Vulnerabilities (CVE)

Filtered by vendor Suse Subscribe
Total 1179 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2016-2791 5 Mozilla, Opensuse, Oracle and 2 more 6 Firefox, Leap, Opensuse and 3 more 2025-04-12 6.8 MEDIUM 8.8 HIGH
The graphite2::GlyphCache::glyph function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font.
CVE-2014-4260 4 Debian, Mariadb, Oracle and 1 more 8 Debian Linux, Mariadb, Mysql and 5 more 2025-04-12 5.5 MEDIUM N/A
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier, and 5.6.17 and earlier, allows remote authenticated users to affect integrity and availability via vectors related to SRCHAR.
CVE-2015-0346 7 Adobe, Apple, Linux and 4 more 11 Flash Player, Mac Os X, Linux Kernel and 8 more 2025-04-12 10.0 HIGH N/A
Double free vulnerability in Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-0359.
CVE-2015-4495 6 Canonical, Mozilla, Opensuse and 3 more 15 Ubuntu Linux, Firefox, Firefox Os and 12 more 2025-04-12 4.3 MEDIUM 8.8 HIGH
The PDF reader in Mozilla Firefox before 39.0.3, Firefox ESR 38.x before 38.1.1, and Firefox OS before 2.2 allows remote attackers to bypass the Same Origin Policy, and read arbitrary files or gain privileges, via vectors involving crafted JavaScript code and a native setter, as exploited in the wild in August 2015.
CVE-2014-3470 6 Fedoraproject, Mariadb, Openssl and 3 more 11 Fedora, Mariadb, Openssl and 8 more 2025-04-12 4.3 MEDIUM N/A
The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h, when an anonymous ECDH cipher suite is used, allows remote attackers to cause a denial of service (NULL pointer dereference and client crash) by triggering a NULL certificate value.
CVE-2014-2494 4 Debian, Mariadb, Oracle and 1 more 7 Debian Linux, Mariadb, Mysql and 4 more 2025-04-12 4.0 MEDIUM N/A
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier allows remote authenticated users to affect availability via vectors related to ENARC.
CVE-2015-0433 6 Canonical, Debian, Mariadb and 3 more 15 Ubuntu Linux, Debian Linux, Mariadb and 12 more 2025-04-12 4.0 MEDIUM N/A
Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote authenticated users to affect availability via vectors related to InnoDB : DML.
CVE-2015-8779 6 Canonical, Debian, Fedoraproject and 3 more 10 Ubuntu Linux, Debian Linux, Fedora and 7 more 2025-04-12 7.5 HIGH 9.8 CRITICAL
Stack-based buffer overflow in the catopen function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long catalog name.
CVE-2016-1961 4 Mozilla, Opensuse, Oracle and 1 more 6 Firefox, Thunderbird, Leap and 3 more 2025-04-12 6.8 MEDIUM 8.8 HIGH
Use-after-free vulnerability in the nsHTMLDocument::SetBody function in dom/html/nsHTMLDocument.cpp in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code by leveraging mishandling of a root element, aka ZDI-CAN-3574.
CVE-2015-0499 6 Canonical, Debian, Mariadb and 3 more 14 Ubuntu Linux, Debian Linux, Mariadb and 11 more 2025-04-12 3.5 LOW N/A
Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Federated.
CVE-2011-4192 1 Suse 3 Kiwi, Studio Extension For System Z, Studio Onsite 2025-04-12 7.5 HIGH N/A
kiwi before 4.85.1, as used in SUSE Studio Onsite 1.2 before 1.2.1 and SUSE Studio Extension for System z 1.2 before 1.2.1, allows attackers to execute arbitrary commands as demonstrated by "double quotes in kiwi_oemtitle of .profile."
CVE-2014-4654 3 Canonical, Linux, Suse 3 Ubuntu Linux, Linux Kernel, Linux Enterprise Server 2025-04-12 4.6 MEDIUM N/A
The snd_ctl_elem_add function in sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 does not check authorization for SNDRV_CTL_IOCTL_ELEM_REPLACE commands, which allows local users to remove kernel controls and cause a denial of service (use-after-free and system crash) by leveraging /dev/snd/controlCX access for an ioctl call.
CVE-2014-9761 5 Canonical, Fedoraproject, Gnu and 2 more 9 Ubuntu Linux, Fedora, Glibc and 6 more 2025-04-12 7.5 HIGH 9.8 CRITICAL
Multiple stack-based buffer overflows in the GNU C Library (aka glibc or libc6) before 2.23 allow context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long argument to the (1) nan, (2) nanf, or (3) nanl function.
CVE-2015-1781 4 Canonical, Debian, Gnu and 1 more 6 Ubuntu Linux, Debian Linux, Glibc and 3 more 2025-04-12 6.8 MEDIUM N/A
Buffer overflow in the gethostbyname_r and other unspecified NSS functions in the GNU C Library (aka glibc or libc6) before 2.22 allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response, which triggers a call with a misaligned buffer.
CVE-2016-1286 7 Canonical, Debian, Fedoraproject and 4 more 47 Ubuntu Linux, Debian Linux, Fedora and 44 more 2025-04-12 5.0 MEDIUM 8.6 HIGH
named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted signature record for a DNAME record, related to db.c and resolver.c.
CVE-2016-1703 6 Canonical, Debian, Google and 3 more 9 Ubuntu Linux, Debian Linux, Chrome and 6 more 2025-04-12 6.8 MEDIUM 8.8 HIGH
Multiple unspecified vulnerabilities in Google Chrome before 51.0.2704.79 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
CVE-2016-4954 5 Ntp, Opensuse, Oracle and 2 more 15 Ntp, Leap, Opensuse and 12 more 2025-04-12 5.0 MEDIUM 7.5 HIGH
The process_packet function in ntp_proto.c in ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (peer-variable modification) by sending spoofed packets from many source IP addresses in a certain scenario, as demonstrated by triggering an incorrect leap indication.
CVE-2016-1694 5 Debian, Google, Opensuse and 2 more 8 Debian Linux, Chrome, Leap and 5 more 2025-04-12 4.3 MEDIUM 5.3 MEDIUM
browser/browsing_data/browsing_data_remover.cc in Google Chrome before 51.0.2704.63 deletes HPKP pins during cache clearing, which makes it easier for remote attackers to spoof web sites via a valid certificate from an arbitrary recognized Certification Authority.
CVE-2014-3601 4 Canonical, Linux, Opensuse and 1 more 6 Ubuntu Linux, Linux Kernel, Evergreen and 3 more 2025-04-12 4.3 MEDIUM N/A
The kvm_iommu_map_pages function in virt/kvm/iommu.c in the Linux kernel through 3.16.1 miscalculates the number of pages during the handling of a mapping failure, which allows guest OS users to (1) cause a denial of service (host OS memory corruption) or possibly have unspecified other impact by triggering a large gfn value or (2) cause a denial of service (host OS memory consumption) by triggering a small gfn value that leads to permanently pinned pages.
CVE-2015-8925 3 Canonical, Libarchive, Suse 5 Ubuntu Linux, Libarchive, Linux Enterprise Desktop and 2 more 2025-04-12 4.3 MEDIUM 5.5 MEDIUM
The readline function in archive_read_support_format_mtree.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (invalid read) via a crafted mtree file, related to newline parsing.