Lucene search
K

9102 matches found

SUSE CVE
SUSE CVE
added 2023/02/15 5:13 a.m.3 views

SUSE CVE-2015-7799

The slhcinit function in drivers/net/slip/slhc.c in the Linux kernel through 4.2.3 does not ensure that certain slot numbers are valid, which allows local users to cause a denial of service NULL pointer dereference and system crash via a crafted PPPIOCSMAXCID ioctl call...

4.9CVSS6.1AI score0.00646EPSS
Exploits1References17
SUSE CVE
SUSE CVE
added 2023/02/15 5:12 a.m.3 views

SUSE CVE-2015-8367

The phaseonecorrect function in Libraw before 0.17.1 allows attackers to cause memory errors and possibly execute arbitrary code, related to memory object initialization...

9.8CVSS7.5AI score0.05454EPSS
Exploits0References7
SUSE CVE
SUSE CVE
added 2023/02/15 5:8 a.m.4 views

SUSE CVE-2016-1614

The UnacceleratedImageBufferSurface class in WebKit/Source/platform/graphics/UnacceleratedImageBufferSurface.cpp in Blink, as used in Google Chrome before 48.0.2564.82, mishandles the initialization mode, which allows remote attackers to obtain sensitive information from process memory via a...

4.3CVSS8.6AI score0.0104EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2023/02/15 5:7 a.m.3 views

SUSE CVE-2016-1686

The CPDFDIBSource::CreateDecoder function in core/fpdfapi/fpdfrender/fpdfrenderloadimage.cpp in PDFium, as used in Google Chrome before 51.0.2704.63, mishandles decoder-initialization failure, which allows remote attackers to cause a denial of service out-of-bounds read via a crafted PDF document...

6.5CVSS8.6AI score0.0128EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2023/02/15 5:6 a.m.2 views

SUSE CVE-2016-2175

Apache PDFBox before 1.8.12 and 2.x before 2.0.1 does not properly initialize the XML parsers, which allows context-dependent attackers to conduct XML External Entity XXE attacks via a crafted PDF...

7.8CVSS7AI score0.04797EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 5:5 a.m.4 views

SUSE CVE-2016-2795

The graphite2::FileFace::gettablefn function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, does not initialize memory for an unspecified data structure, which allows remote attackers to cause a denial of service or possibly have unknown other...

8.8CVSS7.2AI score0.02278EPSS
Exploits0References13
SUSE CVE
SUSE CVE
added 2023/02/15 5:3 a.m.3 views

SUSE CVE-2016-4076

epan/dissectors/packet-ncp2222.inc in the NCP dissector in Wireshark 2.0.x before 2.0.3 does not properly initialize memory for search patterns, which allows remote attackers to cause a denial of service application crash via a crafted packet...

5.9CVSS7.4AI score0.01745EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 5:0 a.m.3 views

SUSE CVE-2016-5300

The XML parser in Expat does not use sufficient entropy for hash initialization, which allows context-dependent attackers to cause a denial of service CPU consumption via crafted identifiers in an XML document. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0876...

6.5CVSS6.8AI score0.06539EPSS
Exploits0References24
SUSE CVE
SUSE CVE
added 2023/02/15 4:59 a.m.6 views

SUSE CVE-2016-6225

xbcrypt in Percona XtraBackup before 2.3.6 and 2.4.x before 2.4.5 does not properly set the initialization vector IV for encryption, which makes it easier for context-dependent attackers to obtain sensitive information from encrypted backup files via a Chosen-Plaintext attack. NOTE: this...

5.9CVSS6.5AI score0.01123EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 4:57 a.m.4 views

SUSE CVE-2016-7798

The openssl gem for Ruby uses the same initialization vector IV in GCM Mode aes--gcm when the IV is set before the key, which makes it easier for context-dependent attackers to bypass the encryption protection mechanism...

3.7CVSS8.6AI score0.03167EPSS
Exploits1References5
SUSE CVE
SUSE CVE
added 2023/02/15 4:54 a.m.3 views

SUSE CVE-2016-9962

RunC allowed additional container processes via 'runc exec' to be ptraced by the pid 1 of the container. This allows the main processes of the container, if running as root, to gain access to file-descriptors of these new processes during the initialization and can lead to container escapes or...

6.4CVSS9.7AI score0.00381EPSS
Exploits0References8
SUSE CVE
SUSE CVE
added 2023/02/15 4:52 a.m.5 views

SUSE CVE-2017-3225

Das U-Boot is a device bootloader that can read its configuration from an AES encrypted file. For devices utilizing this environment encryption mode, U-Boot's use of a zero initialization vector may allow attacks against the underlying cryptographic implementation and allow an attacker to decrypt...

4.6CVSS6.6AI score0.00309EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 4:46 a.m.7 views

SUSE CVE-2017-7822

The AES-GCM implementation in WebCrypto API accepts 0-length IV when it should require a length of 1 according to the NIST Special Publication 800-38D specification. This might allow for the authentication key to be determined in some instances. This vulnerability affects Firefox 56...

5.3CVSS8.5AI score0.01415EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 4:35 a.m.4 views

SUSE CVE-2017-1000246

Python package pysaml2 version 4.4.0 and earlier reuses the initialization vector across encryptions in the IDP server, resulting in weak encryption of data...

3.7CVSS7.8AI score0.00905EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2023/02/15 4:29 a.m.4 views

SUSE CVE-2018-7419

In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the NBAP dissector could crash. This was addressed in epan/dissectors/asn1/nbap/nbap.cnf by ensuring DCH ID initialization...

5.3CVSS7.6AI score0.02821EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2023/02/15 4:28 a.m.2 views

SUSE CVE-2018-10811

strongSwan 5.6.0 and older allows Remote Denial of Service because of Missing Initialization of a Variable...

7.5CVSS7AI score0.0741EPSS
Exploits0References7
SUSE CVE
SUSE CVE
added 2023/02/15 4:24 a.m.3 views

SUSE CVE-2018-16058

In Wireshark 2.6.0 to 2.6.2, 2.4.0 to 2.4.8, and 2.2.0 to 2.2.16, the Bluetooth AVDTP dissector could crash. This was addressed in epan/dissectors/packet-btavdtp.c by properly initializing a data structure...

7.1CVSS7.5AI score0.03459EPSS
Exploits0References11
SUSE CVE
SUSE CVE
added 2023/02/15 4:21 a.m.3 views

SUSE CVE-2018-20023

LibVNC before 8b06f835e259652b0ff026898014fc7297ade858 contains CWE-665: Improper Initialization vulnerability in VNC Repeater client code that allows attacker to read stack memory and can be abuse for information disclosure. Combined with another vulnerability, it can be used to leak stack memor...

4.3CVSS9AI score0.02495EPSS
Exploits0References8
SUSE CVE
SUSE CVE
added 2023/02/15 4:21 a.m.4 views

SUSE CVE-2018-20022

LibVNC before 2f5b2ad1c6c99b1ac6482c95844a84d66bb52838 contains multiple weaknesses CWE-665: Improper Initialization vulnerability in VNC client code that allows attacker to read stack memory and can be abuse for information disclosure. Combined with another vulnerability, it can be used to leak...

5.4CVSS9AI score0.02937EPSS
Exploits0References9
SUSE CVE
SUSE CVE
added 2023/02/15 4:21 a.m.3 views

SUSE CVE-2018-20123

pvrdmarealize in hw/rdma/vmw/pvrdmamain.c in QEMU has a Memory leak after an initialisation error...

3.2CVSS9.4AI score0.00488EPSS
Exploits0References4
Rows per page
Query Builder