Lucene search

K
OpensuseLeap

1897 matches found

CVE
CVE
added 2016/06/05 11:59 p.m.72 views

CVE-2016-1695

Multiple unspecified vulnerabilities in Google Chrome before 51.0.2704.63 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

8.8CVSS8.7AI score0.01191EPSS
CVE
CVE
added 2016/01/15 3:59 a.m.72 views

CVE-2016-1898

FFmpeg 2.x allows remote attackers to conduct cross-origin attacks and read arbitrary files by using the subfile protocol in an HTTP Live Streaming (HLS) M3U8 file, leading to an external HTTP request in which the URL string contains an arbitrary line of a local file.

5.5CVSS5.5AI score0.33185EPSS
CVE
CVE
added 2016/04/27 5:59 p.m.72 views

CVE-2016-2383

The adjust_branches function in kernel/bpf/verifier.c in the Linux kernel before 4.5 does not consider the delta in the backward-jump case, which allows local users to obtain sensitive information from kernel memory by creating a packet filter and then loading crafted BPF instructions.

5.5CVSS6.1AI score0.00057EPSS
CVE
CVE
added 2016/09/11 10:59 a.m.72 views

CVE-2016-5154

Multiple heap-based buffer overflows in PDFium, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted JBig2 image.

8.8CVSS7.5AI score0.01051EPSS
CVE
CVE
added 2016/11/04 9:59 p.m.72 views

CVE-2016-8668

The rocker_io_writel function in hw/net/rocker/rocker.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (out-of-bounds read and QEMU process crash) by leveraging failure to limit DMA buffer size.

6CVSS6AI score0.00157EPSS
CVE
CVE
added 2014/03/28 3:55 p.m.71 views

CVE-2014-2525

Heap-based buffer overflow in the yaml_parser_scan_uri_escapes function in LibYAML before 0.1.6 allows context-dependent attackers to execute arbitrary code via a long sequence of percent-encoded characters in a URI in a YAML file.

6.8CVSS7.7AI score0.55324EPSS
CVE
CVE
added 2016/02/23 7:59 p.m.71 views

CVE-2015-8805

The ecc_256_modq function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors, a different vulnerability than CVE-2015...

9.8CVSS8.6AI score0.12343EPSS
CVE
CVE
added 2016/01/21 3:2 a.m.71 views

CVE-2016-0611

Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier and 5.7.9 allows remote authenticated users to affect availability via unknown vectors related to Optimizer.

4CVSS5.5AI score0.00746EPSS
CVE
CVE
added 2016/06/05 11:59 p.m.71 views

CVE-2016-1687

The renderer implementation in Google Chrome before 51.0.2704.63 does not properly restrict public exposure of classes, which allows remote attackers to obtain sensitive information via vectors related to extensions.

6.5CVSS6.5AI score0.02058EPSS
CVE
CVE
added 2016/01/31 6:59 p.m.71 views

CVE-2016-1946

The MoofParser::Metadata function in binding/MoofParser.cpp in libstagefright in Mozilla Firefox before 44.0 does not limit the size of read operations, which might allow remote attackers to cause a denial of service (integer overflow and buffer overflow) or possibly have unspecified other impact v...

10CVSS9.7AI score0.03529EPSS
CVE
CVE
added 2016/02/20 1:59 a.m.71 views

CVE-2016-2039

libraries/session.inc.php in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 does not properly generate CSRF token values, which allows remote attackers to bypass intended access restrictions by predicting a value.

5.3CVSS6AI score0.00543EPSS
CVE
CVE
added 2016/04/13 4:59 p.m.71 views

CVE-2016-3630

The binary delta decoder in Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a (1) clone, (2) push, or (3) pull command, related to (a) a list sizing rounding error and (b) short records.

8.8CVSS8.7AI score0.05192EPSS
CVE
CVE
added 2015/12/03 8:59 p.m.70 views

CVE-2015-8076

The index_urlfetch function in index.c in Cyrus IMAP 2.3.x before 2.3.19, 2.4.x before 2.4.18, 2.5.x before 2.5.4 allows remote attackers to obtain sensitive information or possibly have unspecified other impact via vectors related to the urlfetch range, which triggers an out-of-bounds heap read.

