Lucene search

K

OpenSUSE Security Vulnerabilities

cve
cve

CVE-2016-4138

Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in...

9.8CVSS

9.1AI Score

0.95EPSS

2016-06-16 02:59 PM
58
cve
cve

CVE-2016-4137

Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in...

8.8CVSS

8.9AI Score

0.948EPSS

2016-06-16 02:59 PM
51
cve
cve

CVE-2016-4136

Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in...

8.8CVSS

8.9AI Score

0.948EPSS

2016-06-16 02:59 PM
51
cve
cve

CVE-2016-4135

Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in...

8.8CVSS

8.9AI Score

0.945EPSS

2016-06-16 02:59 PM
53
cve
cve

CVE-2016-4134

Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in...

8.8CVSS

8.9AI Score

0.013EPSS

2016-06-16 02:59 PM
49
cve
cve

CVE-2016-4133

Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in...

8.8CVSS

8.9AI Score

0.013EPSS

2016-06-16 02:59 PM
42
cve
cve

CVE-2016-4132

Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in...

8.8CVSS

8.9AI Score

0.013EPSS

2016-06-16 02:59 PM
46
cve
cve

CVE-2016-4131

Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in...

8.8CVSS

8.9AI Score

0.013EPSS

2016-06-16 02:59 PM
41
cve
cve

CVE-2016-4130

Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in...

8.8CVSS

8.9AI Score

0.01EPSS

2016-06-16 02:59 PM
44
cve
cve

CVE-2016-4129

Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in...

8.8CVSS

8.9AI Score

0.01EPSS

2016-06-16 02:59 PM
46
cve
cve

CVE-2016-4128

Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in...

8.8CVSS

8.9AI Score

0.01EPSS

2016-06-16 02:59 PM
44
cve
cve

CVE-2016-4127

Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in...

8.8CVSS

8.9AI Score

0.01EPSS

2016-06-16 02:59 PM
43
cve
cve

CVE-2016-4125

Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in...

8.8CVSS

8.9AI Score

0.01EPSS

2016-06-16 02:59 PM
50
cve
cve

CVE-2016-4124

Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in...

8.8CVSS

8.9AI Score

0.01EPSS

2016-06-16 02:59 PM
43
cve
cve

CVE-2016-4123

Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in...

8.8CVSS

8.9AI Score

0.01EPSS

2016-06-16 02:59 PM
47
cve
cve

CVE-2016-4122

Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in...

8.8CVSS

8.9AI Score

0.01EPSS

2016-06-16 02:59 PM
41
cve
cve

CVE-2016-4478

Buffer overflow in the xmlrpc_char_encode function in modules/transport/xmlrpc/xmlrpclib.c in Atheme before 7.2.7 allows remote attackers to cause a denial of service via vectors related to XMLRPC response...

7.5CVSS

7.3AI Score

0.012EPSS

2016-06-13 07:59 PM
33
cve
cve

CVE-2016-4574

Off-by-one error in the append_utf8_value function in the DN decoder (dn.c) in Libksba before 1.3.4 allows remote attackers to cause a denial of service (out-of-bounds read) via invalid utf-8 encoded data. NOTE: this vulnerability exists because of an incomplete fix for...

7.5CVSS

7.3AI Score

0.023EPSS

2016-06-13 07:59 PM
24
cve
cve

CVE-2016-4414

The onReadyRead function in core/coreauthhandler.cpp in Quassel before 0.12.4 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via invalid handshake...

7.5CVSS

7.1AI Score

0.027EPSS

2016-06-13 07:59 PM
30
cve
cve

CVE-2015-8869

OCaml before 4.03.0 does not properly handle sign extensions, which allows remote attackers to conduct buffer overflow attacks or obtain sensitive information as demonstrated by a long string to the String.copy...

9.1CVSS

9.1AI Score

0.022EPSS

2016-06-13 07:59 PM
46
cve
cve

CVE-2014-9773

modules/chanserv/flags.c in Atheme before 7.2.7 allows remote attackers to modify the Anope FLAGS behavior by registering and dropping the (1) LIST, (2) CLEAR, or (3) MODIFY keyword...

7.5CVSS

7.4AI Score

0.004EPSS

2016-06-13 07:59 PM
17
cve
cve

CVE-2016-5104

The socket_create function in common/socket.c in libimobiledevice and libusbmuxd allows remote attackers to bypass intended access restrictions and communicate with services on iOS devices by connecting to an IPv4 TCP...

