← Back

Opensuse

opensuse

3,271 CVEs • 50 products

Products (50)

Click to collapse
Toggle
Leap
leap
1,898 CVEs
Opensuse
opensuse
1,454 CVEs
Backports Sle
backports_sle
326 CVEs
Backports
backports
97 CVEs
Evergreen
evergreen
43 CVEs
Open Build Service
open_build_service
22 CVEs
Libsolv
libsolv
13 CVEs
Factory
factory
10 CVEs
Supportutils
supportutils
6 CVEs
Libzypp
libzypp
5 CVEs
Tumbleweed
tumbleweed
4 CVEs
Zypper
zypper
3 CVEs
Openldap2
openldap2
3 CVEs
Osc
osc
2 CVEs
Suse Linux Enterprise Server
suse_linux_enterprise_server
2 CVEs
Cryptctl
cryptctl
2 CVEs
Munge
munge
2 CVEs
Wicked
wicked
2 CVEs
Pcp
pcp
2 CVEs
Texlive Filesystem
texlive-filesystem
2 CVEs
Rmt Server
rmt-server
2 CVEs
Cscreen
cscreen
2 CVEs
Libeconf
libeconf
2 CVEs
Openstack Cloud
openstack_cloud
1 CVE
Libstorage
libstorage
1 CVE
Libstorage Ng
libstorage-ng
1 CVE
Obs Service Source Validator
obs-service-source_validator
1 CVE
Open Buildservice
open_buildservice
1 CVE
Sysconfig
sysconfig
1 CVE
Tar Scm
tar_scm
1 CVE
Package Hub
package_hub
1 CVE
Yast2 Multipath
yast2-multipath
1 CVE
Yast2 Samba Provision
yast2-samba-provision
1 CVE
Yast2 Printer
yast2-printer
1 CVE
Munin
munin
1 CVE
Suse Package Hub
suse_package_hub
1 CVE
Autoyast2
autoyast2
1 CVE
Hylafax+
hylafax+
1 CVE
Tumbleweed Kopano Spamd
tumbleweed_kopano-spamd
1 CVE
Cyrus Sasl
cyrus-sasl
1 CVE
Python Postorius
python-postorius
1 CVE
Inn
inn
1 CVE
Factory Watchman
factory_watchman
1 CVE
Canna
canna
1 CVE
Leap Micro
leap_micro
1 CVE
Travel Support Program
travel_support_program
1 CVE
Libzypp Plugin Appdata
libzypp-plugin-appdata
1 CVE
Paste
paste
1 CVE
Welcome
welcome
1 CVE
Mirrorcache
mirrorcache
1 CVE

CVEs (3,271)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2014-8642
2Mozilla
Opensuse
3Firefox
OpensuseSeamonkey
May 6, 2026
Jan 14, 2015
N/A· v4
N/A· v3
4.3 MEDIUM· v2
Mozilla Firefox before 35.0 and SeaMonkey before 2.32 do not consider the id-pkix-ocsp-nocheck extension in deciding whether to trust an OCSP responder, which makes it easier for remote attackers to obtain sensitive info...Show more
Mozilla Firefox before 35.0 and SeaMonkey before 2.32 do not consider the id-pkix-ocsp-nocheck extension in deciding whether to trust an OCSP responder, which makes it easier for remote attackers to obtain sensitive information by sniffing the network during a session in which there was an incorrect decision to accept a compromised and revoked certificate.Show less
CVE-2014-8640
2Mozilla
Opensuse
3Firefox
OpensuseSeamonkey
May 6, 2026
Jan 14, 2015
N/A· v4
N/A· v3
5.0 MEDIUM· v2
The mozilla::dom::AudioParamTimeline::AudioNodeInputValue function in the Web Audio API implementation in Mozilla Firefox before 35.0 and SeaMonkey before 2.32 does not properly restrict timeline operations, which allows...Show more
The mozilla::dom::AudioParamTimeline::AudioNodeInputValue function in the Web Audio API implementation in Mozilla Firefox before 35.0 and SeaMonkey before 2.32 does not properly restrict timeline operations, which allows remote attackers to cause a denial of service (uninitialized-memory read and application crash) via crafted API calls.Show less
CVE-2015-0564
4Debian
OpensuseOracle+1 more
5Debian Linux
LinuxOpensuse+2 more
May 6, 2026
Jan 10, 2015
N/A· v4
N/A· v3
5.0 MEDIUM· v2
Buffer underflow in the ssl_decrypt_record function in epan/dissectors/packet-ssl-utils.c in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 allows remote attackers to cause a denial of service (application cras...Show more
