← Back

Opensuse

opensuse

3,271 CVEs • 50 products

Products (50)

Click to collapse
Toggle
Leap
leap
1,898 CVEs
Opensuse
opensuse
1,454 CVEs
Backports Sle
backports_sle
326 CVEs
Backports
backports
97 CVEs
Evergreen
evergreen
43 CVEs
Open Build Service
open_build_service
22 CVEs
Libsolv
libsolv
13 CVEs
Factory
factory
10 CVEs
Supportutils
supportutils
6 CVEs
Libzypp
libzypp
5 CVEs
Tumbleweed
tumbleweed
4 CVEs
Zypper
zypper
3 CVEs
Openldap2
openldap2
3 CVEs
Osc
osc
2 CVEs
Suse Linux Enterprise Server
suse_linux_enterprise_server
2 CVEs
Cryptctl
cryptctl
2 CVEs
Munge
munge
2 CVEs
Wicked
wicked
2 CVEs
Pcp
pcp
2 CVEs
Texlive Filesystem
texlive-filesystem
2 CVEs
Rmt Server
rmt-server
2 CVEs
Cscreen
cscreen
2 CVEs
Libeconf
libeconf
2 CVEs
Openstack Cloud
openstack_cloud
1 CVE
Libstorage
libstorage
1 CVE
Libstorage Ng
libstorage-ng
1 CVE
Obs Service Source Validator
obs-service-source_validator
1 CVE
Open Buildservice
open_buildservice
1 CVE
Sysconfig
sysconfig
1 CVE
Tar Scm
tar_scm
1 CVE
Package Hub
package_hub
1 CVE
Yast2 Multipath
yast2-multipath
1 CVE
Yast2 Samba Provision
yast2-samba-provision
1 CVE
Yast2 Printer
yast2-printer
1 CVE
Munin
munin
1 CVE
Suse Package Hub
suse_package_hub
1 CVE
Autoyast2
autoyast2
1 CVE
Hylafax+
hylafax+
1 CVE
Tumbleweed Kopano Spamd
tumbleweed_kopano-spamd
1 CVE
Cyrus Sasl
cyrus-sasl
1 CVE
Python Postorius
python-postorius
1 CVE
Inn
inn
1 CVE
Factory Watchman
factory_watchman
1 CVE
Canna
canna
1 CVE
Leap Micro
leap_micro
1 CVE
Travel Support Program
travel_support_program
1 CVE
Libzypp Plugin Appdata
libzypp-plugin-appdata
1 CVE
Paste
paste
1 CVE
Welcome
welcome
1 CVE
Mirrorcache
mirrorcache
1 CVE

