VYPR

Vendor CVEs

OpenSUSE

All CVEs

1,697 total · sorted by risk
  • CVE-2016-2381HigApr 8, 2016
    risk 0.49cvss 7.5epss 0.09

    Perl might allow context-dependent attackers to bypass the taint protection mechanism in a child process via duplicate environment variables in envp.

  • CVE-2016-3125HigApr 5, 2016
    risk 0.49cvss 7.5epss 0.07

    The mod_tls module in ProFTPD before 1.3.5b and 1.3.6 before 1.3.6rc2 does not properly handle the TLSDHParamFile directive, which might cause a weaker than intended Diffie-Hellman (DH) key to be used and consequently allow attackers to have unspecified impact via unknown…

  • CVE-2016-1285MedMar 9, 2016
    risk 0.49cvss 6.8epss 0.59

    named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 does not properly handle DNAME records when parsing fetch reply messages, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a malformed packet to the rndc (aka…

  • CVE-2015-8618HigJan 27, 2016
    risk 0.49cvss 7.5epss 0.03

    The Int.Exp Montgomery code in the math/big library in Go 1.5.x before 1.5.3 mishandles carry propagation and produces incorrect output, which makes it easier for attackers to obtain private RSA keys via unspecified vectors.

  • CVE-2014-1505HigMar 19, 2014
    risk 0.49cvss 7.5epss 0.04

    The SVG filter implementation in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to obtain sensitive displacement-correlation information, and possibly bypass the Same Origin Policy and read…

  • CVE-2014-1487HigFeb 6, 2014
    risk 0.49cvss 7.5epss 0.02

    The Web workers implementation in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allows remote attackers to bypass the Same Origin Policy and obtain sensitive authentication information via vectors involving error…

  • CVE-2014-1481HigFeb 6, 2014
    risk 0.49cvss 7.5epss 0.04

    Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allow remote attackers to bypass intended restrictions on window objects by leveraging inconsistency in native getter methods across different JavaScript engines.

  • CVE-2014-1479HigFeb 6, 2014
    risk 0.49cvss 7.5epss 0.05

    The System Only Wrapper (SOW) implementation in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 does not prevent certain cloning operations, which allows remote attackers to bypass intended restrictions on XUL content…

  • CVE-2013-4508HigNov 8, 2013
    risk 0.49cvss 7.5epss 0.03

    lighttpd before 1.4.34, when SNI is enabled, configures weak SSL ciphers, which makes it easier for remote attackers to hijack sessions by inserting packets into the client-server data stream or obtain sensitive information by sniffing the network.

  • CVE-2012-1610HigJun 5, 2012
    risk 0.49cvss 7.5epss 0.05

    Integer overflow in the GetEXIFProperty function in magick/property.c in ImageMagick before 6.7.6-4 allows remote attackers to cause a denial of service (out-of-bounds read) via a large component count for certain EXIF tags in a JPEG image. NOTE: this vulnerability exists…

  • CVE-2010-1437HigMay 7, 2010
    risk 0.49cvss 7.0epss 0.01

    Race condition in the find_keyring_by_name function in security/keys/keyring.c in the Linux kernel 2.6.34-rc5 and earlier allows local users to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact via keyctl session commands…

  • CVE-2009-3547HigNov 4, 2009
    risk 0.49cvss 7.0epss 0.05

    Multiple race conditions in fs/pipe.c in the Linux kernel before 2.6.32-rc6 allow local users to cause a denial of service (NULL pointer dereference and system crash) or gain privileges by attempting to open an anonymous pipe via a /proc/*/fd/ pathname.

  • CVE-2008-4577HigOct 15, 2008
    risk 0.49cvss 7.5epss 0.02

    The ACL plugin in Dovecot before 1.1.4 treats negative access rights as if they are positive access rights, which allows attackers to bypass intended access restrictions.

  • CVE-2008-3188HigJul 22, 2008
    risk 0.49cvss 7.5epss 0.01

    libxcrypt in SUSE openSUSE 11.0 uses the DES algorithm when the configuration specifies the MD5 algorithm, which makes it easier for attackers to conduct brute-force attacks against hashed passwords.

  • CVE-2008-0063HigMar 19, 2008
    risk 0.49cvss 7.5epss 0.03

    The Kerberos 4 support in KDC in MIT Kerberos 5 (krb5kdc) does not properly clear the unused portion of a buffer when generating an error message, which might allow remote attackers to obtain sensitive information, aka "Uninitialized stack values."

