Lucene search

K

OpenSUSE Security Vulnerabilities

cve
cve

CVE-2015-3039

Use-after-free vulnerability in Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-0349, CVE-2015-0351, and...

7.5AI Score

0.474EPSS

2015-04-14 10:59 PM
50
cve
cve

CVE-2015-3038

Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0347,...

7.8AI Score

0.934EPSS

2015-04-14 10:59 PM
58
In Wild
cve
cve

CVE-2015-0360

Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0347,...

7.8AI Score

0.934EPSS

2015-04-14 10:59 PM
48
In Wild
cve
cve

CVE-2015-0358

Use-after-free vulnerability in Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-0349, CVE-2015-0351, and...

7.5AI Score

0.474EPSS

2015-04-14 10:59 PM
50
cve
cve

CVE-2015-0355

Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0347,...

7.8AI Score

0.934EPSS

2015-04-14 10:59 PM
49
In Wild
cve
cve

CVE-2015-0354

Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0347,...

7.8AI Score

0.934EPSS

2015-04-14 10:59 PM
57
In Wild
cve
cve

CVE-2015-0353

Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0347,...

7.8AI Score

0.934EPSS

2015-04-14 10:59 PM
51
In Wild
cve
cve

CVE-2015-0352

Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0347,...

7.8AI Score

0.934EPSS

2015-04-14 10:59 PM
48
In Wild
cve
cve

CVE-2015-0351

Use-after-free vulnerability in Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-0349, CVE-2015-0358, and...

7.5AI Score

0.474EPSS

2015-04-14 10:59 PM
53
cve
cve

CVE-2015-0350

Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0347,...

7.8AI Score

0.934EPSS

2015-04-14 10:59 PM
58
In Wild
cve
cve

CVE-2015-0349

Use-after-free vulnerability in Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-0351, CVE-2015-0358, and...

7.5AI Score

0.474EPSS

2015-04-14 10:59 PM
52
cve
cve

CVE-2015-0348

Buffer overflow in Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code via unspecified...

7.7AI Score

0.192EPSS

2015-04-14 10:59 PM
59
cve
cve

CVE-2015-0347

Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0350,...

7.8AI Score

0.934EPSS

2015-04-14 10:59 PM
52
In Wild
cve
cve

CVE-2015-0346

Double free vulnerability in Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than...

7.5AI Score

0.975EPSS

2015-04-14 10:59 PM
51
cve
cve

CVE-2014-9488

The is_utf8_well_formed function in GNU less before 475 allows remote attackers to have unspecified impact via malformed UTF-8 characters, which triggers an out-of-bounds...

6.7AI Score

0.009EPSS

2015-04-14 06:59 PM
32
cve
cve

CVE-2015-0251

The mod_dav_svn server in Subversion 1.5.0 through 1.7.19 and 1.8.0 through 1.8.11 allows remote authenticated users to spoof the svn:author property via a crafted v1 HTTP protocol request...

7.7AI Score

0.004EPSS

2015-04-08 06:59 PM
71
cve
cve

CVE-2015-0248

The (1) mod_dav_svn and (2) svnserve servers in Subversion 1.6.0 through 1.7.19 and 1.8.0 through 1.8.11 allow remote attackers to cause a denial of service (assertion failure and abort) via crafted parameter combinations related to dynamically evaluated revision...

7.9AI Score

0.037EPSS

2015-04-08 06:59 PM
66
cve
cve

CVE-2015-0202

The mod_dav_svn server in Subversion 1.8.0 through 1.8.11 allows remote attackers to cause a denial of service (memory consumption) via a large number of REPORT requests, which trigger the traversal of FSFS repository...

7.9AI Score

0.008EPSS

2015-04-08 06:59 PM
35
cve
cve

CVE-2015-0799

The HTTP Alternative Services feature in Mozilla Firefox before 37.0.1 allows man-in-the-middle attackers to bypass an intended X.509 certificate-verification step for an SSL server by specifying that server in the uri-host field of an Alt-Svc HTTP/2 response...

9.1AI Score

0.001EPSS

2015-04-08 10:59 AM
48
cve
cve

CVE-2015-0812

Mozilla Firefox before 37.0 does not require an HTTPS session for lightweight theme add-on installations, which allows man-in-the-middle attackers to bypass an intended user-confirmation requirement by deploying a crafted web site and conducting a DNS spoofing attack against a mozilla.org...

9AI Score

0.002EPSS

2015-04-01 10:59 AM
55
cve
cve

CVE-2015-0811

The QCMS implementation in Mozilla Firefox before 37.0 allows remote attackers to obtain sensitive information from process heap memory or cause a denial of service (out-of-bounds read) via an image that is improperly handled during...

