Opensuse

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2014-4165 2Ntop Opensuse 2Ntop Opensuse May 6, 2026 Jun 16, 2014 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Cross-site scripting (XSS) vulnerability in ntop allows remote attackers to inject arbitrary web script or HTML via the title parameter in a list action to plugins/rrdPlugin.
CVE-2014-3004 3Castor Project OpensuseOpensuse Project 3Castor OpensuseOpensuse May 6, 2026 Jun 11, 2014 N/A· v4 N/A· v3 4.3 MEDIUM· v2 The default configuration for the Xerces SAX Parser in Castor before 1.3.3 allows context-dependent attackers to conduct XML External Entity (XXE) attacks via a crafted XML document.
CVE-2014-2978 3Directfb OpensuseSuse 6Directfb Linux Enterprise DesktopLinux Enterprise Software Development Kit+3 more May 6, 2026 Jun 11, 2014 N/A· v4 N/A· v3 10.0 HIGH· v2 The Dispatch_Write function in proxy/dispatcher/idirectfbsurface_dispatcher.c in DirectFB 1.4.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the Voodoo interface, w...Show more The Dispatch_Write function in proxy/dispatcher/idirectfbsurface_dispatcher.c in DirectFB 1.4.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the Voodoo interface, which triggers an out-of-bounds write.Show less
CVE-2014-2977 3Directfb OpensuseSuse 6Directfb Linux Enterprise DesktopLinux Enterprise Software Development Kit+3 more May 6, 2026 Jun 11, 2014 N/A· v4 N/A· v3 10.0 HIGH· v2 Multiple integer signedness errors in the Dispatch_Write function in proxy/dispatcher/idirectfbsurface_dispatcher.c in DirectFB 1.4.13 allow remote attackers to cause a denial of service (crash) and possibly execute arbi...Show more Multiple integer signedness errors in the Dispatch_Write function in proxy/dispatcher/idirectfbsurface_dispatcher.c in DirectFB 1.4.13 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the Voodoo interface, which triggers a stack-based buffer overflow.Show less
CVE-2014-1542 4Mozilla OpensuseOpensuse Project+1 more 4Firefox OpensuseOpensuse+1 more May 6, 2026 Jun 11, 2014 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Buffer overflow in the Speex resampler in the Web Audio subsystem in Mozilla Firefox before 30.0 allows remote attackers to execute arbitrary code via vectors related to a crafted AudioBuffer channel count and sample rat...Show more Buffer overflow in the Speex resampler in the Web Audio subsystem in Mozilla Firefox before 30.0 allows remote attackers to execute arbitrary code via vectors related to a crafted AudioBuffer channel count and sample rate.Show less
CVE-2014-3153 6Canonical LinuxOpensuse+3 more 9Enterprise Linux Server Aus LinuxLinux Enterprise Desktop+6 more Apr 21, 2026 Jun 7, 2014 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 The futex_requeue function in kernel/futex.c in the Linux kernel through 3.14.5 does not ensure that calls have two different futex addresses, which allows local users to gain privileges via a crafted FUTEX_REQUEUE comma...Show more The futex_requeue function in kernel/futex.c in the Linux kernel through 3.14.5 does not ensure that calls have two different futex addresses, which allows local users to gain privileges via a crafted FUTEX_REQUEUE command that facilitates unsafe waiter modification.Show less
CVE-2014-3470 6Fedoraproject MariadbOpenssl+3 more 11Enterprise Linux FedoraLeap+8 more May 6, 2026 Jun 5, 2014 N/A· v4 N/A· v3 4.3 MEDIUM· v2 The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h, when an anonymous ECDH cipher suite is used, allows remote attackers to cause a denial of s...Show more The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h, when an anonymous ECDH cipher suite is used, allows remote attackers to cause a denial of service (NULL pointer dereference and client crash) by triggering a NULL certificate value.Show less
CVE-2014-0224 9Fedoraproject Filezilla ProjectMariadb+6 more 16Application Processing Engine Firmware Cp1543 1 FirmwareEnterprise Linux+13 more May 6, 2026 Jun 5, 2014 N/A· v4 7.4 HIGH· v3 5.8 MEDIUM· v2 OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key...Show more OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the "CCS Injection" vulnerability.Show less
CVE-2014-0221 6Fedoraproject MariadbOpenssl+3 more 11Enterprise Linux FedoraLeap+8 more May 6, 2026 Jun 5, 2014 N/A· v4 N/A· v3 4.3 MEDIUM· v2 The dtls1_get_message_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote attackers to cause a denial of service (recursion and client crash) via a DTLS he...Show more The dtls1_get_message_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote attackers to cause a denial of service (recursion and client crash) via a DTLS hello message in an invalid DTLS handshake.Show less
CVE-2014-0195 4Fedoraproject MariadbOpenssl+1 more 5Fedora LeapMariadb+2 more May 6, 2026 Jun 5, 2014 N/A· v4 N/A· v3 6.8 MEDIUM· v2 The dtls1_reassemble_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly validate fragment lengths in DTLS ClientHello messages, which allows remote at...Show more The dtls1_reassemble_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly validate fragment lengths in DTLS ClientHello messages, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a long non-initial fragment.Show less
