VYPR

Vendor CVEs

OpenSUSE

All CVEs

1,697 total · sorted by risk
  • CVE-2016-6132MedAug 12, 2016
    risk 0.43cvss 6.5epss 0.03

    The gdImageCreateFromTgaCtx function in the GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA file.

  • CVE-2016-2191MedApr 13, 2016
    risk 0.43cvss 6.5epss 0.04

    The bmp_read_rows function in pngxtern/pngxrbmp.c in OptiPNG before 0.7.6 allows remote attackers to cause a denial of service (invalid memory write and crash) via a series of delta escapes in a crafted BMP image.

  • CVE-2014-1523MedApr 30, 2014
    risk 0.43cvss 6.5epss 0.03

    Heap-based buffer overflow in the read_u32 function in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG…

  • CVE-2010-0629MedApr 7, 2010
    risk 0.43cvss 6.5epss 0.05

    Use-after-free vulnerability in kadmin/server/server_stubs.c in kadmind in MIT Kerberos 5 (aka krb5) 1.5 through 1.6.3 allows remote authenticated users to cause a denial of service (daemon crash) via a request from a kadmin client that sends an invalid API version number.

  • CVE-2018-12479MedOct 9, 2018
    risk 0.42cvss 6.5epss 0.02

    A Improper Input Validation vulnerability in Open Build Service allows remote attackers to cause DoS by specifying crafted request IDs. Affected releases are openSUSE Open Build Service: versions prior to 01b015ca2a320afc4fae823465d1e72da8bd60df.

  • CVE-2011-4181HigJun 11, 2018
    risk 0.42cvss 7.5epss 0.01

    A vulnerability in open build service allows remote attackers to gain access to source files even though source access is disabled. Affected releases are SUSE open build service up to and including version 2.1.15 (for 2.1) and before version 2.3.

  • CVE-2016-1254HigDec 5, 2017
    risk 0.42cvss 7.5epss 0.03

    Tor before 0.2.8.12 might allow remote attackers to cause a denial of service (client crash) via a crafted hidden service descriptor.

  • CVE-2017-15638MedNov 10, 2017
    risk 0.42cvss 6.5epss 0.01

    The SuSEfirewall2 package before 3.6.312-2.13.1 in SUSE Linux Enterprise (SLE) Desktop 12 SP2, Server 12 SP2, and Server for Raspberry Pi 12 SP2; before 3.6.312.333-3.10.1 in SLE Desktop 12 SP3 and Server 12 SP3; before 3.6_SVNr208-2.18.3.1 in SLE Server 11 SP4; before…

  • CVE-2015-3138HigSep 28, 2017
    risk 0.42cvss 7.5epss 0.02

    print-wb.c in tcpdump before 4.7.4 allows remote attackers to cause a denial of service (segmentation fault and process crash).

  • CVE-2015-5219HigJul 21, 2017
    risk 0.42cvss 7.5epss 0.06

    The ULOGTOD function in ntp.d in SNTP before 4.2.7p366 does not properly perform type conversions from a precision value to a double, which allows remote attackers to cause a denial of service (infinite loop) via a crafted NTP packet.

  • CVE-2016-10048HigMar 23, 2017
    risk 0.42cvss 7.5epss 0.07

    Directory traversal vulnerability in magick/module.c in ImageMagick 6.9.4-7 allows remote attackers to load arbitrary modules via unspecified vectors.

  • CVE-2016-10207HigFeb 28, 2017
    risk 0.42cvss 7.5epss 0.03

    The Xvnc server in TigerVNC allows remote attackers to cause a denial of service (invalid memory access and crash) by terminating a TLS handshake early.

  • CVE-2016-5321MedJan 20, 2017
    risk 0.42cvss 6.5epss 0.03

    The DumpModeDecode function in libtiff 4.0.6 and earlier allows attackers to cause a denial of service (invalid read and crash) via a crafted tiff image.

  • CVE-2016-5316MedJan 20, 2017
    risk 0.42cvss 6.5epss 0.02

    Out-of-bounds read in the PixarLogCleanup function in tif_pixarlog.c in libtiff 4.0.6 and earlier allows remote attackers to crash the application by sending a crafted TIFF image to the rgb2ycbcr tool.

  • CVE-2016-6905MedOct 3, 2016
    risk 0.42cvss 6.5epss 0.03

    The read_image_tga function in gd_tga.c in the GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA image.

  • CVE-2013-4118HigOct 3, 2016
    risk 0.42cvss 7.5epss 0.04

    FreeRDP before 1.1.0-beta1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via unspecified vectors.

