VYPR
Vendor

OpenSUSE

openSUSE is a free and open-source Linux distribution developed by the openSUSE Project. It is offered in two main variations: Tumbleweed, an upstream rolling release distribution, and Leap, a stable release distribution which is sourced from SUSE Linux Enterprise.

Founded 2005
Products
49
CVEs
1,697
Across products
2,080
Status
Private

Products

49
View all 49 products →

Recent CVEs

1,697
View all 1,697 CVEs →
  • CVE-2013-0422CriKEVJan 10, 2013
    risk 0.93cvss 9.8epss 0.98

    Multiple vulnerabilities in Oracle Java 7 before Update 11 allow remote attackers to execute arbitrary code by (1) using the public getMBeanInstantiator method in the JmxMBeanServer class to obtain a reference to a private MBeanInstantiator object, then retrieving arbitrary…

  • CVE-2015-5119CriKEVJul 8, 2015
    risk 0.87cvss 9.8epss 0.99

    Use-after-free vulnerability in the ByteArray class in the ActionScript 3 (AS3) implementation in Adobe Flash Player 13.x through 13.0.0.296 and 14.x through 18.0.0.194 on Windows and OS X and 11.x through 11.2.202.468 on Linux allows remote attackers to execute arbitrary code…

  • CVE-2015-3113CriKEVJun 23, 2015
    risk 0.87cvss 9.8epss 1.00

    Heap-based buffer overflow in Adobe Flash Player before 13.0.0.296 and 14.x through 18.x before 18.0.0.194 on Windows and OS X and before 11.2.202.468 on Linux allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in June 2015.

  • CVE-2014-7169CriKEVSep 25, 2014
    risk 0.87cvss 9.8epss 1.00

    GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by…

  • CVE-2014-6271CriKEVSep 24, 2014
    risk 0.87cvss 9.8epss 1.00

    GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd,…

  • CVE-2014-0497CriKEVFeb 5, 2014
    risk 0.87cvss 9.8epss 1.00

    Integer underflow in Adobe Flash Player before 11.7.700.261 and 11.8.x through 12.0.x before 12.0.0.44 on Windows and Mac OS X, and before 11.2.202.336 on Linux, allows remote attackers to execute arbitrary code via unspecified vectors.

  • CVE-2012-1823CriKEVMay 11, 2012
    risk 0.87cvss 9.8epss 1.00

    sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options…

  • CVE-2016-4117CriKEVMay 11, 2016
    risk 0.86cvss 9.8epss 0.94

    Adobe Flash Player 21.0.0.226 and earlier allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in May 2016.

  • CVE-2015-5122CriKEVJul 14, 2015
    risk 0.86cvss 9.8epss 0.94

    Use-after-free vulnerability in the DisplayObject class in the ActionScript 3 (AS3) implementation in Adobe Flash Player 13.x through 13.0.0.302 on Windows and OS X, 14.x through 18.0.0.203 on Windows and OS X, 11.x through 11.2.202.481 on Linux, and 12.x through 18.0.0.204 on…

  • CVE-2015-0313CriKEVFeb 2, 2015
    risk 0.86cvss 9.8epss 0.96

    Use-after-free vulnerability in Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in February 2015,…

  • CVE-2010-0840CriKEVApr 1, 2010
    risk 0.86cvss 9.8epss 0.96

    Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous…

  • CVE-2015-3043CriKEVApr 14, 2015
    risk 0.85cvss 9.8epss 0.80

    Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, as exploited in the wild in…

  • CVE-2010-4344CriKEVDec 14, 2010
    risk 0.84cvss 9.8epss 0.72

    Heap-based buffer overflow in the string_vformat function in string.c in Exim before 4.70 allows remote attackers to execute arbitrary code via an SMTP session that includes two MAIL commands in conjunction with a large message containing crafted headers, leading to improper…

  • CVE-2011-0611HigKEVApr 13, 2011
    risk 0.80cvss 8.8epss 0.99

    Adobe Flash Player before 10.2.154.27 on Windows, Mac OS X, Linux, and Solaris and 10.2.156.12 and earlier on Android; Adobe AIR before 2.6.19140; and Authplay.dll (aka AuthPlayLib.bundle) in Adobe Reader 9.x before 9.4.4 and 10.x through 10.0.1 on Windows, Adobe Reader 9.x…

  • CVE-2009-3953HigKEVJan 13, 2010
    risk 0.79cvss 8.8epss 0.84

    The U3D implementation in Adobe Reader and Acrobat 9.x before 9.3, 8.x before 8.2 on Windows and Mac OS X, and 7.x before 7.1.4 allows remote attackers to execute arbitrary code via malformed U3D data in a PDF document, related to a CLODProgressiveMeshDeclaration "array boundary…

  • CVE-2015-4495HigKEVAug 8, 2015
    risk 0.78cvss 8.8epss 0.70

    The PDF reader in Mozilla Firefox before 39.0.3, Firefox ESR 38.x before 38.1.1, and Firefox OS before 2.2 allows remote attackers to bypass the Same Origin Policy, and read arbitrary files or gain privileges, via vectors involving crafted JavaScript code and a native setter, as…

  • CVE-2015-2590CriKEVJul 16, 2015
    risk 0.78cvss 9.8epss 0.26

    Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2015-4732.

  • CVE-2013-1690HigKEVJun 26, 2013
    risk 0.78cvss 8.8epss 0.69

    Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 do not properly handle onreadystatechange events in conjunction with page reloading, which allows remote attackers to cause a denial of service…

  • CVE-2016-4171CriKEVJun 16, 2016
    risk 0.77cvss 9.8epss 0.20

    Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier allows remote attackers to execute arbitrary code via unknown vectors, as exploited in the wild in June 2016.

  • CVE-2016-3714HigKEVMay 5, 2016
    risk 0.77cvss 8.4epss 0.97

    The (1) EPHEMERAL, (2) HTTPS, (3) MVG, (4) MSL, (5) TEXT, (6) SHOW, (7) WIN, and (8) PLT coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to execute arbitrary code via shell metacharacters in a crafted image, aka "ImageTragick."