CVEs (3,271)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2015-2709
3Mozilla
NovellOpensuse
5Firefox
OpensuseSuse Linux Enterprise Desktop+2 more
May 6, 2026
May 14, 2015
N/A· v4
N/A· v3
7.5 HIGH· v2
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 38.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code v...Show more
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 38.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.Show less
CVE-2015-2708
3Mozilla
NovellOpensuse
7Firefox
Firefox EsrOpensuse+4 more
May 6, 2026
May 14, 2015
N/A· v4
N/A· v3
7.5 HIGH· v2
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allow remote attackers to cause a denial of service (memory corruption...Show more
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.Show less
CVE-2015-3622
3Fedoraproject
GnuOpensuse
3Fedora
Libtasn1Opensuse
May 6, 2026
May 12, 2015
N/A· v4
N/A· v3
4.3 MEDIUM· v2
The _asn1_extract_der_octet function in lib/decoding.c in GNU Libtasn1 before 4.5 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted certificate.
CVE-2015-3451
5Canonical
DebianFedoraproject+2 more
5Debian Linux
FedoraOpensuse+2 more
May 6, 2026
May 12, 2015
N/A· v4
N/A· v3
5.0 MEDIUM· v2
The _clone function in XML::LibXML before 2.0119 does not properly set the expand_entities option, which allows remote attackers to conduct XML external entity (XXE) attacks via crafted XML data to the (1) new or (2) loa...Show more
The _clone function in XML::LibXML before 2.0119 does not properly set the expand_entities option, which allows remote attackers to conduct XML external entity (XXE) attacks via crafted XML data to the (1) new or (2) load_xml function.Show less
CVE-2014-3598
2Opensuse
Python
2Opensuse
Pillow
May 6, 2026
May 1, 2015
N/A· v4
N/A· v3
5.0 MEDIUM· v2
The Jpeg2KImagePlugin plugin in Pillow before 2.5.3 allows remote attackers to cause a denial of service via a crafted image.
CVE-2015-3026
3Debian
OpensuseXiph
3Debian Linux
IcecastOpensuse
May 6, 2026
Apr 29, 2015
N/A· v4
N/A· v3
5.0 MEDIUM· v2
Icecast before 2.4.2, when a stream_auth handler is defined for URL authentication, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a request without login credentials, as de...Show more
Icecast before 2.4.2, when a stream_auth handler is defined for URL authentication, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a request without login credentials, as demonstrated by a request to "admin/killsource?mount=/test.ogg."Show less
CVE-2015-3340
5Debian
FedoraprojectOpensuse+2 more
9Debian Linux
FedoraLinux Enterprise Desktop+6 more
May 6, 2026
Apr 28, 2015
N/A· v4
N/A· v3
2.9 LOW· v2
Xen 4.2.x through 4.5.x does not initialize certain fields, which allows certain remote service domains to obtain sensitive information from memory via a (1) XEN_DOMCTL_gettscinfo or (2) XEN_SYSCTL_getdomaininfolist requ...Show more
Xen 4.2.x through 4.5.x does not initialize certain fields, which allows certain remote service domains to obtain sensitive information from memory via a (1) XEN_DOMCTL_gettscinfo or (2) XEN_SYSCTL_getdomaininfolist request.Show less
CVE-2015-1863
5Canonical
DebianOpensuse+2 more
10Debian Linux
Enterprise Linux DesktopEnterprise Linux Hpc Node+7 more
May 6, 2026
Apr 28, 2015
N/A· v4
N/A· v3
5.8 MEDIUM· v2
Heap-based buffer overflow in wpa_supplicant 1.0 through 2.4 allows remote attackers to cause a denial of service (crash), read memory, or possibly execute arbitrary code via crafted SSID information in a management fram...Show more
Heap-based buffer overflow in wpa_supplicant 1.0 through 2.4 allows remote attackers to cause a denial of service (crash), read memory, or possibly execute arbitrary code via crafted SSID information in a management frame when creating or updating P2P entries.Show less
CVE-2015-3148
7Apple
CanonicalDebian+4 more
8Curl
Debian LinuxFedora+5 more
May 6, 2026
Apr 24, 2015
N/A· v4
N/A· v3
5.0 MEDIUM· v2
cURL and libcurl 7.10.6 through 7.41.0 do not properly re-use authenticated Negotiate connections, which allows remote attackers to connect as other users via a request.
CVE-2015-3145
8Apple
CanonicalDebian+5 more
9Curl
Debian LinuxFedora+6 more
May 6, 2026
Apr 24, 2015
N/A· v4
N/A· v3
7.5 HIGH· v2
The sanitize_cookie_path function in cURL and libcurl 7.31.0 through 7.41.0 does not properly calculate an index, which allows remote attackers to cause a denial of service (out-of-bounds write and crash) or possibly hav...Show more
The sanitize_cookie_path function in cURL and libcurl 7.31.0 through 7.41.0 does not properly calculate an index, which allows remote attackers to cause a denial of service (out-of-bounds write and crash) or possibly have other unspecified impact via a cookie path containing only a double-quote character.Show less
CVE-2015-3336
3Debian
GoogleOpensuse
3Chrome
Debian LinuxOpensuse
May 6, 2026
Apr 19, 2015
N/A· v4
N/A· v3
4.3 MEDIUM· v2
