Opensuse

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2014-8369 4Debian LinuxOpensuse+1 more 5Debian Linux EvergreenLinux Enterprise Real Time Extension+2 more May 6, 2026 Nov 10, 2014 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 The kvm_iommu_map_pages function in virt/kvm/iommu.c in the Linux kernel through 3.17.2 miscalculates the number of pages during the handling of a mapping failure, which allows guest OS users to cause a denial of service...Show more The kvm_iommu_map_pages function in virt/kvm/iommu.c in the Linux kernel through 3.17.2 miscalculates the number of pages during the handling of a mapping failure, which allows guest OS users to cause a denial of service (host OS page unpinning) or possibly have unspecified other impact by leveraging guest OS privileges. NOTE: this vulnerability exists because of an incorrect fix for CVE-2014-3601.Show less
CVE-2014-7826 3Linux OpensuseSuse 3Evergreen Linux KernelSuse Linux Enterprise Server May 6, 2026 Nov 10, 2014 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 kernel/trace/trace_syscalls.c in the Linux kernel through 3.17.2 does not properly handle private syscall numbers during use of the ftrace subsystem, which allows local users to gain privileges or cause a denial of servi...Show more kernel/trace/trace_syscalls.c in the Linux kernel through 3.17.2 does not properly handle private syscall numbers during use of the ftrace subsystem, which allows local users to gain privileges or cause a denial of service (invalid pointer dereference) via a crafted application.Show less
CVE-2014-3690 7Canonical DebianLinux+4 more 10Debian Linux Enterprise LinuxEvergreen+7 more May 6, 2026 Nov 10, 2014 N/A· v4 5.5 MEDIUM· v3 4.9 MEDIUM· v2 arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel before 3.17.2 on Intel processors does not ensure that the value in the CR4 control register remains the same after a VM entry, which allows host OS users to ki...Show more arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel before 3.17.2 on Intel processors does not ensure that the value in the CR4 control register remains the same after a VM entry, which allows host OS users to kill arbitrary processes or cause a denial of service (system disruption) by leveraging /dev/kvm access, as demonstrated by PR_SET_TSC prctl calls within a modified copy of QEMU.Show less
CVE-2014-3687 8Canonical DebianLinux+5 more 12Debian Linux Enterprise MrgEvergreen+9 more May 6, 2026 Nov 10, 2014 N/A· v4 7.5 HIGH· v3 7.8 HIGH· v2 The sctp_assoc_lookup_asconf_ack function in net/sctp/associola.c in the SCTP implementation in the Linux kernel through 3.17.2 allows remote attackers to cause a denial of service (panic) via duplicate ASCONF chunks tha...Show more The sctp_assoc_lookup_asconf_ack function in net/sctp/associola.c in the SCTP implementation in the Linux kernel through 3.17.2 allows remote attackers to cause a denial of service (panic) via duplicate ASCONF chunks that trigger an incorrect uncork within the side-effect interpreter.Show less
CVE-2014-3673 7Canonical DebianLinux+4 more 10Debian Linux Enterprise LinuxEnterprise Mrg+7 more May 6, 2026 Nov 10, 2014 N/A· v4 7.5 HIGH· v3 7.8 HIGH· v2 The SCTP implementation in the Linux kernel through 3.17.2 allows remote attackers to cause a denial of service (system crash) via a malformed ASCONF chunk, related to net/sctp/sm_make_chunk.c and net/sctp/sm_statefuns.c...Show more The SCTP implementation in the Linux kernel through 3.17.2 allows remote attackers to cause a denial of service (system crash) via a malformed ASCONF chunk, related to net/sctp/sm_make_chunk.c and net/sctp/sm_statefuns.c.Show less
CVE-2014-3647 7Canonical DebianLinux+4 more 7Debian Linux Enterprise LinuxEvergreen+4 more May 6, 2026 Nov 10, 2014 N/A· v4 5.5 MEDIUM· v3 1.9 LOW· v2 arch/x86/kvm/emulate.c in the KVM subsystem in the Linux kernel through 3.17.2 does not properly perform RIP changes, which allows guest OS users to cause a denial of service (guest OS crash) via a crafted application.
