Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Opensuse Subscribe
Total 3164 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2015-4815 7 Canonical, Debian, Fedoraproject and 4 more 15 Ubuntu Linux, Debian Linux, Fedora and 12 more 2022-09-08 4.0 MEDIUM N/A
Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to Server : DDL.
CVE-2016-0502 3 Mariadb, Opensuse, Oracle 4 Mariadb, Leap, Opensuse and 1 more 2022-09-08 4.0 MEDIUM 6.5 MEDIUM
Unspecified vulnerability in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.
CVE-2015-4870 7 Canonical, Debian, Fedoraproject and 4 more 15 Ubuntu Linux, Debian Linux, Fedora and 12 more 2022-09-08 4.0 MEDIUM N/A
Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Parser.
CVE-2015-4830 8 Canonical, Debian, Fedoraproject and 5 more 17 Ubuntu Linux, Debian Linux, Fedora and 14 more 2022-09-08 4.0 MEDIUM N/A
Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server : Security : Privileges.
CVE-2015-4858 7 Canonical, Debian, Fedoraproject and 4 more 15 Ubuntu Linux, Debian Linux, Fedora and 12 more 2022-09-08 4.0 MEDIUM N/A
Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via vectors related to DML, a different vulnerability than CVE-2015-4913.
CVE-2016-5387 8 Apache, Canonical, Debian and 5 more 21 Http Server, Ubuntu Linux, Debian Linux and 18 more 2022-09-07 6.8 MEDIUM 8.1 HIGH
The Apache HTTP Server through 2.4.23 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue. NOTE: the vendor states "This mitigation has been assigned the identifier CVE-2016-5387"; in other words, this is not a CVE ID for a vulnerability.
CVE-2019-0197 6 Apache, Canonical, Fedoraproject and 3 more 12 Http Server, Ubuntu Linux, Fedora and 9 more 2022-09-07 4.9 MEDIUM 4.2 MEDIUM
A vulnerability was found in Apache HTTP Server 2.4.34 to 2.4.38. When HTTP/2 was enabled for a http: host or H2Upgrade was enabled for h2 on a https: host, an Upgrade request from http/1.1 to http/2 that was not the first request on a connection could lead to a misconfiguration and crash. Server that never enabled the h2 protocol or that only enabled it for https: and did not set "H2Upgrade on" are unaffected by this issue.
CVE-2020-15306 5 Canonical, Debian, Fedoraproject and 2 more 5 Ubuntu Linux, Debian Linux, Fedora and 2 more 2022-09-02 2.1 LOW 5.5 MEDIUM
An issue was discovered in OpenEXR before v2.5.2. Invalid chunkCount attributes could cause a heap buffer overflow in getChunkOffsetTableSize() in IlmImf/ImfMisc.cpp.
CVE-2020-11099 4 Canonical, Fedoraproject, Freerdp and 1 more 4 Ubuntu Linux, Fedora, Freerdp and 1 more 2022-09-02 6.4 MEDIUM 6.5 MEDIUM
In FreeRDP before version 2.1.2, there is an out of bounds read in license_read_new_or_upgrade_license_packet. A manipulated license packet can lead to out of bound reads to an internal buffer. This is fixed in version 2.1.2.
CVE-2020-15304 3 Fedoraproject, Openexr, Opensuse 3 Fedora, Openexr, Leap 2022-09-02 2.1 LOW 5.5 MEDIUM
An issue was discovered in OpenEXR before 2.5.2. An invalid tiled input file could cause invalid memory access in TiledInputFile::TiledInputFile() in IlmImf/ImfTiledInputFile.cpp, as demonstrated by a NULL pointer dereference.
CVE-2020-15305 5 Canonical, Debian, Fedoraproject and 2 more 5 Ubuntu Linux, Debian Linux, Fedora and 2 more 2022-09-02 2.1 LOW 5.5 MEDIUM
An issue was discovered in OpenEXR before 2.5.2. Invalid input could cause a use-after-free in DeepScanLineInputFile::DeepScanLineInputFile() in IlmImf/ImfDeepScanLineInputFile.cpp.
