openSUSE
by OpenSUSE
Source repositories
CVEs (1,425)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2014-9765 | Hig | 0.51 | 8.8 | 0.04 | Apr 19, 2016 | Buffer overflow in the main_get_appheader function in xdelta3-main.h in xdelta3 before 3.0.9 allows remote attackers to execute arbitrary code via a crafted input file. | ||
| CVE-2015-7552 | Hig | 0.51 | 7.8 | 0.04 | Apr 18, 2016 | Heap-based buffer overflow in the gdk_pixbuf_flip function in gdk-pixbuf-scale.c in gdk-pixbuf 2.30.x allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted BMP file. | ||
| CVE-2010-4040 | Hig | 0.51 | 7.8 | 0.01 | Oct 21, 2010 | Google Chrome before 7.0.517.41 does not properly handle animated GIF images, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted image. | ||
| CVE-2010-2798 | Hig | 0.51 | 7.8 | 0.00 | Sep 8, 2010 | The gfs2_dirent_find_space function in fs/gfs2/dir.c in the Linux kernel before 2.6.35 uses an incorrect size value in calculations associated with sentinel directory entries, which allows local users to cause a denial of service (NULL pointer dereference and panic) and possibly… | ||
| CVE-2009-3620 | Hig | 0.51 | 7.8 | 0.00 | Oct 22, 2009 | The ATI Rage 128 (aka r128) driver in the Linux kernel before 2.6.31-git11 does not properly verify Concurrent Command Engine (CCE) state initialization, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly gain privileges… | ||
| CVE-2009-3289 | Hig | 0.51 | 7.8 | 0.00 | Sep 22, 2009 | The g_file_copy function in glib 2.0 sets the permissions of a target file to the permissions of a symbolic link (777), which allows user-assisted local users to modify files of other users, as demonstrated by using Nautilus to modify the permissions of the user home directory. | ||
| CVE-2009-0115 | Hig | 0.51 | 7.8 | 0.00 | Mar 30, 2009 | The Device Mapper multipathing driver (aka multipath-tools or device-mapper-multipath) 0.4.8, as used in SUSE openSUSE, SUSE Linux Enterprise Server (SLES), Fedora, and possibly other operating systems, uses world-writable permissions for the socket file (aka… | ||
| CVE-2009-0749 | Hig | 0.51 | 7.8 | 0.02 | Mar 2, 2009 | Use-after-free vulnerability in the GIFReadNextExtension function in lib/pngxtern/gif/gifread.c in OptiPNG 0.6.2 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a crafted GIF image that causes the realloc function to return a… | ||
| CVE-2008-2931 | Hig | 0.51 | 7.8 | 0.00 | Jul 9, 2008 | The do_change_type function in fs/namespace.c in the Linux kernel before 2.6.22 does not verify that the caller has the CAP_SYS_ADMIN capability, which allows local users to gain privileges or cause a denial of service by modifying the properties of a mountpoint. | ||
| CVE-2008-2812 | Hig | 0.51 | 7.8 | 0.00 | Jul 9, 2008 | The Linux kernel before 2.6.25.10 does not properly perform tty operations, which allows local users to cause a denial of service (system crash) or possibly gain privileges via vectors involving NULL pointer dereference of function pointers in (1) hamradio/6pack.c, (2)… | ||
| CVE-2015-8567 | Hig | 0.50 | 7.7 | 0.06 | Apr 13, 2017 | Memory leak in net/vmxnet3.c in QEMU allows remote attackers to cause a denial of service (memory consumption). | ||
| CVE-2016-4954 | Hig | 0.50 | 7.5 | 0.13 | Jul 5, 2016 | The process_packet function in ntp_proto.c in ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (peer-variable modification) by sending spoofed packets from many source IP addresses in a certain scenario, as demonstrated by triggering an… | ||
| CVE-2016-4953 | Hig | 0.50 | 7.5 | 0.17 | Jul 5, 2016 | ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (ephemeral-association demobilization) by sending a spoofed crypto-NAK packet with incorrect authentication data at a certain time. | ||
| CVE-2014-3462 | Hig | 0.49 | 7.5 | 0.03 | Aug 7, 2017 | The ".encfs6.xml" configuration file in encfs before 1.7.5 allows remote attackers to access sensitive data by setting "blockMACBytes" to 0 and adding 8 to "blockMACRandBytes". | ||
| CVE-2015-5300 | Hig | 0.49 | 7.5 | 0.09 | Jul 21, 2017 | The panic_gate check in NTP before 4.2.8p5 is only re-enabled after the first change to the system clock that was greater than 128 milliseconds by default, which allows remote attackers to set NTP to an arbitrary time when started with the -g option, or to alter the time by up… | ||
| CVE-2014-9851 | Hig | 0.49 | 7.5 | 0.04 | Mar 20, 2017 | ImageMagick 6.8.9.9 allows remote attackers to cause a denial of service (application crash). | ||
| CVE-2014-9850 | Hig | 0.49 | 7.5 | 0.04 | Mar 20, 2017 | Logic error in ImageMagick 6.8.9.9 allows remote attackers to cause a denial of service (resource consumption). | ||
| CVE-2014-9849 | Hig | 0.49 | 7.5 | 0.04 | Mar 20, 2017 | The png coder in ImageMagick allows remote attackers to cause a denial of service (crash). | ||
| CVE-2014-9848 | Hig | 0.49 | 7.5 | 0.04 | Mar 20, 2017 | Memory leak in ImageMagick allows remote attackers to cause a denial of service (memory consumption). | ||
| CVE-2014-9842 | Hig | 0.49 | 7.5 | 0.04 | Mar 20, 2017 | Memory leak in the ReadPSDLayers function in coders/psd.c in ImageMagick 6.8.9.9 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors. |
- risk 0.51cvss 8.8epss 0.04
Buffer overflow in the main_get_appheader function in xdelta3-main.h in xdelta3 before 3.0.9 allows remote attackers to execute arbitrary code via a crafted input file.
