Total
1910 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2016-2807 | 3 Mozilla, Opensuse, Suse | 5 Firefox, Firefox Esr, Leap and 2 more | 2023-12-10 | 10.0 HIGH | 8.8 HIGH |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 46.0, Firefox ESR 38.x before 38.8, and Firefox ESR 45.x before 45.1 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | |||||
CVE-2016-1657 | 4 Debian, Google, Novell and 1 more | 4 Debian Linux, Chrome, Suse Package Hub For Suse Linux Enterprise and 1 more | 2023-12-10 | 4.3 MEDIUM | 4.3 MEDIUM |
The WebContentsImpl::FocusLocationBarByDefault function in content/browser/web_contents/web_contents_impl.cc in Google Chrome before 50.0.2661.75 mishandles focus for certain about:blank pages, which allows remote attackers to spoof the address bar via a crafted URL. | |||||
CVE-2016-5149 | 2 Google, Opensuse | 2 Chrome, Leap | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
The extensions subsystem in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux relies on an IFRAME source URL to identify an associated extension, which allows remote attackers to conduct extension-bindings injection attacks by leveraging script access to a resource that initially has the about:blank URL. | |||||
CVE-2016-4574 | 3 Canonical, Gnupg, Opensuse | 4 Ubuntu Linux, Libksba, Leap and 1 more | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
Off-by-one error in the append_utf8_value function in the DN decoder (dn.c) in Libksba before 1.3.4 allows remote attackers to cause a denial of service (out-of-bounds read) via invalid utf-8 encoded data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-4356. | |||||
CVE-2014-0195 | 4 Fedoraproject, Mariadb, Openssl and 1 more | 5 Fedora, Mariadb, Openssl and 2 more | 2023-12-10 | 6.8 MEDIUM | N/A |
The dtls1_reassemble_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly validate fragment lengths in DTLS ClientHello messages, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a long non-initial fragment. | |||||
CVE-2013-6393 | 5 Canonical, Debian, Opensuse and 2 more | 6 Ubuntu Linux, Debian Linux, Leap and 3 more | 2023-12-10 | 6.8 MEDIUM | N/A |
The yaml_parser_scan_tag_uri function in scanner.c in LibYAML before 0.1.5 performs an incorrect cast, which allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted tags in a YAML document, which triggers a heap-based buffer overflow. | |||||
CVE-2014-0221 | 6 Fedoraproject, Mariadb, Openssl and 3 more | 11 Fedora, Mariadb, Openssl and 8 more | 2023-12-10 | 4.3 MEDIUM | N/A |
The dtls1_get_message_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote attackers to cause a denial of service (recursion and client crash) via a DTLS hello message in an invalid DTLS handshake. | |||||
CVE-2014-2525 | 2 Opensuse, Pyyaml | 3 Leap, Opensuse, Libyaml | 2023-12-10 | 6.8 MEDIUM | N/A |
Heap-based buffer overflow in the yaml_parser_scan_uri_escapes function in LibYAML before 0.1.6 allows context-dependent attackers to execute arbitrary code via a long sequence of percent-encoded characters in a URI in a YAML file. | |||||
CVE-2014-3470 | 6 Fedoraproject, Mariadb, Openssl and 3 more | 11 Fedora, Mariadb, Openssl and 8 more | 2023-12-10 | 4.3 MEDIUM | N/A |
The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h, when an anonymous ECDH cipher suite is used, allows remote attackers to cause a denial of service (NULL pointer dereference and client crash) by triggering a NULL certificate value. | |||||
CVE-2012-3534 | 2 Gnugk, Opensuse | 3 Gnu Gatekeeper, Leap, Opensuse | 2023-12-10 | 5.0 MEDIUM | N/A |
GNU Gatekeeper before 3.1 does not limit the number of connections to the status port, which allows remote attackers to cause a denial of service (connection and thread consumption) via a large number of connections. |