Opensuse

opensuse

Vendor: Opensuse • 1,454 CVEs

CVEs (1,454)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2012-0425 1Opensuse 1Opensuse Apr 29, 2026 Dec 2, 2013 N/A· v4 N/A· v3 7.8 HIGH· v2 LanItems.ycp in save_y2logs in yast2-network before 2.24.4 in SUSE YaST writes cleartext Wi-Fi credentials to the y2log log file, which allows context-dependent attackers to obtain sensitive information by reading the (1...Show more LanItems.ycp in save_y2logs in yast2-network before 2.24.4 in SUSE YaST writes cleartext Wi-Fi credentials to the y2log log file, which allows context-dependent attackers to obtain sensitive information by reading the (1) WIRELESS_WPA_PASSWORD or (2) WIRELESS_CLIENT_KEY_PASSWORD field.Show less
CVE-2013-6712 5Apple CanonicalDebian+2 more 5Debian Linux Mac Os XOpensuse+2 more Apr 29, 2026 Nov 28, 2013 N/A· v4 N/A· v3 5.0 MEDIUM· v2 The scan function in ext/date/lib/parse_iso_intervals.c in PHP through 5.5.6 does not properly restrict creation of DateInterval objects, which might allow remote attackers to cause a denial of service (heap-based buffer...Show more The scan function in ext/date/lib/parse_iso_intervals.c in PHP through 5.5.6 does not properly restrict creation of DateInterval objects, which might allow remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted interval specification.Show less
CVE-2013-4509 2Ibus Project Opensuse 2Ibus Opensuse Apr 29, 2026 Nov 23, 2013 N/A· v4 N/A· v3 1.9 LOW· v2 The default configuration of IBUS 1.5.4, and possibly 1.5.2 and earlier, when IBus.InputPurpose.PASSWORD is not set and used with GNOME 3, does not obscure the entered password characters, which allows physically proxima...Show more The default configuration of IBUS 1.5.4, and possibly 1.5.2 and earlier, when IBus.InputPurpose.PASSWORD is not set and used with GNOME 3, does not obscure the entered password characters, which allows physically proximate attackers to obtain a user password by reading the lockscreen.Show less
CVE-2013-4547 3F5 OpensuseSuse 5Lifecycle Management Server NginxOpensuse+2 more Apr 29, 2026 Nov 23, 2013 N/A· v4 N/A· v3 7.5 HIGH· v2 nginx 0.8.41 through 1.4.3 and 1.5.x before 1.5.7 allows remote attackers to bypass intended restrictions via an unescaped space character in a URI.
CVE-2013-0223 2Opensuse Redhat 2Enterprise Linux Opensuse Apr 29, 2026 Nov 23, 2013 N/A· v4 N/A· v3 1.9 LOW· v2 The SUSE coreutils-i18n.patch for GNU coreutils allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a long string to the join command, when using the -i switch, which trigge...Show more The SUSE coreutils-i18n.patch for GNU coreutils allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a long string to the join command, when using the -i switch, which triggers a stack-based buffer overflow in the alloca function.Show less
CVE-2013-0222 2Opensuse Redhat 2Enterprise Linux Opensuse Apr 29, 2026 Nov 23, 2013 N/A· v4 N/A· v3 2.1 LOW· v2 The SUSE coreutils-i18n.patch for GNU coreutils allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a long string to the uniq command, which triggers a stack-based buffer ov...Show more The SUSE coreutils-i18n.patch for GNU coreutils allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a long string to the uniq command, which triggers a stack-based buffer overflow in the alloca function.Show less
CVE-2013-0221 2Opensuse Redhat 2Enterprise Linux Opensuse Apr 29, 2026 Nov 23, 2013 N/A· v4 N/A· v3 4.3 MEDIUM· v2 The SUSE coreutils-i18n.patch for GNU coreutils allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a long string to the sort command, when using the (1) -d or (2) -M switch...Show more The SUSE coreutils-i18n.patch for GNU coreutils allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a long string to the sort command, when using the (1) -d or (2) -M switch, which triggers a stack-based buffer overflow in the alloca function.Show less
