Lucene search

K
OpensuseLeap

1897 matches found

CVE
CVE
added 2016/02/12 5:59 a.m.79 views

CVE-2016-2329

libavcodec/tiff.c in FFmpeg before 2.8.6 does not properly validate RowsPerStrip values and YCbCr chrominance subsampling factors, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via a crafted TIFF file, related to th...

8.8CVSS8.9AI score0.0116EPSS
CVE
CVE
added 2016/07/05 1:59 a.m.79 views

CVE-2016-4957

ntpd in NTP before 4.2.8p8 allows remote attackers to cause a denial of service (daemon crash) via a crypto-NAK packet. NOTE: this vulnerability exists because of an incorrect fix for CVE-2016-1547.

7.5CVSS6.2AI score0.57878EPSS
CVE
CVE
added 2016/09/11 10:59 a.m.79 views

CVE-2016-5158

Multiple integer overflows in the opj_tcd_init_tile function in tcd.c in OpenJPEG, as used in PDFium in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allow remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecifi...

8.8CVSS7.7AI score0.00754EPSS
CVE
CVE
added 2016/09/11 10:59 a.m.79 views

CVE-2016-5162

The AllowCrossRendererResourceLoad function in extensions/browser/url_request_util.cc in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not properly use an extension's manifest.json web_accessible_resources field for restrictions on IFRAME elements, whic...

6.5CVSS6.7AI score0.00682EPSS
CVE
CVE
added 2016/04/18 10:59 a.m.78 views

CVE-2016-1651

fxcodec/codec/fx_codec_jpx_opj.cpp in PDFium, as used in Google Chrome before 50.0.2661.75, does not properly implement the sycc420_to_rgb and sycc422_to_rgb functions, which allows remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read...

8.1CVSS8.2AI score0.01385EPSS
CVE
CVE
added 2016/04/18 10:59 a.m.78 views

CVE-2016-1653

The LoadBuffer implementation in Google V8, as used in Google Chrome before 50.0.2661.75, mishandles data types, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that triggers an out-of-bounds write operation, related t...

9.3CVSS9.3AI score0.01518EPSS
CVE
CVE
added 2016/06/05 11:59 p.m.78 views

CVE-2016-1688

The regexp (aka regular expression) implementation in Google V8 before 5.0.71.40, as used in Google Chrome before 51.0.2704.63, mishandles external string sizes, which allows remote attackers to cause a denial of service (out-of-bounds read) via crafted JavaScript code.

6.5CVSS6.6AI score0.04867EPSS
CVE
CVE
added 2016/06/05 11:59 p.m.78 views

CVE-2016-1700

extensions/renderer/runtime_custom_bindings.cc in Google Chrome before 51.0.2704.79 does not consider side effects during creation of an array of extension views, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via vectors relate...

7.5CVSS8.1AI score0.01724EPSS
CVE
CVE
added 2016/06/05 11:59 p.m.78 views

CVE-2016-1703

Multiple unspecified vulnerabilities in Google Chrome before 51.0.2704.79 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

8.8CVSS8.7AI score0.00999EPSS
CVE
CVE
added 2016/04/13 4:59 p.m.78 views

CVE-2016-3068

Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a crafted git ext:: URL when cloning a subrepository.

8.8CVSS8.7AI score0.02848EPSS
CVE
CVE
added 2017/02/03 3:59 p.m.78 views

CVE-2016-8568

The git_commit_message function in oid.c in libgit2 before 0.24.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a cat-file command with a crafted object file.

5.5CVSS5.3AI score0.00637EPSS
CVE
CVE
added 2017/03/20 4:59 p.m.78 views

CVE-2017-6318

saned in sane-backends 1.0.25 allows remote attackers to obtain sensitive memory information via a crafted SANE_NET_CONTROL_OPTION packet.

7.5CVSS5.8AI score0.00731EPSS
CVE
CVE
added 2015/11/09 3:59 a.m.77 views

CVE-2015-2695

lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) before 1.14 relies on an inappropriate context handle, which allows remote attackers to cause a denial of service (incorrect pointer read and process crash) via a crafted SPNEGO packet that is mishandled during a gss_inquire_context call.

