Filtered by vendor Suse
Subscriptions
Total
1206 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2015-8926 | 4 Canonical, Libarchive, Redhat and 1 more | 6 Ubuntu Linux, Libarchive, Enterprise Linux and 3 more | 2025-04-12 | N/A |
| The archive_read_format_rar_read_data function in archive_read_support_format_rar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted rar archive. | ||||
| CVE-2015-8928 | 4 Canonical, Libarchive, Redhat and 1 more | 6 Ubuntu Linux, Libarchive, Enterprise Linux and 3 more | 2025-04-12 | N/A |
| The process_add_entry function in archive_read_support_format_mtree.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mtree file. | ||||
| CVE-2015-8933 | 3 Canonical, Libarchive, Suse | 5 Ubuntu Linux, Libarchive, Linux Enterprise Desktop and 2 more | 2025-04-12 | N/A |
| Integer overflow in the archive_read_format_tar_skip function in archive_read_support_format_tar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted tar file. | ||||
| CVE-2015-8934 | 4 Canonical, Libarchive, Redhat and 1 more | 6 Ubuntu Linux, Libarchive, Enterprise Linux and 3 more | 2025-04-12 | N/A |
| The copy_from_lzss_window function in archive_read_support_format_rar.c in libarchive 3.2.0 and earlier allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted rar file. | ||||
| CVE-2015-8551 | 4 Debian, Linux, Opensuse and 1 more | 8 Debian Linux, Linux Kernel, Opensuse and 5 more | 2025-04-12 | 6.0 Medium |
| The PCI backend driver in Xen, when running on an x86 system and using Linux 3.1.x through 4.3.x as the driver domain, allows local guest administrators to hit BUG conditions and cause a denial of service (NULL pointer dereference and host OS crash) by leveraging a system with access to a passed-through MSI or MSI-X capable physical PCI device and a crafted sequence of XEN_PCI_OP_* operations, aka "Linux pciback missing sanity checks." | ||||
| CVE-2015-6855 | 6 Arista, Canonical, Debian and 3 more | 7 Eos, Ubuntu Linux, Debian Linux and 4 more | 2025-04-12 | 7.5 High |
| hw/ide/core.c in QEMU does not properly restrict the commands accepted by an ATAPI device, which allows guest users to cause a denial of service or possibly have unspecified other impact via certain IDE commands, as demonstrated by a WIN_READ_NATIVE_MAX command to an empty drive, which triggers a divide-by-zero error and instance crash. | ||||
| CVE-2015-5006 | 3 Ibm, Redhat, Suse | 11 Java 2 Sdk, Java Sdk, Enterprise Linux Desktop and 8 more | 2025-04-12 | N/A |
| IBM Java Security Components in IBM SDK, Java Technology Edition 8 before SR2, 7 R1 before SR3 FP20, 7 before SR9 FP20, 6 R1 before SR8 FP15, and 6 before SR16 FP15 allow physically proximate attackers to obtain sensitive information by reading the Kerberos Credential Cache. | ||||
| CVE-2015-5154 | 5 Fedoraproject, Qemu, Redhat and 2 more | 10 Fedora, Qemu, Enterprise Linux and 7 more | 2025-04-12 | N/A |
| Heap-based buffer overflow in the IDE subsystem in QEMU, as used in Xen 4.5.x and earlier, when the container has a CDROM drive enabled, allows local guest users to execute arbitrary code on the host via unspecified ATAPI commands. | ||||
| CVE-2015-5165 | 7 Arista, Debian, Fedoraproject and 4 more | 25 Eos, Debian Linux, Fedora and 22 more | 2025-04-12 | N/A |
| The C+ mode offload emulation in the RTL8139 network card device model in QEMU, as used in Xen 4.5.x and earlier, allows remote attackers to read process heap memory via unspecified vectors. | ||||
| CVE-2015-4106 | 6 Canonical, Citrix, Debian and 3 more | 8 Ubuntu Linux, Xenserver, Debian Linux and 5 more | 2025-04-12 | N/A |
| QEMU does not properly restrict write access to the PCI config space for certain PCI pass-through devices, which might allow local x86 HVM guests to gain privileges, cause a denial of service (host crash), obtain sensitive information, or possibly have other unspecified impact via unknown vectors. | ||||
