Opensuse

This hub aggregates every CVE we track for Opensuse, a product in the operating systems space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Opensuse.

• CVE-2026-44933Path Traversal in Plugin Loading in libzypp7.8May 20, 2026
• CVE-2016-3718​Уязвимость реализации HTTP- или FTP-протокола консольного графического редактора ImageMagick, позволяющая нарушителю осуществить SSRF-атаку7.4Nov 25, 2021
• CVE-2013-2637A Cross-Site Scripting (XSS) Vulnerability exists in OTRS ITSM prior to 3.2.4, 3.1.8, and 3.0.7 and FAQ prior to 2.1.4 and 2.0.8 via changes, workorder items, and FAQ articles, which could let a re...6.1Feb 12, 2020
• CVE-2014-1958Buffer overflow in the DecodePSDPixels function in coders/psd.c in ImageMagick before 6.8.8-5 might allow remote attackers to execute arbitrary code via a crafted PSD image, involving the L%06ld st...8.8Feb 6, 2020
• CVE-2014-2030Stack-based buffer overflow in the WritePSDImage function in coders/psd.c in ImageMagick, possibly 6.8.8-5, allows remote attackers to cause a denial of service (crash) and possibly execute arbitra...8.8Feb 6, 2020
• CVE-2020-8597eap.c in pppd in ppp 2.4.2 through 2.4.8 has an rhostname buffer overflow in the eap_request and eap_response functions.9.8Feb 3, 2020
• CVE-2013-3565Multiple cross-site scripting (XSS) vulnerabilities in the HTTP Interface in VideoLAN VLC Media Player before 2.0.7 allow remote attackers to inject arbitrary web script or HTML via the (1) command...6.1Jan 31, 2020
• CVE-2006-7246NetworkManager 0.9.x does not pin a certificate's subject to an ESSID when 802.11X authentication is used.6.8Jan 27, 2020
• CVE-2015-5333Memory leak in the OBJ_obj2txt function in LibreSSL before 2.3.1 allows remote attackers to cause a denial of service (memory consumption) via a large number of ASN.1 object identifiers in X.509 ce...7.5Jan 23, 2020
• CVE-2015-5334Off-by-one error in the OBJ_obj2txt function in LibreSSL before 2.3.1 allows remote attackers to cause a denial of service (program crash) or possible execute arbitrary code via a crafted X.509 cer...9.8Jan 23, 2020
• CVE-2015-2326The pcre_compile2 function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code and cause a denial of service (out-of-bounds read) via regular expression with a group co...5.5Jan 14, 2020
• CVE-2015-2325The compile_branch function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code, cause a denial of service (out-of-bounds heap read and crash), or possibly have other u...7.8Jan 14, 2020
• CVE-2012-2142The error function in Error.cc in poppler before 0.21.4 allows remote attackers to execute arbitrary commands via a PDF containing an escape sequence for a terminal emulator.7.8Jan 9, 2020
• CVE-2012-2736In NetworkManager 0.9.2.0, when a new wireless network was created with WPA/WPA2 security in AdHoc mode, it created an open/insecure network.4.4Dec 26, 2019
• CVE-2014-3495duplicity 0.6.24 has improper verification of SSL certificates7.5Dec 13, 2019