Lucene search

K
OpensuseLeap

1897 matches found

CVE
CVE
added 2016/01/21 3:2 a.m.65 views

CVE-2016-0605

Unspecified vulnerability in Oracle MySQL 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors.

2.1CVSS5.6AI score0.00686EPSS
CVE
CVE
added 2016/04/18 10:59 a.m.65 views

CVE-2016-1656

The download implementation in Google Chrome before 50.0.2661.75 on Android allows remote attackers to bypass intended pathname restrictions via unspecified vectors.

7.5CVSS7.8AI score0.00404EPSS
CVE
CVE
added 2016/05/20 2:59 p.m.65 views

CVE-2016-4348

The _rsvg_css_normalize_font_size function in librsvg 2.40.2 allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via circular definitions in an SVG document.

7.5CVSS7.1AI score0.01919EPSS
CVE
CVE
added 2017/03/03 4:59 p.m.65 views

CVE-2016-7969

The wrap_lines_smart function in ass_render.c in libass before 0.13.4 allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors, related to "0/3 line wrapping equalization."

7.5CVSS7.2AI score0.05279EPSS
CVE
CVE
added 2017/07/06 4:29 p.m.65 views

CVE-2017-8932

A bug in the standard library ScalarMult implementation of curve P-256 for amd64 architectures in Go before 1.7.6 and 1.8.x before 1.8.2 causes incorrect results to be generated for specific input points. An adaptive attack can be mounted to progressively extract the scalar input to ScalarMult by s...

5.9CVSS5.6AI score0.02461EPSS
CVE
CVE
added 2015/12/16 11:59 a.m.64 views

CVE-2015-7221

Buffer overflow in the nsDeque::GrowCapacity function in xpcom/glue/nsDeque.cpp in Mozilla Firefox before 43.0 might allow remote attackers to cause a denial of service or possibly have unspecified other impact by triggering a deque size change.

10CVSS7.9AI score0.01696EPSS
CVE
CVE
added 2016/06/05 11:59 p.m.64 views

CVE-2016-1673

Blink, as used in Google Chrome before 51.0.2704.63, allows remote attackers to bypass the Same Origin Policy via unspecified vectors.

8.8CVSS8.2AI score0.00847EPSS
CVE
CVE
added 2016/04/07 11:59 p.m.64 views

CVE-2016-2851

Integer overflow in proto.c in libotr before 4.1.1 on 64-bit platforms allows remote attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via a series of large OTR messages, which triggers a heap-based buffer overflow.

9.8CVSS9.7AI score0.23058EPSS
CVE
CVE
added 2015/10/09 5:59 a.m.63 views

CVE-2015-5828

The API in the WebKit Plug-ins component in Apple Safari before 9 does not provide notification of an HTTP Redirection (aka 3xx) status code to a plugin, which allows remote attackers to bypass intended request restrictions via a crafted web site.

4.3CVSS7.8AI score0.00779EPSS
CVE
CVE
added 2016/02/23 7:59 p.m.63 views

CVE-2015-8803

The ecc_256_modp function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors, a different vulnerability than CVE-2015...

9.8CVSS8.6AI score0.12343EPSS
CVE
CVE
added 2016/01/31 6:59 p.m.63 views

CVE-2016-1931

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 44.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to uninitialized memory encountered during brotli data compr...

10CVSS9.8AI score0.02395EPSS
CVE
CVE
added 2016/06/13 10:59 a.m.63 views

CVE-2016-2825

Mozilla Firefox before 47.0 allows remote attackers to bypass the Same Origin Policy and modify the location.host property via an invalid data: URL.

6.5CVSS7.1AI score0.00237EPSS
CVE
CVE
added 2016/05/23 7:59 p.m.63 views

CVE-2016-4049

The bgp_dump_routes_func function in bgpd/bgp_dump.c in Quagga does not perform size checks when dumping data, which might allow remote attackers to cause a denial of service (assertion failure and daemon crash) via a large BGP packet.

7.5CVSS7.2AI score0.02164EPSS
CVE
CVE
added 2017/04/12 8:59 p.m.63 views

CVE-2016-9958

game-music-emu before 0.6.1 allows remote attackers to write to arbitrary memory locations.

7.8CVSS8.5AI score0.00313EPSS
CVE
CVE
added 2015/11/02 7:59 p.m.62 views

CVE-2015-5291

Heap-based buffer overflow in PolarSSL 1.x before 1.2.17 and ARM mbed TLS (formerly PolarSSL) 1.3.x before 1.3.14 and 2.x before 2.1.2 allows remote SSL servers to cause a denial of service (client crash) and possibly execute arbitrary code via a long hostname to the server name indication (SNI) ex...

6.8CVSS8.4AI score0.01704EPSS
CVE
CVE
added 2016/04/19 2:59 p.m.62 views

CVE-2015-5479

The ff_h263_decode_mba function in libavcodec/ituh263dec.c in Libav before 11.5 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a file with crafted dimensions.

