Lucene search

K
OpensuseLeap

1897 matches found

CVE
CVE
added 2016/06/05 11:59 p.m.76 views

CVE-2016-1679

The ToV8Value function in content/child/v8_value_converter_impl.cc in the V8 bindings in Google Chrome before 51.0.2704.63 does not properly restrict use of getters and setters, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via...

8.8CVSS8.8AI score0.01532EPSS
CVE
CVE
added 2016/06/05 11:59 p.m.76 views

CVE-2016-1698

The createCustomType function in extensions/renderer/resources/binding.js in the extension bindings in Google Chrome before 51.0.2704.79 does not validate module types, which might allow attackers to load arbitrary modules or obtain sensitive information by leveraging a poisoned definition.

6.5CVSS6.8AI score0.00822EPSS
CVE
CVE
added 2016/02/20 1:59 a.m.76 views

CVE-2016-2041

libraries/common.inc.php in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 does not use a constant-time algorithm for comparing CSRF tokens, which makes it easier for remote attackers to bypass intended access restrictions by measuring time differences.

7.5CVSS7.3AI score0.01077EPSS
CVE
CVE
added 2016/04/13 4:59 p.m.76 views

CVE-2016-3068

Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a crafted git ext:: URL when cloning a subrepository.

8.8CVSS8.7AI score0.02848EPSS
CVE
CVE
added 2016/09/11 10:59 a.m.76 views

CVE-2016-5155

Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not properly validate access to the initial document, which allows remote attackers to spoof the address bar via a crafted web site.

6.5CVSS6.7AI score0.00769EPSS
CVE
CVE
added 2016/09/11 10:59 a.m.76 views

CVE-2016-5161

The EditingStyle::mergeStyle function in WebKit/Source/core/editing/EditingStyle.cpp in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, mishandles custom properties, which allows remote attackers to cause a denial of service or possibly have...

8.8CVSS7.4AI score0.01834EPSS
CVE
CVE
added 2016/09/11 10:59 a.m.76 views

CVE-2016-5166

The download implementation in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not properly restrict saving a file:// URL that is referenced by an http:// URL, which makes it easier for user-assisted remote attackers to discover NetNTLM hashes and conduct...

3.1CVSS5.1AI score0.00633EPSS
CVE
CVE
added 2015/12/16 11:59 a.m.75 views

CVE-2015-7208

Mozilla Firefox before 43.0 stores cookies containing vertical tab characters, which allows remote attackers to obtain sensitive information by reading HTTP Cookie headers.

5CVSS6.6AI score0.00618EPSS
CVE
CVE
added 2016/06/05 11:59 p.m.75 views

CVE-2016-1682

The ServiceWorkerContainer::registerServiceWorkerImpl function in WebKit/Source/modules/serviceworkers/ServiceWorkerContainer.cpp in Blink, as used in Google Chrome before 51.0.2704.63, allows remote attackers to bypass the Content Security Policy (CSP) protection mechanism via a ServiceWorker regi...

6.1CVSS6.6AI score0.00466EPSS
CVE
CVE
added 2016/01/15 3:59 a.m.75 views

CVE-2016-1897

FFmpeg 2.x allows remote attackers to conduct cross-origin attacks and read arbitrary files by using the concat protocol in an HTTP Live Streaming (HLS) M3U8 file, leading to an external HTTP request in which the URL string contains the first line of a local file.

5.5CVSS5.5AI score0.48759EPSS
CVE
CVE
added 2016/06/13 10:59 a.m.75 views

CVE-2016-2829

Mozilla Firefox before 47.0 allows remote attackers to spoof permission notifications via a crafted web site that rapidly triggers permission requests, as demonstrated by the microphone permission or the geolocation permission.

6.5CVSS6.8AI score0.00419EPSS
CVE
CVE
added 2016/04/13 4:59 p.m.75 views

CVE-2016-3069

Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a crafted name when converting a Git repository.

8.8CVSS8.7AI score0.0221EPSS
CVE
CVE
added 2016/01/21 3:0 a.m.74 views

CVE-2016-0502

Unspecified vulnerability in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.

