Filtered by vendor Opensuse
Subscribe
Total
3164 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-1564 | 2 Mozilla, Opensuse | 5 Firefox, Firefox Esr, Thunderbird and 2 more | 2018-10-30 | 4.3 MEDIUM | N/A |
| Mozilla Firefox before 32.0, Firefox ESR 31.x before 31.1, and Thunderbird 31.x before 31.1 do not properly initialize memory for GIF rendering, which allows remote attackers to obtain sensitive information from process memory via crafted web script that interacts with a CANVAS element associated with a malformed GIF image. | |||||
| CVE-2014-1563 | 3 Mozilla, Opensuse, Oracle | 6 Firefox, Firefox Esr, Thunderbird and 3 more | 2018-10-30 | 10.0 HIGH | N/A |
| Use-after-free vulnerability in the mozilla::DOMSVGLength::GetTearOff function in Mozilla Firefox before 32.0, Firefox ESR 31.x before 31.1, and Thunderbird 31.x before 31.1 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via an SVG animation with DOM interaction that triggers incorrect cycle collection. | |||||
| CVE-2014-1553 | 2 Mozilla, Opensuse | 5 Firefox, Firefox Esr, Thunderbird and 2 more | 2018-10-30 | 10.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 32.0, Firefox ESR 31.x before 31.1, and Thunderbird 31.x before 31.1 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | |||||
| CVE-2014-1542 | 4 Mozilla, Opensuse, Opensuse Project and 1 more | 4 Firefox, Opensuse, Opensuse and 1 more | 2018-10-30 | 6.8 MEDIUM | N/A |
| Buffer overflow in the Speex resampler in the Web Audio subsystem in Mozilla Firefox before 30.0 allows remote attackers to execute arbitrary code via vectors related to a crafted AudioBuffer channel count and sample rate. | |||||
| CVE-2016-4024 | 3 Debian, Enlightenment, Opensuse | 3 Debian Linux, Imlib2, Opensuse | 2018-10-30 | 7.5 HIGH | 9.8 CRITICAL |
| Integer overflow in imlib2 before 1.4.9 on 32-bit platforms allows remote attackers to execute arbitrary code via large dimensions in an image, which triggers an out-of-bounds heap memory write operation. | |||||
| CVE-2016-4036 | 1 Opensuse | 2 Leap, Opensuse | 2018-10-30 | 2.1 LOW | 5.5 MEDIUM |
| The quagga package before 0.99.23-2.6.1 in openSUSE and SUSE Linux Enterprise Server 11 SP 1 uses weak permissions for /etc/quagga, which allows local users to obtain sensitive information by reading files in the directory. | |||||
| CVE-2016-4049 | 2 Opensuse, Quagga | 3 Leap, Opensuse, Quagga | 2018-10-30 | 5.0 MEDIUM | 7.5 HIGH |
| The bgp_dump_routes_func function in bgpd/bgp_dump.c in Quagga does not perform size checks when dumping data, which might allow remote attackers to cause a denial of service (assertion failure and daemon crash) via a large BGP packet. | |||||
| CVE-2016-4068 | 2 Opensuse, Roundcube | 4 Leap, Opensuse, Roundcube Webmail and 1 more | 2018-10-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 1.0.9 and 1.1.x before 1.1.5 allows remote attackers to inject arbitrary web script or HTML via a crafted SVG, a different vulnerability than CVE-2015-8864. | |||||
| CVE-2014-1528 | 7 Canonical, Fedoraproject, Microsoft and 4 more | 8 Ubuntu Linux, Fedora, Windows and 5 more | 2018-10-30 | 10.0 HIGH | N/A |
| The sse2_composite_src_x888_8888 function in Pixman, as used in Cairo in Mozilla Firefox 28.0 and SeaMonkey 2.25 on Windows, allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds write and application crash) by painting on a CANVAS element. | |||||
