Opensuseproject Opensuseproject

  1. Vendors
  2. Opensuseproject

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in any Opensuseproject product.

RSS Feeds for Opensuseproject security vulnerabilities

Create a CVE RSS feed including security vulnerabilities found in Opensuseproject products with stack.watch. Just hit watch, then grab your custom RSS feed url.

Products by Opensuseproject Sorted by Most Security Vulnerabilities since 2018

Opensuseproject Opensuse8 vulnerabilities

Opensuseproject Leap7 vulnerabilities

Opensuseproject Suse Linux Enterprise Desktop3 vulnerabilities

Opensuseproject Suse Linux Enterprise Software Development Kit3 vulnerabilities

Opensuseproject Suse Linux Enterprise Server2 vulnerabilities

Opensuseproject Suse Linux Enterprise Server Raspberry Pi1 vulnerability

Opensuseproject Suse Linux Enterprise Workstation Extension1 vulnerability

By the Year

In 2025 there have been 0 vulnerabilities in Opensuseproject.

Year Vulnerabilities Average Score
2025 0 0.00

It may take a day or so for new Opensuseproject vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Opensuseproject Security Vulnerabilities

CVE Date Vulnerability Products
CVE-2017-17805 Dec 20, 2017
The Salsa20 encryption algorithm in the Linux kernel before 4.14.8 does not correctly handle zero-length inputs, allowing a local attacker able to use the AF_ALG-based skcipher interface (CONFIG_CRYPTO_USER_API_SKCIPHER) to cause a denial of service (uninitialized-memory free and kernel crash) or have unspecified other impact by executing a crafted sequence of system calls The Salsa20 encryption algorithm in the Linux kernel before 4.14.8 does not correctly handle zero-length inputs, allowing a local attacker able to use the AF_ALG-based skcipher interface (CONFIG_CRYPTO_USER_API_SKCIPHER) to cause a denial of service (uninitialized-memory free and kernel crash) or have unspecified other impact by executing a crafted sequence of system calls that use the blkcipher_walk API. Both the generic implementation (crypto/salsa20_generic.c) and x86 implementation (arch/x86/crypto/salsa20_glue.c) of Salsa20 were vulnerable.
Leap
CVE-2017-17806 Dec 20, 2017
The HMAC implementation (crypto/hmac.c) in the Linux kernel before 4.14.8 does not validate The HMAC implementation (crypto/hmac.c) in the Linux kernel before 4.14.8 does not validate that the underlying cryptographic hash algorithm is unkeyed, allowing a local attacker able to use the AF_ALG-based hash interface (CONFIG_CRYPTO_USER_API_HASH) and the SHA-3 hash algorithm (CONFIG_CRYPTO_SHA3) to cause a kernel stack buffer overflow by executing a crafted sequence of system calls that encounter a missing SHA-3 initialization.
Leap
CVE-2014-4616 Aug 24, 2017
Array index error in the scanstring function in the _json module in Python 2.7 through 3.5 and simplejson before 2.6.1 Array index error in the scanstring function in the _json module in Python 2.7 through 3.5 and simplejson before 2.6.1 allows context-dependent attackers to read arbitrary process memory via a negative index value in the idx argument to the raw_decode function.
Opensuse
CVE-2015-3405 Aug 09, 2017
ntp-keygen in ntp 4.2.8px before 4.2.8p2-RC2 and 4.3.x before 4.3.12 does not generate MD5 keys with sufficient entropy on big endian machines when the lowest order byte of the temp variable is between 0x20 and 0x7f and not #, which might ntp-keygen in ntp 4.2.8px before 4.2.8p2-RC2 and 4.3.x before 4.3.12 does not generate MD5 keys with sufficient entropy on big endian machines when the lowest order byte of the temp variable is between 0x20 and 0x7f and not #, which might allow remote attackers to obtain the value of generated MD5 keys via a brute force attack with the 93 possible keys.
Suse Linux Enterprise Desktop
CVE-2016-9960 Jun 06, 2017
game-music-emu before 0.6.1 game-music-emu before 0.6.1 allows local users to cause a denial of service (divide by zero and process crash).
Leap
CVE-2016-9961 Jun 06, 2017
game-music-emu before 0.6.1 mishandles unspecified integer values. game-music-emu before 0.6.1 mishandles unspecified integer values.
Leap
CVE-2014-9848 Mar 20, 2017
Memory leak in ImageMagick Memory leak in ImageMagick allows remote attackers to cause a denial of service (memory consumption).