Buffer underflow in the ssl_decrypt_record function in epan/dissectors/packet-ssl-utils.c in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 allows remote attackers to cause a denial of service (application crash) via a crafted packet that is improperly handled during decryption of an SSL session.Show less
CVE-2015-0563
2Opensuse
Wireshark
2Opensuse
Wireshark
May 6, 2026
Jan 10, 2015
N/A· v4
N/A· v3
5.0 MEDIUM· v2
epan/dissectors/packet-smtp.c in the SMTP dissector in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 uses an incorrect length value for certain string-append operations, which allows remote attackers to cause...Show more
epan/dissectors/packet-smtp.c in the SMTP dissector in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 uses an incorrect length value for certain string-append operations, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.Show less
CVE-2015-0561
3Opensuse
OracleWireshark
3Opensuse
SolarisWireshark
May 6, 2026
Jan 10, 2015
N/A· v4
N/A· v3
5.0 MEDIUM· v2
asn1/lpp/lpp.cnf in the LPP dissector in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 does not validate a certain index value, which allows remote attackers to cause a denial of service (out-of-bounds memory...Show more
asn1/lpp/lpp.cnf in the LPP dissector in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 does not validate a certain index value, which allows remote attackers to cause a denial of service (out-of-bounds memory access and application crash) via a crafted packet.Show less
CVE-2015-0560
2Opensuse
Wireshark
2Opensuse
Wireshark
May 6, 2026
Jan 10, 2015
N/A· v4
N/A· v3
5.0 MEDIUM· v2
The dissect_wccp2r1_address_table_info function in epan/dissectors/packet-wccp.c in the WCCP dissector in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 does not initialize certain data structures, which allows...Show more
The dissect_wccp2r1_address_table_info function in epan/dissectors/packet-wccp.c in the WCCP dissector in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 does not initialize certain data structures, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.Show less
CVE-2015-0559
2Opensuse
Wireshark
2Opensuse
Wireshark
May 6, 2026
Jan 10, 2015
N/A· v4
N/A· v3
5.0 MEDIUM· v2
Multiple use-after-free vulnerabilities in epan/dissectors/packet-wccp.c in the WCCP dissector in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 allow remote attackers to cause a denial of service (application...Show more
Multiple use-after-free vulnerabilities in epan/dissectors/packet-wccp.c in the WCCP dissector in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 allow remote attackers to cause a denial of service (application crash) via a crafted packet, related to the use of packet-scope memory instead of pinfo-scope memory.Show less
CVE-2014-9585
7Canonical
DebianFedoraproject+4 more
19Debian Linux
Enterprise Linux AusEnterprise Linux Desktop+16 more
May 6, 2026
Jan 9, 2015
N/A· v4
N/A· v3
2.1 LOW· v2
The vdso_addr function in arch/x86/vdso/vma.c in the Linux kernel through 3.18.2 does not properly choose memory locations for the vDSO area, which makes it easier for local users to bypass the ASLR protection mechanism...Show more
The vdso_addr function in arch/x86/vdso/vma.c in the Linux kernel through 3.18.2 does not properly choose memory locations for the vDSO area, which makes it easier for local users to bypass the ASLR protection mechanism by guessing a location at the end of a PMD.Show less
CVE-2014-9584
7Canonical
DebianLinux+4 more
19Debian Linux