  • CVE-2016-5162MedSep 11, 2016
    risk 0.42cvss 6.5epss 0.01

    The AllowCrossRendererResourceLoad function in extensions/browser/url_request_util.cc in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not properly use an extension's manifest.json web_accessible_resources field for restrictions on…

  • CVE-2016-5160MedSep 11, 2016
    risk 0.42cvss 6.5epss 0.01

    The AllowCrossRendererResourceLoad function in extensions/browser/url_request_util.cc in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not properly use an extension's manifest.json web_accessible_resources field for restrictions on…

  • CVE-2016-5155MedSep 11, 2016
    risk 0.42cvss 6.5epss 0.01

    Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not properly validate access to the initial document, which allows remote attackers to spoof the address bar via a crafted web site.

  • CVE-2015-8948HigSep 7, 2016
    risk 0.42cvss 7.5epss 0.07

    idn in GNU libidn before 1.33 might allow remote attackers to obtain sensitive memory information by reading a zero byte as input, which triggers an out-of-bounds read.

  • CVE-2016-6161MedAug 12, 2016
    risk 0.42cvss 6.5epss 0.03

    The output function in gd_gif_out.c in the GD Graphics Library (aka libgd) allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted image.

  • CVE-2016-5739HigJul 3, 2016
    risk 0.42cvss 7.5epss 0.03

    The Transformation implementation in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 does not use the no-referrer Content Security Policy (CSP) protection mechanism, which makes it easier for remote attackers to conduct CSRF attacks by reading an…

  • CVE-2016-5706HigJul 3, 2016
    risk 0.42cvss 7.5epss 0.03

    js/get_scripts.js.php in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allows remote attackers to cause a denial of service via a large array in the scripts parameter.

  • CVE-2014-9773HigJun 13, 2016
    risk 0.42cvss 7.5epss 0.02

    modules/chanserv/flags.c in Atheme before 7.2.7 allows remote attackers to modify the Anope FLAGS behavior by registering and dropping the (1) LIST, (2) CLEAR, or (3) MODIFY keyword nicks.

  • CVE-2016-2829MedJun 13, 2016
    risk 0.42cvss 6.5epss 0.01

    Mozilla Firefox before 47.0 allows remote attackers to spoof permission notifications via a crafted web site that rapidly triggers permission requests, as demonstrated by the microphone permission or the geolocation permission.

  • CVE-2016-2825MedJun 13, 2016
    risk 0.42cvss 6.5epss 0.02

    Mozilla Firefox before 47.0 allows remote attackers to bypass the Same Origin Policy and modify the location.host property via an invalid data: URL.

  • CVE-2016-2822MedJun 13, 2016
    risk 0.42cvss 6.5epss 0.02

    Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allow remote attackers to spoof the address bar via a SELECT element with a persistent menu.

  • CVE-2016-1702MedJun 5, 2016
    risk 0.42cvss 6.5epss 0.01

    The SkRegion::readFromMemory function in core/SkRegion.cpp in Skia, as used in Google Chrome before 51.0.2704.79, does not validate the interval count, which allows remote attackers to cause a denial of service (out-of-bounds read) via crafted serialized data.

  • CVE-2016-1699MedJun 5, 2016
    risk 0.42cvss 6.5epss 0.01

    WebKit/Source/devtools/front_end/devtools.js in the Developer Tools (aka DevTools) subsystem in Blink, as used in Google Chrome before 51.0.2704.79, does not ensure that the remoteFrontendUrl parameter is associated with a chrome-devtools-frontend.appspot.com URL, which allows…

  • CVE-2016-1698MedJun 5, 2016
    risk 0.42cvss 6.5epss 0.01

    The createCustomType function in extensions/renderer/resources/binding.js in the extension bindings in Google Chrome before 51.0.2704.79 does not validate module types, which might allow attackers to load arbitrary modules or obtain sensitive information by leveraging a poisoned…

  • CVE-2016-1689MedJun 5, 2016
    risk 0.42cvss 6.5epss 0.01

    Heap-based buffer overflow in content/renderer/media/canvas_capture_handler.cc in Google Chrome before 51.0.2704.63 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted web site.

  • CVE-2016-1688MedJun 5, 2016
    risk 0.42cvss 6.5epss 0.02

    The regexp (aka regular expression) implementation in Google V8 before 5.0.71.40, as used in Google Chrome before 51.0.2704.63, mishandles external string sizes, which allows remote attackers to cause a denial of service (out-of-bounds read) via crafted JavaScript code.

  • CVE-2016-1687MedJun 5, 2016
    risk 0.42cvss 6.5epss 0.01

    The renderer implementation in Google Chrome before 51.0.2704.63 does not properly restrict public exposure of classes, which allows remote attackers to obtain sensitive information via vectors related to extensions.

  • CVE-2016-1686MedJun 5, 2016
    risk 0.42cvss 6.5epss 0.01

    The CPDF_DIBSource::CreateDecoder function in core/fpdfapi/fpdf_render/fpdf_render_loadimage.cpp in PDFium, as used in Google Chrome before 51.0.2704.63, mishandles decoder-initialization failure, which allows remote attackers to cause a denial of service (out-of-bounds read)…

  • CVE-2016-1685MedJun 5, 2016
    risk 0.42cvss 6.5epss 0.01

    core/fxge/ge/fx_ge_text.cpp in PDFium, as used in Google Chrome before 51.0.2704.63, miscalculates certain index values, which allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PDF document.

