VYPR

Vendor CVEs

SUSE S.A.

All CVEs

1,445 total · sorted by risk
  • CVE-2013-0641HigKEVFeb 14, 2013
    risk 0.65cvss 7.8epss 0.32

    Buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.4, 10.x before 10.1.6, and 11.x before 11.0.02 allows remote attackers to execute arbitrary code via a crafted PDF document, as exploited in the wild in February 2013.

  • CVE-2024-6387HigJul 1, 2024
    risk 0.64cvss 8.1epss 1.00

    A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time…

  • CVE-2018-12470CriOct 4, 2018
    risk 0.64cvss 9.8epss 0.02

    A SQL Injection in the RegistrationSharing module of SUSE Linux SMT allows remote attackers to cause execute arbitrary SQL statements. Affected releases are SUSE Linux SMT: versions prior to 3.0.37.

  • CVE-2018-5703CriJan 16, 2018
    risk 0.64cvss 9.8epss 0.03

    The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel through 4.14.11 allows attackers to cause a denial of service (slab out-of-bounds write) or possibly have unspecified other impact via vectors involving TLS.

  • CVE-2016-4473CriJun 8, 2017
    risk 0.64cvss 9.8epss 0.08

    /ext/phar/phar_object.c in PHP 7.0.7 and 5.6.x allows remote attackers to execute arbitrary code. NOTE: Introduced as part of an incomplete fix to CVE-2015-6833.

  • CVE-2014-9846CriMar 20, 2017
    risk 0.64cvss 9.8epss 0.05

    Buffer overflow in the ReadRLEImage function in coders/rle.c in ImageMagick 6.8.9.9 allows remote attackers to have unspecified impact.

  • CVE-2014-9852CriMar 17, 2017
    risk 0.64cvss 9.8epss 0.03

    distribute-cache.c in ImageMagick re-uses objects after they have been destroyed, which allows remote attackers to have unspecified impact via unspecified vectors.

  • CVE-2016-5772CriAug 7, 2016
    risk 0.64cvss 9.8epss 0.10

    Double free vulnerability in the php_wddx_process_data function in wddx.c in the WDDX extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted…

  • CVE-2016-1601CriApr 26, 2016
    risk 0.64cvss 9.8epss 0.02

    yast2-users before 3.1.47, as used in SUSE Linux Enterprise 12 SP1, does not properly set empty password fields in /etc/shadow during an AutoYaST installation when the profile does not contain inst-sys users, which might allow attackers to have unspecified impact via unknown…

  • CVE-2015-8779CriApr 19, 2016
    risk 0.64cvss 9.8epss 0.06

    Stack-based buffer overflow in the catopen function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long catalog name.

  • CVE-2015-8778CriApr 19, 2016
    risk 0.64cvss 9.8epss 0.06

    Integer overflow in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via the size argument to the __hcreate_r function, which triggers out-of-bounds…

  • CVE-2014-9761CriApr 19, 2016
    risk 0.64cvss 9.8epss 0.06

    Multiple stack-based buffer overflows in the GNU C Library (aka glibc or libc6) before 2.23 allow context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long argument to the (1) nan, (2) nanf, or (3) nanl function.

  • CVE-2016-1659CriApr 18, 2016
    risk 0.64cvss 9.8epss 0.01

    Multiple unspecified vulnerabilities in Google Chrome before 50.0.2661.75 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

  • CVE-2016-0752HigKEVFeb 16, 2016
    risk 0.64cvss 7.5epss 0.96

    Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 allows remote attackers to read arbitrary files by leveraging an application's unrestricted use of the render…

  • CVE-2015-0192CriJul 2, 2015
    risk 0.64cvss 9.8epss 0.05

    Unspecified vulnerability in IBM Java 8 before SR1, 7 R1 before SR2 FP11, 7 before SR9, 6 R1 before SR8 FP4, 6 before SR16 FP4, and 5.0 before SR16 FP10 allows remote attackers to gain privileges via unknown vectors related to the Java Virtual Machine.

  • CVE-2014-1532CriApr 30, 2014
    risk 0.64cvss 9.8epss 0.05

    Use-after-free vulnerability in the nsHostResolver::ConditionallyRefreshRecord function in libxul.so in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to execute arbitrary code or cause a…

  • CVE-2014-1524CriApr 30, 2014
    risk 0.64cvss 9.8epss 0.08

    The nsXBLProtoImpl::InstallImplementation function in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 does not properly check whether objects are XBL objects, which allows remote attackers to execute arbitrary code or…

  • CVE-2014-1514CriMar 19, 2014
    risk 0.64cvss 9.8epss 0.06

    vmtypedarrayobject.cpp in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 does not validate the length of the destination array before a copy operation, which allows remote attackers to execute arbitrary code or cause…

  • CVE-2014-1493CriMar 19, 2014
    risk 0.64cvss 9.8epss 0.08

    Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly…

  • CVE-2014-1486CriFeb 6, 2014
    risk 0.64cvss 9.8epss 0.07

    Use-after-free vulnerability in the imgRequestProxy function in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allows remote attackers to execute arbitrary code via vectors involving unspecified Content-Type values…

  • CVE-2014-1477CriFeb 6, 2014
    risk 0.64cvss 9.8epss 0.06

    Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly…

  • CVE-2013-5616CriDec 11, 2013
    risk 0.64cvss 9.8epss 0.07

    Use-after-free vulnerability in the nsEventListenerManager::HandleEventSubType function in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary code or cause a denial of service…

