Filtered by vendor Opensuse
Subscribe
Total
3284 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2010-1297 | 5 Adobe, Apple, Microsoft and 2 more | 7 Acrobat, Air, Flash Player and 4 more | 2025-02-13 | 9.3 HIGH | 7.8 HIGH |
| Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64; Adobe AIR before 2.0.2.12610; and Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted SWF content, related to authplay.dll and the ActionScript Virtual Machine 2 (AVM2) newfunction instruction, as exploited in the wild in June 2010. | |||||
| CVE-2019-16782 | 3 Fedoraproject, Opensuse, Rack | 3 Fedora, Leap, Rack | 2025-02-13 | 4.3 MEDIUM | 5.9 MEDIUM |
| There's a possible information leak / session hijack vulnerability in Rack (RubyGem rack). This vulnerability is patched in versions 1.6.12 and 2.0.8. Attackers may be able to find and hijack sessions by using timing attacks targeting the session id. Session ids are usually stored and indexed in a database that uses some kind of scheme for speeding up lookups of that session id. By carefully measuring the amount of time it takes to look up a session, an attacker may be able to find a valid session id and hijack the session. The session id itself may be generated randomly, but the way the session is indexed by the backing store does not use a secure comparison. | |||||
| CVE-2018-19873 | 4 Canonical, Debian, Opensuse and 1 more | 5 Ubuntu Linux, Debian Linux, Backports and 2 more | 2025-02-11 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Qt before 5.11.3. QBmpHandler has a buffer overflow via BMP data. | |||||
| CVE-2014-3153 | 6 Canonical, Linux, Opensuse and 3 more | 9 Ubuntu Linux, Linux Kernel, Opensuse and 6 more | 2025-02-07 | 7.2 HIGH | 7.8 HIGH |
| The futex_requeue function in kernel/futex.c in the Linux kernel through 3.14.5 does not ensure that calls have two different futex addresses, which allows local users to gain privileges via a crafted FUTEX_REQUEUE command that facilitates unsafe waiter modification. | |||||
| CVE-2020-15999 | 6 Debian, Fedoraproject, Freetype and 3 more | 6 Debian Linux, Fedora, Freetype and 3 more | 2025-02-05 | 4.3 MEDIUM | 9.6 CRITICAL |
| Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2019-13720 | 2 Google, Opensuse | 2 Chrome, Leap | 2025-02-05 | 6.8 MEDIUM | 8.8 HIGH |
| Use after free in WebAudio in Google Chrome prior to 78.0.3904.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2016-3714 | 5 Canonical, Debian, Imagemagick and 2 more | 6 Ubuntu Linux, Debian Linux, Imagemagick and 3 more | 2025-01-28 | 10.0 HIGH | 8.4 HIGH |
| The (1) EPHEMERAL, (2) HTTPS, (3) MVG, (4) MSL, (5) TEXT, (6) SHOW, (7) WIN, and (8) PLT coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to execute arbitrary code via shell metacharacters in a crafted image, aka "ImageTragick." | |||||
| CVE-2016-3427 | 8 Apache, Canonical, Debian and 5 more | 38 Cassandra, Ubuntu Linux, Debian Linux and 35 more | 2025-01-27 | 10.0 HIGH | 9.8 CRITICAL |
| Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX. | |||||
| CVE-2014-4608 | 4 Canonical, Linux, Opensuse and 1 more | 5 Ubuntu Linux, Linux Kernel, Opensuse and 2 more | 2025-01-27 | 7.5 HIGH | N/A |
| Multiple integer overflows in the lzo1x_decompress_safe function in lib/lzo/lzo1x_decompress_safe.c in the LZO decompressor in the Linux kernel before 3.15.2 allow context-dependent attackers to cause a denial of service (memory corruption) via a crafted Literal Run. NOTE: the author of the LZO algorithms says "the Linux kernel is *not* affected; media hype. | |||||
| CVE-2009-2416 | 11 Apple, Canonical, Debian and 8 more | 19 Iphone Os, Mac Os X, Mac Os X Server and 16 more | 2025-01-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| Multiple use-after-free vulnerabilities in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allow context-dependent attackers to cause a denial of service (application crash) via crafted (1) Notation or (2) Enumeration attribute types in an XML file, as demonstrated by the Codenomicon XML fuzzing framework. | |||||
| CVE-2016-4303 | 4 Debian, Es, Novell and 1 more | 5 Debian Linux, Iperf3, Suse Package Hub For Suse Linux Enterprise and 2 more | 2025-01-15 | 7.5 HIGH | 9.8 CRITICAL |
