Lucene search

K
OpensuseLeap

1897 matches found

CVE
CVE
added 2016/12/09 10:59 p.m.99 views

CVE-2016-9101

Memory leak in hw/net/eepro100.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption and QEMU process crash) by repeatedly unplugging an i8255x (PRO100) NIC device.

6CVSS5.8AI score0.00116EPSS
CVE
CVE
added 2016/06/13 10:59 a.m.98 views

CVE-2016-2831

Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 do not ensure that the user approves the fullscreen and pointerlock settings, which allows remote attackers to cause a denial of service (UI outage), or conduct clickjacking or spoofing attacks, via a crafted web site.

8.8CVSS8AI score0.00775EPSS
CVE
CVE
added 2017/02/06 5:59 p.m.98 views

CVE-2016-7800

Integer underflow in the parse8BIM function in coders/meta.c in GraphicsMagick 1.3.25 and earlier allows remote attackers to cause a denial of service (application crash) via a crafted 8BIM chunk, which triggers a heap-based buffer overflow.

7.5CVSS7.9AI score0.02194EPSS
CVE
CVE
added 2016/11/04 9:59 p.m.98 views

CVE-2016-8577

Memory leak in the v9fs_read function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption) via vectors related to an I/O read operation.

6CVSS5.7AI score0.00116EPSS
CVE
CVE
added 2019/12/03 11:15 p.m.97 views

CVE-2015-7542

A vulnerability exists in libgwenhywfar through 4.12.0 due to the usage of outdated bundled CA certificates.

5.3CVSS5AI score0.00113EPSS
CVE
CVE
added 2016/03/13 6:59 p.m.97 views

CVE-2016-1961

Use-after-free vulnerability in the nsHTMLDocument::SetBody function in dom/html/nsHTMLDocument.cpp in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code by leveraging mishandling of a root element, aka ZDI-CAN-3574.

8.8CVSS7.5AI score0.01253EPSS
CVE
CVE
added 2016/05/22 1:59 a.m.97 views

CVE-2016-4346

Integer overflow in the str_pad function in ext/standard/string.c in PHP before 7.0.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a long string, leading to a heap-based buffer overflow.

9.8CVSS9.9AI score0.00668EPSS
CVE
CVE
added 2016/06/13 2:59 p.m.97 views

CVE-2016-5104

The socket_create function in common/socket.c in libimobiledevice and libusbmuxd allows remote attackers to bypass intended access restrictions and communicate with services on iOS devices by connecting to an IPv4 TCP socket.

5.3CVSS5.3AI score0.00744EPSS
CVE
CVE
added 2016/11/04 9:59 p.m.97 views

CVE-2016-8669

The serial_update_parameters function in hw/char/serial.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (divide-by-zero error and QEMU process crash) via vectors involving a value of divider greater than baud base.

6CVSS5.9AI score0.00071EPSS
CVE
CVE
added 2016/12/09 10:59 p.m.97 views

CVE-2016-9104

Multiple integer overflows in the (1) v9fs_xattr_read and (2) v9fs_xattr_write functions in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allow local guest OS administrators to cause a denial of service (QEMU process crash) via a crafted offset, which triggers an out-of-bounds access.

4.4CVSS5.2AI score0.00116EPSS
CVE
CVE
added 2017/04/13 5:59 p.m.96 views

CVE-2015-8567

Memory leak in net/vmxnet3.c in QEMU allows remote attackers to cause a denial of service (memory consumption).

7.7CVSS7.7AI score0.04759EPSS
CVE
CVE
added 2016/01/31 6:59 p.m.96 views

CVE-2016-1935

Buffer overflow in the BufferSubData function in Mozilla Firefox before 44.0 and Firefox ESR 38.x before 38.6 allows remote attackers to execute arbitrary code via crafted WebGL content.

9.3CVSS9.6AI score0.00495EPSS
CVE
CVE
added 2016/03/13 6:59 p.m.96 views

CVE-2016-1957

Memory leak in libstagefright in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to cause a denial of service (memory consumption) via an MPEG-4 file that triggers a delete operation on an array.

4.3CVSS6.5AI score0.00668EPSS
CVE
CVE
added 2016/06/13 10:59 a.m.96 views

CVE-2016-2815

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 47.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

8.8CVSS9.2AI score0.00379EPSS
CVE
CVE
added 2016/06/13 10:59 a.m.96 views

CVE-2016-2818

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

8.8CVSS9.3AI score0.00426EPSS
CVE
CVE
added 2016/09/11 10:59 a.m.96 views

CVE-2016-5152

Integer overflow in the opj_tcd_get_decoded_tile_size function in tcd.c in OpenJPEG, as used in PDFium in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspec...

8.8CVSS7.7AI score0.01001EPSS
CVE
CVE
added 2016/09/11 10:59 a.m.96 views

CVE-2016-5159

Multiple integer overflows in OpenJPEG, as used in PDFium in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allow remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted JPEG 2000 data ...

