Lucene search

K

OpenSUSE Security Vulnerabilities

cve
cve

CVE-2016-1645

Multiple integer signedness errors in the opj_j2k_update_image_data function in j2k.c in OpenJPEG, as used in PDFium in Google Chrome before 49.0.2623.87, allow remote attackers to cause a denial of service (incorrect cast and out-of-bounds write) or possibly have unspecified other impact via...

8.8CVSS

8.8AI Score

0.034EPSS

2016-03-13 10:59 PM
50
cve
cve

CVE-2016-2802

The graphite2::TtfUtil::CmapSubtable4NextCodepoint function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite.....

8.8CVSS

7.3AI Score

0.054EPSS

2016-03-13 06:59 PM
61
cve
cve

CVE-2016-2801

The graphite2::TtfUtil::CmapSubtable12Lookup function in TtfUtil.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted.....

8.8CVSS

7.3AI Score

0.06EPSS

2016-03-13 06:59 PM
63
cve
cve

CVE-2016-2800

The graphite2::Slot::getAttr function in Slot.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart...

8.8CVSS

7.3AI Score

0.054EPSS

2016-03-13 06:59 PM
69
cve
cve

CVE-2016-2799

Heap-based buffer overflow in the graphite2::Slot::setAttr function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted Graphite smart...

8.8CVSS

7.6AI Score

0.051EPSS

2016-03-13 06:59 PM
67
cve
cve

CVE-2016-2798

The graphite2::GlyphCache::Loader::Loader function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart...

8.8CVSS

7.3AI Score

0.054EPSS

2016-03-13 06:59 PM
68
cve
cve

CVE-2016-2797

The graphite2::TtfUtil::CmapSubtable12Lookup function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart.....

8.8CVSS

7.3AI Score

0.06EPSS

2016-03-13 06:59 PM
71
cve
cve

CVE-2016-2796

Heap-based buffer overflow in the graphite2::vm::Machine::Code::Code function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted Graphite...

8.8CVSS

7.6AI Score

0.051EPSS

2016-03-13 06:59 PM
70
cve
cve

CVE-2016-2795

The graphite2::FileFace::get_table_fn function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, does not initialize memory for an unspecified data structure, which allows remote attackers to cause a denial of service or possibly have unknown...

8.8CVSS

7.1AI Score

0.069EPSS

2016-03-13 06:59 PM
67
cve
cve

CVE-2016-2794

The graphite2::TtfUtil::CmapSubtable12NextCodepoint function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite....

8.8CVSS

7.3AI Score

0.054EPSS

2016-03-13 06:59 PM
67
cve
cve

CVE-2016-2793

CachedCmap.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart...

8.8CVSS

7.3AI Score

0.054EPSS

2016-03-13 06:59 PM
68
cve
cve

CVE-2016-2792

The graphite2::Slot::getAttr function in Slot.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart...

8.8CVSS

7.3AI Score

0.054EPSS

2016-03-13 06:59 PM
62
cve
cve

CVE-2016-2791

The graphite2::GlyphCache::glyph function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart...

8.8CVSS

7.3AI Score

0.054EPSS

2016-03-13 06:59 PM
63
cve
cve

CVE-2016-2790

The graphite2::TtfUtil::GetTableInfo function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, does not initialize memory for an unspecified data structure, which allows remote attackers to cause a denial of service or possibly have unknown other....

8.8CVSS

7.1AI Score

0.069EPSS

2016-03-13 06:59 PM
67
cve
cve

CVE-2016-1977

The Machine::Code::decoder::analysis::set_ref function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to execute arbitrary code or cause a denial of service (stack memory corruption) via a crafted Graphite smart...

8.8CVSS

7.5AI Score

0.02EPSS

2016-03-13 06:59 PM
67
cve
cve

CVE-2016-1974

The nsScannerString::AppendUnicodeTo function in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 does not verify that memory allocation succeeds, which allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via crafted Unicode data in an...

8.8CVSS

7.6AI Score

0.014EPSS

2016-03-13 06:59 PM
59
cve
cve

CVE-2016-1966

The nsNPObjWrapper::GetNewOrUsed function in dom/plugins/base/nsJSNPRuntime.cpp in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code or cause a denial of service (invalid pointer dereference and memory corruption) via a crafted NPAPI...

8.8CVSS

7.4AI Score

0.01EPSS

2016-03-13 06:59 PM
57
cve
cve

CVE-2016-1965

Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 mishandle a navigation sequence that returns to the original page, which allows remote attackers to spoof the address bar via vectors involving the history.back method and the location.protocol...

