Vulnerabilities > Opensuse
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2015-10-21 | CVE-2015-4792 | Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition, a different vulnerability than CVE-2015-4802. | 1.7 |
2015-10-15 | CVE-2015-7645 | Adobe Flash Player 18.x through 18.0.0.252 and 19.x through 19.0.0.207 on Windows and OS X and 11.x through 11.2.202.535 on Linux allows remote attackers to execute arbitrary code via a crafted SWF file, as exploited in the wild in October 2015. | 7.8 |
2015-10-09 | CVE-2015-5235 | Improper Input Validation vulnerability in multiple products IcedTea-Web before 1.5.3 and 1.6.x before 1.6.1 does not properly determine the origin of unsigned applets, which allows remote attackers to bypass the approval process or trick users into approving applet execution via a crafted web page. | 4.3 |
2015-10-09 | CVE-2015-5234 | Improper Input Validation vulnerability in multiple products IcedTea-Web before 1.5.3 and 1.6.x before 1.6.1 does not properly sanitize applet URLs, which allows remote attackers to inject applets into the .appletTrustSettings configuration file and bypass user approval to execute the applet via a crafted web page, possibly related to line breaks. | 6.8 |
2015-10-09 | CVE-2015-5828 | Improper Input Validation vulnerability in multiple products The API in the WebKit Plug-ins component in Apple Safari before 9 does not provide notification of an HTTP Redirection (aka 3xx) status code to a plugin, which allows remote attackers to bypass intended request restrictions via a crafted web site. | 4.3 |
2015-09-28 | CVE-2015-5957 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Buffer overflow in the DumpSysVar function in var.c in Remind before 3.1.15 allows attackers to have unspecified impact via a long name. | 10.0 |
2015-09-28 | CVE-2015-5185 | Denial of Service vulnerability in SBLIM-SFCB 'lookupProviders()' Function The lookupProviders function in providerMgr.c in sblim-sfcb 1.3.4 and 1.3.18 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty className in a packet. | 5.0 |
2015-09-21 | CVE-2015-6938 | Cross-site Scripting vulnerability in multiple products Cross-site scripting (XSS) vulnerability in the file browser in notebook/notebookapp.py in IPython Notebook before 3.2.2 and Jupyter Notebook 4.0.x before 4.0.5 allows remote attackers to inject arbitrary web script or HTML via a folder name. | 4.3 |
2015-09-14 | CVE-2014-9745 | Resource Management Errors vulnerability in multiple products The parse_encoding function in type1/t1load.c in FreeType before 2.5.3 allows remote attackers to cause a denial of service (infinite loop) via a "broken number-with-base" in a Postscript stream, as demonstrated by 8#garbage. | 5.0 |
2015-08-24 | CVE-2014-9744 | Resource Management Errors vulnerability in multiple products Memory leak in PolarSSL before 1.3.9 allows remote attackers to cause a denial of service (memory consumption) via a large number of ClientHello messages. | 7.8 |