Enterprise Linux AusEnterprise Linux Desktop+16 more
May 6, 2026
Jan 9, 2015
N/A· v4
N/A· v3
2.1 LOW· v2
The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel before 3.18.2 does not validate a length value in the Extensions Reference (ER) System Use Field, which allows local users to obtain sen...Show more
The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel before 3.18.2 does not validate a length value in the Extensions Reference (ER) System Use Field, which allows local users to obtain sensitive information from kernel memory via a crafted iso9660 image.Show less
CVE-2014-9529
6Canonical
DebianFedoraproject+3 more
11Debian Linux
Enterprise Linux DesktopEnterprise Linux Server+8 more
May 6, 2026
Jan 9, 2015
N/A· v4
N/A· v3
6.9 MEDIUM· v2
Race condition in the key_gc_unused_keys function in security/keys/gc.c in the Linux kernel through 3.18.2 allows local users to cause a denial of service (memory corruption or panic) or possibly have unspecified other i...Show more
Race condition in the key_gc_unused_keys function in security/keys/gc.c in the Linux kernel through 3.18.2 allows local users to cause a denial of service (memory corruption or panic) or possibly have unspecified other impact via keyctl commands that trigger access to a key structure member during garbage collection of a key.Show less
CVE-2015-0361
2Opensuse
Xen
2Opensuse
Xen
May 6, 2026
Jan 7, 2015
N/A· v4
N/A· v3
7.8 HIGH· v2
Use-after-free vulnerability in Xen 4.2.x, 4.3.x, and 4.4.x allows remote domains to cause a denial of service (system crash) via a crafted hypercall during HVM guest teardown.
CVE-2014-9221
5Canonical
DebianFedoraproject+2 more
5Debian Linux
FedoraOpensuse+2 more
May 6, 2026
Jan 7, 2015
N/A· v4
N/A· v3
5.0 MEDIUM· v2
strongSwan 4.5.x through 5.2.x before 5.2.1 allows remote attackers to cause a denial of service (invalid pointer dereference) via a crafted IKEv2 Key Exchange (KE) message with Diffie-Hellman (DH) group 1025.
CVE-2014-8132
5Canonical
DebianFedoraproject+2 more
5Debian Linux
FedoraLibssh+2 more
May 6, 2026
Dec 29, 2014
N/A· v4
N/A· v3
5.0 MEDIUM· v2
Double free vulnerability in the ssh_packet_kexinit function in kex.c in libssh 0.5.x and 0.6.x before 0.6.4 allows remote attackers to cause a denial of service via a crafted kexinit packet.
CVE-2014-8136
4Canonical
MageiaOpensuse+1 more
8Enterprise Linux Desktop
Enterprise Linux Hpc NodeEnterprise Linux Server+5 more
May 6, 2026
Dec 19, 2014
N/A· v4
N/A· v3
2.1 LOW· v2
The (1) qemuDomainMigratePerform and (2) qemuDomainMigrateFinish2 functions in qemu/qemu_driver.c in libvirt do not unlock the domain when an ACL check fails, which allow local users to cause a denial of service via unsp...Show more
The (1) qemuDomainMigratePerform and (2) qemuDomainMigrateFinish2 functions in qemu/qemu_driver.c in libvirt do not unlock the domain when an ACL check fails, which allow local users to cause a denial of service via unspecified vectors.Show less
CVE-2014-9322
6Canonical
GoogleLinux+3 more
6Android
Enterprise Linux EusEvergreen+3 more
May 6, 2026
Dec 17, 2014
N/A· v4
7.8 HIGH· v3
7.2 HIGH· v2
arch/x86/kernel/entry_64.S in the Linux kernel before 3.17.5 does not properly handle faults associated with the Stack Segment (SS) segment register, which allows local users to gain privileges by triggering an IRET inst...Show more
arch/x86/kernel/entry_64.S in the Linux kernel before 3.17.5 does not properly handle faults associated with the Stack Segment (SS) segment register, which allows local users to gain privileges by triggering an IRET instruction that leads to access to a GS Base address from the wrong space.Show less
