Lucene search

K
OpensuseLeap

1897 matches found

CVE
CVE
added 2016/06/05 11:59 p.m.66 views

CVE-2016-1692

WebKit/Source/core/css/StyleSheetContents.cpp in Blink, as used in Google Chrome before 51.0.2704.63, permits cross-origin loading of CSS stylesheets by a ServiceWorker even when the stylesheet download has an incorrect MIME type, which allows remote attackers to bypass the Same Origin Policy via a...

5.3CVSS5.9AI score0.00748EPSS
CVE
CVE
added 2016/06/05 11:59 p.m.66 views

CVE-2016-1702

The SkRegion::readFromMemory function in core/SkRegion.cpp in Skia, as used in Google Chrome before 51.0.2704.79, does not validate the interval count, which allows remote attackers to cause a denial of service (out-of-bounds read) via crafted serialized data.

6.5CVSS6.7AI score0.0142EPSS
CVE
CVE
added 2016/01/31 6:59 p.m.66 views

CVE-2016-1939

Mozilla Firefox before 44.0 stores cookies with names containing vertical tab characters, which allows remote attackers to obtain sensitive information by reading HTTP Cookie headers. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-7208.

5.3CVSS6.7AI score0.00618EPSS
CVE
CVE
added 2016/05/23 7:59 p.m.66 views

CVE-2016-4049

The bgp_dump_routes_func function in bgpd/bgp_dump.c in Quagga does not perform size checks when dumping data, which might allow remote attackers to cause a denial of service (assertion failure and daemon crash) via a large BGP packet.

7.5CVSS7.2AI score0.02164EPSS
CVE
CVE
added 2019/11/05 10:15 p.m.66 views

CVE-2016-4983

A postinstall script in the dovecot rpm allows local users to read the contents of newly created SSL/TLS key files.

3.3CVSS3.6AI score0.00143EPSS
CVE
CVE
added 2016/09/11 10:59 a.m.66 views

CVE-2016-5149

The extensions subsystem in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux relies on an IFRAME source URL to identify an associated extension, which allows remote attackers to conduct extension-bindings injection attacks by leveraging script access to a resou...

8.8CVSS7AI score0.01312EPSS
CVE
CVE
added 2016/07/03 1:59 a.m.66 views

CVE-2016-5701

setup/frames/index.inc.php in phpMyAdmin 4.0.10.x before 4.0.10.16, 4.4.15.x before 4.4.15.7, and 4.6.x before 4.6.3 allows remote attackers to conduct BBCode injection attacks against HTTP sessions via a crafted URI.

6.1CVSS7.4AI score0.00442EPSS
Web
CVE
CVE
added 2016/01/21 3:2 a.m.65 views

CVE-2016-0595

Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier allows remote authenticated users to affect availability via vectors related to DML.

4CVSS5.5AI score0.00722EPSS
CVE
CVE
added 2016/01/21 3:2 a.m.65 views

CVE-2016-0605

Unspecified vulnerability in Oracle MySQL 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors.

2.1CVSS5.6AI score0.00686EPSS
CVE
CVE
added 2016/04/07 11:59 p.m.65 views

CVE-2016-2851

Integer overflow in proto.c in libotr before 4.1.1 on 64-bit platforms allows remote attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via a series of large OTR messages, which triggers a heap-based buffer overflow.

9.8CVSS9.7AI score0.23058EPSS
Web
CVE
CVE
added 2016/05/20 2:59 p.m.65 views

CVE-2016-4348

The _rsvg_css_normalize_font_size function in librsvg 2.40.2 allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via circular definitions in an SVG document.

7.5CVSS7.1AI score0.03078EPSS
CVE
CVE
added 2017/04/12 8:59 p.m.65 views

CVE-2016-9958

game-music-emu before 0.6.1 allows remote attackers to write to arbitrary memory locations.

