Lucene search
+L
SuseLinux Enterprise Software Development Kit

296 matches found

CVE
CVE
added 2012/11/21 11:0 a.m.98 views

CVE-2012-5833

CVE-2012-5833 concerns WebGL texImage2D handling in Mozilla Firefox (and related Gecko-based products) that interacts with Mesa drivers. The vulnerability can allow remote code execution or a denial of service (memory corruption) via certain level parameter values. Affected versions include Firef...

9.3CVSS9.1AI score0.0483EPSS
CVE
CVE
added 2014/06/05 8:0 p.m.98 views

CVE-2014-3469

CVE-2014-3469 affects GNU libtasn1 before 3.6, where the functions asn1_read_value_type and asn1_read_value may dereference a NULL ivalue. In this context, crafted ASN.1 data can trigger a NULL pointer dereference in the library, leading to a denial of service (crash). The vulnerability is noted ...

5CVSS5.6AI score0.03817EPSS
CVE
CVE
added 2015/11/09 2:0 a.m.98 views

CVE-2015-2695

CVE-2015-2695 affects MIT Kerberos 5 (krb5) where the krb5 GSS-API SPNEGO mechanism mishandles a context, relying on an inappropriate context handle. This can enable a remote attacker to cause a denial of service via a crafted gss_inquire_context call on a partially-established SPNEGO context, le...

5CVSS7AI score0.06243EPSS
CVE
CVE
added 2015/11/09 2:0 a.m.98 views

CVE-2015-2696

MIT Kerberos 5 (krb5) vulnerability CVE-2015-2696 arises from an inappropriate context handle in iakerb.c, enabling remote denial of service via crafted IAKERB packets during gss_inquire_context. IBM CP4S remediation in the connected materials shows affected Cloud Pak for Security versions 1.8.0....

7.1CVSS7AI score0.04543EPSS
CVE
CVE
added 2016/09/20 2:0 p.m.98 views

CVE-2015-8930

CVE-2015-8930 affects libarchive’s ISO parser (bsdtar) and can cause a denial-of-service via an infinite loop when opening a crafted ISO with a directory that is a member of itself. The available connected documents show this vulnerability across multiple advisories and platforms, indicating it i...

7.5CVSS7.5AI score0.04287EPSS
CVE
CVE
added 2012/11/21 11:0 a.m.97 views

CVE-2012-5835

CVE-2012-5835 describes an integer overflow in the WebGL subsystem of Mozilla Firefox prior to 17.0 (also affecting Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0 and Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14). The overflow can lead to remote code execution or a den...

10CVSS9.1AI score0.08528EPSS
CVE
CVE
added 2012/11/21 11:0 a.m.97 views

CVE-2012-5838

CVE-2012-5838 affects the WebGL copyTexImage2D in Mozilla Firefox (<17.0), Thunderbird (<17.0), and SeaMonkey (

9.3CVSS8.9AI score0.06155EPSS
CVE
CVE
added 2012/08/29 10:0 a.m.96 views

CVE-2012-3956

CVE-2012-3956 is a use-after-free in MediaStreamGraphThreadRunnable::Run in Mozilla Firefox before 15.0 (and similar affected versions for Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0/ESR 10.x before 10.0.7, SeaMonkey before 2.12). Successful exploitation could allow remote attackers t...

10CVSS9.4AI score0.05408EPSS
CVE
CVE
added 2013/01/13 8:0 p.m.96 views

CVE-2013-0771

CVE-2013-0771 describes a heap-based buffer overflow in Mozilla Firefox’s gfxTextRun::ShrinkToLigatureBoundaries, affecting Firefox before 18.0 (and ESR 17.x before 17.0.1), Thunderbird before 17.0.2 (and ESR 17.x before 17.0.1), and SeaMonkey before 2.15. Successful exploitation via a crafted do...