8.9AI Score

0.027EPSS

2015-04-01 10:59 AM
46
cve
cve

CVE-2015-0808

The webrtc::VPMContentAnalysis::Release function in the WebRTC implementation in Mozilla Firefox before 37.0 uses incompatible approaches to the deallocation of memory for simple-type arrays, which might allow remote attackers to cause a denial of service (memory corruption) via unspecified...

8.8AI Score

0.018EPSS

2015-04-01 10:59 AM
43
cve
cve

CVE-2015-0806

The Off Main Thread Compositing (OMTC) implementation in Mozilla Firefox before 37.0 attempts to use memset for a memory region of negative length during interaction with the mozilla::layers::BufferTextureClient::AllocateForSurface function, which allows remote attackers to execute arbitrary code.....

9.4AI Score

0.044EPSS

2015-04-01 10:59 AM
46
cve
cve

CVE-2015-0805

The Off Main Thread Compositing (OMTC) implementation in Mozilla Firefox before 37.0 makes an incorrect memset call during interaction with the mozilla::layers::BufferTextureClient::AllocateForSurface function, which allows remote attackers to execute arbitrary code or cause a denial of service...

9.5AI Score

0.044EPSS

2015-04-01 10:59 AM
40
cve
cve

CVE-2015-0804

The HTMLSourceElement::BindToTree function in Mozilla Firefox before 37.0 does not properly constrain a data type after omitting namespace validation during certain tree-binding operations, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via a.....

9.3AI Score

0.038EPSS

2015-04-01 10:59 AM
45
cve
cve

CVE-2015-0803

The HTMLSourceElement::AfterSetAttr function in Mozilla Firefox before 37.0 does not properly constrain the original data type of a casted value during the setting of a SOURCE element's attributes, which allows remote attackers to execute arbitrary code or cause a denial of service...

9.3AI Score

0.038EPSS

2015-04-01 10:59 AM
41
cve
cve

CVE-2015-0802

Mozilla Firefox before 37.0 relies on docshell type information instead of page principal information for Window.webidl access control, which might allow remote attackers to execute arbitrary JavaScript code with chrome privileges via certain content navigation that leverages the reachability of a....

9.2AI Score

0.397EPSS

2015-04-01 10:59 AM
65
cve
cve

CVE-2015-2808

The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic...

4.8AI Score

0.003EPSS

2015-04-01 02:00 AM
769
2
cve
cve

CVE-2014-9462

The _validaterepo function in sshpeer in Mercurial before 3.2.4 allows remote attackers to execute arbitrary commands via a crafted repository name in a clone...

9.2AI Score

0.038EPSS

2015-03-31 02:59 PM
36
cve
cve

CVE-2015-2787

Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages use of the unset function within an....

8.1AI Score

0.721EPSS

2015-03-30 10:59 AM
140
cve
cve

CVE-2015-2348

The move_uploaded_file implementation in ext/standard/basic_functions.c in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 truncates a pathname upon encountering a \x00 character, which allows remote attackers to bypass intended extension restrictions and create files with...

7.4AI Score

0.008EPSS

2015-03-30 10:59 AM
95
cve
cve

CVE-2015-2331

Integer overflow in the _zip_cdir_new function in zip_dirent.c in libzip 0.11.2 and earlier, as used in the ZIP extension in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 and other products, allows remote attackers to cause a denial of service (application crash) or possibly...

10AI Score

0.953EPSS

2015-03-30 10:59 AM
134
cve
cve

CVE-2015-2305

Integer overflow in the regcomp implementation in the Henry Spencer BSD regex library (aka rxspencer) alpha3.8.g5 on 32-bit platforms, as used in NetBSD through 6.1.5 and other products, might allow context-dependent attackers to execute arbitrary code via a large regular expression that leads to.....

8.1AI Score

0.006EPSS

2015-03-30 10:59 AM
105
cve
cve

CVE-2015-2301

Use-after-free vulnerability in the phar_rename_archive function in phar_object.c in PHP before 5.5.22 and 5.6.x before 5.6.6 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an attempted renaming of a Phar archive to the name.....

7.9AI Score

0.016EPSS

2015-03-30 10:59 AM
156
cve
cve

CVE-2014-9709

The GetCode_ function in gd_gif_in.c in GD 2.1.1 and earlier, as used in PHP before 5.5.21 and 5.6.x before 5.6.5, allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted GIF image that is improperly handled by the gdImageCreateFromGif...

6.9AI Score

0.039EPSS

2015-03-30 10:59 AM
82
4
cve
cve

CVE-2015-2157

The (1) ssh2_load_userkey and (2) ssh2_save_userkey functions in PuTTY 0.51 through 0.63 do not properly wipe SSH-2 private keys from memory, which allows local users to obtain sensitive information by reading the...