- risk 0.51cvss 7.8epss 0.04
Heap-based buffer overflow in the gdk_pixbuf_flip function in gdk-pixbuf-scale.c in gdk-pixbuf 2.30.x allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted BMP file.
- risk 0.51cvss 7.8epss 0.01
Google Chrome before 7.0.517.41 does not properly handle animated GIF images, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted image.
- risk 0.51cvss 7.8epss 0.00
The gfs2_dirent_find_space function in fs/gfs2/dir.c in the Linux kernel before 2.6.35 uses an incorrect size value in calculations associated with sentinel directory entries, which allows local users to cause a denial of service (NULL pointer dereference and panic) and possibly…
- risk 0.51cvss 7.8epss 0.00
The ATI Rage 128 (aka r128) driver in the Linux kernel before 2.6.31-git11 does not properly verify Concurrent Command Engine (CCE) state initialization, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly gain privileges…
- risk 0.51cvss 7.8epss 0.00
The g_file_copy function in glib 2.0 sets the permissions of a target file to the permissions of a symbolic link (777), which allows user-assisted local users to modify files of other users, as demonstrated by using Nautilus to modify the permissions of the user home directory.
- risk 0.51cvss 7.8epss 0.00
The Device Mapper multipathing driver (aka multipath-tools or device-mapper-multipath) 0.4.8, as used in SUSE openSUSE, SUSE Linux Enterprise Server (SLES), Fedora, and possibly other operating systems, uses world-writable permissions for the socket file (aka…
- risk 0.51cvss 7.8epss 0.02
Use-after-free vulnerability in the GIFReadNextExtension function in lib/pngxtern/gif/gifread.c in OptiPNG 0.6.2 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a crafted GIF image that causes the realloc function to return a…
- risk 0.51cvss 7.8epss 0.00
The do_change_type function in fs/namespace.c in the Linux kernel before 2.6.22 does not verify that the caller has the CAP_SYS_ADMIN capability, which allows local users to gain privileges or cause a denial of service by modifying the properties of a mountpoint.
- risk 0.51cvss 7.8epss 0.00
The Linux kernel before 2.6.25.10 does not properly perform tty operations, which allows local users to cause a denial of service (system crash) or possibly gain privileges via vectors involving NULL pointer dereference of function pointers in (1) hamradio/6pack.c, (2)…
- risk 0.50cvss 7.7epss 0.06
Memory leak in net/vmxnet3.c in QEMU allows remote attackers to cause a denial of service (memory consumption).
- risk 0.50cvss 7.5epss 0.13
The process_packet function in ntp_proto.c in ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (peer-variable modification) by sending spoofed packets from many source IP addresses in a certain scenario, as demonstrated by triggering an…
- risk 0.50cvss 7.5epss 0.17
ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (ephemeral-association demobilization) by sending a spoofed crypto-NAK packet with incorrect authentication data at a certain time.
- risk 0.49cvss 7.5epss 0.03
The ".encfs6.xml" configuration file in encfs before 1.7.5 allows remote attackers to access sensitive data by setting "blockMACBytes" to 0 and adding 8 to "blockMACRandBytes".
- risk 0.49cvss 7.5epss 0.09
The panic_gate check in NTP before 4.2.8p5 is only re-enabled after the first change to the system clock that was greater than 128 milliseconds by default, which allows remote attackers to set NTP to an arbitrary time when started with the -g option, or to alter the time by up…
- risk 0.49cvss 7.5epss 0.04
ImageMagick 6.8.9.9 allows remote attackers to cause a denial of service (application crash).
- risk 0.49cvss 7.5epss 0.04
Logic error in ImageMagick 6.8.9.9 allows remote attackers to cause a denial of service (resource consumption).
- risk 0.49cvss 7.5epss 0.04
The png coder in ImageMagick allows remote attackers to cause a denial of service (crash).
- risk 0.49cvss 7.5epss 0.04
Memory leak in ImageMagick allows remote attackers to cause a denial of service (memory consumption).
- risk 0.49cvss 7.5epss 0.04
Memory leak in the ReadPSDLayers function in coders/psd.c in ImageMagick 6.8.9.9 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors.
Page 14 of 72