CVE-2014-3968 2Opensuse Xen 2Opensuse Xen May 6, 2026 Jun 5, 2014 N/A· v4 N/A· v3 5.5 MEDIUM· v2 The HVMOP_inject_msi function in Xen 4.2.x, 4.3.x, and 4.4.x allows local guest HVM administrators to cause a denial of service (host crash) via a large number of crafted requests, which trigger an error messages to be l...Show more The HVMOP_inject_msi function in Xen 4.2.x, 4.3.x, and 4.4.x allows local guest HVM administrators to cause a denial of service (host crash) via a large number of crafted requests, which trigger an error messages to be logged.Show less
CVE-2014-3967 2Opensuse Xen 2Opensuse Xen May 6, 2026 Jun 5, 2014 N/A· v4 N/A· v3 5.5 MEDIUM· v2 The HVMOP_inject_msi function in Xen 4.2.x, 4.3.x, and 4.4.x does not properly check the return value from the IRQ setup check, which allows local HVM guest administrators to cause a denial of service (NULL pointer deref...Show more The HVMOP_inject_msi function in Xen 4.2.x, 4.3.x, and 4.4.x does not properly check the return value from the IRQ setup check, which allows local HVM guest administrators to cause a denial of service (NULL pointer dereference and crash) via unspecified vectors.Show less
CVE-2011-2198 3Gnome OpensuseOracle 3Gnome Terminal OpensuseSolaris May 6, 2026 May 21, 2014 N/A· v4 N/A· v3 3.5 LOW· v2 The "insert-blank-characters" capability in caps.c in gnome-terminal (vte) before 0.28.1 allows remote authenticated users to cause a denial of service (CPU and memory consumption and crash) via a crafted file, as demons...Show more The "insert-blank-characters" capability in caps.c in gnome-terminal (vte) before 0.28.1 allows remote authenticated users to cause a denial of service (CPU and memory consumption and crash) via a crafted file, as demonstrated by a file containing the string "\033[100000000000000000@".Show less
CVE-2014-3730 4Canonical DebianDjangoproject+1 more 4Debian Linux DjangoOpensuse+1 more May 6, 2026 May 16, 2014 N/A· v4 N/A· v3 4.3 MEDIUM· v2 The django.util.http.is_safe_url function in Django 1.4 before 1.4.13, 1.5 before 1.5.8, 1.6 before 1.6.5, and 1.7 before 1.7b4 does not properly validate URLs, which allows remote attackers to conduct open redirect atta...Show more The django.util.http.is_safe_url function in Django 1.4 before 1.4.13, 1.5 before 1.5.8, 1.6 before 1.6.5, and 1.7 before 1.7b4 does not properly validate URLs, which allows remote attackers to conduct open redirect attacks via a malformed URL, as demonstrated by "http:\\\djangoproject.com."Show less
CVE-2014-1909 2Google Opensuse 3Android Debug Bridge Android Sdk Platform ToolsOpensuse May 6, 2026 May 14, 2014 N/A· v4 N/A· v3 7.5 HIGH· v2 Integer signedness error in system/core/adb/adb_client.c in Android Debug Bridge (ADB) for Android 4.4 in the Android SDK Platform Tools 18.0.1 allows ADB servers to execute arbitrary code via a negative length value, wh...Show more Integer signedness error in system/core/adb/adb_client.c in Android Debug Bridge (ADB) for Android 4.4 in the Android SDK Platform Tools 18.0.1 allows ADB servers to execute arbitrary code via a negative length value, which bypasses a signed comparison and triggers a stack-based buffer overflow.Show less
CVE-2012-1600 2Opensuse Phppgadmin Project 2Opensuse Phppgadmin May 6, 2026 May 14, 2014 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Multiple cross-site scripting (XSS) vulnerabilities in functions.php in phpPgAdmin before 5.0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) type of a function.
CVE-2014-1934 2Opensuse Travis Shirk 2Eyed3 Opensuse May 6, 2026 May 8, 2014 N/A· v4 N/A· v3 3.3 LOW· v2 tag.py in eyeD3 (aka python-eyed3) 7.0.3, 0.6.18, and earlier for Python allows local users to modify arbitrary files via a symlink attack on a temporary file.
CVE-2014-0190 4Canonical FedoraprojectOpensuse+1 more 4Fedora OpensuseQt+1 more May 6, 2026 May 8, 2014 N/A· v4 N/A· v3 4.3 MEDIUM· v2 The GIF decoder in QtGui in Qt before 5.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via invalid width and height values in a GIF image.
CVE-2014-2913 2Nagios Opensuse 2Opensuse Remote Plugin Executor May 6, 2026 May 7, 2014 N/A· v4 N/A· v3 7.5 HIGH· v2 Incomplete blacklist vulnerability in nrpe.c in Nagios Remote Plugin Executor (NRPE) 2.15 and earlier allows remote attackers to execute arbitrary commands via a newline character in the -a option to libexec/check_nrpe....Show more Incomplete blacklist vulnerability in nrpe.c in Nagios Remote Plugin Executor (NRPE) 2.15 and earlier allows remote attackers to execute arbitrary commands via a newline character in the -a option to libexec/check_nrpe. NOTE: this issue is disputed by multiple parties. It has been reported that the vendor allows newlines as "expected behavior." Also, this issue can only occur when the administrator enables the "dont_blame_nrpe" option in nrpe.conf despite the "HIGH security risk" warning within the commentsShow less
CVE-2013-7336 2Opensuse Redhat 2Libvirt Opensuse May 6, 2026 May 7, 2014 N/A· v4 N/A· v3 1.9 LOW· v2 The qemuMigrationWaitForSpice function in qemu/qemu_migration.c in libvirt before 1.1.3 does not properly enter a monitor when performing seamless SPICE migration, which allows local users to cause a denial of service (N...Show more The qemuMigrationWaitForSpice function in qemu/qemu_migration.c in libvirt before 1.1.3 does not properly enter a monitor when performing seamless SPICE migration, which allows local users to cause a denial of service (NULL pointer dereference and libvirtd crash) by causing domblkstat to be called at the same time as the qemuMonitorGetSpiceMigrationStatus function.Show less

Previous 1...131132133...164 Next