← Back

Opensuse

opensuse

3,271 CVEs • 50 products

Products (50)

Click to collapse
Toggle
Leap
leap
1,898 CVEs
Opensuse
opensuse
1,454 CVEs
Backports Sle
backports_sle
326 CVEs
Backports
backports
97 CVEs
Evergreen
evergreen
43 CVEs
Open Build Service
open_build_service
22 CVEs
Libsolv
libsolv
13 CVEs
Factory
factory
10 CVEs
Supportutils
supportutils
6 CVEs
Libzypp
libzypp
5 CVEs
Tumbleweed
tumbleweed
4 CVEs
Zypper
zypper
3 CVEs
Openldap2
openldap2
3 CVEs
Osc
osc
2 CVEs
Suse Linux Enterprise Server
suse_linux_enterprise_server
2 CVEs
Cryptctl
cryptctl
2 CVEs
Munge
munge
2 CVEs
Wicked
wicked
2 CVEs
Pcp
pcp
2 CVEs
Texlive Filesystem
texlive-filesystem
2 CVEs
Rmt Server
rmt-server
2 CVEs
Cscreen
cscreen
2 CVEs
Libeconf
libeconf
2 CVEs
Openstack Cloud
openstack_cloud
1 CVE
Libstorage
libstorage
1 CVE
Libstorage Ng
libstorage-ng
1 CVE
Obs Service Source Validator
obs-service-source_validator
1 CVE
Open Buildservice
open_buildservice
1 CVE
Sysconfig
sysconfig
1 CVE
Tar Scm
tar_scm
1 CVE
Package Hub
package_hub
1 CVE
Yast2 Multipath
yast2-multipath
1 CVE
Yast2 Samba Provision
yast2-samba-provision
1 CVE
Yast2 Printer
yast2-printer
1 CVE
Munin
munin
1 CVE
Suse Package Hub
suse_package_hub
1 CVE
Autoyast2
autoyast2
1 CVE
Hylafax+
hylafax+
1 CVE
Tumbleweed Kopano Spamd
tumbleweed_kopano-spamd
1 CVE
Cyrus Sasl
cyrus-sasl
1 CVE
Python Postorius
python-postorius
1 CVE
Inn
inn
1 CVE
Factory Watchman
factory_watchman
1 CVE
Canna
canna
1 CVE
Leap Micro
leap_micro
1 CVE
Travel Support Program
travel_support_program
1 CVE
Libzypp Plugin Appdata
libzypp-plugin-appdata
1 CVE
Paste
paste
1 CVE
Welcome
welcome
1 CVE
Mirrorcache
mirrorcache
1 CVE

CVEs (3,271)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2012-0053
5Apache
DebianOpensuse+2 more
11Debian Linux
Enterprise Linux DesktopEnterprise Linux Eus+8 more
Apr 29, 2026
Jan 28, 2012
N/A· v4
N/A· v3
4.3 MEDIUM· v2
protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request (aka 400) error documents, which allows remote attackers to obtain the values of...Show more
protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request (aka 400) error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors involving a (1) long or (2) malformed header in conjunction with crafted web script.Show less
CVE-2012-0031
5Apache
DebianOpensuse+2 more
12Debian Linux
Enterprise Linux DesktopEnterprise Linux Eus+9 more
Apr 29, 2026
Jan 18, 2012
N/A· v4
N/A· v3
4.6 MEDIUM· v2
scoreboard.c in the Apache HTTP Server 2.2.21 and earlier might allow local users to cause a denial of service (daemon crash during shutdown) or possibly have unspecified other impact by modifying a certain type field wi...Show more
scoreboard.c in the Apache HTTP Server 2.2.21 and earlier might allow local users to cause a denial of service (daemon crash during shutdown) or possibly have unspecified other impact by modifying a certain type field within a scoreboard shared memory segment, leading to an invalid call to the free function.Show less
CVE-2011-4862
8Debian
FedoraprojectFreebsd+5 more
10Debian Linux
FedoraFreebsd+7 more
Apr 29, 2026
Dec 25, 2011
N/A· v4
N/A· v3
10.0 HIGH· v2
Buffer overflow in libtelnet/encrypt.c in telnetd in FreeBSD 7.3 through 9.0, MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.2 and earlier, Heimdal 1.5.1 and earlier, GNU inetutils, and possibly other products a...Show more