6.5CVSS5.4AI score0.00559EPSS
CVE
CVE
added 2016/03/13 6:59 p.m.74 views

CVE-2016-1956

Mozilla Firefox before 45.0 on Linux, when an Intel video driver is used, allows remote attackers to cause a denial of service (memory consumption or stack memory corruption) by triggering use of a WebGL shader.

7.1CVSS6.9AI score0.00896EPSS
CVE
CVE
added 2016/09/11 10:59 a.m.74 views

CVE-2016-5150

WebKit/Source/bindings/modules/v8/V8BindingForModules.cpp in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, has an Indexed Database (aka IndexedDB) API implementation that does not properly restrict key-path evaluation, which allows remote ...

8.8CVSS7.6AI score0.01554EPSS
CVE
CVE
added 2016/09/11 10:59 a.m.74 views

CVE-2016-5153

The Web Animations implementation in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, improperly relies on list iteration, which allows remote attackers to cause a denial of service (use-after-destruction) or possibly have unspecified other i...

8.8CVSS7.4AI score0.01834EPSS
CVE
CVE
added 2016/09/11 10:59 a.m.74 views

CVE-2016-5156

extensions/renderer/event_bindings.cc in the event bindings in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux attempts to process filtered events after failure to add an event matcher, which allows remote attackers to cause a denial of service (use-after-free...

8.8CVSS7.5AI score0.01684EPSS
CVE
CVE
added 2016/09/11 10:59 a.m.74 views

CVE-2016-5160

The AllowCrossRendererResourceLoad function in extensions/browser/url_request_util.cc in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not properly use an extension's manifest.json web_accessible_resources field for restrictions on IFRAME elements, whic...

6.5CVSS6.7AI score0.00682EPSS
CVE
CVE
added 2016/12/10 12:59 a.m.74 views

CVE-2016-7170

The vmsvga_fifo_run function in hw/display/vmware_vga.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) via vectors related to cursor.mask[] and cursor.image[] array sizes when processing a DEFINE_CURSOR svg...

4.4CVSS5.8AI score0.00111EPSS
CVE
CVE
added 2016/12/10 12:59 a.m.74 views

CVE-2016-7422

The virtqueue_map_desc function in hw/virtio/virtio.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (NULL pointer dereference and QEMU process crash) via a large I/O descriptor buffer length value.

6CVSS5AI score0.00094EPSS
CVE
CVE
added 2017/02/03 3:59 p.m.74 views

CVE-2016-8569

The git_oid_nfmt function in commit.c in libgit2 before 0.24.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via a cat-file command with a crafted object file.

5.5CVSS5.3AI score0.00735EPSS
CVE
CVE
added 2015/11/19 8:59 p.m.73 views

CVE-2014-9756

The psf_fwrite function in file_io.c in libsndfile allows attackers to cause a denial of service (divide-by-zero error and application crash) via unspecified vectors related to the headindex variable.

5CVSS6.2AI score0.00662EPSS
CVE
CVE
added 2017/03/20 4:59 p.m.73 views

CVE-2014-9848

Memory leak in ImageMagick allows remote attackers to cause a denial of service (memory consumption).

7.5CVSS7.1AI score0.02111EPSS
CVE
CVE
added 2016/04/18 10:59 a.m.73 views

CVE-2016-1657

The WebContentsImpl::FocusLocationBarByDefault function in content/browser/web_contents/web_contents_impl.cc in Google Chrome before 50.0.2661.75 mishandles focus for certain about:blank pages, which allows remote attackers to spoof the address bar via a crafted URL.

4.3CVSS5.7AI score0.02176EPSS
CVE
CVE
added 2016/06/05 11:59 p.m.73 views

CVE-2016-1674

The extensions subsystem in Google Chrome before 51.0.2704.63 allows remote attackers to bypass the Same Origin Policy via unspecified vectors.

8.8CVSS8.2AI score0.00829EPSS
CVE
CVE
added 2016/01/31 6:59 p.m.73 views

CVE-2016-1944

The Buffer11::NativeBuffer11::map function in ANGLE, as used in Mozilla Firefox before 44.0, might allow remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.