5.5AI Score

0.0004EPSS

2015-03-27 02:59 PM
40
cve
cve

CVE-2014-3619

The __socket_proto_state_machine function in GlusterFS 3.5 allows remote attackers to cause a denial of service (infinite loop) via a "00000000" fragment...

8.1AI Score

0.018EPSS

2015-03-27 02:59 PM
33
cve
cve

CVE-2015-2317

The utils.http.is_safe_url function in Django before 1.4.20, 1.5.x, 1.6.x before 1.6.11, 1.7.x before 1.7.7, and 1.8.x before 1.8c1 does not properly validate URLs, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a control character in a URL, as demonstrated by a...

5.5AI Score

0.003EPSS

2015-03-25 02:59 PM
54
cve
cve

CVE-2015-2316

The utils.html.strip_tags function in Django 1.6.x before 1.6.11, 1.7.x before 1.7.7, and 1.8.x before 1.8c1, when using certain versions of Python, allows remote attackers to cause a denial of service (infinite loop) by increasing the length of the input...

6.4AI Score

0.011EPSS

2015-03-25 02:59 PM
45
cve
cve

CVE-2015-0295

The BMP decoder in QtGui in QT before 5.5 does not properly calculate the masks used to extract the color components, which allows remote attackers to cause a denial of service (divide-by-zero and crash) via a crafted BMP...

7.9AI Score

0.044EPSS

2015-03-25 02:59 PM
45
cve
cve

CVE-2015-2155

The force printer in tcpdump before 4.7.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified...

9.5AI Score

0.027EPSS

2015-03-24 05:59 PM
60
cve
cve

CVE-2014-8169

automount 5.0.8, when a program map uses certain interpreted languages, uses the calling user's USER and HOME environment variable values instead of the values for the user used to run the mapped program, which allows local users to gain privileges via a Trojan horse program in the user home...

6.3AI Score

0.0004EPSS

2015-03-18 04:59 PM
59
cve
cve

CVE-2015-0778

osc before 0.151.0 allows remote attackers to execute arbitrary commands via shell metacharacters in a _service...

7.4AI Score

0.016EPSS

2015-03-16 02:59 PM
27
cve
cve

CVE-2015-2304

Absolute path traversal vulnerability in bsdcpio in libarchive 3.1.2 and earlier allows remote attackers to write to arbitrary files via a full pathname in an...

7.4AI Score

0.011EPSS

2015-03-15 07:59 PM
45
cve
cve

CVE-2015-2192

Integer overflow in the dissect_osd2_cdb_continuation function in epan/dissectors/packet-scsi-osd.c in the SCSI OSD dissector in Wireshark 1.12.x before 1.12.4 allows remote attackers to cause a denial of service (infinite loop) via a crafted length field in a...

5.3AI Score

0.003EPSS

2015-03-08 02:59 AM
27
cve
cve

CVE-2015-2191

Integer overflow in the dissect_tnef function in epan/dissectors/packet-tnef.c in the TNEF dissector in Wireshark 1.10.x before 1.10.13 and 1.12.x before 1.12.4 allows remote attackers to cause a denial of service (infinite loop) via a crafted length field in a...

5.2AI Score

0.001EPSS

2015-03-08 02:59 AM
45
cve
cve

CVE-2015-2190

epan/proto.c in Wireshark 1.12.x before 1.12.4 does not properly handle integer data types greater than 32 bits in size, which allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted packet that is improperly handled by the LLDP...

5.2AI Score

0.002EPSS

2015-03-08 02:59 AM
32
cve
cve

CVE-2015-2189

Off-by-one error in the pcapng_read function in wiretap/pcapng.c in the pcapng file parser in Wireshark 1.10.x before 1.10.13 and 1.12.x before 1.12.4 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via an invalid Interface Statistics Block (ISB)...

5.1AI Score

0.002EPSS

2015-03-08 02:59 AM
51
cve
cve

CVE-2015-2188

epan/dissectors/packet-wcp.c in the WCP dissector in Wireshark 1.10.x before 1.10.13 and 1.12.x before 1.12.4 does not properly initialize a data structure, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet that is improperly....

5.1AI Score

0.002EPSS

2015-03-08 02:59 AM
44
cve
cve

CVE-2015-2187

The dissect_atn_cpdlc_heur function in asn1/atn-cpdlc/packet-atn-cpdlc-template.c in the ATN-CPDLC dissector in Wireshark 1.12.x before 1.12.4 does not properly follow the TRY/ENDTRY code requirements, which allows remote attackers to cause a denial of service (stack memory corruption and...

5.5AI Score

0.003EPSS

2015-03-08 02:59 AM
31
Total number of security vulnerabilities1478