openSUSE
by OpenSUSE
Source repositories
CVEs (1,425)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-1935 | Hig | 0.58 | 8.8 | 0.05 | Jan 31, 2016 | Buffer overflow in the BufferSubData function in Mozilla Firefox before 44.0 and Firefox ESR 38.x before 38.6 allows remote attackers to execute arbitrary code via crafted WebGL content. | ||
| CVE-2014-1531 | Hig | 0.58 | 8.8 | 0.06 | Apr 30, 2014 | Use-after-free vulnerability in the nsGenericHTMLElement::GetWidthHeightForImage function in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to execute arbitrary code or cause a denial of… | ||
| CVE-2014-1529 | Hig | 0.58 | 8.8 | 0.04 | Apr 30, 2014 | The Web Notification API in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to bypass intended source-component restrictions and execute arbitrary JavaScript code in a privileged context via a… | ||
| CVE-2014-1518 | Hig | 0.58 | 8.8 | 0.06 | Apr 30, 2014 | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly… | ||
| CVE-2014-1513 | Hig | 0.58 | 8.8 | 0.06 | Mar 19, 2014 | TypedArrayObject.cpp in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 does not prevent a zero-length transition during use of an ArrayBuffer object, which allows remote attackers to execute arbitrary code or cause a… | ||
| CVE-2014-1509 | Hig | 0.58 | 8.8 | 0.05 | Mar 19, 2014 | Buffer overflow in the _cairo_truetype_index_to_ucs4 function in cairo, as used in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25, allows remote attackers to execute arbitrary code via a crafted extension that… | ||
| CVE-2014-1482 | Hig | 0.58 | 8.8 | 0.06 | Feb 6, 2014 | RasterImage.cpp in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 does not prevent access to discarded data, which allows remote attackers to execute arbitrary code or cause a denial of service (incorrect write… | ||
| CVE-2012-5830 | Hig | 0.58 | 8.8 | 0.04 | Nov 21, 2012 | Use-after-free vulnerability in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 on Mac OS X allows remote attackers to execute arbitrary code via an HTML document. | ||
| CVE-2010-2753 | Hig | 0.58 | 8.8 | 0.07 | Jul 30, 2010 | Integer overflow in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 allows remote attackers to execute arbitrary code via a large selection attribute in a XUL tree element, which… | ||
| CVE-2010-0012 | Hig | 0.58 | 8.8 | 0.04 | Jan 8, 2010 | Directory traversal vulnerability in libtransmission/metainfo.c in Transmission 1.22, 1.34, 1.75, and 1.76 allows remote attackers to overwrite arbitrary files via a .. (dot dot) in a pathname within a .torrent file. | ||
| CVE-2016-5177 | Hig | 0.57 | 8.8 | 0.01 | May 23, 2017 | Use-after-free vulnerability in V8 in Google Chrome before 53.0.2785.143 allows remote attackers to cause a denial of service (crash) or possibly have unspecified other impact via unknown vectors. | ||
| CVE-2016-8677 | Hig | 0.57 | 8.8 | 0.04 | Feb 15, 2017 | The AcquireQuantumPixels function in MagickCore/quantum.c in ImageMagick before 7.0.3-1 allows remote attackers to have unspecified impact via a crafted image file, which triggers a memory allocation failure. | ||
| CVE-2016-5131 | Hig | 0.57 | 8.8 | 0.02 | Jul 23, 2016 | Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function. | ||
| CVE-2016-5387 | Hig | 0.57 | 8.1 | 0.56 | Jul 19, 2016 | The Apache HTTP Server through 2.4.23 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP… | ||
| CVE-2016-1704 | Hig | 0.57 | 8.8 | 0.01 | Jul 3, 2016 | Multiple unspecified vulnerabilities in Google Chrome before 51.0.2704.103 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | ||
| CVE-2016-2834 | Hig | 0.57 | 8.8 | 0.03 | Jun 13, 2016 | Mozilla Network Security Services (NSS) before 3.23, as used in Mozilla Firefox before 47.0, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors. | ||
| CVE-2016-2831 | Hig | 0.57 | 8.8 | 0.01 | Jun 13, 2016 | Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 do not ensure that the user approves the fullscreen and pointerlock settings, which allows remote attackers to cause a denial of service (UI outage), or conduct clickjacking or spoofing attacks, via a crafted web site. | ||
| CVE-2016-2828 | Hig | 0.57 | 8.8 | 0.03 | Jun 13, 2016 | Use-after-free vulnerability in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allows remote attackers to execute arbitrary code via WebGL content that triggers texture access after destruction of the texture's recycle pool. | ||
| CVE-2016-2824 | Hig | 0.57 | 8.8 | 0.02 | Jun 13, 2016 | The TSymbolTableLevel class in ANGLE, as used in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 on Windows, allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact by triggering use… | ||
| CVE-2016-2815 | Hig | 0.57 | 8.8 | 0.03 | Jun 13, 2016 | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 47.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. |
- risk 0.58cvss 8.8epss 0.05
Buffer overflow in the BufferSubData function in Mozilla Firefox before 44.0 and Firefox ESR 38.x before 38.6 allows remote attackers to execute arbitrary code via crafted WebGL content.
