OpenSuse
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in OpenSuse.
By the Year
In 2025 there have been 0 vulnerabilities in OpenSuse. Opensuse did not have any published security vulnerabilities last year.
Year | Vulnerabilities | Average Score |
---|---|---|
2025 | 0 | 0.00 |
2024 | 0 | 0.00 |
2023 | 0 | 0.00 |
2022 | 0 | 0.00 |
2021 | 0 | 0.00 |
2020 | 2 | 6.65 |
2019 | 3 | 6.10 |
2018 | 1 | 8.80 |
It may take a day or so for new Opensuse vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent OpenSuse Security Vulnerabilities
The compile_branch function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code, cause a denial of service (out-of-bounds heap read and crash), or possibly have other unspecified impact via a regular expression with a group containing a forward reference repeated a large number of times within a repeated outer group
CVE-2015-2325
7.8 - High
- January 14, 2020
The compile_branch function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code, cause a denial of service (out-of-bounds heap read and crash), or possibly have other unspecified impact via a regular expression with a group containing a forward reference repeated a large number of times within a repeated outer group that has a zero minimum quantifier.
Out-of-bounds Read
The pcre_compile2 function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code
CVE-2015-2326
5.5 - Medium
- January 14, 2020
The pcre_compile2 function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code and cause a denial of service (out-of-bounds read) via regular expression with a group containing both a forward referencing subroutine call and a recursive back reference, as demonstrated by "((?+1)(\1))/".
Out-of-bounds Read
Docker Engine before 1.8.3 and CS Docker Engine before 1.6.2-CS7 does not properly validate and extract the manifest object from its JSON representation during a pull, which
CVE-2014-8179
7.5 - High
- December 17, 2019
Docker Engine before 1.8.3 and CS Docker Engine before 1.6.2-CS7 does not properly validate and extract the manifest object from its JSON representation during a pull, which allows attackers to inject new attributes in a JSON object and bypass pull-by-digest validation.
Improper Input Validation
Docker Engine before 1.8.3 and CS Docker Engine before 1.6.2-CS7 do not use a globally unique identifier to store image layers, which makes it easier for attackers to poison the image cache
CVE-2014-8178
5.5 - Medium
- December 17, 2019
Docker Engine before 1.8.3 and CS Docker Engine before 1.6.2-CS7 do not use a globally unique identifier to store image layers, which makes it easier for attackers to poison the image cache via a crafted image in pull or push commands.
Improper Input Validation
Horde Groupware Web mail 5.1.2 has CSRF with requests to change permissions
CVE-2013-6365
5.3 - Medium
- November 05, 2019
Horde Groupware Web mail 5.1.2 has CSRF with requests to change permissions
Session Riding
Heap-based buffer overflow in the JPEG2000 image tile decoder in OpenJPEG before 1.5.2
CVE-2014-0158
8.8 - High
- April 10, 2018
Heap-based buffer overflow in the JPEG2000 image tile decoder in OpenJPEG before 1.5.2 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file because of incorrect j2k_decode, j2k_read_eoc, and tcd_decode_tile interaction, a related issue to CVE-2013-6045. NOTE: this is not a duplicate of CVE-2013-1447, because the scope of CVE-2013-1447 was specifically defined in http://openwall.com/lists/oss-security/2013/12/04/6 as only "null pointer dereferences, division by zero, and anything that would just fit as DoS."
Buffer Overflow
Array index error in the scanstring function in the _json module in Python 2.7 through 3.5 and simplejson before 2.6.1
CVE-2014-4616
5.9 - Medium
- August 24, 2017
Array index error in the scanstring function in the _json module in Python 2.7 through 3.5 and simplejson before 2.6.1 allows context-dependent attackers to read arbitrary process memory via a negative index value in the idx argument to the raw_decode function.
out-of-bounds array index
The ".encfs6.xml" configuration file in encfs before 1.7.5
CVE-2014-3462
7.5 - High
- August 07, 2017
The ".encfs6.xml" configuration file in encfs before 1.7.5 allows remote attackers to access sensitive data by setting "blockMACBytes" to 0 and adding 8 to "blockMACRandBytes".
Information Disclosure
LibTIFF 4.0.3 allows remote attackers to cause a denial of service (out-of-bounds read and crash)
CVE-2014-8127
6.5 - Medium
- June 26, 2017
LibTIFF 4.0.3 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted TIFF image to the (1) checkInkNamesString function in tif_dir.c in the thumbnail tool, (2) compresscontig function in tiff2bw.c in the tiff2bw tool, (3) putcontig8bitCIELab function in tif_getimage.c in the tiff2rgba tool, LZWPreDecode function in tif_lzw.c in the (4) tiff2ps or (5) tiffdither tool, (6) NeXTDecode function in tif_next.c in the tiffmedian tool, or (7) TIFFWriteDirectoryTagLongLong8Array function in tif_dirwrite.c in the tiffset tool.