6.5CVSS6.2AI score0.01326EPSS
CVE
CVE
added 2015/12/16 11:59 a.m.62 views

CVE-2015-7223

The WebExtension APIs in Mozilla Firefox before 43.0 allow remote attackers to gain privileges, and possibly obtain sensitive information or conduct cross-site scripting (XSS) attacks, via a crafted web site.

4CVSS6.9AI score0.00744EPSS
CVE
CVE
added 2016/02/23 7:59 p.m.62 views

CVE-2015-8804

x86_64/ecc-384-modp.asm in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-384 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors.

9.8CVSS8.5AI score0.11875EPSS
CVE
CVE
added 2019/11/05 2:15 p.m.62 views

CVE-2016-1000002

gdm3 3.14.2 and possibly later has an information leak before screen lock

2.4CVSS3.7AI score0.0016EPSS
CVE
CVE
added 2017/03/02 9:59 p.m.62 views

CVE-2016-10068

The MSL interpreter in ImageMagick before 6.9.6-4 allows remote attackers to cause a denial of service (segmentation fault and application crash) via a crafted XML file.

5.5CVSS5.7AI score0.00811EPSS
CVE
CVE
added 2017/03/03 6:59 p.m.62 views

CVE-2016-10070

Heap-based buffer overflow in the CalcMinMax function in coders/mat.c in ImageMagick before 6.9.4-0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted mat file.

5.5CVSS6AI score0.00619EPSS
CVE
CVE
added 2016/01/22 3:59 p.m.62 views

CVE-2016-1572

mount.ecryptfs_private.c in eCryptfs-utils does not validate mount destination filesystem types, which allows local users to gain privileges by mounting over a nonstandard filesystem, as demonstrated by /proc/$pid.

8.4CVSS8AI score0.00053EPSS
CVE
CVE
added 2017/04/21 8:59 p.m.62 views

CVE-2016-2347

Integer underflow in the decode_level3_header function in lib/lha_file_header.c in Lhasa before 0.3.1 allows remote attackers to execute arbitrary code via a crafted archive.

7.8CVSS7.7AI score0.00447EPSS
CVE
CVE
added 2016/04/18 2:59 p.m.62 views

CVE-2016-4036

The quagga package before 0.99.23-2.6.1 in openSUSE and SUSE Linux Enterprise Server 11 SP 1 uses weak permissions for /etc/quagga, which allows local users to obtain sensitive information by reading files in the directory.

5.5CVSS5.8AI score0.001EPSS
CVE
CVE
added 2016/09/11 10:59 a.m.62 views

CVE-2016-5164

Cross-site scripting (XSS) vulnerability in WebKit/Source/platform/v8_inspector/V8Debugger.cpp in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allows remote attackers to inject arbitrary web script or HTML into the Developer Tools (aka De...

6.1CVSS5.9AI score0.00483EPSS
CVE
CVE
added 2017/03/03 5:59 p.m.61 views

CVE-2016-10065

The ReadVIFFImage function in coders/viff.c in ImageMagick before 7.0.1-0 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file.

7.8CVSS7.2AI score0.00261EPSS
CVE
CVE
added 2016/06/05 11:59 p.m.61 views

CVE-2016-1693

browser/safe_browsing/srt_field_trial_win.cc in Google Chrome before 51.0.2704.63 does not use the HTTPS service on dl.google.com to obtain the Software Removal Tool, which allows remote attackers to spoof the chrome_cleanup_tool.exe (aka CCT) file via a man-in-the-middle attack on an HTTP session.

5.3CVSS5.8AI score0.00895EPSS
CVE
CVE
added 2016/06/16 6:59 p.m.61 views

CVE-2016-3062

The mov_read_dref function in libavformat/mov.c in Libav before 11.7 and FFmpeg before 0.11 allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via the entries value in a dref box in an MP4 file.

8.8CVSS8.7AI score0.02512EPSS
CVE
CVE
added 2016/07/03 1:59 a.m.61 views

CVE-2016-5733

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) a crafted table name that is mishandled during privilege checking in table_...

6.1CVSS6.9AI score0.01619EPSS
CVE
CVE
added 2017/03/17 2:59 p.m.60 views

CVE-2014-9852

distribute-cache.c in ImageMagick re-uses objects after they have been destroyed, which allows remote attackers to have unspecified impact via unspecified vectors.

9.8CVSS8.7AI score0.01316EPSS
CVE
CVE
added 2017/03/23 5:59 p.m.60 views

CVE-2016-10051

Use-after-free vulnerability in the ReadPWPImage function in coders/pwp.c in ImageMagick 6.9.5-5 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file.

7.8CVSS7.2AI score0.0034EPSS
CVE
CVE
added 2017/01/20 3:59 p.m.60 views

CVE-2016-9436

parsetagx.c in w3m before 0.5.3+git20161009 does not properly initialize values, which allows remote attackers to crash the application via a crafted html file, related to a tag.

6.5CVSS6.9AI score0.01351EPSS
CVE
CVE
added 2017/06/06 6:29 p.m.60 views

CVE-2016-9961

game-music-emu before 0.6.1 mishandles unspecified integer values.