10CVSS9.5AI score0.02723EPSS
CVE
CVE
added 2017/02/03 3:59 p.m.73 views

CVE-2016-2318

GraphicsMagick 1.3.23 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted SVG file, related to the (1) DrawImage function in magick/render.c, (2) SVGStartElement function in coders/svg.c, and (3) TraceArcPath function in magick/render.c.

5.5CVSS6.6AI score0.00236EPSS
CVE
CVE
added 2017/05/23 4:29 a.m.73 views

CVE-2016-5177

Use-after-free vulnerability in V8 in Google Chrome before 53.0.2785.143 allows remote attackers to cause a denial of service (crash) or possibly have unspecified other impact via unknown vectors.

8.8CVSS7.8AI score0.0165EPSS
CVE
CVE
added 2016/12/10 12:59 a.m.73 views

CVE-2016-7466

Memory leak in the usb_xhci_exit function in hw/usb/hcd-xhci.c in QEMU (aka Quick Emulator), when the xhci uses msix, allows local guest OS administrators to cause a denial of service (memory consumption and possibly QEMU process crash) by repeatedly unplugging a USB device.

6CVSS5.4AI score0.00094EPSS
CVE
CVE
added 2017/03/20 4:59 p.m.72 views

CVE-2014-9845

The ReadDIBImage function in coders/dib.c in ImageMagick allows remote attackers to cause a denial of service (crash) via a corrupted dib file.

5.5CVSS5.8AI score0.00418EPSS
CVE
CVE
added 2018/01/09 4:29 p.m.72 views

CVE-2015-1290

The Google V8 engine, as used in Google Chrome before 44.0.2403.89 and QtWebEngineCore in Qt before 5.5.1, allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a crafted web site.

9.3CVSS9AI score0.01044EPSS
CVE
CVE
added 2015/12/16 11:59 a.m.72 views

CVE-2015-7219

The HTTP/2 implementation in Mozilla Firefox before 43.0 allows remote attackers to cause a denial of service (integer underflow, assertion failure, and application exit) via a malformed PushPromise frame that triggers decompressed-buffer length miscalculation and incorrect memory allocation.

5CVSS6.8AI score0.01259EPSS
CVE
CVE
added 2016/04/18 10:59 a.m.72 views

CVE-2016-1653

The LoadBuffer implementation in Google V8, as used in Google Chrome before 50.0.2661.75, mishandles data types, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that triggers an out-of-bounds write operation, related t...

9.3CVSS9.3AI score0.01518EPSS
CVE
CVE
added 2016/04/18 10:59 a.m.72 views

CVE-2016-1658

The Extensions subsystem in Google Chrome before 50.0.2661.75 incorrectly relies on GetOrigin method calls for origin comparisons, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted extension.

4.3CVSS5.6AI score0.00882EPSS
CVE
CVE
added 2016/06/05 11:59 p.m.72 views

CVE-2016-1678

objects.cc in Google V8 before 5.0.71.32, as used in Google Chrome before 51.0.2704.63, does not properly restrict lazy deoptimization, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted JavaScript code.

8.8CVSS8.8AI score0.01307EPSS
CVE
CVE
added 2016/06/05 11:59 p.m.72 views

CVE-2016-1695

Multiple unspecified vulnerabilities in Google Chrome before 51.0.2704.63 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

8.8CVSS8.7AI score0.01176EPSS
CVE
CVE
added 2016/01/15 3:59 a.m.72 views

CVE-2016-1898

FFmpeg 2.x allows remote attackers to conduct cross-origin attacks and read arbitrary files by using the subfile protocol in an HTTP Live Streaming (HLS) M3U8 file, leading to an external HTTP request in which the URL string contains an arbitrary line of a local file.

5.5CVSS5.5AI score0.29201EPSS
CVE
CVE
added 2016/04/27 5:59 p.m.72 views

CVE-2016-2383

The adjust_branches function in kernel/bpf/verifier.c in the Linux kernel before 4.5 does not consider the delta in the backward-jump case, which allows local users to obtain sensitive information from kernel memory by creating a packet filter and then loading crafted BPF instructions.

5.5CVSS6.1AI score0.00057EPSS
CVE
CVE
added 2016/06/13 10:59 a.m.72 views

CVE-2016-2824

The TSymbolTableLevel class in ANGLE, as used in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 on Windows, allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact by triggering use of a WebGL shader th...

