Lucene search

K

OpenSUSE Security Vulnerabilities

cve
cve

CVE-2015-4752

Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to Server :...

4.6AI Score

0.002EPSS

2015-07-16 11:00 AM
62
2
cve
cve

CVE-2015-2648

Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to...

4.6AI Score

0.002EPSS

2015-07-16 11:00 AM
66
2
cve
cve

CVE-2015-2643

Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server :...

4.6AI Score

0.002EPSS

2015-07-16 11:00 AM
60
2
cve
cve

CVE-2015-3281

The buffer_slow_realign function in HAProxy 1.5.x before 1.5.14 and 1.6-dev does not properly realign a buffer that is used for pending outgoing data, which allows remote attackers to obtain sensitive information (uninitialized memory contents of previous requests) via a crafted...

6AI Score

0.003EPSS

2015-07-06 03:59 PM
56
cve
cve

CVE-2015-4588

Heap-based buffer overflow in the DecodeImage function in libwmf 0.2.8.4 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted "run-length count" in an image in a WMF...

7.2AI Score

0.034EPSS

2015-07-01 02:59 PM
65
cve
cve

CVE-2015-3164

The authentication setup in XWayland 1.16.x and 1.17.x before 1.17.2 starts the server in non-authenticating mode, which allows local users to read from or send information to arbitrary X11 clients via vectors involving a UNIX...

7.1AI Score

0.0004EPSS

2015-07-01 02:59 PM
35
cve
cve

CVE-2015-2141

The InvertibleRWFunction::CalculateInverse function in rw.cpp in libcrypt++ 5.6.2 does not properly blind private key operations for the Rabin-Williams digital signature algorithm, which allows remote attackers to obtain private keys via a timing...

7.2AI Score

0.004EPSS

2015-07-01 02:59 PM
41
cve
cve

CVE-2015-0848

Heap-based buffer overflow in libwmf 0.2.8.4 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted BMP...

7.3AI Score

0.026EPSS

2015-07-01 02:59 PM
55
cve
cve

CVE-2015-4146

The EAP-pwd peer implementation in hostapd and wpa_supplicant 1.0 through 2.4 does not clear the L (Length) and M (More) flags before determining if a response should be fragmented, which allows remote attackers to cause a denial of service (crash) via a crafted...

5.3AI Score

0.024EPSS

2015-06-15 03:59 PM
50
cve
cve

CVE-2015-4145

The EAP-pwd server and peer implementation in hostapd and wpa_supplicant 1.0 through 2.4 does not validate a fragment is already being processed, which allows remote attackers to cause a denial of service (memory leak) via a crafted...

5.6AI Score

0.029EPSS

2015-06-15 03:59 PM
40
cve
cve

CVE-2015-4144

The EAP-pwd server and peer implementation in hostapd and wpa_supplicant 1.0 through 2.4 does not validate that a message is long enough to contain the Total-Length field, which allows remote attackers to cause a denial of service (crash) via a crafted...

5.6AI Score

0.024EPSS

2015-06-15 03:59 PM
41
cve
cve

CVE-2015-4143

The EAP-pwd server and peer implementation in hostapd and wpa_supplicant 1.0 through 2.4 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted (1) Commit or (2) Confirm message...

5.1AI Score

0.024EPSS

2015-06-15 03:59 PM
118
cve
cve

CVE-2015-4142

Integer underflow in the WMM Action frame parser in hostapd 0.5.5 through 2.4 and wpa_supplicant 0.7.0 through 2.4, when used for AP mode MLME/SME functionality, allows remote attackers to cause a denial of service (crash) via a crafted frame, which triggers an out-of-bounds...

5.4AI Score

0.075EPSS

2015-06-15 03:59 PM
147
cve
cve

CVE-2015-4141

The WPS UPnP function in hostapd, when using WPS AP, and wpa_supplicant, when using WPS external registrar (ER), 0.7.0 through 2.4 allows remote attackers to cause a denial of service (crash) via a negative chunk length, which triggers an out-of-bounds read or heap-based buffer...

5.4AI Score

0.028EPSS

2015-06-15 03:59 PM
122
cve
cve

CVE-2015-4002

drivers/staging/ozwpan/ozusbsvc1.c in the OZWPAN driver in the Linux kernel through 4.0.5 does not ensure that certain length values are sufficiently large, which allows remote attackers to cause a denial of service (system crash or large loop) or possibly execute arbitrary code via a crafted...

7.8AI Score

0.012EPSS

2015-06-07 11:59 PM
68
cve
cve

CVE-2015-4156

GNU Parallel before 20150522 (Nepal), when using (1) --cat or (2) --fifo with --sshlogin, allows local users to write to arbitrary files via a symlink attack on a temporary...

