Filtered by vendor Opensuse
Subscriptions
Total
3284 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2015-3256 | 3 Opensuse, Polkit Project, Redhat | 3 Opensuse, Polkit, Enterprise Linux | 2024-11-21 | N/A |
PolicyKit (aka polkit) before 0.113 allows local users to cause a denial of service (memory corruption and polkitd daemon crash) and possibly gain privileges via unspecified vectors, related to "javascript rule evaluation." | ||||
CVE-2015-3227 | 2 Opensuse, Rubyonrails | 2 Opensuse, Rails | 2024-11-21 | N/A |
The (1) jdom.rb and (2) rexml.rb components in Active Support in Ruby on Rails before 4.1.11 and 4.2.x before 4.2.2, when JDOM or REXML is enabled, allow remote attackers to cause a denial of service (SystemStackError) via a large XML document depth. | ||||
CVE-2015-3225 | 4 Debian, Opensuse, Rack Project and 1 more | 6 Debian Linux, Opensuse, Rack and 3 more | 2024-11-21 | N/A |
lib/rack/utils.rb in Rack before 1.5.4 and 1.6.x before 1.6.2, as used with Ruby on Rails 3.x and 4.x and other products, allows remote attackers to cause a denial of service (SystemStackError) via a request with a large parameter depth. | ||||
CVE-2015-3195 | 9 Apple, Canonical, Debian and 6 more | 28 Mac Os X, Ubuntu Linux, Debian Linux and 25 more | 2024-11-21 | 5.3 Medium |
The ASN1_TFLG_COMBINE implementation in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zh, 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1q, and 1.0.2 before 1.0.2e mishandles errors caused by malformed X509_ATTRIBUTE data, which allows remote attackers to obtain sensitive information from process memory by triggering a decoding failure in a PKCS#7 or CMS application. | ||||
CVE-2015-3164 | 2 Opensuse, X.org | 2 Opensuse, Xorg-server | 2024-11-21 | N/A |
The authentication setup in XWayland 1.16.x and 1.17.x before 1.17.2 starts the server in non-authenticating mode, which allows local users to read from or send information to arbitrary X11 clients via vectors involving a UNIX socket. | ||||
CVE-2015-3148 | 8 Apple, Canonical, Debian and 5 more | 9 Mac Os X, Ubuntu Linux, Debian Linux and 6 more | 2024-11-21 | N/A |
cURL and libcurl 7.10.6 through 7.41.0 do not properly re-use authenticated Negotiate connections, which allows remote attackers to connect as other users via a request. | ||||
CVE-2015-3145 | 8 Apple, Canonical, Debian and 5 more | 9 Mac Os X, Ubuntu Linux, Debian Linux and 6 more | 2024-11-21 | N/A |
The sanitize_cookie_path function in cURL and libcurl 7.31.0 through 7.41.0 does not properly calculate an index, which allows remote attackers to cause a denial of service (out-of-bounds write and crash) or possibly have other unspecified impact via a cookie path containing only a double-quote character. | ||||
CVE-2015-3138 | 3 Opensuse, Opensuse Project, Tcpdump | 3 Leap, Leap, Tcpdump | 2024-11-21 | N/A |
print-wb.c in tcpdump before 4.7.4 allows remote attackers to cause a denial of service (segmentation fault and process crash). | ||||
CVE-2015-3113 | 8 Adobe, Apple, Hp and 5 more | 19 Flash Player, Mac Os X, Insight Orchestration and 16 more | 2024-11-21 | 9.8 Critical |
Heap-based buffer overflow in Adobe Flash Player before 13.0.0.296 and 14.x through 18.x before 18.0.0.194 on Windows and OS X and before 11.2.202.468 on Linux allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in June 2015. | ||||
CVE-2015-3107 | 7 Adobe, Apple, Google and 4 more | 10 Air, Air Sdk, Air Sdk \& Compiler and 7 more | 2024-11-21 | N/A |
