Suse Linux Enterprise Software Development Kit — known CVE vulnerabilities
Every CVE whose affected-product data names Suse Linux Enterprise Software Development Kit, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (200)
CVE-2012-5835 — CVSS 10.0 (critical): Integer overflow in the WebGL subsystem in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0…
CVE-2012-3956 — CVSS 10.0 (critical): Use-after-free vulnerability in the MediaStreamGraphThreadRunnable::Run function in Mozilla Firefox before 15.0, Firefox ESR 10.x before…
CVE-2012-4212 — CVSS 10.0 (critical): Use-after-free vulnerability in the XPCWrappedNative::Mark function in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey…
CVE-2012-3957 — CVSS 10.0 (critical): Heap-based buffer overflow in the nsBlockFrame::MarkLineDirty function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7…
CVE-2012-0444 — CVSS 10.0 (critical): Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 do not properly…
CVE-2012-3959 — CVSS 10.0 (critical): Use-after-free vulnerability in the nsRangeUpdater::SelAdjDeleteNode function in Mozilla Firefox before 15.0, Firefox ESR 10.x before…
CVE-2012-3960 — CVSS 10.0 (critical): Use-after-free vulnerability in the mozSpellChecker::SetCurrentDictionary function in Mozilla Firefox before 15.0, Firefox ESR 10.x before…
CVE-2012-3961 — CVSS 10.0 (critical): Use-after-free vulnerability in the RangeData implementation in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird…
CVE-2012-4218 — CVSS 10.0 (critical): Use-after-free vulnerability in the BuildTextRunsScanner::BreakSink::SetBreaks function in Mozilla Firefox before 17.0, Thunderbird before…
CVE-2012-3963 — CVSS 10.0 (critical): Use-after-free vulnerability in the js::gc::MapAllocToTraceKind function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7…
CVE-2013-0767 — CVSS 10.0 (critical): The nsSVGPathElement::GetPathLengthScale function in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.1…
CVE-2011-4862 — CVSS 10.0 (critical): Buffer overflow in libtelnet/encrypt.c in telnetd in FreeBSD 7.3 through 9.0, MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.2 and…
CVE-2012-1970 — CVSS 10.0 (critical): Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird…
CVE-2014-2978 — CVSS 10.0 (critical): The Dispatch_Write function in proxy/dispatcher/idirectfbsurface_dispatcher.c in DirectFB 1.4.4 allows remote attackers to cause a denial…
CVE-2014-2977 — CVSS 10.0 (critical): Multiple integer signedness errors in the Dispatch_Write function in proxy/dispatcher/idirectfbsurface_dispatcher.c in DirectFB 1.4.13…
CVE-2012-3968 — CVSS 10.0 (critical): Use-after-free vulnerability in the WebGL implementation in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before…
CVE-2015-2734 — CVSS 10.0 (critical): The CairoTextureClientD3D9::BorrowDrawTarget function in the Direct3D 9 implementation in Mozilla Firefox before 39.0, Firefox ESR 31.x…
CVE-2015-2737 — CVSS 10.0 (critical): The rx::d3d11::SetBufferData function in the Direct3D 11 implementation in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and…
CVE-2015-2738 — CVSS 10.0 (critical): The YCbCrImageDataDeserializer::ToDataSourceSurface function in the YCbCr implementation in Mozilla Firefox before 39.0, Firefox ESR 31.x…
CVE-2014-1488 — CVSS 10.0 (critical): The Web workers implementation in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 allows remote attackers to execute arbitrary code…
CVE-2012-1972 — CVSS 10.0 (critical): Use-after-free vulnerability in the nsHTMLEditor::CollapseAdjacentTextNodes function in Mozilla Firefox before 15.0, Firefox ESR 10.x…
CVE-2013-5610 — CVSS 10.0 (critical): Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 26.0 and SeaMonkey before 2.23 allow remote attackers…
CVE-2012-1973 — CVSS 10.0 (critical): Use-after-free vulnerability in the nsObjectLoadingContent::LoadObject function in Mozilla Firefox before 15.0, Firefox ESR 10.x before…
