CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Novell » Opensuse : Security Vulnerabilities (CVSS score between 7 and 7.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2016-6172 400 DoS 2016-09-26 2017-08-31
7.1
None Remote Medium Not required None None Complete
PowerDNS (aka pdns) Authoritative Server before 4.0.1 allows remote primary DNS servers to cause a denial of service (memory exhaustion and secondary DNS server crash) via a large (1) AXFR or (2) IXFR response.
2 CVE-2016-5703 89 Exec Code Sql 2016-07-02 2017-06-30
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in libraries/central_columns.lib.php in phpMyAdmin 4.4.x before 4.4.15.7 and 4.6.x before 4.6.3 allows remote attackers to execute arbitrary SQL commands via a crafted database name that is mishandled in a central column query.
3 CVE-2016-4429 20 DoS Overflow 2016-06-10 2017-02-01
7.5
None Remote Low Not required Partial Partial Partial
Stack-based buffer overflow in the clntudp_call function in sunrpc/clnt_udp.c in the GNU C Library (aka glibc or libc6) allows remote servers to cause a denial of service (crash) or possibly unspecified other impact via a flood of crafted ICMP and UDP packets.
4 CVE-2016-4303 119 DoS Exec Code Overflow 2016-09-26 2016-09-28
7.5
None Remote Low Not required Partial Partial Partial
The parse_string function in cjson.c in the cJSON library mishandles UTF8/16 strings, which allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a non-hex character in a JSON string, which triggers a heap-based buffer overflow.
5 CVE-2016-2851 119 DoS Exec Code Overflow Mem. Corr. 2016-04-07 2017-09-07
7.5
None Remote Low Not required Partial Partial Partial
Integer overflow in proto.c in libotr before 4.1.1 on 64-bit platforms allows remote attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via a series of large OTR messages, which triggers a heap-based buffer overflow.
6 CVE-2016-1956 399 DoS Mem. Corr. 2016-03-13 2016-12-02
7.1
None Remote Medium Not required None None Complete
Mozilla Firefox before 45.0 on Linux, when an Intel video driver is used, allows remote attackers to cause a denial of service (memory consumption or stack memory corruption) by triggering use of a WebGL shader.
7 CVE-2016-1666 DoS 2016-05-14 2017-04-26
7.5
None Remote Low Not required Partial Partial Partial
Multiple unspecified vulnerabilities in Google Chrome before 50.0.2661.94 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
8 CVE-2016-0546 Overflow 2016-01-20 2016-12-07
7.2
None Local Low Not required Complete Complete Complete
Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Client. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that these are multiple buffer overflows in the mysqlshow tool that allow remote database servers to have unspecified impact via a long table or database name.
9 CVE-2015-8805 310 2016-02-23 2016-11-28
7.5
None Remote Low Not required Partial Partial Partial
The ecc_256_modq function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors, a different vulnerability than CVE-2015-8803.
10 CVE-2015-8804 254 2016-02-23 2016-03-10
7.5
None Remote Low Not required Partial Partial Partial
x86_64/ecc-384-modp.asm in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-384 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors.
11 CVE-2015-8803 254 2016-02-23 2016-12-05
7.5
None Remote Low Not required Partial Partial Partial
The ecc_256_modp function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors, a different vulnerability than CVE-2015-8805.
12 CVE-2015-8779 119 DoS Exec Code Overflow 2016-04-19 2017-06-30
7.5
None Remote Low Not required Partial Partial Partial
Stack-based buffer overflow in the catopen function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long catalog name.
13 CVE-2015-8778 119 DoS Exec Code Overflow 2016-04-19 2017-06-30
7.5
None Remote Low Not required Partial Partial Partial
Integer overflow in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via the size argument to the __hcreate_r function, which triggers out-of-bounds heap-memory access.
14 CVE-2015-8614 119 Overflow 2016-04-11 2016-12-02
7.5
None Remote Low Not required Partial Partial Partial
Multiple stack-based buffer overflows in the (1) conv_jistoeuc, (2) conv_euctojis, and (3) conv_sjistoeuc functions in codeconv.c in Claws Mail before 3.13.1 allow remote attackers to have unspecified impact via a crafted email, involving Japanese character set conversion.
