← Back

Opensuse

opensuse

3,271 CVEs • 50 products

Products (50)

Click to collapse
Toggle
Leap
leap
1,898 CVEs
Opensuse
opensuse
1,454 CVEs
Backports Sle
backports_sle
326 CVEs
Backports
backports
97 CVEs
Evergreen
evergreen
43 CVEs
Open Build Service
open_build_service
22 CVEs
Libsolv
libsolv
13 CVEs
Factory
factory
10 CVEs
Supportutils
supportutils
6 CVEs
Libzypp
libzypp
5 CVEs
Tumbleweed
tumbleweed
4 CVEs
Zypper
zypper
3 CVEs
Openldap2
openldap2
3 CVEs
Osc
osc
2 CVEs
Suse Linux Enterprise Server
suse_linux_enterprise_server
2 CVEs
Cryptctl
cryptctl
2 CVEs
Munge
munge
2 CVEs
Wicked
wicked
2 CVEs
Pcp
pcp
2 CVEs
Texlive Filesystem
texlive-filesystem
2 CVEs
Rmt Server
rmt-server
2 CVEs
Cscreen
cscreen
2 CVEs
Libeconf
libeconf
2 CVEs
Openstack Cloud
openstack_cloud
1 CVE
Libstorage
libstorage
1 CVE
Libstorage Ng
libstorage-ng
1 CVE
Obs Service Source Validator
obs-service-source_validator
1 CVE
Open Buildservice
open_buildservice
1 CVE
Sysconfig
sysconfig
1 CVE
Tar Scm
tar_scm
1 CVE
Package Hub
package_hub
1 CVE
Yast2 Multipath
yast2-multipath
1 CVE
Yast2 Samba Provision
yast2-samba-provision
1 CVE
Yast2 Printer
yast2-printer
1 CVE
Munin
munin
1 CVE
Suse Package Hub
suse_package_hub
1 CVE
Autoyast2
autoyast2
1 CVE
Hylafax+
hylafax+
1 CVE
Tumbleweed Kopano Spamd
tumbleweed_kopano-spamd
1 CVE
Cyrus Sasl
cyrus-sasl
1 CVE
Python Postorius
python-postorius
1 CVE
Inn
inn
1 CVE
Factory Watchman
factory_watchman
1 CVE
Canna
canna
1 CVE
Leap Micro
leap_micro
1 CVE
Travel Support Program
travel_support_program
1 CVE
Libzypp Plugin Appdata
libzypp-plugin-appdata
1 CVE
Paste
paste
1 CVE
Welcome
welcome
1 CVE
Mirrorcache
mirrorcache
1 CVE

