Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Opensuse Subscribe
Total 3164 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2015-1288 4 Debian, Google, Opensuse and 1 more 7 Debian Linux, Chrome, Opensuse and 4 more 2018-10-30 6.8 MEDIUM N/A
The Spellcheck API implementation in Google Chrome before 44.0.2403.89 does not use an HTTPS session for downloading a Hunspell dictionary, which allows man-in-the-middle attackers to deliver incorrect spelling suggestions or possibly have unspecified other impact via a crafted file, a related issue to CVE-2015-1263.
CVE-2015-1287 4 Debian, Google, Opensuse and 1 more 7 Debian Linux, Chrome, Opensuse and 4 more 2018-10-30 4.3 MEDIUM N/A
Blink, as used in Google Chrome before 44.0.2403.89, enables a quirks-mode exception that limits the cases in which a Cascading Style Sheets (CSS) document is required to have the text/css content type, which allows remote attackers to bypass the Same Origin Policy via a crafted web site, related to core/fetch/CSSStyleSheetResource.cpp.
CVE-2015-1286 4 Debian, Google, Opensuse and 1 more 7 Debian Linux, Chrome, Opensuse and 4 more 2018-10-30 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the V8ContextNativeHandler::GetModuleSystem function in extensions/renderer/v8_context_native_handler.cc in Google Chrome before 44.0.2403.89 allows remote attackers to inject arbitrary web script or HTML by leveraging the lack of a certain V8 context restriction, aka a Blink "Universal XSS (UXSS)."
CVE-2015-1285 4 Debian, Google, Opensuse and 1 more 7 Debian Linux, Chrome, Opensuse and 4 more 2018-10-30 5.0 MEDIUM N/A
The XSSAuditor::canonicalize function in core/html/parser/XSSAuditor.cpp in the XSS auditor in Blink, as used in Google Chrome before 44.0.2403.89, does not properly choose a truncation point, which makes it easier for remote attackers to obtain sensitive information via an unspecified linear-time attack.
CVE-2015-1284 3 Google, Opensuse, Redhat 5 Chrome, Opensuse, Enterprise Linux Desktop Supplementary and 2 more 2018-10-30 7.5 HIGH N/A
The LocalFrame::isURLAllowed function in core/frame/LocalFrame.cpp in Blink, as used in Google Chrome before 44.0.2403.89, does not properly check for a page's maximum number of frames, which allows remote attackers to cause a denial of service (invalid count value and use-after-free) or possibly have unspecified other impact via crafted JavaScript code that makes many createElement calls for IFRAME elements.
CVE-2015-1282 4 Debian, Google, Opensuse and 1 more 7 Debian Linux, Chrome, Opensuse and 4 more 2018-10-30 6.8 MEDIUM N/A
Multiple use-after-free vulnerabilities in fpdfsdk/src/javascript/Document.cpp in PDFium, as used in Google Chrome before 44.0.2403.89, allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PDF document, related to the (1) Document::delay and (2) Document::DoFieldDelay functions.
CVE-2015-1281 4 Debian, Google, Opensuse and 1 more 7 Debian Linux, Chrome, Opensuse and 4 more 2018-10-30 4.3 MEDIUM N/A
core/loader/ImageLoader.cpp in Blink, as used in Google Chrome before 44.0.2403.89, does not properly determine the V8 context of a microtask, which allows remote attackers to bypass Content Security Policy (CSP) restrictions by providing an image from an unintended source.
CVE-2015-1280 4 Debian, Google, Opensuse and 1 more 7 Debian Linux, Chrome, Opensuse and 4 more 2018-10-30 7.5 HIGH N/A
SkPictureShader.cpp in Skia, as used in Google Chrome before 44.0.2403.89, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging access to a renderer process and providing crafted serialized data.
CVE-2015-1279 4 Debian, Google, Opensuse and 1 more 7 Debian Linux, Chrome, Opensuse and 4 more 2018-10-30 7.5 HIGH N/A
Integer overflow in the CJBig2_Image::expand function in fxcodec/jbig2/JBig2_Image.cpp in PDFium, as used in Google Chrome before 44.0.2403.89, allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via large height and stride values.
