Filtered by vendor Suse
Subscribe
Total
1184 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-3405 | 7 Debian, Fedoraproject, Ntp and 4 more | 13 Debian Linux, Fedora, Ntp and 10 more | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| ntp-keygen in ntp 4.2.8px before 4.2.8p2-RC2 and 4.3.x before 4.3.12 does not generate MD5 keys with sufficient entropy on big endian machines when the lowest order byte of the temp variable is between 0x20 and 0x7f and not #, which might allow remote attackers to obtain the value of generated MD5 keys via a brute force attack with the 93 possible keys. | |||||
| CVE-2016-7797 | 5 Clusterlabs, Opensuse, Opensuse Project and 2 more | 7 Pacemaker, Leap, Leap and 4 more | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| Pacemaker before 1.1.15, when using pacemaker remote, might allow remote attackers to cause a denial of service (node disconnection) via an unauthenticated connection. | |||||
| CVE-2016-8569 | 4 Fedoraproject, Libgit2 Project, Opensuse and 1 more | 5 Fedora, Libgit2, Leap and 2 more | 2025-04-20 | 4.3 MEDIUM | 5.5 MEDIUM |
| The git_oid_nfmt function in commit.c in libgit2 before 0.24.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via a cat-file command with a crafted object file. | |||||
| CVE-2011-0469 | 1 Suse | 1 Opensuse | 2025-04-20 | 9.0 HIGH | 9.8 CRITICAL |
| Code injection in openSUSE when running some source services used in the open build service 2.1 before March 11 2011. | |||||
| CVE-2015-5219 | 10 Canonical, Debian, Fedoraproject and 7 more | 20 Ubuntu Linux, Debian Linux, Fedora and 17 more | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| The ULOGTOD function in ntp.d in SNTP before 4.2.7p366 does not properly perform type conversions from a precision value to a double, which allows remote attackers to cause a denial of service (infinite loop) via a crafted NTP packet. | |||||
| CVE-2014-9854 | 4 Canonical, Imagemagick, Opensuse and 1 more | 7 Ubuntu Linux, Imagemagick, Leap and 4 more | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| coders/tiff.c in ImageMagick allows remote attackers to cause a denial of service (application crash) via vectors related to the "identification of image." | |||||
| CVE-2017-14621 | 1 Suse | 1 Portus | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| Portus 2.2.0 has XSS via the Team field, related to typeahead. | |||||
| CVE-2016-8568 | 4 Fedoraproject, Libgit2 Project, Opensuse and 1 more | 5 Fedora, Libgit2, Leap and 2 more | 2025-04-20 | 4.3 MEDIUM | 5.5 MEDIUM |
| The git_commit_message function in oid.c in libgit2 before 0.24.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a cat-file command with a crafted object file. | |||||
| CVE-2016-9959 | 4 Game-music-emu Project, Opensuse, Opensuse Project and 1 more | 9 Game-music-emu, Leap, Opensuse and 6 more | 2025-04-20 | 6.8 MEDIUM | 7.8 HIGH |
| game-music-emu before 0.6.1 allows remote attackers to generate out of bounds 8-bit values. | |||||
| CVE-2017-17558 | 2 Linux, Suse | 2 Linux Kernel, Linux Enterprise Server | 2025-04-20 | 7.2 HIGH | 6.6 MEDIUM |
| The usb_destroy_configuration function in drivers/usb/core/config.c in the USB core subsystem in the Linux kernel through 4.14.5 does not consider the maximum number of configurations and interfaces before attempting to release resources, which allows local users to cause a denial of service (out-of-bounds write access) or possibly have unspecified other impact via a crafted USB device. | |||||
| CVE-2017-15638 | 2 Opensuse, Suse | 5 Leap, Linux Enterprise Desktop, Linux Enterprise Server and 2 more | 2025-04-20 | 6.4 MEDIUM | 6.5 MEDIUM |
| The SuSEfirewall2 package before 3.6.312-2.13.1 in SUSE Linux Enterprise (SLE) Desktop 12 SP2, Server 12 SP2, and Server for Raspberry Pi 12 SP2; before 3.6.312.333-3.10.1 in SLE Desktop 12 SP3 and Server 12 SP3; before 3.6_SVNr208-2.18.3.1 in SLE Server 11 SP4; before 3.6.312-5.9.1 in openSUSE Leap 42.2; and before 3.6.312.333-7.1 in openSUSE Leap 42.3 might allow remote attackers to bypass intended access restrictions on the portmap service by leveraging a missing source net restriction for _rpc_ services. | |||||
