Lucene search

K
OpensuseLeap

1897 matches found

CVE
CVE
added 2019/03/21 3:59 p.m.112 views

CVE-2017-16232

LibTIFF 4.0.8 has multiple memory leak vulnerabilities, which allow attackers to cause a denial of service (memory consumption), as demonstrated by tif_open.c, tif_lzw.c, and tif_aux.c. NOTE: Third parties were unable to reproduce the issue

7.5CVSS6.7AI score0.01738EPSS
CVE
CVE
added 2019/03/14 9:29 a.m.112 views

CVE-2019-9770

An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a heap-based buffer overflow in the function dwg_decode_eed_data at decode.c for the y dimension.

7.5CVSS8.5AI score0.02893EPSS
CVE
CVE
added 2016/05/22 1:59 a.m.111 views

CVE-2015-8866

ext/libxml/libxml.c in PHP before 5.5.22 and 5.6.x before 5.6.6, when PHP-FPM is used, does not isolate each thread from libxml_disable_entity_loader changes in other threads, which allows remote attackers to conduct XML External Entity (XXE) and XML Entity Expansion (XEE) attacks via a crafted XML...

9.6CVSS7AI score0.4676EPSS
CVE
CVE
added 2016/01/21 3:2 a.m.111 views

CVE-2016-0596

Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier and 5.6.27 and earlier and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via vectors related to DML.

4CVSS5.1AI score0.00595EPSS
CVE
CVE
added 2016/02/13 2:59 a.m.110 views

CVE-2015-8629

The xdr_nullstring function in lib/kadm5/kadm_rpc_xdr.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 does not verify whether '\0' characters exist as expected, which allows remote authenticated users to obtain sensitive information or cause a denial of service (out...

5.3CVSS5.5AI score0.00681EPSS
CVE
CVE
added 2016/01/21 3:2 a.m.110 views

CVE-2016-0598

Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via vectors related to DML.

3.5CVSS5AI score0.00557EPSS
CVE
CVE
added 2016/01/21 3:2 a.m.110 views

CVE-2016-0600

Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to InnoDB.

3.5CVSS5AI score0.00557EPSS
CVE
CVE
added 2016/11/04 9:59 p.m.110 views

CVE-2016-8910

The rtl8139_cplus_transmit function in hw/net/rtl8139.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) by leveraging failure to limit the ring descriptor count.

6CVSS6AI score0.00098EPSS
CVE
CVE
added 2019/03/14 9:29 a.m.110 views

CVE-2019-9774

An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is an out-of-bounds read in the function bit_read_B at bits.c.

9.1CVSS9AI score0.03129EPSS
CVE
CVE
added 2019/03/14 9:29 a.m.110 views

CVE-2019-9776

An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a NULL pointer dereference in the function dwg_dxf_LTYPE at dwg.spec (later than CVE-2019-9779).

7.5CVSS7.3AI score0.02442EPSS
CVE
CVE
added 2019/03/14 9:29 a.m.110 views

CVE-2019-9779

An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a NULL pointer dereference in the function dwg_dxf_LTYPE at dwg.spec (earlier than CVE-2019-9776).

7.5CVSS7.3AI score0.02442EPSS
CVE
CVE
added 2020/01/08 9:15 p.m.110 views

CVE-2020-6612

GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in copy_compressed_bytes in decode_r2007.c.

8.1CVSS8.3AI score0.00605EPSS
CVE
CVE
added 2015/12/16 11:59 a.m.109 views

CVE-2015-7204

Mozilla Firefox before 43.0 does not properly store the properties of unboxed objects, which allows remote attackers to execute arbitrary code via crafted JavaScript variable assignments.

6.8CVSS7.9AI score0.0172EPSS
CVE
CVE
added 2016/08/12 3:59 p.m.109 views

CVE-2016-6132

The gdImageCreateFromTgaCtx function in the GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA file.

6.5CVSS6.3AI score0.02138EPSS
CVE
CVE
added 2016/08/12 3:59 p.m.109 views

CVE-2016-6161

The output function in gd_gif_out.c in the GD Graphics Library (aka libgd) allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted image.

6.5CVSS6.3AI score0.00402EPSS
CVE
CVE
added 2019/03/14 9:29 a.m.109 views

CVE-2019-9778

An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a heap-based buffer over-read in the function dwg_dxf_LTYPE at dwg.spec.

7.5CVSS8.3AI score0.02434EPSS
CVE
CVE
added 2016/03/13 6:59 p.m.107 views

CVE-2016-2797

The graphite2::TtfUtil::CmapSubtable12Lookup function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart f...