15 CVE-2015-8078 189 Overflow 2015-12-03 2017-09-13
7.5
None Remote Low Not required Partial Partial Partial
Integer overflow in the index_urlfetch function in imap/index.c in Cyrus IMAP 2.3.19, 2.4.18, and 2.5.6 allows remote attackers to have unspecified impact via vectors related to urlfetch range checks and the section_offset variable. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-8076.
16 CVE-2015-8077 189 Overflow 2015-12-03 2017-09-13
7.5
None Remote Low Not required Partial Partial Partial
Integer overflow in the index_urlfetch function in imap/index.c in Cyrus IMAP 2.3.19, 2.4.18, and 2.5.6 allows remote attackers to have unspecified impact via vectors related to urlfetch range checks and the start_octet variable. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-8076.
17 CVE-2015-8076 119 Overflow +Info 2015-12-03 2016-11-29
7.5
None Remote Low Not required Partial Partial Partial
The index_urlfetch function in index.c in Cyrus IMAP 2.3.x before 2.3.19, 2.4.x before 2.4.18, 2.5.x before 2.5.4 allows remote attackers to obtain sensitive information or possibly have unspecified other impact via vectors related to the urlfetch range, which triggers an out-of-bounds heap read.
18 CVE-2015-7545 20 Exec Code 2016-04-13 2017-09-09
7.5
None Remote Low Not required Partial Partial Partial
The (1) git-remote-ext and (2) unspecified other remote helper programs in Git before 2.3.10, 2.4.x before 2.4.10, 2.5.x before 2.5.4, and 2.6.x before 2.6.1 do not properly restrict the allowed protocols, which might allow remote attackers to execute arbitrary code via a URL in a (a) .gitmodules file or (b) unknown other sources in a submodule.
19 CVE-2015-7212 189 Exec Code Overflow 2015-12-16 2017-03-23
7.5
None Remote Low Not required Partial Partial Partial
Integer overflow in the mozilla::layers::BufferTextureClient::AllocateForSurface function in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allows remote attackers to execute arbitrary code by triggering a graphics operation that requires a large texture allocation.
20 CVE-2015-7210 Exec Code 2015-12-16 2016-12-07
7.5
None Remote Low Not required Partial Partial Partial
Use-after-free vulnerability in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allows remote attackers to execute arbitrary code by triggering attempted use of a data channel that has been closed by a WebRTC function.
21 CVE-2015-5228 264 2016-06-07 2016-06-08
7.2
None Local Low Not required Complete Complete Complete
The service daemon in CRIU creates log and dump files insecurely, which allows local users to create arbitrary files and take ownership of existing files via unspecified vectors related to a directory path.
22 CVE-2015-4492 Exec Code 2015-08-15 2016-12-23
7.5
None Remote Low Not required Partial Partial Partial
Use-after-free vulnerability in the XMLHttpRequest::Open implementation in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 might allow remote attackers to execute arbitrary code via a SharedWorker object that makes recursive calls to the open method of an XMLHttpRequest object.
23 CVE-2015-4489 119 DoS Overflow Mem. Corr. 2015-08-15 2016-12-23
7.5
None Remote Low Not required Partial Partial Partial
The nsTArray_Impl class in Mozilla Firefox before 40.0, Firefox ESR 38.x before 38.2, and Firefox OS before 2.2 might allow remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging a self assignment.
24 CVE-2015-4488 2015-08-15 2016-12-23
7.5
None Remote Low Not required Partial Partial Partial
Use-after-free vulnerability in the StyleAnimationValue class in Mozilla Firefox before 40.0, Firefox ESR 38.x before 38.2, and Firefox OS before 2.2 allows remote attackers to have an unspecified impact by leveraging a StyleAnimationValue::operator self assignment.
25 CVE-2015-4487 119 DoS Overflow Mem. Corr. 2015-08-15 2016-12-23
7.5
None Remote Low Not required Partial Partial Partial
The nsTSubstring::ReplacePrep function in Mozilla Firefox before 40.0, Firefox ESR 38.x before 38.2, and Firefox OS before 2.2 might allow remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, related to an "overflow."