6.5AI Score

0.0004EPSS

2015-06-02 02:59 PM
28
cve
cve

CVE-2015-3629

Libcontainer 1.6.0, as used in Docker Engine, allows local users to escape containerization ("mount namespace breakout") and write to arbitrary file on the host system via a symlink attack in an image when respawning a...

7.8CVSS

7.2AI Score

0.0004EPSS

2015-05-18 03:59 PM
35
cve
cve

CVE-2015-2718

The WebChannel.jsm module in Mozilla Firefox before 38.0 allows remote attackers to bypass the Same Origin Policy and obtain sensitive webchannel-response data via a crafted web site containing an IFRAME element referencing a different web site that is intended to read this...

8.7AI Score

0.003EPSS

2015-05-14 10:59 AM
43
cve
cve

CVE-2015-2717

Integer overflow in libstagefright in Mozilla Firefox before 38.0 allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow and out-of-bounds read) via an MP4 video file containing invalid...

9.6AI Score

0.026EPSS

2015-05-14 10:59 AM
52
cve
cve

CVE-2015-2716

Buffer overflow in the XML parser in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code by providing a large amount of compressed XML data, a related issue to...

8.6AI Score

0.033EPSS

2015-05-14 10:59 AM
335
3
cve
cve

CVE-2015-2715

Race condition in the nsThreadManager::RegisterCurrentThread function in Mozilla Firefox before 38.0 allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and heap memory corruption) by leveraging improper Media Decoder Thread creation at the time of a...

9.4AI Score

0.044EPSS

2015-05-14 10:59 AM
48
cve
cve

CVE-2015-2713

Use-after-free vulnerability in the SetBreaks function in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a document containing crafted text in...

9.4AI Score

0.022EPSS

2015-05-14 10:59 AM
58
cve
cve

CVE-2015-2712

The asm.js implementation in Mozilla Firefox before 38.0 does not properly determine heap lengths during identification of cases in which bounds checking may be safely skipped, which allows remote attackers to trigger out-of-bounds write operations and possibly execute arbitrary code, or trigger...

9.3AI Score

0.041EPSS

2015-05-14 10:59 AM
51
cve
cve

CVE-2015-2711

Mozilla Firefox before 38.0 does not recognize a referrer policy delivered by a referrer META element in cases of context-menu navigation and middle-click navigation, which allows remote attackers to obtain sensitive information by reading web-server Referer logs that contain private data in a...

8.8AI Score

0.003EPSS

2015-05-14 10:59 AM
43
cve
cve

CVE-2015-2710

Heap-based buffer overflow in the SVGTextFrame class in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code via crafted SVG graphics data in conjunction with a crafted Cascading Style Sheets (CSS) token...

9.6AI Score

0.051EPSS

2015-05-14 10:59 AM
52
cve
cve

CVE-2015-2709

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 38.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown...

9.7AI Score

0.031EPSS

2015-05-14 10:59 AM
38
cve
cve

CVE-2015-2708

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown...

9.8AI Score

0.031EPSS

2015-05-14 10:59 AM
59
cve
cve

CVE-2015-3622

The _asn1_extract_der_octet function in lib/decoding.c in GNU Libtasn1 before 4.5 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted...

6.7AI Score

0.924EPSS

2015-05-12 07:59 PM
69
cve
cve

CVE-2015-3451

The _clone function in XML::LibXML before 2.0119 does not properly set the expand_entities option, which allows remote attackers to conduct XML external entity (XXE) attacks via crafted XML data to the (1) new or (2) load_xml...

6.4AI Score

0.002EPSS

2015-05-12 07:59 PM
84
cve
cve

CVE-2014-3598

The Jpeg2KImagePlugin plugin in Pillow before 2.5.3 allows remote attackers to cause a denial of service via a crafted...

6.5AI Score

0.003EPSS

2015-05-01 03:59 PM
20
cve
cve

CVE-2015-3026

Icecast before 2.4.2, when a stream_auth handler is defined for URL authentication, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a request without login credentials, as demonstrated by a request to...

6.4AI Score

0.05EPSS

2015-04-29 08:59 PM
35
cve
cve

CVE-2015-3340

Xen 4.2.x through 4.5.x does not initialize certain fields, which allows certain remote service domains to obtain sensitive information from memory via a (1) XEN_DOMCTL_gettscinfo or (2) XEN_SYSCTL_getdomaininfolist...

6.3AI Score

0.001EPSS

2015-04-28 02:59 PM
44
cve
cve

CVE-2015-1863

Heap-based buffer overflow in wpa_supplicant 1.0 through 2.4 allows remote attackers to cause a denial of service (crash), read memory, or possibly execute arbitrary code via crafted SSID information in a management frame when creating or updating P2P...