Use-after-free vulnerability in Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows and OS X and before 11.2.202.466 on Linux, Adobe AIR before 18.0.0.144 on Windows and before 18.0.0.143 on OS X and Android, Adobe AIR SDK before 18.0.0.144 on Windows and before 18.0.0.143 on OS X, and Adobe AIR SDK & Compiler before 18.0.0.144 on Windows and before 18.0.0.143 on OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-3103 and CVE-2015-3106. | ||||
CVE-2015-3044 | 7 Adobe, Apple, Linux and 4 more | 13 Flash Player, Mac Os X, Linux Kernel and 10 more | 2024-11-21 | N/A |
Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors. | ||||
CVE-2015-3043 | 7 Adobe, Apple, Linux and 4 more | 15 Flash Player, Mac Os X, Linux Kernel and 12 more | 2024-11-21 | 9.8 Critical |
Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, as exploited in the wild in April 2015, a different vulnerability than CVE-2015-0347, CVE-2015-0350, CVE-2015-0352, CVE-2015-0353, CVE-2015-0354, CVE-2015-0355, CVE-2015-0360, CVE-2015-3038, CVE-2015-3041, and CVE-2015-3042. | ||||
CVE-2015-3042 | 7 Adobe, Apple, Linux and 4 more | 12 Flash Player, Mac Os X, Linux Kernel and 9 more | 2024-11-21 | N/A |
Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0347, CVE-2015-0350, CVE-2015-0352, CVE-2015-0353, CVE-2015-0354, CVE-2015-0355, CVE-2015-0360, CVE-2015-3038, CVE-2015-3041, and CVE-2015-3043. | ||||
CVE-2015-3041 | 7 Adobe, Apple, Linux and 4 more | 12 Flash Player, Mac Os X, Linux Kernel and 9 more | 2024-11-21 | N/A |
Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0347, CVE-2015-0350, CVE-2015-0352, CVE-2015-0353, CVE-2015-0354, CVE-2015-0355, CVE-2015-0360, CVE-2015-3038, CVE-2015-3042, and CVE-2015-3043. | ||||
CVE-2015-3040 | 7 Adobe, Apple, Linux and 4 more | 12 Flash Player, Mac Os X, Linux Kernel and 9 more | 2024-11-21 | N/A |
Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux does not properly restrict discovery of memory addresses, which allows attackers to bypass the ASLR protection mechanism via unspecified vectors, a different vulnerability than CVE-2015-0357. | ||||
CVE-2015-3039 | 7 Adobe, Apple, Linux and 4 more | 12 Flash Player, Mac Os X, Linux Kernel and 9 more | 2024-11-21 | N/A |
Use-after-free vulnerability in Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-0349, CVE-2015-0351, and CVE-2015-0358. | ||||
CVE-2015-3038 | 7 Adobe, Apple, Linux and 4 more | 12 Flash Player, Mac Os X, Linux Kernel and 9 more | 2024-11-21 | N/A |
Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0347, CVE-2015-0350, CVE-2015-0352, CVE-2015-0353, CVE-2015-0354, CVE-2015-0355, CVE-2015-0360, CVE-2015-3041, CVE-2015-3042, and CVE-2015-3043. | ||||
CVE-2015-3026 | 3 Debian, Opensuse, Xiph | 3 Debian Linux, Opensuse, Icecast | 2024-11-21 | N/A |
Icecast before 2.4.2, when a stream_auth handler is defined for URL authentication, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a request without login credentials, as demonstrated by a request to "admin/killsource?mount=/test.ogg." | ||||
CVE-2015-2808 | 9 Canonical, Debian, Fujitsu and 6 more | 102 Ubuntu Linux, Debian Linux, Sparc Enterprise M3000 and 99 more | 2024-11-21 | N/A |
The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic that occasionally relies on keys affected by the Invariance Weakness, and then using a brute-force approach involving LSB values, aka the "Bar Mitzvah" issue. | ||||
CVE-2015-2787 | 4 Apple, Opensuse, Php and 1 more | 11 Mac Os X, Opensuse, Php and 8 more | 2024-11-21 | N/A |
Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages use of the unset function within an __wakeup function, a related issue to CVE-2015-0231. |