Lucene search

K
NovellSuse Linux Enterprise Server11

17 matches found

CVE
CVE
added 2015/07/06 2:0 a.m.159 views

CVE-2015-2721

Mozilla Network Security Services (NSS) before 3.19, as used in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, Thunderbird before 38.1, and other products, does not properly determine state transitions for the TLS state machine, which allows man-in-the-middle attack...

4.3CVSS4.1AI score0.00914EPSS
CVE
CVE
added 2016/04/27 5:59 p.m.152 views

CVE-2015-8816

The hub_activate function in drivers/usb/core/hub.c in the Linux kernel before 4.3.5 does not properly maintain a hub-interface data structure, which allows physically proximate attackers to cause a denial of service (invalid memory access and system crash) or possibly have unspecified other impact...

7.2CVSS7AI score0.00076EPSS
CVE
CVE
added 2016/02/08 3:59 a.m.139 views

CVE-2015-7566

The clie_5_attach function in drivers/usb/serial/visor.c in the Linux kernel through 4.4.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by inserting a USB device that lacks a bulk-out endpoin...

4.9CVSS6AI score0.00453EPSS
CVE
CVE
added 2016/05/23 10:59 a.m.136 views

CVE-2016-4485

The llc_cmsg_rcv function in net/llc/af_llc.c in the Linux kernel before 4.5.5 does not initialize a certain data structure, which allows attackers to obtain sensitive information from kernel stack memory by reading a message.

7.5CVSS7.7AI score0.00774EPSS
CVE
CVE
added 2015/07/06 2:1 a.m.132 views

CVE-2015-2730

Mozilla Network Security Services (NSS) before 3.19.1, as used in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and other products, does not properly perform Elliptical Curve Cryptography (ECC) multiplications, which makes it easier for remote attackers to spoof EC...

4.3CVSS4.3AI score0.0034EPSS
CVE
CVE
added 2016/05/02 10:59 a.m.125 views

CVE-2016-2187

The gtco_probe function in drivers/input/tablet/gtco.c in the Linux kernel through 4.5.2 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.

4.9CVSS5.7AI score0.00057EPSS
CVE
CVE
added 2014/11/10 11:55 a.m.123 views

CVE-2014-3690

arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel before 3.17.2 on Intel processors does not ensure that the value in the CR4 control register remains the same after a VM entry, which allows host OS users to kill arbitrary processes or cause a denial of service (system disruption) by leve...

5.5CVSS6AI score0.00022EPSS
CVE
CVE
added 2015/07/06 2:1 a.m.108 views

CVE-2015-2739

The ArrayBufferBuilder::append function in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 accesses unintended memory locations, which has unspecified impact and attack vectors.

10CVSS4.4AI score0.01039EPSS
CVE
CVE
added 2015/07/06 2:0 a.m.104 views

CVE-2015-2724

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code ...

10CVSS6.2AI score0.01756EPSS
CVE
CVE
added 2015/07/06 2:0 a.m.97 views

CVE-2015-2725

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 39.0, Firefox ESR 38.x before 38.1, and Thunderbird before 38.1 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

10CVSS6AI score0.02921EPSS
CVE
CVE
added 2015/07/06 2:0 a.m.94 views

CVE-2015-2722

Use-after-free vulnerability in the CanonicalizeXPCOMParticipant function in Mozilla Firefox before 39.0 and Firefox ESR 31.x before 31.8 and 38.x before 38.1 allows remote attackers to execute arbitrary code via vectors involving attachment of an XMLHttpRequest object to a shared worker.

10CVSS5.1AI score0.03097EPSS
CVE
CVE
added 2015/07/06 2:1 a.m.93 views

CVE-2015-2740

Buffer overflow in the nsXMLHttpRequest::AppendToResponseText function in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 might allow remote attackers to cause a denial of service or have unspecified other impact via unknown vectors.

10CVSS5AI score0.0438EPSS
CVE
CVE
added 2015/07/06 2:1 a.m.92 views

CVE-2015-2735

nsZipArchive.cpp in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 accesses unintended memory locations, which allows remote attackers to have an unspecified impact via a crafted ZIP archive.

9.3CVSS4.4AI score0.02878EPSS
CVE
CVE
added 2015/07/06 2:0 a.m.88 views

CVE-2015-2728

The IndexedDatabaseManager class in the IndexedDB implementation in Mozilla Firefox before 39.0 and Firefox ESR 31.x before 31.8 and 38.x before 38.1 misinterprets an unspecified IDBDatabase field as a pointer, which allows remote attackers to execute arbitrary code or cause a denial of service (me...

7.5CVSS5.6AI score0.03275EPSS
CVE
CVE
added 2015/07/06 2:1 a.m.87 views

CVE-2015-2736

The nsZipArchive::BuildFileList function in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 accesses unintended memory locations, which allows remote attackers to have an unspecified impact via a crafted ZIP archive.

9.3CVSS4.4AI score0.02878EPSS
CVE
CVE
added 2015/07/06 2:1 a.m.84 views

CVE-2015-2743

PDF.js in Mozilla Firefox before 39.0 and Firefox ESR 31.x before 31.8 and 38.x before 38.1 enables excessive privileges for internal Workers, which might allow remote attackers to execute arbitrary code by leveraging a Same Origin Policy bypass.

7.5CVSS5.2AI score0.01286EPSS
CVE
CVE
added 2015/07/06 2:0 a.m.71 views

CVE-2015-2726

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 39.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

10CVSS5.8AI score0.02256EPSS