Out-of-bounds Read
inftrees.c in zlib 1.2.8 might
CVE-2016-9840
8.8 - High
- May 23, 2017
inftrees.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.
inffast.c in zlib 1.2.8 might
CVE-2016-9841
9.8 - Critical
- May 23, 2017
inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.
The inflateMark function in inflate.c in zlib 1.2.8 might
CVE-2016-9842
8.8 - High
- May 23, 2017
The inflateMark function in inflate.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving left shifts of negative integers.
The crc32_big function in crc32.c in zlib 1.2.8 might
CVE-2016-9843
9.8 - Critical
- May 23, 2017
The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving big-endian CRC calculation.
Memory leak in net/vmxnet3.c in QEMU
CVE-2015-8567
7.7 - High
- April 13, 2017
Memory leak in net/vmxnet3.c in QEMU allows remote attackers to cause a denial of service (memory consumption).
Memory Leak
Blkid in util-linux before 2.26rc-1
CVE-2014-9114
7.8 - High
- March 31, 2017
Blkid in util-linux before 2.26rc-1 allows local users to execute arbitrary code.
Command Injection
Memory leak in ImageMagick
CVE-2014-9848
7.5 - High
- March 20, 2017
Memory leak in ImageMagick allows remote attackers to cause a denial of service (memory consumption).
Resource Management Errors
distribute-cache.c in ImageMagick re-uses objects after they have been destroyed, which
CVE-2014-9852
9.8 - Critical
- March 17, 2017
distribute-cache.c in ImageMagick re-uses objects after they have been destroyed, which allows remote attackers to have unspecified impact via unspecified vectors.
Improper Control of Dynamically-Managed Code Resources
Memory leak in coders/rle.c in ImageMagick
CVE-2014-9853
5.5 - Medium
- March 17, 2017
Memory leak in coders/rle.c in ImageMagick allows remote attackers to cause a denial of service (memory consumption) via a crafted rle file.
Resource Management Errors
coders/tiff.c in ImageMagick
CVE-2014-9854
7.5 - High
- March 17, 2017
coders/tiff.c in ImageMagick allows remote attackers to cause a denial of service (application crash) via vectors related to the "identification of image."
Resource Management Errors
The AcquireQuantumPixels function in MagickCore/quantum.c in ImageMagick before 7.0.3-1
CVE-2016-8677
8.8 - High
- February 15, 2017
The AcquireQuantumPixels function in MagickCore/quantum.c in ImageMagick before 7.0.3-1 allows remote attackers to have unspecified impact via a crafted image file, which triggers a memory allocation failure.
The AcquireMagickMemory function in MagickCore/memory.c in ImageMagick 7.0.3.3 before 7.0.3.8
CVE-2016-8866
8.8 - High
- February 15, 2017
The AcquireMagickMemory function in MagickCore/memory.c in ImageMagick 7.0.3.3 before 7.0.3.8 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation failure. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8862.
Buffer Overflow
Integer overflow vulnerability in bdwgc before 2016-09-27
CVE-2016-9427
9.8 - Critical
- December 12, 2016
Integer overflow vulnerability in bdwgc before 2016-09-27 allows attackers to cause client of bdwgc denial of service (heap buffer overflow crash) and possibly execute arbitrary code via huge allocation.
Buffer Overflow
The parse_string function in cjson.c in the cJSON library mishandles UTF8/16 strings, which
CVE-2016-4303
9.8 - Critical
- September 26, 2016
The parse_string function in cjson.c in the cJSON library mishandles UTF8/16 strings, which allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a non-hex character in a JSON string, which triggers a heap-based buffer overflow.
Classic Buffer Overflow
idn in libidn before 1.33 might
CVE-2016-6262
7.5 - High
- September 07, 2016
idn in libidn before 1.33 might allow remote attackers to obtain sensitive memory information by reading a zero byte as input, which triggers an out-of-bounds read, a different vulnerability than CVE-2015-8948.
Out-of-bounds Read
idn in GNU libidn before 1.33 might
CVE-2015-8948
7.5 - High
- September 07, 2016
idn in GNU libidn before 1.33 might allow remote attackers to obtain sensitive memory information by reading a zero byte as input, which triggers an out-of-bounds read.
