Filtered by vendor Opensuse
Subscriptions
Total
3283 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-8964 | 6 Fedoraproject, Mariadb, Opensuse and 3 more | 12 Fedora, Mariadb, Opensuse and 9 more | 2024-08-06 | N/A |
| Heap-based buffer overflow in PCRE 8.36 and earlier allows remote attackers to cause a denial of service (crash) or have other unspecified impact via a crafted regular expression, related to an assertion that allows zero repeats. | ||||
| CVE-2014-8961 | 2 Opensuse, Phpmyadmin | 2 Opensuse, Phpmyadmin | 2024-08-06 | N/A |
| Directory traversal vulnerability in libraries/error_report.lib.php in the error-reporting feature in phpMyAdmin 4.1.x before 4.1.14.7 and 4.2.x before 4.2.12 allows remote authenticated users to obtain potentially sensitive information about a file's line count via a crafted parameter. | ||||
| CVE-2014-8867 | 4 Debian, Opensuse, Redhat and 1 more | 5 Debian Linux, Opensuse, Enterprise Linux and 2 more | 2024-08-06 | N/A |
| The acceleration support for the "REP MOVS" instruction in Xen 4.4.x, 3.2.x, and earlier lacks properly bounds checking for memory mapped I/O (MMIO) emulated in the hypervisor, which allows local HVM guests to cause a denial of service (host crash) via unspecified vectors. | ||||
| CVE-2014-8767 | 2 Opensuse, Redhat | 2 Opensuse, Tcpdump | 2024-08-06 | N/A |
| Integer underflow in the olsr_print function in tcpdump 3.9.6 through 4.6.2, when in verbose mode, allows remote attackers to cause a denial of service (crash) via a crafted length value in an OLSR frame. | ||||
| CVE-2014-8866 | 3 Debian, Opensuse, Xen | 3 Debian Linux, Opensuse, Xen | 2024-08-06 | N/A |
| The compatibility mode hypercall argument translation in Xen 3.3.x through 4.4.x, when running on a 64-bit hypervisor, allows local 32-bit HVM guests to cause a denial of service (host crash) via vectors involving altering the high halves of registers while in 64-bit mode. | ||||
| CVE-2014-8768 | 4 Canonical, Opensuse, Oracle and 1 more | 4 Ubuntu Linux, Opensuse, Solaris and 1 more | 2024-08-06 | N/A |
| Multiple Integer underflows in the geonet_print function in tcpdump 4.5.0 through 4.6.2, when in verbose mode, allow remote attackers to cause a denial of service (segmentation fault and crash) via a crafted length value in a Geonet frame. | ||||
| CVE-2014-8640 | 2 Mozilla, Opensuse | 3 Firefox, Seamonkey, Opensuse | 2024-08-06 | N/A |
| The mozilla::dom::AudioParamTimeline::AudioNodeInputValue function in the Web Audio API implementation in Mozilla Firefox before 35.0 and SeaMonkey before 2.32 does not properly restrict timeline operations, which allows remote attackers to cause a denial of service (uninitialized-memory read and application crash) via crafted API calls. | ||||
| CVE-2014-8642 | 2 Mozilla, Opensuse | 3 Firefox, Seamonkey, Opensuse | 2024-08-06 | N/A |
| Mozilla Firefox before 35.0 and SeaMonkey before 2.32 do not consider the id-pkix-ocsp-nocheck extension in deciding whether to trust an OCSP responder, which makes it easier for remote attackers to obtain sensitive information by sniffing the network during a session in which there was an incorrect decision to accept a compromised and revoked certificate. | ||||
| CVE-2014-8600 | 3 Kde, Opensuse, Urs Wolfer | 4 Kde-runtime, Kio-extras, Opensuse and 1 more | 2024-08-06 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in KDE-Runtime 4.14.3 and earlier, kwebkitpart 1.3.4 and earlier, and kio-extras 5.1.1 and earlier allow remote attackers to inject arbitrary web script or HTML via a crafted URI using the (1) zip, (2) trash, (3) tar, (4) thumbnail, (5) smtps, (6) smtp, (7) smb, (8) remote, (9) recentdocuments, (10) nntps, (11) nntp, (12) network, (13) mbox, (14) ldaps, (15) ldap, (16) fonts, (17) file, (18) desktop, (19) cgi, (20) bookmarks, or (21) ar scheme, which is not properly handled in an error message. | ||||
| CVE-2014-8643 | 3 Microsoft, Mozilla, Opensuse | 3 Windows, Firefox, Opensuse | 2024-08-06 | N/A |
| Mozilla Firefox before 35.0 on Windows allows remote attackers to bypass the Gecko Media Plugin (GMP) sandbox protection mechanism by leveraging access to the GMP process, as demonstrated by the OpenH264 plugin's process. | ||||