9.3CVSS9.5AI score0.05334EPSS
CVE
CVE
added 2015/04/28 2:0 p.m.96 views

CVE-2015-3340

CVE-2015-3340 affects Xen 4.2.x through 4.5.x and involves uninitialized fields, allowing certain remote domains to read sensitive memory content via XEN_DOMCTL_gettscinfo or XEN_SYSCTL_getdomaininfolist. Public advisories (e.g., Debian DSA-3414) classify this as a denial of information disclosur...

2.9CVSS6.3AI score0.00793EPSS
CVE
CVE
added 2012/11/21 11:0 a.m.95 views

CVE-2012-5840

CVE-2012-5840 is a Use-after-free vulnerability in Mozilla Firefox’s nsTextEditorState::PrepareEditor, affecting Firefox prior to 17.0, Firefox ESR 10.x prior to 10.0.11, Thunderbird prior to 17.0, Thunderbird ESR 10.x prior to 10.0.11, and SeaMonkey prior to 2.14. The flaw allows remote attacker...

9.3CVSS9.1AI score0.06074EPSS
CVE
CVE
added 2011/11/11 6:0 p.m.93 views

CVE-2011-3439

CVE-2011-3439 affects FreeType in CoreGraphics on Apple iOS prior to 5.0.1. An attacker could craft a font in a document to trigger memory corruption, enabling remote code execution or a denial of service. Affected component: FreeType/CoreGraphics; impact: code execution and memory corruption. Re...

9.3CVSS7.4AI score0.05329EPSS
CVE
CVE
added 2012/02/09 2:0 a.m.93 views

CVE-2011-3970

CVE-2011-3970 affects libxslt as used in Google Chrome prior to 17.0.963.46, enabling a remote attacker to cause a denial of service via an out-of-bounds read (vectors not specified in the entry). The issue has been addressed in downstream advisories and Chrome updates; Chrome/SUSE/Fedora advisor...

4.3CVSS6.8AI score0.01824EPSS
CVE
CVE
added 2012/11/21 11:0 a.m.92 views

CVE-2012-5839

CVE-2012-5839 is a heap-based buffer overflow in Mozilla's gfxShapedWord::CompressedGlyph::IsClusterStart that affects Firefox and related Mozilla components. Affected software includes Mozilla Firefox before 17.0 (and ESR 10.x before 10.0.11), Thunderbird before 17.0 (and ESR 10.x before 10.0.11...

9.3CVSS9.1AI score0.06997EPSS
CVE
CVE
added 2014/10/15 10:3 p.m.92 views

CVE-2014-6564

CVE-2014-6564 affects Oracle MySQL Server 5.6.19 and earlier. Described as an unspecified vulnerability that allows remote authenticated users to affect availability via INNODB FULLTEXT SEARCH DML vectors. Connected sources confirm affected product/version and impact focus on availability; no exp...

4CVSS6.1AI score0.02365EPSS
CVE
CVE
added 2017/03/17 2:0 p.m.92 views

CVE-2014-9853

CVE-2014-9853 : In ImageMagick, a memory leak in the coders/rle.c parser can be triggered by a crafted RLE file, enabling remote attackers to cause a denial of service via memory consumption. The available documents confirm ImageMagick and the rle.c component as the affected codepath; no version ...

5.5CVSS5.7AI score0.01815EPSS
CVE
CVE
added 2013/12/11 3:0 p.m.91 views

CVE-2013-5610

CVE-2013-5610 is a memory-corruption vulnerability in the Mozilla Firefox browser engine (pre-26.0) and SeaMonkey (pre-2.23) with potential remote code execution via unknown vectors and denial of service. Public advisories (e.g., openSUSE/MFSA entries) indicate fixes are available by upgrading Fi...

10CVSS9.9AI score0.06511EPSS
CVE
CVE
added 2012/10/29 6:0 p.m.90 views

CVE-2012-4196

CVE-2012-4196 affects Mozilla Firefox (and related Mozilla components) where a prototype property-injection attack on the Location object (window.location) bypassed Same Origin Policy. Affected are Firefox prior to 16.0.2, Firefox ESR 10.x prior to 10.0.10, Thunderbird prior to 16.0.2, Thunderbir...

