Lucene search

K
OpensuseLeap

1897 matches found

CVE
CVE
added 2016/02/20 1:59 a.m.71 views

CVE-2016-2039

libraries/session.inc.php in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 does not properly generate CSRF token values, which allows remote attackers to bypass intended access restrictions by predicting a value.

5.3CVSS6AI score0.00543EPSS
CVE
CVE
added 2016/04/13 4:59 p.m.71 views

CVE-2016-3630

The binary delta decoder in Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a (1) clone, (2) push, or (3) pull command, related to (a) a list sizing rounding error and (b) short records.

8.8CVSS8.7AI score0.05192EPSS
CVE
CVE
added 2017/03/03 4:59 p.m.71 views

CVE-2016-7972

The check_allocations function in libass/ass_shaper.c in libass before 0.13.4 allows remote attackers to cause a denial of service (memory allocation failure) via unspecified vectors.

7.5CVSS7.1AI score0.02344EPSS
CVE
CVE
added 2015/12/16 11:59 a.m.70 views

CVE-2015-7203

Buffer overflow in the DirectWriteFontInfo::LoadFontFamilyData function in gfx/thebes/gfxDWriteFontList.cpp in Mozilla Firefox before 43.0 might allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted font-family name.

10CVSS7.8AI score0.01662EPSS
CVE
CVE
added 2016/04/18 10:59 a.m.70 views

CVE-2016-1654

The media subsystem in Google Chrome before 50.0.2661.75 does not initialize an unspecified data structure, which allows remote attackers to cause a denial of service (invalid read operation) via unknown vectors.

6.5CVSS7.1AI score0.0249EPSS
CVE
CVE
added 2016/06/05 11:59 p.m.70 views

CVE-2016-1675

Blink, as used in Google Chrome before 51.0.2704.63, allows remote attackers to bypass the Same Origin Policy by leveraging the mishandling of Document reattachment during destruction, related to FrameLoader.cpp and LocalFrame.cpp.

8.8CVSS8.2AI score0.0084EPSS
CVE
CVE
added 2016/06/05 11:59 p.m.70 views

CVE-2016-1686

The CPDF_DIBSource::CreateDecoder function in core/fpdfapi/fpdf_render/fpdf_render_loadimage.cpp in PDFium, as used in Google Chrome before 51.0.2704.63, mishandles decoder-initialization failure, which allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PDF docu...

6.5CVSS6.5AI score0.01451EPSS
CVE
CVE
added 2017/02/03 3:59 p.m.70 views

CVE-2016-5241

magick/render.c in GraphicsMagick before 1.3.24 allows remote attackers to cause a denial of service (arithmetic exception and application crash) via a crafted svg file.

5.5CVSS6.6AI score0.00354EPSS
CVE
CVE
added 2017/02/06 5:59 p.m.70 views

CVE-2016-7446

Buffer overflow in the MVG and SVG rendering code in GraphicsMagick 1.3.24 allows remote attackers to have unspecified impact via unknown vectors. Note: This vulnerability exists due to an incomplete patch for CVE-2016-2317.

9.8CVSS7.7AI score0.02021EPSS
CVE
CVE
added 2016/11/04 9:59 p.m.70 views

CVE-2016-8668

The rocker_io_writel function in hw/net/rocker/rocker.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (out-of-bounds read and QEMU process crash) by leveraging failure to limit DMA buffer size.

6CVSS6AI score0.00157EPSS
CVE
CVE
added 2015/12/16 11:59 a.m.69 views

CVE-2015-7215

The importScripts function in the Web Workers API implementation in Mozilla Firefox before 43.0 allows remote attackers to bypass the Same Origin Policy by triggering use of the no-cors mode in the fetch API to attempt resource access that throws an exception, leading to information disclosure afte...

5CVSS6.9AI score0.00437EPSS
CVE
CVE
added 2015/12/16 11:59 a.m.69 views

CVE-2015-7218

The HTTP/2 implementation in Mozilla Firefox before 43.0 allows remote attackers to cause a denial of service (integer underflow, assertion failure, and application exit) via a single-byte header frame that triggers incorrect memory allocation.

