinux Enterprise Desktop+6 more Apr 29, 2026 Dec 11, 2013 N/A· v4 5.9 MEDIUM· v3 4.3 MEDIUM· v2 Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 do not recognize a user's removal of trust from an EV X.509 certificate, which makes it easier for man-in-the-...Show more Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 do not recognize a user's removal of trust from an EV X.509 certificate, which makes it easier for man-in-the-middle attackers to spoof SSL servers in opportunistic circumstances via a valid certificate that is unacceptable to the user.Show less
CVE-2013-6672 6Canonical FedoraprojectMozilla+3 more 9Fedora FirefoxLinux Enterprise Desktop+6 more Apr 29, 2026 Dec 11, 2013 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Mozilla Firefox before 26.0 and SeaMonkey before 2.23 on Linux allow user-assisted remote attackers to read clipboard data by leveraging certain middle-click paste operations.
CVE-2013-6671 6Canonical FedoraprojectMozilla+3 more 16Enterprise Linux Desktop Enterprise Linux EusEnterprise Linux Server+13 more Apr 29, 2026 Dec 11, 2013 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 The nsGfxScrollFrameInner::IsLTR function in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary code via crafted use...Show more The nsGfxScrollFrameInner::IsLTR function in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary code via crafted use of JavaScript code for ordered list elements.Show less
CVE-2013-5619 6Canonical FedoraprojectMozilla+3 more 9Fedora FirefoxLinux Enterprise Desktop+6 more Apr 29, 2026 Dec 11, 2013 N/A· v4 N/A· v3 7.5 HIGH· v2 Multiple integer overflows in the binary-search implementation in SpiderMonkey in Mozilla Firefox before 26.0 and SeaMonkey before 2.23 might allow remote attackers to cause a denial of service (out-of-bounds array acces...Show more Multiple integer overflows in the binary-search implementation in SpiderMonkey in Mozilla Firefox before 26.0 and SeaMonkey before 2.23 might allow remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted JavaScript code.Show less
CVE-2013-5618 6Canonical FedoraprojectMozilla+3 more 16Enterprise Linux Desktop Enterprise Linux EusEnterprise Linux Server+13 more Apr 29, 2026 Dec 11, 2013 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 Use-after-free vulnerability in the nsNodeUtils::LastRelease function in the table-editing user interface in the editor component in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and...Show more Use-after-free vulnerability in the nsNodeUtils::LastRelease function in the table-editing user interface in the editor component in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary code by triggering improper garbage collection.Show less
CVE-2013-5616 6Canonical FedoraprojectMozilla+3 more 16Enterprise Linux Desktop Enterprise Linux EusEnterprise Linux Server+13 more Apr 29, 2026 Dec 11, 2013 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Use-after-free vulnerability in the nsEventListenerManager::HandleEventSubType function in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attac...Show more Use-after-free vulnerability in the nsEventListenerManager::HandleEventSubType function in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors related to mListeners event listeners.Show less
CVE-2013-5615 5Canonical FedoraprojectMozilla+2 more 9Fedora FirefoxOpensuse+6 more Apr 29, 2026 Dec 11, 2013 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 The JavaScript implementation in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 does not properly enforce certain typeset restrictions on the generation of G...Show more The JavaScript implementation in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 does not properly enforce certain typeset restrictions on the generation of GetElementIC typed array stubs, which has unspecified impact and remote attack vectors.Show less
CVE-2013-5614 7Canonical FedoraprojectMozilla+4 more 16Enterprise Linux Desktop Enterprise Linux EusEnterprise Linux Server+13 more Apr 29, 2026 Dec 11, 2013 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Mozilla Firefox before 26.0 and SeaMonkey before 2.23 do not properly consider the sandbox attribute of an IFRAME element during processing of a contained OBJECT element, which allows remote attackers to bypass intended...Show more Mozilla Firefox before 26.0 and SeaMonkey before 2.23 do not properly consider the sandbox attribute of an IFRAME element during processing of a contained OBJECT element, which allows remote attackers to bypass intended sandbox restrictions via a crafted web site.Show less
CVE-2013-5613 6Canonical FedoraprojectMozilla+3 more 16Enterprise Linux Desktop Enterprise Linux EusEnterprise Linux Server+13 more Apr 29, 2026 Dec 11, 2013 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 Use-after-free vulnerability in the PresShell::DispatchSynthMouseMove function in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to e...Show more Use-after-free vulnerability in the PresShell::DispatchSynthMouseMove function in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors involving synthetic mouse movement, related to the RestyleManager::GetHoverGeneration function.Show less
CVE-2013-5612 7Canonical FedoraprojectMozilla+4 more 16Enterprise Linux Desktop Enterprise Linux EusEnterprise Linux Server+13 more Apr 29, 2026 Dec 11, 2013 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 26.0 and SeaMonkey before 2.23 makes it easier for remote attackers to inject arbitrary web script or HTML by leveraging a Same Origin Policy violation t...Show more Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 26.0 and SeaMonkey before 2.23 makes it easier for remote attackers to inject arbitrary web script or HTML by leveraging a Same Origin Policy violation triggered by lack of a charset parameter in a Content-Type HTTP header.Show less
CVE-2013-5611 7Canonical FedoraprojectMozilla+4 more 9Fedora FirefoxLinux Enterprise Desktop+6 more Apr 29, 2026 Dec 11, 2013 N/A· v4 N/A· v3 5.8 MEDIUM· v2 Mozilla Firefox before 26.0 does not properly remove the Application Installation doorhanger, which makes it easier for remote attackers to spoof a Web App installation site by controlling the timing of page navigation.
CVE-2013-5610 6Canonical FedoraprojectMozilla+3 more 9Fedora FirefoxLinux Enterprise Desktop+6 more Apr 29, 2026 Dec 11, 2013 N/A· v4 N/A· v3 10.0 HIGH· v2 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 26.0 and SeaMonkey before 2.23 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibl...Show more Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 26.0 and SeaMonkey before 2.23 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.Show less
CVE-2013-5609 6Canonical FedoraprojectMozilla+3 more 16Enterprise Linux Desktop Enterprise Linux EusEnterprise Linux Server+13 more Apr 29, 2026 Dec 11, 2013 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allow remote attackers to cause a denial of serv...Show more Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.Show less
CVE-2013-1090 1Opensuse 1Opensuse Apr 29, 2026 Dec 6, 2013 N/A· v4 N/A· v3 7.2 HIGH· v2 The SUSE horde5 package before 5.0.2-2.4.1 sets incorrect ownership for certain configuration files and directories including /etc/apache2/vhosts.d, which allows local wwwrun users to gain privileges via unspecified vect...Show more The SUSE horde5 package before 5.0.2-2.4.1 sets incorrect ownership for certain configuration files and directories including /etc/apache2/vhosts.d, which allows local wwwrun users to gain privileges via unspecified vectors.Show less
CVE-2012-0427 1Opensuse 1Opensuse Apr 29, 2026 Dec 2, 2013 N/A· v4 N/A· v3 7.2 HIGH· v2 yast2-add-on-creator in SUSE inst-source-utils 2008.11.26 before 2008.11.26-0.9.1 and 2012.9.13 before 2012.9.13-0.8.1 allows local users to gain privileges via a crafted (1) file name or (2) directory name.

Previous 1...464748...73 Next