6.4CVSS8.8AI score0.03287EPSS
CVE
CVE
added 2016/04/13 4:0 p.m.90 views

CVE-2016-3630

CVE-2016-3630 : Mercurial versions before 3.7.3 are affected by a binary delta decoder vulnerability that could allow remote code execution via clone, push, or pull due to a list sizing rounding error and short records. Connected advisories indicate the fix is to upgrade Mercurial to 3.7.3 or new...

8.8CVSS8.7AI score0.04832EPSS
CVE
CVE
added 2012/10/12 10:0 a.m.89 views

CVE-2012-4193

CVE-2012-4193 affects Mozilla Firefox and related Mozilla products (Firefox before 16.0.1, Firefox ESR before 10.0.9, Thunderbird before 16.0.1, Thunderbird ESR before 10.0.9, SeaMonkey before 2.13.1). Root cause: a security check in the defaultValue unwrapping of security wrappers is omitted, al...

6.8CVSS9AI score0.01155EPSS
CVE
CVE
added 2008/03/19 10:0 a.m.88 views

CVE-2008-0063

CVE-2008-0063 affects MIT Kerberos 5 (krb5kdc) where Kerberos v4 support leaves an unused buffer uncleared when generating error messages. This can allow remote attackers to read sensitive information from memory. Public advisories across multiple vendors (e.g., MiracleLinux AXSA-2008-345/AXSA-20...

7.5CVSS8.6AI score0.03478EPSS
CVE
CVE
added 2012/08/29 10:0 a.m.88 views

CVE-2012-3963

CVE-2012-3963 is a Use-after-free in Mozilla Firefox's js::gc::MapAllocToTraceKind that can allow remote code execution. Affected: Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, SeaMonkey before 2.12. Mitigation: upgrade to Firefo...

10CVSS9.4AI score0.05949EPSS
CVE
CVE
added 2016/09/20 2:0 p.m.88 views

CVE-2015-8925

CVE-2015-8925 affects libarchive (before 3.2.0). A denial of service can be triggered by processing a crafted mtree file due to an invalid memory read in read_mtree. Affected products include libarchive in various distributions; remediation is to upgrade to a fixed libarchive version as provided ...

5.5CVSS6.2AI score0.0206EPSS
CVE
CVE
added 2016/07/13 3:0 p.m.87 views

CVE-2015-8808

CVE-2015-8808 affects GraphicsMagick (GIF decoding path). The DecodeImage function in coders/gif.c can trigger an out-of-bounds read on crafted GIFs, leading to denial of service via uninitialized memory access. The issue is tied to the GIF parser in GraphicsMagick 1.3.18 and has been addressed i...

5.5CVSS5.2AI score0.01541EPSS
CVE
CVE
added 2017/02/03 3:0 p.m.87 views

CVE-2016-2318

GraphicsMagick 1.3.23 is affected by CVE-2016-2318, which can cause denial of service via a crafted SVG file due to segmentation faults in render SVG handling (DrawImage, SVGStartElement, TraceArcPath). Patches exist in downstream advisories: Debian/DSA-3746 fixes to GraphicsMagick (e.g., 1.3.20-...

5.5CVSS6.6AI score0.01879EPSS
CVE
CVE
added 2017/04/12 8:0 p.m.87 views

CVE-2016-9957

Summary: CVE-2016-9957 corresponds to a stack-based buffer overflow in the Game Music Emu library prior to version 0.6.1. Multiple connected advisories (Gentoo GLSA-201707-02, Fedora advisories) describe a remotely triggerable condition: a user could be enticed to open a specially crafted SPC mus...

7.8CVSS8.7AI score0.01928EPSS
CVE
CVE
added 2012/11/21 11:0 a.m.86 views

CVE-2012-5843

CVE-2012-5843 affects Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14. The vulnerability is described as unspecified memory safety hazards in the browser engine that could lead to memory corruption and a crash (DoS) or, potentially, arbitrary code execution via unk...