Buffer overflow in libtelnet/encrypt.c in telnetd in FreeBSD 7.3 through 9.0, MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.2 and earlier, Heimdal 1.5.1 and earlier, GNU inetutils, and possibly other products allows remote attackers to execute arbitrary code via a long encryption key, as exploited in the wild in December 2011.Show less
CVE-2011-3192
4Apache
CanonicalOpensuse+1 more
5Http Server
Linux Enterprise ServerLinux Enterprise Software Development Kit+2 more
Apr 29, 2026
Aug 29, 2011
N/A· v4
N/A· v3
7.8 HIGH· v2
The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range header that expresses mul...Show more
The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a different vulnerability than CVE-2007-0086.Show less
CVE-2011-1526
5Debian
FedoraprojectMit+2 more
7Debian Linux
FedoraKrb5 Appl+4 more
Apr 29, 2026
Jul 11, 2011
N/A· v4
N/A· v3
6.5 MEDIUM· v2
ftpd.c in the GSS-API FTP daemon in MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.1 and earlier does not check the krb5_setegid return value, which allows remote authenticated users to bypass intended group acc...Show more
ftpd.c in the GSS-API FTP daemon in MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.1 and earlier does not check the krb5_setegid return value, which allows remote authenticated users to bypass intended group access restrictions, and create, overwrite, delete, or read files, via standard FTP commands, related to missing autoconf tests in a configure script.Show less
CVE-2011-0611
4Adobe
GoogleOpensuse+1 more
7Acrobat
Acrobat ReaderAdobe Air+4 more
Apr 21, 2026
Apr 13, 2011
N/A· v4
8.8 HIGH· v3
9.3 HIGH· v2
Adobe Flash Player before 10.2.154.27 on Windows, Mac OS X, Linux, and Solaris and 10.2.156.12 and earlier on Android; Adobe AIR before 2.6.19140; and Authplay.dll (aka AuthPlayLib.bundle) in Adobe Reader 9.x before 9.4....Show more
Adobe Flash Player before 10.2.154.27 on Windows, Mac OS X, Linux, and Solaris and 10.2.156.12 and earlier on Android; Adobe AIR before 2.6.19140; and Authplay.dll (aka AuthPlayLib.bundle) in Adobe Reader 9.x before 9.4.4 and 10.x through 10.0.1 on Windows, Adobe Reader 9.x before 9.4.4 and 10.x before 10.0.3 on Mac OS X, and Adobe Acrobat 9.x before 9.4.4 and 10.x before 10.0.3 on Windows and Mac OS X allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted Flash content; as demonstrated by a Microsoft Office document with an embedded .swf file that has a size inconsistency in a "group of included constants," object type confusion, ActionScript that adds custom functions to prototypes, and Date objects; and as exploited in the wild in April 2011.Show less
CVE-2011-0468
1Opensuse
1Opensuse
Apr 29, 2026
Apr 4, 2011
N/A· v4
N/A· v3
6.9 MEDIUM· v2
The aaa_base package before 11.3-8.9.1 in SUSE openSUSE 11.3, and before 11.4-54.62.1 in openSUSE 11.4, allows local users to gain privileges via shell metacharacters in a filename, related to tab expansion.
CVE-2011-0461
1Opensuse
1Opensuse
Apr 29, 2026
Apr 4, 2011
N/A· v4
N/A· v3
6.3 MEDIUM· v2
/etc/init.d/boot.localfs in the aaa_base package before 11.2-43.48.1 in SUSE openSUSE 11.2, and before 11.3-8.7.1 in openSUSE 11.3, allows local users to overwrite arbitrary files via a symlink attack on /dev/shm/mtab.
