Lucene search

K
OpensuseLeap

1897 matches found

CVE
CVE
added 2016/06/13 10:59 a.m.88 views

CVE-2016-2822

Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allow remote attackers to spoof the address bar via a SELECT element with a persistent menu.

6.5CVSS7AI score0.006EPSS
CVE
CVE
added 2017/02/06 5:59 p.m.88 views

CVE-2016-7448

The Utah RLE reader in GraphicsMagick before 1.3.25 allows remote attackers to cause a denial of service (CPU consumption or large memory allocations) via vectors involving the header information and the file size.

7.8CVSS8AI score0.04162EPSS
CVE
CVE
added 2017/03/01 8:59 p.m.88 views

CVE-2016-9830

The MagickRealloc function in memory.c in Graphicsmagick 1.3.25 allows remote attackers to cause a denial of service (crash) via large dimensions in a jpeg image.

5.5CVSS6.8AI score0.00598EPSS
CVE
CVE
added 2019/11/04 9:15 p.m.88 views

CVE-2017-5332

The extract_group_icon_cursor_resource in wrestool/extract.c in icoutils before 0.31.1 can access unallocated memory, which allows local users to cause a denial of service (process crash) and execute arbitrary code via a crafted executable.

7.8CVSS7.6AI score0.00272EPSS
CVE
CVE
added 2016/04/21 10:59 a.m.86 views

CVE-2016-0668

Unspecified vulnerability in Oracle MySQL 5.6.28 and earlier and 5.7.10 and earlier and MariaDB 10.0.x before 10.0.24 and 10.1.x before 10.1.12 allows local users to affect availability via vectors related to InnoDB.

4.1CVSS4.3AI score0.00439EPSS
CVE
CVE
added 2016/06/13 10:59 a.m.86 views

CVE-2016-2828

Use-after-free vulnerability in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allows remote attackers to execute arbitrary code via WebGL content that triggers texture access after destruction of the texture's recycle pool.

8.8CVSS8.8AI score0.01769EPSS
CVE
CVE
added 2015/12/16 11:59 a.m.85 views

CVE-2015-7210

Use-after-free vulnerability in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allows remote attackers to execute arbitrary code by triggering attempted use of a data channel that has been closed by a WebRTC function.

7.5CVSS7.9AI score0.01773EPSS
CVE
CVE
added 2016/06/05 11:59 p.m.85 views

CVE-2016-1676

extensions/renderer/resources/binding.js in the extension bindings in Google Chrome before 51.0.2704.63 does not properly use prototypes, which allows remote attackers to bypass the Same Origin Policy via unspecified vectors.

8.8CVSS8.2AI score0.01357EPSS
CVE
CVE
added 2016/06/13 10:59 a.m.85 views

CVE-2016-2832

Mozilla Firefox before 47.0 allows remote attackers to discover the list of disabled plugins via a fingerprinting attack involving Cascading Style Sheets (CSS) pseudo-classes.

4.3CVSS5.8AI score0.00563EPSS
CVE
CVE
added 2019/11/04 9:15 p.m.85 views

CVE-2017-5331

Integer overflow in the check_offset function in b/wrestool/fileread.c in icoutils before 0.31.1 allows local users to cause a denial of service (process crash) and execute arbitrary code via a crafted executable.

7.8CVSS7.7AI score0.00089EPSS
CVE
CVE
added 2016/01/21 3:2 a.m.84 views

CVE-2016-0610

Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier and MariaDB before 10.0.22 and 10.1.x before 10.1.9 allows remote authenticated users to affect availability via unknown vectors related to InnoDB.

3.5CVSS5.5AI score0.00627EPSS
CVE
CVE
added 2016/06/05 11:59 p.m.84 views

CVE-2016-1681

Heap-based buffer overflow in the opj_j2k_read_SPCod_SPCoc function in j2k.c in OpenJPEG, as used in PDFium in Google Chrome before 51.0.2704.63, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PDF document.

8.8CVSS8.9AI score0.01263EPSS
CVE
CVE
added 2016/08/12 3:59 p.m.84 views

CVE-2016-6214

gd_tga.c in the GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA file.