9.3CVSS9.2AI score0.05783EPSS
CVE
CVE
added 2017/03/17 2:0 p.m.84 views

CVE-2014-9854

CVE-2014-9854 affects ImageMagick, specifically the tiff coder (coders/tiff.c). The vulnerability allows remote attackers to cause an application crash (DoS) via vectors related to image identification. The supplied connected documents confirm the existence of this CVE within ImageMagick and desc...

7.5CVSS7AI score0.03656EPSS
CVE
CVE
added 2012/10/29 6:0 p.m.82 views

CVE-2012-4195

CVE-2012-4195 concerns Mozilla Firefox (and related Mozilla components) where nsLocation::CheckURL does not correctly determine the calling document/principal, enabling cross-site scripting (XSS) via crafted sites and certain add-on behaviors. Affected products/versions include Firefox before 16....

4.3CVSS8.2AI score0.01902EPSS
CVE
CVE
added 2012/11/21 11:0 a.m.81 views

CVE-2012-4217

CVE-2012-4217 is a use-after-free in Mozilla Firefox <17.0, Thunderbird <17.0, and SeaMonkey

9.3CVSS8.8AI score0.06155EPSS
CVE
CVE
added 2014/03/19 10:0 a.m.81 views

CVE-2014-1494

CVE-2014-1494 concerns multiple memory-safety vulnerabilities in the browser engine of Mozilla Firefox prior to 28.0 and SeaMonkey prior to 2.25, with remote denial of service or potential arbitrary code execution via unknown vectors. The connected docs confirm that these issues are part of MFSA ...

9.3CVSS9.9AI score0.05079EPSS
CVE
CVE
added 2014/10/15 3:15 p.m.81 views

CVE-2014-6474

The CVE-2014-6474 entry concerns Oracle MySQL Server 5.6.19 and earlier. It is described as an unspecified vulnerability that remote authenticated users can exploit to affect availability via vectors related to SERVER:MEMCACHED. The NVD metadata shows a base score of 3.5 (LOW) with CVSS2 metrics:...

3.5CVSS6.1AI score0.01363EPSS
CVE
CVE
added 2017/04/12 8:0 p.m.81 views

CVE-2016-9958

CVE-2016-9958 affects Game Music Emu, prior to version 0.6.1. The vulnerability enables a remote attacker to cause arbitrary memory writes, potentially enabling arbitrary code execution or DoS when opening a crafted SPC file. Public sources (Gentoo GLSA 201707-02 and related advisories) instruct ...

7.8CVSS8.5AI score0.0233EPSS
CVE
CVE
added 2017/04/05 5:0 p.m.78 views

CVE-2015-4680

FreeRADIUS is affected by CVE-2015-4680. Versions 2.2.x prior to 2.2.8 and 3.0.x prior to 3.0.9 do not properly check revocation of intermediate CA certificates, potentially allowing certificates issued by revoked intermediate authorities to be trusted. The vulnerability’s impact is reflected as ...

7.5CVSS7.4AI score0.01791EPSS
CVE
CVE
added 2016/04/08 3:0 p.m.77 views

CVE-2015-5969

CVE-2015-5969 involves the mysql-systemd-helper script in mysql-community-server and mariadb packages on openSUSE/OpenSUSE Leap/SLE. The issue allows local users to discover database credentials by listing a running process and its arguments. Affected packages/versions (from the Initial Descripti...

6.2CVSS6AI score0.0039EPSS
CVE
CVE
added 2017/03/17 2:0 p.m.76 views

CVE-2014-9852

ImageMagick vulnerability CVE-2014-9852 affects the ImageMagick code path distribute-cache.c, where objects are re-used after being destroyed. This can allow remote attackers to trigger unspecified impact via unspecified vectors. The initial entry notes a remote-exploit scenario with unspecified ...

9.8CVSS8.7AI score0.02933EPSS
CVE
CVE
added 2016/09/20 2:0 p.m.76 views

CVE-2015-8929

CVE-2015-8929 is a memory-leak vulnerability in libarchive’s tar parser (function __archive_read_get_extract in archive_read_extract2.c) that could allow a remote attacker to cause a denial of service by processing a crafted tar file, unless fixed. Public sources in connected documents confirm th...