CVE-2011-0609
4Adobe
GoogleOpensuse+1 more
7Acrobat
Acrobat ReaderAir+4 more
Apr 21, 2026
Mar 15, 2011
N/A· v4
7.8 HIGH· v3
9.3 HIGH· v2
Unspecified vulnerability in Adobe Flash Player 10.2.154.13 and earlier on Windows, Mac OS X, Linux, and Solaris; 10.1.106.16 and earlier on Android; Adobe AIR 2.5.1 and earlier; and Authplay.dll (aka AuthPlayLib.bundle)...Show more
Unspecified vulnerability in Adobe Flash Player 10.2.154.13 and earlier on Windows, Mac OS X, Linux, and Solaris; 10.1.106.16 and earlier on Android; Adobe AIR 2.5.1 and earlier; and Authplay.dll (aka AuthPlayLib.bundle) in Adobe Reader and Acrobat 9.x through 9.4.2 and 10.x through 10.0.1 on Windows and Mac OS X, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted Flash content, as demonstrated by a .swf file embedded in an Excel spreadsheet, and as exploited in the wild in March 2011.Show less
CVE-2011-0762
6Canonical
DebianFedoraproject+3 more
6Debian Linux
FedoraLinux Enterprise Server+3 more
Apr 29, 2026
Mar 2, 2011
N/A· v4
N/A· v3
4.0 MEDIUM· v2
The vsf_filename_passes_filter function in ls.c in vsftpd before 2.3.3 allows remote authenticated users to cause a denial of service (CPU consumption and process slot exhaustion) via crafted glob expressions in STAT com...Show more
The vsf_filename_passes_filter function in ls.c in vsftpd before 2.3.3 allows remote authenticated users to cause a denial of service (CPU consumption and process slot exhaustion) via crafted glob expressions in STAT commands in multiple FTP sessions, a different vulnerability than CVE-2010-2632.Show less
CVE-2010-3865
3Linux
OpensuseSuse
4Linux Enterprise High Availability Extension
Linux Enterprise Real TimeLinux Kernel+1 more
Apr 29, 2026
Jan 11, 2011
N/A· v4
N/A· v3
7.2 HIGH· v2
Integer overflow in the rds_rdma_pages function in net/rds/rdma.c in the Linux kernel allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a crafted iovec struct in a Reliable D...Show more
Integer overflow in the rds_rdma_pages function in net/rds/rdma.c in the Linux kernel allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a crafted iovec struct in a Reliable Datagram Sockets (RDS) request, which triggers a buffer overflow.Show less
CVE-2010-4160
3Linux
OpensuseSuse
5Linux Enterprise Desktop
Linux Enterprise ServerLinux Enterprise Software Development Kit+2 more
Apr 29, 2026
Jan 7, 2011
N/A· v4
N/A· v3
6.9 MEDIUM· v2
Multiple integer overflows in the (1) pppol2tp_sendmsg function in net/l2tp/l2tp_ppp.c, and the (2) l2tp_ip_sendmsg function in net/l2tp/l2tp_ip.c, in the PPPoL2TP and IPoL2TP implementations in the Linux kernel before 2...Show more
Multiple integer overflows in the (1) pppol2tp_sendmsg function in net/l2tp/l2tp_ppp.c, and the (2) l2tp_ip_sendmsg function in net/l2tp/l2tp_ip.c, in the PPPoL2TP and IPoL2TP implementations in the Linux kernel before 2.6.36.2 allow local users to cause a denial of service (heap memory corruption and panic) or possibly gain privileges via a crafted sendto call.Show less
CVE-2010-4164
4Debian
LinuxOpensuse+1 more
7Debian Linux
Linux Enterprise DesktopLinux Enterprise Real Time Extension+4 more
Apr 29, 2026
Jan 3, 2011
N/A· v4
N/A· v3
7.8 HIGH· v2
Multiple integer underflows in the x25_parse_facilities function in net/x25/x25_facilities.c in the Linux kernel before 2.6.36.2 allow remote attackers to cause a denial of service (system crash) via malformed X.25 (1) X...Show more
Multiple integer underflows in the x25_parse_facilities function in net/x25/x25_facilities.c in the Linux kernel before 2.6.36.2 allow remote attackers to cause a denial of service (system crash) via malformed X.25 (1) X25_FAC_CLASS_A, (2) X25_FAC_CLASS_B, (3) X25_FAC_CLASS_C, or (4) X25_FAC_CLASS_D facility data, a different vulnerability than CVE-2010-3873.Show less
CVE-2010-4163
3Linux
OpensuseSuse
5Linux Enterprise Desktop
Linux Enterprise Real Time ExtensionLinux Enterprise Server+2 more
Apr 29, 2026
Jan 3, 2011
N/A· v4
N/A· v3
4.7 MEDIUM· v2
The blk_rq_map_user_iov function in block/blk-map.c in the Linux kernel before 2.6.36.2 allows local users to cause a denial of service (panic) via a zero-length I/O request in a device ioctl to a SCSI device.
CVE-2010-4162
4Fedoraproject
LinuxOpensuse+1 more
7Fedora
Linux Enterprise DesktopLinux Enterprise Real Time Extension+4 more
Apr 29, 2026
Jan 3, 2011
N/A· v4
N/A· v3
4.7 MEDIUM· v2
Multiple integer overflows in fs/bio.c in the Linux kernel before 2.6.36.2 allow local users to cause a denial of service (system crash) via a crafted device ioctl to a SCSI device.