4.3CVSS

6.6AI Score

0.004EPSS

2016-03-13 06:59 PM
58
cve
cve

CVE-2016-1964

Use-after-free vulnerability in the AtomicBaseIncDec function in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) by leveraging mishandling of XML...

8.8CVSS

7.6AI Score

0.018EPSS

2016-03-13 06:59 PM
57
cve
cve

CVE-2016-1962

Use-after-free vulnerability in the mozilla::DataChannelConnection::Close function in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code by leveraging mishandling of WebRTC data-channel...

9.8CVSS

7.8AI Score

0.01EPSS

2016-03-13 06:59 PM
64
cve
cve

CVE-2016-1961

Use-after-free vulnerability in the nsHTMLDocument::SetBody function in dom/html/nsHTMLDocument.cpp in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code by leveraging mishandling of a root element, aka...

8.8CVSS

7.5AI Score

0.028EPSS

2016-03-13 06:59 PM
62
cve
cve

CVE-2016-1960

Integer underflow in the nsHtml5TreeBuilder class in the HTML5 string parser in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) by leveraging mishandling of end tags, as demonstrated by...

8.8CVSS

7.6AI Score

0.963EPSS

2016-03-13 06:59 PM
90
cve
cve

CVE-2016-1958

browser/base/content/browser.js in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to spoof the address bar via a javascript:...

4.3CVSS

6.6AI Score

0.003EPSS

2016-03-13 06:59 PM
55
cve
cve

CVE-2016-1957

Memory leak in libstagefright in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to cause a denial of service (memory consumption) via an MPEG-4 file that triggers a delete operation on an...

4.3CVSS

6.5AI Score

0.01EPSS

2016-03-13 06:59 PM
65
cve
cve

CVE-2016-1956

Mozilla Firefox before 45.0 on Linux, when an Intel video driver is used, allows remote attackers to cause a denial of service (memory consumption or stack memory corruption) by triggering use of a WebGL...

6.5CVSS

6.9AI Score

0.013EPSS

2016-03-13 06:59 PM
46
cve
cve

CVE-2016-1955

Mozilla Firefox before 45.0 allows remote attackers to bypass the Same Origin Policy and obtain sensitive information by reading a Content Security Policy (CSP) violation report that contains path information associated with an IFRAME...

4.3CVSS

6.3AI Score

0.003EPSS

2016-03-13 06:59 PM
61
cve
cve

CVE-2016-1954

The nsCSPContext::SendReports function in dom/security/nsCSPContext.cpp in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 does not prevent use of a non-HTTP report-uri for a Content Security Policy (CSP) violation report, which allows remote attackers to cause a denial of service...

8.8CVSS

7AI Score

0.019EPSS

2016-03-13 06:59 PM
68
cve
cve

CVE-2016-1953

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 45.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to js/src/jit/arm/Assembler-arm.cpp, and unknown other...

8.8CVSS

9.6AI Score

0.018EPSS

2016-03-13 06:59 PM
45
cve
cve

CVE-2016-1952

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown...

8.8CVSS

8.2AI Score

0.011EPSS

2016-03-13 06:59 PM
58
cve
cve

CVE-2016-1950

Heap-based buffer overflow in Mozilla Network Security Services (NSS) before 3.19.2.3 and 3.20.x and 3.21.x before 3.21.1, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to execute arbitrary code via crafted ASN.1 data in an X.509...

8.8CVSS

7.9AI Score

0.01EPSS

2016-03-13 06:59 PM
172
9
cve
cve

CVE-2016-1286

named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted signature record for a DNAME record, related to db.c and...

8.6CVSS

8.2AI Score

0.733EPSS

2016-03-09 11:59 PM
386
cve
cve

CVE-2016-1285

named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 does not properly handle DNAME records when parsing fetch reply messages, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a malformed packet to the rndc (aka control channel)...

6.8CVSS

7.2AI Score

0.176EPSS

2016-03-09 11:59 PM
362
cve
cve

CVE-2015-8805

The ecc_256_modq function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors, a different vulnerability than...

9.8CVSS

8.6AI Score

0.009EPSS

2016-02-23 07:59 PM
37
cve
cve

CVE-2015-8804

x86_64/ecc-384-modp.asm in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-384 NIST elliptic curve, which allows attackers to have unspecified impact via unknown...

9.8CVSS

8.5AI Score

0.005EPSS

2016-02-23 07:59 PM
35
cve
cve

CVE-2015-8803

The ecc_256_modp function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors, a different vulnerability than...

9.8CVSS

8.6AI Score

0.009EPSS

2016-02-23 07:59 PM
35
cve
cve

CVE-2016-1629

Google Chrome before 48.0.2564.116 allows remote attackers to bypass the Blink Same Origin Policy and a sandbox protection mechanism via unspecified...

