Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Opensuse Subscribe
Filtered by product Opensuse
Total 1385 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2012-2872 2 Google, Opensuse 2 Chrome, Opensuse 2018-10-30 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in an SSL interstitial page in Google Chrome before 21.0.1180.89 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2012-2869 2 Google, Opensuse 2 Chrome, Opensuse 2018-10-30 7.5 HIGH N/A
Google Chrome before 21.0.1180.89 does not properly load URLs, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger a "stale buffer."
CVE-2012-2868 2 Google, Opensuse 2 Chrome, Opensuse 2018-10-30 6.8 MEDIUM N/A
Race condition in Google Chrome before 21.0.1180.89 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving improper interaction between worker processes and an XMLHttpRequest (aka XHR) object.
CVE-2012-2867 2 Google, Opensuse 2 Chrome, Opensuse 2018-10-30 5.0 MEDIUM N/A
The SPDY implementation in Google Chrome before 21.0.1180.89 allows remote attackers to cause a denial of service (application crash) via unspecified vectors.
CVE-2012-2866 2 Google, Opensuse 2 Chrome, Opensuse 2018-10-30 7.5 HIGH N/A
Google Chrome before 21.0.1180.89 does not properly perform a cast of an unspecified variable during handling of run-in elements, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document.
CVE-2012-2865 2 Google, Opensuse 2 Chrome, Opensuse 2018-10-30 4.3 MEDIUM N/A
Google Chrome before 21.0.1180.89 does not properly perform line breaking, which allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted document.
CVE-2012-2881 2 Google, Opensuse 2 Chrome, Opensuse 2018-10-30 7.5 HIGH N/A
Google Chrome before 22.0.1229.79 does not properly handle plug-ins, which allows remote attackers to cause a denial of service (DOM tree corruption) or possibly have unspecified other impact via unknown vectors.
CVE-2012-2328 2 Opensuse, Standards Based Linux Instrumentation Project 2 Opensuse, Standards-based Linux Common Information Model Client 2018-10-30 5.0 MEDIUM N/A
internal/cimxml/sax/NodeFactory.java in Standards-Based Linux Instrumentation for Manageability (SBLIM) Common Information Model (CIM) Client (aka sblim-cim-client2) before 2.1.12 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted XML file.
CVE-2012-1095 1 Opensuse 2 Opensuse, Osc 2018-10-30 4.3 MEDIUM N/A
osc before 0.134 might allow remote OBS repository servers or package maintainers to execute arbitrary commands via a crafted (1) build log or (2) build status that contains an escape sequence for a terminal emulator.
CVE-2012-2880 2 Google, Opensuse 2 Chrome, Opensuse 2018-10-30 7.5 HIGH N/A
Race condition in Google Chrome before 22.0.1229.79 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the plug-in paint buffer.
CVE-2012-0427 1 Opensuse 1 Opensuse 2018-10-30 7.2 HIGH N/A
yast2-add-on-creator in SUSE inst-source-utils 2008.11.26 before 2008.11.26-0.9.1 and 2012.9.13 before 2012.9.13-0.8.1 allows local users to gain privileges via a crafted (1) file name or (2) directory name.
CVE-2012-0425 1 Opensuse 1 Opensuse 2018-10-30 7.8 HIGH N/A
LanItems.ycp in save_y2logs in yast2-network before 2.24.4 in SUSE YaST writes cleartext Wi-Fi credentials to the y2log log file, which allows context-dependent attackers to obtain sensitive information by reading the (1) WIRELESS_WPA_PASSWORD or (2) WIRELESS_CLIENT_KEY_PASSWORD field.
CVE-2012-2879 2 Google, Opensuse 2 Chrome, Opensuse 2018-10-30 4.3 MEDIUM N/A
Google Chrome before 22.0.1229.79 allows remote attackers to cause a denial of service (DOM topology corruption) via a crafted document.
CVE-2011-3377 3 Canonical, Opensuse, Redhat 3 Ubuntu Linux, Opensuse, Icedtea-web 2018-10-30 4.3 MEDIUM N/A
The web browser plug-in in IcedTea-Web 1.0.x before 1.0.6 and 1.1.x before 1.1.4 allows remote attackers to bypass the Same Origin Policy (SOP) and execute arbitrary script or establish network connections to unintended hosts via an applet whose origin has the same second-level domain, but a different sub-domain than the targeted domain.
CVE-2011-3098 3 Google, Microsoft, Opensuse 3 Chrome, Windows, Opensuse 2018-10-30 7.2 HIGH N/A
Google Chrome before 19.0.1084.46 on Windows uses an incorrect search path for the Windows Media Player plug-in, which might allow local users to gain privileges via a Trojan horse plug-in in an unspecified directory.
CVE-2011-3079 3 Google, Mozilla, Opensuse 6 Chrome, Firefox, Firefox Esr and 3 more 2018-10-30 10.0 HIGH N/A
The Inter-process Communication (IPC) implementation in Google Chrome before 18.0.1025.168, as used in Mozilla Firefox before 38.0 and other products, does not properly validate messages, which has unspecified impact and attack vectors.
CVE-2011-2725 3 Canonical, Kde, Opensuse 4 Ubuntu Linux, Ark, Kde Sc and 1 more 2018-10-30 6.8 MEDIUM N/A
Directory traversal vulnerability in Ark 4.7.x and earlier allows remote attackers to delete and force the display of arbitrary files via .. (dot dot) sequences in a zip file.
CVE-2011-2198 3 Gnome, Opensuse, Oracle 3 Gnome-terminal, Opensuse, Solaris 2018-10-30 3.5 LOW N/A
The "insert-blank-characters" capability in caps.c in gnome-terminal (vte) before 0.28.1 allows remote authenticated users to cause a denial of service (CPU and memory consumption and crash) via a crafted file, as demonstrated by a file containing the string "\033[100000000000000000@".
CVE-2011-0468 1 Opensuse 1 Opensuse 2018-10-30 6.9 MEDIUM N/A
The aaa_base package before 11.3-8.9.1 in SUSE openSUSE 11.3, and before 11.4-54.62.1 in openSUSE 11.4, allows local users to gain privileges via shell metacharacters in a filename, related to tab expansion.
CVE-2011-0461 1 Opensuse 1 Opensuse 2018-10-30 6.3 MEDIUM N/A
/etc/init.d/boot.localfs in the aaa_base package before 11.2-43.48.1 in SUSE openSUSE 11.2, and before 11.3-8.7.1 in openSUSE 11.3, allows local users to overwrite arbitrary files via a symlink attack on /dev/shm/mtab.