VYPR

Vendor CVEs

OpenSUSE

All CVEs

1,697 total · sorted by risk
  • CVE-2016-1650HigMar 29, 2016
    risk 0.57cvss 8.8epss 0.01

    The PageCaptureSaveAsMHTMLFunction::ReturnFailure function in browser/extensions/api/page_capture/page_capture_api.cc in Google Chrome before 49.0.2623.108 allows attackers to cause a denial of service or possibly have unspecified other impact by triggering an error in creating…

  • CVE-2016-1649HigMar 29, 2016
    risk 0.57cvss 8.8epss 0.03

    The Program::getUniformInternal function in Program.cpp in libANGLE, as used in Google Chrome before 49.0.2623.108, does not properly handle a certain data-type mismatch, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified…

  • CVE-2016-1648HigMar 29, 2016
    risk 0.57cvss 8.8epss 0.02

    Use-after-free vulnerability in the GetLoadTimes function in renderer/loadtimes_extension_bindings.cc in the Extensions implementation in Google Chrome before 49.0.2623.108 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted…

  • CVE-2016-1647HigMar 29, 2016
    risk 0.57cvss 8.8epss 0.02

    Use-after-free vulnerability in the RenderWidgetHostImpl::Destroy function in content/browser/renderer_host/render_widget_host_impl.cc in the Navigation implementation in Google Chrome before 49.0.2623.108 allows remote attackers to cause a denial of service or possibly have…

  • CVE-2016-1645HigMar 13, 2016
    risk 0.57cvss 8.8epss 0.02

    Multiple integer signedness errors in the opj_j2k_update_image_data function in j2k.c in OpenJPEG, as used in PDFium in Google Chrome before 49.0.2623.87, allow remote attackers to cause a denial of service (incorrect cast and out-of-bounds write) or possibly have unspecified…

  • CVE-2016-2802HigMar 13, 2016
    risk 0.57cvss 8.8epss 0.02

    The graphite2::TtfUtil::CmapSubtable4NextCodepoint function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via…

  • CVE-2016-2801HigMar 13, 2016
    risk 0.57cvss 8.8epss 0.02

    The graphite2::TtfUtil::CmapSubtable12Lookup function in TtfUtil.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other…

  • CVE-2016-2800HigMar 13, 2016
    risk 0.57cvss 8.8epss 0.02

    The graphite2::Slot::getAttr function in Slot.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted…

  • CVE-2016-2798HigMar 13, 2016
    risk 0.57cvss 8.8epss 0.02

    The graphite2::GlyphCache::Loader::Loader function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted…

  • CVE-2016-2797HigMar 13, 2016
    risk 0.57cvss 8.8epss 0.03

    The graphite2::TtfUtil::CmapSubtable12Lookup function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a…

  • CVE-2016-2795HigMar 13, 2016
    risk 0.57cvss 8.8epss 0.02

    The graphite2::FileFace::get_table_fn function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, does not initialize memory for an unspecified data structure, which allows remote attackers to cause a denial of service or…

  • CVE-2016-2794HigMar 13, 2016
    risk 0.57cvss 8.8epss 0.03

    The graphite2::TtfUtil::CmapSubtable12NextCodepoint function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via…

  • CVE-2016-2793HigMar 13, 2016
    risk 0.57cvss 8.8epss 0.03

    CachedCmap.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font.

  • CVE-2016-2792HigMar 13, 2016
    risk 0.57cvss 8.8epss 0.02

    The graphite2::Slot::getAttr function in Slot.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted…

  • CVE-2016-2791HigMar 13, 2016
    risk 0.57cvss 8.8epss 0.02

    The graphite2::GlyphCache::glyph function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite…

  • CVE-2016-2790HigMar 13, 2016
    risk 0.57cvss 8.8epss 0.02

    The graphite2::TtfUtil::GetTableInfo function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, does not initialize memory for an unspecified data structure, which allows remote attackers to cause a denial of service or possibly…

  • CVE-2016-1977HigMar 13, 2016
    risk 0.57cvss 8.8epss 0.03

    The Machine::Code::decoder::analysis::set_ref function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to execute arbitrary code or cause a denial of service (stack memory corruption) via a crafted…

  • CVE-2016-1974HigMar 13, 2016
    risk 0.57cvss 8.8epss 0.03

    The nsScannerString::AppendUnicodeTo function in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 does not verify that memory allocation succeeds, which allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via crafted…

  • CVE-2016-1966HigMar 13, 2016
    risk 0.57cvss 8.8epss 0.03

    The nsNPObjWrapper::GetNewOrUsed function in dom/plugins/base/nsJSNPRuntime.cpp in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code or cause a denial of service (invalid pointer dereference and memory corruption) via…

  • CVE-2016-1964HigMar 13, 2016
    risk 0.57cvss 8.8epss 0.03

    Use-after-free vulnerability in the AtomicBaseIncDec function in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) by leveraging mishandling of XML transformations.

