Opensuse ProjectCVEs & Vulnerabilities

54 CVEs affecting Opensuse Project products, tracked from the National Vulnerability Database, with CVSS/EPSS scores and exploitation status.

Most Affected Products

leap 35opensuse 22suse linux enterprise software development kit 20suse linux enterprise server 19suse linux enterprise desktop 13suse linux enterprise workstation extension 11suse linux enterprise debuginfo 7suse linux enterprise server for raspberry pi 1
CVE-2014-0081MEDIUM

Multiple cross-site scripting (XSS) vulnerabilities in actionview/lib/action_view/helpers/number_helper.rb in Ruby on Rails before 3.2.17, 4.0.x before 4.0.3, and 4.1.x before 4.1.0.beta2 allow remote attackers to inject arbitrary web script or HTML via the (1) format, (2) negative_format, or (3) units parameter to the (a) number_to_currency, (b) number_to_percentage, or (c) number_to_human helper.

20 Feb 2014
4.3
CVSS
CVE-2011-4093MEDIUM

Integer overflow in inc/server.hpp in libnet6 (aka net6) before 1.3.14 might allow remote attackers to hijack connections and gain privileges as other users by making a large number of connections until the overflow occurs and an ID of another user is provided.

10 Feb 2014
5.8
CVSS
CVE-2014-1489MEDIUM

Mozilla Firefox before 27.0 does not properly restrict access to about:home buttons by script on other pages, which allows user-assisted remote attackers to cause a denial of service (session restore) via a crafted web site.

6 Feb 2014
4.3
CVSS
CVE-2014-1484MEDIUM

Mozilla Firefox before 27.0 on Android 4.2 and earlier creates system-log entries containing profile paths, which allows attackers to obtain sensitive information via a crafted application.

6 Feb 2014
5.0
CVSS
CVE-2013-5611MEDIUM

Mozilla Firefox before 26.0 does not properly remove the Application Installation doorhanger, which makes it easier for remote attackers to spoof a Web App installation site by controlling the timing of page navigation.

11 Dec 2013
5.8
CVSS
CVE-2012-0867MEDIUM

PostgreSQL 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 truncates the common name to only 32 characters when verifying SSL certificates, which allows remote attackers to spoof connections when the host name is exactly 32 characters.

19 Jul 2012
4.3
CVSS
← PrevPage 2 / 2Next →
Opensuse Project CVEs & Vulnerabilities — 54 Tracked — Page 2