7.5CVSS4.3AI score0.02628EPSS
CVE
CVE
added 2016/04/18 10:59 a.m.70 views

CVE-2016-1654

The media subsystem in Google Chrome before 50.0.2661.75 does not initialize an unspecified data structure, which allows remote attackers to cause a denial of service (invalid read operation) via unknown vectors.

6.5CVSS7.1AI score0.0249EPSS
CVE
CVE
added 2016/06/05 11:59 p.m.70 views

CVE-2016-1673

Blink, as used in Google Chrome before 51.0.2704.63, allows remote attackers to bypass the Same Origin Policy via unspecified vectors.

8.8CVSS8.2AI score0.01034EPSS
CVE
CVE
added 2016/06/05 11:59 p.m.70 views

CVE-2016-1686

The CPDF_DIBSource::CreateDecoder function in core/fpdfapi/fpdf_render/fpdf_render_loadimage.cpp in PDFium, as used in Google Chrome before 51.0.2704.63, mishandles decoder-initialization failure, which allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PDF docu...

6.5CVSS6.5AI score0.01451EPSS
CVE
CVE
added 2017/02/03 3:59 p.m.70 views

CVE-2016-5241

magick/render.c in GraphicsMagick before 1.3.24 allows remote attackers to cause a denial of service (arithmetic exception and application crash) via a crafted svg file.

5.5CVSS6.6AI score0.00354EPSS
CVE
CVE
added 2017/02/06 5:59 p.m.70 views

CVE-2016-7446

Buffer overflow in the MVG and SVG rendering code in GraphicsMagick 1.3.24 allows remote attackers to have unspecified impact via unknown vectors. Note: This vulnerability exists due to an incomplete patch for CVE-2016-2317.

9.8CVSS7.7AI score0.02021EPSS
CVE
CVE
added 2017/02/15 7:59 p.m.70 views

CVE-2016-8866

The AcquireMagickMemory function in MagickCore/memory.c in ImageMagick 7.0.3.3 before 7.0.3.8 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation failure. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8862.

8.8CVSS6.8AI score0.00813EPSS
CVE
CVE
added 2017/01/20 3:59 p.m.70 views

CVE-2016-9435

The HTMLtagproc1 function in file.c in w3m before 0.5.3+git20161009 does not properly initialize values, which allows remote attackers to crash the application via a crafted html file, related to tags.

6.5CVSS6.9AI score0.01402EPSS
CVE
CVE
added 2017/04/12 8:59 p.m.70 views

CVE-2016-9957

Stack-based buffer overflow in game-music-emu before 0.6.1.

7.8CVSS8.7AI score0.00291EPSS
CVE
CVE
added 2017/03/20 4:59 p.m.69 views

CVE-2014-9846

Buffer overflow in the ReadRLEImage function in coders/rle.c in ImageMagick 6.8.9.9 allows remote attackers to have unspecified impact.

9.8CVSS7AI score0.02589EPSS
CVE
CVE
added 2017/03/17 2:59 p.m.69 views

CVE-2014-9854

coders/tiff.c in ImageMagick allows remote attackers to cause a denial of service (application crash) via vectors related to the "identification of image."

7.5CVSS7AI score0.01717EPSS
CVE
CVE
added 2017/03/23 5:59 p.m.69 views

CVE-2016-10050

Heap-based buffer overflow in the ReadRLEImage function in coders/rle.c in ImageMagick 6.9.4-8 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted RLE file.

7.8CVSS7.5AI score0.00267EPSS
CVE
CVE
added 2016/04/18 10:59 a.m.69 views

CVE-2016-1659

Multiple unspecified vulnerabilities in Google Chrome before 50.0.2661.75 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

10CVSS9.2AI score0.02365EPSS
CVE
CVE
added 2016/06/05 11:59 p.m.69 views

CVE-2016-1690

The Autofill implementation in Google Chrome before 51.0.2704.63 mishandles the interaction between field updates and JavaScript code that triggers a frame deletion, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted w...

