Opensuse

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2009-0848 1Opensuse 1Opensuse Apr 23, 2026 Mar 11, 2009 N/A· v4 N/A· v3 4.4 MEDIUM· v2 Untrusted search path vulnerability in GTK2 in OpenSUSE 11.0 and 11.1 allows local users to execute arbitrary code via a Trojan horse GTK module in an unspecified "relative search path."
CVE-2009-0834 6Canonical DebianLinux+3 more 12Debian Linux Enterprise Linux DesktopEnterprise Linux Eus+9 more Apr 23, 2026 Mar 6, 2009 N/A· v4 N/A· v3 3.6 LOW· v2 The audit_syscall_entry function in the Linux kernel 2.6.28.7 and earlier on the x86_64 platform does not properly handle (1) a 32-bit process making a 64-bit syscall or (2) a 64-bit process making a 32-bit syscall, whic...Show more The audit_syscall_entry function in the Linux kernel 2.6.28.7 and earlier on the x86_64 platform does not properly handle (1) a 32-bit process making a 64-bit syscall or (2) a 64-bit process making a 32-bit syscall, which allows local users to bypass certain syscall audit configurations via crafted syscalls, a related issue to CVE-2009-0342 and CVE-2009-0343.Show less
CVE-2009-0749 3Opensuse Optipng ProjectSuse 3Linux Enterprise OpensuseOptipng Apr 23, 2026 Mar 2, 2009 N/A· v4 7.8 HIGH· v3 9.3 HIGH· v2 Use-after-free vulnerability in the GIFReadNextExtension function in lib/pngxtern/gif/gifread.c in OptiPNG 0.6.2 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a craft...Show more Use-after-free vulnerability in the GIFReadNextExtension function in lib/pngxtern/gif/gifread.c in OptiPNG 0.6.2 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a crafted GIF image that causes the realloc function to return a new pointer, which triggers memory corruption when the old pointer is accessed.Show less
CVE-2009-0040 6Apple DebianFedoraproject+3 more 9Debian Linux FedoraIphone Os+6 more Apr 23, 2026 Feb 22, 2009 N/A· v4 N/A· v3 6.8 MEDIUM· v2 The PNG reference library (aka libpng) before 1.0.43, and 1.2.x before 1.2.35, as used in pngcrush and other applications, allows context-dependent attackers to cause a denial of service (application crash) or possibly e...Show more The PNG reference library (aka libpng) before 1.0.43, and 1.2.x before 1.2.35, as used in pngcrush and other applications, allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file that triggers a free of an uninitialized pointer in (1) the png_read_png function, (2) pCAL chunk handling, or (3) setup of 16-bit gamma tables.Show less
CVE-2009-0310 1Opensuse 1Opensuse Apr 23, 2026 Feb 18, 2009 N/A· v4 N/A· v3 7.2 HIGH· v2 Buffer overflow in SUSE blinux (aka sbl) in SUSE openSUSE 10.3 through 11.0 has unknown impact and attack vectors related to "incoming data and authentication-strings."
