VYPR

Vendor CVEs

OpenSUSE

All CVEs

1,697 total · sorted by risk
  • CVE-2015-7217Dec 16, 2015
    risk 0.00cvss epss 0.03

    The gdk-pixbuf configuration in Mozilla Firefox before 43.0 on Linux GNOME platforms incorrectly enables the TGA decoder, which allows remote attackers to cause a denial of service (heap-based buffer overflow) via a crafted Truevision TGA image.

  • CVE-2015-7216Dec 16, 2015
    risk 0.00cvss epss 0.02

    The gdk-pixbuf configuration in Mozilla Firefox before 43.0 on Linux GNOME platforms incorrectly enables the JasPer decoder, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted JPEG 2000 image.

  • CVE-2015-7215Dec 16, 2015
    risk 0.00cvss epss 0.03

    The importScripts function in the Web Workers API implementation in Mozilla Firefox before 43.0 allows remote attackers to bypass the Same Origin Policy by triggering use of the no-cors mode in the fetch API to attempt resource access that throws an exception, leading to…

  • CVE-2015-7214Dec 16, 2015
    risk 0.00cvss epss 0.06

    Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allow remote attackers to bypass the Same Origin Policy via data: and view-source: URIs.

  • CVE-2015-7213Dec 16, 2015
    risk 0.00cvss epss 0.04

    Integer overflow in the MPEG4Extractor::readMetaData function in MPEG4Extractor.cpp in libstagefright in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 on 64-bit platforms allows remote attackers to execute arbitrary code via a crafted MP4 video file that triggers…

  • CVE-2015-7212Dec 16, 2015
    risk 0.00cvss epss 0.04

    Integer overflow in the mozilla::layers::BufferTextureClient::AllocateForSurface function in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allows remote attackers to execute arbitrary code by triggering a graphics operation that requires a large texture allocation.

  • CVE-2015-7211Dec 16, 2015
    risk 0.00cvss epss 0.03

    Mozilla Firefox before 43.0 mishandles the # (number sign) character in a data: URI, which allows remote attackers to spoof web sites via unspecified vectors.

  • CVE-2015-7210Dec 16, 2015
    risk 0.00cvss epss 0.04

    Use-after-free vulnerability in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allows remote attackers to execute arbitrary code by triggering attempted use of a data channel that has been closed by a WebRTC function.

  • CVE-2015-7208Dec 16, 2015
    risk 0.00cvss epss 0.02

    Mozilla Firefox before 43.0 stores cookies containing vertical tab characters, which allows remote attackers to obtain sensitive information by reading HTTP Cookie headers.

  • CVE-2015-7207Dec 16, 2015
    risk 0.00cvss epss 0.03

    Mozilla Firefox before 43.0 does not properly restrict the availability of IFRAME Resource Timing API times, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via crafted JavaScript code that leverages history.back and…

  • CVE-2015-7205Dec 16, 2015
    risk 0.00cvss epss 0.03

    Integer underflow in the RTPReceiverVideo::ParseRtpPacket function in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 might allow remote attackers to obtain sensitive information, cause a denial of service, or possibly have unspecified other impact by triggering a…

  • CVE-2015-7204Dec 16, 2015
    risk 0.00cvss epss 0.03

    Mozilla Firefox before 43.0 does not properly store the properties of unboxed objects, which allows remote attackers to execute arbitrary code via crafted JavaScript variable assignments.

  • CVE-2015-7203Dec 16, 2015
    risk 0.00cvss epss 0.04

    Buffer overflow in the DirectWriteFontInfo::LoadFontFamilyData function in gfx/thebes/gfxDWriteFontList.cpp in Mozilla Firefox before 43.0 might allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted font-family name.

  • CVE-2015-7202Dec 16, 2015
    risk 0.00cvss epss 0.06

    Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 43.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

  • CVE-2015-7201Dec 16, 2015
    risk 0.00cvss epss 0.06

    Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

  • CVE-2015-5309Dec 7, 2015
    risk 0.00cvss epss 0.03

    Integer overflow in the terminal emulator in PuTTY before 0.66 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via an ECH (erase characters) escape sequence with a large parameter value, which triggers a buffer…

  • CVE-2015-8078Dec 3, 2015
    risk 0.00cvss epss 0.03

    Integer overflow in the index_urlfetch function in imap/index.c in Cyrus IMAP 2.3.19, 2.4.18, and 2.5.6 allows remote attackers to have unspecified impact via vectors related to urlfetch range checks and the section_offset variable. NOTE: this vulnerability exists because of an…