CVE-2010-3876
4Debian
LinuxOpensuse+1 more
7Debian Linux
Linux Enterprise DesktopLinux Enterprise Real Time Extension+4 more
Apr 29, 2026
Jan 3, 2011
N/A· v4
N/A· v3
1.9 LOW· v2
net/packet/af_packet.c in the Linux kernel before 2.6.37-rc2 does not properly initialize certain structure members, which allows local users to obtain potentially sensitive information from kernel stack memory by levera...Show more
net/packet/af_packet.c in the Linux kernel before 2.6.37-rc2 does not properly initialize certain structure members, which allows local users to obtain potentially sensitive information from kernel stack memory by leveraging the CAP_NET_RAW capability to read copies of the applicable structures.Show less
CVE-2010-3873
4Debian
LinuxOpensuse+1 more
4Debian Linux
Linux Enterprise ServerLinux Kernel+1 more
Apr 29, 2026
Jan 3, 2011
N/A· v4
N/A· v3
5.0 MEDIUM· v2
The X.25 implementation in the Linux kernel before 2.6.36.2 does not properly parse facilities, which allows remote attackers to cause a denial of service (heap memory corruption and panic) or possibly have unspecified o...Show more
The X.25 implementation in the Linux kernel before 2.6.36.2 does not properly parse facilities, which allows remote attackers to cause a denial of service (heap memory corruption and panic) or possibly have unspecified other impact via malformed (1) X25_FAC_CALLING_AE or (2) X25_FAC_CALLED_AE data, related to net/x25/x25_facilities.c and net/x25/x25_in.c, a different vulnerability than CVE-2010-4164.Show less
CVE-2010-4258
4Fedoraproject
LinuxOpensuse+1 more
7Fedora
Linux Enterprise DesktopLinux Enterprise Real Time Extension+4 more
Apr 29, 2026
Dec 30, 2010
N/A· v4
N/A· v3
6.2 MEDIUM· v2
The do_exit function in kernel/exit.c in the Linux kernel before 2.6.36.2 does not properly handle a KERNEL_DS get_fs value, which allows local users to bypass intended access_ok restrictions, overwrite arbitrary kernel...Show more
The do_exit function in kernel/exit.c in the Linux kernel before 2.6.36.2 does not properly handle a KERNEL_DS get_fs value, which allows local users to bypass intended access_ok restrictions, overwrite arbitrary kernel memory locations, and gain privileges by leveraging a (1) BUG, (2) NULL pointer dereference, or (3) page fault, as demonstrated by vectors involving the clear_child_tid feature and the splice system call.Show less
CVE-2010-4158
4Fedoraproject
LinuxOpensuse+1 more
7Fedora
Linux Enterprise DesktopLinux Enterprise Real Time Extension+4 more
Apr 29, 2026
Dec 30, 2010
N/A· v4
N/A· v3
2.1 LOW· v2
The sk_run_filter function in net/core/filter.c in the Linux kernel before 2.6.36.2 does not check whether a certain memory location has been initialized before executing a (1) BPF_S_LD_MEM or (2) BPF_S_LDX_MEM instructi...Show more
The sk_run_filter function in net/core/filter.c in the Linux kernel before 2.6.36.2 does not check whether a certain memory location has been initialized before executing a (1) BPF_S_LD_MEM or (2) BPF_S_LDX_MEM instruction, which allows local users to obtain potentially sensitive information from kernel stack memory via a crafted socket filter.Show less
CVE-2010-3874
5Debian
FedoraprojectLinux+2 more
7Debian Linux
FedoraLinux Enterprise Desktop+4 more
Apr 29, 2026
Dec 29, 2010
N/A· v4
N/A· v3
4.0 MEDIUM· v2
Heap-based buffer overflow in the bcm_connect function in net/can/bcm.c (aka the Broadcast Manager) in the Controller Area Network (CAN) implementation in the Linux kernel before 2.6.36.2 on 64-bit platforms might allow...Show more
Heap-based buffer overflow in the bcm_connect function in net/can/bcm.c (aka the Broadcast Manager) in the Controller Area Network (CAN) implementation in the Linux kernel before 2.6.36.2 on 64-bit platforms might allow local users to cause a denial of service (memory corruption) via a connect operation.Show less