CVE-2008-6123 4Net Snmp OpensuseRedhat+1 more 4Enterprise Linux Linux EnterpriseNet Snmp+1 more Apr 23, 2026 Feb 12, 2009 N/A· v4 N/A· v3 5.0 MEDIUM· v2 The netsnmp_udp_fmtaddr function (snmplib/snmpUDPDomain.c) in net-snmp 5.0.9 through 5.4.2.1, when using TCP wrappers for client authorization, does not properly parse hosts.allow rules, which allows remote attackers to...Show more The netsnmp_udp_fmtaddr function (snmplib/snmpUDPDomain.c) in net-snmp 5.0.9 through 5.4.2.1, when using TCP wrappers for client authorization, does not properly parse hosts.allow rules, which allows remote attackers to bypass intended access restrictions and execute SNMP queries, related to "source/destination IP address confusion."Show less
CVE-2009-0269 4Canonical DebianLinux+1 more 4Debian Linux Linux KernelOpensuse+1 more Apr 23, 2026 Jan 26, 2009 N/A· v4 N/A· v3 4.9 MEDIUM· v2 fs/ecryptfs/inode.c in the eCryptfs subsystem in the Linux kernel before 2.6.28.1 allows local users to cause a denial of service (fault or memory corruption), or possibly have unspecified other impact, via a readlink ca...Show more fs/ecryptfs/inode.c in the eCryptfs subsystem in the Linux kernel before 2.6.28.1 allows local users to cause a denial of service (fault or memory corruption), or possibly have unspecified other impact, via a readlink call that results in an error, leading to use of a -1 return value as an array index.Show less
CVE-2008-5183 3Apple DebianOpensuse 5Cups Debian LinuxMac Os X+2 more Apr 23, 2026 Nov 21, 2008 N/A· v4 7.5 HIGH· v3 4.3 MEDIUM· v2 cupsd in CUPS 1.3.9 and earlier allows local users, and possibly remote attackers, to cause a denial of service (daemon crash) by adding a large number of RSS Subscriptions, which triggers a NULL pointer dereference. NO...Show more cupsd in CUPS 1.3.9 and earlier allows local users, and possibly remote attackers, to cause a denial of service (daemon crash) by adding a large number of RSS Subscriptions, which triggers a NULL pointer dereference. NOTE: this issue can be triggered remotely by leveraging CVE-2008-5184.Show less
CVE-2008-5021 7Canonical DebianFedoraproject+4 more 13Debian Linux FedoraFirefox+10 more Apr 23, 2026 Nov 13, 2008 N/A· v4 N/A· v3 9.3 HIGH· v2 nsFrameManager in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) and possibly execute...Show more nsFrameManager in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by modifying properties of a file input element while it is still being initialized, then using the blur method to access uninitialized memory.Show less
CVE-2008-4989 6Canonical DebianFedoraproject+3 more 7Debian Linux FedoraGnutls+4 more Apr 23, 2026 Nov 13, 2008 N/A· v4 5.9 MEDIUM· v3 4.3 MEDIUM· v2 The _gnutls_x509_verify_certificate function in lib/x509/verify.c in libgnutls in GnuTLS before 2.6.1 trusts certificate chains in which the last certificate is an arbitrary trusted, self-signed certificate, which allows...Show more The _gnutls_x509_verify_certificate function in lib/x509/verify.c in libgnutls in GnuTLS before 2.6.1 trusts certificate chains in which the last certificate is an arbitrary trusted, self-signed certificate, which allows man-in-the-middle attackers to insert a spoofed certificate for any Distinguished Name (DN).Show less
CVE-2008-4577 4Canonical DovecotFedoraproject+1 more 4Dovecot FedoraOpensuse+1 more Apr 23, 2026 Oct 15, 2008 N/A· v4 7.5 HIGH· v3 6.4 MEDIUM· v2 The ACL plugin in Dovecot before 1.1.4 treats negative access rights as if they are positive access rights, which allows attackers to bypass intended access restrictions.
CVE-2007-6716 6Canonical DebianLinux+3 more 7Debian Linux Linux DesktopLinux Kernel+4 more Apr 23, 2026 Sep 4, 2008 N/A· v4 5.5 MEDIUM· v3 4.9 MEDIUM· v2 fs/direct-io.c in the dio subsystem in the Linux kernel before 2.6.23 does not properly zero out the dio struct, which allows local users to cause a denial of service (OOPS), as demonstrated by a certain fio test.
CVE-2008-1945 6Canonical DebianOpensuse+3 more 9Debian Linux Enterprise Linux DesktopEnterprise Linux Eus+6 more Apr 23, 2026 Aug 8, 2008 N/A· v4 N/A· v3 2.1 LOW· v2 QEMU 0.9.0 does not properly handle changes to removable media, which allows guest OS users to read arbitrary files on the host OS by using the diskformat: parameter in the -usbdevice option to modify the disk-image head...Show more QEMU 0.9.0 does not properly handle changes to removable media, which allows guest OS users to read arbitrary files on the host OS by using the diskformat: parameter in the -usbdevice option to modify the disk-image header to identify a different format, a related issue to CVE-2008-2004.Show less
CVE-2008-2939 4Apache AppleCanonical+1 more 4Http Server Mac Os XOpensuse+1 more Apr 23, 2026 Aug 6, 2008 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote at...Show more Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary web script or HTML via a wildcard in the last directory component in the pathname in an FTP URI.Show less
CVE-2008-3188 1Opensuse 1Opensuse Apr 23, 2026 Jul 22, 2008 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 libxcrypt in SUSE openSUSE 11.0 uses the DES algorithm when the configuration specifies the MD5 algorithm, which makes it easier for attackers to conduct brute-force attacks against hashed passwords.