5CVSS6.8AI score0.01259EPSS
CVE
CVE
added 2016/02/23 7:59 p.m.69 views

CVE-2015-8805

The ecc_256_modq function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors, a different vulnerability than CVE-2015...

9.8CVSS8.6AI score0.12343EPSS
CVE
CVE
added 2016/04/18 10:59 a.m.69 views

CVE-2016-1659

Multiple unspecified vulnerabilities in Google Chrome before 50.0.2661.75 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

10CVSS9.2AI score0.02365EPSS
CVE
CVE
added 2016/06/05 11:59 p.m.69 views

CVE-2016-1690

The Autofill implementation in Google Chrome before 51.0.2704.63 mishandles the interaction between field updates and JavaScript code that triggers a frame deletion, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted w...

7.5CVSS8.1AI score0.01459EPSS
CVE
CVE
added 2016/06/05 11:59 p.m.69 views

CVE-2016-1694

browser/browsing_data/browsing_data_remover.cc in Google Chrome before 51.0.2704.63 deletes HPKP pins during cache clearing, which makes it easier for remote attackers to spoof web sites via a valid certificate from an arbitrary recognized Certification Authority.

5.3CVSS6AI score0.00713EPSS
CVE
CVE
added 2016/06/05 11:59 p.m.69 views

CVE-2016-1701

The Autofill implementation in Google Chrome before 51.0.2704.79 mishandles the interaction between field updates and JavaScript code that triggers a frame deletion, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted w...

8.8CVSS8.1AI score0.01459EPSS
CVE
CVE
added 2016/09/11 10:59 a.m.69 views

CVE-2016-5151

PDFium in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux mishandles timers, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted PDF document, related to fpdfsdk/javascript/JS_Obje...

8.8CVSS7.3AI score0.01038EPSS
CVE
CVE
added 2016/09/11 10:59 a.m.69 views

CVE-2016-5165

Cross-site scripting (XSS) vulnerability in the Developer Tools (aka DevTools) subsystem in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux allows remote attackers to inject arbitrary web script or HTML via the settings parameter in a chrome-devtools-frontend....

6.1CVSS6.2AI score0.00498EPSS
CVE
CVE
added 2017/02/15 7:59 p.m.69 views

CVE-2016-8866

The AcquireMagickMemory function in MagickCore/memory.c in ImageMagick 7.0.3.3 before 7.0.3.8 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation failure. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8862.

8.8CVSS6.8AI score0.00813EPSS
CVE
CVE
added 2017/01/20 3:59 p.m.69 views

CVE-2016-9435

The HTMLtagproc1 function in file.c in w3m before 0.5.3+git20161009 does not properly initialize values, which allows remote attackers to crash the application via a crafted html file, related to tags.

6.5CVSS6.9AI score0.01402EPSS
CVE
CVE
added 2017/03/20 4:59 p.m.68 views

CVE-2014-9846

Buffer overflow in the ReadRLEImage function in coders/rle.c in ImageMagick 6.8.9.9 allows remote attackers to have unspecified impact.

9.8CVSS7AI score0.02589EPSS
CVE
CVE
added 2017/03/17 2:59 p.m.68 views

CVE-2014-9854

coders/tiff.c in ImageMagick allows remote attackers to cause a denial of service (application crash) via vectors related to the "identification of image."

7.5CVSS7AI score0.01717EPSS
CVE
CVE
added 2015/12/16 11:59 a.m.68 views

CVE-2015-7220

Buffer overflow in the XDRBuffer::grow function in js/src/vm/Xdr.cpp in Mozilla Firefox before 43.0 might allow remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code.

10CVSS7.9AI score0.01696EPSS
CVE
CVE
added 2015/12/03 8:59 p.m.68 views

CVE-2015-8076

The index_urlfetch function in index.c in Cyrus IMAP 2.3.x before 2.3.19, 2.4.x before 2.4.18, 2.5.x before 2.5.4 allows remote attackers to obtain sensitive information or possibly have unspecified other impact via vectors related to the urlfetch range, which triggers an out-of-bounds heap read.