5CVSS7AI score0.04048EPSS
CVE
CVE
added 2015/12/16 11:59 a.m.77 views

CVE-2015-7202

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 43.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

10CVSS8.4AI score0.01913EPSS
CVE
CVE
added 2016/04/13 4:59 p.m.77 views

CVE-2016-3069

Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a crafted name when converting a Git repository.

8.8CVSS8.7AI score0.0221EPSS
CVE
CVE
added 2016/12/10 12:59 a.m.77 views

CVE-2016-7170

The vmsvga_fifo_run function in hw/display/vmware_vga.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) via vectors related to cursor.mask[] and cursor.image[] array sizes when processing a DEFINE_CURSOR svg...

4.4CVSS5.8AI score0.00111EPSS
CVE
CVE
added 2016/12/10 12:59 a.m.77 views

CVE-2016-7466

Memory leak in the usb_xhci_exit function in hw/usb/hcd-xhci.c in QEMU (aka Quick Emulator), when the xhci uses msix, allows local guest OS administrators to cause a denial of service (memory consumption and possibly QEMU process crash) by repeatedly unplugging a USB device.

6CVSS5.4AI score0.00094EPSS
CVE
CVE
added 2016/03/13 10:59 p.m.76 views

CVE-2016-1645

Multiple integer signedness errors in the opj_j2k_update_image_data function in j2k.c in OpenJPEG, as used in PDFium in Google Chrome before 49.0.2623.87, allow remote attackers to cause a denial of service (incorrect cast and out-of-bounds write) or possibly have unspecified other impact via craft...

9.3CVSS8.8AI score0.02777EPSS
CVE
CVE
added 2016/06/05 11:59 p.m.76 views

CVE-2016-1675

Blink, as used in Google Chrome before 51.0.2704.63, allows remote attackers to bypass the Same Origin Policy by leveraging the mishandling of Document reattachment during destruction, related to FrameLoader.cpp and LocalFrame.cpp.

8.8CVSS8.2AI score0.01024EPSS
CVE
CVE
added 2016/06/05 11:59 p.m.76 views

CVE-2016-1679

The ToV8Value function in content/child/v8_value_converter_impl.cc in the V8 bindings in Google Chrome before 51.0.2704.63 does not properly restrict use of getters and setters, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via...

8.8CVSS8.8AI score0.01532EPSS
CVE
CVE
added 2016/06/05 11:59 p.m.76 views

CVE-2016-1698

The createCustomType function in extensions/renderer/resources/binding.js in the extension bindings in Google Chrome before 51.0.2704.79 does not validate module types, which might allow attackers to load arbitrary modules or obtain sensitive information by leveraging a poisoned definition.

6.5CVSS6.8AI score0.00822EPSS
CVE
CVE
added 2016/02/20 1:59 a.m.76 views

CVE-2016-2041

libraries/common.inc.php in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 does not use a constant-time algorithm for comparing CSRF tokens, which makes it easier for remote attackers to bypass intended access restrictions by measuring time differences.

7.5CVSS7.3AI score0.01077EPSS
CVE
CVE
added 2016/09/11 10:59 a.m.76 views

CVE-2016-5155

Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not properly validate access to the initial document, which allows remote attackers to spoof the address bar via a crafted web site.

6.5CVSS6.7AI score0.00769EPSS
CVE
CVE
added 2016/09/11 10:59 a.m.76 views

CVE-2016-5161

The EditingStyle::mergeStyle function in WebKit/Source/core/editing/EditingStyle.cpp in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, mishandles custom properties, which allows remote attackers to cause a denial of service or possibly have...

8.8CVSS7.4AI score0.01834EPSS
CVE
CVE
added 2016/09/11 10:59 a.m.76 views

CVE-2016-5166

The download implementation in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not properly restrict saving a file:// URL that is referenced by an http:// URL, which makes it easier for user-assisted remote attackers to discover NetNTLM hashes and conduct...

3.1CVSS5.1AI score0.00633EPSS
CVE
CVE
added 2016/12/10 12:59 a.m.76 views

CVE-2016-7422

The virtqueue_map_desc function in hw/virtio/virtio.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (NULL pointer dereference and QEMU process crash) via a large I/O descriptor buffer length value.