  • CVE-2015-8077Dec 3, 2015
    risk 0.00cvss epss 0.03

    Integer overflow in the index_urlfetch function in imap/index.c in Cyrus IMAP 2.3.19, 2.4.18, and 2.5.6 allows remote attackers to have unspecified impact via vectors related to urlfetch range checks and the start_octet variable. NOTE: this vulnerability exists because of an…

  • CVE-2015-8076Dec 3, 2015
    risk 0.00cvss epss 0.03

    The index_urlfetch function in index.c in Cyrus IMAP 2.3.x before 2.3.19, 2.4.x before 2.4.18, 2.5.x before 2.5.4 allows remote attackers to obtain sensitive information or possibly have unspecified other impact via vectors related to the urlfetch range, which triggers an…

  • CVE-2015-0794Nov 19, 2015
    risk 0.00cvss epss 0.00

    modules.d/90crypt/module-setup.sh in the dracut package before 037-17.30.1 in openSUSE 13.2 allows local users to have unspecified impact via a symlink attack on /tmp/dracut_block_uuid.map.

  • CVE-2014-9756Nov 19, 2015
    risk 0.00cvss epss 0.03

    The psf_fwrite function in file_io.c in libsndfile allows attackers to cause a denial of service (divide-by-zero error and application crash) via unspecified vectors related to the headindex variable.

  • CVE-2015-8105Nov 10, 2015
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in program/js/app.js in Roundcube webmail before 1.0.7 and 1.1.x before 1.1.3 allows remote authenticated users to inject arbitrary web script or HTML via the file name in a drag-n-drop file upload.

  • CVE-2015-8041Nov 9, 2015
    risk 0.00cvss epss 0.03

    Multiple integer overflows in the NDEF record parser in hostapd before 2.5 and wpa_supplicant before 2.5 allow remote attackers to cause a denial of service (process crash or infinite loop) via a large payload length field value in an (1) WPS or (2) P2P NFC NDEF record, which…

  • CVE-2015-7940Nov 9, 2015
    risk 0.00cvss epss 0.05

    The Bouncy Castle Java library before 1.51 does not validate a point is withing the elliptic curve, which makes it easier for remote attackers to obtain private keys via a series of crafted elliptic curve Diffie Hellman (ECDH) key exchanges, aka an "invalid curve attack."

  • CVE-2015-5218Nov 9, 2015
    risk 0.00cvss epss 0.01

    Buffer overflow in text-utils/colcrt.c in colcrt in util-linux before 2.27 allows local users to cause a denial of service (crash) via a crafted file, related to the page global variable.

  • CVE-2015-2697Nov 9, 2015
    risk 0.00cvss epss 0.04

    The build_principal_va function in lib/krb5/krb/bld_princ.c in MIT Kerberos 5 (aka krb5) before 1.14 allows remote authenticated users to cause a denial of service (out-of-bounds read and KDC crash) via an initial '\0' character in a long realm field within a TGS request.

  • CVE-2015-2696Nov 9, 2015
    risk 0.00cvss epss 0.05

    lib/gssapi/krb5/iakerb.c in MIT Kerberos 5 (aka krb5) before 1.14 relies on an inappropriate context handle, which allows remote attackers to cause a denial of service (incorrect pointer read and process crash) via a crafted IAKERB packet that is mishandled during a…

  • CVE-2015-2695Nov 9, 2015
    risk 0.00cvss epss 0.06

    lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) before 1.14 relies on an inappropriate context handle, which allows remote attackers to cause a denial of service (incorrect pointer read and process crash) via a crafted SPNEGO packet that is mishandled during a…

  • CVE-2015-8036Nov 2, 2015
    risk 0.00cvss epss 0.03

    Heap-based buffer overflow in ARM mbed TLS (formerly PolarSSL) 1.3.x before 1.3.14 and 2.x before 2.1.2 allows remote SSL servers to cause a denial of service (client crash) and possibly execute arbitrary code via a long session ticket name to the session ticket extension, which…

  • CVE-2015-6031Nov 2, 2015
    risk 0.00cvss epss 0.05

    Buffer overflow in the IGDstartelt function in igd_desc_parse.c in the MiniUPnP client (aka MiniUPnPc) before 1.9.20150917 allows remote UPNP servers to cause a denial of service (application crash) and possibly execute arbitrary code via an "oversized" XML element name.