10CVSS9.3AI score0.02847EPSS
CVE
CVE
added 2017/03/15 2:59 p.m.60 views

CVE-2017-5938

Cross-site scripting (XSS) vulnerability in the nav_path function in lib/viewvc.py in ViewVC before 1.0.14 and 1.1.x before 1.1.26 allows remote attackers to inject arbitrary web script or HTML via the nav_data name.

6.1CVSS5.9AI score0.00631EPSS
CVE
CVE
added 2016/01/21 3:2 a.m.59 views

CVE-2016-0594

Unspecified vulnerability in Oracle MySQL 5.6.21 and earlier allows remote authenticated users to affect availability via vectors related to DML.

4.3CVSS5.4AI score0.00584EPSS
CVE
CVE
added 2016/02/20 1:59 a.m.59 views

CVE-2016-2038

phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted request, which reveals the full path in an error message.

5.3CVSS5.7AI score0.00931EPSS
CVE
CVE
added 2016/07/03 1:59 a.m.59 views

CVE-2016-5705

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.4.x before 4.4.15.7 and 4.6.x before 4.6.3 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) server-privileges certificate data fields on the user privileges page, (2) an "invalid JSON" error m...

6.1CVSS7AI score0.00583EPSS
CVE
CVE
added 2017/03/24 3:59 p.m.59 views

CVE-2016-7797

Pacemaker before 1.1.15, when using pacemaker remote, might allow remote attackers to cause a denial of service (node disconnection) via an unauthenticated connection.

7.5CVSS7.2AI score0.02954EPSS
CVE
CVE
added 2017/03/02 9:59 p.m.58 views

CVE-2016-10064

Buffer overflow in coders/tiff.c in ImageMagick before 6.9.5-1 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file.

7.8CVSS7.4AI score0.00267EPSS
CVE
CVE
added 2016/06/13 7:59 p.m.58 views

CVE-2016-4478

Buffer overflow in the xmlrpc_char_encode function in modules/transport/xmlrpc/xmlrpclib.c in Atheme before 7.2.7 allows remote attackers to cause a denial of service via vectors related to XMLRPC response encoding.

7.5CVSS7.3AI score0.00589EPSS
CVE
CVE
added 2016/10/03 4:9 p.m.58 views

CVE-2016-7445

convert.c in OpenJPEG before 2.1.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors involving the variable s.

7.5CVSS5.9AI score0.02039EPSS
CVE
CVE
added 2017/06/06 6:29 p.m.58 views

CVE-2016-9960

game-music-emu before 0.6.1 allows local users to cause a denial of service (divide by zero and process crash).

5.5CVSS6.5AI score0.00102EPSS
CVE
CVE
added 2023/02/15 10:15 a.m.58 views

CVE-2022-45153

An Incorrect Default Permissions vulnerability in saphanabootstrap-formula of SUSE Linux Enterprise Module for SAP Applications 15-SP1, SUSE Linux Enterprise Server for SAP 12-SP5; openSUSE Leap 15.4 allows local attackers to escalate to root by manipulating the sudo configuration that is created. ...

7.8CVSS7.1AI score0.00049EPSS
CVE
CVE
added 2016/01/31 6:59 p.m.57 views

CVE-2016-1943

Mozilla Firefox before 44.0 on Android allows remote attackers to spoof the address bar via the scrollTo method.

4.7CVSS6.3AI score0.00556EPSS
CVE
CVE
added 2016/01/31 6:59 p.m.57 views

CVE-2016-1945

The nsZipArchive function in Mozilla Firefox before 44.0 might allow remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging incorrect use of a pointer during processing of a ZIP archive.

9.3CVSS9.3AI score0.00648EPSS
CVE
CVE
added 2016/04/13 5:59 p.m.57 views

CVE-2016-2313

auth_login.php in Cacti before 0.8.8g allows remote authenticated users who use web authentication to bypass intended access restrictions by logging in as a user not in the cacti database.

8.8CVSS8.3AI score0.01075EPSS
CVE
CVE
added 2016/07/03 1:59 a.m.57 views

CVE-2016-5706

js/get_scripts.js.php in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allows remote attackers to cause a denial of service via a large array in the scripts parameter.

7.5CVSS7.9AI score0.02147EPSS
CVE
CVE
added 2017/08/07 8:29 p.m.56 views

CVE-2014-3462

The ".encfs6.xml" configuration file in encfs before 1.7.5 allows remote attackers to access sensitive data by setting "blockMACBytes" to 0 and adding 8 to "blockMACRandBytes".

7.5CVSS7.3AI score0.01089EPSS
CVE
CVE
added 2017/04/13 2:59 p.m.56 views

CVE-2015-8864

Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 1.0.9 and 1.1.x before 1.1.5 allows remote attackers to inject arbitrary web script or HTML via a crafted SVG, a different vulnerability than CVE-2016-4068.

6.1CVSS5.9AI score0.00729EPSS
CVE
CVE
added 2017/04/13 2:59 p.m.56 views

CVE-2016-4068

Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 1.0.9 and 1.1.x before 1.1.5 allows remote attackers to inject arbitrary web script or HTML via a crafted SVG, a different vulnerability than CVE-2015-8864.

6.1CVSS5.9AI score0.00729EPSS
Total number of security vulnerabilities1897