6CVSS5AI score0.00094EPSS
CVE
CVE
added 2017/03/20 4:59 p.m.75 views

CVE-2014-9848

Memory leak in ImageMagick allows remote attackers to cause a denial of service (memory consumption).

7.5CVSS7.1AI score0.02111EPSS
CVE
CVE
added 2016/01/21 3:0 a.m.75 views

CVE-2016-0502

Unspecified vulnerability in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.

6.5CVSS5.4AI score0.00559EPSS
CVE
CVE
added 2016/06/05 11:59 p.m.75 views

CVE-2016-1682

The ServiceWorkerContainer::registerServiceWorkerImpl function in WebKit/Source/modules/serviceworkers/ServiceWorkerContainer.cpp in Blink, as used in Google Chrome before 51.0.2704.63, allows remote attackers to bypass the Content Security Policy (CSP) protection mechanism via a ServiceWorker regi...

6.1CVSS6.6AI score0.00466EPSS
CVE
CVE
added 2016/01/15 3:59 a.m.75 views

CVE-2016-1897

FFmpeg 2.x allows remote attackers to conduct cross-origin attacks and read arbitrary files by using the concat protocol in an HTTP Live Streaming (HLS) M3U8 file, leading to an external HTTP request in which the URL string contains the first line of a local file.

5.5CVSS5.5AI score0.57758EPSS
CVE
CVE
added 2016/09/11 10:59 a.m.75 views

CVE-2016-5160

The AllowCrossRendererResourceLoad function in extensions/browser/url_request_util.cc in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not properly use an extension's manifest.json web_accessible_resources field for restrictions on IFRAME elements, whic...

6.5CVSS6.7AI score0.00682EPSS
CVE
CVE
added 2015/11/19 8:59 p.m.74 views

CVE-2014-9756

The psf_fwrite function in file_io.c in libsndfile allows attackers to cause a denial of service (divide-by-zero error and application crash) via unspecified vectors related to the headindex variable.

5CVSS6.2AI score0.00662EPSS
CVE
CVE
added 2016/09/11 10:59 a.m.74 views

CVE-2016-5150

WebKit/Source/bindings/modules/v8/V8BindingForModules.cpp in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, has an Indexed Database (aka IndexedDB) API implementation that does not properly restrict key-path evaluation, which allows remote ...

8.8CVSS7.6AI score0.01554EPSS
CVE
CVE
added 2016/09/11 10:59 a.m.74 views

CVE-2016-5153

The Web Animations implementation in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, improperly relies on list iteration, which allows remote attackers to cause a denial of service (use-after-destruction) or possibly have unspecified other i...

8.8CVSS7.4AI score0.01834EPSS
CVE
CVE
added 2016/09/11 10:59 a.m.74 views

CVE-2016-5156

extensions/renderer/event_bindings.cc in the event bindings in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux attempts to process filtered events after failure to add an event matcher, which allows remote attackers to cause a denial of service (use-after-free...

8.8CVSS7.5AI score0.01684EPSS
CVE
CVE
added 2017/02/03 3:59 p.m.74 views

CVE-2016-8569

The git_oid_nfmt function in commit.c in libgit2 before 0.24.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via a cat-file command with a crafted object file.

5.5CVSS5.3AI score0.00735EPSS
CVE
CVE
added 2019/05/07 2:29 p.m.74 views

CVE-2019-11811

An issue was discovered in the Linux kernel before 5.0.4. There is a use-after-free upon attempted read access to /proc/ioports after the ipmi_si module is removed, related to drivers/char/ipmi/ipmi_si_intf.c, drivers/char/ipmi/ipmi_si_mem_io.c, and drivers/char/ipmi/ipmi_si_port_io.c.

7CVSS6.6AI score0.00049EPSS
CVE
CVE
added 2017/03/20 4:59 p.m.73 views

CVE-2014-9845

The ReadDIBImage function in coders/dib.c in ImageMagick allows remote attackers to cause a denial of service (crash) via a corrupted dib file.