| The parse_string function in cjson.c in the cJSON library mishandles UTF8/16 strings, which allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a non-hex character in a JSON string, which triggers a heap-based buffer overflow. | |||||
| CVE-2017-5753 | 13 Arm, Canonical, Debian and 10 more | 387 Cortex-a12, Cortex-a12 Firmware, Cortex-a15 and 384 more | 2025-01-14 | 4.7 MEDIUM | 5.6 MEDIUM |
| Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. | |||||
| CVE-2019-9511 | 12 Apache, Apple, Canonical and 9 more | 22 Traffic Server, Mac Os X, Swiftnio and 19 more | 2025-01-14 | 7.8 HIGH | 7.5 HIGH |
| Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The attacker requests a large amount of data from a specified resource over multiple streams. They manipulate window size and stream priority to force the server to queue the data in 1-byte chunks. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both. | |||||
| CVE-2019-9513 | 12 Apache, Apple, Canonical and 9 more | 22 Traffic Server, Mac Os X, Swiftnio and 19 more | 2025-01-14 | 7.8 HIGH | 7.5 HIGH |
| Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. The attacker creates multiple request streams and continually shuffles the priority of the streams in a way that causes substantial churn to the priority tree. This can consume excess CPU. | |||||
| CVE-2019-9514 | 13 Apache, Apple, Canonical and 10 more | 30 Traffic Server, Mac Os X, Swiftnio and 27 more | 2025-01-14 | 7.8 HIGH | 7.5 HIGH |
| Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream of RST_STREAM frames from the peer. Depending on how the peer queues the RST_STREAM frames, this can consume excess memory, CPU, or both. | |||||
| CVE-2019-9518 | 11 Apache, Apple, Canonical and 8 more | 20 Traffic Server, Mac Os X, Swiftnio and 17 more | 2025-01-14 | 7.8 HIGH | 7.5 HIGH |
| Some HTTP/2 implementations are vulnerable to a flood of empty frames, potentially leading to a denial of service. The attacker sends a stream of frames with an empty payload and without the end-of-stream flag. These frames can be DATA, HEADERS, CONTINUATION and/or PUSH_PROMISE. The peer spends time processing each frame disproportionate to attack bandwidth. This can consume excess CPU. | |||||
| CVE-2017-14491 | 13 Arista, Arubanetworks, Canonical and 10 more | 29 Eos, Arubaos, Ubuntu Linux and 26 more | 2025-01-14 | 7.5 HIGH | 9.8 CRITICAL |
| Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response. | |||||
| CVE-2019-9517 | 12 Apache, Apple, Canonical and 9 more | 25 Http Server, Traffic Server, Mac Os X and 22 more | 2025-01-14 | 7.8 HIGH | 7.5 HIGH |
| Some HTTP/2 implementations are vulnerable to unconstrained interal data buffering, potentially leading to a denial of service. The attacker opens the HTTP/2 window so the peer can send without constraint; however, they leave the TCP window closed so the peer cannot actually write (many of) the bytes on the wire. The attacker then sends a stream of requests for a large response object. Depending on how the servers queue the responses, this can consume excess memory, CPU, or both. | |||||
| CVE-2019-9515 | 12 Apache, Apple, Canonical and 9 more | 24 Traffic Server, Mac Os X, Swiftnio and 21 more | 2025-01-14 | 7.8 HIGH | 7.5 HIGH |
| Some HTTP/2 implementations are vulnerable to a settings flood, potentially leading to a denial of service. The attacker sends a stream of SETTINGS frames to the peer. Since the RFC requires that the peer reply with one acknowledgement per SETTINGS frame, an empty SETTINGS frame is almost equivalent in behavior to a ping. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both. | |||||
| CVE-2019-19344 | 4 Canonical, Opensuse, Samba and 1 more | 7 Ubuntu Linux, Leap, Samba and 4 more | 2025-01-14 | 4.0 MEDIUM | 6.5 MEDIUM |
| There is a use-after-free issue in all samba 4.9.x versions before 4.9.18, all samba 4.10.x versions before 4.10.12 and all samba 4.11.x versions before 4.11.5, essentially due to a call to realloc() while other local variables still point at the original buffer. | |||||