Lucene search
K
SuseLinux Enterprise

97 matches found

CVE
CVE
added 2016/06/05 11:0 p.m.101 views

CVE-2016-1681

The CVE-2016-1681 issue is a heap-based buffer overflow in the opj_j2k_read_SPCod_SPCoc function (j2k.c) in OpenJPEG, as used by PDFium in Google Chrome. Exploitation could allow a remote attacker to cause a denial of service or potentially other impact via a crafted PDF document. Connected advis...

8.8CVSS8.9AI score0.01532EPSS
CVE
CVE
added 2017/02/03 3:0 p.m.101 views

CVE-2016-8568

CVE-2016-8568 affects libgit2 prior to 0.24.3, where the git_commit_message function in oid.c can trigger an out-of-bounds read via a crafted object file when a cat-file command is processed. This has been publicly documented across multiple advisories and feeds (NVD entry and vendor-focused noti...

5.5CVSS5.3AI score0.01903EPSS
CVE
CVE
added 2016/06/05 11:0 p.m.100 views

CVE-2016-1674

CVE-2016-1674 is a cross‑origin bypass vulnerability in Chrome/Chromium extensions bindings. The issue is described in the official Chrome security release notes for Chrome 51 (51.0.2704.63) and is listed among multiple CVEs fixed in that build. Debian security advisories also note fixes for chro...

8.8CVSS8.2AI score0.01645EPSS
CVE
CVE
added 2016/04/30 5:0 p.m.100 views

CVE-2016-2806

CVE-2016-2806 affects Mozilla Firefox before 46.0 and Firefox ESR 45.x before 45.1. The issue is described as memory safety vulnerabilities in the browser engine that could lead to memory corruption, a denial of service, or possibly arbitrary code execution via unknown vectors. The connected sour...

10CVSS9.2AI score0.04692EPSS
CVE
CVE
added 2016/04/18 10:0 a.m.99 views

CVE-2016-1659

CVE-2016-1659 is part of the Chromium/Google Chrome 50.0.2661.75 update (20 security fixes total). The Chrome release notes attribute CVE-2016-1659 to “various fixes from internal audits, fuzzing and other initiatives.” The connected documents indicate this CVE is addressed alongside other issues...

10CVSS9.2AI score0.01458EPSS
CVE
CVE
added 2015/04/19 10:0 a.m.97 views

CVE-2015-1241

Chromium/Google Chrome vulnerability CVE-2015-1241 (tap-jacking) arises from how page navigation interacts with touch and gesture handling, allowing a crafted site to trigger remote UI actions. Affected product: Chromium-based browsers (Chrome). Root cause: interaction between navigation and touc...

4.3CVSS6AI score0.02223EPSS
CVE
CVE
added 2016/06/05 11:0 p.m.97 views

CVE-2016-1689

CVE-2016-1689 refers to a heap-based buffer overflow in Google Chrome before 51.0.2704.63, specifically in content/renderer/media/canvas_capture_handler.cc. The vulnerability could allow a remote attacker to cause a denial of service or other impact via a crafted web site. The public records in t...

6.5CVSS7.6AI score0.01025EPSS
CVE
CVE
added 2016/06/05 11:0 p.m.97 views

CVE-2016-1696

CVE-2016-1696 affects Google Chrome prior to 51.0.2704.79, where the extensions subsystem did not properly restrict bindings access, enabling a cross-origin bypass of the Same Origin Policy via unspecified vectors. Multiple connected sources (Chromium security advisories and Debian/arch updates) ...

8.8CVSS8.2AI score0.01235EPSS
CVE
CVE
added 2009/06/06 6:0 p.m.96 views

CVE-2009-1961

CVE-2009-1961 is a local-denial-of-service vulnerability in the Linux kernel related to the inode double-locking path in fs/ocfs2/file.c. A sequence of splice system calls can deadlock between generic_file_splice_write, splice_from_pipe, and ocfs2_file_splice_write, preventing file creation/remov...

4.7CVSS4.4AI score0.00589EPSS
CVE
CVE
added 2016/06/05 11:0 p.m.96 views

CVE-2016-1680

CVE-2016-1680 is a use-after-free in Skia (SkFontHost_FreeType.cpp) used by Google Chrome prior to 51.0.2704.63. The vulnerability could cause a denial of service via heap memory corruption. Chrome 51.0.2704.63 (and later) includes fixes for this issue. The available documents provide the vulnera...