CVE-2008-3187 1Opensuse 1Zypper Apr 23, 2026 Jul 21, 2008 N/A· v4 N/A· v3 5.0 MEDIUM· v2 zypp-refresh-patches in zypper in SUSE openSUSE 10.2, 10.3, and 11.0 does not ask the user before accepting repository keys, which allows remote repositories to cause a denial of service (package data corruption) via a s...Show more zypp-refresh-patches in zypper in SUSE openSUSE 10.2, 10.3, and 11.0 does not ask the user before accepting repository keys, which allows remote repositories to cause a denial of service (package data corruption) via a spoofed key.Show less
CVE-2008-2931 5Canonical DebianLinux+2 more 6Debian Linux Linux KernelOpensuse+3 more Apr 23, 2026 Jul 9, 2008 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 The do_change_type function in fs/namespace.c in the Linux kernel before 2.6.22 does not verify that the caller has the CAP_SYS_ADMIN capability, which allows local users to gain privileges or cause a denial of service b...Show more The do_change_type function in fs/namespace.c in the Linux kernel before 2.6.22 does not verify that the caller has the CAP_SYS_ADMIN capability, which allows local users to gain privileges or cause a denial of service by modifying the properties of a mountpoint.Show less
CVE-2008-2812 7Avaya CanonicalDebian+4 more 15Communication Manager Debian LinuxExpanded Meet Me Conferencing+12 more Apr 23, 2026 Jul 9, 2008 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 The Linux kernel before 2.6.25.10 does not properly perform tty operations, which allows local users to cause a denial of service (system crash) or possibly gain privileges via vectors involving NULL pointer dereference...Show more The Linux kernel before 2.6.25.10 does not properly perform tty operations, which allows local users to cause a denial of service (system crash) or possibly gain privileges via vectors involving NULL pointer dereference of function pointers in (1) hamradio/6pack.c, (2) hamradio/mkiss.c, (3) irda/irtty-sir.c, (4) ppp_async.c, (5) ppp_synctty.c, (6) slip.c, (7) wan/x25_asy.c, and (8) wireless/strip.c in drivers/net/.Show less
CVE-2008-2371 6Canonical DebianFedoraproject+3 more 6Debian Linux FedoraOpensuse+3 more Apr 23, 2026 Jul 7, 2008 N/A· v4 N/A· v3 7.5 HIGH· v2 Heap-based buffer overflow in pcre_compile.c in the Perl-Compatible Regular Expression (PCRE) library 7.7 allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a r...Show more Heap-based buffer overflow in pcre_compile.c in the Perl-Compatible Regular Expression (PCRE) library 7.7 allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a regular expression that begins with an option and contains multiple branches.Show less
CVE-2008-2826 4Canonical DebianLinux+1 more 4Debian Linux Linux KernelOpensuse+1 more Apr 23, 2026 Jul 2, 2008 N/A· v4 N/A· v3 4.9 MEDIUM· v2 Integer overflow in the sctp_getsockopt_local_addrs_old function in net/sctp/socket.c in the Stream Control Transmission Protocol (sctp) functionality in the Linux kernel before 2.6.25.9 allows local users to cause a den...Show more Integer overflow in the sctp_getsockopt_local_addrs_old function in net/sctp/socket.c in the Stream Control Transmission Protocol (sctp) functionality in the Linux kernel before 2.6.25.9 allows local users to cause a denial of service (resource consumption and system outage) via vectors involving a large addr_num field in an sctp_getaddrs_old data structure.Show less

Previous 1...160 161 162163164 Next