Filtered by vendor Opensuse Subscriptions
Total 3284 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2011-2725 3 Canonical, Kde, Opensuse 4 Ubuntu Linux, Ark, Kde Sc and 1 more 2024-11-21 N/A
Directory traversal vulnerability in Ark 4.7.x and earlier allows remote attackers to delete and force the display of arbitrary files via .. (dot dot) sequences in a zip file.
CVE-2011-2198 3 Gnome, Opensuse, Oracle 3 Gnome-terminal, Opensuse, Solaris 2024-11-21 N/A
The "insert-blank-characters" capability in caps.c in gnome-terminal (vte) before 0.28.1 allows remote authenticated users to cause a denial of service (CPU and memory consumption and crash) via a crafted file, as demonstrated by a file containing the string "\033[100000000000000000@".
CVE-2011-1588 3 Debian, Opensuse, Xfce 3 Debian Linux, Opensuse, Thunar 2024-11-21 7.8 High
Thunar before 1.3.1 could crash when copy and pasting a file name with % format characters due to a format string error.
CVE-2011-1526 6 Debian, Fedoraproject, Mit and 3 more 8 Debian Linux, Fedora, Krb5-appl and 5 more 2024-11-21 N/A
ftpd.c in the GSS-API FTP daemon in MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.1 and earlier does not check the krb5_setegid return value, which allows remote authenticated users to bypass intended group access restrictions, and create, overwrite, delete, or read files, via standard FTP commands, related to missing autoconf tests in a configure script.
CVE-2011-1490 3 Debian, Opensuse, Rsyslog 3 Debian Linux, Opensuse, Rsyslog 2024-11-21 5.5 Medium
A memory leak in rsyslog before 5.7.6 was found in the way deamon processed log messages are logged when multiple rulesets were used and some output batches contained messages belonging to more than one ruleset. A local attacker could cause denial of the rsyslogd daemon service via a log message belonging to more than one ruleset
CVE-2011-1489 3 Debian, Opensuse, Rsyslog 3 Debian Linux, Opensuse, Rsyslog 2024-11-21 5.5 Medium
A memory leak in rsyslog before 5.7.6 was found in the way deamon processed log messages were logged when multiple rulesets were used and some output batches contained messages belonging to more than one ruleset. A local attacker could cause denial of the rsyslogd daemon service via a log message belonging to more than one ruleset.
CVE-2011-1488 3 Debian, Opensuse, Rsyslog 3 Debian Linux, Opensuse, Rsyslog 2024-11-21 5.5 Medium
A memory leak in rsyslog before 5.7.6 was found in the way deamon processed log messages are logged when $RepeatedMsgReduction was enabled. A local attacker could use this flaw to cause a denial of the rsyslogd daemon service by crashing the service via a sequence of repeated log messages sent within short periods of time.
CVE-2011-1145 4 Debian, Opensuse, Redhat and 1 more 4 Debian Linux, Opensuse, Enterprise Linux and 1 more 2024-11-21 7.8 High
The SQLDriverConnect() function in unixODBC before 2.2.14p2 have a possible buffer overflow condition when specifying a large value for SAVEFILE parameter in the connection string.
CVE-2011-0762 7 Canonical, Debian, Fedoraproject and 4 more 7 Ubuntu Linux, Debian Linux, Fedora and 4 more 2024-11-21 N/A
The vsf_filename_passes_filter function in ls.c in vsftpd before 2.3.3 allows remote authenticated users to cause a denial of service (CPU consumption and process slot exhaustion) via crafted glob expressions in STAT commands in multiple FTP sessions, a different vulnerability than CVE-2010-2632.
CVE-2011-0611 9 Adobe, Apple, Google and 6 more 14 Acrobat, Acrobat Reader, Adobe Air and 11 more 2024-11-21 8.8 High
Adobe Flash Player before 10.2.154.27 on Windows, Mac OS X, Linux, and Solaris and 10.2.156.12 and earlier on Android; Adobe AIR before 2.6.19140; and Authplay.dll (aka AuthPlayLib.bundle) in Adobe Reader 9.x before 9.4.4 and 10.x through 10.0.1 on Windows, Adobe Reader 9.x before 9.4.4 and 10.x before 10.0.3 on Mac OS X, and Adobe Acrobat 9.x before 9.4.4 and 10.x before 10.0.3 on Windows and Mac OS X allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted Flash content; as demonstrated by a Microsoft Office document with an embedded .swf file that has a size inconsistency in a "group of included constants," object type confusion, ActionScript that adds custom functions to prototypes, and Date objects; and as exploited in the wild in April 2011.