CVE-2015-1278 4 Debian, Google, Opensuse and 1 more 7 Debian Linux, Chrome, Opensuse and 4 more 2018-10-30 4.3 MEDIUM N/A
content/browser/web_contents/web_contents_impl.cc in Google Chrome before 44.0.2403.89 does not ensure that a PDF document's modal dialog is closed upon navigation to an interstitial page, which allows remote attackers to spoof URLs via a crafted document, as demonstrated by the alert_dialog.pdf document.
CVE-2015-1277 4 Debian, Google, Opensuse and 1 more 7 Debian Linux, Chrome, Opensuse and 4 more 2018-10-30 7.5 HIGH N/A
Use-after-free vulnerability in the accessibility implementation in Google Chrome before 44.0.2403.89 allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging lack of certain validity checks for accessibility-tree data structures.
CVE-2015-1276 4 Debian, Google, Opensuse and 1 more 7 Debian Linux, Chrome, Opensuse and 4 more 2018-10-30 7.5 HIGH 9.8 CRITICAL
Use-after-free vulnerability in content/browser/indexed_db/indexed_db_backing_store.cc in the IndexedDB implementation in Google Chrome before 44.0.2403.89 allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging an abort action before a certain write operation.
CVE-2015-1275 2 Google, Opensuse 3 Android, Chrome, Opensuse 2018-10-30 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in org/chromium/chrome/browser/UrlUtilities.java in Google Chrome before 44.0.2403.89 on Android allows remote attackers to inject arbitrary web script or HTML via a crafted intent: URL, as demonstrated by a trailing alert(document.cookie);// substring, aka "Universal XSS (UXSS)."
CVE-2015-1274 4 Debian, Google, Opensuse and 1 more 6 Debian Linux, Chrome, Opensuse and 3 more 2018-10-30 6.8 MEDIUM N/A
Google Chrome before 44.0.2403.89 does not ensure that the auto-open list omits all dangerous file types, which makes it easier for remote attackers to execute arbitrary code by providing a crafted file and leveraging a user's previous "Always open files of this type" choice, related to download_commands.cc and download_prefs.cc.
CVE-2015-1273 4 Debian, Google, Opensuse and 1 more 7 Debian Linux, Chrome, Opensuse and 4 more 2018-10-30 6.8 MEDIUM N/A
Heap-based buffer overflow in j2k.c in OpenJPEG before r3002, as used in PDFium in Google Chrome before 44.0.2403.89, allows remote attackers to cause a denial of service or possibly have unspecified other impact via invalid JPEG2000 data in a PDF document.
CVE-2015-1272 4 Debian, Google, Opensuse and 1 more 7 Debian Linux, Chrome, Opensuse and 4 more 2018-10-30 7.5 HIGH N/A
Use-after-free vulnerability in the GPU process implementation in Google Chrome before 44.0.2403.89 allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging the continued availability of a GPUChannelHost data structure during Blink shutdown, related to content/browser/gpu/browser_gpu_channel_host_factory.cc and content/renderer/render_thread_impl.cc.
CVE-2015-1271 4 Debian, Google, Opensuse and 1 more 7 Debian Linux, Chrome, Opensuse and 4 more 2018-10-30 6.8 MEDIUM N/A
PDFium, as used in Google Chrome before 44.0.2403.89, does not properly handle certain out-of-memory conditions, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted PDF document that triggers a large memory allocation.
CVE-2015-1270 5 Debian, Google, Opensuse and 2 more 8 Debian Linux, Chrome, Opensuse and 5 more 2018-10-30 6.8 MEDIUM N/A
The ucnv_io_getConverterName function in common/ucnv_io.cpp in International Components for Unicode (ICU), as used in Google Chrome before 44.0.2403.89, mishandles converter names with initial x- substrings, which allows remote attackers to cause a denial of service (read of uninitialized memory) or possibly have unspecified other impact via a crafted file.
CVE-2015-1182 2 Opensuse, Polarssl 2 Opensuse, Polarssl 2018-10-30 7.5 HIGH N/A
The asn1_get_sequence_of function in library/asn1parse.c in PolarSSL 1.0 through 1.2.12 and 1.3.x through 1.3.9 does not properly initialize a pointer in the asn1_sequence linked list, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted ASN.1 sequence in a certificate.
CVE-2015-1196 3 Gnu, Opensuse, Oracle 3 Patch, Opensuse, Solaris 2018-10-30 4.3 MEDIUM N/A
GNU patch 2.7.1 allows remote attackers to write to arbitrary files via a symlink attack in a patch file.