Opensuse

Opensuse

1454 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3

CVE-2015-3622

Exploit
  • EPSS 6.06%
  • Veröffentlicht 12.05.2015 19:59:24
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The _asn1_extract_der_octet function in lib/decoding.c in GNU Libtasn1 before 4.5 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted certificate.

5

CVE-2015-3451

  • EPSS 4.98%
  • Veröffentlicht 12.05.2015 19:59:21
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The _clone function in XML::LibXML before 2.0119 does not properly set the expand_entities option, which allows remote attackers to conduct XML external entity (XXE) attacks via crafted XML data to the (1) new or (2) load_xml function.

5

CVE-2014-3598

  • EPSS 0.4%
  • Veröffentlicht 01.05.2015 15:59:00
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The Jpeg2KImagePlugin plugin in Pillow before 2.5.3 allows remote attackers to cause a denial of service via a crafted image.

5

CVE-2015-3026

Exploit
  • EPSS 15.32%
  • Veröffentlicht 29.04.2015 20:59:02
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Icecast before 2.4.2, when a stream_auth handler is defined for URL authentication, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a request without login credentials, as demonstrated by a request to "ad...

2.9

CVE-2015-3340

  • EPSS 0.63%
  • Veröffentlicht 28.04.2015 14:59:02
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Xen 4.2.x through 4.5.x does not initialize certain fields, which allows certain remote service domains to obtain sensitive information from memory via a (1) XEN_DOMCTL_gettscinfo or (2) XEN_SYSCTL_getdomaininfolist request.

5.8

CVE-2015-1863

  • EPSS 5.38%
  • Veröffentlicht 28.04.2015 14:59:01
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Heap-based buffer overflow in wpa_supplicant 1.0 through 2.4 allows remote attackers to cause a denial of service (crash), read memory, or possibly execute arbitrary code via crafted SSID information in a management frame when creating or updating P2...

5

CVE-2015-3148

  • EPSS 1.71%
  • Veröffentlicht 24.04.2015 14:59:11
  • Zuletzt bearbeitet 12.04.2025 10:46:40

cURL and libcurl 7.10.6 through 7.41.0 do not properly re-use authenticated Negotiate connections, which allows remote attackers to connect as other users via a request.

7.5

CVE-2015-3145

  • EPSS 63.65%
  • Veröffentlicht 24.04.2015 14:59:10
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The sanitize_cookie_path function in cURL and libcurl 7.31.0 through 7.41.0 does not properly calculate an index, which allows remote attackers to cause a denial of service (out-of-bounds write and crash) or possibly have other unspecified impact via...

4.3

CVE-2015-3336

Exploit
  • EPSS 0.89%
  • Veröffentlicht 19.04.2015 10:59:16
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Google Chrome before 42.0.2311.90 does not always ask the user before proceeding with CONTENT_SETTINGS_TYPE_FULLSCREEN and CONTENT_SETTINGS_TYPE_MOUSELOCK changes, which allows user-assisted remote attackers to cause a denial of service (UI disruptio...

7.5

CVE-2015-3335

Exploit
  • EPSS 2.07%
  • Veröffentlicht 19.04.2015 10:59:15
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The NaClSandbox::InitializeLayerTwoSandbox function in components/nacl/loader/sandbox_linux/nacl_sandbox_linux.cc in Google Chrome before 42.0.2311.90 does not have RLIMIT_AS and RLIMIT_DATA limits for Native Client (aka NaCl) processes, which might ...