7.5CVSS8.1AI score0.01479EPSS
CVE
CVE
added 2016/06/05 11:59 p.m.69 views

CVE-2016-1694

browser/browsing_data/browsing_data_remover.cc in Google Chrome before 51.0.2704.63 deletes HPKP pins during cache clearing, which makes it easier for remote attackers to spoof web sites via a valid certificate from an arbitrary recognized Certification Authority.

5.3CVSS6AI score0.00713EPSS
CVE
CVE
added 2016/06/05 11:59 p.m.69 views

CVE-2016-1701

The Autofill implementation in Google Chrome before 51.0.2704.79 mishandles the interaction between field updates and JavaScript code that triggers a frame deletion, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted w...

8.8CVSS8.1AI score0.01479EPSS
CVE
CVE
added 2016/09/11 10:59 a.m.69 views

CVE-2016-5151

PDFium in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux mishandles timers, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted PDF document, related to fpdfsdk/javascript/JS_Obje...

8.8CVSS7.3AI score0.01038EPSS
CVE
CVE
added 2016/09/11 10:59 a.m.69 views

CVE-2016-5165

Cross-site scripting (XSS) vulnerability in the Developer Tools (aka DevTools) subsystem in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux allows remote attackers to inject arbitrary web script or HTML via the settings parameter in a chrome-devtools-frontend....

6.1CVSS6.2AI score0.00498EPSS
CVE
CVE
added 2017/03/17 2:59 p.m.68 views

CVE-2014-9853

Memory leak in coders/rle.c in ImageMagick allows remote attackers to cause a denial of service (memory consumption) via a crafted rle file.

5.5CVSS5.7AI score0.00473EPSS
CVE
CVE
added 2015/12/16 11:59 a.m.68 views

CVE-2015-7220

Buffer overflow in the XDRBuffer::grow function in js/src/vm/Xdr.cpp in Mozilla Firefox before 43.0 might allow remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code.

10CVSS7.9AI score0.01696EPSS
CVE
CVE
added 2016/06/05 11:59 p.m.68 views

CVE-2016-1685

core/fxge/ge/fx_ge_text.cpp in PDFium, as used in Google Chrome before 51.0.2704.63, miscalculates certain index values, which allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PDF document.

6.5CVSS6.5AI score0.01451EPSS
CVE
CVE
added 2016/03/13 6:59 p.m.68 views

CVE-2016-1953

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 45.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to js/src/jit/arm/Assembler-arm.cpp, and unknown other vecto...

8.8CVSS9.6AI score0.01228EPSS
CVE
CVE
added 2016/02/20 1:59 a.m.68 views

CVE-2016-2040

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 allow remote authenticated users to inject arbitrary web script or HTML via a (1) table name, (2) SET value, (3) search query, or (4) hostname in a Location header...

5.4CVSS5.7AI score0.00507EPSS
CVE
CVE
added 2016/09/11 10:59 a.m.68 views

CVE-2016-5163

The bidirectional-text implementation in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not ensure left-to-right (LTR) rendering of URLs, which allows remote attackers to spoof the address bar via crafted right-to-left (RTL) Unicode text, related to omni...

4.3CVSS5.4AI score0.01274EPSS
CVE
CVE
added 2016/09/11 10:59 a.m.68 views

CVE-2016-5167

Multiple unspecified vulnerabilities in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

8.8CVSS7.5AI score0.01754EPSS
CVE
CVE
added 2017/08/28 7:29 p.m.68 views

CVE-2017-6594

The transit path validation code in Heimdal before 7.3 might allow attackers to bypass the capath policy protection mechanism by leveraging failure to add the previous hop realm to the transit path of issued tickets.

7.5CVSS7.4AI score0.00249EPSS
CVE
CVE
added 2015/12/07 8:59 p.m.67 views

CVE-2015-5309

Integer overflow in the terminal emulator in PuTTY before 0.66 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via an ECH (erase characters) escape sequence with a large parameter value, which triggers a buffer underflow.