CVE-2013-6858 3Canonical OpenstackOpensuse 3Horizon OpensuseUbuntu Linux Apr 29, 2026 Nov 23, 2013 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Multiple cross-site scripting (XSS) vulnerabilities in OpenStack Dashboard (Horizon) 2013.2 and earlier allow local users to inject arbitrary web script or HTML via an instance name to (1) "Volumes" or (2) "Network Topol...Show more Multiple cross-site scripting (XSS) vulnerabilities in OpenStack Dashboard (Horizon) 2013.2 and earlier allow local users to inject arbitrary web script or HTML via an instance name to (1) "Volumes" or (2) "Network Topology" page.Show less
CVE-2013-6375 2Opensuse Xen 2Opensuse Xen Apr 29, 2026 Nov 23, 2013 N/A· v4 N/A· v3 7.9 HIGH· v2 Xen 4.2.x and 4.3.x, when using Intel VT-d for PCI passthrough, does not properly flush the TLB after clearing a present translation table entry, which allows local guest administrators to cause a denial of service or ga...Show more Xen 4.2.x and 4.3.x, when using Intel VT-d for PCI passthrough, does not properly flush the TLB after clearing a present translation table entry, which allows local guest administrators to cause a denial of service or gain privileges via unspecified vectors related to an "inverted boolean parameter."Show less
CVE-2013-4560 3Debian LighttpdOpensuse 3Debian Linux LighttpdOpensuse Apr 29, 2026 Nov 20, 2013 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Use-after-free vulnerability in lighttpd before 1.4.33 allows remote attackers to cause a denial of service (segmentation fault and crash) via unspecified vectors that trigger FAMMonitorDirectory failures.
CVE-2013-4559 3Debian LighttpdOpensuse 3Debian Linux LighttpdOpensuse Apr 29, 2026 Nov 20, 2013 N/A· v4 N/A· v3 7.6 HIGH· v2 lighttpd before 1.4.33 does not check the return value of the (1) setuid, (2) setgid, or (3) setgroups functions, which might cause lighttpd to run as root if it is restarted and allows remote attackers to gain privilege...Show more lighttpd before 1.4.33 does not check the return value of the (1) setuid, (2) setgid, or (3) setgroups functions, which might cause lighttpd to run as root if it is restarted and allows remote attackers to gain privileges, as demonstrated by multiple calls to the clone function that cause setuid to fail when the user process limit is reached.Show less
CVE-2013-4487 2Gnu Opensuse 2Gnutls Opensuse Apr 29, 2026 Nov 20, 2013 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Off-by-one error in the dane_raw_tlsa in the DANE library (libdane) in GnuTLS 3.1.x before 3.1.16 and 3.2.x before 3.2.6 allows remote servers to cause a denial of service (memory corruption) via a response with more tha...Show more Off-by-one error in the dane_raw_tlsa in the DANE library (libdane) in GnuTLS 3.1.x before 3.1.16 and 3.2.x before 3.2.6 allows remote servers to cause a denial of service (memory corruption) via a response with more than four DANE entries. NOTE: this issue is due to an incomplete fix for CVE-2013-4466.Show less
CVE-2013-6629 9Artifex CanonicalDebian+6 more 11Chrome Debian LinuxFedora+8 more Apr 29, 2026 Nov 19, 2013 N/A· v4 N/A· v3 5.0 MEDIUM· v2 The get_sos function in jdmarker.c in (1) libjpeg 6b and (2) libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48, Ghostscript, and other products, does not check for certain duplications of componen...Show more The get_sos function in jdmarker.c in (1) libjpeg 6b and (2) libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48, Ghostscript, and other products, does not check for certain duplications of component data during the reading of segments that follow Start Of Scan (SOS) JPEG markers, which allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted JPEG image.Show less