Google Chrome before 42.0.2311.90 does not always ask the user before proceeding with CONTENT_SETTINGS_TYPE_FULLSCREEN and CONTENT_SETTINGS_TYPE_MOUSELOCK changes, which allows user-assisted remote attackers to cause a d...Show more
Google Chrome before 42.0.2311.90 does not always ask the user before proceeding with CONTENT_SETTINGS_TYPE_FULLSCREEN and CONTENT_SETTINGS_TYPE_MOUSELOCK changes, which allows user-assisted remote attackers to cause a denial of service (UI disruption) by constructing a crafted HTML document containing JavaScript code with requestFullScreen and requestPointerLock calls, and arranging for the user to access this document with a file: URL.Show less
CVE-2015-3335
2Google
Opensuse
2Chrome
Opensuse
May 6, 2026
Apr 19, 2015
N/A· v4
N/A· v3
7.5 HIGH· v2
The NaClSandbox::InitializeLayerTwoSandbox function in components/nacl/loader/sandbox_linux/nacl_sandbox_linux.cc in Google Chrome before 42.0.2311.90 does not have RLIMIT_AS and RLIMIT_DATA limits for Native Client (aka...Show more
The NaClSandbox::InitializeLayerTwoSandbox function in components/nacl/loader/sandbox_linux/nacl_sandbox_linux.cc in Google Chrome before 42.0.2311.90 does not have RLIMIT_AS and RLIMIT_DATA limits for Native Client (aka NaCl) processes, which might make it easier for remote attackers to conduct row-hammer attacks or have unspecified other impact by leveraging the ability to run a crafted program in the NaCl sandbox.Show less
CVE-2015-3334
3Debian
GoogleOpensuse
3Chrome
Debian LinuxOpensuse
May 6, 2026
Apr 19, 2015
N/A· v4
N/A· v3
4.3 MEDIUM· v2
browser/ui/website_settings/website_settings.cc in Google Chrome before 42.0.2311.90 does not always display "Media: Allowed by you" in a Permissions table after the user has granted camera permission to a web site, whic...Show more
browser/ui/website_settings/website_settings.cc in Google Chrome before 42.0.2311.90 does not always display "Media: Allowed by you" in a Permissions table after the user has granted camera permission to a web site, which might make it easier for user-assisted remote attackers to obtain sensitive video data from a device's physical environment via a crafted web site that turns on the camera at a time when the user believes that camera access is prohibited.Show less
CVE-2015-1241
6Canonical
DebianGoogle+3 more
11Chrome
Debian LinuxEnterprise Linux Desktop+8 more
May 6, 2026
Apr 19, 2015
N/A· v4
N/A· v3
4.3 MEDIUM· v2
Google Chrome before 42.0.2311.90 does not properly consider the interaction of page navigation with the handling of touch events and gesture events, which allows remote attackers to trigger unintended UI actions via a c...Show more
Google Chrome before 42.0.2311.90 does not properly consider the interaction of page navigation with the handling of touch events and gesture events, which allows remote attackers to trigger unintended UI actions via a crafted web site that conducts a "tapjacking" attack.Show less
CVE-2015-0492
3Opensuse
OracleSuse
5Javafx
JdkJre+2 more
May 6, 2026
Apr 16, 2015
N/A· v4
N/A· v3
9.3 HIGH· v2
Unspecified vulnerability in Oracle Java SE 7u76 and 8u40, and JavaFX 2.2.76, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2015-04...Show more
Unspecified vulnerability in Oracle Java SE 7u76 and 8u40, and JavaFX 2.2.76, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2015-0484.Show less
CVE-2015-0491
3Opensuse
OracleSuse
5Javafx
JdkJre+2 more
May 6, 2026
Apr 16, 2015
N/A· v4
N/A· v3
10.0 HIGH· v2
Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40, and Java FX 2.2.76, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different...Show more
Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40, and Java FX 2.2.76, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than CVE-2015-0459.Show less
CVE-2015-0486
2Opensuse
Oracle
3Jdk
JreOpensuse
May 6, 2026
Apr 16, 2015
N/A· v4
N/A· v3
5.0 MEDIUM· v2
Unspecified vulnerability in Oracle Java SE 8u40 allows remote attackers to affect confidentiality via unknown vectors related to Deployment.
CVE-2015-0484
3Opensuse
OracleSuse
5Javafx
JdkJre+2 more
May 6, 2026
Apr 16, 2015
N/A· v4
N/A· v3
6.8 MEDIUM· v2
Unspecified vulnerability in Oracle Java SE 7u76 and 8u40, and Java FX 2.2.76, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2015-0...Show more
Unspecified vulnerability in Oracle Java SE 7u76 and 8u40, and Java FX 2.2.76, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2015-0492.Show less
CVE-2015-0459
3Novell
OpensuseOracle
5Javafx
JdkJre+2 more
May 6, 2026
Apr 16, 2015
N/A· v4
N/A· v3
10.0 HIGH· v2
Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40, and JavaFX 2.2.76, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different v...Show more
Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40, and JavaFX 2.2.76, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than CVE-2015-0491.Show less
CVE-2015-0458
3Novell
OpensuseOracle
4Jdk
JreOpensuse+1 more
May 6, 2026
Apr 16, 2015
N/A· v4
N/A· v3
7.6 HIGH· v2
Unspecified vulnerability in in Oracle Java SE 6u91, 7u76, and 8u40 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.