Filtered by vendor Opensuse
Subscriptions
Filtered by product Opensuse
Subscriptions
Total
1465 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2013-0233 | 3 Opensuse, Plataformatec, Ruby-lang | 3 Opensuse, Devise, Ruby | 2025-04-11 | N/A |
| Devise gem 2.2.x before 2.2.3, 2.1.x before 2.1.3, 2.0.x before 2.0.5, and 1.5.x before 1.5.4 for Ruby, when using certain databases, does not properly perform type conversion when performing database queries, which might allow remote attackers to cause incorrect results to be returned and bypass security checks via unknown vectors, as demonstrated by resetting passwords of arbitrary accounts. | ||||
| CVE-2013-6643 | 6 Apple, Debian, Google and 3 more | 6 Mac Os X, Debian Linux, Chrome and 3 more | 2025-04-11 | N/A |
| The OneClickSigninBubbleView::WindowClosing function in browser/ui/views/sync/one_click_signin_bubble_view.cc in Google Chrome before 32.0.1700.76 on Windows and before 32.0.1700.77 on Mac OS X and Linux allows attackers to trigger a sync with an arbitrary Google account by leveraging improper handling of the closing of an untrusted signin confirm dialog. | ||||
| CVE-2013-2126 | 3 Canonical, Libraw, Opensuse | 3 Ubuntu Linux, Libraw, Opensuse | 2025-04-11 | N/A |
| Multiple double free vulnerabilities in the LibRaw::unpack function in libraw_cxx.cpp in LibRaw before 0.15.2 allow context-dependent attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a malformed full-color (1) Foveon or (2) sRAW image file. | ||||
| CVE-2013-2477 | 2 Opensuse, Wireshark | 2 Opensuse, Wireshark | 2025-04-11 | N/A |
| The CSN.1 dissector in Wireshark 1.8.x before 1.8.6 does not properly manage function pointers, which allows remote attackers to cause a denial of service (application crash) via a malformed packet. | ||||
| CVE-2013-1872 | 4 Canonical, Mesa3d, Opensuse and 1 more | 4 Ubuntu Linux, Mesa, Opensuse and 1 more | 2025-04-11 | N/A |
| The Intel drivers in Mesa 8.0.x and 9.0.x allow context-dependent attackers to cause a denial of service (reachable assertion and crash) and possibly execute arbitrary code via vectors involving 3d graphics that trigger an out-of-bounds array access, related to the fs_visitor::remove_dead_constants function. NOTE: this issue might be related to CVE-2013-0796. | ||||
| CVE-2013-3555 | 3 Debian, Opensuse, Wireshark | 3 Debian Linux, Opensuse, Wireshark | 2025-04-11 | N/A |
| epan/dissectors/packet-gtpv2.c in the GTPv2 dissector in Wireshark 1.8.x before 1.8.7 calls incorrect functions in certain contexts related to ciphers, which allows remote attackers to cause a denial of service (application crash) via a malformed packet. | ||||
| CVE-2010-2942 | 7 Avaya, Canonical, Linux and 4 more | 15 Aura Communication Manager, Aura Presence Services, Aura Session Manager and 12 more | 2025-04-11 | 5.5 Medium |
| The actions implementation in the network queueing functionality in the Linux kernel before 2.6.36-rc2 does not properly initialize certain structure members when performing dump operations, which allows local users to obtain potentially sensitive information from kernel memory via vectors related to (1) the tcf_gact_dump function in net/sched/act_gact.c, (2) the tcf_mirred_dump function in net/sched/act_mirred.c, (3) the tcf_nat_dump function in net/sched/act_nat.c, (4) the tcf_simp_dump function in net/sched/act_simple.c, and (5) the tcf_skbedit_dump function in net/sched/act_skbedit.c. | ||||
| CVE-2010-2963 | 6 Canonical, Debian, Fedoraproject and 3 more | 7 Ubuntu Linux, Debian Linux, Fedora and 4 more | 2025-04-11 | N/A |
| drivers/media/video/v4l2-compat-ioctl32.c in the Video4Linux (V4L) implementation in the Linux kernel before 2.6.36 on 64-bit platforms does not validate the destination of a memory copy operation, which allows local users to write to arbitrary kernel memory locations, and consequently gain privileges, via a VIDIOCSTUNER ioctl call on a /dev/video device, followed by a VIDIOCSMICROCODE ioctl call on this device. | ||||