CVE-2013-1418 3Debian MitOpensuse 3Debian Linux Kerberos 5Opensuse Apr 29, 2026 Nov 18, 2013 N/A· v4 N/A· v3 4.3 MEDIUM· v2 The setup_server_realm function in main.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.7, when multiple realms are configured, allows remote attackers to cause a denial of service (NULL p...Show more The setup_server_realm function in main.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.7, when multiple realms are configured, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request.Show less
CVE-2013-2061 2Opensuse Openvpn 3Opensuse OpenvpnOpenvpn Access Server Apr 29, 2026 Nov 18, 2013 N/A· v4 N/A· v3 2.6 LOW· v2 The openvpn_decrypt function in crypto.c in OpenVPN 2.3.0 and earlier, when running in UDP mode, allows remote attackers to obtain sensitive information via a timing attack involving an HMAC comparison function that does...Show more The openvpn_decrypt function in crypto.c in OpenVPN 2.3.0 and earlier, when running in UDP mode, allows remote attackers to obtain sensitive information via a timing attack involving an HMAC comparison function that does not run in constant time and a padding oracle attack on the CBC mode cipher.Show less
CVE-2013-6621 3Debian GoogleOpensuse 3Chrome Debian LinuxOpensuse Apr 29, 2026 Nov 13, 2013 N/A· v4 N/A· v3 7.5 HIGH· v2 Use-after-free vulnerability in Google Chrome before 31.0.1650.48 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the x-webkit-speech attribute in a t...Show more Use-after-free vulnerability in Google Chrome before 31.0.1650.48 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the x-webkit-speech attribute in a text INPUT element.Show less
CVE-2013-4508 3Debian LighttpdOpensuse 3Debian Linux LighttpdOpensuse Apr 29, 2026 Nov 8, 2013 N/A· v4 7.5 HIGH· v3 4.3 MEDIUM· v2 lighttpd before 1.4.34, when SNI is enabled, configures weak SSL ciphers, which makes it easier for remote attackers to hijack sessions by inserting packets into the client-server data stream or obtain sensitive informat...Show more lighttpd before 1.4.34, when SNI is enabled, configures weak SSL ciphers, which makes it easier for remote attackers to hijack sessions by inserting packets into the client-server data stream or obtain sensitive information by sniffing the network.Show less
CVE-2013-2065 2Opensuse Ruby Lang 2Opensuse Ruby Apr 29, 2026 Nov 2, 2013 N/A· v4 N/A· v3 6.4 MEDIUM· v2 (1) DL and (2) Fiddle in Ruby 1.9 before 1.9.3 patchlevel 426, and 2.0 before 2.0.0 patchlevel 195, do not perform taint checking for native functions, which allows context-dependent attackers to bypass intended $SAFE le...Show more (1) DL and (2) Fiddle in Ruby 1.9 before 1.9.3 patchlevel 426, and 2.0 before 2.0.0 patchlevel 195, do not perform taint checking for native functions, which allows context-dependent attackers to bypass intended $SAFE level restrictions.Show less
CVE-2012-6303 2Kth Opensuse 3Opensuse Snack Sound ToolkitWavesurfer Apr 29, 2026 Oct 28, 2013 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Heap-based buffer overflow in the GetWavHeader function in generic/jkSoundFile.c in the Snack Sound Toolkit, as used in WaveSurfer 1.8.8p4, allows remote attackers to cause a denial of service (crash) and possibly execut...Show more Heap-based buffer overflow in the GetWavHeader function in generic/jkSoundFile.c in the Snack Sound Toolkit, as used in WaveSurfer 1.8.8p4, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large chunk size in a WAV file.Show less
CVE-2013-4885 2Nmap Opensuse 2Nmap Opensuse Apr 29, 2026 Oct 26, 2013 N/A· v4 N/A· v3 6.8 MEDIUM· v2 The http-domino-enum-passwords.nse script in NMap before 6.40, when domino-enum-passwords.idpath is set, allows remote servers to upload "arbitrarily named" files via a crafted FullName parameter in a response, as demons...Show more The http-domino-enum-passwords.nse script in NMap before 6.40, when domino-enum-passwords.idpath is set, allows remote servers to upload "arbitrarily named" files via a crafted FullName parameter in a response, as demonstrated using directory traversal sequences.Show less

Previous 1...474849...73 Next