Vulnerabilities (CVE)

Vendor filter

Opensuse Subscribe

Filter

1307 total CVE
CVE Vendors Products Updated CVSS
CVE-2015-5123 4 Adobe, Opensuse, Redhat and 1 more 8 Flash Player, Evergreen, Enterprise Linux Desktop and 5 more 2019-08-19 10.0
Use-after-free vulnerability in the BitmapData class in the ActionScript 3 (AS3) implementation in Adobe Flash Player 13.x through 13.0.0.302 on Windows and OS X, 14.x through 18.0.0.203 on Windows and OS X, 11.x through 11.2.202.481 on Linux,...
CVE-2015-5122 4 Adobe, Opensuse, Redhat and 1 more 8 Flash Player, Evergreen, Enterprise Linux Desktop and 5 more 2019-08-19 10.0
Use-after-free vulnerability in the DisplayObject class in the ActionScript 3 (AS3) implementation in Adobe Flash Player 13.x through 13.0.0.302 on Windows and OS X, 14.x through 18.0.0.203 on Windows and OS X, 11.x through 11.2.202.481 on Linux,...
CVE-2018-18335 4 Google, Debian, Redhat and 1 more 9 Chrome, Debian Linux, Linux Desktop and 6 more 2019-08-17 6.8
Heap buffer overflow in Skia in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2019-11730 3 Mozilla, Debian, Opensuse 5 Firefox, Firefox Esr, Thunderbird and 2 more 2019-08-15 4.3
A vulnerability exists where if a user opens a locally saved HTML file, this file can use file: URIs to access other files in the same directory or sub-directories if the names are known or guessed. The Fetch API can then be used to read the...
CVE-2019-14235 2 Djangoproject, Opensuse 2 Django, Leap 2019-08-12 5.0
An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. If passed certain inputs, django.utils.encoding.uri_to_iri could lead to significant memory usage due to a recursion when repercent-encoding...
CVE-2019-14233 2 Djangoproject, Opensuse 2 Django, Leap 2019-08-12 5.0
An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. Due to the behaviour of the underlying HTMLParser, django.utils.html.strip_tags would be extremely slow to evaluate certain inputs containing...
CVE-2019-14232 2 Djangoproject, Opensuse 2 Django, Leap 2019-08-12 5.0
An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. If django.utils.text.Truncator's chars() and words() methods were passed the html=True argument, they were extremely slow to evaluate certain...
CVE-2014-7818 3 Rubyonrails, Novell, Opensuse 4 Ruby On Rails, Opensuse, Opensuse and 1 more 2019-08-08 4.3
Directory traversal vulnerability in actionpack/lib/action_dispatch/middleware/static.rb in Action Pack in Ruby on Rails 3.x before 3.2.20, 4.0.x before 4.0.11, 4.1.x before 4.1.7, and 4.2.x before 4.2.0.beta3, when serve_static_assets is...
CVE-2014-7829 3 Rubyonrails, Novell, Opensuse 4 Ruby On Rails, Opensuse, Opensuse and 1 more 2019-08-08 5.0
Directory traversal vulnerability in actionpack/lib/action_dispatch/middleware/static.rb in Action Pack in Ruby on Rails 3.x before 3.2.21, 4.0.x before 4.0.12, 4.1.x before 4.1.8, and 4.2.x before 4.2.0.beta4, when serve_static_assets is...
CVE-2015-3227 3 Rubyonrails, Novell, Opensuse 4 Ruby On Rails, Opensuse, Opensuse and 1 more 2019-08-08 5.0
The (1) jdom.rb and (2) rexml.rb components in Active Support in Ruby on Rails before 4.1.11 and 4.2.x before 4.2.2, when JDOM or REXML is enabled, allow remote attackers to cause a denial of service (SystemStackError) via a large XML document depth.
CVE-2014-0081 4 Opensuse Project, Rubyonrails, Redhat and 1 more 6 Enterprise Linux, Ruby On Rails, Opensuse and 3 more 2019-08-08 4.3
Multiple cross-site scripting (XSS) vulnerabilities in actionview/lib/action_view/helpers/number_helper.rb in Ruby on Rails before 3.2.17, 4.0.x before 4.0.3, and 4.1.x before 4.1.0.beta2 allow remote attackers to inject arbitrary web script or...
CVE-2019-7222 6 Debian, Fedoraproject, Linux and 3 more 7 Debian Linux, Fedora, Linux Kernel and 4 more 2019-08-06 2.1
The KVM implementation in the Linux kernel through 4.20.5 has an Information Leak.
CVE-2019-3811 4 Fedoraproject, Debian, Opensuse and 1 more 5 Sssd, Debian Linux, Fedora and 2 more 2019-08-06 2.7
A vulnerability was found in sssd. If a user was configured with no home directory set, sssd would return '/' (the root directory) instead of '' (the empty string / no home directory). This could impact services that restrict the user's...
CVE-2019-0160 2 Tianocore, Opensuse 2 Edk Ii, Leap 2019-08-06 7.5
Buffer overflow in system firmware for EDK II may allow unauthenticated user to potentially enable escalation of privilege and/or denial of service via network access.
CVE-2018-20534 2 Opensuse, Canonical 2 Libsolv, Ubuntu Linux 2019-08-06 4.3
** DISPUTED ** There is an illegal address access at ext/testcase.c in libsolv.a in libsolv through 0.7.2 that will cause a denial of service. NOTE: third parties dispute this issue stating that the issue affects the test suite and not the...
CVE-2018-20533 2 Opensuse, Canonical 2 Libsolv, Ubuntu Linux 2019-08-06 4.3
There is a NULL pointer dereference at ext/testcase.c (function testcase_str2dep_complex) in libsolvext.a in libsolv through 0.7.2 that will cause a denial of service.
CVE-2018-20532 2 Opensuse, Canonical 2 Libsolv, Ubuntu Linux 2019-08-06 4.3
There is a NULL pointer dereference at ext/testcase.c (function testcase_read) in libsolvext.a in libsolv through 0.7.2 that will cause a denial of service.
CVE-2016-10739 2 Gnu, Opensuse 2 Glibc, Leap 2019-08-06 4.6
In the GNU C Library (aka glibc or libc6) through 2.28, the getaddrinfo function would successfully parse a string that contained an IPv4 address followed by whitespace and arbitrary characters, which could lead applications to incorrectly assume...
CVE-2019-3859 5 Libssh2, Netapp, Debian and 2 more 5 Libssh2, Ontap Select Deploy Administration Utility, Debian Linux and 2 more 2019-07-25 6.4
An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the _libssh2_packet_require and _libssh2_packet_requirev functions. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the...
CVE-2019-5839 3 Google, Fedoraproject, Opensuse 4 Chrome, Fedora, Backports and 1 more 2019-07-25 4.3
Excessive data validation in URL parser in Google Chrome prior to 75.0.3770.80 allowed a remote attacker who convinced a user to input a URL to bypass website URL validation via a crafted URL.