Vulnerabilities > Opensuse

DATE CVE VULNERABILITY TITLE RISK
2016-01-22 CVE-2016-1572 Improper Privilege Management vulnerability in multiple products
mount.ecryptfs_private.c in eCryptfs-utils does not validate mount destination filesystem types, which allows local users to gain privileges by mounting over a nonstandard filesystem, as demonstrated by /proc/$pid.
8.4
2016-01-22 CVE-2015-7744 wolfSSL (formerly CyaSSL) before 3.6.8 does not properly handle faults associated with the Chinese Remainder Theorem (CRT) process when allowing ephemeral key exchange without low memory optimizations on a server, which makes it easier for remote attackers to obtain private RSA keys by capturing TLS handshakes, aka a Lenstra attack.
network
high complexity
wolfssl opensuse mariadb
5.9
2016-01-21 CVE-2016-0502 Unspecified vulnerability in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.
network
low complexity
opensuse oracle mariadb
6.5
2016-01-15 CVE-2016-1898 Information Exposure vulnerability in multiple products
FFmpeg 2.x allows remote attackers to conduct cross-origin attacks and read arbitrary files by using the subfile protocol in an HTTP Live Streaming (HLS) M3U8 file, leading to an external HTTP request in which the URL string contains an arbitrary line of a local file.
local
low complexity
ffmpeg canonical opensuse CWE-200
5.5
2016-01-15 CVE-2016-1897 Information Exposure vulnerability in multiple products
FFmpeg 2.x allows remote attackers to conduct cross-origin attacks and read arbitrary files by using the concat protocol in an HTTP Live Streaming (HLS) M3U8 file, leading to an external HTTP request in which the URL string contains the first line of a local file.
local
low complexity
ffmpeg canonical opensuse CWE-200
5.5
2016-01-13 CVE-2016-1494 Improper Input Validation vulnerability in multiple products
The verify function in the RSA package for Python (Python-RSA) before 3.3 allows attackers to spoof signatures with a small public exponent via crafted signature padding, aka a BERserk attack.
network
low complexity
python fedoraproject opensuse CWE-20
5.3
2016-01-09 CVE-2015-7575 Data Processing Errors vulnerability in multiple products
Mozilla Network Security Services (NSS) before 3.20.2, as used in Mozilla Firefox before 43.0.2 and Firefox ESR 38.x before 38.5.2, does not reject MD5 signatures in Server Key Exchange messages in TLS 1.2 Handshake Protocol traffic, which makes it easier for man-in-the-middle attackers to spoof servers by triggering a collision.
network
high complexity
mozilla opensuse canonical CWE-19
5.9
2016-01-08 CVE-2015-8547 Code vulnerability in multiple products
The CoreUserInputHandler::doMode function in core/coreuserinputhandler.cpp in Quassel 0.10.0 allows remote attackers to cause a denial of service (application crash) via the "/op *" command in a query.
network
low complexity
quassel-irc opensuse CWE-17
7.5
2016-01-08 CVE-2015-7758 Link Following vulnerability in multiple products
Gummi 0.6.5 allows local users to write to arbitrary files via a symlink attack on a temporary dot file that uses the name of an existing file and a (1) .aux, (2) .log, (3) .out, (4) .pdf, or (5) .toc extension for the file name, as demonstrated by .thesis.tex.aux.
local
low complexity
opensuse gummi-project CWE-59
3.3
2015-12-28 CVE-2015-8651 Integer Overflow or Wraparound vulnerability in multiple products
Integer overflow in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR SDK before 20.0.0.233, and Adobe AIR SDK & Compiler before 20.0.0.233 allows attackers to execute arbitrary code via unspecified vectors.
network
low complexity
adobe redhat suse opensuse hp CWE-190
8.8