4.3CVSS9.8AI score0.01736EPSS
CVE
CVE
added 2016/04/11 9:59 p.m.67 views

CVE-2015-8614

Multiple stack-based buffer overflows in the (1) conv_jistoeuc, (2) conv_euctojis, and (3) conv_sjistoeuc functions in codeconv.c in Claws Mail before 3.13.1 allow remote attackers to have unspecified impact via a crafted email, involving Japanese character set conversion.

7.5CVSS5.5AI score0.01387EPSS
CVE
CVE
added 2016/04/18 10:59 a.m.67 views

CVE-2016-1652

Cross-site scripting (XSS) vulnerability in the ModuleSystem::RequireForJsInner function in extensions/renderer/module_system.cc in the Extensions subsystem in Google Chrome before 50.0.2661.75 allows remote attackers to inject arbitrary web script or HTML via a crafted web site, aka "Universal XSS...

6.1CVSS6.2AI score0.00513EPSS
CVE
CVE
added 2016/04/18 10:59 a.m.67 views

CVE-2016-1655

Google Chrome before 50.0.2661.75 does not properly consider that frame removal may occur during callback execution, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted extension.

8.8CVSS9.2AI score0.03027EPSS
CVE
CVE
added 2016/04/13 4:59 p.m.67 views

CVE-2016-2191

The bmp_read_rows function in pngxtern/pngxrbmp.c in OptiPNG before 0.7.6 allows remote attackers to cause a denial of service (invalid memory write and crash) via a series of delta escapes in a crafted BMP image.

6.5CVSS6.2AI score0.02401EPSS
CVE
CVE
added 2017/03/03 4:59 p.m.67 views

CVE-2016-7969

The wrap_lines_smart function in ass_render.c in libass before 0.13.4 allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors, related to "0/3 line wrapping equalization."

7.5CVSS7.2AI score0.05279EPSS
CVE
CVE
added 2018/07/30 2:29 p.m.67 views

CVE-2016-9597

It was found that Red Hat JBoss Core Services erratum RHSA-2016:2957 for CVE-2016-3705 did not actually include the fix for the issue found in libxml2, making it vulnerable to a Denial of Service attack due to a Stack Overflow. This is a regression CVE for the same issue as CVE-2016-3705.

7.5CVSS7AI score0.01327EPSS
CVE
CVE
added 2017/07/06 4:29 p.m.67 views

CVE-2017-8932

A bug in the standard library ScalarMult implementation of curve P-256 for amd64 architectures in Go before 1.7.6 and 1.8.x before 1.8.2 causes incorrect results to be generated for specific input points. An adaptive attack can be mounted to progressively extract the scalar input to ScalarMult by s...

5.9CVSS5.6AI score0.02461EPSS
CVE
CVE
added 2015/12/16 11:59 a.m.66 views

CVE-2015-7217

The gdk-pixbuf configuration in Mozilla Firefox before 43.0 on Linux GNOME platforms incorrectly enables the TGA decoder, which allows remote attackers to cause a denial of service (heap-based buffer overflow) via a crafted Truevision TGA image.

4.3CVSS6.8AI score0.01302EPSS
CVE
CVE
added 2016/02/23 7:59 p.m.66 views

CVE-2015-8803

The ecc_256_modp function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors, a different vulnerability than CVE-2015...

9.8CVSS8.6AI score0.12343EPSS
CVE
CVE
added 2016/01/21 3:2 a.m.66 views

CVE-2016-0607

Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier and 5.7.9 allows remote authenticated users to affect availability via unknown vectors related to replication.

2.8CVSS5.5AI score0.00834EPSS
CVE
CVE
added 2016/04/18 10:59 a.m.66 views

CVE-2016-1656

The download implementation in Google Chrome before 50.0.2661.75 on Android allows remote attackers to bypass intended pathname restrictions via unspecified vectors.

7.5CVSS7.8AI score0.00404EPSS
Total number of security vulnerabilities1897