CVE-2012-1974 — CVSS 10.0 (critical): Use-after-free vulnerability in the gfxTextRun::CanBreakLineBefore function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7…
CVE-2012-1975 — CVSS 10.0 (critical): Use-after-free vulnerability in the PresShell::CompleteMove function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7…
CVE-2012-1976 — CVSS 10.0 (critical): Use-after-free vulnerability in the nsHTMLSelectElement::SubmitNamesValues function in Mozilla Firefox before 15.0, Firefox ESR 10.x before…
CVE-2017-14804 — CVSS 9.9 (critical): The build package before 20171128 did not check directory names during extraction of build results that allowed untrusted builds to write…
CVE-2015-8779 — CVSS 9.8 (critical): Stack-based buffer overflow in the catopen function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent…
CVE-2017-18017 — CVSS 9.8 (critical): The tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c in the Linux kernel before 4.11, and 4.9.x before 4.9.36, allows remote…
CVE-2016-2324 — CVSS 9.8 (critical): Integer overflow in Git before 2.7.4 allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees…
CVE-2016-4473 — CVSS 9.8 (critical): /ext/phar/phar_object.c in PHP 7.0.7 and 5.6.x allows remote attackers to execute arbitrary code. NOTE: Introduced as part of an incomplete…
CVE-2015-8778 — CVSS 9.8 (critical): Integer overflow in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service…
CVE-2016-5772 — CVSS 9.8 (critical): Double free vulnerability in the php_wddx_process_data function in wddx.c in the WDDX extension in PHP before 5.5.37, 5.6.x before 5.6.23…
CVE-2014-9852 — CVSS 9.8 (critical): distribute-cache.c in ImageMagick re-uses objects after they have been destroyed, which allows remote attackers to have unspecified impact…
CVE-2014-9761 — CVSS 9.8 (critical): Multiple stack-based buffer overflows in the GNU C Library (aka glibc or libc6) before 2.23 allow context-dependent attackers to cause a…
CVE-2016-0718 — CVSS 9.8 (critical): Expat allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a malformed input…
CVE-2016-2315 — CVSS 9.8 (critical): revision.c in git before 2.7.4 uses an incorrect integer data type, which allows remote attackers to execute arbitrary code via a (1) long…
CVE-2015-0192 — CVSS 9.8 (critical): Unspecified vulnerability in IBM Java 8 before SR1, 7 R1 before SR2 FP11, 7 before SR9, 6 R1 before SR8 FP4, 6 before SR16 FP4, and 5.0…
CVE-2014-2323 — CVSS 9.8 (critical): SQL injection vulnerability in mod_mysql_vhost.c in lighttpd before 1.4.35 allows remote attackers to execute arbitrary SQL commands via…
CVE-2016-5118 — CVSS 9.8 (critical): The OpenBlob function in blob.c in GraphicsMagick before 1.3.24 and ImageMagick allows remote attackers to execute arbitrary code via a |…
CVE-2015-8866 — CVSS 9.6 (critical): ext/libxml/libxml.c in PHP before 5.5.22 and 5.6.x before 5.6.6, when PHP-FPM is used, does not isolate each thread from…
CVE-2013-0746 — CVSS 9.3 (critical): Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before…
CVE-2013-0745 — CVSS 9.3 (critical): The AutoWrapperChanger class in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR…
CVE-2014-1494 — CVSS 9.3 (critical): Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote attackers…
CVE-2014-1490 — CVSS 9.3 (critical): Race condition in libssl in Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x…
CVE-2013-0771 — CVSS 9.3 (critical): Heap-based buffer overflow in the gfxTextRun::ShrinkToLigatureBoundaries function in Mozilla Firefox before 18.0, Firefox ESR 17.x before…
CVE-2013-0770 — CVSS 9.3 (critical): Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 18.0, Thunderbird before 17.0.2, and SeaMonkey before…
CVE-2013-0769 — CVSS 9.3 (critical): Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before…
CVE-2011-3439 — CVSS 9.3 (critical): FreeType in CoreGraphics in Apple iOS before 5.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory…