7.1AI Score

0.03EPSS

2015-04-28 02:59 PM
60
cve
cve

CVE-2015-3148

cURL and libcurl 7.10.6 through 7.41.0 do not properly re-use authenticated Negotiate connections, which allows remote attackers to connect as other users via a...

9.1AI Score

0.005EPSS

2015-04-24 02:59 PM
82
cve
cve

CVE-2015-3145

The sanitize_cookie_path function in cURL and libcurl 7.31.0 through 7.41.0 does not properly calculate an index, which allows remote attackers to cause a denial of service (out-of-bounds write and crash) or possibly have other unspecified impact via a cookie path containing only a double-quote...

9.4AI Score

0.881EPSS

2015-04-24 02:59 PM
74
cve
cve

CVE-2015-3336

Google Chrome before 42.0.2311.90 does not always ask the user before proceeding with CONTENT_SETTINGS_TYPE_FULLSCREEN and CONTENT_SETTINGS_TYPE_MOUSELOCK changes, which allows user-assisted remote attackers to cause a denial of service (UI disruption) by constructing a crafted HTML document...

6.2AI Score

0.004EPSS

2015-04-19 10:59 AM
47
cve
cve

CVE-2015-3335

The NaClSandbox::InitializeLayerTwoSandbox function in components/nacl/loader/sandbox_linux/nacl_sandbox_linux.cc in Google Chrome before 42.0.2311.90 does not have RLIMIT_AS and RLIMIT_DATA limits for Native Client (aka NaCl) processes, which might make it easier for remote attackers to conduct...

6.6AI Score

0.005EPSS

2015-04-19 10:59 AM
35
cve
cve

CVE-2015-3334

browser/ui/website_settings/website_settings.cc in Google Chrome before 42.0.2311.90 does not always display "Media: Allowed by you" in a Permissions table after the user has granted camera permission to a web site, which might make it easier for user-assisted remote attackers to obtain sensitive.....

5.4AI Score

0.001EPSS

2015-04-19 10:59 AM
47
cve
cve

CVE-2015-1241

Google Chrome before 42.0.2311.90 does not properly consider the interaction of page navigation with the handling of touch events and gesture events, which allows remote attackers to trigger unintended UI actions via a crafted web site that conducts a "tapjacking"...

6AI Score

0.003EPSS

2015-04-19 10:59 AM
50
cve
cve

CVE-2015-0492

Unspecified vulnerability in Oracle Java SE 7u76 and 8u40, and JavaFX 2.2.76, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than...

3.6AI Score

0.009EPSS

2015-04-16 04:59 PM
45
cve
cve

CVE-2015-0491

Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40, and Java FX 2.2.76, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than...

3.8AI Score

0.057EPSS

2015-04-16 04:59 PM
59
cve
cve

CVE-2015-0486

Unspecified vulnerability in Oracle Java SE 8u40 allows remote attackers to affect confidentiality via unknown vectors related to...

3.2AI Score

0.005EPSS

2015-04-16 04:59 PM
44
cve
cve

CVE-2015-0484

Unspecified vulnerability in Oracle Java SE 7u76 and 8u40, and Java FX 2.2.76, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than...

3.6AI Score

0.009EPSS

2015-04-16 04:59 PM
43
cve
cve

CVE-2015-0459

Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40, and JavaFX 2.2.76, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than...

3.8AI Score

0.057EPSS

2015-04-16 04:59 PM
66
cve
cve

CVE-2015-0458

Unspecified vulnerability in in Oracle Java SE 6u91, 7u76, and 8u40 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to...

3.6AI Score

0.036EPSS

2015-04-16 04:59 PM
49
cve
cve

CVE-2015-3044

Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to bypass intended access restrictions and obtain sensitive information via unspecified...

5.9AI Score

0.005EPSS

2015-04-14 10:59 PM
53
cve
cve

CVE-2015-3043

Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, as exploited in the wild in April 2015, a different....

7.7AI Score

0.934EPSS

2015-04-14 10:59 PM
881
In Wild
2
cve
cve

CVE-2015-3042

Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0347,...

7.8AI Score

0.934EPSS

2015-04-14 10:59 PM
51
In Wild
cve
cve

CVE-2015-3041

Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0347,...

7.8AI Score

0.934EPSS

2015-04-14 10:59 PM
47
In Wild
cve
cve

CVE-2015-3040

Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux does not properly restrict discovery of memory addresses, which allows attackers to bypass the ASLR protection mechanism via unspecified vectors, a different...

6.3AI Score

0.005EPSS

2015-04-14 10:59 PM
52
Total number of security vulnerabilities1478