| CVE-2015-3209 | 8 Arista, Canonical, Debian and 5 more | 20 Eos, Ubuntu Linux, Debian Linux and 17 more | 2025-04-12 | N/A |
| Heap-based buffer overflow in the PCNET controller in QEMU allows remote attackers to execute arbitrary code by sending a packet with TXSTATUS_STARTPACKET set and then a crafted packet with TXSTATUS_DEVICEOWNS set. | ||||
| CVE-2015-3281 | 6 Canonical, Debian, Haproxy and 3 more | 14 Ubuntu Linux, Debian Linux, Haproxy and 11 more | 2025-04-12 | N/A |
| The buffer_slow_realign function in HAProxy 1.5.x before 1.5.14 and 1.6-dev does not properly realign a buffer that is used for pending outgoing data, which allows remote attackers to obtain sensitive information (uninitialized memory contents of previous requests) via a crafted request. | ||||
| CVE-2015-2695 | 6 Canonical, Debian, Mit and 3 more | 9 Ubuntu Linux, Debian Linux, Kerberos 5 and 6 more | 2025-04-12 | N/A |
| lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) before 1.14 relies on an inappropriate context handle, which allows remote attackers to cause a denial of service (incorrect pointer read and process crash) via a crafted SPNEGO packet that is mishandled during a gss_inquire_context call. | ||||
| CVE-2015-2734 | 6 Canonical, Debian, Mozilla and 3 more | 11 Ubuntu Linux, Debian Linux, Firefox and 8 more | 2025-04-12 | N/A |
| The CairoTextureClientD3D9::BorrowDrawTarget function in the Direct3D 9 implementation in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 reads data from uninitialized memory locations, which has unspecified impact and attack vectors. | ||||
| CVE-2015-2041 | 3 Debian, Linux, Suse | 3 Debian Linux, Linux Kernel, Suse Linux Enterprise Server | 2025-04-12 | N/A |
| net/llc/sysctl_net_llc.c in the Linux kernel before 3.19 uses an incorrect data type in a sysctl table, which allows local users to obtain potentially sensitive information from kernel memory or possibly have unspecified other impact by accessing a sysctl entry. | ||||
| CVE-2015-0778 | 3 Fedoraproject, Opensuse, Suse | 3 Fedora, Opensuse, Opensuse Osc | 2025-04-12 | N/A |
| osc before 0.151.0 allows remote attackers to execute arbitrary commands via shell metacharacters in a _service file. | ||||
| CVE-2015-1241 | 6 Canonical, Debian, Google and 3 more | 12 Ubuntu Linux, Debian Linux, Chrome and 9 more | 2025-04-12 | N/A |
| Google Chrome before 42.0.2311.90 does not properly consider the interaction of page navigation with the handling of touch events and gesture events, which allows remote attackers to trigger unintended UI actions via a crafted web site that conducts a "tapjacking" attack. | ||||
| CVE-2015-0192 | 3 Ibm, Redhat, Suse | 10 Java, Enterprise Linux Desktop, Enterprise Linux Server and 7 more | 2025-04-12 | N/A |
| Unspecified vulnerability in IBM Java 8 before SR1, 7 R1 before SR2 FP11, 7 before SR9, 6 R1 before SR8 FP4, 6 before SR16 FP4, and 5.0 before SR16 FP10 allows remote attackers to gain privileges via unknown vectors related to the Java Virtual Machine. | ||||
| CVE-2015-0272 | 5 Canonical, Gnome, Oracle and 2 more | 10 Ubuntu Linux, Networkmanager, Linux and 7 more | 2025-04-12 | N/A |
| GNOME NetworkManager allows remote attackers to cause a denial of service (IPv6 traffic disruption) via a crafted MTU value in an IPv6 Router Advertisement (RA) message, a different vulnerability than CVE-2015-8215. | ||||
| CVE-2015-0348 | 7 Adobe, Apple, Linux and 4 more | 12 Flash Player, Mac Os X, Linux Kernel and 9 more | 2025-04-12 | N/A |
| Buffer overflow in Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code via unspecified vectors. | ||||