CVEs (3,271)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2018-19364
5Canonical
DebianFedoraproject+2 more
5Debian Linux
FedoraLeap+2 more
Nov 21, 2024
Dec 13, 2018
N/A· v4
5.5 MEDIUM· v3
2.1 LOW· v2
hw/9pfs/cofile.c and hw/9pfs/9p.c in QEMU can modify an fid path while it is being accessed by a second thread, leading to (for example) a use-after-free outcome.
CVE-2018-18356
5Canonical
DebianGoogle+2 more
10Chrome
Debian LinuxEnterprise Linux Desktop+7 more
Nov 21, 2024
Dec 11, 2018
N/A· v4
8.8 HIGH· v3
6.8 MEDIUM· v2
An integer overflow in path handling lead to a use after free in Skia in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2018-18335
4Debian
GoogleOpensuse+1 more
6Chrome
Debian LinuxEnterprise Linux Desktop+3 more
Nov 21, 2024
Dec 11, 2018
N/A· v4
8.8 HIGH· v3
6.8 MEDIUM· v2
Heap buffer overflow in Skia in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2018-19665
2Opensuse
Qemu
2Leap
Qemu
Nov 21, 2024
Dec 6, 2018
N/A· v4
5.7 MEDIUM· v3
2.7 LOW· v2
The Bluetooth subsystem in QEMU mishandles negative values for length variables, leading to memory corruption.
CVE-2018-19865
2Opensuse
Qt
2Leap
Qt
Nov 21, 2024
Dec 5, 2018
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
A keystroke logging issue was discovered in Virtual Keyboard in Qt 5.7.x, 5.8.x, 5.9.x, 5.10.x, and 5.11.x before 5.11.3.
CVE-2018-19841
5Canonical
DebianFedoraproject+2 more
5Debian Linux
FedoraLeap+2 more
Nov 21, 2024
Dec 4, 2018
N/A· v4
5.5 MEDIUM· v3
4.3 MEDIUM· v2
The function WavpackVerifySingleBlock in open_utils.c in libwavpack.a in WavPack through 5.1.0 allows attackers to cause a denial-of-service (out-of-bounds read and application crash) via a crafted WavPack Lossless Audio...Show more
The function WavpackVerifySingleBlock in open_utils.c in libwavpack.a in WavPack through 5.1.0 allows attackers to cause a denial-of-service (out-of-bounds read and application crash) via a crafted WavPack Lossless Audio file, as demonstrated by wvunpack.Show less
CVE-2018-19840
4Canonical
FedoraprojectOpensuse+1 more
4Fedora
LeapUbuntu Linux+1 more
Nov 21, 2024
Dec 4, 2018
N/A· v4
5.5 MEDIUM· v3
4.3 MEDIUM· v2
The function WavpackPackInit in pack_utils.c in libwavpack.a in WavPack through 5.1.0 allows attackers to cause a denial-of-service (resource exhaustion caused by an infinite loop) via a crafted wav audio file because Wa...Show more
The function WavpackPackInit in pack_utils.c in libwavpack.a in WavPack through 5.1.0 allows attackers to cause a denial-of-service (resource exhaustion caused by an infinite loop) via a crafted wav audio file because WavpackSetConfiguration64 mishandles a sample rate of zero.Show less
CVE-2018-19542
5Canonical
DebianJasper Project+2 more
6Debian Linux
JasperLeap+3 more
Nov 21, 2024
Nov 26, 2018
N/A· v4
6.5 MEDIUM· v3
4.3 MEDIUM· v2
An issue was discovered in JasPer 2.0.14. There is a NULL pointer dereference in the function jp2_decode in libjasper/jp2/jp2_dec.c, leading to a denial of service.
CVE-2018-19539
4Debian
Jasper ProjectOpensuse+1 more
5Debian Linux
JasperLeap+2 more
Nov 21, 2024
Nov 26, 2018
N/A· v4
6.5 MEDIUM· v3
4.3 MEDIUM· v2
An issue was discovered in JasPer 2.0.14. There is an access violation in the function jas_image_readcmpt in libjasper/base/jas_image.c, leading to a denial of service.
CVE-2018-19492
3Debian
GnuplotOpensuse
3Debian Linux
GnuplotLeap
Nov 21, 2024
Nov 23, 2018
N/A· v4
7.8 HIGH· v3
6.8 MEDIUM· v2
An issue was discovered in cairo.trm in Gnuplot 5.2.5. This issue allows an attacker to conduct a buffer overflow with an arbitrary amount of data in the cairotrm_options function. This flaw is caused by a missing size c...Show more
An issue was discovered in cairo.trm in Gnuplot 5.2.5. This issue allows an attacker to conduct a buffer overflow with an arbitrary amount of data in the cairotrm_options function. This flaw is caused by a missing size check of an argument passed to the "set font" function. This issue occurs when the Gnuplot pngcairo terminal is used as a backend.Show less
CVE-2018-19491
3Debian
GnuplotOpensuse
3Debian Linux
GnuplotLeap
Nov 21, 2024
Nov 23, 2018
N/A· v4
7.8 HIGH· v3
6.8 MEDIUM· v2
An issue was discovered in post.trm in Gnuplot 5.2.5. This issue allows an attacker to conduct a buffer overflow with an arbitrary amount of data in the PS_options function. This flaw is caused by a missing size check of...Show more
An issue was discovered in post.trm in Gnuplot 5.2.5. This issue allows an attacker to conduct a buffer overflow with an arbitrary amount of data in the PS_options function. This flaw is caused by a missing size check of an argument passed to the "set font" function. This issue occurs when the Gnuplot postscript terminal is used as a backend.Show less
CVE-2018-19490
3Debian
GnuplotOpensuse
3Debian Linux
GnuplotLeap
Nov 21, 2024
Nov 23, 2018
N/A· v4
7.8 HIGH· v3
6.8 MEDIUM· v2
An issue was discovered in datafile.c in Gnuplot 5.2.5. This issue allows an attacker to conduct a heap-based buffer overflow with an arbitrary amount of data in df_generate_ascii_array_entry. To exploit this vulnerabili...Show more