CVE-2011-3659 — CVSS 9.3 (critical): Use-after-free vulnerability in Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and…
CVE-2007-6427 — CVSS 9.3 (critical): The XInput extension in X.Org Xserver before 1.4.1 allows context-dependent attackers to execute arbitrary code via requests related to…
CVE-2013-0768 — CVSS 9.3 (critical): Stack-based buffer overflow in the Canvas implementation in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before…
CVE-2013-0766 — CVSS 9.3 (critical): Use-after-free vulnerability in the ~nsHTMLEditRules implementation in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and…
CVE-2013-0764 — CVSS 9.3 (critical): The nsSOCKSSocketInfo::ConnectToProxy function in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2…
CVE-2012-0442 — CVSS 9.3 (critical): Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18…
CVE-2012-0449 — CVSS 9.3 (critical): Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 allow remote…
CVE-2012-1938 — CVSS 9.3 (critical): Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 13.0, Thunderbird before 13.0, and SeaMonkey before…
CVE-2013-0763 — CVSS 9.3 (critical): Use-after-free vulnerability in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR…
CVE-2012-3967 — CVSS 9.3 (critical): The WebGL implementation in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x…
CVE-2013-0762 — CVSS 9.3 (critical): Use-after-free vulnerability in the imgRequest::OnStopFrame function in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and…
CVE-2013-0761 — CVSS 9.3 (critical): Use-after-free vulnerability in the mozilla::TrackUnionStream::EndTrack implementation in Mozilla Firefox before 18.0, Firefox ESR 17.x…
CVE-2013-0760 — CVSS 9.3 (critical): Buffer overflow in the CharDistributionAnalysis::HandleOneChar function in Mozilla Firefox before 18.0, Thunderbird before 17.0.2, and…
CVE-2008-5021 — CVSS 9.3 (critical): nsFrameManager in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13…
CVE-2013-0758 — CVSS 9.3 (critical): Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before…
CVE-2013-0757 — CVSS 9.3 (critical): The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2…
CVE-2013-0756 — CVSS 9.3 (critical): Use-after-free vulnerability in the obj_toSource function in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird…
CVE-2012-4202 — CVSS 9.3 (critical): Heap-based buffer overflow in the image::RasterImage::DrawFrameTo function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11…
CVE-2012-4204 — CVSS 9.3 (critical): The str_unescape function in the JavaScript engine in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14…
CVE-2013-0755 — CVSS 9.3 (critical): Use-after-free vulnerability in the mozVibrate implementation in the Vibrate library in Mozilla Firefox before 18.0, Firefox ESR 17.x…
CVE-2013-0754 — CVSS 9.3 (critical): Use-after-free vulnerability in the ListenerManager implementation in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x…
CVE-2013-0753 — CVSS 9.3 (critical): Use-after-free vulnerability in the serializeToStream implementation in the XMLSerializer component in Mozilla Firefox before 18.0, Firefox…
CVE-2013-0752 — CVSS 9.3 (critical): Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey…
CVE-2012-4213 — CVSS 9.3 (critical): Use-after-free vulnerability in the nsEditor::FindNextLeafNode function in Mozilla Firefox before 17.0, Thunderbird before 17.0, and…
CVE-2012-4214 — CVSS 9.3 (critical): Use-after-free vulnerability in the nsTextEditorState::PrepareEditor function in Mozilla Firefox before 17.0, Firefox ESR 10.x before…
CVE-2012-4215 — CVSS 9.3 (critical): Use-after-free vulnerability in the nsPlaintextEditor::FireClipboardEvent function in Mozilla Firefox before 17.0, Firefox ESR 10.x before…
CVE-2012-4216 — CVSS 9.3 (critical): Use-after-free vulnerability in the gfxFont::GetFontEntry function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11…
