VYPR

Linux Enterprise Software Development Kit

by SUSE S.A.

CVEs (325)

  • CVE-2016-2315CriApr 8, 2016
    risk 0.58cvss 9.8epss 0.18

    revision.c in git before 2.7.4 uses an incorrect integer data type, which allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, leading to a heap-based buffer overflow.

  • CVE-2014-1513HigMar 19, 2014
    risk 0.58cvss 8.8epss 0.06

    TypedArrayObject.cpp in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 does not prevent a zero-length transition during use of an ArrayBuffer object, which allows remote attackers to execute arbitrary code or cause a…

  • CVE-2014-1509HigMar 19, 2014
    risk 0.58cvss 8.8epss 0.05

    Buffer overflow in the _cairo_truetype_index_to_ucs4 function in cairo, as used in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25, allows remote attackers to execute arbitrary code via a crafted extension that…

  • CVE-2014-1482HigFeb 6, 2014
    risk 0.58cvss 8.8epss 0.06

    RasterImage.cpp in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 does not prevent access to discarded data, which allows remote attackers to execute arbitrary code or cause a denial of service (incorrect write…

  • CVE-2012-5830HigNov 21, 2012
    risk 0.58cvss 8.8epss 0.04

    Use-after-free vulnerability in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 on Mac OS X allows remote attackers to execute arbitrary code via an HTML document.

  • CVE-2010-2753HigJul 30, 2010
    risk 0.58cvss 8.8epss 0.07

    Integer overflow in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 allows remote attackers to execute arbitrary code via a large selection attribute in a XUL tree element, which…

  • CVE-2016-3718MedKEVMay 5, 2016
    risk 0.57cvss 5.5epss 0.77

    The (1) HTTP and (2) FTP coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted image.

  • CVE-2016-3715MedKEVMay 5, 2016
    risk 0.57cvss 5.5epss 0.75

    The EPHEMERAL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to delete arbitrary files via a crafted image.

  • CVE-2014-1497HigMar 19, 2014
    risk 0.57cvss 8.8epss 0.03

    The mozilla::WaveReader::DecodeAudioData function in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to obtain sensitive information from process heap memory, cause a denial of service…

  • CVE-2017-1000366HigJun 19, 2017
    risk 0.54cvss 7.8epss 0.03

    glibc contains a vulnerability that allows specially crafted LD_LIBRARY_PATH values to manipulate the heap/stack, causing them to alias, potentially resulting in arbitrary code execution. Please note that additional hardening changes have been made to glibc to prevent…

  • CVE-2016-9959HigApr 12, 2017
    risk 0.51cvss 7.8epss 0.02

    game-music-emu before 0.6.1 allows remote attackers to generate out of bounds 8-bit values.

  • CVE-2016-9958HigApr 12, 2017
    risk 0.51cvss 7.8epss 0.02

    game-music-emu before 0.6.1 allows remote attackers to write to arbitrary memory locations.

  • CVE-2016-9957HigApr 12, 2017
    risk 0.51cvss 7.8epss 0.02

    Stack-based buffer overflow in game-music-emu before 0.6.1.

  • CVE-2015-8931HigSep 20, 2016
    risk 0.51cvss 7.8epss 0.02

    Multiple integer overflows in the (1) get_time_t_max and (2) get_time_t_min functions in archive_read_support_format_mtree.c in libarchive before 3.2.0 allow remote attackers to have unspecified impact via a crafted mtree file, which triggers undefined behavior.

  • CVE-2015-8567HigApr 13, 2017
    risk 0.50cvss 7.7epss 0.06

    Memory leak in net/vmxnet3.c in QEMU allows remote attackers to cause a denial of service (memory consumption).

  • CVE-2015-5300HigJul 21, 2017
    risk 0.49cvss 7.5epss 0.09

    The panic_gate check in NTP before 4.2.8p5 is only re-enabled after the first change to the system clock that was greater than 128 milliseconds by default, which allows remote attackers to set NTP to an arbitrary time when started with the -g option, or to alter the time by up…

  • CVE-2015-4680HigApr 5, 2017
    risk 0.49cvss 7.5epss 0.02

    FreeRADIUS 2.2.x before 2.2.8 and 3.0.x before 3.0.9 does not properly check revocation of intermediate CA certificates.

  • CVE-2016-7797HigMar 24, 2017
    risk 0.49cvss 7.5epss 0.03

    Pacemaker before 1.1.15, when using pacemaker remote, might allow remote attackers to cause a denial of service (node disconnection) via an unauthenticated connection.

  • CVE-2016-9398HigMar 23, 2017
    risk 0.49cvss 7.5epss 0.06

    The jpc_floorlog2 function in jpc_math.c in JasPer before 1.900.17 allows remote attackers to cause a denial of service (assertion failure) via unspecified vectors.

  • CVE-2014-9854HigMar 17, 2017
    risk 0.49cvss 7.5epss 0.04

    coders/tiff.c in ImageMagick allows remote attackers to cause a denial of service (application crash) via vectors related to the "identification of image."

Page 3 of 17