7.5CVSS4.3AI score0.02628EPSS
CVE
CVE
added 2017/03/23 5:59 p.m.68 views

CVE-2016-10050

Heap-based buffer overflow in the ReadRLEImage function in coders/rle.c in ImageMagick 6.9.4-8 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted RLE file.

7.8CVSS7.5AI score0.00267EPSS
CVE
CVE
added 2016/06/05 11:59 p.m.68 views

CVE-2016-1685

core/fxge/ge/fx_ge_text.cpp in PDFium, as used in Google Chrome before 51.0.2704.63, miscalculates certain index values, which allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PDF document.

6.5CVSS6.5AI score0.01451EPSS
CVE
CVE
added 2016/01/31 6:59 p.m.68 views

CVE-2016-1937

The protocol-handler dialog in Mozilla Firefox before 44.0 allows remote attackers to conduct clickjacking attacks via a crafted web site that triggers a single-click action in a situation where a double-click action was intended.

6.1CVSS7.1AI score0.00353EPSS
CVE
CVE
added 2016/02/20 1:59 a.m.68 views

CVE-2016-2040

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 allow remote authenticated users to inject arbitrary web script or HTML via a (1) table name, (2) SET value, (3) search query, or (4) hostname in a Location header...

5.4CVSS5.7AI score0.00507EPSS
CVE
CVE
added 2016/09/11 10:59 a.m.68 views

CVE-2016-5163

The bidirectional-text implementation in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not ensure left-to-right (LTR) rendering of URLs, which allows remote attackers to spoof the address bar via crafted right-to-left (RTL) Unicode text, related to omni...

4.3CVSS5.4AI score0.01274EPSS
CVE
CVE
added 2017/04/12 8:59 p.m.68 views

CVE-2016-9957

Stack-based buffer overflow in game-music-emu before 0.6.1.

7.8CVSS8.7AI score0.00291EPSS
CVE
CVE
added 2017/08/28 7:29 p.m.68 views

CVE-2017-6594

The transit path validation code in Heimdal before 7.3 might allow attackers to bypass the capath policy protection mechanism by leveraging failure to add the previous hop realm to the transit path of issued tickets.

7.5CVSS7.4AI score0.00249EPSS
CVE
CVE
added 2017/03/17 2:59 p.m.67 views

CVE-2014-9853

Memory leak in coders/rle.c in ImageMagick allows remote attackers to cause a denial of service (memory consumption) via a crafted rle file.

5.5CVSS5.7AI score0.00473EPSS
CVE
CVE
added 2015/12/07 8:59 p.m.67 views

CVE-2015-5309

Integer overflow in the terminal emulator in PuTTY before 0.66 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via an ECH (erase characters) escape sequence with a large parameter value, which triggers a buffer underflow.

4.3CVSS9.8AI score0.01736EPSS
CVE
CVE
added 2016/04/11 9:59 p.m.67 views

CVE-2015-8614

Multiple stack-based buffer overflows in the (1) conv_jistoeuc, (2) conv_euctojis, and (3) conv_sjistoeuc functions in codeconv.c in Claws Mail before 3.13.1 allow remote attackers to have unspecified impact via a crafted email, involving Japanese character set conversion.

7.5CVSS5.5AI score0.01387EPSS
CVE
CVE
added 2016/04/18 10:59 a.m.67 views

CVE-2016-1652

Cross-site scripting (XSS) vulnerability in the ModuleSystem::RequireForJsInner function in extensions/renderer/module_system.cc in the Extensions subsystem in Google Chrome before 50.0.2661.75 allows remote attackers to inject arbitrary web script or HTML via a crafted web site, aka "Universal XSS...

6.1CVSS6.2AI score0.00513EPSS
CVE
CVE
added 2016/04/18 10:59 a.m.67 views

CVE-2016-1655

Google Chrome before 50.0.2661.75 does not properly consider that frame removal may occur during callback execution, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted extension.

8.8CVSS9.2AI score0.03027EPSS
CVE
CVE
added 2016/03/13 6:59 p.m.67 views

CVE-2016-1953

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 45.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to js/src/jit/arm/Assembler-arm.cpp, and unknown other vecto...