CVE-2012-4217 — CVSS 9.3 (critical): Use-after-free vulnerability in the nsViewManager::ProcessPendingUpdates function in Mozilla Firefox before 17.0, Thunderbird before 17.0…
CVE-2013-0750 — CVSS 9.3 (critical): Integer overflow in the JavaScript implementation in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2…
CVE-2012-5829 — CVSS 9.3 (critical): Heap-based buffer overflow in the nsWindow::OnExposeEvent function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11…
CVE-2012-5833 — CVSS 9.3 (critical): The texImage2D implementation in the WebGL subsystem in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before…
CVE-2012-5843 — CVSS 9.3 (critical): Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before…
CVE-2013-0744 — CVSS 9.3 (critical): Use-after-free vulnerability in the TableBackgroundPainter::TableBackgroundData::Destroy function in Mozilla Firefox before 18.0, Firefox…
CVE-2013-0749 — CVSS 9.3 (critical): Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.1, Thunderbird…
CVE-2012-5838 — CVSS 9.3 (critical): The copyTexImage2D implementation in the WebGL subsystem in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14…
CVE-2012-5839 — CVSS 9.3 (critical): Heap-based buffer overflow in the gfxShapedWord::CompressedGlyph::IsClusterStart function in Mozilla Firefox before 17.0, Firefox ESR 10.x…
CVE-2012-5840 — CVSS 9.3 (critical): Use-after-free vulnerability in the nsTextEditorState::PrepareEditor function in Mozilla Firefox before 17.0, Firefox ESR 10.x before…
CVE-2012-5842 — CVSS 9.3 (critical): Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird…
CVE-2015-5041 — CVSS 9.1 (critical): The J9 JVM in IBM SDK, Java Technology Edition 6 before SR16 FP20, 6 R1 before SR8 FP20, 7 before SR9 FP30, and 7 R1 before SR3 FP30 allows…
CVE-2015-8776 — CVSS 9.1 (critical): The strftime function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service…
CVE-2010-2753 — CVSS 8.8 (high): Integer overflow in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and…
CVE-2016-3630 — CVSS 8.8 (high): The binary delta decoder in Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a (1) clone, (2) push, or (3) pull…
CVE-2016-3069 — CVSS 8.8 (high): Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a crafted name when converting a Git repository.
CVE-2016-3068 — CVSS 8.8 (high): Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a crafted git ext:: URL when cloning a subrepository.
CVE-2016-1286 — CVSS 8.6 (high): named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 allows remote attackers to cause a denial of service (assertion failure…
CVE-2015-7547 — CVSS 8.1 (high): Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc…
CVE-2016-9959 — CVSS 7.8 (high): game-music-emu before 0.6.1 allows remote attackers to generate out of bounds 8-bit values.
CVE-2010-4164 — CVSS 7.8 (high): Multiple integer underflows in the x25_parse_facilities function in net/x25/x25_facilities.c in the Linux kernel before 2.6.36.2 allow…
CVE-2016-9958 — CVSS 7.8 (high): game-music-emu before 0.6.1 allows remote attackers to write to arbitrary memory locations.
CVE-2022-27239 — CVSS 7.8 (high): In cifs-utils through 6.14, a stack-based buffer overflow when parsing the mount.cifs ip= command-line argument could lead to local…
CVE-2015-8931 — CVSS 7.8 (high): Multiple integer overflows in the (1) get_time_t_max and (2) get_time_t_min functions in archive_read_support_format_mtree.c in libarchive…
CVE-2011-3192 — CVSS 7.8 (high): The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a…
CVE-2014-1947 — CVSS 7.8 (high): Stack-based buffer overflow in the WritePSDImage function in coders/psd.c in ImageMagick 6.5.4 and earlier allows remote attackers to cause…
CVE-2017-1000366 — CVSS 7.8 (high): glibc contains a vulnerability that allows specially crafted LD_LIBRARY_PATH values to manipulate the heap/stack, causing them to alias…
CVE-2015-8567 — CVSS 7.7 (high): Memory leak in net/vmxnet3.c in QEMU allows remote attackers to cause a denial of service (memory consumption).