6.5CVSS6.1AI score0.07265EPSS
CVE
CVE
added 2017/02/06 5:59 p.m.84 views

CVE-2016-7447

Heap-based buffer overflow in the EscapeParenthesis function in GraphicsMagick before 1.3.25 allows remote attackers to have unspecified impact via unknown vectors.

9.8CVSS9.7AI score0.02033EPSS
CVE
CVE
added 2015/12/16 11:59 a.m.83 views

CVE-2015-7211

Mozilla Firefox before 43.0 mishandles the # (number sign) character in a data: URI, which allows remote attackers to spoof web sites via unspecified vectors.

5CVSS7.1AI score0.0068EPSS
CVE
CVE
added 2016/06/09 4:59 p.m.83 views

CVE-2016-2150

SPICE allows local guest OS users to read from or write to arbitrary host memory locations via crafted primary surface parameters, a similar issue to CVE-2015-5261.

7.1CVSS6.8AI score0.00092EPSS
CVE
CVE
added 2019/11/04 9:15 p.m.82 views

CVE-2015-8980

The plural form formula in ngettext family of calls in php-gettext before 1.0.12 allows remote attackers to execute arbitrary code.

9.8CVSS9.5AI score0.04547EPSS
CVE
CVE
added 2016/06/05 11:59 p.m.82 views

CVE-2016-1696

The extensions subsystem in Google Chrome before 51.0.2704.79 does not properly restrict bindings access, which allows remote attackers to bypass the Same Origin Policy via unspecified vectors.

8.8CVSS8.2AI score0.00804EPSS
CVE
CVE
added 2016/06/13 10:59 a.m.82 views

CVE-2016-2833

Mozilla Firefox before 47.0 ignores Content Security Policy (CSP) directives for cross-domain Java applets, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted applet.

6.1CVSS6.3AI score0.00341EPSS
CVE
CVE
added 2017/02/06 5:59 p.m.82 views

CVE-2016-7449

The TIFFGetField function in coders/tiff.c in GraphicsMagick 1.3.24 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a file containing an "unterminated" string.

7.5CVSS8AI score0.03278EPSS
CVE
CVE
added 2017/03/27 5:59 p.m.82 views

CVE-2017-6542

The ssh_agent_channel_data function in PuTTY before 0.68 allows remote attackers to have unspecified impact via a large length value in an agent protocol message and leveraging the ability to connect to the Unix-domain socket representing the forwarded agent connection, which trigger a buffer overf...

9.8CVSS9.5AI score0.25845EPSS
CVE
CVE
added 2017/12/05 4:29 p.m.81 views

CVE-2016-1254

Tor before 0.2.8.12 might allow remote attackers to cause a denial of service (client crash) via a crafted hidden service descriptor.

7.5CVSS7AI score0.03038EPSS
CVE
CVE
added 2016/01/13 3:59 p.m.81 views

CVE-2016-1494

The verify function in the RSA package for Python (Python-RSA) before 3.3 allows attackers to spoof signatures with a small public exponent via crafted signature padding, aka a BERserk attack.

5.3CVSS5.2AI score0.07669EPSS
CVE
CVE
added 2016/04/30 5:59 p.m.81 views

CVE-2016-2806

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 46.0 and Firefox ESR 45.x before 45.1 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

10CVSS9.2AI score0.01315EPSS
CVE
CVE
added 2016/06/05 11:59 p.m.80 views

CVE-2016-1677

uri.js in Google V8 before 5.1.281.26, as used in Google Chrome before 51.0.2704.63, uses an incorrect array type, which allows remote attackers to obtain sensitive information by calling the decodeURI function and leveraging "type confusion."

6.5CVSS6.7AI score0.10058EPSS
CVE
CVE
added 2016/06/05 11:59 p.m.80 views

CVE-2016-1680

Use-after-free vulnerability in ports/SkFontHost_FreeType.cpp in Skia, as used in Google Chrome before 51.0.2704.63, allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via unknown vectors.