8.8CVSS9.6AI score0.01228EPSS
CVE
CVE
added 2016/04/13 4:59 p.m.67 views

CVE-2016-2191

The bmp_read_rows function in pngxtern/pngxrbmp.c in OptiPNG before 0.7.6 allows remote attackers to cause a denial of service (invalid memory write and crash) via a series of delta escapes in a crafted BMP image.

6.5CVSS6.2AI score0.02401EPSS
CVE
CVE
added 2016/09/11 10:59 a.m.67 views

CVE-2016-5167

Multiple unspecified vulnerabilities in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

8.8CVSS7.5AI score0.01754EPSS
CVE
CVE
added 2015/12/16 11:59 a.m.66 views

CVE-2015-7217

The gdk-pixbuf configuration in Mozilla Firefox before 43.0 on Linux GNOME platforms incorrectly enables the TGA decoder, which allows remote attackers to cause a denial of service (heap-based buffer overflow) via a crafted Truevision TGA image.

4.3CVSS6.8AI score0.01302EPSS
CVE
CVE
added 2016/01/21 3:2 a.m.66 views

CVE-2016-0607

Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier and 5.7.9 allows remote authenticated users to affect availability via unknown vectors related to replication.

2.8CVSS5.5AI score0.00834EPSS
CVE
CVE
added 2016/06/05 11:59 p.m.66 views

CVE-2016-1692

WebKit/Source/core/css/StyleSheetContents.cpp in Blink, as used in Google Chrome before 51.0.2704.63, permits cross-origin loading of CSS stylesheets by a ServiceWorker even when the stylesheet download has an incorrect MIME type, which allows remote attackers to bypass the Same Origin Policy via a...

5.3CVSS5.9AI score0.00748EPSS
CVE
CVE
added 2016/06/05 11:59 p.m.66 views

CVE-2016-1702

The SkRegion::readFromMemory function in core/SkRegion.cpp in Skia, as used in Google Chrome before 51.0.2704.79, does not validate the interval count, which allows remote attackers to cause a denial of service (out-of-bounds read) via crafted serialized data.

6.5CVSS6.7AI score0.01428EPSS
CVE
CVE
added 2016/01/31 6:59 p.m.66 views

CVE-2016-1939

Mozilla Firefox before 44.0 stores cookies with names containing vertical tab characters, which allows remote attackers to obtain sensitive information by reading HTTP Cookie headers. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-7208.

5.3CVSS6.7AI score0.00618EPSS
CVE
CVE
added 2019/11/05 10:15 p.m.66 views

CVE-2016-4983

A postinstall script in the dovecot rpm allows local users to read the contents of newly created SSL/TLS key files.

3.3CVSS3.6AI score0.00143EPSS
CVE
CVE
added 2016/09/11 10:59 a.m.66 views

CVE-2016-5149

The extensions subsystem in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux relies on an IFRAME source URL to identify an associated extension, which allows remote attackers to conduct extension-bindings injection attacks by leveraging script access to a resou...

8.8CVSS7AI score0.01312EPSS
CVE
CVE
added 2016/07/03 1:59 a.m.66 views

CVE-2016-5701

setup/frames/index.inc.php in phpMyAdmin 4.0.10.x before 4.0.10.16, 4.4.15.x before 4.4.15.7, and 4.6.x before 4.6.3 allows remote attackers to conduct BBCode injection attacks against HTTP sessions via a crafted URI.

6.1CVSS7.4AI score0.00521EPSS
CVE
CVE
added 2018/07/30 2:29 p.m.66 views

CVE-2016-9597

It was found that Red Hat JBoss Core Services erratum RHSA-2016:2957 for CVE-2016-3705 did not actually include the fix for the issue found in libxml2, making it vulnerable to a Denial of Service attack due to a Stack Overflow. This is a regression CVE for the same issue as CVE-2016-3705.

7.5CVSS7AI score0.01327EPSS
CVE
CVE
added 2016/01/21 3:2 a.m.65 views

CVE-2016-0595

Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier allows remote authenticated users to affect availability via vectors related to DML.

4CVSS5.5AI score0.00722EPSS
Total number of security vulnerabilities1897