CVE-2013-5619 — CVSS 7.5 (high): Multiple integer overflows in the binary-search implementation in SpiderMonkey in Mozilla Firefox before 26.0 and SeaMonkey before 2.23…
CVE-2008-0063 — CVSS 7.5 (high): The Kerberos 4 support in KDC in MIT Kerberos 5 (krb5kdc) does not properly clear the unused portion of a buffer when generating an error…
CVE-2015-8930 — CVSS 7.5 (high): bsdtar in libarchive before 3.2.0 allows remote attackers to cause a denial of service (infinite loop) via an ISO with a directory that is…
CVE-2014-3468 — CVSS 7.5 (high): The asn1_get_bit_der function in GNU Libtasn1 before 3.6 does not properly report an error when a negative bit length is identified, which…
CVE-2013-4365 — CVSS 7.5 (high): Heap-based buffer overflow in the fcgid_header_bucket_read function in fcgid_bucket.c in the mod_fcgid module before 2.3.9 for the Apache…
CVE-2015-3209 — CVSS 7.5 (high): Heap-based buffer overflow in the PCNET controller in QEMU allows remote attackers to execute arbitrary code by sending a packet with…
CVE-2012-5836 — CVSS 7.5 (high): Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allow remote attackers to execute arbitrary code or cause a…
CVE-2017-16232 — CVSS 7.5 (high): LibTIFF 4.0.8 has multiple memory leak vulnerabilities, which allow attackers to cause a denial of service (memory consumption), as…
CVE-2014-9854 — CVSS 7.5 (high): coders/tiff.c in ImageMagick allows remote attackers to cause a denial of service (application crash) via vectors related to the…
CVE-2014-3673 — CVSS 7.5 (high): The SCTP implementation in the Linux kernel through 3.17.2 allows remote attackers to cause a denial of service (system crash) via a…
CVE-2016-7797 — CVSS 7.5 (high): Pacemaker before 1.1.15, when using pacemaker remote, might allow remote attackers to cause a denial of service (node disconnection) via an…
CVE-2015-4680 — CVSS 7.5 (high): FreeRADIUS 2.2.x before 2.2.8 and 3.0.x before 3.0.9 does not properly check revocation of intermediate CA certificates.
CVE-2016-9398 — CVSS 7.5 (high): The jpc_floorlog2 function in jpc_math.c in JasPer before 1.900.17 allows remote attackers to cause a denial of service (assertion failure)…
CVE-2014-1485 — CVSS 7.5 (high): The Content Security Policy (CSP) implementation in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 operates on XSLT stylesheets…
CVE-2014-3687 — CVSS 7.5 (high): The sctp_assoc_lookup_asconf_ack function in net/sctp/associola.c in the SCTP implementation in the Linux kernel through 3.17.2 allows…
CVE-2015-5300 — CVSS 7.5 (high): The panic_gate check in NTP before 4.2.8p5 is only re-enabled after the first change to the system clock that was greater than 128…
CVE-2012-3515 — CVSS 7.2 (high): Qemu, as used in Xen 4.0, 4.1 and possibly other products, when emulating certain devices with a virtual console backend, allows local OS…
CVE-2015-5154 — CVSS 7.2 (high): Heap-based buffer overflow in the IDE subsystem in QEMU, as used in Xen 4.5.x and earlier, when the container has a CDROM drive enabled…
CVE-2009-2903 — CVSS 7.1 (high): Memory leak in the appletalk subsystem in the Linux kernel 2.4.x through 2.4.37.6 and 2.6.x through 2.6.31, when the appletalk and ipddp…
CVE-2015-2696 — CVSS 7.1 (high): lib/gssapi/krb5/iakerb.c in MIT Kerberos 5 (aka krb5) before 1.14 relies on an inappropriate context handle, which allows remote attackers…
