Linux Enterprise Software Development Kit
by SUSE S.A.
CVEs (325)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-2315 | Cri | 0.58 | 9.8 | 0.18 | Apr 8, 2016 | revision.c in git before 2.7.4 uses an incorrect integer data type, which allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, leading to a heap-based buffer overflow. | ||
| CVE-2014-1513 | Hig | 0.58 | 8.8 | 0.06 | Mar 19, 2014 | TypedArrayObject.cpp in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 does not prevent a zero-length transition during use of an ArrayBuffer object, which allows remote attackers to execute arbitrary code or cause a… | ||
| CVE-2014-1509 | Hig | 0.58 | 8.8 | 0.05 | Mar 19, 2014 | Buffer overflow in the _cairo_truetype_index_to_ucs4 function in cairo, as used in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25, allows remote attackers to execute arbitrary code via a crafted extension that… | ||
| CVE-2014-1482 | Hig | 0.58 | 8.8 | 0.06 | Feb 6, 2014 | RasterImage.cpp in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 does not prevent access to discarded data, which allows remote attackers to execute arbitrary code or cause a denial of service (incorrect write… | ||
| CVE-2012-5830 | Hig | 0.58 | 8.8 | 0.04 | Nov 21, 2012 | Use-after-free vulnerability in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 on Mac OS X allows remote attackers to execute arbitrary code via an HTML document. | ||
| CVE-2010-2753 | Hig | 0.58 | 8.8 | 0.07 | Jul 30, 2010 | Integer overflow in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 allows remote attackers to execute arbitrary code via a large selection attribute in a XUL tree element, which… | ||
| CVE-2016-3718 | Med | 0.57 | 5.5 | 0.77 | KEV | May 5, 2016 | The (1) HTTP and (2) FTP coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted image. | |
| CVE-2016-3715 | Med | 0.57 | 5.5 | 0.75 | KEV | May 5, 2016 | The EPHEMERAL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to delete arbitrary files via a crafted image. | |
| CVE-2014-1497 | Hig | 0.57 | 8.8 | 0.03 | Mar 19, 2014 | The mozilla::WaveReader::DecodeAudioData function in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to obtain sensitive information from process heap memory, cause a denial of service… | ||
| CVE-2017-1000366 | Hig | 0.54 | 7.8 | 0.03 | Jun 19, 2017 | glibc contains a vulnerability that allows specially crafted LD_LIBRARY_PATH values to manipulate the heap/stack, causing them to alias, potentially resulting in arbitrary code execution. Please note that additional hardening changes have been made to glibc to prevent… | ||
| CVE-2016-9959 | Hig | 0.51 | 7.8 | 0.02 | Apr 12, 2017 | game-music-emu before 0.6.1 allows remote attackers to generate out of bounds 8-bit values. | ||
| CVE-2016-9958 | Hig | 0.51 | 7.8 | 0.02 | Apr 12, 2017 | game-music-emu before 0.6.1 allows remote attackers to write to arbitrary memory locations. | ||
| CVE-2016-9957 | Hig | 0.51 | 7.8 | 0.02 | Apr 12, 2017 | Stack-based buffer overflow in game-music-emu before 0.6.1. | ||
| CVE-2015-8931 | Hig | 0.51 | 7.8 | 0.02 | Sep 20, 2016 | Multiple integer overflows in the (1) get_time_t_max and (2) get_time_t_min functions in archive_read_support_format_mtree.c in libarchive before 3.2.0 allow remote attackers to have unspecified impact via a crafted mtree file, which triggers undefined behavior. | ||
| CVE-2015-8567 | Hig | 0.50 | 7.7 | 0.06 | Apr 13, 2017 | Memory leak in net/vmxnet3.c in QEMU allows remote attackers to cause a denial of service (memory consumption). | ||
| CVE-2015-5300 | Hig | 0.49 | 7.5 | 0.09 | Jul 21, 2017 | The panic_gate check in NTP before 4.2.8p5 is only re-enabled after the first change to the system clock that was greater than 128 milliseconds by default, which allows remote attackers to set NTP to an arbitrary time when started with the -g option, or to alter the time by up… | ||
| CVE-2015-4680 | Hig | 0.49 | 7.5 | 0.02 | Apr 5, 2017 | FreeRADIUS 2.2.x before 2.2.8 and 3.0.x before 3.0.9 does not properly check revocation of intermediate CA certificates. | ||
| CVE-2016-7797 | Hig | 0.49 | 7.5 | 0.03 | Mar 24, 2017 | Pacemaker before 1.1.15, when using pacemaker remote, might allow remote attackers to cause a denial of service (node disconnection) via an unauthenticated connection. | ||
| CVE-2016-9398 | Hig | 0.49 | 7.5 | 0.06 | Mar 23, 2017 | The jpc_floorlog2 function in jpc_math.c in JasPer before 1.900.17 allows remote attackers to cause a denial of service (assertion failure) via unspecified vectors. | ||
| CVE-2014-9854 | Hig | 0.49 | 7.5 | 0.04 | Mar 17, 2017 | coders/tiff.c in ImageMagick allows remote attackers to cause a denial of service (application crash) via vectors related to the "identification of image." |
- risk 0.58cvss 9.8epss 0.18
revision.c in git before 2.7.4 uses an incorrect integer data type, which allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, leading to a heap-based buffer overflow.
