Vulnerabilities (CVE)

Filtered by vendor Suse Subscribe
Total 1179 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2013-1864 3 Ekiga, Opalvoip, Suse 4 Ekiga, Portable Tool Library, Suse Linux Enterprise Desktop and 1 more 2025-04-12 4.3 MEDIUM N/A
The Portable Tool Library (aka PTLib) before 2.10.10, as used in Ekiga before 4.0.1, does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted PXML document containing a large number of nested entity references, aka a "billion laughs attack."
CVE-2014-0222 2 Qemu, Suse 2 Qemu, Linux Enterprise Server 2025-04-12 7.5 HIGH N/A
Integer overflow in the qcow_open function in block/qcow.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service (crash) via a large L2 table in a QCOW version 1 image.
CVE-2016-1656 3 Google, Opensuse, Suse 4 Android, Chrome, Leap and 1 more 2025-04-12 5.0 MEDIUM 7.5 HIGH
The download implementation in Google Chrome before 50.0.2661.75 on Android allows remote attackers to bypass intended pathname restrictions via unspecified vectors.
CVE-2016-1679 6 Canonical, Debian, Google and 3 more 9 Ubuntu Linux, Debian Linux, Chrome and 6 more 2025-04-12 6.8 MEDIUM 8.8 HIGH
The ToV8Value function in content/child/v8_value_converter_impl.cc in the V8 bindings in Google Chrome before 51.0.2704.63 does not properly restrict use of getters and setters, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted JavaScript code.
CVE-2014-9116 4 Debian, Mageia, Mutt and 1 more 5 Debian Linux, Mageia, Mutt and 2 more 2025-04-12 5.0 MEDIUM N/A
The write_one_header function in mutt 1.5.23 does not properly handle newline characters at the beginning of a header, which allows remote attackers to cause a denial of service (crash) via a header with an empty body, which triggers a heap-based buffer overflow in the mutt_substrdup function.
CVE-2014-3654 2 Redhat, Suse 6 Satellite, Satellite With Embedded Oracle, Spacewalk-java and 3 more 2025-04-12 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in spacewalk-java 2.0.2 in Spacewalk and Red Hat Network (RHN) Satellite 5.5 and 5.6 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to (1) kickstart/cobbler/CustomSnippetList.do, (2) channels/software/Entitlements.do, or (3) admin/multiorg/OrgUsers.do.
CVE-2015-5122 7 Adobe, Apple, Linux and 4 more 14 Flash Player, Flash Player Desktop Runtime, Macos and 11 more 2025-04-12 10.0 HIGH 9.8 CRITICAL
Use-after-free vulnerability in the DisplayObject class in the ActionScript 3 (AS3) implementation in Adobe Flash Player 13.x through 13.0.0.302 on Windows and OS X, 14.x through 18.0.0.203 on Windows and OS X, 11.x through 11.2.202.481 on Linux, and 12.x through 18.0.0.204 on Linux Chrome installations allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content that leverages improper handling of the opaqueBackground property, as exploited in the wild in July 2015.
CVE-2014-6464 3 Mariadb, Oracle, Suse 6 Mariadb, Mysql, Linux Enterprise Desktop and 3 more 2025-04-12 4.0 MEDIUM N/A
Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:INNODB DML FOREIGN KEYS.
CVE-2016-1654 5 Canonical, Debian, Google and 2 more 5 Ubuntu Linux, Debian Linux, Chrome and 2 more 2025-04-12 4.3 MEDIUM 6.5 MEDIUM
The media subsystem in Google Chrome before 50.0.2661.75 does not initialize an unspecified data structure, which allows remote attackers to cause a denial of service (invalid read operation) via unknown vectors.
CVE-2014-1508 6 Canonical, Debian, Mozilla and 3 more 17 Ubuntu Linux, Debian Linux, Firefox and 14 more 2025-04-12 6.4 MEDIUM 9.1 CRITICAL
The libxul.so!gfxContext::Polygon function in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to obtain sensitive information from process memory, cause a denial of service (out-of-bounds read and application crash), or possibly bypass the Same Origin Policy via vectors involving MathML polygon rendering.
CVE-2016-3715 6 Canonical, Imagemagick, Opensuse and 3 more 30 Ubuntu Linux, Imagemagick, Leap and 27 more 2025-04-12 5.8 MEDIUM 5.5 MEDIUM
The EPHEMERAL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to delete arbitrary files via a crafted image.
CVE-2016-1687 5 Debian, Google, Opensuse and 2 more 8 Debian Linux, Chrome, Leap and 5 more 2025-04-12 4.3 MEDIUM 6.5 MEDIUM
The renderer implementation in Google Chrome before 51.0.2704.63 does not properly restrict public exposure of classes, which allows remote attackers to obtain sensitive information via vectors related to extensions.
CVE-2014-7812 2 Redhat, Suse 3 Satellite, Spacewalk, Manager 2025-04-12 3.5 LOW N/A
Cross-site scripting (XSS) vulnerability in Spacewalk and Red Hat Network (RHN) Satellite before 5.7.0 allows remote authenticated users to inject arbitrary web script or HTML via the System Groups field.
CVE-2016-4127 8 Adobe, Apple, Google and 5 more 14 Flash Player, Flash Player Desktop Runtime, Mac Os X and 11 more 2025-04-12 9.3 HIGH 8.8 HIGH
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.
CVE-2014-1502 5 Mozilla, Opensuse, Opensuse Project and 2 more 8 Firefox, Seamonkey, Opensuse and 5 more 2025-04-12 6.8 MEDIUM N/A
The (1) WebGL.compressedTexImage2D and (2) WebGL.compressedTexSubImage2D functions in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote attackers to bypass the Same Origin Policy and render content in a different domain via unspecified vectors.
CVE-2016-1696 5 Debian, Google, Opensuse and 2 more 8 Debian Linux, Chrome, Leap and 5 more 2025-04-12 6.8 MEDIUM 8.8 HIGH
The extensions subsystem in Google Chrome before 51.0.2704.79 does not properly restrict bindings access, which allows remote attackers to bypass the Same Origin Policy via unspecified vectors.
CVE-2016-3069 6 Debian, Fedoraproject, Mercurial and 3 more 14 Debian Linux, Fedora, Mercurial and 11 more 2025-04-12 6.8 MEDIUM 8.8 HIGH
Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a crafted name when converting a Git repository.
CVE-2014-1511 6 Canonical, Debian, Mozilla and 3 more 17 Ubuntu Linux, Debian Linux, Firefox and 14 more 2025-04-12 7.5 HIGH 9.8 CRITICAL
Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allow remote attackers to bypass the popup blocker via unspecified vectors.
CVE-2015-8931 4 Canonical, Debian, Libarchive and 1 more 6 Ubuntu Linux, Debian Linux, Libarchive and 3 more 2025-04-12 6.8 MEDIUM 7.8 HIGH
Multiple integer overflows in the (1) get_time_t_max and (2) get_time_t_min functions in archive_read_support_format_mtree.c in libarchive before 3.2.0 allow remote attackers to have unspecified impact via a crafted mtree file, which triggers undefined behavior.
CVE-2015-0491 3 Opensuse, Oracle, Suse 5 Opensuse, Javafx, Jdk and 2 more 2025-04-12 10.0 HIGH N/A
Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40, and Java FX 2.2.76, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than CVE-2015-0459.