Filtered by vendor Opensuse
Subscriptions
Total
3289 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-1670 | 4 Debian, Google, Opensuse and 1 more | 4 Debian Linux, Chrome, Opensuse and 1 more | 2025-04-12 | N/A |
| Race condition in the ResourceDispatcherHostImpl::BeginRequest function in content/browser/loader/resource_dispatcher_host_impl.cc in Google Chrome before 50.0.2661.102 allows remote attackers to make arbitrary HTTP requests by leveraging access to a renderer process and reusing a request ID. | ||||
| CVE-2016-2383 | 3 Canonical, Linux, Opensuse | 3 Ubuntu Linux, Linux Kernel, Leap | 2025-04-12 | 5.5 Medium |
| The adjust_branches function in kernel/bpf/verifier.c in the Linux kernel before 4.5 does not consider the delta in the backward-jump case, which allows local users to obtain sensitive information from kernel memory by creating a packet filter and then loading crafted BPF instructions. | ||||
| CVE-2016-7170 | 3 Debian, Opensuse, Qemu | 3 Debian Linux, Leap, Qemu | 2025-04-12 | 4.4 Medium |
| The vmsvga_fifo_run function in hw/display/vmware_vga.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) via vectors related to cursor.mask[] and cursor.image[] array sizes when processing a DEFINE_CURSOR svga command. | ||||
| CVE-2016-2797 | 6 Mozilla, Opensuse, Oracle and 3 more | 7 Firefox, Leap, Opensuse and 4 more | 2025-04-12 | N/A |
| The graphite2::TtfUtil::CmapSubtable12Lookup function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font, a different vulnerability than CVE-2016-2801. | ||||
| CVE-2015-4116 | 2 Opensuse, Php | 2 Leap, Php | 2025-04-12 | N/A |
| Use-after-free vulnerability in the spl_ptr_heap_insert function in ext/spl/spl_heap.c in PHP before 5.5.27 and 5.6.x before 5.6.11 allows remote attackers to execute arbitrary code by triggering a failed SplMinHeap::compare operation. | ||||
| CVE-2015-8080 | 4 Debian, Opensuse, Redhat and 1 more | 6 Debian Linux, Leap, Opensuse and 3 more | 2025-04-12 | 7.5 High |
| Integer overflow in the getnum function in lua_struct.c in Redis 2.8.x before 2.8.24 and 3.0.x before 3.0.6 allows context-dependent attackers with permission to run Lua code in a Redis session to cause a denial of service (memory corruption and application crash) or possibly bypass intended sandbox restrictions via a large number, which triggers a stack-based buffer overflow. | ||||
| CVE-2016-1668 | 4 Debian, Google, Opensuse and 1 more | 4 Debian Linux, Chrome, Opensuse and 1 more | 2025-04-12 | N/A |
| The forEachForBinding function in WebKit/Source/bindings/core/v8/Iterable.h in the V8 bindings in Blink, as used in Google Chrome before 50.0.2661.102, uses an improper creation context, which allows remote attackers to bypass the Same Origin Policy via a crafted web site. | ||||
| CVE-2016-1666 | 3 Google, Opensuse, Redhat | 7 Chrome, Opensuse, Enterprise Linux Desktop Supplementary and 4 more | 2025-04-12 | N/A |
| Multiple unspecified vulnerabilities in Google Chrome before 50.0.2661.94 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | ||||
| CVE-2014-9668 | 4 Canonical, Fedoraproject, Freetype and 1 more | 4 Ubuntu Linux, Fedora, Freetype and 1 more | 2025-04-12 | N/A |
| The woff_open_font function in sfnt/sfobjs.c in FreeType before 2.5.4 proceeds with offset+length calculations without restricting length values, which allows remote attackers to cause a denial of service (integer overflow and heap-based buffer overflow) or possibly have unspecified other impact via a crafted Web Open Font Format (WOFF) file. | ||||
| CVE-2016-1663 | 3 Google, Opensuse, Redhat | 7 Chrome, Opensuse, Enterprise Linux Desktop Supplementary and 4 more | 2025-04-12 | N/A |
| The SerializedScriptValue::transferArrayBuffers function in WebKit/Source/bindings/core/v8/SerializedScriptValue.cpp in the V8 bindings in Blink, as used in Google Chrome before 50.0.2661.94, mishandles certain array-buffer data structures, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted web site. | ||||
| CVE-2016-1658 | 5 Debian, Google, Novell and 2 more | 5 Debian Linux, Chrome, Suse Package Hub For Suse Linux Enterprise and 2 more | 2025-04-12 | N/A |
| The Extensions subsystem in Google Chrome before 50.0.2661.75 incorrectly relies on GetOrigin method calls for origin comparisons, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted extension. | ||||
| CVE-2015-4144 | 2 Opensuse, W1.fi | 3 Opensuse, Hostapd, Wpa Supplicant | 2025-04-12 | N/A |
| The EAP-pwd server and peer implementation in hostapd and wpa_supplicant 1.0 through 2.4 does not validate that a message is long enough to contain the Total-Length field, which allows remote attackers to cause a denial of service (crash) via a crafted message. | ||||
| CVE-2016-5739 | 2 Opensuse, Phpmyadmin | 3 Leap, Opensuse, Phpmyadmin | 2025-04-12 | N/A |
| The Transformation implementation in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 does not use the no-referrer Content Security Policy (CSP) protection mechanism, which makes it easier for remote attackers to conduct CSRF attacks by reading an authentication token in a Referer header, related to libraries/Header.php. | ||||
| CVE-2016-1656 | 4 Google, Opensuse, Redhat and 1 more | 5 Android, Chrome, Leap and 2 more | 2025-04-12 | N/A |
| The download implementation in Google Chrome before 50.0.2661.75 on Android allows remote attackers to bypass intended pathname restrictions via unspecified vectors. | ||||
| CVE-2016-1655 | 6 Canonical, Debian, Google and 3 more | 6 Ubuntu Linux, Debian Linux, Chrome and 3 more | 2025-04-12 | N/A |
| Google Chrome before 50.0.2661.75 does not properly consider that frame removal may occur during callback execution, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted extension. | ||||
| CVE-2016-5420 | 4 Debian, Haxx, Opensuse and 1 more | 6 Debian Linux, Libcurl, Leap and 3 more | 2025-04-12 | N/A |
| curl and libcurl before 7.50.1 do not check the client certificate when choosing the TLS connection to reuse, which might allow remote attackers to hijack the authentication of the connection by leveraging a previously created connection with a different client certificate. | ||||
| CVE-2016-4127 | 8 Adobe, Apple, Google and 5 more | 15 Flash Player, Flash Player Desktop Runtime, Mac Os X and 12 more | 2025-04-12 | 8.8 High |
| Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083. | ||||
| CVE-2016-4130 | 8 Adobe, Apple, Google and 5 more | 15 Flash Player, Flash Player Desktop Runtime, Mac Os X and 12 more | 2025-04-12 | 8.8 High |
| Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083. | ||||
| CVE-2016-4143 | 8 Adobe, Apple, Google and 5 more | 17 Flash Player, Flash Player Desktop Runtime, Macos and 14 more | 2025-04-12 | 8.8 High |
| Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083. | ||||
| CVE-2016-1652 | 5 Debian, Google, Opensuse and 2 more | 5 Debian Linux, Chrome, Leap and 2 more | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in the ModuleSystem::RequireForJsInner function in extensions/renderer/module_system.cc in the Extensions subsystem in Google Chrome before 50.0.2661.75 allows remote attackers to inject arbitrary web script or HTML via a crafted web site, aka "Universal XSS (UXSS)." | ||||