9.8CVSS

8.8AI Score

0.01EPSS

2016-02-21 06:59 PM
49
cve
cve

CVE-2016-2043

Cross-site scripting (XSS) vulnerability in the goToFinish1NF function in js/normalization.js in phpMyAdmin 4.4.x before 4.4.15.3 and 4.5.x before 4.5.4 allows remote authenticated users to inject arbitrary web script or HTML via a table name to the normalization...

5.4CVSS

5.1AI Score

0.001EPSS

2016-02-20 01:59 AM
25
cve
cve

CVE-2016-2042

phpMyAdmin 4.4.x before 4.4.15.3 and 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted request to (1) libraries/phpseclib/Crypt/AES.php or (2) libraries/phpseclib/Crypt/Rijndael.php, which reveals the full path in an error...

5.3CVSS

5.1AI Score

0.005EPSS

2016-02-20 01:59 AM
25
cve
cve

CVE-2016-2041

libraries/common.inc.php in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 does not use a constant-time algorithm for comparing CSRF tokens, which makes it easier for remote attackers to bypass intended access restrictions by measuring time...

7.5CVSS

7.3AI Score

0.004EPSS

2016-02-20 01:59 AM
52
cve
cve

CVE-2016-2040

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 allow remote authenticated users to inject arbitrary web script or HTML via a (1) table name, (2) SET value, (3) search query, or (4) hostname in a Location...

5.4CVSS

5.7AI Score

0.001EPSS

2016-02-20 01:59 AM
43
cve
cve

CVE-2016-2039

libraries/session.inc.php in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 does not properly generate CSRF token values, which allows remote attackers to bypass intended access restrictions by predicting a...

5.3CVSS

6AI Score

0.004EPSS

2016-02-20 01:59 AM
43
cve
cve

CVE-2016-2038

phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted request, which reveals the full path in an error...

5.3CVSS

5.7AI Score

0.006EPSS

2016-02-20 01:59 AM
37
cve
cve

CVE-2015-7547

Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers.....

8.1CVSS

8.4AI Score

0.974EPSS

2016-02-18 09:59 PM
200
5
cve
cve

CVE-2016-1627

The Developer Tools (aka DevTools) subsystem in Google Chrome before 48.0.2564.109 does not validate URL schemes and ensure that the remoteBase parameter is associated with a chrome-devtools-frontend.appspot.com URL, which allows remote attackers to bypass intended access restrictions via a...

8.8CVSS

8.1AI Score

0.009EPSS

2016-02-14 02:59 AM
52
cve
cve

CVE-2016-1626

The opj_pi_update_decode_poc function in pi.c in OpenJPEG, as used in PDFium in Google Chrome before 48.0.2564.109, miscalculates a certain layer index value, which allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PDF...

4.3CVSS

5.3AI Score

0.021EPSS

2016-02-14 02:59 AM
49
cve
cve

CVE-2016-1625

The Chrome Instant feature in Google Chrome before 48.0.2564.109 does not ensure that a New Tab Page (NTP) navigation target is on the most-visited or suggestions list, which allows remote attackers to bypass intended restrictions via unspecified vectors, related to instant_service.cc and...

4.3CVSS

5.6AI Score

0.006EPSS

2016-02-14 02:59 AM
45
cve
cve

CVE-2016-1624

Integer underflow in the ProcessCommandsInternal function in dec/decode.c in Brotli, as used in Google Chrome before 48.0.2564.109, allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via crafted data with brotli...

8.8CVSS

8.7AI Score

0.023EPSS

2016-02-14 02:59 AM
48
cve
cve

CVE-2016-1623

The DOM implementation in Google Chrome before 48.0.2564.109 does not properly restrict frame-attach operations from occurring during or after frame-detach operations, which allows remote attackers to bypass the Same Origin Policy via a crafted web site, related to FrameLoader.cpp,...

8.8CVSS

8AI Score

0.007EPSS

2016-02-14 02:59 AM
48
cve
cve

CVE-2016-1622

The Extensions subsystem in Google Chrome before 48.0.2564.109 does not prevent use of the Object.defineProperty method to override intended extension behavior, which allows remote attackers to bypass the Same Origin Policy via crafted JavaScript...

8.8CVSS

8.2AI Score

0.013EPSS

2016-02-14 02:59 AM
48
cve
cve

CVE-2015-8631

Multiple memory leaks in kadmin/server/server_stubs.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 allow remote authenticated users to cause a denial of service (memory consumption) via a request specifying a NULL principal...

6.5CVSS

6.1AI Score

0.064EPSS

2016-02-13 02:59 AM
85
Total number of security vulnerabilities1478