  • CVE-2016-2107MedMay 5, 2016
    risk 0.48cvss 5.9epss 0.89

    The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h does not consider memory allocation during a certain padding check, which allows remote attackers to obtain sensitive cleartext information via a padding-oracle attack against an AES CBC session. NOTE:…

  • CVE-2015-8614HigApr 11, 2016
    risk 0.48cvss 7.3epss 0.03

    Multiple stack-based buffer overflows in the (1) conv_jistoeuc, (2) conv_euctojis, and (3) conv_sjistoeuc functions in codeconv.c in Claws Mail before 3.13.1 allow remote attackers to have unspecified impact via a crafted email, involving Japanese character set conversion.

  • CVE-2016-1942HigJan 31, 2016
    risk 0.48cvss 7.4epss 0.02

    Mozilla Firefox before 44.0 allows user-assisted remote attackers to spoof a trailing substring in the address bar by leveraging a user's paste of a (1) wyciwyg: URI or (2) resource: URI.

  • CVE-2015-4902MedKEVOct 22, 2015
    risk 0.48cvss 5.3epss 0.13

    Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60 allows remote attackers to affect integrity via unknown vectors related to Deployment.

  • CVE-2014-9322HigDec 17, 2014
    risk 0.47cvss 7.8epss 0.01

    arch/x86/kernel/entry_64.S in the Linux kernel before 3.17.5 does not properly handle faults associated with the Stack Segment (SS) segment register, which allows local users to gain privileges by triggering an IRET instruction that leads to access to a GS Base address from the…

  • CVE-2010-4226HigFeb 6, 2014
    risk 0.47cvss 7.2epss 0.03

    cpio, as used in build 2007.05.10, 2010.07.28, and possibly other versions, allows remote attackers to overwrite arbitrary files via a symlink within an RPM package archive.

  • CVE-2026-25701HigFeb 25, 2026
    risk 0.46cvss epss 0.00

    An Insecure Temporary File vulnerability in openSUSE sdbootutil allows local users to pre-create a directory to achieve various effects like: * gain access to possible private information found in /var/lib/pcrlock.d * manipulate the data backed up in /tmp/pcrlock.d.bak,…

  • CVE-2025-67858HigJan 8, 2026
    risk 0.46cvss epss 0.00

    A Improper Neutralization of Argument Delimiters vulnerability in Foomuuri can lead to integrity loss of the firewall configuration or further unspecified impact by manipulating the JSON configuration passed to `nft`. This issue affects Foomuuri: from ? before 0.31.

  • CVE-2011-3178HigMar 20, 2018
    risk 0.46cvss 8.1epss 0.01

    In the web ui of the openbuildservice before 2.3.0 a code injection of the project rebuildtimes statistics could be used by authorized attackers to execute shellcode.

  • CVE-2017-8871MedJun 12, 2017
    risk 0.46cvss 6.5epss 0.13

    The cr_parser_parse_selector_core function in cr-parser.c in libcroco 0.6.12 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted CSS file.

  • CVE-2016-2150HigJun 9, 2016
    risk 0.46cvss 7.1epss 0.00

    SPICE allows local guest OS users to read from or write to arbitrary host memory locations via crafted primary surface parameters, a similar issue to CVE-2015-5261.

  • CVE-2013-2423LowKEVApr 17, 2013
    risk 0.46cvss 3.7epss 0.85

    Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 7, allows remote attackers to affect integrity via unknown vectors related to HotSpot. NOTE: the previous information is from the April 2013 CPU.…

  • CVE-2009-3939HigNov 16, 2009
    risk 0.46cvss 7.1epss 0.00

    The poll_mode_io file for the megaraid_sas driver in the Linux kernel 2.6.31.6 and earlier has world-writable permissions, which allows local users to change the I/O mode of the driver by modifying this file.

  • CVE-2016-6172MedSep 26, 2016
    risk 0.45cvss 6.8epss 0.04

    PowerDNS (aka pdns) Authoritative Server before 4.0.1 allows remote primary DNS servers to cause a denial of service (memory exhaustion and secondary DNS server crash) via a large (1) AXFR or (2) IXFR response.

  • CVE-2014-0593HigJun 8, 2018
    risk 0.44cvss 7.8epss 0.02

    The set_version script as shipped with obs-service-set_version is a source validator for the Open Build Service (OBS). In versions prior to 0.5.3-1.1 this script did not properly sanitize the input provided by the user, allowing for code execution on the executing server.

  • CVE-2017-13086MedOct 17, 2017
    risk 0.44cvss 6.8epss 0.02

    Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Tunneled Direct-Link Setup (TDLS) Peer Key (TPK) during the TDLS handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames.

  • CVE-2017-13084MedOct 17, 2017
    risk 0.44cvss 6.8epss 0.02

    Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Station-To-Station-Link (STSL) Transient Key (STK) during the PeerKey handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames.