8.8CVSS8.7AI score0.01275EPSS
CVE
CVE
added 2016/06/05 11:0 p.m.95 views

CVE-2016-1675

CVE-2016-1675 affects Google Chrome/Chromium up to 51.0.2704.63. It is a Same Origin Policy bypass in Blink/WebKit caused by mishandling of Document reattachment during destruction, related to FrameLoader.cpp and LocalFrame.cpp. The Chrome/Chromium 51 stable update (51.0.2704.63) fixes this and r...

8.8CVSS8.2AI score0.01534EPSS
CVE
CVE
added 2016/06/05 11:0 p.m.94 views

CVE-2016-1679

CVE-2016-1679 affects Google Chrome prior to 51.0.2704.63, specifically the ToV8Value function in content/child/v8_value_converter_impl.cc used by the V8 bindings. The issue improperly restricts use of getters and setters, enabling remote attackers to trigger a denial-of-service via a use-after-f...

8.8CVSS8.8AI score0.01322EPSS
CVE
CVE
added 2016/06/05 11:0 p.m.94 views

CVE-2016-1695

Summary: CVE-2016-1695 is associated with multiple issues in the Chromium/Google Chrome stack that were addressed in Chromium/Chrome upgrades to version 51.0.2704.63. Debian security advisories (DSA-3590-1 and related entries) specify that chromium-browser was updated to fix this and related CVEs...

8.8CVSS8.7AI score0.01153EPSS
CVE
CVE
added 2016/06/05 11:0 p.m.94 views

CVE-2016-1699

CVE-2016-1699 affects WebKit/Blink DevTools front_end/devtools.js in Google Chrome prior to 51.0.2704.79. The vulnerability is a parameter sanitization failure in DevTools that could allow a remote attacker to bypass access restrictions by using a crafted URL (remoteFrontendUrl not properly valid...

6.5CVSS6.7AI score0.01379EPSS
CVE
CVE
added 2016/06/05 11:0 p.m.94 views

CVE-2016-1700

CVE-2016-1700 concerns Google Chrome/Chromium up to version 51.0.2704.79, where extensions/renderer/runtime_custom_bindings.cc does not account for side effects when creating an array of extension views. This can lead to a use-after-free in extensions, with the primary consequence described as a ...

7.5CVSS8.1AI score0.01151EPSS
CVE
CVE
added 2016/06/05 11:0 p.m.93 views

CVE-2016-1682

The CVE-2016-1682 entry covers a CSP bypass in ServiceWorker registration via Blink/WebKit used by Google Chrome prior to 51.0.2704.63. Affected component is ServiceWorkerContainer::registerServiceWorkerImpl in Blink; root cause is CSP protection bypass during ServiceWorker registration. Impact i...

6.1CVSS6.6AI score0.0111EPSS
CVE
CVE
added 2016/06/05 11:0 p.m.93 views

CVE-2016-1703

CVE-2016-1703 refers to multiple unspecified vulnerabilities in Google Chrome/Chromium up to version 51.0.2704.79, which could allow a remote attacker to cause a denial of service or potentially other impact via unknown vectors. The Mageia advisory explicitly ties CVE-2016-1703 to Chromium 51.0.2...

8.8CVSS8.7AI score0.01153EPSS
CVE
CVE
added 2013/11/15 6:16 p.m.92 views

CVE-2013-4480

CVE-2013-4480 affects Red Hat Satellite 5.6 and earlier. The root cause is that the web interface used to create the initial administrator user was not disabled after setup, enabling a remote attacker to create an admin account. Documented impact is the potential for unauthorized administrative a...

7.5CVSS6.7AI score0.02134EPSS
CVE
CVE
added 2016/04/18 10:0 a.m.92 views

CVE-2016-1653

CVE-2016-1653 is an out-of-bounds write in Google V8 used by Chrome up to version 50.0.2661.75. The issue, tied to compiler/pipeline.cc and compiler/simplified-lowering.cc, could cause a denial of service and possibly other impact via crafted JavaScript. Affected software includes Google Chrome/C...