5.3CVSS

5.3AI Score

0.005EPSS

2016-06-13 02:59 PM
67
cve
cve

CVE-2016-2834

Mozilla Network Security Services (NSS) before 3.23, as used in Mozilla Firefox before 47.0, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown...

8.8CVSS

8.5AI Score

0.017EPSS

2016-06-13 10:59 AM
146
cve
cve

CVE-2016-2833

Mozilla Firefox before 47.0 ignores Content Security Policy (CSP) directives for cross-domain Java applets, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted...

6.1CVSS

6.3AI Score

0.003EPSS

2016-06-13 10:59 AM
55
cve
cve

CVE-2016-2832

Mozilla Firefox before 47.0 allows remote attackers to discover the list of disabled plugins via a fingerprinting attack involving Cascading Style Sheets (CSS)...

4.3CVSS

5.8AI Score

0.004EPSS

2016-06-13 10:59 AM
51
cve
cve

CVE-2016-2831

Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 do not ensure that the user approves the fullscreen and pointerlock settings, which allows remote attackers to cause a denial of service (UI outage), or conduct clickjacking or spoofing attacks, via a crafted web...

8.8CVSS

8AI Score

0.014EPSS

2016-06-13 10:59 AM
60
cve
cve

CVE-2016-2829

Mozilla Firefox before 47.0 allows remote attackers to spoof permission notifications via a crafted web site that rapidly triggers permission requests, as demonstrated by the microphone permission or the geolocation...

6.5CVSS

6.8AI Score

0.004EPSS

2016-06-13 10:59 AM
46
cve
cve

CVE-2016-2828

Use-after-free vulnerability in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allows remote attackers to execute arbitrary code via WebGL content that triggers texture access after destruction of the texture's recycle...

8.8CVSS

8.8AI Score

0.033EPSS

2016-06-13 10:59 AM
57
cve
cve

CVE-2016-2825

Mozilla Firefox before 47.0 allows remote attackers to bypass the Same Origin Policy and modify the location.host property via an invalid data:...

6.5CVSS

7.1AI Score

0.005EPSS

2016-06-13 10:59 AM
42
cve
cve

CVE-2016-2824

The TSymbolTableLevel class in ANGLE, as used in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 on Windows, allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact by triggering use of a WebGL shader...

8.8CVSS

8.9AI Score

0.013EPSS

2016-06-13 10:59 AM
43
cve
cve

CVE-2016-2822

Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allow remote attackers to spoof the address bar via a SELECT element with a persistent...

6.5CVSS

7AI Score

0.009EPSS

2016-06-13 10:59 AM
61
cve
cve

CVE-2016-2821

Use-after-free vulnerability in the mozilla::dom::Element class in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2, when contenteditable mode is enabled, allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) by triggering deletion of...

7.5CVSS

8.4AI Score

0.023EPSS

2016-06-13 10:59 AM
67
cve
cve

CVE-2016-2819

Heap-based buffer overflow in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allows remote attackers to execute arbitrary code via foreign-context HTML5 fragments, as demonstrated by fragments within an SVG...

8.8CVSS

9AI Score

0.613EPSS

2016-06-13 10:59 AM
75
cve
cve

CVE-2016-2818

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown...

8.8CVSS

9.3AI Score

0.008EPSS

2016-06-13 10:59 AM
73
cve
cve

CVE-2016-2815

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 47.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown...

8.8CVSS

9.2AI Score

0.011EPSS

2016-06-13 10:59 AM
56
cve
cve

CVE-2016-5118

The OpenBlob function in blob.c in GraphicsMagick before 1.3.24 and ImageMagick allows remote attackers to execute arbitrary code via a | (pipe) character at the start of a...

9.8CVSS

9.5AI Score

0.652EPSS

2016-06-10 03:59 PM
116
cve
cve

CVE-2016-4429

Stack-based buffer overflow in the clntudp_call function in sunrpc/clnt_udp.c in the GNU C Library (aka glibc or libc6) allows remote servers to cause a denial of service (crash) or possibly unspecified other impact via a flood of crafted ICMP and UDP...

5.9CVSS

6.8AI Score

0.005EPSS

2016-06-10 03:59 PM
149
2
cve
cve

CVE-2016-3706

Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in the GNU C Library (aka glibc or libc6) allows remote attackers to cause a denial of service (crash) via vectors involving hostent conversion. NOTE: this vulnerability exists because of an incomplete fix for...