- risk 0.58cvss 8.8epss 0.06
TypedArrayObject.cpp in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 does not prevent a zero-length transition during use of an ArrayBuffer object, which allows remote attackers to execute arbitrary code or cause a…
- risk 0.58cvss 8.8epss 0.05
Buffer overflow in the _cairo_truetype_index_to_ucs4 function in cairo, as used in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25, allows remote attackers to execute arbitrary code via a crafted extension that…
- risk 0.58cvss 8.8epss 0.06
RasterImage.cpp in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 does not prevent access to discarded data, which allows remote attackers to execute arbitrary code or cause a denial of service (incorrect write…
- risk 0.58cvss 8.8epss 0.04
Use-after-free vulnerability in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 on Mac OS X allows remote attackers to execute arbitrary code via an HTML document.
- risk 0.58cvss 8.8epss 0.07
Integer overflow in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 allows remote attackers to execute arbitrary code via a large selection attribute in a XUL tree element, which…
- risk 0.57cvss 5.5epss 0.77
The (1) HTTP and (2) FTP coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted image.
- risk 0.57cvss 5.5epss 0.75
The EPHEMERAL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to delete arbitrary files via a crafted image.
- risk 0.57cvss 8.8epss 0.03
The mozilla::WaveReader::DecodeAudioData function in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to obtain sensitive information from process heap memory, cause a denial of service…
- risk 0.54cvss 7.8epss 0.03
glibc contains a vulnerability that allows specially crafted LD_LIBRARY_PATH values to manipulate the heap/stack, causing them to alias, potentially resulting in arbitrary code execution. Please note that additional hardening changes have been made to glibc to prevent…
- risk 0.51cvss 7.8epss 0.02
game-music-emu before 0.6.1 allows remote attackers to generate out of bounds 8-bit values.
- risk 0.51cvss 7.8epss 0.02
game-music-emu before 0.6.1 allows remote attackers to write to arbitrary memory locations.
- risk 0.51cvss 7.8epss 0.02
Stack-based buffer overflow in game-music-emu before 0.6.1.
- risk 0.51cvss 7.8epss 0.02
Multiple integer overflows in the (1) get_time_t_max and (2) get_time_t_min functions in archive_read_support_format_mtree.c in libarchive before 3.2.0 allow remote attackers to have unspecified impact via a crafted mtree file, which triggers undefined behavior.
- risk 0.50cvss 7.7epss 0.06
Memory leak in net/vmxnet3.c in QEMU allows remote attackers to cause a denial of service (memory consumption).
- risk 0.49cvss 7.5epss 0.09
The panic_gate check in NTP before 4.2.8p5 is only re-enabled after the first change to the system clock that was greater than 128 milliseconds by default, which allows remote attackers to set NTP to an arbitrary time when started with the -g option, or to alter the time by up…
- risk 0.49cvss 7.5epss 0.02
FreeRADIUS 2.2.x before 2.2.8 and 3.0.x before 3.0.9 does not properly check revocation of intermediate CA certificates.
- risk 0.49cvss 7.5epss 0.03
Pacemaker before 1.1.15, when using pacemaker remote, might allow remote attackers to cause a denial of service (node disconnection) via an unauthenticated connection.
- risk 0.49cvss 7.5epss 0.06
The jpc_floorlog2 function in jpc_math.c in JasPer before 1.900.17 allows remote attackers to cause a denial of service (assertion failure) via unspecified vectors.
- risk 0.49cvss 7.5epss 0.04
coders/tiff.c in ImageMagick allows remote attackers to cause a denial of service (application crash) via vectors related to the "identification of image."
Page 3 of 17