7.8CVSS8.5AI score0.00313EPSS
CVE
CVE
added 2015/12/16 11:59 a.m.64 views

CVE-2015-7221

Buffer overflow in the nsDeque::GrowCapacity function in xpcom/glue/nsDeque.cpp in Mozilla Firefox before 43.0 might allow remote attackers to cause a denial of service or possibly have unspecified other impact by triggering a deque size change.

10CVSS7.9AI score0.01696EPSS
CVE
CVE
added 2016/02/23 7:59 p.m.64 views

CVE-2015-8804

x86_64/ecc-384-modp.asm in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-384 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors.

9.8CVSS8.5AI score0.11875EPSS
CVE
CVE
added 2015/10/09 5:59 a.m.63 views

CVE-2015-5828

The API in the WebKit Plug-ins component in Apple Safari before 9 does not provide notification of an HTTP Redirection (aka 3xx) status code to a plugin, which allows remote attackers to bypass intended request restrictions via a crafted web site.

4.3CVSS7.8AI score0.00779EPSS
CVE
CVE
added 2017/03/02 9:59 p.m.63 views

CVE-2016-10068

The MSL interpreter in ImageMagick before 6.9.6-4 allows remote attackers to cause a denial of service (segmentation fault and application crash) via a crafted XML file.

5.5CVSS5.7AI score0.00811EPSS
CVE
CVE
added 2017/03/03 6:59 p.m.63 views

CVE-2016-10070

Heap-based buffer overflow in the CalcMinMax function in coders/mat.c in ImageMagick before 6.9.4-0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted mat file.

5.5CVSS6AI score0.00619EPSS
CVE
CVE
added 2016/01/22 3:59 p.m.63 views

CVE-2016-1572

mount.ecryptfs_private.c in eCryptfs-utils does not validate mount destination filesystem types, which allows local users to gain privileges by mounting over a nonstandard filesystem, as demonstrated by /proc/$pid.

8.4CVSS8AI score0.00053EPSS
CVE
CVE
added 2016/01/31 6:59 p.m.63 views

CVE-2016-1931

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 44.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to uninitialized memory encountered during brotli data compr...

10CVSS9.8AI score0.0254EPSS
CVE
CVE
added 2017/04/21 8:59 p.m.63 views

CVE-2016-2347

Integer underflow in the decode_level3_header function in lib/lha_file_header.c in Lhasa before 0.3.1 allows remote attackers to execute arbitrary code via a crafted archive.

7.8CVSS7.7AI score0.00447EPSS
CVE
CVE
added 2015/11/02 7:59 p.m.62 views

CVE-2015-5291

Heap-based buffer overflow in PolarSSL 1.x before 1.2.17 and ARM mbed TLS (formerly PolarSSL) 1.3.x before 1.3.14 and 2.x before 2.1.2 allows remote SSL servers to cause a denial of service (client crash) and possibly execute arbitrary code via a long hostname to the server name indication (SNI) ex...

6.8CVSS8.4AI score0.01704EPSS
CVE
CVE
added 2016/04/19 2:59 p.m.62 views

CVE-2015-5479

The ff_h263_decode_mba function in libavcodec/ituh263dec.c in Libav before 11.5 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a file with crafted dimensions.

6.5CVSS6.2AI score0.01326EPSS
CVE
CVE
added 2019/11/05 2:15 p.m.62 views

CVE-2016-1000002

gdm3 3.14.2 and possibly later has an information leak before screen lock

2.4CVSS3.7AI score0.0016EPSS
CVE
CVE
added 2017/03/03 5:59 p.m.62 views

CVE-2016-10065

The ReadVIFFImage function in coders/viff.c in ImageMagick before 7.0.1-0 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file.

7.8CVSS7.2AI score0.00261EPSS
CVE
CVE
added 2016/06/16 6:59 p.m.62 views

CVE-2016-3062

The mov_read_dref function in libavformat/mov.c in Libav before 11.7 and FFmpeg before 0.11 allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via the entries value in a dref box in an MP4 file.