9.3CVSS9.3AI score0.02573EPSS
CVE
CVE
added 2017/02/03 3:0 p.m.92 views

CVE-2016-8569

Vulnerability details (CVE-2016-8569): The libgit2 library (versions before 0.24.3) is affected by a denial-of-service via a NULL pointer dereference in git_commit_message when processing certain crafted objects (cat-file usage). Public advisories in Debian/Ubuntu openSUSE notes confirm the issue...

5.5CVSS5.3AI score0.01837EPSS
CVE
CVE
added 2016/06/05 11:0 p.m.91 views

CVE-2016-1690

CVE-2016-1690 affects Google Chrome Autofill: the interaction between field updates and JavaScript that triggers a frame deletion allows remote attackers to cause a use-after-free DoS (and possibly other impact) via a crafted website. Affected versions are prior to 51.0.2704.63 (and related advis...

7.5CVSS8.1AI score0.01045EPSS
CVE
CVE
added 2010/04/07 3:0 p.m.90 views

CVE-2010-0629

CVE-2010-0629 describes a use-after-free in the MIT Kerberos 5 kadmind component (server_stubs.c) that can allow a remote authenticated user to crash kadmind, causing a denial of service. The affected range is MIT Kerberos 5 1.5 through 1.6.3. The vulnerability is triggered by a kadmin client sen...

6.5CVSS5.9AI score0.05469EPSS
CVE
CVE
added 2016/04/18 10:0 a.m.90 views

CVE-2016-1651

CVE-2016-1651 corresponds to an out-of-bounds read in the Pdfium JPEG2000 decoding path used by Chrome/Chromium (fxcodec/codec/fx_codec_jpx_opj.cpp) due to incorrect sycc420_to_rgb and sycc422_to_rgb implementations. This can allow a remote attacker to read sensitive process memory or cause a den...

8.1CVSS8.2AI score0.01278EPSS
CVE
CVE
added 2016/04/18 10:0 a.m.90 views

CVE-2016-1652

CVE-2016-1652 is a Chrome/Chromium vulnerability: a Cross-site scripting (UXSS) in the Extension bindings via ModuleSystem::RequireForJsInner in extensions/renderer/module_system.cc. The issue allows remote attackers to inject arbitrary web script or HTML through a crafted website. Affected produ...

6.1CVSS6.2AI score0.01064EPSS
CVE
CVE
added 2016/06/05 11:0 p.m.89 views

CVE-2016-1678

CVE-2016-1678 describes a heap overflow in the V8 JavaScript engine (used by Google Chrome) due to insufficient restriction of lazy deoptimization in objects.cc. Affected software includes V8 up to 5.0.71.32 and Google Chrome up to 51.0.2704.63. Exploitation could allow a remote attacker to cause...

8.8CVSS8.8AI score0.01635EPSS
CVE
CVE
added 2016/06/05 11:0 p.m.89 views

CVE-2016-1692

CVE-2016-1692 concerns WebKit/Blink: StyleSheetContents.cpp in Blink, used by Google Chrome prior to 51.0.2704.63, allows a ServiceWorker to cause cross-origin loading of CSS stylesheets even when the stylesheet has an incorrect MIME type. This enables bypassing the Same Origin Policy via a craft...

5.3CVSS5.9AI score0.01127EPSS
CVE
CVE
added 2016/06/05 11:0 p.m.88 views

CVE-2016-1673

CVE-2016-1673 refers to a cross-origin bypass in Blink/WebKit used by Blink in Google Chrome prior to 51.0.2704.63. The connected sources confirm it is part of a set of Chromium/KChrome issues fixed in the 51.0.2704.63 release, with Debian indicating the fix is in chromium-browser 51.0.2704.63-1~...

8.8CVSS8.2AI score0.01593EPSS
CVE
CVE
added 2016/06/05 11:0 p.m.88 views

CVE-2016-1686

The CVE-2016-1686 entry concerns PDFium (as used by Google Chrome up to version 51.0.2704.63). The flaw is in CPDF_DIBSource::CreateDecoder in core/fpdfapi/fpdf_render/fpdf_render_loadimage.cpp, where decoder-initialization failure is mishandled, enabling a remote attacker to trigger an out-of-bo...