8.8CVSS8.7AI score0.01532EPSS
CVE
CVE
added 2017/05/23 4:29 a.m.80 views

CVE-2016-5178

Multiple unspecified vulnerabilities in Google Chrome before 53.0.2785.143 allow remote attackers to cause a denial of service or possibly have other impact via unknown vectors.

9.8CVSS7.9AI score0.01854EPSS
CVE
CVE
added 2017/02/15 7:59 p.m.80 views

CVE-2016-8688

The mtree bidder in libarchive 3.2.1 does not keep track of line sizes when extending the read-ahead, which allows remote attackers to cause a denial of service (crash) via a crafted file, which triggers an invalid read in the (1) detect_form or (2) bid_entry function in libarchive/archive_read_sup...

5.5CVSS5.9AI score0.00226EPSS
CVE
CVE
added 2015/11/09 3:59 a.m.79 views

CVE-2015-2696

lib/gssapi/krb5/iakerb.c in MIT Kerberos 5 (aka krb5) before 1.14 relies on an inappropriate context handle, which allows remote attackers to cause a denial of service (incorrect pointer read and process crash) via a crafted IAKERB packet that is mishandled during a gss_inquire_context call.

7.1CVSS7AI score0.10768EPSS
CVE
CVE
added 2015/12/16 11:59 a.m.79 views

CVE-2015-7207

Mozilla Firefox before 43.0 does not properly restrict the availability of IFRAME Resource Timing API times, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via crafted JavaScript code that leverages history.back and performance.getEntries calls, a re...

5CVSS7.3AI score0.00909EPSS
CVE
CVE
added 2016/01/22 3:59 p.m.79 views

CVE-2015-7744

wolfSSL (formerly CyaSSL) before 3.6.8 does not properly handle faults associated with the Chinese Remainder Theorem (CRT) process when allowing ephemeral key exchange without low memory optimizations on a server, which makes it easier for remote attackers to obtain private RSA keys by capturing TL...

5.9CVSS5.9AI score0.03423EPSS
CVE
CVE
added 2016/01/21 3:0 a.m.79 views

CVE-2016-0504

Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier and 5.7.9 allows remote authenticated users to affect availability via vectors related to DML, a different vulnerability than CVE-2016-0503.

6.8CVSS5.5AI score0.0183EPSS
CVE
CVE
added 2016/06/05 11:59 p.m.79 views

CVE-2016-1672

The ModuleSystem::RequireForJsInner function in extensions/renderer/module_system.cc in the extension bindings in Google Chrome before 51.0.2704.63 mishandles properties, which allows remote attackers to conduct bindings-interception attacks and bypass the Same Origin Policy via unspecified vectors...

8.8CVSS8.2AI score0.01357EPSS
CVE
CVE
added 2016/06/05 11:59 p.m.79 views

CVE-2016-1689

Heap-based buffer overflow in content/renderer/media/canvas_capture_handler.cc in Google Chrome before 51.0.2704.63 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted web site.

6.5CVSS7.6AI score0.01734EPSS
CVE
CVE
added 2016/01/31 6:59 p.m.79 views

CVE-2016-1942

Mozilla Firefox before 44.0 allows user-assisted remote attackers to spoof a trailing substring in the address bar by leveraging a user's paste of a (1) wyciwyg: URI or (2) resource: URI.

7.4CVSS8.1AI score0.0082EPSS
CVE
CVE
added 2016/02/12 5:59 a.m.79 views

CVE-2016-2329

libavcodec/tiff.c in FFmpeg before 2.8.6 does not properly validate RowsPerStrip values and YCbCr chrominance subsampling factors, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via a crafted TIFF file, related to th...

8.8CVSS8.9AI score0.0116EPSS
CVE
CVE
added 2016/09/11 10:59 a.m.79 views

CVE-2016-5162

The AllowCrossRendererResourceLoad function in extensions/browser/url_request_util.cc in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not properly use an extension's manifest.json web_accessible_resources field for restrictions on IFRAME elements, whic...

6.5CVSS6.7AI score0.00682EPSS
CVE
CVE
added 2016/12/10 12:59 a.m.79 views

CVE-2016-7994

Memory leak in the virtio_gpu_resource_create_2d function in hw/display/virtio-gpu.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption) via a large number of VIRTIO_GPU_CMD_RESOURCE_CREATE_2D commands.