| CVE-2014-8595 | 3 Debian, Opensuse, Xen | 3 Debian Linux, Opensuse, Xen | 2024-08-06 | N/A |
| arch/x86/x86_emulate/x86_emulate.c in Xen 3.2.1 through 4.4.x does not properly check privileges, which allows local HVM guest users to gain privileges or cause a denial of service (crash) via a crafted (1) CALL, (2) JMP, (3) RETF, (4) LCALL, (5) LJMP, or (6) LRET far branch instruction. | ||||
| CVE-2014-8594 | 3 Debian, Opensuse, Xen | 3 Debian Linux, Opensuse, Xen | 2024-08-06 | N/A |
| The do_mmu_update function in arch/x86/mm.c in Xen 4.x through 4.4.x does not properly restrict updates to only PV page tables, which allows remote PV guests to cause a denial of service (NULL pointer dereference) by leveraging hardware emulation services for HVM guests using Hardware Assisted Paging (HAP). | ||||
| CVE-2014-8559 | 7 Canonical, Linux, Novell and 4 more | 14 Ubuntu Linux, Linux Kernel, Suse Linux Enterprise Desktop and 11 more | 2024-08-06 | 5.5 Medium |
| The d_walk function in fs/dcache.c in the Linux kernel through 3.17.2 does not properly maintain the semantics of rename_lock, which allows local users to cause a denial of service (deadlock and system hang) via a crafted application. | ||||
| CVE-2014-8564 | 4 Canonical, Gnu, Opensuse and 1 more | 8 Ubuntu Linux, Gnutls, Opensuse and 5 more | 2024-08-06 | N/A |
| The _gnutls_ecc_ansi_x963_export function in gnutls_ecc.c in GnuTLS 3.x before 3.1.28, 3.2.x before 3.2.20, and 3.3.x before 3.3.10 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted (1) Elliptic Curve Cryptography (ECC) certificate or (2) certificate signing requests (CSR), related to generating key IDs. | ||||
| CVE-2014-8483 | 4 Canonical, Debian, Opensuse and 1 more | 4 Ubuntu Linux, Debian Linux, Opensuse and 1 more | 2024-08-06 | N/A |
| The blowfishECB function in core/cipher.cpp in Quassel IRC 0.10.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a malformed string. | ||||
| CVE-2014-8369 | 5 Debian, Linux, Opensuse and 2 more | 6 Debian Linux, Linux Kernel, Evergreen and 3 more | 2024-08-06 | 7.8 High |
| The kvm_iommu_map_pages function in virt/kvm/iommu.c in the Linux kernel through 3.17.2 miscalculates the number of pages during the handling of a mapping failure, which allows guest OS users to cause a denial of service (host OS page unpinning) or possibly have unspecified other impact by leveraging guest OS privileges. NOTE: this vulnerability exists because of an incorrect fix for CVE-2014-3601. | ||||
| CVE-2014-8326 | 2 Opensuse, Phpmyadmin | 2 Opensuse, Phpmyadmin | 2024-08-06 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.5, 4.1.x before 4.1.14.6, and 4.2.x before 4.2.10.1 allow remote authenticated users to inject arbitrary web script or HTML via a crafted (1) database name or (2) table name, related to the libraries/DatabaseInterface.class.php code for SQL debug output and the js/server_status_monitor.js code for the server monitor page. | ||||
| CVE-2014-8179 | 2 Docker, Opensuse | 3 Cs Engine, Docker, Opensuse | 2024-08-06 | 7.5 High |
| Docker Engine before 1.8.3 and CS Docker Engine before 1.6.2-CS7 does not properly validate and extract the manifest object from its JSON representation during a pull, which allows attackers to inject new attributes in a JSON object and bypass pull-by-digest validation. | ||||
| CVE-2014-8157 | 4 Debian, Jasper Project, Opensuse and 1 more | 5 Debian Linux, Jasper, Opensuse and 2 more | 2024-08-06 | N/A |
| Off-by-one error in the jpc_dec_process_sot function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted JPEG 2000 image, which triggers a heap-based buffer overflow. | ||||
| CVE-2014-8169 | 3 Automount Project, Opensuse, Redhat | 7 Automount, Opensuse, Enterprise Linux and 4 more | 2024-08-06 | N/A |
| automount 5.0.8, when a program map uses certain interpreted languages, uses the calling user's USER and HOME environment variable values instead of the values for the user used to run the mapped program, which allows local users to gain privileges via a Trojan horse program in the user home directory. | ||||