8.8CVSS8.9AI score0.00761EPSS
CVE
CVE
added 2016/06/03 2:59 p.m.72 views

CVE-2016-4804

The read_boot function in boot.c in dosfstools before 4.0 allows attackers to cause a denial of service (crash) via a crafted filesystem, which triggers a heap-based buffer overflow in the (1) read_fat function or an out-of-bounds heap read in (2) get_fat function.

6.2CVSS6.2AI score0.00127EPSS
CVE
CVE
added 2016/09/11 10:59 a.m.72 views

CVE-2016-5154

Multiple heap-based buffer overflows in PDFium, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted JBig2 image.

8.8CVSS7.5AI score0.01051EPSS
CVE
CVE
added 2019/05/07 2:29 p.m.72 views

CVE-2019-11811

An issue was discovered in the Linux kernel before 5.0.4. There is a use-after-free upon attempted read access to /proc/ioports after the ipmi_si module is removed, related to drivers/char/ipmi/ipmi_si_intf.c, drivers/char/ipmi/ipmi_si_mem_io.c, and drivers/char/ipmi/ipmi_si_port_io.c.

7CVSS6.6AI score0.00049EPSS
CVE
CVE
added 2014/03/28 3:55 p.m.71 views

CVE-2014-2525

Heap-based buffer overflow in the yaml_parser_scan_uri_escapes function in LibYAML before 0.1.6 allows context-dependent attackers to execute arbitrary code via a long sequence of percent-encoded characters in a URI in a YAML file.

6.8CVSS7.7AI score0.55324EPSS
CVE
CVE
added 2015/12/16 11:59 a.m.71 views

CVE-2015-7216

The gdk-pixbuf configuration in Mozilla Firefox before 43.0 on Linux GNOME platforms incorrectly enables the JasPer decoder, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted JPEG 2000 image.

6.8CVSS7.6AI score0.00892EPSS
CVE
CVE
added 2016/06/03 2:59 p.m.71 views

CVE-2015-8872

The set_fat function in fat.c in dosfstools before 4.0 might allow attackers to corrupt a FAT12 filesystem or cause a denial of service (invalid memory read and crash) by writing an odd number of clusters to the third to last entry on a FAT12 filesystem, which triggers an "off-by-two error."

6.2CVSS6.1AI score0.00091EPSS
CVE
CVE
added 2016/01/21 3:2 a.m.71 views

CVE-2016-0611

Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier and 5.7.9 allows remote authenticated users to affect availability via unknown vectors related to Optimizer.

4CVSS5.5AI score0.00746EPSS
CVE
CVE
added 2016/06/05 11:59 p.m.71 views

CVE-2016-1687

The renderer implementation in Google Chrome before 51.0.2704.63 does not properly restrict public exposure of classes, which allows remote attackers to obtain sensitive information via vectors related to extensions.

6.5CVSS6.5AI score0.02058EPSS
CVE
CVE
added 2016/06/05 11:59 p.m.71 views

CVE-2016-1688

The regexp (aka regular expression) implementation in Google V8 before 5.0.71.40, as used in Google Chrome before 51.0.2704.63, mishandles external string sizes, which allows remote attackers to cause a denial of service (out-of-bounds read) via crafted JavaScript code.

6.5CVSS6.6AI score0.04867EPSS
CVE
CVE
added 2016/01/31 6:59 p.m.71 views

CVE-2016-1933

Integer overflow in the image-deinterlacing functionality in Mozilla Firefox before 44.0 allows remote attackers to cause a denial of service (memory consumption or application crash) via a crafted GIF image.

6.5CVSS7.3AI score0.00777EPSS
CVE
CVE
added 2016/01/31 6:59 p.m.71 views

CVE-2016-1946

The MoofParser::Metadata function in binding/MoofParser.cpp in libstagefright in Mozilla Firefox before 44.0 does not limit the size of read operations, which might allow remote attackers to cause a denial of service (integer overflow and buffer overflow) or possibly have unspecified other impact v...

10CVSS9.7AI score0.03402EPSS
Total number of security vulnerabilities1897