  • CVE-2016-1677MedJun 5, 2016
    risk 0.42cvss 6.5epss 0.03

    uri.js in Google V8 before 5.1.281.26, as used in Google Chrome before 51.0.2704.63, uses an incorrect array type, which allows remote attackers to obtain sensitive information by calling the decodeURI function and leveraging "type confusion."

  • CVE-2016-1665MedMay 14, 2016
    risk 0.42cvss 6.5epss 0.02

    The JSGenericLowering class in compiler/js-generic-lowering.cc in Google V8, as used in Google Chrome before 50.0.2661.94, mishandles comparison operators, which allows remote attackers to obtain sensitive information via crafted JavaScript code.

  • CVE-2015-5479MedApr 19, 2016
    risk 0.42cvss 6.5epss 0.02

    The ff_h263_decode_mba function in libavcodec/ituh263dec.c in Libav before 11.5 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a file with crafted dimensions.

  • CVE-2016-1654MedApr 18, 2016
    risk 0.42cvss 6.5epss 0.01

    The media subsystem in Google Chrome before 50.0.2661.75 does not initialize an unspecified data structure, which allows remote attackers to cause a denial of service (invalid read operation) via unknown vectors.

  • CVE-2016-1956MedMar 13, 2016
    risk 0.42cvss 6.5epss 0.02

    Mozilla Firefox before 45.0 on Linux, when an Intel video driver is used, allows remote attackers to cause a denial of service (memory consumption or stack memory corruption) by triggering use of a WebGL shader.

  • CVE-2016-2041HigFeb 20, 2016
    risk 0.42cvss 7.5epss 0.03

    libraries/common.inc.php in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 does not use a constant-time algorithm for comparing CSRF tokens, which makes it easier for remote attackers to bypass intended access restrictions by measuring time…

  • CVE-2016-1938MedJan 31, 2016
    risk 0.42cvss 6.5epss 0.03

    The s_mp_div function in lib/freebl/mpi/mpi.c in Mozilla Network Security Services (NSS) before 3.21, as used in Mozilla Firefox before 44.0, improperly divides numbers, which might make it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging…

  • CVE-2016-1933MedJan 31, 2016
    risk 0.42cvss 6.5epss 0.02

    Integer overflow in the image-deinterlacing functionality in Mozilla Firefox before 44.0 allows remote attackers to cause a denial of service (memory consumption or application crash) via a crafted GIF image.

  • CVE-2016-0502MedJan 21, 2016
    risk 0.42cvss 6.5epss 0.03

    Unspecified vulnerability in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.

  • CVE-2015-8547HigJan 8, 2016
    risk 0.42cvss 7.5epss 0.03

    The CoreUserInputHandler::doMode function in core/coreuserinputhandler.cpp in Quassel 0.10.0 allows remote attackers to cause a denial of service (application crash) via the "/op *" command in a query.

  • CVE-2014-3687HigNov 10, 2014
    risk 0.42cvss 7.5epss 0.09

    The sctp_assoc_lookup_asconf_ack function in net/sctp/associola.c in the SCTP implementation in the Linux kernel through 3.17.2 allows remote attackers to cause a denial of service (panic) via duplicate ASCONF chunks that trigger an incorrect uncork within the side-effect…

  • CVE-2014-3673HigNov 10, 2014
    risk 0.42cvss 7.5epss 0.07

    The SCTP implementation in the Linux kernel through 3.17.2 allows remote attackers to cause a denial of service (system crash) via a malformed ASCONF chunk, related to net/sctp/sm_make_chunk.c and net/sctp/sm_statefuns.c.

  • CVE-2012-3489MedOct 3, 2012
    risk 0.42cvss 6.5epss 0.03

    The xml_parse function in the libxml2 support in the core server component in PostgreSQL 8.3 before 8.3.20, 8.4 before 8.4.13, 9.0 before 9.0.9, and 9.1 before 9.1.5 allows remote authenticated users to determine the existence of arbitrary files or URLs, and possibly obtain file…

  • CVE-2012-1798MedJun 5, 2012
    risk 0.42cvss 6.5epss 0.02

    The TIFFGetEXIFProperties function in coders/tiff.c in ImageMagick before 6.7.6-3 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted EXIF IFD in a TIFF image.

  • CVE-2012-0260MedJun 5, 2012
    risk 0.42cvss 6.5epss 0.02

    The JPEGWarningHandler function in coders/jpeg.c in ImageMagick before 6.7.6-3 allows remote attackers to cause a denial of service (memory consumption) via a JPEG image with a crafted sequence of restart markers.

Page 10 of 34