  • CVE-2015-5291Nov 2, 2015
    risk 0.00cvss epss 0.04

    Heap-based buffer overflow in PolarSSL 1.x before 1.2.17 and ARM mbed TLS (formerly PolarSSL) 1.3.x before 1.3.14 and 2.x before 2.1.2 allows remote SSL servers to cause a denial of service (client crash) and possibly execute arbitrary code via a long hostname to the server name…

  • CVE-2015-4625Oct 26, 2015
    risk 0.00cvss epss 0.00

    Integer overflow in the authentication_agent_new_cookie function in PolicyKit (aka polkit) before 0.113 allows local users to gain privileges by creating a large number of connections, which triggers the issuance of a duplicate cookie value.

  • CVE-2015-3256Oct 26, 2015
    risk 0.00cvss epss 0.00

    PolicyKit (aka polkit) before 0.113 allows local users to cause a denial of service (memory corruption and polkitd daemon crash) and possibly gain privileges via unspecified vectors, related to "javascript rule evaluation."

  • CVE-2015-7674Oct 26, 2015
    risk 0.00cvss epss 0.06

    Integer overflow in the pixops_scale_nearest function in pixops/pixops.c in gdk-pixbuf before 2.32.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted GIF image file, which triggers a heap-based buffer…

  • CVE-2015-7673Oct 26, 2015
    risk 0.00cvss epss 0.05

    io-tga.c in gdk-pixbuf before 2.32.0 uses heap memory after its allocation failed, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) and possibly execute arbitrary code via a crafted Truevision TGA (TARGA) file.

  • CVE-2015-4913Oct 22, 2015
    risk 0.00cvss epss 0.04

    Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to Server : DML, a different vulnerability than CVE-2015-4858.

  • CVE-2015-4861Oct 21, 2015
    risk 0.00cvss epss 0.04

    Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB.

  • CVE-2015-4858Oct 21, 2015
    risk 0.00cvss epss 0.04

    Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via vectors related to DML, a different vulnerability than CVE-2015-4913.

  • CVE-2015-4836Oct 21, 2015
    risk 0.00cvss epss 0.04

    Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : SP.

  • CVE-2015-4830Oct 21, 2015
    risk 0.00cvss epss 0.03

    Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server : Security : Privileges.

  • CVE-2015-4826Oct 21, 2015
    risk 0.00cvss epss 0.03

    Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Types.

  • CVE-2015-4815Oct 21, 2015
    risk 0.00cvss epss 0.04

    Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to Server : DDL.

  • CVE-2015-4807Oct 21, 2015
    risk 0.00cvss epss 0.03

    Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier, when running on Windows, allows remote authenticated users to affect availability via unknown vectors related to Server : Query Cache.

  • CVE-2015-4802Oct 21, 2015
    risk 0.00cvss epss 0.04

    Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition, a different vulnerability than CVE-2015-4792.

  • CVE-2015-4792Oct 21, 2015
    risk 0.00cvss epss 0.04

    Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition, a different vulnerability than CVE-2015-4802.

  • CVE-2015-5235Oct 9, 2015
    risk 0.00cvss epss 0.03

    IcedTea-Web before 1.5.3 and 1.6.x before 1.6.1 does not properly determine the origin of unsigned applets, which allows remote attackers to bypass the approval process or trick users into approving applet execution via a crafted web page.

  • CVE-2015-5234Oct 9, 2015
    risk 0.00cvss epss 0.02

    IcedTea-Web before 1.5.3 and 1.6.x before 1.6.1 does not properly sanitize applet URLs, which allows remote attackers to inject applets into the .appletTrustSettings configuration file and bypass user approval to execute the applet via a crafted web page, possibly related to…

  • CVE-2015-5828Oct 9, 2015
    risk 0.00cvss epss 0.02

    The API in the WebKit Plug-ins component in Apple Safari before 9 does not provide notification of an HTTP Redirection (aka 3xx) status code to a plugin, which allows remote attackers to bypass intended request restrictions via a crafted web site.

  • CVE-2015-5957Sep 28, 2015
    risk 0.00cvss epss 0.03

    Buffer overflow in the DumpSysVar function in var.c in Remind before 3.1.15 allows attackers to have unspecified impact via a long name.

  • CVE-2015-5185Sep 28, 2015
    risk 0.00cvss epss 0.03

    The lookupProviders function in providerMgr.c in sblim-sfcb 1.3.4 and 1.3.18 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty className in a packet.

Page 19 of 34