Linux Enterprise Software Development Kit Security Vulnerabilities and Issues — Linux Enterprise Software Development Kit CVE List

Lucene search

SuseLinux Enterprise Software Development Kit

9 matches found

CVE•added 2014/03/14 3:55 p.m.•893 views

CVE-2014-2323

SQL injection vulnerability in mod_mysql_vhost.c in lighttpd before 1.4.35 allows remote attackers to execute arbitrary SQL commands via the host name, related to request_check_hostname.

9.8CVSS9.8AI score0.926EPSS

CVE•added 2014/03/14 3:55 p.m.•309 views

CVE-2014-2324

Multiple directory traversal vulnerabilities in (1) mod_evhost and (2) mod_simple_vhost in lighttpd before 1.4.35 allow remote attackers to read arbitrary files via a .. (dot dot) in the host name, related to request_check_hostname.

5CVSS9.2AI score0.74389EPSS

CVE•added 2014/03/21 2:55 p.m.•243 views

CVE-2014-2497

The gdImageCreateFromXpm function in gdxpm.c in libgd, as used in PHP 5.4.26 and earlier, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted color table in an XPM file.

4.3CVSS7AI score0.05174EPSS

CVE•added 2014/03/19 10:55 a.m.•69 views

CVE-2014-1494

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

9.3CVSS9.9AI score0.00387EPSS

CVE•added 2014/03/19 10:55 a.m.•67 views

CVE-2014-1502

The (1) WebGL.compressedTexImage2D and (2) WebGL.compressedTexSubImage2D functions in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote attackers to bypass the Same Origin Policy and render content in a different domain via unspecified vectors.

6.8CVSS9.1AI score0.00284EPSS

CVE•added 2014/03/19 10:55 a.m.•65 views

CVE-2014-1498

The crypto.generateCRMFRequest method in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 does not properly validate a certain key type, which allows remote attackers to cause a denial of service (application crash) via vectors that trigger generation of a key that supports the Elliptic Curve ...

5CVSS8.8AI score0.00548EPSS

CVE•added 2014/03/19 10:55 a.m.•63 views

CVE-2014-1500

Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote attackers to cause a denial of service (resource consumption and application hang) via onbeforeunload events that trigger background JavaScript execution.

5CVSS9AI score0.02256EPSS

CVE•added 2014/03/19 10:55 a.m.•53 views

CVE-2014-1499

Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote attackers to spoof the domain name in the WebRTC (1) camera or (2) microphone permission prompt by triggering navigation at a certain time during generation of this prompt.

4.3CVSS9AI score0.00611EPSS

CVE•added 2014/03/19 10:55 a.m.•53 views

CVE-2014-1501

Mozilla Firefox before 28.0 on Android allows remote attackers to bypass the Same Origin Policy and access arbitrary file: URLs via vectors involving the "Open Link in New Tab" menu selection.

5.8CVSS8.9AI score0.00229EPSS