7.5CVSS

7.5AI Score

0.032EPSS

2016-06-10 03:59 PM
59
2
cve
cve

CVE-2016-2150

SPICE allows local guest OS users to read from or write to arbitrary host memory locations via crafted primary surface parameters, a similar issue to...

7.1CVSS

6.8AI Score

0.001EPSS

2016-06-09 04:59 PM
54
cve
cve

CVE-2016-0749

The smartcard interaction in SPICE allows remote attackers to cause a denial of service (QEMU-KVM process crash) or possibly execute arbitrary code via vectors related to connecting to a guest VM, which triggers a heap-based buffer...

9.8CVSS

9.6AI Score

0.037EPSS

2016-06-09 04:59 PM
73
cve
cve

CVE-2016-2335

The CInArchive::ReadFileItem method in Archive/Udf/UdfIn.cpp in 7zip 9.20 and 15.05 beta and p7zip allows remote attackers to cause a denial of service (out-of-bounds read) or execute arbitrary code via the PartitionRef field in the Long Allocation Descriptor in a UDF...

8.8CVSS

8.3AI Score

0.013EPSS

2016-06-07 02:06 PM
61
cve
cve

CVE-2015-5231

The service daemon in CRIU does not properly restrict access to non-dumpable processes, which allows local users to obtain sensitive information via (1) process dumps or (2) ptrace...

5.5CVSS

5.3AI Score

0.0004EPSS

2016-06-07 02:06 PM
17
cve
cve

CVE-2015-5228

The service daemon in CRIU creates log and dump files insecurely, which allows local users to create arbitrary files and take ownership of existing files via unspecified vectors related to a directory...

7.8CVSS

7.3AI Score

0.0004EPSS

2016-06-07 02:06 PM
20
cve
cve

CVE-2016-1703

Multiple unspecified vulnerabilities in Google Chrome before 51.0.2704.79 allow attackers to cause a denial of service or possibly have other impact via unknown...

8.8CVSS

8.7AI Score

0.007EPSS

2016-06-05 11:59 PM
44
cve
cve

CVE-2016-1702

The SkRegion::readFromMemory function in core/SkRegion.cpp in Skia, as used in Google Chrome before 51.0.2704.79, does not validate the interval count, which allows remote attackers to cause a denial of service (out-of-bounds read) via crafted serialized...

6.5CVSS

6.7AI Score

0.023EPSS

2016-06-05 11:59 PM
38
cve
cve

CVE-2016-1701

The Autofill implementation in Google Chrome before 51.0.2704.79 mishandles the interaction between field updates and JavaScript code that triggers a frame deletion, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted.....

8.8CVSS

8.1AI Score

0.01EPSS

2016-06-05 11:59 PM
45
cve
cve

CVE-2016-1700

extensions/renderer/runtime_custom_bindings.cc in Google Chrome before 51.0.2704.79 does not consider side effects during creation of an array of extension views, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via vectors...

7.5CVSS

8.1AI Score

0.024EPSS

2016-06-05 11:59 PM
43
cve
cve

CVE-2016-1699

WebKit/Source/devtools/front_end/devtools.js in the Developer Tools (aka DevTools) subsystem in Blink, as used in Google Chrome before 51.0.2704.79, does not ensure that the remoteFrontendUrl parameter is associated with a chrome-devtools-frontend.appspot.com URL, which allows remote attackers to.....

6.5CVSS

6.7AI Score

0.014EPSS

2016-06-05 11:59 PM
43
cve
cve

CVE-2016-1698

The createCustomType function in extensions/renderer/resources/binding.js in the extension bindings in Google Chrome before 51.0.2704.79 does not validate module types, which might allow attackers to load arbitrary modules or obtain sensitive information by leveraging a poisoned...

6.5CVSS

6.8AI Score

0.004EPSS

2016-06-05 11:59 PM
45
cve
cve

CVE-2016-1697

The FrameLoader::startLoad function in WebKit/Source/core/loader/FrameLoader.cpp in Blink, as used in Google Chrome before 51.0.2704.79, does not prevent frame navigations during DocumentLoader detach operations, which allows remote attackers to bypass the Same Origin Policy via crafted JavaScript....

8.8CVSS

8.2AI Score

0.01EPSS

2016-06-05 11:59 PM
84
Total number of security vulnerabilities1478