SUSE CVE-2013-6659

The SSLClientSocketNSS::Core::OwnAuthCertHandler function in net/socket/sslclientsocketnss.cc in Google Chrome before 33.0.1750.117 does not prevent changes to server X.509 certificates during renegotiations, which allows remote SSL servers to trigger use of a new certificate chain, inconsistent...

SUSE CVE-2013-6658

Multiple use-after-free vulnerabilities in the layout implementation in Blink, as used in Google Chrome before 33.0.1750.117, allow remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving 1 running JavaScript code during execution of the...

SUSE CVE-2013-6661

Multiple unspecified vulnerabilities in Google Chrome before 33.0.1750.117 allow attackers to bypass the sandbox protection mechanism after obtaining renderer access, or have other impact, via unknown vectors...

SUSE CVE-2014-0118

The deflateinfilter function in moddeflate.c in the moddeflate module in the Apache HTTP Server before 2.4.10, when request body decompression is enabled, allows remote attackers to cause a denial of service resource consumption via crafted request data that decompresses to a much larger size...

SUSE CVE-2014-0499

Adobe Flash Player before 11.7.700.269 and 11.8.x through 12.0.x before 12.0.0.70 on Windows and Mac OS X and before 11.2.202.341 on Linux, Adobe AIR before 4.0.0.1628 on Android, Adobe AIR SDK before 4.0.0.1628, and Adobe AIR SDK & Compiler before 4.0.0.1628 do not prevent access to address...

SUSE CVE-2014-0517

Adobe Flash Player before 13.0.0.214 on Windows and OS X and before 11.2.202.359 on Linux, Adobe AIR SDK before 13.0.0.111, and Adobe AIR SDK & Compiler before 13.0.0.111 allow attackers to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2014-0518,...

SUSE CVE-2014-0878

The IBMSecureRandom component in the IBMJCE and IBMSecureRandom cryptographic providers in IBM SDK Java Technology Edition 5.0 before Service Refresh 16 FP6, 6 before Service Refresh 16, 6.0.1 before Service Refresh 8, 7 before Service Refresh 7, and 7R1 before Service Refresh 1 makes it easier f...

SUSE CVE-2014-1482

RasterImage.cpp in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 does not prevent access to discarded data, which allows remote attackers to execute arbitrary code or cause a denial of service incorrect write operations via crafted...

SUSE CVE-2014-1740

Multiple use-after-free vulnerabilities in net/websockets/websocketjob.cc in the WebSockets implementation in Google Chrome before 34.0.1847.137 allow remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to WebSocketJob deletion...

SUSE CVE-2014-2420

Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect integrity via unknown vectors related to Deployment...

SUSE CVE-2014-2428

Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment...

SUSE CVE-2014-3068

IBM Java Runtime Environment JRE 7 R1 before SR1 FP1 7.1.1.1, 7 before SR7 FP1 7.0.7.1, 6 R1 before SR8 FP1 6.1.8.1, 6 before SR16 FP1 6.0.16.1, and before 5.0 SR16 FP7 5.0.16.7 allows attackers to obtain the private key from a Certificate Management System CMS keystore via a brute force attack...

SUSE CVE-2014-3589

PIL/IcnsImagePlugin.py in Python Imaging Library PIL and Pillow before 2.3.2 and 2.5.x before 2.5.2 allows remote attackers to cause a denial of service via a crafted block size...

SUSE CVE-2014-3613

cURL and libcurl before 7.38.0 does not properly handle IP addresses in cookie domain names, which allows remote attackers to set cookies for or send arbitrary cookies to certain sites, as demonstrated by a site at 192.168.0.1 setting cookies for a site at 127.168.0.1...

SUSE CVE-2014-4245

Unspecified vulnerability in the RDBMS Core component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, and 12.1.0.1 allows remote authenticated users to affect confidentiality via unknown vectors...

SUSE CVE-2014-6421

Use-after-free vulnerability in the SDP dissector in Wireshark 1.10.x before 1.10.10 allows remote attackers to cause a denial of service application crash via a crafted packet that leverages split memory ownership between the SDP and RTP dissectors...

SUSE CVE-2014-6440

VideoLAN VLC media player before 2.1.5 allows remote attackers to execute arbitrary code or cause a denial of service...

SUSE CVE-2014-6520

Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:DDL...

SUSE CVE-2014-6555

Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to SERVER:DML...

SUSE CVE-2014-8138

Heap-based buffer overflow in the jp2decode function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service crash or possibly execute arbitrary code via a crafted JPEG 2000 file...