| CVE-2017-7995 | 3 Novell, Suse, Xen | 6 Suse Linux Enterprise Point Of Sale, Suse Linux Enterprise Server, Manager and 3 more | 2025-04-20 | 1.7 LOW | 3.8 LOW |
| Xen PV guest before Xen 4.3 checked access permissions to MMIO ranges only after accessing them, allowing host PCI device space memory reads, leading to information disclosure. This is an error in the get_user function. NOTE: the upstream Xen Project considers versions before 4.5.x to be EOL. | |||||
| CVE-2014-9853 | 6 Canonical, Imagemagick, Novell and 3 more | 11 Ubuntu Linux, Imagemagick, Leap and 8 more | 2025-04-20 | 4.3 MEDIUM | 5.5 MEDIUM |
| Memory leak in coders/rle.c in ImageMagick allows remote attackers to cause a denial of service (memory consumption) via a crafted rle file. | |||||
| CVE-2017-13082 | 7 Canonical, Debian, Freebsd and 4 more | 12 Ubuntu Linux, Debian Linux, Freebsd and 9 more | 2025-04-20 | 5.8 MEDIUM | 8.1 HIGH |
| Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11r allows reinstallation of the Pairwise Transient Key (PTK) Temporal Key (TK) during the fast BSS transmission (FT) handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames. | |||||
| CVE-2016-9957 | 4 Game-music-emu Project, Opensuse, Opensuse Project and 1 more | 9 Game-music-emu, Leap, Opensuse and 6 more | 2025-04-20 | 6.8 MEDIUM | 7.8 HIGH |
| Stack-based buffer overflow in game-music-emu before 0.6.1. | |||||
| CVE-2017-17805 | 6 Canonical, Debian, Linux and 3 more | 8 Ubuntu Linux, Debian Linux, Linux Kernel and 5 more | 2025-04-20 | 7.2 HIGH | 7.8 HIGH |
| The Salsa20 encryption algorithm in the Linux kernel before 4.14.8 does not correctly handle zero-length inputs, allowing a local attacker able to use the AF_ALG-based skcipher interface (CONFIG_CRYPTO_USER_API_SKCIPHER) to cause a denial of service (uninitialized-memory free and kernel crash) or have unspecified other impact by executing a crafted sequence of system calls that use the blkcipher_walk API. Both the generic implementation (crypto/salsa20_generic.c) and x86 implementation (arch/x86/crypto/salsa20_glue.c) of Salsa20 were vulnerable. | |||||
| CVE-2016-2317 | 4 Debian, Graphicsmagick, Opensuse and 1 more | 7 Debian Linux, Graphicsmagick, Leap and 4 more | 2025-04-20 | 4.3 MEDIUM | 5.5 MEDIUM |
| Multiple buffer overflows in GraphicsMagick 1.3.23 allow remote attackers to cause a denial of service (crash) via a crafted SVG file, related to the (1) TracePoint function in magick/render.c, (2) GetToken function in magick/utility.c, and (3) GetTransformTokens function in coders/svg.c. | |||||
| CVE-2015-5300 | 7 Canonical, Debian, Fedoraproject and 4 more | 20 Ubuntu Linux, Debian Linux, Fedora and 17 more | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| The panic_gate check in NTP before 4.2.8p5 is only re-enabled after the first change to the system clock that was greater than 128 milliseconds by default, which allows remote attackers to set NTP to an arbitrary time when started with the -g option, or to alter the time by up to 900 seconds otherwise by responding to an unspecified number of requests from trusted sources, and leveraging a resulting denial of service (abort and restart). | |||||
| CVE-2014-9845 | 5 Canonical, Imagemagick, Opensuse and 2 more | 11 Ubuntu Linux, Imagemagick, Leap and 8 more | 2025-04-20 | 4.3 MEDIUM | 5.5 MEDIUM |
| The ReadDIBImage function in coders/dib.c in ImageMagick allows remote attackers to cause a denial of service (crash) via a corrupted dib file. | |||||
| CVE-2020-5504 | 3 Debian, Phpmyadmin, Suse | 3 Debian Linux, Phpmyadmin, Suse Linux Enterprise Server | 2025-04-16 | 6.5 MEDIUM | 8.8 HIGH |
| In phpMyAdmin 4 before 4.9.4 and 5 before 5.0.1, SQL injection exists in the user accounts page. A malicious user could inject custom SQL in place of their own username when creating queries to this page. An attacker must have a valid MySQL account to access the server. | |||||