Lucene search
K

9102 matches found

SUSE CVE
SUSE CVE
added 2023/02/15 5:59 a.m.2 views

SUSE CVE-2010-2055

Ghostscript 8.71 and earlier reads initialization files from the current working directory, which allows local users to execute arbitrary PostScript commands via a Trojan horse file, related to improper support for the -P- option to the gs program, as demonstrated using gsinit.ps, a different...

7.2CVSS7.2AI score0.00505EPSS
Exploits1References5
SUSE CVE
SUSE CVE
added 2023/02/15 5:57 a.m.3 views

SUSE CVE-2010-3075

EncFS before 1.7.0 encrypts multiple blocks by means of the CFB cipher mode with the same initialization vector, which makes it easier for local users to obtain sensitive information via calculations involving recovery of XORed data, as demonstrated by an attack on encrypted data in which the las...

5CVSS5.8AI score0.02063EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 5:57 a.m.4 views

SUSE CVE-2010-3073

SSLCipher.cpp in EncFS before 1.7.0 does not properly handle integer data sizes when constructing headers intended for randomization of initialization vectors, which makes it easier for local users to obtain sensitive information by defeating cryptographic protection mechanisms...

2.1CVSS6.1AI score0.00713EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 5:56 a.m.3 views

SUSE CVE-2010-4075

The uartgetcount function in drivers/serial/serialcore.c in the Linux kernel before 2.6.37-rc1 does not properly initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via a TIOCGICOUNT ioctl call...

1.9CVSS6AI score0.00387EPSS
Exploits1References7
SUSE CVE
SUSE CVE
added 2023/02/15 5:50 a.m.4 views

SUSE CVE-2011-3927

Skia, as used in Google Chrome before 16.0.912.77, does not perform all required initialization of values, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors...

7.5CVSS9.6AI score0.01423EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 5:49 a.m.3 views

SUSE CVE-2011-4576

The SSL 3.0 implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly initialize data structures for block cipher padding, which might allow remote attackers to obtain sensitive information by decrypting the padding data sent by an SSL peer...

5CVSS8.5AI score0.14523EPSS
Exploits0References17
SUSE CVE
SUSE CVE
added 2023/02/15 5:41 a.m.2 views

SUSE CVE-2013-0868

libavcodec/huffyuvdec.c in FFmpeg before 1.1.2 allows remote attackers to have an unspecified impact via crafted Huffyuv data, related to an out-of-bounds write and 1 unchecked return codes from the initvlc function and 2 "len==0 cases."...

9.3CVSS7.4AI score0.0393EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 5:40 a.m.2 views

SUSE CVE-2013-1728

The IonMonkey JavaScript engine in Mozilla Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before 2.21, when Valgrind mode is used, does not properly initialize memory, which makes it easier for remote attackers to obtain sensitive information via unspecified vectors...

4.3CVSS8.5AI score0.01789EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2023/02/15 5:39 a.m.4 views

SUSE CVE-2013-2148

The filleventmetadata function in fs/notify/fanotify/fanotifyuser.c in the Linux kernel through 3.9.4 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel memory via a read operation on the fanotify descriptor...

2.1CVSS5.9AI score0.00359EPSS
Exploits0References7
SUSE CVE
SUSE CVE
added 2023/02/15 5:35 a.m.2 views

SUSE CVE-2013-4788

The PTRMANGLE implementation in the GNU C Library aka glibc or libc6 2.4, 2.17, and earlier, and Embedded GLIBC EGLIBC does not initialize the random value for the pointer guard, which makes it easier for context-dependent attackers to control execution flow by leveraging a buffer-overflow...

5.1CVSS7.8AI score0.11428EPSS
Exploits2References9
SUSE CVE
SUSE CVE
added 2023/02/15 5:35 a.m.2 views

SUSE CVE-2013-5634

arch/arm/kvm/arm.c in the Linux kernel before 3.10 on the ARM platform, when KVM is used, allows host OS users to cause a denial of service NULL pointer dereference, OOPS, and host OS crash or possibly have unspecified other impact by omitting vCPU initialization before a KVMGETREGLIST ioctl call...

4.3CVSS9.3AI score0.00759EPSS
Exploits2References5
SUSE CVE
SUSE CVE
added 2023/02/15 5:34 a.m.3 views

SUSE CVE-2013-6394

Percona XtraBackup before 2.1.6 uses a constant string for the initialization vector IV, which makes it easier for local users to defeat cryptographic protection mechanisms and conduct plaintext attacks...

2.1CVSS6.5AI score0.0038EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2023/02/15 5:33 a.m.2 views

SUSE CVE-2013-6631

Use-after-free vulnerability in the Channel::SendRTCPPacket function in voiceengine/channel.cc in libjingle in WebRTC, as used in Google Chrome before 31.0.1650.48 and other products, allows remote attackers to cause a denial of service heap memory corruption or possibly have unspecified other...

7.5CVSS9.6AI score0.01612EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2023/02/15 5:33 a.m.3 views

SUSE CVE-2013-6638

Multiple buffer overflows in runtime.cc in Google V8 before 3.22.24.7, as used in Google Chrome before 31.0.1650.63, allow remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger a large typed array, related to the 1...

7.5CVSS9.7AI score0.01949EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 5:26 a.m.1 views

SUSE CVE-2014-7942

The Fonts implementation in Google Chrome before 40.0.2214.91 does not initialize memory for a data structure, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors...

7.5CVSS9.4AI score0.01593EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 5:23 a.m.5 views

SUSE CVE-2015-0253

The readrequestline function in server/protocol.c in the Apache HTTP Server 2.4.12 does not initialize the protocol structure member, which allows remote attackers to cause a denial of service NULL pointer dereference and process crash by sending a request that lacks a method to an installation...

5CVSS8.6AI score0.14734EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2023/02/15 5:20 a.m.4 views

SUSE CVE-2015-2706

Race condition in the AsyncPaintWaitEvent::AsyncPaintWaitEvent function in Mozilla Firefox before 37.0.2 allows remote attackers to execute arbitrary code or cause a denial of service use-after-free via a crafted plugin that does not properly complete initialization...

6.8CVSS8.8AI score0.02586EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 5:20 a.m.4 views

SUSE CVE-2015-2808

The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic...

5CVSS8.8AI score0.74006EPSS
Exploits0References26
SUSE CVE
SUSE CVE
added 2023/02/15 5:16 a.m.2 views

SUSE CVE-2015-5229

The calloc function in the glibc package in Red Hat Enterprise Linux RHEL 6.7 and 7.2 does not properly initialize memory areas, which might allow context-dependent attackers to cause a denial of service hang or crash via unspecified vectors...

7.5CVSS6.8AI score0.02195EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 5:16 a.m.2 views

SUSE CVE-2015-5283

The sctpinit function in net/sctp/protocol.c in the Linux kernel before 4.2.3 has an incorrect sequence of protocol-initialization steps, which allows local users to cause a denial of service panic or memory corruption by creating SCTP sockets before all of the steps have finished...

4.7CVSS6.3AI score0.00549EPSS
Exploits1References7
Rows per page
Query Builder