CVE-2010-4160 — CVSS 6.9 (medium): Multiple integer overflows in the (1) pppol2tp_sendmsg function in net/l2tp/l2tp_ppp.c, and the (2) l2tp_ip_sendmsg function in…
CVE-2010-3848 — CVSS 6.9 (medium): Stack-based buffer overflow in the econet_sendmsg function in net/econet/af_econet.c in the Linux kernel before 2.6.36.2, when an econet…
CVE-2008-1375 — CVSS 6.9 (medium): Race condition in the directory notification subsystem (dnotify) in Linux kernel 2.6.x before 2.6.24.6, and 2.6.25 before 2.6.25.1, allows…
CVE-2011-4517 — CVSS 6.8 (medium): The jpc_crg_getparms function in libjasper/jpc/jpc_cs.c in JasPer 1.900.1 uses an incorrect data type during a certain size calculation…
CVE-2015-1283 — CVSS 6.8 (medium): Multiple integer overflows in the XML_GetBuffer function in Expat through 2.1.0, as used in Google Chrome before 44.0.2403.89 and other…
CVE-2012-4193 — CVSS 6.8 (medium): Mozilla Firefox before 16.0.1, Firefox ESR 10.x before 10.0.9, Thunderbird before 16.0.1, Thunderbird ESR 10.x before 10.0.9, and SeaMonkey…
CVE-2015-0797 — CVSS 6.8 (medium): GStreamer before 1.4.5, as used in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 on Linux, allows…
CVE-2016-1285 — CVSS 6.8 (medium): named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 does not properly handle DNAME records when parsing fetch reply messages…
CVE-2013-0800 — CVSS 6.8 (medium): Integer signedness error in the pixman_fill_sse2 function in pixman-sse2.c in Pixman, as distributed with Cairo and used in Mozilla Firefox…
CVE-2014-1502 — CVSS 6.8 (medium): The (1) WebGL.compressedTexImage2D and (2) WebGL.compressedTexSubImage2D functions in Mozilla Firefox before 28.0 and SeaMonkey before 2.25…
CVE-2011-4516 — CVSS 6.8 (medium): Heap-based buffer overflow in the jpc_cox_getcompparms function in libjasper/jpc/jpc_cs.c in JasPer 1.900.1 allows remote attackers to…
CVE-2013-0747 — CVSS 6.8 (medium): The gPluginHandler.handleEvent function in the plugin handler in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird…
CVE-2014-6469 — CVSS 6.8 (medium): Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote authenticated users to affect…
CVE-2012-4205 — CVSS 6.8 (medium): Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 assign the system principal, rather than the sandbox…
CVE-2013-0170 — CVSS 6.8 (medium): Use-after-free vulnerability in the virNetMessageFree function in rpc/virnetserverclient.c in libvirt 1.0.x before 1.0.2, 0.10.2 before…
CVE-2010-3437 — CVSS 6.6 (medium): Integer signedness error in the pkt_find_dev_from_minor function in drivers/block/pktcdvd.c in the Linux kernel before 2.6.36-rc6 allows…
CVE-2012-5612 — CVSS 6.5 (medium): Heap-based buffer overflow in Oracle MySQL 5.5.19 and other versions through 5.5.28, and MariaDB 5.5.28a and possibly other versions…
CVE-2011-1526 — CVSS 6.5 (medium): ftpd.c in the GSS-API FTP daemon in MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.1 and earlier does not check the krb5_setegid…
CVE-2015-5239 — CVSS 6.5 (medium): Integer overflow in the VNC display driver in QEMU before 2.1.0 allows attachers to cause a denial of service (process crash) via a…
CVE-2014-4258 — CVSS 6.5 (medium): Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier and 5.6.17 and earlier allows remote…
CVE-2014-6530 — CVSS 6.5 (medium): Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote authenticated users to affect…