Out-of-bounds Read
Double free vulnerability in the php_wddx_process_data function in wddx.c in the WDDX extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted XML data
CVE-2016-5772
9.8 - Critical
- August 07, 2016
Double free vulnerability in the php_wddx_process_data function in wddx.c in the WDDX extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted XML data that is mishandled in a wddx_deserialize call.
Double-free
spl_array.c in the SPL extension in PHP before 5.5.37 and 5.6.x before 5.6.23 improperly interacts with the unserialize implementation and garbage collection, which
CVE-2016-5771
9.8 - Critical
- August 07, 2016
spl_array.c in the SPL extension in PHP before 5.5.37 and 5.6.x before 5.6.23 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and application crash) via crafted serialized data.
Dangling pointer
Integer overflow in the SplFileObject::fread function in spl_directory.c in the SPL extension in PHP before 5.5.37 and 5.6.x before 5.6.23
CVE-2016-5770
9.8 - Critical
- August 07, 2016
Integer overflow in the SplFileObject::fread function in spl_directory.c in the SPL extension in PHP before 5.5.37 and 5.6.x before 5.6.23 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large integer argument, a related issue to CVE-2016-5096.
Integer Overflow or Wraparound
The Apache HTTP Server through 2.4.23 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might
CVE-2016-5387
8.1 - High
- July 19, 2016
The Apache HTTP Server through 2.4.23 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue. NOTE: the vendor states "This mitigation has been assigned the identifier CVE-2016-5387"; in other words, this is not a CVE ID for a vulnerability.
ntpd in NTP 4.x before 4.2.8p8
CVE-2016-4953
7.5 - High
- July 05, 2016
ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (ephemeral-association demobilization) by sending a spoofed crypto-NAK packet with incorrect authentication data at a certain time.
authentification
The process_packet function in ntp_proto.c in ntpd in NTP 4.x before 4.2.8p8
CVE-2016-4954
7.5 - High
- July 05, 2016
The process_packet function in ntp_proto.c in ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (peer-variable modification) by sending spoofed packets from many source IP addresses in a certain scenario, as demonstrated by triggering an incorrect leap indication.
Race Condition
ntpd in NTP 4.x before 4.2.8p8, when autokey is enabled
CVE-2016-4955
5.9 - Medium
- July 05, 2016
ntpd in NTP 4.x before 4.2.8p8, when autokey is enabled, allows remote attackers to cause a denial of service (peer-variable clearing and association outage) by sending (1) a spoofed crypto-NAK packet or (2) a packet with an incorrect MAC value at a certain time.
Race Condition
ntpd in NTP 4.x before 4.2.8p8
CVE-2016-4956
5.3 - Medium
- July 05, 2016
ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (interleaved-mode transition and time change) via a spoofed broadcast packet. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-1548.
ntpd in NTP before 4.2.8p8 allows remote attackers to cause a denial of service (daemon crash) via a crypto-NAK packet
CVE-2016-4957
7.5 - High
- July 05, 2016
ntpd in NTP before 4.2.8p8 allows remote attackers to cause a denial of service (daemon crash) via a crypto-NAK packet. NOTE: this vulnerability exists because of an incorrect fix for CVE-2016-1547.
NULL Pointer Dereference
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier
CVE-2016-4155
8.8 - High
- June 16, 2016
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.
Memory Corruption
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier
CVE-2016-4139
8.8 - High
- June 16, 2016
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier
CVE-2016-4124
8.8 - High
- June 16, 2016
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.
Memory Corruption
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier
CVE-2016-4138
9.8 - Critical
- June 16, 2016
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier
CVE-2016-4137
8.8 - High
- June 16, 2016
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier
CVE-2016-4122
8.8 - High
- June 16, 2016
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.
Memory Corruption
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier
CVE-2016-4151
8.8 - High
- June 16, 2016
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.
Memory Corruption
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier
CVE-2016-4136
8.8 - High
- June 16, 2016
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier
CVE-2016-4135
8.8 - High
- June 16, 2016
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier
CVE-2016-4134
8.8 - High
- June 16, 2016
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier
CVE-2016-4150
8.8 - High
- June 16, 2016
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.
Memory Corruption
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier
CVE-2016-4128
8.8 - High
- June 16, 2016
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.
Memory Corruption
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier
CVE-2016-4152
8.8 - High
- June 16, 2016
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.
Memory Corruption
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier
CVE-2016-4153
8.8 - High
- June 16, 2016
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.
Memory Corruption
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier
CVE-2016-4149
8.8 - High
- June 16, 2016
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.
Object Type Confusion
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier
CVE-2016-4129
8.8 - High
- June 16, 2016
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.
Memory Corruption