Vulnerabilities > Opensuse > Low

DATE CVE VULNERABILITY TITLE RISK
2016-09-11 CVE-2016-5166 Information Exposure vulnerability in multiple products
The download implementation in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not properly restrict saving a file:// URL that is referenced by an http:// URL, which makes it easier for user-assisted remote attackers to discover NetNTLM hashes and conduct SMB relay attacks via a crafted web page that is accessed with the "Save page as" menu choice.
network
high complexity
google opensuse CWE-200
3.1
3.1
2016-04-21 CVE-2016-0643 Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows local users to affect confidentiality via vectors related to DML.
local
low complexity
debian redhat ibm opensuse oracle mariadb
3.3
3.3
2016-04-20 CVE-2014-9770 Permissions, Privileges, and Access Controls vulnerability in Opensuse 13.2
tmpfiles.d/systemd.conf in systemd before 214 uses weak permissions for journal files under (1) /run/log/journal/%m and (2) /var/log/journal/%m, which allows local users to obtain sensitive information by reading these files.
local
low complexity
opensuse CWE-264
3.3
3.3
2016-04-20 CVE-2015-8842 Permissions, Privileges, and Access Controls vulnerability in Opensuse 13.2
tmpfiles.d/systemd.conf in systemd before 229 uses weak permissions for /var/log/journal/%m/system.journal, which allows local users to obtain sensitive information by reading the file.
local
low complexity
opensuse CWE-264
3.3
3.3
2016-01-08 CVE-2015-7758 Link Following vulnerability in multiple products
Gummi 0.6.5 allows local users to write to arbitrary files via a symlink attack on a temporary dot file that uses the name of an existing file and a (1) .aux, (2) .log, (3) .out, (4) .pdf, or (5) .toc extension for the file name, as demonstrated by .thesis.tex.aux.
local
low complexity
opensuse gummi-project CWE-59
3.3
3.3
2014-12-12 CVE-2014-8134 The paravirt_ops_setup function in arch/x86/kernel/kvm.c in the Linux kernel through 3.18 uses an improper paravirt_enabled setting for KVM guest kernels, which makes it easier for guest OS users to bypass the ASLR protection mechanism via a crafted application that reads a 16-bit value.
local
low complexity
linux canonical opensuse suse oracle
3.3
3.3
2014-10-15 CVE-2014-3566 Cryptographic Issues vulnerability in multiple products
The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue. 		3.4
3.4