  • CVE-2017-13077MedOct 17, 2017
    risk 0.44cvss 6.8epss 0.02

    Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Pairwise Transient Key (PTK) Temporal Key (TK) during the four-way handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames.

  • CVE-2016-2347HigApr 21, 2017
    risk 0.44cvss 7.8epss 0.03

    Integer underflow in the decode_level3_header function in lib/lha_file_header.c in Lhasa before 0.3.1 allows remote attackers to execute arbitrary code via a crafted archive.

  • CVE-2014-9114HigMar 31, 2017
    risk 0.44cvss 7.8epss 0.01

    Blkid in util-linux before 2.26rc-1 allows local users to execute arbitrary code.

  • CVE-2016-10051HigMar 23, 2017
    risk 0.44cvss 7.8epss 0.02

    Use-after-free vulnerability in the ReadPWPImage function in coders/pwp.c in ImageMagick 6.9.5-5 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file.

  • CVE-2016-10050HigMar 23, 2017
    risk 0.44cvss 7.8epss 0.02

    Heap-based buffer overflow in the ReadRLEImage function in coders/rle.c in ImageMagick 6.9.4-8 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted RLE file.

  • CVE-2016-10065HigMar 3, 2017
    risk 0.44cvss 7.8epss 0.02

    The ReadVIFFImage function in coders/viff.c in ImageMagick before 7.0.1-0 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file.

  • CVE-2016-10064HigMar 2, 2017
    risk 0.44cvss 7.8epss 0.02

    Buffer overflow in coders/tiff.c in ImageMagick before 6.9.5-1 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file.

  • CVE-2016-2312MedDec 23, 2016
    risk 0.44cvss 6.8epss 0.00

    Turning all screens off in Plasma-workspace and kscreenlocker while the lock screen is shown can result in the screen being unlocked when turning a screen on again.

  • CVE-2016-3697HigJun 1, 2016
    risk 0.44cvss 7.8epss 0.00

    libcontainer/user/user.go in runC before 0.1.0, as used in Docker before 1.11.2, improperly treats a numeric UID as a potential username, which allows local users to gain privileges via a numeric username in the password file in a container.

  • CVE-2015-3629HigMay 18, 2015
    risk 0.44cvss 7.8epss 0.01

    Libcontainer 1.6.0, as used in Docker Engine, allows local users to escape containerization ("mount namespace breakout") and write to arbitrary file on the host system via a symlink attack in an image when respawning a container.

  • CVE-2014-8369HigNov 10, 2014
    risk 0.44cvss 7.8epss 0.01

    The kvm_iommu_map_pages function in virt/kvm/iommu.c in the Linux kernel through 3.17.2 miscalculates the number of pages during the handling of a mapping failure, which allows guest OS users to cause a denial of service (host OS page unpinning) or possibly have unspecified…

  • CVE-2014-7826HigNov 10, 2014
    risk 0.44cvss 7.8epss 0.01

    kernel/trace/trace_syscalls.c in the Linux kernel through 3.17.2 does not properly handle private syscall numbers during use of the ftrace subsystem, which allows local users to gain privileges or cause a denial of service (invalid pointer dereference) via a crafted application.

  • CVE-2014-8127MedJun 26, 2017
    risk 0.43cvss 6.5epss 0.06

    LibTIFF 4.0.3 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted TIFF image to the (1) checkInkNamesString function in tif_dir.c in the thumbnail tool, (2) compresscontig function in tiff2bw.c in the tiff2bw tool, (3)…

  • CVE-2017-8834MedJun 12, 2017
    risk 0.43cvss 6.5epss 0.04

    The cr_tknzr_parse_comment function in cr-tknzr.c in libcroco 0.6.12 allows remote attackers to cause a denial of service (memory allocation error) via a crafted CSS file.

  • CVE-2016-9436MedJan 20, 2017
    risk 0.43cvss 6.5epss 0.03

    parsetagx.c in w3m before 0.5.3+git20161009 does not properly initialize values, which allows remote attackers to crash the application via a crafted html file, related to a tag.

  • CVE-2016-9435MedJan 20, 2017
    risk 0.43cvss 6.5epss 0.03

    The HTMLtagproc1 function in file.c in w3m before 0.5.3+git20161009 does not properly initialize values, which allows remote attackers to crash the application via a crafted html file, related to tags.

  • CVE-2016-6214MedAug 12, 2016
    risk 0.43cvss 6.5epss 0.03

    gd_tga.c in the GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA file.

  • CVE-2016-6207MedAug 12, 2016
    risk 0.43cvss 6.5epss 0.06

    Integer overflow in the _gdContributionsAlloc function in gd_interpolation.c in GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds memory write or memory consumption) via unspecified vectors.

Page 9 of 34