Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Opensuse Subscribe
Filtered by product Opensuse
Total 1385 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2014-2977 3 Directfb, Opensuse, Suse 6 Directfb, Opensuse, Linux Enterprise Desktop and 3 more 2018-10-30 10.0 HIGH N/A
Multiple integer signedness errors in the Dispatch_Write function in proxy/dispatcher/idirectfbsurface_dispatcher.c in DirectFB 1.4.13 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the Voodoo interface, which triggers a stack-based buffer overflow.
CVE-2014-2978 3 Directfb, Opensuse, Suse 6 Directfb, Opensuse, Linux Enterprise Desktop and 3 more 2018-10-30 10.0 HIGH N/A
The Dispatch_Write function in proxy/dispatcher/idirectfbsurface_dispatcher.c in DirectFB 1.4.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the Voodoo interface, which triggers an out-of-bounds write.
CVE-2013-0834 2 Google, Opensuse 2 Chrome, Opensuse 2018-10-30 5.0 MEDIUM N/A
Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service (out-of-bounds read) via vectors involving glyphs.
CVE-2014-3168 3 Debian, Google, Opensuse 3 Debian Linux, Chrome, Opensuse 2018-10-30 7.5 HIGH N/A
Use-after-free vulnerability in the SVG implementation in Blink, as used in Google Chrome before 37.0.2062.94, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging improper caching associated with animation.
CVE-2014-3169 3 Debian, Google, Opensuse 3 Debian Linux, Chrome, Opensuse 2018-10-30 7.5 HIGH N/A
Use-after-free vulnerability in core/dom/ContainerNode.cpp in the DOM implementation in Blink, as used in Google Chrome before 37.0.2062.94, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging script execution that occurs before notification of node removal.
CVE-2014-3429 3 Ipython, Mageia, Opensuse 3 Ipython Notebook, Mageia, Opensuse 2018-10-30 6.8 MEDIUM N/A
IPython Notebook 0.12 through 1.x before 1.2 does not validate the origin of websocket requests, which allows remote attackers to execute arbitrary code by leveraging knowledge of the kernel id and a crafted page.
CVE-2014-9749 2 Opensuse, Squid-cache 2 Opensuse, Squid 2018-10-30 4.0 MEDIUM N/A
Squid 3.4.4 through 3.4.11 and 3.5.0.1 through 3.5.1, when Digest authentication is used, allow remote authenticated users to retain access by leveraging a stale nonce, aka "Nonce replay vulnerability."
CVE-2013-0833 2 Google, Opensuse 2 Chrome, Opensuse 2018-10-30 5.0 MEDIUM N/A
Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service (out-of-bounds read) via vectors related to printing.
CVE-2013-0832 2 Google, Opensuse 2 Chrome, Opensuse 2018-10-30 7.5 HIGH N/A
Use-after-free vulnerability in Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to printing.
CVE-2014-3494 2 Kde, Opensuse 2 Kdelibs, Opensuse 2018-10-30 4.3 MEDIUM N/A
kio/usernotificationhandler.cpp in the POP3 kioslave in kdelibs 4.10.95 before 4.13.3 does not properly generate warning notifications, which allows man-in-the-middle attackers to obtain sensitive information via an invalid certificate.
CVE-2014-3522 4 Apache, Apple, Canonical and 1 more 4 Subversion, Xcode, Ubuntu Linux and 1 more 2018-10-30 4.0 MEDIUM N/A
The Serf RA layer in Apache Subversion 1.4.0 through 1.7.x before 1.7.18 and 1.8.x before 1.8.10 does not properly handle wildcards in the Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof servers via a crafted certificate.
CVE-2014-3528 5 Apache, Apple, Canonical and 2 more 9 Subversion, Xcode, Ubuntu Linux and 6 more 2018-10-30 4.0 MEDIUM N/A
Apache Subversion 1.0.0 through 1.7.x before 1.7.17 and 1.8.x before 1.8.10 uses an MD5 hash of the URL and authentication realm to store cached credentials, which makes it easier for remote servers to obtain the credentials via a crafted authentication realm.
CVE-2014-3533 4 D-bus Project, Debian, Mageia Project and 1 more 4 D-bus, Debian Linux, Mageia and 1 more 2018-10-30 2.1 LOW N/A
dbus 1.3.0 before 1.6.22 and 1.8.x before 1.8.6 allows local users to cause a denial of service (disconnect) via a certain sequence of crafted messages that cause the dbus-daemon to forward a message containing an invalid file descriptor.
CVE-2014-3589 3 Debian, Opensuse, Python 3 Python-imaging, Opensuse, Pillow 2018-10-30 5.0 MEDIUM N/A
PIL/IcnsImagePlugin.py in Python Imaging Library (PIL) and Pillow before 2.3.2 and 2.5.x before 2.5.2 allows remote attackers to cause a denial of service via a crafted block size.
CVE-2014-3598 2 Opensuse, Python 2 Opensuse, Pillow 2018-10-30 5.0 MEDIUM N/A
The Jpeg2KImagePlugin plugin in Pillow before 2.5.3 allows remote attackers to cause a denial of service via a crafted image.
CVE-2014-3638 2 D-bus Project, Opensuse 2 D-bus, Opensuse 2018-10-30 2.1 LOW N/A
The bus_connections_check_reply function in config-parser.c in D-Bus before 1.6.24 and 1.8.x before 1.8.8 allows local users to cause a denial of service (CPU consumption) via a large number of method calls.
CVE-2014-3639 2 D-bus Project, Opensuse 2 D-bus, Opensuse 2018-10-30 2.1 LOW N/A
The dbus-daemon in D-Bus before 1.6.24 and 1.8.x before 1.8.8 does not properly close old connections, which allows local users to cause a denial of service (incomplete connection consumption and prevention of new connections) via a large number of incomplete connections.
CVE-2014-3635 2 D-bus Project, Opensuse 2 D-bus, Opensuse 2018-10-30 4.4 MEDIUM N/A
Off-by-one error in D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8, when running on a 64-bit system and the max_message_unix_fds limit is set to an odd number, allows local users to cause a denial of service (dbus-daemon crash) or possibly execute arbitrary code by sending one more file descriptor than the limit, which triggers a heap-based buffer overflow or an assertion failure.
CVE-2014-3636 2 D-bus Project, Opensuse 2 D-bus, Opensuse 2018-10-30 1.9 LOW N/A
D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8 allows local users to (1) cause a denial of service (prevention of new connections and connection drop) by queuing the maximum number of file descriptors or (2) cause a denial of service (disconnect) via multiple messages that combine to have more than the allowed number of file descriptors for a single sendmsg call.
CVE-2014-3694 4 Canonical, Debian, Opensuse and 1 more 4 Ubuntu Linux, Debian Linux, Opensuse and 1 more 2018-10-30 6.4 MEDIUM N/A
The (1) bundled GnuTLS SSL/TLS plugin and the (2) bundled OpenSSL SSL/TLS plugin in libpurple in Pidgin before 2.10.10 do not properly consider the Basic Constraints extension during verification of X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.