| CVE-2016-4069 | 2 Opensuse, Roundcube | 2 Leap, Webmail | 2018-10-30 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in Roundcube Webmail before 1.1.5 allows remote attackers to hijack the authentication of users for requests that download attachments and cause a denial of service (disk consumption) via unspecified vectors. | |||||
| CVE-2016-4342 | 2 Opensuse, Php | 2 Leap, Php | 2018-10-30 | 8.3 HIGH | 8.8 HIGH |
| ext/phar/phar_object.c in PHP before 5.5.32, 5.6.x before 5.6.18, and 7.x before 7.0.3 mishandles zero-length uncompressed data, which allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a crafted (1) TAR, (2) ZIP, or (3) PHAR archive. | |||||
| CVE-2016-4348 | 3 Debian, Gnome, Opensuse | 4 Debian Linux, Librsvg, Leap and 1 more | 2018-10-30 | 5.0 MEDIUM | 7.5 HIGH |
| The _rsvg_css_normalize_font_size function in librsvg 2.40.2 allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via circular definitions in an SVG document. | |||||
| CVE-2016-4414 | 3 Fedoraproject, Opensuse, Quassel-irc | 4 Fedora, Leap, Opensuse and 1 more | 2018-10-30 | 5.0 MEDIUM | 7.5 HIGH |
| The onReadyRead function in core/coreauthhandler.cpp in Quassel before 0.12.4 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via invalid handshake data. | |||||
| CVE-2016-4478 | 3 Atheme, Debian, Opensuse | 4 Atheme, Debian Linux, Leap and 1 more | 2018-10-30 | 5.0 MEDIUM | 7.5 HIGH |
| Buffer overflow in the xmlrpc_char_encode function in modules/transport/xmlrpc/xmlrpclib.c in Atheme before 7.2.7 allows remote attackers to cause a denial of service via vectors related to XMLRPC response encoding. | |||||
| CVE-2016-4537 | 3 Fedoraproject, Opensuse, Php | 3 Fedora, Leap, Php | 2018-10-30 | 7.5 HIGH | 9.8 CRITICAL |
| The bcpowmod function in ext/bcmath/bcmath.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 accepts a negative integer for the scale argument, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted call. | |||||
| CVE-2016-4538 | 3 Fedoraproject, Opensuse, Php | 3 Fedora, Leap, Php | 2018-10-30 | 7.5 HIGH | 9.8 CRITICAL |
| The bcpowmod function in ext/bcmath/bcmath.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 modifies certain data structures without considering whether they are copies of the _zero_, _one_, or _two_ global variable, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted call. | |||||
| CVE-2016-4539 | 3 Fedoraproject, Opensuse, Php | 3 Fedora, Leap, Php | 2018-10-30 | 7.5 HIGH | 9.8 CRITICAL |
| The xml_parse_into_struct function in ext/xml/xml.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 allows remote attackers to cause a denial of service (buffer under-read and segmentation fault) or possibly have unspecified other impact via crafted XML data in the second argument, leading to a parser level of zero. | |||||
| CVE-2016-4540 | 3 Fedoraproject, Opensuse, Php | 3 Fedora, Leap, Php | 2018-10-30 | 7.5 HIGH | 9.8 CRITICAL |
| The grapheme_stripos function in ext/intl/grapheme/grapheme_string.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a negative offset. | |||||
| CVE-2016-4541 | 3 Fedoraproject, Opensuse, Php | 3 Fedora, Leap, Php | 2018-10-30 | 7.5 HIGH | 9.8 CRITICAL |
| The grapheme_strpos function in ext/intl/grapheme/grapheme_string.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a negative offset. | |||||
| CVE-2016-4542 | 3 Fedoraproject, Opensuse, Php | 3 Fedora, Leap, Php | 2018-10-30 | 7.5 HIGH | 9.8 CRITICAL |
| The exif_process_IFD_TAG function in ext/exif/exif.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 does not properly construct spprintf arguments, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via crafted header data. | |||||