8.8CVSS7.7AI score0.0126EPSS
CVE
CVE
added 2015/11/09 3:59 a.m.95 views

CVE-2015-2697

The build_principal_va function in lib/krb5/krb/bld_princ.c in MIT Kerberos 5 (aka krb5) before 1.14 allows remote authenticated users to cause a denial of service (out-of-bounds read and KDC crash) via an initial '\0' character in a long realm field within a TGS request.

4CVSS6.9AI score0.05447EPSS
CVE
CVE
added 2016/12/09 10:59 p.m.95 views

CVE-2016-9106

Memory leak in the v9fs_write function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption) by leveraging failure to free an IO vector.

6CVSS5.9AI score0.00116EPSS
CVE
CVE
added 2015/12/16 11:59 a.m.94 views

CVE-2015-7212

Integer overflow in the mozilla::layers::BufferTextureClient::AllocateForSurface function in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allows remote attackers to execute arbitrary code by triggering a graphics operation that requires a large texture allocation.

7.5CVSS8.1AI score0.02306EPSS
CVE
CVE
added 2015/12/16 11:59 a.m.94 views

CVE-2015-7213

Integer overflow in the MPEG4Extractor::readMetaData function in MPEG4Extractor.cpp in libstagefright in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 on 64-bit platforms allows remote attackers to execute arbitrary code via a crafted MP4 video file that triggers a buffer overflow.

6.8CVSS8.1AI score0.02438EPSS
CVE
CVE
added 2015/12/16 11:59 a.m.94 views

CVE-2015-7214

Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allow remote attackers to bypass the Same Origin Policy via data: and view-source: URIs.

5CVSS7.3AI score0.15477EPSS
CVE
CVE
added 2016/04/21 10:59 a.m.94 views

CVE-2016-0655

Unspecified vulnerability in Oracle MySQL 5.6.29 and earlier and 5.7.11 and earlier and MariaDB 10.0.x before 10.0.25 and 10.1.x before 10.1.14 allows local users to affect availability via vectors related to InnoDB.

4.7CVSS4AI score0.00271EPSS
CVE
CVE
added 2016/03/13 6:59 p.m.94 views

CVE-2016-1952

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

8.8CVSS8.2AI score0.0061EPSS
CVE
CVE
added 2016/03/13 6:59 p.m.94 views

CVE-2016-1974

The nsScannerString::AppendUnicodeTo function in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 does not verify that memory allocation succeeds, which allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via crafted Unicode data in an HTM...

8.8CVSS7.6AI score0.00678EPSS
CVE
CVE
added 2017/02/15 7:59 p.m.94 views

CVE-2016-8689

The read_Header function in archive_read_support_format_7zip.c in libarchive 3.2.1 allows remote attackers to cause a denial of service (out-of-bounds read) via multiple EmptyStream attributes in a header in a 7zip archive.

7.5CVSS6.5AI score0.01118EPSS
CVE
CVE
added 2022/10/06 6:16 p.m.94 views

CVE-2022-31252

A Incorrect Authorization vulnerability in chkstat of SUSE Linux Enterprise Server 12-SP5; openSUSE Leap 15.3, openSUSE Leap 15.4, openSUSE Leap Micro 5.2 did not consider group writable path components, allowing local attackers with access to a group what can write to a location included in the pa...

4.4CVSS4.3AI score0.00028EPSS
CVE
CVE
added 2016/01/31 6:59 p.m.93 views

CVE-2016-1930

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 44.0 and Firefox ESR 38.x before 38.6 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

10CVSS9.8AI score0.01575EPSS
CVE
CVE
added 2016/03/13 6:59 p.m.93 views

CVE-2016-2792

The graphite2::Slot::getAttr function in Slot.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font,...

8.8CVSS7.3AI score0.00787EPSS
CVE
CVE
added 2016/03/13 6:59 p.m.93 views

CVE-2016-2793

CachedCmap.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font.

8.8CVSS7.3AI score0.00787EPSS
CVE
CVE
added 2016/03/13 6:59 p.m.93 views

CVE-2016-2799

Heap-based buffer overflow in the graphite2::Slot::setAttr function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted Graphite smart font.

9.3CVSS7.6AI score0.01159EPSS
CVE
CVE
added 2016/03/13 6:59 p.m.93 views

CVE-2016-2802

The graphite2::TtfUtil::CmapSubtable4NextCodepoint function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite s...

8.8CVSS7.3AI score0.00787EPSS
CVE
CVE
added 2015/10/21 9:59 p.m.92 views

CVE-2015-4807

Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier, when running on Windows, allows remote authenticated users to affect availability via unknown vectors related to Server : Query Cache.

3.5CVSS5AI score0.00616EPSS
CVE
CVE
added 2016/02/21 6:59 p.m.92 views

CVE-2016-1629

Google Chrome before 48.0.2564.116 allows remote attackers to bypass the Blink Same Origin Policy and a sandbox protection mechanism via unspecified vectors.