CVE-2014-5353
7Canonical
DebianFedoraproject+4 more
12Debian Linux
Enterprise Linux DesktopEnterprise Linux Eus+9 more
May 6, 2026
Dec 16, 2014
N/A· v4
N/A· v3
3.5 LOW· v2
The krb5_ldap_get_password_policy_from_dn function in plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c in MIT Kerberos 5 (aka krb5) before 1.13.1, when the KDC uses LDAP, allows remote authenticated users to cause a denial...Show more
The krb5_ldap_get_password_policy_from_dn function in plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c in MIT Kerberos 5 (aka krb5) before 1.13.1, when the KDC uses LDAP, allows remote authenticated users to cause a denial of service (daemon crash) via a successful LDAP query with no results, as demonstrated by using an incorrect object type for a password policy.Show less
CVE-2014-9323
4Canonical
DebianFirebirdsql+1 more
4Debian Linux
EvergreenFirebird+1 more
May 6, 2026
Dec 16, 2014
N/A· v4
N/A· v3
5.0 MEDIUM· v2
The xdr_status_vector function in Firebird before 2.1.7 and 2.5.x before 2.5.3 SU1 allows remote attackers to cause a denial of service (NULL pointer dereference, segmentation fault, and crash) via an op_response action...Show more
The xdr_status_vector function in Firebird before 2.1.7 and 2.5.x before 2.5.3 SU1 allows remote attackers to cause a denial of service (NULL pointer dereference, segmentation fault, and crash) via an op_response action with a non-empty status.Show less
CVE-2014-8964
6Fedoraproject
MariadbOpensuse+3 more
11Enterprise Linux Desktop
Enterprise Linux EusEnterprise Linux Server+8 more
May 6, 2026
Dec 16, 2014
N/A· v4
N/A· v3
5.0 MEDIUM· v2
Heap-based buffer overflow in PCRE 8.36 and earlier allows remote attackers to cause a denial of service (crash) or have other unspecified impact via a crafted regular expression, related to an assertion that allows zero...Show more
Heap-based buffer overflow in PCRE 8.36 and earlier allows remote attackers to cause a denial of service (crash) or have other unspecified impact via a crafted regular expression, related to an assertion that allows zero repeats.Show less
CVE-2014-8134
5Canonical
LinuxOpensuse+2 more
6Evergreen
LinuxLinux Kernel+3 more
May 6, 2026
Dec 12, 2014
N/A· v4
3.3 LOW· v3
1.9 LOW· v2
The paravirt_ops_setup function in arch/x86/kernel/kvm.c in the Linux kernel through 3.18 uses an improper paravirt_enabled setting for KVM guest kernels, which makes it easier for guest OS users to bypass the ASLR prote...Show more
The paravirt_ops_setup function in arch/x86/kernel/kvm.c in the Linux kernel through 3.18 uses an improper paravirt_enabled setting for KVM guest kernels, which makes it easier for guest OS users to bypass the ASLR protection mechanism via a crafted application that reads a 16-bit value.Show less
CVE-2014-8124
4Fedoraproject
OpenstackOpensuse+1 more
4Fedora
HorizonOpensuse+1 more
May 6, 2026
Dec 12, 2014
N/A· v4
N/A· v3
5.0 MEDIUM· v2
OpenStack Dashboard (Horizon) before 2014.1.3 and 2014.2.x before 2014.2.1 does not properly handle session records when using a db or memcached session engine, which allows remote attackers to cause a denial of service...Show more
OpenStack Dashboard (Horizon) before 2014.1.3 and 2014.2.x before 2014.2.1 does not properly handle session records when using a db or memcached session engine, which allows remote attackers to cause a denial of service via a large number of requests to the login page.Show less