SUSE CVE-2016-2194

The ressol function in Botan before 1.10.11 and 1.11.x before 1.11.27 allows remote attackers to cause a denial of service infinite loop via unspecified input to the OS2ECP function, related to a composite modulus...

SUSE CVE-2016-2553

DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none...

SUSE CVE-2016-2815

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 47.0 allow remote attackers to cause a denial of service memory corruption and application crash or possibly execute arbitrary code via unknown vectors...

SUSE CVE-2016-2833

Mozilla Firefox before 47.0 ignores Content Security Policy CSP directives for cross-domain Java applets, which makes it easier for remote attackers to conduct cross-site scripting XSS attacks via a crafted applet...

SUSE CVE-2016-2834

Mozilla Network Security Services NSS before 3.23, as used in Mozilla Firefox before 47.0, allows remote attackers to cause a denial of service memory corruption and application crash or possibly have unspecified other impact via unknown vectors...

SUSE CVE-2016-2835

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 48.0 allow remote attackers to cause a denial of service memory corruption and application crash or possibly execute arbitrary code via unknown vectors...

SUSE CVE-2016-3071

Libreswan 3.16 might allow remote attackers to cause a denial of service daemon restart via an IKEv2 aesxcbc transform...

SUSE CVE-2016-3498

Unspecified vulnerability in Oracle Java SE 7u101 and 8u92 allows remote attackers to affect availability via vectors related to JavaFX...

SUSE CVE-2016-3948

Squid 3.x before 3.5.16 and 4.x before 4.0.8 improperly perform bounds checking, which allows remote attackers to cause a denial of service via a crafted HTTP response, related to Vary headers...

SUSE CVE-2016-4542

The exifprocessIFDTAG function in ext/exif/exif.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 does not properly construct spprintf arguments, which allows remote attackers to cause a denial of service out-of-bounds read or possibly have unspecified other impact via crafted...

SUSE CVE-2016-5118

The OpenBlob function in blob.c in GraphicsMagick before 1.3.24 and ImageMagick allows remote attackers to execute arbitrary code via a | pipe character at the start of a filename...

SUSE CVE-2016-5143

The Developer Tools aka DevTools subsystem in Blink, as used in Google Chrome before 52.0.2743.116, mishandles the script-path hostname, remoteBase parameter, and remoteFrontendUrl parameter, which allows remote attackers to bypass intended access restrictions via a crafted URL, a different...

SUSE CVE-2016-5319

Heap-based buffer overflow in tifpackbits.c in libtiff 4.0.6 and earlier allows remote attackers to crash the application via a crafted bmp file...

SUSE CVE-2016-5320

DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-5314. Reason: This candidate is a reservation duplicate of CVE-2016-5314. Notes: All CVE users should reference CVE-2016-5314 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental...

SUSE CVE-2016-5325

CRLF injection vulnerability in the ServerResponsewriteHead function in Node.js 0.10.x before 0.10.47, 0.12.x before 0.12.16, 4.x before 4.6.0, and 6.x before 6.7.0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the reason argument...

SUSE CVE-2016-5323

The TIFFFax3fillruns function in libtiff before 4.0.6 allows remote attackers to cause a denial of service divide-by-zero error and application crash via a crafted Tiff image...

SUSE CVE-2016-5507

Unspecified vulnerability in Oracle MySQL 5.6.32 and earlier and 5.7.14 and earlier allows remote administrators to affect availability via vectors related to Server: InnoDB...

SUSE CVE-2016-5824

libical 1.0 allows remote attackers to cause a denial of service use-after-free via a crafted ics file...

SUSE CVE-2016-6811

In Apache Hadoop 2.x before 2.7.4, a user who can escalate to yarn user can possibly run arbitrary commands as root user...

SUSE CVE-2016-7877

Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable use after free vulnerability in the Action Message Format serialization AFM0. Successful exploitation could lead to arbitrary code execution...