26 CVE-2015-4475 119 DoS Exec Code Overflow 2015-08-15 2016-12-23
7.5
None Remote Low Not required Partial Partial Partial
The mozilla::AudioSink function in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 mishandles inconsistent sample formats within MP3 audio data, which allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via a malformed file.
27 CVE-2015-3145 119 DoS Overflow 2015-04-24 2017-01-02
7.5
None Remote Low Not required Partial Partial Partial
The sanitize_cookie_path function in cURL and libcurl 7.31.0 through 7.41.0 does not properly calculate an index, which allows remote attackers to cause a denial of service (out-of-bounds write and crash) or possibly have other unspecified impact via a cookie path containing only a double-quote character.
28 CVE-2015-2787 Exec Code 2015-03-30 2016-12-30
7.5
None Remote Low Not required Partial Partial Partial
Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages use of the unset function within an __wakeup function, a related issue to CVE-2015-0231.
29 CVE-2015-2716 119 Exec Code Overflow 2015-05-14 2017-01-02
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in the XML parser in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code by providing a large amount of compressed XML data, a related issue to CVE-2015-1283.
30 CVE-2015-2712 119 Exec Code Overflow +Info 2015-05-14 2017-01-02
7.5
None Remote Low Not required Partial Partial Partial
The asm.js implementation in Mozilla Firefox before 38.0 does not properly determine heap lengths during identification of cases in which bounds checking may be safely skipped, which allows remote attackers to trigger out-of-bounds write operations and possibly execute arbitrary code, or trigger out-of-bounds read operations and possibly obtain sensitive information from process memory, via crafted JavaScript.
31 CVE-2015-2709 DoS Exec Code Mem. Corr. 2015-05-14 2017-01-02
7.5
None Remote Low Not required Partial Partial Partial
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 38.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
32 CVE-2015-2708 DoS Exec Code Mem. Corr. 2015-05-14 2017-01-02
7.5
None Remote Low Not required Partial Partial Partial
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
33 CVE-2015-2331 189 DoS Exec Code Overflow 2015-03-30 2016-12-02
7.5
None Remote Low Not required Partial Partial Partial
Integer overflow in the _zip_cdir_new function in zip_dirent.c in libzip 0.11.2 and earlier, as used in the ZIP extension in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a ZIP archive that contains many entries, leading to a heap-based buffer overflow.
34 CVE-2015-2301 DoS 2015-03-30 2016-12-30
7.5
None Remote Low Not required Partial Partial Partial
Use-after-free vulnerability in the phar_rename_archive function in phar_object.c in PHP before 5.5.22 and 5.6.x before 5.6.6 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an attempted renaming of a Phar archive to the name of an existing file.
35 CVE-2015-2059 119 Overflow 2015-08-12 2016-11-30
7.5
None Remote Low Not required Partial Partial Partial
The stringprep_utf8_to_ucs4 function in libin before 1.31, as used in jabberd2, allows context-dependent attackers to read system memory and possibly have other unspecified impact via invalid UTF-8 characters in a string, which triggers an out-of-bounds read.
36 CVE-2015-1289 DoS 2015-07-22 2016-12-02
7.5
None Remote Low Not required Partial Partial Partial
Multiple unspecified vulnerabilities in Google Chrome before 44.0.2403.89 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
37 CVE-2015-1284 20 DoS 2015-07-22 2016-12-02
7.5
None Remote Low Not required Partial Partial Partial
The LocalFrame::isURLAllowed function in core/frame/LocalFrame.cpp in Blink, as used in Google Chrome before 44.0.2403.89, does not properly check for a page's maximum number of frames, which allows remote attackers to cause a denial of service (invalid count value and use-after-free) or possibly have unspecified other impact via crafted JavaScript code that makes many createElement calls for IFRAME elements.
38 CVE-2015-1280 119 DoS Overflow Mem. Corr. 2015-07-22 2016-12-02
7.5
None Remote Low Not required Partial Partial Partial
SkPictureShader.cpp in Skia, as used in Google Chrome before 44.0.2403.89, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging access to a renderer process and providing crafted serialized data.
39 CVE-2015-1279 189 DoS Overflow 2015-07-22 2016-12-02
7.5
None Remote Low Not required Partial Partial Partial
Integer overflow in the CJBig2_Image::expand function in fxcodec/jbig2/JBig2_Image.cpp in PDFium, as used in Google Chrome before 44.0.2403.89, allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via large height and stride values.