| CVE-2010-3067 | 6 Canonical, Debian, Linux and 3 more | 10 Ubuntu Linux, Debian Linux, Linux Kernel and 7 more | 2025-04-11 | N/A |
| Integer overflow in the do_io_submit function in fs/aio.c in the Linux kernel before 2.6.36-rc4-next-20100915 allows local users to cause a denial of service or possibly have unspecified other impact via crafted use of the io_submit system call. | ||||
| CVE-2010-3078 | 6 Canonical, Linux, Opensuse and 3 more | 7 Ubuntu Linux, Linux Kernel, Opensuse and 4 more | 2025-04-11 | 5.5 Medium |
| The xfs_ioc_fsgetxattr function in fs/xfs/linux-2.6/xfs_ioctl.c in the Linux kernel before 2.6.36-rc4 does not initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via an ioctl call. | ||||
| CVE-2010-3442 | 7 Canonical, Debian, Fedoraproject and 4 more | 11 Ubuntu Linux, Debian Linux, Fedora and 8 more | 2025-04-11 | N/A |
| Multiple integer overflows in the snd_ctl_new function in sound/core/control.c in the Linux kernel before 2.6.36-rc5-next-20100929 allow local users to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a crafted (1) SNDRV_CTL_IOCTL_ELEM_ADD or (2) SNDRV_CTL_IOCTL_ELEM_REPLACE ioctl call. | ||||
| CVE-2012-2880 | 2 Google, Opensuse | 2 Chrome, Opensuse | 2025-04-11 | N/A |
| Race condition in Google Chrome before 22.0.1229.79 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the plug-in paint buffer. | ||||
| CVE-2012-2879 | 2 Google, Opensuse | 2 Chrome, Opensuse | 2025-04-11 | N/A |
| Google Chrome before 22.0.1229.79 allows remote attackers to cause a denial of service (DOM topology corruption) via a crafted document. | ||||
| CVE-2010-4083 | 5 Debian, Linux, Opensuse and 2 more | 9 Debian Linux, Linux Kernel, Opensuse and 6 more | 2025-04-11 | N/A |
| The copy_semid_to_user function in ipc/sem.c in the Linux kernel before 2.6.36 does not initialize a certain structure, which allows local users to obtain potentially sensitive information from kernel stack memory via a (1) IPC_INFO, (2) SEM_INFO, (3) IPC_STAT, or (4) SEM_STAT command in a semctl system call. | ||||
| CVE-2010-1866 | 3 Opensuse, Php, Suse | 3 Opensuse, Php, Linux Enterprise | 2025-04-11 | 9.8 Critical |
| The dechunk filter in PHP 5.3 through 5.3.2, when decoding an HTTP chunked encoding stream, allows context-dependent attackers to cause a denial of service (crash) and possibly trigger memory corruption via a negative chunk size, which bypasses a signed comparison, related to an integer overflow in the chunk size decoder. | ||||
| CVE-2012-2878 | 2 Google, Opensuse | 2 Chrome, Opensuse | 2025-04-11 | N/A |
| Use-after-free vulnerability in Google Chrome before 22.0.1229.79 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to plug-in handling. | ||||
| CVE-2012-2877 | 2 Google, Opensuse | 2 Chrome, Opensuse | 2025-04-11 | N/A |
| The extension system in Google Chrome before 22.0.1229.79 does not properly handle modal dialogs, which allows remote attackers to cause a denial of service (application crash) via unspecified vectors. | ||||
| CVE-2012-2876 | 2 Google, Opensuse | 2 Chrome, Opensuse | 2025-04-11 | N/A |
| Buffer overflow in the SSE2 optimization functionality in Google Chrome before 22.0.1229.79 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | ||||
| CVE-2012-2874 | 2 Google, Opensuse | 2 Chrome, Opensuse | 2025-04-11 | N/A |
| Skia, as used in Google Chrome before 22.0.1229.79, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an out-of-bounds write operation, a different vulnerability than CVE-2012-2883. | ||||
| CVE-2013-5211 | 3 Ntp, Opensuse, Oracle | 3 Ntp, Opensuse, Linux | 2025-04-11 | N/A |
| The monlist feature in ntp_request.c in ntpd in NTP before 4.2.7p26 allows remote attackers to cause a denial of service (traffic amplification) via forged (1) REQ_MON_GETLIST or (2) REQ_MON_GETLIST_1 requests, as exploited in the wild in December 2013. | ||||