  • CVE-2016-1961HigMar 13, 2016
    risk 0.57cvss 8.8epss 0.03

    Use-after-free vulnerability in the nsHTMLDocument::SetBody function in dom/html/nsHTMLDocument.cpp in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code by leveraging mishandling of a root element, aka ZDI-CAN-3574.

  • CVE-2016-1954HigMar 13, 2016
    risk 0.57cvss 8.8epss 0.02

    The nsCSPContext::SendReports function in dom/security/nsCSPContext.cpp in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 does not prevent use of a non-HTTP report-uri for a Content Security Policy (CSP) violation report, which allows remote attackers to cause a…

  • CVE-2016-1953HigMar 13, 2016
    risk 0.57cvss 8.8epss 0.03

    Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 45.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to js/src/jit/arm/Assembler-arm.cpp, and…

  • CVE-2016-1952HigMar 13, 2016
    risk 0.57cvss 8.8epss 0.03

    Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

  • CVE-2016-1627HigFeb 14, 2016
    risk 0.57cvss 8.8epss 0.01

    The Developer Tools (aka DevTools) subsystem in Google Chrome before 48.0.2564.109 does not validate URL schemes and ensure that the remoteBase parameter is associated with a chrome-devtools-frontend.appspot.com URL, which allows remote attackers to bypass intended access…

  • CVE-2016-1624HigFeb 14, 2016
    risk 0.57cvss 8.8epss 0.01

    Integer underflow in the ProcessCommandsInternal function in dec/decode.c in Brotli, as used in Google Chrome before 48.0.2564.109, allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via crafted data with brotli…

  • CVE-2016-1623HigFeb 14, 2016
    risk 0.57cvss 8.8epss 0.01

    The DOM implementation in Google Chrome before 48.0.2564.109 does not properly restrict frame-attach operations from occurring during or after frame-detach operations, which allows remote attackers to bypass the Same Origin Policy via a crafted web site, related to…

  • CVE-2016-1622HigFeb 14, 2016
    risk 0.57cvss 8.8epss 0.01

    The Extensions subsystem in Google Chrome before 48.0.2564.109 does not prevent use of the Object.defineProperty method to override intended extension behavior, which allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code.

  • CVE-2016-2329HigFeb 12, 2016
    risk 0.57cvss 8.8epss 0.03

    libavcodec/tiff.c in FFmpeg before 2.8.6 does not properly validate RowsPerStrip values and YCbCr chrominance subsampling factors, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via a crafted TIFF…

  • CVE-2016-1945HigJan 31, 2016
    risk 0.57cvss 8.8epss 0.03

    The nsZipArchive function in Mozilla Firefox before 44.0 might allow remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging incorrect use of a pointer during processing of a ZIP archive.

  • CVE-2014-1497HigMar 19, 2014
    risk 0.57cvss 8.8epss 0.03

    The mozilla::WaveReader::DecodeAudioData function in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to obtain sensitive information from process heap memory, cause a denial of service…

  • CVE-2011-3045HigMar 22, 2012
    risk 0.57cvss 8.8epss 0.04

    Integer signedness error in the png_inflate function in pngrutil.c in libpng before 1.4.10beta01, as used in Google Chrome before 17.0.963.83 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a…

  • CVE-2010-1822HigOct 4, 2010
    risk 0.57cvss 8.8epss 0.02

    WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3 and Google Chrome before 6.0.472.62, does not properly perform a cast of an unspecified variable, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an…

  • CVE-2010-1773HigSep 24, 2010
    risk 0.57cvss 8.8epss 0.02

    Off-by-one error in the toAlphabetic function in rendering/RenderListMarker.cpp in WebCore in WebKit before r59950, as used in Google Chrome before 5.0.375.70, allows remote attackers to obtain sensitive information, cause a denial of service (memory corruption and application…

  • CVE-2010-1772HigSep 24, 2010
    risk 0.57cvss 8.8epss 0.02

    Use-after-free vulnerability in page/Geolocation.cpp in WebCore in WebKit before r59859, as used in Google Chrome before 5.0.375.70, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site, related to failure to…

  • CVE-2025-46810HigSep 2, 2025
    risk 0.55cvss epss 0.00

    A UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of openSUSE Tumbleweed traefik2 allows the traefik user to escalate to root. This issue affects Tumbleweed: from ? before 2.11.29.