40 CVE-2015-1277 DoS 2015-07-22 2016-12-02
7.5
None Remote Low Not required Partial Partial Partial
Use-after-free vulnerability in the accessibility implementation in Google Chrome before 44.0.2403.89 allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging lack of certain validity checks for accessibility-tree data structures.
41 CVE-2015-1276 DoS 2015-07-22 2016-12-02
7.5
None Remote Low Not required Partial Partial Partial
Use-after-free vulnerability in content/browser/indexed_db/indexed_db_backing_store.cc in the IndexedDB implementation in Google Chrome before 44.0.2403.89 allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging an abort action before a certain write operation.
42 CVE-2015-1272 DoS 2015-07-22 2016-12-02
7.5
None Remote Low Not required Partial Partial Partial
Use-after-free vulnerability in the GPU process implementation in Google Chrome before 44.0.2403.89 allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging the continued availability of a GPUChannelHost data structure during Blink shutdown, related to content/browser/gpu/browser_gpu_channel_host_factory.cc and content/renderer/render_thread_impl.cc.
43 CVE-2015-1182 DoS Exec Code 2015-01-27 2015-04-17
7.5
None Remote Low Not required Partial Partial Partial
The asn1_get_sequence_of function in library/asn1parse.c in PolarSSL 1.0 through 1.2.12 and 1.3.x through 1.3.9 does not properly initialize a pointer in the asn1_sequence linked list, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted ASN.1 sequence in a certificate.
44 CVE-2015-0823 2015-02-25 2016-12-21
7.5
None Remote Low Not required Partial Partial Partial
Multiple use-after-free vulnerabilities in OpenType Sanitiser, as used in Mozilla Firefox before 36.0, might allow remote attackers to trigger problematic Developer Console information or possibly have unspecified other impact by leveraging incorrect macro expansion, related to the ots::ots_gasp_parse function.
45 CVE-2015-0806 17 DoS Exec Code Mem. Corr. 2015-04-01 2016-12-06
7.5
None Remote Low Not required Partial Partial Partial
The Off Main Thread Compositing (OMTC) implementation in Mozilla Firefox before 37.0 attempts to use memset for a memory region of negative length during interaction with the mozilla::layers::BufferTextureClient::AllocateForSurface function, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vectors that trigger rendering of 2D graphics content.
46 CVE-2015-0805 17 DoS Exec Code Mem. Corr. 2015-04-01 2016-12-06
7.5
None Remote Low Not required Partial Partial Partial
The Off Main Thread Compositing (OMTC) implementation in Mozilla Firefox before 37.0 makes an incorrect memset call during interaction with the mozilla::layers::BufferTextureClient::AllocateForSurface function, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors that trigger rendering of 2D graphics content.
47 CVE-2015-0804 264 DoS Exec Code 2015-04-01 2016-12-06
7.5
None Remote Low Not required Partial Partial Partial
The HTMLSourceElement::BindToTree function in Mozilla Firefox before 37.0 does not properly constrain a data type after omitting namespace validation during certain tree-binding operations, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via a crafted HTML document containing a SOURCE element.
48 CVE-2015-0803 264 DoS Exec Code 2015-04-01 2016-12-06
7.5
None Remote Low Not required Partial Partial Partial
The HTMLSourceElement::AfterSetAttr function in Mozilla Firefox before 37.0 does not properly constrain the original data type of a casted value during the setting of a SOURCE element's attributes, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via a crafted HTML document.
49 CVE-2015-0794 59 2015-11-19 2015-11-20
7.2
None Local Low Not required Complete Complete Complete
modules.d/90crypt/module-setup.sh in the dracut package before 037-17.30.1 in openSUSE 13.2 allows local users to have unspecified impact via a symlink attack on /tmp/dracut_block_uuid.map.
50 CVE-2015-0778 77 Exec Code 2015-03-16 2016-12-30
7.5
None Remote Low Not required Partial Partial Partial
osc before 0.151.0 allows remote attackers to execute arbitrary commands via shell metacharacters in a _service file.
Total number of vulnerabilities : 146   Page : 1 (This Page)2 3
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.