5.5CVSS5.8AI score0.01538EPSS
CVE
CVE
added 2017/03/24 3:0 p.m.76 views

CVE-2016-7797

CVE-2016-7797 affects Pacemaker prior to 1.1.15. The issue can allow a remote, unauthenticated attacker (via pacemaker remote) to cause a denial of service resulting in node disconnection. The connected sources corroborate the high-level impact and reference related advisories (e.g., RHSA-2016:25...

7.5CVSS7.2AI score0.0325EPSS
CVE
CVE
added 2017/04/12 8:0 p.m.74 views

CVE-2016-9959

CVE-2016-9959 affects Game Music Emu prior to 0.6.1. The vulnerability allows a remote attacker to cause out-of-bounds 8-bit values in SPC/music processing, as described by NVD. Consequences are stated as enabling potential arbitrary behavior from crafted inputs; exploitation details are not prov...

7.8CVSS8.5AI score0.0233EPSS
CVE
CVE
added 2014/06/11 2:0 p.m.73 views

CVE-2014-2977

CVE-2014-2977 in DirectFB (Dispatch_Write in proxy/dispatcher/idirectfbsurface_dispatcher.c) allows remote attackers to cause a denial of service (crash) and possibly execute code via the Voodoo interface; CVE-2014-2978 is an out-of-bounds write in the same area. Connected advisories confirm thes...

10CVSS7.8AI score0.06776EPSS
CVE
CVE
added 2020/08/07 10:10 a.m.73 views

CVE-2020-8025

CVE-2020-8025 affects the pcp permissions handling in SUSE/openSUSE packages. Affected: SLES 12-SP4, SLES 15-LTSS, SLES for SAP 15; openSUSE Leap 15.1, openSUSE Tumbleweed. Affected component: permissions for some directories under the pcp package due to Incorrect Execution-Assigned Permissions. ...

9.3CVSS7.4AI score0.00475EPSS
CVE
CVE
added 2012/11/21 11:0 a.m.72 views

CVE-2012-4212

Public technical details about CVE-2012-4212 are not disclosed in the provided documents. Monitoring for updates is advised.

10CVSS8.8AI score0.05566EPSS
CVE
CVE
added 2012/11/21 11:0 a.m.70 views

CVE-2012-4218

CVE-2012-4218 involves a use-after-free in Mozilla Firefox’s BuildTextRunsScanner::BreakSink::SetBreaks, affecting Firefox < 17.0, Thunderbird < 17.0, and SeaMonkey

10CVSS8.8AI score0.05613EPSS
CVE
CVE
added 2014/03/19 10:0 a.m.67 views

CVE-2014-1501

Mozilla Firefox for Android is affected (before 28.0). The issue allows remote attackers to bypass the Same Origin Policy and access arbitrary file: URLs via the Open Link in New Tab action, enabling local file access from web content. The root cause is a Same Origin Policy bypass in the Android ...

5.8CVSS8.9AI score0.01568EPSS
CVE
CVE
added 2015/04/16 4:0 p.m.67 views

CVE-2015-2576

CVE-2015-2576 is a local, unspecified vulnerability in the MySQL Utilities component of Oracle MySQL (version 1.5.1 and earlier) when running on Windows. It allows local users to affect integrity via unknown vectors related to Installation. Affected product scope is Oracle MySQL Utilities bundled...

2.1CVSS5.2AI score0.00438EPSS
CVE
CVE
added 2014/06/11 2:0 p.m.65 views

CVE-2014-2978

CVE-2014-2978 is a DirectFB vulnerability in the Dispatch_Write function of proxy/dispatcher/idirectfbsurface_dispatcher.c (DirectFB 1.4.4). It allows remote attackers to cause a denial of service (crash) and, possibly, execute arbitrary code via the Voodoo interface due to an out-of-bounds write...

10CVSS7.6AI score0.06098EPSS
Total number of security vulnerabilities296