VYPR

openSUSE

by OpenSUSE

Source repositories

CVEs (1,425)

  • CVE-2016-1677MedJun 5, 2016
    risk 0.42cvss 6.5epss 0.03

    uri.js in Google V8 before 5.1.281.26, as used in Google Chrome before 51.0.2704.63, uses an incorrect array type, which allows remote attackers to obtain sensitive information by calling the decodeURI function and leveraging "type confusion."

  • CVE-2016-1665MedMay 14, 2016
    risk 0.42cvss 6.5epss 0.02

    The JSGenericLowering class in compiler/js-generic-lowering.cc in Google V8, as used in Google Chrome before 50.0.2661.94, mishandles comparison operators, which allows remote attackers to obtain sensitive information via crafted JavaScript code.

  • CVE-2016-1956MedMar 13, 2016
    risk 0.42cvss 6.5epss 0.02

    Mozilla Firefox before 45.0 on Linux, when an Intel video driver is used, allows remote attackers to cause a denial of service (memory consumption or stack memory corruption) by triggering use of a WebGL shader.

  • CVE-2016-2041HigFeb 20, 2016
    risk 0.42cvss 7.5epss 0.03

    libraries/common.inc.php in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 does not use a constant-time algorithm for comparing CSRF tokens, which makes it easier for remote attackers to bypass intended access restrictions by measuring time…

  • CVE-2016-1938MedJan 31, 2016
    risk 0.42cvss 6.5epss 0.03

    The s_mp_div function in lib/freebl/mpi/mpi.c in Mozilla Network Security Services (NSS) before 3.21, as used in Mozilla Firefox before 44.0, improperly divides numbers, which might make it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging…

  • CVE-2016-1933MedJan 31, 2016
    risk 0.42cvss 6.5epss 0.02

    Integer overflow in the image-deinterlacing functionality in Mozilla Firefox before 44.0 allows remote attackers to cause a denial of service (memory consumption or application crash) via a crafted GIF image.

  • CVE-2016-0502MedJan 21, 2016
    risk 0.42cvss 6.5epss 0.03

    Unspecified vulnerability in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.

  • CVE-2015-8547HigJan 8, 2016
    risk 0.42cvss 7.5epss 0.03

    The CoreUserInputHandler::doMode function in core/coreuserinputhandler.cpp in Quassel 0.10.0 allows remote attackers to cause a denial of service (application crash) via the "/op *" command in a query.

  • CVE-2012-3489MedOct 3, 2012
    risk 0.42cvss 6.5epss 0.03

    The xml_parse function in the libxml2 support in the core server component in PostgreSQL 8.3 before 8.3.20, 8.4 before 8.4.13, 9.0 before 9.0.9, and 9.1 before 9.1.5 allows remote authenticated users to determine the existence of arbitrary files or URLs, and possibly obtain file…

  • CVE-2012-1798MedJun 5, 2012
    risk 0.42cvss 6.5epss 0.02

    The TIFFGetEXIFProperties function in coders/tiff.c in ImageMagick before 6.7.6-3 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted EXIF IFD in a TIFF image.

  • CVE-2012-0260MedJun 5, 2012
    risk 0.42cvss 6.5epss 0.02

    The JPEGWarningHandler function in coders/jpeg.c in ImageMagick before 6.7.6-3 allows remote attackers to cause a denial of service (memory consumption) via a JPEG image with a crafted sequence of restart markers.

  • CVE-2012-0259MedJun 5, 2012
    risk 0.42cvss 6.5epss 0.02

    The GetEXIFProperty function in magick/property.c in ImageMagick before 6.7.6-3 allows remote attackers to cause a denial of service (crash) via a zero value in the component count of an EXIF XResolution tag in a JPEG file, which triggers an out-of-bounds read.

  • CVE-2010-2249MedJun 30, 2010
    risk 0.42cvss 6.5epss 0.03

    Memory leak in pngrutil.c in libpng before 1.2.44, and 1.4.x before 1.4.3, allows remote attackers to cause a denial of service (memory consumption and application crash) via a PNG image containing malformed Physical Scale (aka sCAL) chunks.

  • CVE-2009-2416MedAug 11, 2009
    risk 0.42cvss 6.5epss 0.02

    Multiple use-after-free vulnerabilities in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allow context-dependent attackers to cause a denial of service (application crash) via crafted (1) Notation or (2) Enumeration attribute types in an XML file, as…

  • CVE-2016-4008MedMay 5, 2016
    risk 0.41cvss 5.9epss 0.30

    The _asn1_extract_der_octet function in lib/decoding.c in GNU Libtasn1 before 4.8, when used without the ASN1_DECODE_FLAG_STRICT_DER flag, allows remote attackers to cause a denial of service (infinite recursion) via a crafted certificate.

  • CVE-2014-4608HigJul 3, 2014
    risk 0.41cvss 7.3epss 0.05

    Multiple integer overflows in the lzo1x_decompress_safe function in lib/lzo/lzo1x_decompress_safe.c in the LZO decompressor in the Linux kernel before 3.15.2 allow context-dependent attackers to cause a denial of service (memory corruption) via a crafted Literal Run. NOTE: the…

  • CVE-2016-4068MedApr 13, 2017
    risk 0.40cvss 6.1epss 0.02

    Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 1.0.9 and 1.1.x before 1.1.5 allows remote attackers to inject arbitrary web script or HTML via a crafted SVG, a different vulnerability than CVE-2015-8864.

  • CVE-2016-3992MedJul 26, 2016
    risk 0.40cvss 6.2epss 0.00

    cronic before 3 allows local users to write to arbitrary files via a symlink attack on a (1) cronic.out.$$, (2) cronic.err.$$, or (3) cronic.trace.$$ file in /tmp.

  • CVE-2016-5099MedJul 5, 2016
    risk 0.40cvss 6.1epss 0.01

    Cross-site scripting (XSS) vulnerability in phpMyAdmin 4.4.x before 4.4.15.6 and 4.6.x before 4.6.2 allows remote attackers to inject arbitrary web script or HTML via special characters that are mishandled during double URL decoding.

  • CVE-2016-2833MedJun 13, 2016
    risk 0.40cvss 6.1epss 0.01

    Mozilla Firefox before 47.0 ignores Content Security Policy (CSP) directives for cross-domain Java applets, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted applet.

Page 19 of 72