Filtered by vendor Opensuse
Subscriptions
Filtered by product Opensuse
Subscriptions
Total
1465 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-4989 | 7 Canonical, Debian, Fedoraproject and 4 more | 8 Ubuntu Linux, Debian Linux, Fedora and 5 more | 2025-04-09 | 5.9 Medium |
| The _gnutls_x509_verify_certificate function in lib/x509/verify.c in libgnutls in GnuTLS before 2.6.1 trusts certificate chains in which the last certificate is an arbitrary trusted, self-signed certificate, which allows man-in-the-middle attackers to insert a spoofed certificate for any Distinguished Name (DN). | ||||
| CVE-2008-1375 | 7 Canonical, Debian, Fedoraproject and 4 more | 9 Ubuntu Linux, Debian Linux, Fedora and 6 more | 2025-04-09 | N/A |
| Race condition in the directory notification subsystem (dnotify) in Linux kernel 2.6.x before 2.6.24.6, and 2.6.25 before 2.6.25.1, allows local users to cause a denial of service (OOPS) and possibly gain privileges via unspecified vectors. | ||||
| CVE-2009-0946 | 7 Apple, Canonical, Debian and 4 more | 10 Iphone Os, Mac Os X, Mac Os X Server and 7 more | 2025-04-09 | N/A |
| Multiple integer overflows in FreeType 2.3.9 and earlier allow remote attackers to execute arbitrary code via vectors related to large values in certain inputs in (1) smooth/ftsmooth.c, (2) sfnt/ttcmap.c, and (3) cff/cffload.c. | ||||
| CVE-2008-0063 | 8 Apple, Canonical, Debian and 5 more | 13 Mac Os X, Mac Os X Server, Ubuntu Linux and 10 more | 2025-04-09 | 7.5 High |
| The Kerberos 4 support in KDC in MIT Kerberos 5 (krb5kdc) does not properly clear the unused portion of a buffer when generating an error message, which might allow remote attackers to obtain sensitive information, aka "Uninitialized stack values." | ||||
| CVE-2007-6206 | 6 Canonical, Debian, Linux and 3 more | 13 Ubuntu Linux, Debian Linux, Linux Kernel and 10 more | 2025-04-09 | N/A |
| The do_coredump function in fs/exec.c in Linux kernel 2.4.x and 2.6.x up to 2.6.24-rc3, and possibly other versions, does not change the UID of a core dump file if it exists before a root process creates a core dump in the same location, which might allow local users to obtain sensitive information. | ||||
| CVE-2007-5200 | 1 Opensuse | 1 Opensuse | 2025-04-09 | N/A |
| hugin, as used on various operating systems including SUSE openSUSE 10.2 and 10.3, allows local users to overwrite arbitrary files via a symlink attack on the hugin_debug_optim_results.txt temporary file. | ||||
| CVE-2008-6123 | 4 Net-snmp, Opensuse, Redhat and 1 more | 4 Net-snmp, Opensuse, Enterprise Linux and 1 more | 2025-04-09 | N/A |
| The netsnmp_udp_fmtaddr function (snmplib/snmpUDPDomain.c) in net-snmp 5.0.9 through 5.4.2.1, when using TCP wrappers for client authorization, does not properly parse hosts.allow rules, which allows remote attackers to bypass intended access restrictions and execute SNMP queries, related to "source/destination IP address confusion." | ||||
| CVE-2008-4636 | 3 Novell, Opensuse, Suse | 7 Linux Desktop, Open Enterprise Server, Opensuse and 4 more | 2025-04-09 | N/A |
| yast2-backup 2.14.2 through 2.16.6 on SUSE Linux and Novell Linux allows local users to gain privileges via shell metacharacters in filenames used by the backup process. | ||||
| CVE-2008-4577 | 5 Canonical, Dovecot, Fedoraproject and 2 more | 5 Ubuntu Linux, Dovecot, Fedora and 2 more | 2025-04-09 | 7.5 High |
| The ACL plugin in Dovecot before 1.1.4 treats negative access rights as if they are positive access rights, which allows attackers to bypass intended access restrictions. | ||||
| CVE-2008-3188 | 1 Opensuse | 1 Opensuse | 2025-04-09 | 7.5 High |