CVE-2014-3646 6Canonical DebianLinux+3 more 6Debian Linux Enterprise LinuxEvergreen+3 more May 6, 2026 Nov 10, 2014 N/A· v4 5.5 MEDIUM· v3 4.7 MEDIUM· v2 arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel through 3.17.2 does not have an exit handler for the INVVPID instruction, which allows guest OS users to cause a denial of service (guest OS crash) via a crafte...Show more arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel through 3.17.2 does not have an exit handler for the INVVPID instruction, which allows guest OS users to cause a denial of service (guest OS crash) via a crafted application.Show less
CVE-2014-3610 5Canonical DebianLinux+2 more 5Debian Linux EvergreenLinux Kernel+2 more May 6, 2026 Nov 10, 2014 N/A· v4 5.5 MEDIUM· v3 4.9 MEDIUM· v2 The WRMSR processing functionality in the KVM subsystem in the Linux kernel through 3.17.2 does not properly handle the writing of a non-canonical address to a model-specific register, which allows guest OS users to caus...Show more The WRMSR processing functionality in the KVM subsystem in the Linux kernel through 3.17.2 does not properly handle the writing of a non-canonical address to a model-specific register, which allows guest OS users to cause a denial of service (host OS crash) by leveraging guest OS privileges, related to the wrmsr_interception function in arch/x86/kvm/svm.c and the handle_wrmsr function in arch/x86/kvm/vmx.c.Show less
CVE-2014-7818 2Opensuse Rubyonrails 3Opensuse RailsRuby On Rails May 6, 2026 Nov 8, 2014 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Directory traversal vulnerability in actionpack/lib/action_dispatch/middleware/static.rb in Action Pack in Ruby on Rails 3.x before 3.2.20, 4.0.x before 4.0.11, 4.1.x before 4.1.7, and 4.2.x before 4.2.0.beta3, when serv...Show more Directory traversal vulnerability in actionpack/lib/action_dispatch/middleware/static.rb in Action Pack in Ruby on Rails 3.x before 3.2.20, 4.0.x before 4.0.11, 4.1.x before 4.1.7, and 4.2.x before 4.2.0.beta3, when serve_static_assets is enabled, allows remote attackers to determine the existence of files outside the application root via a /..%2F sequence.Show less
CVE-2014-6300 2Opensuse Phpmyadmin 2Opensuse Phpmyadmin May 6, 2026 Nov 8, 2014 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Cross-site scripting (XSS) vulnerability in the micro history implementation in phpMyAdmin 4.0.x before 4.0.10.3, 4.1.x before 4.1.14.4, and 4.2.x before 4.2.8.1 allows remote attackers to inject arbitrary web script or...Show more Cross-site scripting (XSS) vulnerability in the micro history implementation in phpMyAdmin 4.0.x before 4.0.10.3, 4.1.x before 4.1.14.4, and 4.2.x before 4.2.8.1 allows remote attackers to inject arbitrary web script or HTML, and consequently conduct a cross-site request forgery (CSRF) attack to create a root account, via a crafted URL, related to js/ajax.js.Show less
CVE-2014-3693 4Canonical LibreofficeOpensuse+1 more 6Enterprise Linux Desktop Enterprise Linux ServerEnterprise Linux Workstation+3 more May 6, 2026 Nov 7, 2014 N/A· v4 N/A· v3 7.5 HIGH· v2 Use-after-free vulnerability in the socket manager of Impress Remote in LibreOffice 4.x before 4.2.7 and 4.3.x before 4.3.3 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code...Show more Use-after-free vulnerability in the socket manager of Impress Remote in LibreOffice 4.x before 4.2.7 and 4.3.x before 4.3.3 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted request to TCP port 1599.Show less
CVE-2014-8483 4Canonical DebianOpensuse+1 more 4Debian Linux OpensuseQuassel Irc+1 more May 6, 2026 Nov 6, 2014 N/A· v4 N/A· v3 5.0 MEDIUM· v2 The blowfishECB function in core/cipher.cpp in Quassel IRC 0.10.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a malformed string.