6CVSS5.8AI score0.00157EPSS
CVE
CVE
added 2016/04/18 10:59 a.m.78 views

CVE-2016-1651

fxcodec/codec/fx_codec_jpx_opj.cpp in PDFium, as used in Google Chrome before 50.0.2661.75, does not properly implement the sycc420_to_rgb and sycc422_to_rgb functions, which allows remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read...

8.1CVSS8.2AI score0.01385EPSS
CVE
CVE
added 2016/06/05 11:59 p.m.78 views

CVE-2016-1699

WebKit/Source/devtools/front_end/devtools.js in the Developer Tools (aka DevTools) subsystem in Blink, as used in Google Chrome before 51.0.2704.79, does not ensure that the remoteFrontendUrl parameter is associated with a chrome-devtools-frontend.appspot.com URL, which allows remote attackers to b...

6.5CVSS6.7AI score0.00575EPSS
CVE
CVE
added 2016/06/05 11:59 p.m.78 views

CVE-2016-1700

extensions/renderer/runtime_custom_bindings.cc in Google Chrome before 51.0.2704.79 does not consider side effects during creation of an array of extension views, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via vectors relate...

7.5CVSS8.1AI score0.01734EPSS
CVE
CVE
added 2016/06/05 11:59 p.m.78 views

CVE-2016-1703

Multiple unspecified vulnerabilities in Google Chrome before 51.0.2704.79 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

8.8CVSS8.7AI score0.00985EPSS
CVE
CVE
added 2016/07/05 1:59 a.m.78 views

CVE-2016-4957

ntpd in NTP before 4.2.8p8 allows remote attackers to cause a denial of service (daemon crash) via a crypto-NAK packet. NOTE: this vulnerability exists because of an incorrect fix for CVE-2016-1547.

7.5CVSS6.2AI score0.6295EPSS
CVE
CVE
added 2017/02/03 3:59 p.m.78 views

CVE-2016-8568

The git_commit_message function in oid.c in libgit2 before 0.24.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a cat-file command with a crafted object file.

5.5CVSS5.3AI score0.00637EPSS
CVE
CVE
added 2016/09/11 10:59 a.m.77 views

CVE-2016-5158

Multiple integer overflows in the opj_tcd_init_tile function in tcd.c in OpenJPEG, as used in PDFium in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allow remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecifi...

8.8CVSS7.7AI score0.00754EPSS
CVE
CVE
added 2017/03/20 4:59 p.m.77 views

CVE-2017-6318

saned in sane-backends 1.0.25 allows remote attackers to obtain sensitive memory information via a crafted SANE_NET_CONTROL_OPTION packet.

7.5CVSS5.8AI score0.00731EPSS
CVE
CVE
added 2015/11/09 3:59 a.m.76 views

CVE-2015-2695

lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) before 1.14 relies on an inappropriate context handle, which allows remote attackers to cause a denial of service (incorrect pointer read and process crash) via a crafted SPNEGO packet that is mishandled during a gss_inquire_context call.

5CVSS7AI score0.04048EPSS
CVE
CVE
added 2015/12/16 11:59 a.m.76 views

CVE-2015-7202

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 43.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

10CVSS8.4AI score0.01913EPSS
CVE
CVE
added 2017/02/28 6:59 p.m.76 views

CVE-2016-10207

The Xvnc server in TigerVNC allows remote attackers to cause a denial of service (invalid memory access and crash) by terminating a TLS handshake early.

7.5CVSS8AI score0.01689EPSS
CVE
CVE
added 2016/03/13 10:59 p.m.76 views

CVE-2016-1645

Multiple integer signedness errors in the opj_j2k_update_image_data function in j2k.c in OpenJPEG, as used in PDFium in Google Chrome before 49.0.2623.87, allow remote attackers to cause a denial of service (incorrect cast and out-of-bounds write) or possibly have unspecified other impact via craft...

9.3CVSS8.8AI score0.02777EPSS
Total number of security vulnerabilities1897