An issue was discovered in datafile.c in Gnuplot 5.2.5. This issue allows an attacker to conduct a heap-based buffer overflow with an arbitrary amount of data in df_generate_ascii_array_entry. To exploit this vulnerability, an attacker must pass an overlong string as the right bound of the range argument that is passed to the plot function.Show less
CVE-2018-18954
3Canonical
OpensuseQemu
3Leap
QemuUbuntu Linux
Nov 21, 2024
Nov 15, 2018
N/A· v4
5.5 MEDIUM· v3
2.1 LOW· v2
The pnv_lpc_do_eccb function in hw/ppc/pnv_lpc.c in Qemu before 3.1 allows out-of-bounds write or read access to PowerNV memory.
CVE-2018-16845
5Apple
CanonicalDebian+2 more
5Debian Linux
LeapNginx+2 more
Nov 21, 2024
Nov 7, 2018
N/A· v4
6.1 MEDIUM· v3
5.8 MEDIUM· v2
nginx before versions 1.15.6, 1.14.1 has a vulnerability in the ngx_http_mp4_module, which might allow an attacker to cause infinite loop in a worker process, cause a worker process crash, or might result in worker proce...Show more
nginx before versions 1.15.6, 1.14.1 has a vulnerability in the ngx_http_mp4_module, which might allow an attacker to cause infinite loop in a worker process, cause a worker process crash, or might result in worker process memory disclosure by using a specially crafted mp4 file. The issue only affects nginx if it is built with the ngx_http_mp4_module (the module is not built by default) and the .mp4. directive is used in the configuration file. Further, the attack is only possible if an attacker is able to trigger processing of a specially crafted mp4 file with the ngx_http_mp4_module.Show less
CVE-2018-16843
5Apple
CanonicalDebian+2 more
5Debian Linux
LeapNginx+2 more
Nov 21, 2024
Nov 7, 2018
N/A· v4
7.5 HIGH· v3
7.8 HIGH· v2
nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive memory consumption. This issue affects nginx compiled with the ngx_http_v2_module (not compiled by...Show more
nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive memory consumption. This issue affects nginx compiled with the ngx_http_v2_module (not compiled by default) if the 'http2' option of the 'listen' directive is used in a configuration file.Show less
CVE-2018-19052
4Debian
LighttpdOpensuse+1 more
5Backports Sle
Debian LinuxLeap+2 more
Nov 21, 2024
Nov 7, 2018
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
An issue was discovered in mod_alias_physical_handler in mod_alias.c in lighttpd before 1.4.50. There is potential ../ path traversal of a single directory above an alias target, with a specific mod_alias configuration w...Show more
An issue was discovered in mod_alias_physical_handler in mod_alias.c in lighttpd before 1.4.50. There is potential ../ path traversal of a single directory above an alias target, with a specific mod_alias configuration where the matched alias lacks a trailing '/' character, but the alias target filesystem path does have a trailing '/' character.Show less
CVE-2018-18544
3Graphicsmagick
ImagemagickOpensuse
3Graphicsmagick
ImagemagickLeap
Nov 21, 2024
Oct 21, 2018
N/A· v4
6.5 MEDIUM· v3
4.3 MEDIUM· v2
There is a memory leak in the function WriteMSLImage of coders/msl.c in ImageMagick 7.0.8-13 Q16, and the function ProcessMSLScript of coders/msl.c in GraphicsMagick before 1.3.31.
CVE-2018-18521
5Canonical
DebianElfutils Project+2 more
7Debian Linux
ElfutilsEnterprise Linux Desktop+4 more
Nov 21, 2024
Oct 19, 2018
N/A· v4
5.5 MEDIUM· v3
4.3 MEDIUM· v2
Divide-by-zero vulnerabilities in the function arlib_add_symbols() in arlib.c in elfutils 0.174 allow remote attackers to cause a denial of service (application crash) with a crafted ELF file, as demonstrated by eu-ranli...Show more
Divide-by-zero vulnerabilities in the function arlib_add_symbols() in arlib.c in elfutils 0.174 allow remote attackers to cause a denial of service (application crash) with a crafted ELF file, as demonstrated by eu-ranlib, because a zero sh_entsize is mishandled.Show less
CVE-2018-18520
5Canonical
DebianElfutils Project+2 more
7Debian Linux
ElfutilsEnterprise Linux Desktop+4 more
Nov 21, 2024
Oct 19, 2018
N/A· v4
6.5 MEDIUM· v3
4.3 MEDIUM· v2
An Invalid Memory Address Dereference exists in the function elf_end in libelf in elfutils through v0.174. Although eu-size is intended to support ar files inside ar files, handle_ar in size.c closes the outer ar file be...Show more
An Invalid Memory Address Dereference exists in the function elf_end in libelf in elfutils through v0.174. Although eu-size is intended to support ar files inside ar files, handle_ar in size.c closes the outer ar file before handling all inner entries. The vulnerability allows attackers to cause a denial of service (application crash) with a crafted ELF file.Show less
CVE-2017-5934
4Canonical
DebianMoinmo+1 more
4Debian Linux
LeapMoinmoin+1 more
Nov 21, 2024
Oct 15, 2018
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
Cross-site scripting (XSS) vulnerability in the link dialogue in GUI editor in MoinMoin before 1.9.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.