CVE-2014-8326 2Opensuse Phpmyadmin 2Opensuse Phpmyadmin May 6, 2026 Nov 5, 2014 N/A· v4 N/A· v3 3.5 LOW· v2 Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.5, 4.1.x before 4.1.14.6, and 4.2.x before 4.2.10.1 allow remote authenticated users to inject arbitrary web script or HTML via a craf...Show more Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.5, 4.1.x before 4.1.14.6, and 4.2.x before 4.2.10.1 allow remote authenticated users to inject arbitrary web script or HTML via a crafted (1) database name or (2) table name, related to the libraries/DatabaseInterface.class.php code for SQL debug output and the js/server_status_monitor.js code for the server monitor page.Show less
CVE-2013-4540 2Opensuse Qemu 2Opensuse Qemu May 6, 2026 Nov 4, 2014 N/A· v4 N/A· v3 7.5 HIGH· v2 Buffer overflow in scoop_gpio_handler_update in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via a large (1) prev_level, (2) gpio_level, or (3) gpio_dir value in a savevm image.
CVE-2014-8080 4Canonical OpensuseRedhat+1 more 4Enterprise Linux OpensuseRuby+1 more May 6, 2026 Nov 3, 2014 N/A· v4 N/A· v3 5.0 MEDIUM· v2 The REXML parser in Ruby 1.9.x before 1.9.3-p550, 2.0.x before 2.0.0-p594, and 2.1.x before 2.1.4 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document, aka an XML Entity Ex...Show more The REXML parser in Ruby 1.9.x before 1.9.3-p550, 2.0.x before 2.0.0-p594, and 2.1.x before 2.1.4 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document, aka an XML Entity Expansion (XEE) attack.Show less
CVE-2014-3615 5Canonical DebianOpensuse+2 more 12Debian Linux Enterprise Linux DesktopEnterprise Linux Eus+9 more May 6, 2026 Nov 1, 2014 N/A· v4 N/A· v3 2.1 LOW· v2 The VGA emulator in QEMU allows local guest users to read host memory by setting the display to a high resolution.
CVE-2014-3475 2Openstack Opensuse 2Horizon Opensuse May 6, 2026 Oct 31, 2014 N/A· v4 N/A· v3 3.5 LOW· v2 Cross-site scripting (XSS) vulnerability in the Users panel (admin/users/) in OpenStack Dashboard (Horizon) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 allows remote administrators to inject arbitrary...Show more Cross-site scripting (XSS) vulnerability in the Users panel (admin/users/) in OpenStack Dashboard (Horizon) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 allows remote administrators to inject arbitrary web script or HTML via a user email address, a different vulnerability than CVE-2014-8578.Show less
CVE-2014-3474 2Openstack Opensuse 2Horizon Opensuse May 6, 2026 Oct 31, 2014 N/A· v4 N/A· v3 3.5 LOW· v2 Cross-site scripting (XSS) vulnerability in horizon/static/horizon/js/horizon.instances.js in the Launch Instance menu in OpenStack Dashboard (Horizon) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 allo...Show more Cross-site scripting (XSS) vulnerability in horizon/static/horizon/js/horizon.instances.js in the Launch Instance menu in OpenStack Dashboard (Horizon) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 allows remote authenticated users to inject arbitrary web script or HTML via a network name.Show less
CVE-2014-3473 2Openstack Opensuse 2Horizon Opensuse May 6, 2026 Oct 31, 2014 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Cross-site scripting (XSS) vulnerability in the Orchestration/Stack section in the Horizon Orchestration dashboard in OpenStack Dashboard (Horizon) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2, when us...Show more Cross-site scripting (XSS) vulnerability in the Orchestration/Stack section in the Horizon Orchestration dashboard in OpenStack Dashboard (Horizon) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2, when used with Heat, allows remote Orchestration template owners or catalogs to inject arbitrary web script or HTML via a crafted template.Show less
CVE-2013-0334 3Bundler FedoraprojectOpensuse 3Bundler FedoraOpensuse May 6, 2026 Oct 31, 2014 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Bundler before 1.7, when multiple top-level source lines are used, allows remote attackers to install arbitrary gems by creating a gem with the same name as another gem in a different source.

Previous 1...127128129...164 Next