- risk 0.58cvss 8.8epss 0.06
Use-after-free vulnerability in the nsGenericHTMLElement::GetWidthHeightForImage function in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to execute arbitrary code or cause a denial of…
- risk 0.58cvss 8.8epss 0.04
The Web Notification API in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to bypass intended source-component restrictions and execute arbitrary JavaScript code in a privileged context via a…
- risk 0.58cvss 8.8epss 0.06
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly…
- risk 0.58cvss 8.8epss 0.06
TypedArrayObject.cpp in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 does not prevent a zero-length transition during use of an ArrayBuffer object, which allows remote attackers to execute arbitrary code or cause a…
- risk 0.58cvss 8.8epss 0.05
Buffer overflow in the _cairo_truetype_index_to_ucs4 function in cairo, as used in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25, allows remote attackers to execute arbitrary code via a crafted extension that…
- risk 0.58cvss 8.8epss 0.06
RasterImage.cpp in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 does not prevent access to discarded data, which allows remote attackers to execute arbitrary code or cause a denial of service (incorrect write…
- risk 0.58cvss 8.8epss 0.04
Use-after-free vulnerability in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 on Mac OS X allows remote attackers to execute arbitrary code via an HTML document.
- risk 0.58cvss 8.8epss 0.07
Integer overflow in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 allows remote attackers to execute arbitrary code via a large selection attribute in a XUL tree element, which…
- risk 0.58cvss 8.8epss 0.04
Directory traversal vulnerability in libtransmission/metainfo.c in Transmission 1.22, 1.34, 1.75, and 1.76 allows remote attackers to overwrite arbitrary files via a .. (dot dot) in a pathname within a .torrent file.
- risk 0.57cvss 8.8epss 0.01
Use-after-free vulnerability in V8 in Google Chrome before 53.0.2785.143 allows remote attackers to cause a denial of service (crash) or possibly have unspecified other impact via unknown vectors.
- risk 0.57cvss 8.8epss 0.04
The AcquireQuantumPixels function in MagickCore/quantum.c in ImageMagick before 7.0.3-1 allows remote attackers to have unspecified impact via a crafted image file, which triggers a memory allocation failure.
- risk 0.57cvss 8.8epss 0.02
Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function.
- risk 0.57cvss 8.1epss 0.56
The Apache HTTP Server through 2.4.23 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP…
- risk 0.57cvss 8.8epss 0.01
Multiple unspecified vulnerabilities in Google Chrome before 51.0.2704.103 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
- risk 0.57cvss 8.8epss 0.03
Mozilla Network Security Services (NSS) before 3.23, as used in Mozilla Firefox before 47.0, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors.
- risk 0.57cvss 8.8epss 0.01
Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 do not ensure that the user approves the fullscreen and pointerlock settings, which allows remote attackers to cause a denial of service (UI outage), or conduct clickjacking or spoofing attacks, via a crafted web site.
- risk 0.57cvss 8.8epss 0.03
Use-after-free vulnerability in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allows remote attackers to execute arbitrary code via WebGL content that triggers texture access after destruction of the texture's recycle pool.
- risk 0.57cvss 8.8epss 0.02
The TSymbolTableLevel class in ANGLE, as used in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 on Windows, allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact by triggering use…
- risk 0.57cvss 8.8epss 0.03
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 47.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
Page 9 of 72