10CVSS8.8AI score0.03091EPSS
CVE
CVE
added 2016/04/08 2:59 p.m.92 views

CVE-2016-2315

revision.c in git before 2.7.4 uses an incorrect integer data type, which allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, leading to a heap-based buffer overflow.

10CVSS9.6AI score0.2572EPSS
CVE
CVE
added 2016/09/07 6:59 p.m.92 views

CVE-2016-6855

Eye of GNOME (aka eog) 3.16.5, 3.17.x, 3.18.x before 3.18.3, 3.19.x, and 3.20.x before 3.20.4, when used with glib before 2.44.1, allow remote attackers to cause a denial of service (out-of-bounds write and crash) via vectors involving passing invalid UTF-8 to GMarkup.

7.5CVSS7.1AI score0.0255EPSS
CVE
CVE
added 2016/11/04 9:59 p.m.92 views

CVE-2016-8667

The rc4030_write function in hw/dma/rc4030.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (divide-by-zero error and QEMU process crash) via a large interval timer reload value.

6CVSS5.9AI score0.00075EPSS
CVE
CVE
added 2014/02/06 10:55 p.m.91 views

CVE-2013-6393

The yaml_parser_scan_tag_uri function in scanner.c in LibYAML before 0.1.5 performs an incorrect cast, which allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted tags in a YAML document, which triggers a heap-based buffer overflow.

6.8CVSS5.4AI score0.08342EPSS
CVE
CVE
added 2016/03/13 6:59 p.m.91 views

CVE-2016-2801

The graphite2::TtfUtil::CmapSubtable12Lookup function in TtfUtil.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted G...

8.8CVSS7.3AI score0.00787EPSS
CVE
CVE
added 2016/11/04 9:59 p.m.91 views

CVE-2016-8578

The v9fs_iov_vunmarshal function in fsdev/9p-iov-marshal.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (NULL pointer dereference and QEMU process crash) by sending an empty string parameter to a 9P operation.

6CVSS5.9AI score0.00116EPSS
CVE
CVE
added 2019/11/04 9:15 p.m.91 views

CVE-2017-5333

Integer overflow in the extract_group_icon_cursor_resource function in b/wrestool/extract.c in icoutils before 0.31.1 allows local users to cause a denial of service (process crash) or execute arbitrary code via a crafted executable file.

7.8CVSS7.7AI score0.00272EPSS
CVE
CVE
added 2018/10/15 7:29 p.m.91 views

CVE-2017-5934

Cross-site scripting (XSS) vulnerability in the link dialogue in GUI editor in MoinMoin before 1.9.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

6.1CVSS5.8AI score0.00709EPSS
CVE
CVE
added 2016/06/05 11:59 p.m.90 views

CVE-2016-1691

Skia, as used in Google Chrome before 51.0.2704.63, mishandles coincidence runs, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted curves, related to SkOpCoincidence.cpp and SkPathOpsCommon.cpp.

7.5CVSS8.2AI score0.01396EPSS
CVE
CVE
added 2016/03/13 6:59 p.m.90 views

CVE-2016-1955

Mozilla Firefox before 45.0 allows remote attackers to bypass the Same Origin Policy and obtain sensitive information by reading a Content Security Policy (CSP) violation report that contains path information associated with an IFRAME element.

4.3CVSS6.3AI score0.00371EPSS
CVE
CVE
added 2016/03/13 6:59 p.m.90 views

CVE-2016-2794

The graphite2::TtfUtil::CmapSubtable12NextCodepoint function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite ...

9.3CVSS7.3AI score0.01801EPSS
CVE
CVE
added 2016/12/10 12:59 a.m.90 views

CVE-2016-7995

Memory leak in the ehci_process_itd function in hw/usb/hcd-ehci.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption) via a large number of crafted buffer page select (PG) indexes.

6CVSS5.2AI score0.00157EPSS
CVE
CVE
added 2016/03/13 6:59 p.m.89 views

CVE-2016-2791

The graphite2::GlyphCache::glyph function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font.

8.8CVSS7.3AI score0.00787EPSS
CVE
CVE
added 2016/01/21 3:0 a.m.88 views

CVE-2016-0503

Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier and 5.7.9 allows remote authenticated users to affect availability via vectors related to DML, a different vulnerability than CVE-2016-0504.

4CVSS5.5AI score0.0183EPSS
CVE
CVE
added 2016/03/13 6:59 p.m.88 views

CVE-2016-1964

Use-after-free vulnerability in the AtomicBaseIncDec function in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) by leveraging mishandling of XML transformations.

8.8CVSS7.6AI score0.00963EPSS
CVE
CVE
added 2016/04/08 2:59 p.m.88 views

CVE-2016-2324

Integer overflow in Git before 2.7.4 allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, which triggers a heap-based buffer overflow.

10CVSS9.7AI score0.30653EPSS
Total number of security vulnerabilities1897