  • CVE-2013-5615CriDec 11, 2013
    risk 0.64cvss 9.8epss 0.04

    The JavaScript implementation in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 does not properly enforce certain typeset restrictions on the generation of GetElementIC typed array stubs, which has unspecified impact…

  • CVE-2013-5613CriDec 11, 2013
    risk 0.64cvss 9.8epss 0.09

    Use-after-free vulnerability in the PresShell::DispatchSynthMouseMove function in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary code or cause a denial of service (heap…

  • CVE-2013-5609CriDec 11, 2013
    risk 0.64cvss 9.8epss 0.08

    Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly…

  • CVE-2010-2941CriNov 5, 2010
    risk 0.64cvss 9.8epss 0.06

    ipp.c in cupsd in CUPS 1.4.4 and earlier does not properly allocate memory for attribute values with invalid string data types, which allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly execute arbitrary code via a crafted IPP…

  • CVE-2015-8866CriMay 22, 2016
    risk 0.63cvss 9.6epss 0.04

    ext/libxml/libxml.c in PHP before 5.5.22 and 5.6.x before 5.6.6, when PHP-FPM is used, does not isolate each thread from libxml_disable_entity_loader changes in other threads, which allows remote attackers to conduct XML External Entity (XXE) and XML Entity Expansion (XEE)…

  • CVE-2016-1960HigMar 13, 2016
    risk 0.63cvss 8.8epss 0.31

    Integer underflow in the nsHtml5TreeBuilder class in the HTML5 string parser in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) by leveraging mishandling of end tags, as…

  • CVE-2015-7547HigFeb 18, 2016
    risk 0.63cvss 8.1epss 0.90

    Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS…

  • CVE-2016-4137HigJun 16, 2016
    risk 0.62cvss 8.8epss 0.16

    Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.

  • CVE-2016-4136HigJun 16, 2016
    risk 0.62cvss 8.8epss 0.16

    Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.

  • CVE-2016-4135HigJun 16, 2016
    risk 0.62cvss 8.8epss 0.17

    Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.

  • CVE-2014-3153HigKEVJun 7, 2014
    risk 0.62cvss 7.8epss 0.37

    The futex_requeue function in kernel/futex.c in the Linux kernel through 3.14.5 does not ensure that calls have two different futex addresses, which allows local users to gain privileges via a crafted FUTEX_REQUEUE command that facilitates unsafe waiter modification.

  • CVE-2016-1286HigMar 9, 2016
    risk 0.61cvss 8.6epss 0.62

    named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted signature record for a DNAME record, related to db.c and resolver.c.

  • CVE-2012-2034HigKEVJun 9, 2012
    risk 0.61cvss 7.5epss 0.08

    Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on Windows and Mac OS X; before 10.3.183.20 and 11.x before 11.2.202.236 on Linux; before 11.1.111.10 on Android 2.x and 3.x; and before 11.1.115.9 on Android 4.x, and Adobe AIR before 3.3.0.3610, allows…

  • CVE-2025-53883CriOct 30, 2025
    risk 0.60cvss epss 0.00

    A Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability allows attackers to run arbitrary javascript via a reflected XSS issue in the search fields.This issue affects Container suse/manager/5.0/x86_64/server:latest: from ? before…

  • CVE-2015-8776CriApr 19, 2016
    risk 0.60cvss 9.1epss 0.05

    The strftime function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly obtain sensitive information via an out-of-range time value.

  • CVE-2026-31431HigKEVApr 22, 2026
    risk 0.59cvss 7.8epss 0.97

    In the Linux kernel, the following vulnerability has been resolved: crypto: algif_aead - Revert to operating out-of-place This mostly reverts commit 72548b093ee3 except for the copying of the associated data. There is no benefit in operating in-place in algif_aead since the…

  • CVE-2015-5041CriJun 6, 2016
    risk 0.59cvss 9.1epss 0.04

    The J9 JVM in IBM SDK, Java Technology Edition 6 before SR16 FP20, 6 R1 before SR8 FP20, 7 before SR9 FP30, and 7 R1 before SR3 FP30 allows remote attackers to obtain sensitive information or inject data by invoking non-public interface methods.

  • CVE-2014-1508CriMar 19, 2014
    risk 0.59cvss 9.1epss 0.04

    The libxul.so!gfxContext::Polygon function in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to obtain sensitive information from process memory, cause a denial of service (out-of-bounds read…

  • CVE-2016-4156HigJun 16, 2016
    risk 0.58cvss 8.8epss 0.04

    Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.

  • CVE-2016-4155HigJun 16, 2016
    risk 0.58cvss 8.8epss 0.04

    Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.

  • CVE-2016-4154HigJun 16, 2016
    risk 0.58cvss 8.8epss 0.04

    Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.

  • CVE-2016-4153HigJun 16, 2016
    risk 0.58cvss 8.8epss 0.04

    Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.

  • CVE-2016-4152HigJun 16, 2016
    risk 0.58cvss 8.8epss 0.04

    Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.

  • CVE-2016-4151HigJun 16, 2016
    risk 0.58cvss 8.8epss 0.04

    Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.

  • CVE-2016-4150HigJun 16, 2016
    risk 0.58cvss 8.8epss 0.05

    Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.

  • CVE-2016-4149HigJun 16, 2016
    risk 0.58cvss 8.8epss 0.04

    Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.

  • CVE-2016-4148HigJun 16, 2016
    risk 0.58cvss 8.8epss 0.04

    Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.

  • CVE-2016-4147HigJun 16, 2016
    risk 0.58cvss 8.8epss 0.04

    Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.

Page 2 of 29