CVE-2011-0609 9 Adobe, Apple, Google and 6 more 15 Acrobat, Acrobat Reader, Air and 12 more 2024-11-21 7.8 High
Unspecified vulnerability in Adobe Flash Player 10.2.154.13 and earlier on Windows, Mac OS X, Linux, and Solaris; 10.1.106.16 and earlier on Android; Adobe AIR 2.5.1 and earlier; and Authplay.dll (aka AuthPlayLib.bundle) in Adobe Reader and Acrobat 9.x through 9.4.2 and 10.x through 10.0.1 on Windows and Mac OS X, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted Flash content, as demonstrated by a .swf file embedded in an Excel spreadsheet, and as exploited in the wild in March 2011.
CVE-2011-0468 1 Opensuse 1 Opensuse 2024-11-21 N/A
The aaa_base package before 11.3-8.9.1 in SUSE openSUSE 11.3, and before 11.4-54.62.1 in openSUSE 11.4, allows local users to gain privileges via shell metacharacters in a filename, related to tab expansion.
CVE-2011-0461 1 Opensuse 1 Opensuse 2024-11-21 N/A
/etc/init.d/boot.localfs in the aaa_base package before 11.2-43.48.1 in SUSE openSUSE 11.2, and before 11.3-8.7.1 in openSUSE 11.3, allows local users to overwrite arbitrary files via a symlink attack on /dev/shm/mtab.
CVE-2011-0460 2 Kbd-project, Opensuse 2 Kbd, Opensuse 2024-11-21 N/A
The init script in kbd, possibly 1.14.1 and earlier, allows local users to overwrite arbitrary files via a symlink attack on /dev/shm/defkeymap.map.
CVE-2010-4661 5 Debian, Fedoraproject, Opensuse and 2 more 5 Debian Linux, Fedora, Opensuse and 2 more 2024-11-21 7.8 High
udisks before 1.0.3 allows a local user to load arbitrary Linux kernel modules.
CVE-2010-4494 10 Apache, Apple, Debian and 7 more 18 Openoffice, Iphone Os, Itunes and 15 more 2024-11-21 N/A
Double free vulnerability in libxml2 2.7.8 and other versions, as used in Google Chrome before 8.0.552.215 and other products, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to XPath handling.
CVE-2010-4347 4 Linux, Opensuse, Redhat and 1 more 4 Linux Kernel, Opensuse, Enterprise Mrg and 1 more 2024-11-21 N/A
The ACPI subsystem in the Linux kernel before 2.6.36.2 uses 0222 permissions for the debugfs custom_method file, which allows local users to gain privileges by placing a custom ACPI method in the ACPI interpreter tables, related to the acpi_debugfs_init function in drivers/acpi/debugfs.c.
CVE-2010-4345 5 Canonical, Debian, Exim and 2 more 5 Ubuntu Linux, Debian Linux, Exim and 2 more 2024-11-21 7.8 High
Exim 4.72 and earlier allows local users to gain privileges by leveraging the ability of the exim user account to specify an alternate configuration file with a directive that contains arbitrary commands, as demonstrated by the spool_directory directive.
CVE-2010-4344 5 Canonical, Debian, Exim and 2 more 6 Ubuntu Linux, Debian Linux, Exim and 3 more 2024-11-21 9.8 Critical
Heap-based buffer overflow in the string_vformat function in string.c in Exim before 4.70 allows remote attackers to execute arbitrary code via an SMTP session that includes two MAIL commands in conjunction with a large message containing crafted headers, leading to improper rejection logging.
CVE-2010-4258 4 Fedoraproject, Linux, Opensuse and 1 more 7 Fedora, Linux Kernel, Opensuse and 4 more 2024-11-21 N/A
The do_exit function in kernel/exit.c in the Linux kernel before 2.6.36.2 does not properly handle a KERNEL_DS get_fs value, which allows local users to bypass intended access_ok restrictions, overwrite arbitrary kernel memory locations, and gain privileges by leveraging a (1) BUG, (2) NULL pointer dereference, or (3) page fault, as demonstrated by vectors involving the clear_child_tid feature and the splice system call.