CVE-2020-12640 2 Opensuse, Roundcube 3 Backports Sle, Leap, Webmail 2022-09-02 7.5 HIGH 9.8 CRITICAL
Roundcube Webmail before 1.4.4 allows attackers to include local files and execute code via directory traversal in a plugin name to rcube_plugin_api.php.
CVE-2020-12625 3 Debian, Opensuse, Roundcube 4 Debian Linux, Backports Sle, Leap and 1 more 2022-09-02 4.3 MEDIUM 6.1 MEDIUM
An issue was discovered in Roundcube Webmail before 1.4.4. There is a cross-site scripting (XSS) vulnerability in rcube_washtml.php because JavaScript code can occur in the CDATA of an HTML message.
CVE-2020-10723 5 Canonical, Dpdk, Fedoraproject and 2 more 6 Ubuntu Linux, Data Plane Development Kit, Fedora and 3 more 2022-09-02 4.6 MEDIUM 6.7 MEDIUM
A memory corruption issue was found in DPDK versions 17.05 and above. This flaw is caused by an integer truncation on the index of a payload. Under certain circumstances, the index (a UInt) is copied and truncated into a uint16, which can lead to out of bound indexing and possible memory corruption.
CVE-2020-10722 5 Canonical, Dpdk, Fedoraproject and 2 more 6 Ubuntu Linux, Data Plane Development Kit, Fedora and 3 more 2022-09-02 4.6 MEDIUM 6.7 MEDIUM
A vulnerability was found in DPDK versions 18.05 and above. A missing check for an integer overflow in vhost_user_set_log_base() could result in a smaller memory map than requested, possibly allowing memory corruption.
CVE-2020-10725 4 Dpdk, Fedoraproject, Opensuse and 1 more 4 Data Plane Development Kit, Fedora, Leap and 1 more 2022-09-02 4.0 MEDIUM 7.7 HIGH
A flaw was found in DPDK version 19.11 and above that allows a malicious guest to cause a segmentation fault of the vhost-user backend application running on the host, which could result in a loss of connectivity for the other guests running on that host. This is caused by a missing validity check of the descriptor address in the function `virtio_dev_rx_batch_packed()`.
CVE-2020-10726 4 Dpdk, Fedoraproject, Opensuse and 1 more 4 Data Plane Development Kit, Fedora, Leap and 1 more 2022-09-02 2.1 LOW 4.4 MEDIUM
A vulnerability was found in DPDK versions 19.11 and above. A malicious container that has direct access to the vhost-user socket can keep sending VHOST_USER_GET_INFLIGHT_FD messages, causing a resource leak (file descriptors and virtual memory), which may result in a denial of service.
CVE-2020-17498 4 Fedoraproject, Opensuse, Oracle and 1 more 4 Fedora, Leap, Zfs Storage Appliance Kit and 1 more 2022-09-02 4.3 MEDIUM 6.5 MEDIUM
In Wireshark 3.2.0 to 3.2.5, the Kafka protocol dissector could crash. This was addressed in epan/dissectors/packet-kafka.c by avoiding a double free during LZ4 decompression.
CVE-2020-15025 4 Netapp, Ntp, Opensuse and 1 more 27 8300, 8300 Firmware, 8700 and 24 more 2022-09-02 4.0 MEDIUM 4.9 MEDIUM
ntpd in ntp 4.2.8 before 4.2.8p15 and 4.3.x before 4.3.101 allows remote attackers to cause a denial of service (memory consumption) by sending packets, because memory is not freed in situations where a CMAC key is used and associated with a CMAC algorithm in the ntp.keys file.
CVE-2019-17569 5 Apache, Debian, Netapp and 2 more 16 Tomcat, Tomee, Debian Linux and 13 more 2022-09-02 5.8 MEDIUM 4.8 MEDIUM
The refactoring present in Apache Tomcat 9.0.28 to 9.0.30, 8.5.48 to 8.5.50 and 7.0.98 to 7.0.99 introduced a regression. The result of the regression was that invalid Transfer-Encoding headers were incorrectly processed leading to a possibility of HTTP Request Smuggling if Tomcat was located behind a reverse proxy that incorrectly handled the invalid Transfer-Encoding header in a particular manner. Such a reverse proxy is considered unlikely.