| libxcrypt in SUSE openSUSE 11.0 uses the DES algorithm when the configuration specifies the MD5 algorithm, which makes it easier for attackers to conduct brute-force attacks against hashed passwords. | ||||
| CVE-2008-1567 | 4 Debian, Fedoraproject, Opensuse and 1 more | 4 Debian Linux, Fedora, Opensuse and 1 more | 2025-04-09 | 5.5 Medium |
| phpMyAdmin before 2.11.5.1 stores the MySQL (1) username and (2) password, and the (3) Blowfish secret key, in cleartext in a Session file under /tmp, which allows local users to obtain sensitive information. | ||||
| CVE-2007-6716 | 7 Canonical, Debian, Linux and 4 more | 8 Ubuntu Linux, Debian Linux, Linux Kernel and 5 more | 2025-04-09 | 5.5 Medium |
| fs/direct-io.c in the dio subsystem in the Linux kernel before 2.6.23 does not properly zero out the dio struct, which allows local users to cause a denial of service (OOPS), as demonstrated by a certain fio test. | ||||
| CVE-2009-0269 | 5 Canonical, Debian, Linux and 2 more | 6 Ubuntu Linux, Debian Linux, Linux Kernel and 3 more | 2025-04-09 | N/A |
| fs/ecryptfs/inode.c in the eCryptfs subsystem in the Linux kernel before 2.6.28.1 allows local users to cause a denial of service (fault or memory corruption), or possibly have unspecified other impact, via a readlink call that results in an error, leading to use of a -1 return value as an array index. | ||||
| CVE-2009-0949 | 6 Apple, Canonical, Debian and 3 more | 8 Cups, Mac Os X, Mac Os X Server and 5 more | 2025-04-09 | 7.5 High |
| The ippReadIO function in cups/ipp.c in cupsd in CUPS before 1.3.10 does not properly initialize memory for IPP request packets, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a scheduler request with two consecutive IPP_TAG_UNSUPPORTED tags. | ||||
| CVE-2008-2931 | 6 Canonical, Debian, Linux and 3 more | 7 Ubuntu Linux, Debian Linux, Linux Kernel and 4 more | 2025-04-09 | 7.8 High |
| The do_change_type function in fs/namespace.c in the Linux kernel before 2.6.22 does not verify that the caller has the CAP_SYS_ADMIN capability, which allows local users to gain privileges or cause a denial of service by modifying the properties of a mountpoint. | ||||
| CVE-2007-5000 | 7 Apache, Canonical, Fedoraproject and 4 more | 12 Http Server, Ubuntu Linux, Fedora and 9 more | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the (2) mod_imagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2007-5197 | 4 Debian, Mono, Opensuse and 1 more | 6 Debian Linux, Mono, Opensuse and 3 more | 2025-04-09 | N/A |
| Buffer overflow in the Mono.Math.BigInteger class in Mono 1.2.5.1 and earlier allows context-dependent attackers to execute arbitrary code via unspecified vectors related to Reduce in Montgomery-based Pow methods. | ||||
| CVE-2009-3095 | 7 Apache, Apple, Debian and 4 more | 10 Http Server, Mac Os X, Debian Linux and 7 more | 2025-04-09 | N/A |
| The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pack Professional 8.11. | ||||
| CVE-2008-2371 | 6 Canonical, Debian, Fedoraproject and 3 more | 6 Ubuntu Linux, Debian Linux, Fedora and 3 more | 2025-04-09 | N/A |
| Heap-based buffer overflow in pcre_compile.c in the Perl-Compatible Regular Expression (PCRE) library 7.7 allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a regular expression that begins with an option and contains multiple branches. | ||||
| CVE-2007-6427 | 8 Apple, Canonical, Debian and 5 more | 12 Mac Os X, Ubuntu Linux, Debian Linux and 9 more | 2025-04-09 | N/A |
| The XInput extension in X.Org Xserver before 1.4.1 allows context-dependent attackers to execute arbitrary code via requests related to byte swapping and heap corruption within multiple functions, a different vulnerability than CVE-2007-4990. | ||||