6.5CVSS6.5AI score0.0128EPSS
CVE
CVE
added 2016/06/05 11:0 p.m.87 views

CVE-2016-1685

CVE-2016-1685 affects PDFium (as used in Google Chrome). The vulnerability is an out-of-bounds read in pdfium/fxge/ge/fx_ge_text.cpp due to miscalculated index values, enabling remote attackers to trigger a denial of service via crafted PDF documents. Public advisories/entries (e.g., Debian/Chrom...

6.5CVSS6.5AI score0.0128EPSS
CVE
CVE
added 2016/10/10 4:0 p.m.87 views

CVE-2016-5325

CVE-2016-5325 is a CRLF injection flaw in Node.js’s ServerResponse#writeHead(), allowing a remote attacker to inject arbitrary HTTP headers via the reason argument. Affected are Node.js versions: 0.10.x before 0.10.47, 0.12.x before 0.12.16, 4.x before 4.6.0, and 6.x before 6.7.0. Impact is HTTP ...

6.1CVSS6.7AI score0.04093EPSS
CVE
CVE
added 2010/01/09 6:0 p.m.86 views

CVE-2010-0013

CVE-2010-0013 affects Pidgin (libpurple) via the MSN protocol plugin, specifically the slp.c code path handling custom smiley requests. A directory traversal vulnerability in an MSN emoticon request (.. in filename) could allow remote attackers to read arbitrary files on the affected host. Root c...

7.5CVSS7.5AI score0.12496EPSS
CVE
CVE
added 2016/06/05 11:0 p.m.86 views

CVE-2016-1701

CVE-2016-1701 concerns Google Chrome’s Autofill implementation. The vulnerability arises from how field updates interact with JavaScript triggering a frame deletion, leading to a use-after-free and potential denial of service (and possibly other impact) via a crafted web site. Affected software i...

8.8CVSS8.1AI score0.00948EPSS
CVE
CVE
added 2017/04/12 8:0 p.m.86 views

CVE-2016-9957

Summary: CVE-2016-9957 corresponds to a stack-based buffer overflow in the Game Music Emu library prior to version 0.6.1. Multiple connected advisories (Gentoo GLSA-201707-02, Fedora advisories) describe a remotely triggerable condition: a user could be enticed to open a specially crafted SPC mus...

7.8CVSS8.7AI score0.01928EPSS
CVE
CVE
added 2016/06/05 11:0 p.m.85 views

CVE-2016-1687

CVE-2016-1687 affects Google Chrome/Chromium. The vulnerability is an information disclosure in the renderer related to extensions, allowing a remote attacker to obtain sensitive information. The issue is documented as fixed in Chrome 51.0.2704.63 (and corresponding Chromium/debian security updat...

6.5CVSS6.5AI score0.01445EPSS
CVE
CVE
added 2016/12/23 10:0 p.m.84 views

CVE-2016-7966

CVE-2016-7966 affects KDE’s KMail plaintext viewer. A crafted URL containing a quote character can inject HTML code due to the URL parser’s handling, limiting inclusion of characters like = or space, but allowing an HTML comment indicator to hide content. This creates a potential HTML injection r...

7.5CVSS7.2AI score0.02345EPSS
CVE
CVE
added 2016/06/05 11:0 p.m.83 views

CVE-2016-1694

CVE-2016-1694 affects Google Chrome before 51.0.2704.63, where browser/browsing_data/browsing_data_remover.cc deletes HPKP pins during cache cleanup. This undermines certificate pinning, enabling remote attackers to spoof websites by presenting a valid certificate from any trusted CA. The public ...

5.3CVSS6AI score0.01004EPSS
CVE
CVE
added 2016/04/18 10:0 a.m.82 views

CVE-2016-1654

CVE-2016-1654 relates to the Chromium/Chrome media subsystem where an uninitialized memory read occurs in the media component, leading to a potential denial of service via invalid read operations. The issue was fixed in Chrome/Chromium builds around version 50.0.2661.75. Debian security advisorie...

6.5CVSS7.1AI score0.01201EPSS
CVE
CVE
added 2016/04/18 10:0 a.m.82 views

CVE-2016-1655

CVE-2016-1655 refers to a use-after-free vulnerability in Chromium/Google Chrome related to extensions, caused by frame removal during callback execution. Affected product line is Google Chrome/Chromium around version 50.0.2661.75. Impact per the sources: potential denial of service and other uns...