Suse Linux Enterprise Workstation Extension
Suse Linux Enterprise Server Raspberry Pi
Leap
And others...
CVE-2014-9853 Mar 17, 2017
Memory leak in coders/rle.c in ImageMagick Memory leak in coders/rle.c in ImageMagick allows remote attackers to cause a denial of service (memory consumption) via a crafted rle file.
Suse Linux Enterprise Software Development Kit
CVE-2016-9436 Jan 20, 2017
parsetagx.c in w3m before 0.5.3+git20161009 does not properly initialize values, which parsetagx.c in w3m before 0.5.3+git20161009 does not properly initialize values, which allows remote attackers to crash the application via a crafted html file, related to a <i> tag.
Leap
CVE-2016-9435 Jan 20, 2017
The HTMLtagproc1 function in file.c in w3m before 0.5.3+git20161009 does not properly initialize values, which The HTMLtagproc1 function in file.c in w3m before 0.5.3+git20161009 does not properly initialize values, which allows remote attackers to crash the application via a crafted html file, related to <dd> tags.
Leap
CVE-2014-4258 Jul 17, 2014
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier and 5.6.17 and earlier Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier and 5.6.17 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to SRINFOSC.
Suse Linux Enterprise Software Development Kit
Suse Linux Enterprise Server
Suse Linux Enterprise Desktop
And others...
CVE-2014-3004 Jun 11, 2014
The default configuration for the Xerces SAX Parser in Castor before 1.3.3 The default configuration for the Xerces SAX Parser in Castor before 1.3.3 allows context-dependent attackers to conduct XML External Entity (XXE) attacks via a crafted XML document.
Opensuse
CVE-2014-1502 Mar 19, 2014
The (1) WebGL.compressedTexImage2D and (2) WebGL.compressedTexSubImage2D functions in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 The (1) WebGL.compressedTexImage2D and (2) WebGL.compressedTexSubImage2D functions in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote attackers to bypass the Same Origin Policy and render content in a different domain via unspecified vectors.
Opensuse
CVE-2014-1500 Mar 19, 2014
Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote attackers to cause a denial of service (resource consumption and application hang) via onbeforeunload events Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote attackers to cause a denial of service (resource consumption and application hang) via onbeforeunload events that trigger background JavaScript execution.
Opensuse
CVE-2014-1499 Mar 19, 2014
Mozilla Firefox before 28.0 and SeaMonkey before 2.25 Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote attackers to spoof the domain name in the WebRTC (1) camera or (2) microphone permission prompt by triggering navigation at a certain time during generation of this prompt.
Opensuse
CVE-2014-1498 Mar 19, 2014
The crypto.generateCRMFRequest method in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 does not properly validate a certain key type, which allows remote attackers to cause a denial of service (application crash) via vectors The crypto.generateCRMFRequest method in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 does not properly validate a certain key type, which allows remote attackers to cause a denial of service (application crash) via vectors that trigger generation of a key that supports the Elliptic Curve ec-dual-use algorithm.
Opensuse
CVE-2014-1494 Mar 19, 2014
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
Opensuse
CVE-2011-4093 Feb 10, 2014
Integer overflow in inc/server.hpp in libnet6 (aka net6) before 1.3.14 might Integer overflow in inc/server.hpp in libnet6 (aka net6) before 1.3.14 might allow remote attackers to hijack connections and gain privileges as other users by making a large number of connections until the overflow occurs and an ID of another user is provided.
Opensuse
Built by Foundeo Inc., with data from the National Vulnerability Database (NVD). Privacy Policy. Use of this site is governed by the Legal Terms
Disclaimer
CONTENT ON THIS WEBSITE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. Always check with your vendor for the most up to date, and accurate information.