  • CVE-2016-3100HigJul 13, 2016
    risk 0.55cvss 8.4epss 0.00

    kinit in KDE Frameworks before 5.23.0 uses weak permissions (644) for /tmp/xauth-xxx-_y, which allows local users to obtain X11 cookies of other users and consequently capture keystrokes and possibly gain privileges by reading the file.

  • CVE-2016-0742HigFeb 15, 2016
    risk 0.55cvss 7.5epss 0.82

    The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service (invalid pointer dereference and worker process crash) via a crafted UDP DNS response.

  • CVE-2016-1572HigJan 22, 2016
    risk 0.55cvss 8.4epss 0.00

    mount.ecryptfs_private.c in eCryptfs-utils does not validate mount destination filesystem types, which allows local users to gain privileges by mounting over a nonstandard filesystem, as demonstrated by /proc/$pid.

  • CVE-2013-1675MedKEVMay 16, 2013
    risk 0.55cvss 6.5epss 0.07

    Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 do not properly initialize data structures for the nsDOMSVGZoomEvent::mPreviousScale and nsDOMSVGZoomEvent::mNewScale functions, which allows remote…

  • CVE-2017-1000366HigJun 19, 2017
    risk 0.54cvss 7.8epss 0.03

    glibc contains a vulnerability that allows specially crafted LD_LIBRARY_PATH values to manipulate the heap/stack, causing them to alias, potentially resulting in arbitrary code execution. Please note that additional hardening changes have been made to glibc to prevent…

  • CVE-2009-1699HigJun 10, 2009
    risk 0.54cvss 7.5epss 0.29

    The XSL stylesheet implementation in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle XML external entities, which allows remote attackers to read arbitrary files via a crafted DTD, as…

  • CVE-2017-13082HigOct 17, 2017
    risk 0.53cvss 8.1epss 0.05

    Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11r allows reinstallation of the Pairwise Transient Key (PTK) Temporal Key (TK) during the fast BSS transmission (FT) handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames.

  • CVE-2016-6855HigSep 7, 2016
    risk 0.53cvss 7.5epss 0.19

    Eye of GNOME (aka eog) 3.16.5, 3.17.x, 3.18.x before 3.18.3, 3.19.x, and 3.20.x before 3.20.4, when used with glib before 2.44.1, allow remote attackers to cause a denial of service (out-of-bounds write and crash) via vectors involving passing invalid UTF-8 to GMarkup.

  • CVE-2016-5421HigAug 10, 2016
    risk 0.53cvss 8.1epss 0.08

    Use-after-free vulnerability in libcurl before 7.50.1 allows attackers to control which connection is used or possibly have unspecified other impact via unknown vectors.

  • CVE-2015-8869CriJun 13, 2016
    risk 0.53cvss 9.1epss 0.05

    OCaml before 4.03.0 does not properly handle sign extensions, which allows remote attackers to conduct buffer overflow attacks or obtain sensitive information as demonstrated by a long string to the String.copy function.

  • CVE-2016-1651HigApr 18, 2016
    risk 0.53cvss 8.1epss 0.01

    fxcodec/codec/fx_codec_jpx_opj.cpp in PDFium, as used in Google Chrome before 50.0.2661.75, does not properly implement the sycc420_to_rgb and sycc422_to_rgb functions, which allows remote attackers to obtain sensitive information from process memory or cause a denial of service…

  • CVE-2016-1866HigApr 12, 2016
    risk 0.53cvss 8.1epss 0.02

    Salt 2015.8.x before 2015.8.4 does not properly handle clear messages on the minion, which allows man-in-the-middle attackers to execute arbitrary code by inserting packets into the minion-master data stream.

  • CVE-2012-1185HigJun 5, 2012
    risk 0.53cvss 7.8epss 0.31

    Multiple integer overflows in (1) magick/profile.c or (2) magick/property.c in ImageMagick 6.7.5 and earlier allow remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via crafted offset value in the ResolutionUnit tag in the EXIF…

  • CVE-2010-0013HigJan 9, 2010
    risk 0.53cvss 7.5epss 0.13

    Directory traversal vulnerability in slp.c in the MSN protocol plugin in libpurple in Pidgin 2.6.4 and Adium 1.3.8 allows remote attackers to read arbitrary files via a .. (dot dot) in an application/x-msnmsgrp2p MSN emoticon (aka custom smiley) request, a related issue to…

Page 6 of 34