Filtered by vendor Suse
Subscriptions
Total
1224 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-7812 | 2 Redhat, Suse | 4 Network Satellite, Satellite, Spacewalk and 1 more | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in Spacewalk and Red Hat Network (RHN) Satellite before 5.7.0 allows remote authenticated users to inject arbitrary web script or HTML via the System Groups field. | ||||
| CVE-2014-7811 | 2 Redhat, Suse | 3 Network Satellite, Spacewalk, Manager | 2025-04-12 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Spacewalk and Red Hat Network (RHN) Satellite before 5.7.0 allow remote authenticated users to inject arbitrary web script or HTML via crafted XML data to the REST API. | ||||
| CVE-2015-0433 | 6 Canonical, Debian, Mariadb and 3 more | 18 Ubuntu Linux, Debian Linux, Mariadb and 15 more | 2025-04-12 | N/A |
| Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote authenticated users to affect availability via vectors related to InnoDB : DML. | ||||
| CVE-2016-1654 | 6 Canonical, Debian, Google and 3 more | 6 Ubuntu Linux, Debian Linux, Chrome and 3 more | 2025-04-12 | N/A |
| The media subsystem in Google Chrome before 50.0.2661.75 does not initialize an unspecified data structure, which allows remote attackers to cause a denial of service (invalid read operation) via unknown vectors. | ||||
| CVE-2015-0492 | 4 Opensuse, Oracle, Redhat and 1 more | 6 Opensuse, Javafx, Jdk and 3 more | 2025-04-12 | N/A |
| Unspecified vulnerability in Oracle Java SE 7u76 and 8u40, and JavaFX 2.2.76, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2015-0484. | ||||
| CVE-2016-1659 | 6 Canonical, Debian, Google and 3 more | 6 Ubuntu Linux, Debian Linux, Chrome and 3 more | 2025-04-12 | N/A |
| Multiple unspecified vulnerabilities in Google Chrome before 50.0.2661.75 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | ||||
| CVE-2016-1698 | 5 Debian, Google, Opensuse and 2 more | 9 Debian Linux, Chrome, Leap and 6 more | 2025-04-12 | N/A |
| The createCustomType function in extensions/renderer/resources/binding.js in the extension bindings in Google Chrome before 51.0.2704.79 does not validate module types, which might allow attackers to load arbitrary modules or obtain sensitive information by leveraging a poisoned definition. | ||||
| CVE-2016-1693 | 5 Debian, Google, Opensuse and 2 more | 9 Debian Linux, Chrome, Leap and 6 more | 2025-04-12 | N/A |
| browser/safe_browsing/srt_field_trial_win.cc in Google Chrome before 51.0.2704.63 does not use the HTTPS service on dl.google.com to obtain the Software Removal Tool, which allows remote attackers to spoof the chrome_cleanup_tool.exe (aka CCT) file via a man-in-the-middle attack on an HTTP session. | ||||
| CVE-2016-1702 | 6 Canonical, Debian, Google and 3 more | 10 Ubuntu Linux, Debian Linux, Chrome and 7 more | 2025-04-12 | N/A |
| The SkRegion::readFromMemory function in core/SkRegion.cpp in Skia, as used in Google Chrome before 51.0.2704.79, does not validate the interval count, which allows remote attackers to cause a denial of service (out-of-bounds read) via crafted serialized data. | ||||
| CVE-2015-8779 | 7 Canonical, Debian, Fedoraproject and 4 more | 11 Ubuntu Linux, Debian Linux, Fedora and 8 more | 2025-04-12 | N/A |
| Stack-based buffer overflow in the catopen function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long catalog name. | ||||
| CVE-2014-4943 | 5 Debian, Linux, Opensuse and 2 more | 9 Debian Linux, Linux Kernel, Opensuse and 6 more | 2025-04-12 | N/A |
| The PPPoL2TP feature in net/l2tp/l2tp_ppp.c in the Linux kernel through 3.15.6 allows local users to gain privileges by leveraging data-structure differences between an l2tp socket and an inet socket. | ||||
| CVE-2014-4655 | 4 Canonical, Linux, Redhat and 1 more | 5 Ubuntu Linux, Linux Kernel, Enterprise Linux and 2 more | 2025-04-12 | N/A |
| The snd_ctl_elem_add function in sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 does not properly maintain the user_ctl_count value, which allows local users to cause a denial of service (integer overflow and limit bypass) by leveraging /dev/snd/controlCX access for a large number of SNDRV_CTL_IOCTL_ELEM_REPLACE ioctl calls. | ||||
| CVE-2016-1685 | 5 Debian, Google, Opensuse and 2 more | 9 Debian Linux, Chrome, Leap and 6 more | 2025-04-12 | N/A |
| core/fxge/ge/fx_ge_text.cpp in PDFium, as used in Google Chrome before 51.0.2704.63, miscalculates certain index values, which allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PDF document. | ||||
| CVE-2014-4653 | 4 Canonical, Linux, Redhat and 1 more | 5 Ubuntu Linux, Linux Kernel, Enterprise Linux and 2 more | 2025-04-12 | N/A |
| sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 does not ensure possession of a read/write lock, which allows local users to cause a denial of service (use-after-free) and obtain sensitive information from kernel memory by leveraging /dev/snd/controlCX access. | ||||
| CVE-2014-4039 | 3 Ppc64-diag Project, Redhat, Suse | 4 Ppc64-diag, Enterprise Linux, Enterprise Linux Server and 1 more | 2025-04-12 | N/A |
| ppc64-diag 2.6.1 uses 0775 permissions for /tmp/diagSEsnap and does not properly restrict permissions for /tmp/diagSEsnap/snapH.tar.gz, which allows local users to obtain sensitive information by reading files in this archive, as demonstrated by /var/log/messages and /etc/yaboot.conf. | ||||
| CVE-2016-2798 | 6 Mozilla, Opensuse, Oracle and 3 more | 7 Firefox, Leap, Opensuse and 4 more | 2025-04-12 | N/A |
| The graphite2::GlyphCache::Loader::Loader function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font. | ||||
| CVE-2016-4132 | 8 Adobe, Apple, Google and 5 more | 17 Flash Player, Flash Player Desktop Runtime, Macos and 14 more | 2025-04-12 | 8.8 High |
| Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083. | ||||
| CVE-2015-0499 | 6 Canonical, Debian, Mariadb and 3 more | 16 Ubuntu Linux, Debian Linux, Mariadb and 13 more | 2025-04-12 | N/A |
| Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Federated. | ||||
| CVE-2016-4143 | 8 Adobe, Apple, Google and 5 more | 17 Flash Player, Flash Player Desktop Runtime, Macos and 14 more | 2025-04-12 | 8.8 High |
| Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083. | ||||
| CVE-2015-2568 | 6 Canonical, Debian, Mariadb and 3 more | 18 Ubuntu Linux, Debian Linux, Mariadb and 15 more | 2025-04-12 | N/A |
| Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote attackers to affect availability via unknown vectors related to Server : Security : Privileges. | ||||