8.8CVSS8.7AI score0.02449EPSS
CVE
CVE
added 2016/04/18 2:59 p.m.62 views

CVE-2016-4036

The quagga package before 0.99.23-2.6.1 in openSUSE and SUSE Linux Enterprise Server 11 SP 1 uses weak permissions for /etc/quagga, which allows local users to obtain sensitive information by reading files in the directory.

5.5CVSS5.8AI score0.001EPSS
CVE
CVE
added 2016/09/11 10:59 a.m.62 views

CVE-2016-5164

Cross-site scripting (XSS) vulnerability in WebKit/Source/platform/v8_inspector/V8Debugger.cpp in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allows remote attackers to inject arbitrary web script or HTML into the Developer Tools (aka De...

6.1CVSS5.9AI score0.00483EPSS
CVE
CVE
added 2017/01/20 3:59 p.m.62 views

CVE-2016-9436

parsetagx.c in w3m before 0.5.3+git20161009 does not properly initialize values, which allows remote attackers to crash the application via a crafted html file, related to a tag.

6.5CVSS6.9AI score0.01351EPSS
CVE
CVE
added 2017/06/06 6:29 p.m.62 views

CVE-2016-9961

game-music-emu before 0.6.1 mishandles unspecified integer values.

10CVSS9.3AI score0.02847EPSS
CVE
CVE
added 2017/03/17 2:59 p.m.61 views

CVE-2014-9852

distribute-cache.c in ImageMagick re-uses objects after they have been destroyed, which allows remote attackers to have unspecified impact via unspecified vectors.

9.8CVSS8.7AI score0.01316EPSS
CVE
CVE
added 2017/03/23 5:59 p.m.61 views

CVE-2016-10051

Use-after-free vulnerability in the ReadPWPImage function in coders/pwp.c in ImageMagick 6.9.5-5 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file.

7.8CVSS7.2AI score0.0034EPSS
CVE
CVE
added 2016/06/05 11:59 p.m.61 views

CVE-2016-1693

browser/safe_browsing/srt_field_trial_win.cc in Google Chrome before 51.0.2704.63 does not use the HTTPS service on dl.google.com to obtain the Software Removal Tool, which allows remote attackers to spoof the chrome_cleanup_tool.exe (aka CCT) file via a man-in-the-middle attack on an HTTP session.

5.3CVSS5.8AI score0.00895EPSS
CVE
CVE
added 2016/07/03 1:59 a.m.61 views

CVE-2016-5733

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) a crafted table name that is mishandled during privilege checking in table_...

6.1CVSS6.9AI score0.01619EPSS
Web
CVE
CVE
added 2017/03/24 3:59 p.m.61 views

CVE-2016-7797

Pacemaker before 1.1.15, when using pacemaker remote, might allow remote attackers to cause a denial of service (node disconnection) via an unauthenticated connection.

7.5CVSS7.2AI score0.02954EPSS
CVE
CVE
added 2016/01/21 3:2 a.m.60 views

CVE-2016-0594

Unspecified vulnerability in Oracle MySQL 5.6.21 and earlier allows remote authenticated users to affect availability via vectors related to DML.

4.3CVSS5.4AI score0.00584EPSS
CVE
CVE
added 2016/10/03 4:9 p.m.60 views

CVE-2016-7445

convert.c in OpenJPEG before 2.1.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors involving the variable s.

7.5CVSS5.9AI score0.02039EPSS
CVE
CVE
added 2017/06/06 6:29 p.m.60 views

CVE-2016-9960

game-music-emu before 0.6.1 allows local users to cause a denial of service (divide by zero and process crash).

5.5CVSS6.5AI score0.00102EPSS
CVE
CVE
added 2017/03/15 2:59 p.m.60 views

CVE-2017-5938

Cross-site scripting (XSS) vulnerability in the nav_path function in lib/viewvc.py in ViewVC before 1.0.14 and 1.1.x before 1.1.26 allows remote attackers to inject arbitrary web script or HTML via the nav_data name.