5.5CVSS5.8AI score0.00418EPSS
CVE
CVE
added 2015/12/16 11:59 a.m.73 views

CVE-2015-7223

The WebExtension APIs in Mozilla Firefox before 43.0 allow remote attackers to gain privileges, and possibly obtain sensitive information or conduct cross-site scripting (XSS) attacks, via a crafted web site.

4CVSS6.9AI score0.00744EPSS
CVE
CVE
added 2016/04/18 10:59 a.m.73 views

CVE-2016-1657

The WebContentsImpl::FocusLocationBarByDefault function in content/browser/web_contents/web_contents_impl.cc in Google Chrome before 50.0.2661.75 mishandles focus for certain about:blank pages, which allows remote attackers to spoof the address bar via a crafted URL.

4.3CVSS5.7AI score0.02176EPSS
CVE
CVE
added 2017/02/03 3:59 p.m.73 views

CVE-2016-2318

GraphicsMagick 1.3.23 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted SVG file, related to the (1) DrawImage function in magick/render.c, (2) SVGStartElement function in coders/svg.c, and (3) TraceArcPath function in magick/render.c.

5.5CVSS6.6AI score0.00236EPSS
CVE
CVE
added 2016/06/13 10:59 a.m.73 views

CVE-2016-2825

Mozilla Firefox before 47.0 allows remote attackers to bypass the Same Origin Policy and modify the location.host property via an invalid data: URL.

6.5CVSS7.1AI score0.00682EPSS
CVE
CVE
added 2016/06/03 2:59 p.m.73 views

CVE-2016-4804

The read_boot function in boot.c in dosfstools before 4.0 allows attackers to cause a denial of service (crash) via a crafted filesystem, which triggers a heap-based buffer overflow in the (1) read_fat function or an out-of-bounds heap read in (2) get_fat function.

6.2CVSS6.2AI score0.00122EPSS
CVE
CVE
added 2017/05/23 4:29 a.m.73 views

CVE-2016-5177

Use-after-free vulnerability in V8 in Google Chrome before 53.0.2785.143 allows remote attackers to cause a denial of service (crash) or possibly have unspecified other impact via unknown vectors.

8.8CVSS7.8AI score0.0165EPSS
CVE
CVE
added 2017/03/03 4:59 p.m.73 views

CVE-2016-7972

The check_allocations function in libass/ass_shaper.c in libass before 0.13.4 allows remote attackers to cause a denial of service (memory allocation failure) via unspecified vectors.

7.5CVSS7.1AI score0.02344EPSS
CVE
CVE
added 2018/01/09 4:29 p.m.72 views

CVE-2015-1290

The Google V8 engine, as used in Google Chrome before 44.0.2403.89 and QtWebEngineCore in Qt before 5.5.1, allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a crafted web site.

9.3CVSS9AI score0.01044EPSS
CVE
CVE
added 2015/12/16 11:59 a.m.72 views

CVE-2015-7219

The HTTP/2 implementation in Mozilla Firefox before 43.0 allows remote attackers to cause a denial of service (integer underflow, assertion failure, and application exit) via a malformed PushPromise frame that triggers decompressed-buffer length miscalculation and incorrect memory allocation.

5CVSS6.8AI score0.01259EPSS
CVE
CVE
added 2016/06/03 2:59 p.m.72 views

CVE-2015-8872

The set_fat function in fat.c in dosfstools before 4.0 might allow attackers to corrupt a FAT12 filesystem or cause a denial of service (invalid memory read and crash) by writing an odd number of clusters to the third to last entry on a FAT12 filesystem, which triggers an "off-by-two error."

6.2CVSS6.1AI score0.00091EPSS
CVE
CVE
added 2016/04/18 10:59 a.m.72 views

CVE-2016-1658

The Extensions subsystem in Google Chrome before 50.0.2661.75 incorrectly relies on GetOrigin method calls for origin comparisons, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted extension.

4.3CVSS5.6AI score0.00882EPSS
CVE
CVE
added 2016/06/05 11:59 p.m.72 views

CVE-2016-1678

objects.cc in Google V8 before 5.0.71.32, as used in Google Chrome before 51.0.2704.63, does not properly restrict lazy deoptimization, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted JavaScript code.

8.8CVSS8.8AI score0.01307EPSS
Total number of security vulnerabilities1897