8.8CVSS9.2AI score0.02142EPSS
CVE
CVE
added 2016/04/18 10:0 a.m.82 views

CVE-2016-1656

CVE-2016-1656 relates to Google Chrome for Android prior to 50.0.2661.75, where the download implementation allowed a remote attacker to bypass intended Android file-path restrictions. The issue arises from the download path handling in Chrome’s Android component, enabling bypass of pathname rest...

7.5CVSS7.8AI score0.01462EPSS
CVE
CVE
added 2016/06/05 11:0 p.m.82 views

CVE-2016-1693

The CVE-2016-1693 vulnerability affects Google Chrome/Chromium where the Software Removal Tool was downloaded over HTTP instead of HTTPS, enabling a MITM to spoof chrome_cleanup_tool.exe. The issue is documented in multiple sources (e.g., Debian security advisories, Gentoo GLSA, Arch lists) and i...

5.3CVSS5.8AI score0.01158EPSS
CVE
CVE
added 2009/02/12 4:0 p.m.81 views

CVE-2008-6123

CVE-2008-6123 affects net-snmp, specifically the netsnmp_udp_fmtaddr function in net-snmp versions 5.0.9 through 5.4.2.1. When using TCP wrappers for client authorization, the function does not properly parse hosts.allow rules, which can allow remote attackers to bypass access restrictions and ex...

5CVSS7.5AI score0.0292EPSS
CVE
CVE
added 2016/06/05 11:0 p.m.81 views

CVE-2016-1702

The CVE-2016-1702 issue concerns SkRegion::readFromMemory in Skia, used by Google Chrome prior to 51.0.2704.79. The function does not validate the interval count, enabling remote attackers to trigger an out-of-bounds read via crafted serialized data, potentially causing a denial of service. Publi...

6.5CVSS6.7AI score0.01234EPSS
CVE
CVE
added 2010/05/07 10:0 p.m.80 views

CVE-2010-1866

CVE-2010-1866 concerns the PHP dechunk filter in PHP 5.3 through 5.3.2. When decoding HTTP chunked encoding streams, a negative chunk size can bypass signed comparisons due to an integer overflow in the chunk size decoder, enabling a context-dependent DoS and potentially memory corruption. Public...

9.8CVSS9.4AI score0.06723EPSS
CVE
CVE
added 2017/04/12 8:0 p.m.80 views

CVE-2016-9958

CVE-2016-9958 affects Game Music Emu, prior to version 0.6.1. The vulnerability enables a remote attacker to cause arbitrary memory writes, potentially enabling arbitrary code execution or DoS when opening a crafted SPC file. Public sources (Gentoo GLSA 201707-02 and related advisories) instruct ...

7.8CVSS8.5AI score0.0233EPSS
CVE
CVE
added 2009/03/02 8:0 p.m.79 views

CVE-2009-0749

OptiPNG 0.6.2 and earlier is affected by a use-after-free in GIFReadNextExtension in lib/pngxtern/gif/gifread.c, leading to memory corruption and potential denial of service when processing crafted GIFs. Multiple advisories (OpenSUSE/SUSE and Gentoo GLSA) cite CVE-2009-0749 and describe the GIF h...

9.3CVSS7.2AI score0.01553EPSS
CVE
CVE
added 2016/10/10 4:0 p.m.78 views

CVE-2016-7099

CVE-2016-7099 affects Node.js TLS: tls.checkServerIdentity fails to properly validate certs with wildcards, enabling MITM via crafted X.509 certificates. The issue is fixed in upstream Node.js by updating to versions where wildcard handling is corrected (0.10.47, 0.12.16, 4.6.0, 6.7.0) and is ech...

5.9CVSS6AI score0.02841EPSS
CVE
CVE
added 2017/04/12 8:0 p.m.74 views

CVE-2016-9959

CVE-2016-9959 affects Game Music Emu prior to 0.6.1. The vulnerability allows a remote attacker to cause out-of-bounds 8-bit values in SPC/music processing, as described by NVD. Consequences are stated as enabling potential arbitrary behavior from crafted inputs; exploitation details are not prov...

7.8CVSS8.5AI score0.0233EPSS
Total number of security vulnerabilities97