8.8CVSS7.3AI score0.00787EPSS
CVE
CVE
added 2016/08/07 10:59 a.m.107 views

CVE-2016-6128

The gdImageCropThreshold function in gd_crop.c in the GD Graphics Library (aka libgd) before 2.2.3, as used in PHP before 7.0.9, allows remote attackers to cause a denial of service (application crash) via an invalid color index.

7.5CVSS6.7AI score0.05837EPSS
CVE
CVE
added 2016/09/07 8:59 p.m.107 views

CVE-2016-6261

The idna_to_ascii_4i function in lib/idna.c in libidn before 1.33 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via 64 bytes of input.

7.5CVSS7.1AI score0.04502EPSS
CVE
CVE
added 2017/03/24 3:59 p.m.107 views

CVE-2017-5334

Double free vulnerability in the gnutls_x509_ext_import_proxy function in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allows remote attackers to have unspecified impact via crafted policy language information in an X.509 certificate with a Proxy Certificate Information extension.

9.8CVSS8.5AI score0.05592EPSS
CVE
CVE
added 2015/11/02 7:59 p.m.106 views

CVE-2015-6031

Buffer overflow in the IGDstartelt function in igd_desc_parse.c in the MiniUPnP client (aka MiniUPnPc) before 1.9.20150917 allows remote UPNP servers to cause a denial of service (application crash) and possibly execute arbitrary code via an "oversized" XML element name.

6.8CVSS7.8AI score0.02622EPSS
CVE
CVE
added 2016/01/21 3:2 a.m.106 views

CVE-2016-0608

Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via vectors related to UDF.

3.5CVSS5AI score0.00557EPSS
CVE
CVE
added 2016/04/30 5:59 p.m.106 views

CVE-2016-2807

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 46.0, Firefox ESR 38.x before 38.8, and Firefox ESR 45.x before 45.1 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vect...

10CVSS9.3AI score0.01315EPSS
CVE
CVE
added 2017/02/15 7:59 p.m.106 views

CVE-2016-8687

Stack-based buffer overflow in the safe_fprintf function in tar/util.c in libarchive 3.2.1 allows remote attackers to cause a denial of service via a crafted non-printable multibyte character in a filename.

7.5CVSS6.6AI score0.01379EPSS
CVE
CVE
added 2017/10/17 1:29 p.m.106 views

CVE-2017-13084

Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Station-To-Station-Link (STSL) Transient Key (STK) during the PeerKey handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames.

6.8CVSS7AI score0.00901EPSS
CVE
CVE
added 2016/01/21 3:2 a.m.105 views

CVE-2016-0609

Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to privileges.

1.7CVSS5.1AI score0.00876EPSS
CVE
CVE
added 2016/04/21 10:59 a.m.105 views

CVE-2016-0651

Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier allows local users to affect availability via vectors related to Optimizer.

5.5CVSS4.6AI score0.0031EPSS
CVE
CVE
added 2016/06/09 4:59 p.m.105 views

CVE-2016-0749

The smartcard interaction in SPICE allows remote attackers to cause a denial of service (QEMU-KVM process crash) or possibly execute arbitrary code via vectors related to connecting to a guest VM, which triggers a heap-based buffer overflow.

10CVSS9.6AI score0.20473EPSS
CVE
CVE
added 2016/03/13 6:59 p.m.105 views

CVE-2016-1954

The nsCSPContext::SendReports function in dom/security/nsCSPContext.cpp in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 does not prevent use of a non-HTTP report-uri for a Content Security Policy (CSP) violation report, which allows remote attackers to cause a denial of service (dat...

8.8CVSS7AI score0.05058EPSS
CVE
CVE
added 2017/02/03 3:59 p.m.105 views

CVE-2016-2317

Multiple buffer overflows in GraphicsMagick 1.3.23 allow remote attackers to cause a denial of service (crash) via a crafted SVG file, related to the (1) TracePoint function in magick/render.c, (2) GetToken function in magick/utility.c, and (3) GetTransformTokens function in coders/svg.c.

5.5CVSS6.8AI score0.00261EPSS
CVE
CVE
added 2016/06/13 10:59 a.m.105 views

CVE-2016-2821

Use-after-free vulnerability in the mozilla::dom::Element class in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2, when contenteditable mode is enabled, allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) by triggering deletion of DO...

7.5CVSS8.4AI score0.02755EPSS
CVE
CVE
added 2016/12/09 10:59 p.m.105 views

CVE-2016-9105

Memory leak in the v9fs_link function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption) via vectors involving a reference to the source fid object.

6CVSS5.8AI score0.00103EPSS
CVE
CVE
added 2016/01/21 3:2 a.m.104 views

CVE-2016-0606

Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect integrity via unknown vectors related to encryption.

3.5CVSS5AI score0.00274EPSS
CVE
CVE
added 2016/03/13 6:59 p.m.104 views

CVE-2016-2796

Heap-based buffer overflow in the graphite2::vm::Machine::Code::Code function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted Graphite sm...