6.1CVSS5.9AI score0.00631EPSS
CVE
CVE
added 2017/03/02 9:59 p.m.59 views

CVE-2016-10064

Buffer overflow in coders/tiff.c in ImageMagick before 6.9.5-1 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file.

7.8CVSS7.4AI score0.00267EPSS
CVE
CVE
added 2016/02/20 1:59 a.m.59 views

CVE-2016-2038

phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted request, which reveals the full path in an error message.

5.3CVSS5.7AI score0.00931EPSS
CVE
CVE
added 2016/05/23 7:59 p.m.59 views

CVE-2016-3959

The Verify function in crypto/dsa/dsa.go in Go before 1.5.4 and 1.6.x before 1.6.1 does not properly check parameters passed to the big integer library, which might allow remote attackers to cause a denial of service (infinite loop) via a crafted public key to a program that uses HTTPS client certi...

7.5CVSS7.1AI score0.0247EPSS
CVE
CVE
added 2016/07/03 1:59 a.m.59 views

CVE-2016-5705

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.4.x before 4.4.15.7 and 4.6.x before 4.6.3 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) server-privileges certificate data fields on the user privileges page, (2) an "invalid JSON" error m...

6.1CVSS7AI score0.00583EPSS
CVE
CVE
added 2016/06/13 7:59 p.m.58 views

CVE-2016-4478

Buffer overflow in the xmlrpc_char_encode function in modules/transport/xmlrpc/xmlrpclib.c in Atheme before 7.2.7 allows remote attackers to cause a denial of service via vectors related to XMLRPC response encoding.

7.5CVSS7.3AI score0.00589EPSS
CVE
CVE
added 2023/02/15 10:15 a.m.58 views

CVE-2022-45153

An Incorrect Default Permissions vulnerability in saphanabootstrap-formula of SUSE Linux Enterprise Module for SAP Applications 15-SP1, SUSE Linux Enterprise Server for SAP 12-SP5; openSUSE Leap 15.4 allows local attackers to escalate to root by manipulating the sudo configuration that is created. ...

7.8CVSS7.1AI score0.00049EPSS
CVE
CVE
added 2017/04/13 2:59 p.m.57 views

CVE-2015-8864

Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 1.0.9 and 1.1.x before 1.1.5 allows remote attackers to inject arbitrary web script or HTML via a crafted SVG, a different vulnerability than CVE-2016-4068.

6.1CVSS5.9AI score0.00729EPSS
CVE
CVE
added 2016/01/31 6:59 p.m.57 views

CVE-2016-1943

Mozilla Firefox before 44.0 on Android allows remote attackers to spoof the address bar via the scrollTo method.

4.7CVSS6.3AI score0.00556EPSS
CVE
CVE
added 2016/01/31 6:59 p.m.57 views

CVE-2016-1945

The nsZipArchive function in Mozilla Firefox before 44.0 might allow remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging incorrect use of a pointer during processing of a ZIP archive.

9.3CVSS9.3AI score0.00674EPSS
CVE
CVE
added 2016/04/13 5:59 p.m.57 views

CVE-2016-2313

auth_login.php in Cacti before 0.8.8g allows remote authenticated users who use web authentication to bypass intended access restrictions by logging in as a user not in the cacti database.

8.8CVSS8.3AI score0.01075EPSS
CVE
CVE
added 2017/04/13 2:59 p.m.57 views

CVE-2016-4068

Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 1.0.9 and 1.1.x before 1.1.5 allows remote attackers to inject arbitrary web script or HTML via a crafted SVG, a different vulnerability than CVE-2015-8864.

6.1CVSS5.9AI score0.00729EPSS
CVE
CVE
added 2016/06/13 7:59 p.m.57 views

CVE-2016-4579

Libksba before 1.3.4 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via unspecified vectors, related to the "returned length of the object from _ksba_ber_parse_tl."

7.5CVSS7.2AI score0.01327EPSS
Total number of security vulnerabilities1897