8.8CVSS7.6AI score0.00683EPSS
CVE
CVE
added 2015/12/16 11:59 a.m.102 views

CVE-2015-7201

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

10CVSS8.6AI score0.01913EPSS
CVE
CVE
added 2015/12/16 11:59 a.m.102 views

CVE-2015-7222

Integer underflow in the Metadata::setData function in MetaData.cpp in libstagefright in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allows remote attackers to execute arbitrary code or cause a denial of service (incorrect memory allocation and application crash) via an MP4 video f...

6.8CVSS8.1AI score0.03351EPSS
CVE
CVE
added 2016/04/21 10:59 a.m.102 views

CVE-2016-0646

Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect availability via vectors related to DML.

5.5CVSS4.4AI score0.00323EPSS
CVE
CVE
added 2016/04/21 10:59 a.m.102 views

CVE-2016-0649

Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect availability via vectors related to PS.

5.5CVSS4.4AI score0.00323EPSS
CVE
CVE
added 2016/02/16 2:59 a.m.102 views

CVE-2016-0753

Active Model in Ruby on Rails 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 supports the use of instance-level writers for class accessors, which allows remote attackers to bypass intended validation steps via crafted parameters.

5.3CVSS5.4AI score0.02328EPSS
CVE
CVE
added 2016/12/12 2:59 a.m.102 views

CVE-2016-9427

Integer overflow vulnerability in bdwgc before 2016-09-27 allows attackers to cause client of bdwgc denial of service (heap buffer overflow crash) and possibly execute arbitrary code via huge allocation.

9.8CVSS9.4AI score0.01022EPSS
CVE
CVE
added 2016/06/13 10:59 a.m.101 views

CVE-2016-2819

Heap-based buffer overflow in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allows remote attackers to execute arbitrary code via foreign-context HTML5 fragments, as demonstrated by fragments within an SVG element.

8.8CVSS9AI score0.66282EPSS
CVE
CVE
added 2016/08/07 10:59 a.m.101 views

CVE-2016-5116

gd_xbm.c in the GD Graphics Library (aka libgd) before 2.2.0, as used in certain custom PHP 5.5.x configurations, allows context-dependent attackers to obtain sensitive information from process memory or cause a denial of service (stack-based buffer under-read and application crash) via a long name...

9.1CVSS8.1AI score0.01684EPSS
CVE
CVE
added 2016/07/03 9:59 p.m.100 views

CVE-2016-1704

Multiple unspecified vulnerabilities in Google Chrome before 51.0.2704.103 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

8.8CVSS8.7AI score0.00802EPSS
CVE
CVE
added 2016/03/13 6:59 p.m.100 views

CVE-2016-1977

The Machine::Code::decoder::analysis::set_ref function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to execute arbitrary code or cause a denial of service (stack memory corruption) via a crafted Graphite smart font.

8.8CVSS7.5AI score0.00963EPSS
CVE
CVE
added 2016/03/13 6:59 p.m.100 views

CVE-2016-2798

The graphite2::GlyphCache::Loader::Loader function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font...

8.8CVSS7.3AI score0.00787EPSS
CVE
CVE
added 2016/03/13 6:59 p.m.100 views

CVE-2016-2800

The graphite2::Slot::getAttr function in Slot.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font,...

8.8CVSS7.3AI score0.00787EPSS
CVE
CVE
added 2017/03/24 3:59 p.m.100 views

CVE-2017-5335

The stream reading functions in lib/opencdk/read-packet.c in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allow remote attackers to cause a denial of service (out-of-memory error and crash) via a crafted OpenPGP certificate.

7.5CVSS7.9AI score0.03542EPSS
CVE
CVE
added 2015/12/16 11:59 a.m.99 views

CVE-2015-7205

Integer underflow in the RTPReceiverVideo::ParseRtpPacket function in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 might allow remote attackers to obtain sensitive information, cause a denial of service, or possibly have unspecified other impact by triggering a crafted WebRTC RTP pa...

10CVSS7.9AI score0.00863EPSS
CVE
CVE
added 2016/03/13 6:59 p.m.99 views

CVE-2016-2790

The graphite2::TtfUtil::GetTableInfo function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, does not initialize memory for an unspecified data structure, which allows remote attackers to cause a denial of service or possibly have unknown other ...

8.8CVSS7.1AI score0.00787EPSS
CVE
CVE
added 2016/03/13 6:59 p.m.99 views

CVE-2016-2795

The graphite2::FileFace::get_table_fn function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, does not initialize memory for an unspecified data structure, which allows remote attackers to cause a denial of service or possibly have unknown other...

8.8CVSS7.1AI score0.00787EPSS
Total number of security vulnerabilities1897