CVE-2014-6555 — CVSS 6.5 (medium): Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote authenticated users to affect…
CVE-2012-4196 — CVSS 6.4 (medium): Mozilla Firefox before 16.0.2, Firefox ESR 10.x before 10.0.10, Thunderbird before 16.0.2, Thunderbird ESR 10.x before 10.0.10, and…
CVE-2015-5969 — CVSS 6.2 (medium): The mysql-systemd-helper script in the mysql-community-server package before 5.6.28-2.17.1 in openSUSE 13.2 and before 5.6.28-13.1 in…
CVE-2010-4258 — CVSS 6.2 (medium): The do_exit function in kernel/exit.c in the Linux kernel before 2.6.36.2 does not properly handle a KERNEL_DS get_fs value, which allows…
CVE-2010-4157 — CVSS 6.2 (medium): Integer overflow in the ioc_general function in drivers/scsi/gdth.c in the Linux kernel before 2.6.36.1 on 64-bit platforms allows local…
CVE-2020-8025 — CVSS 6.1 (medium): A Incorrect Execution-Assigned Permissions vulnerability in the permissions package of SUSE Linux Enterprise Server 12-SP4, SUSE Linux…
CVE-2015-8551 — CVSS 6.0 (medium): The PCI backend driver in Xen, when running on an x86 system and using Linux 3.1.x through 4.3.x as the driver domain, allows local guest…
CVE-2014-1501 — CVSS 5.8 (medium): Mozilla Firefox before 28.0 on Android allows remote attackers to bypass the Same Origin Policy and access arbitrary file: URLs via vectors…
CVE-2013-5611 — CVSS 5.8 (medium): Mozilla Firefox before 26.0 does not properly remove the Application Installation doorhanger, which makes it easier for remote attackers to…
CVE-2015-0501 — CVSS 5.7 (medium): Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect…
CVE-2016-0264 — CVSS 5.6 (medium): Buffer overflow in the Java Virtual Machine (JVM) in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25…
CVE-2015-8926 — CVSS 5.5 (medium): The archive_read_format_rar_read_data function in archive_read_support_format_rar.c in libarchive before 3.2.0 allows remote attackers to…
CVE-2014-4260 — CVSS 5.5 (medium): Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier, and 5.6.17 and earlier, allows remote…
CVE-2016-2318 — CVSS 5.5 (medium): GraphicsMagick 1.3.23 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted SVG file, related to…
CVE-2016-0651 — CVSS 5.5 (medium): Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier allows local users to affect availability via vectors related to Optimizer.
CVE-2015-8925 — CVSS 5.5 (medium): The readline function in archive_read_support_format_mtree.c in libarchive before 3.2.0 allows remote attackers to cause a denial of…
CVE-2014-3690 — CVSS 5.5 (medium): arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel before 3.17.2 on Intel processors does not ensure that the value in the CR4…
CVE-2015-8933 — CVSS 5.5 (medium): Integer overflow in the archive_read_format_tar_skip function in archive_read_support_format_tar.c in libarchive before 3.2.0 allows remote…
CVE-2015-8928 — CVSS 5.5 (medium): The process_add_entry function in archive_read_support_format_mtree.c in libarchive before 3.2.0 allows remote attackers to cause a denial…
CVE-2015-8932 — CVSS 5.5 (medium): The compress_bidder_init function in archive_read_support_filter_compress.c in libarchive before 3.2.0 allows remote attackers to cause a…
CVE-2017-5898 — CVSS 5.5 (medium): Integer overflow in the emulated_apdu_from_guest function in usb/dev-smartcard-reader.c in Quick Emulator (Qemu), when built with the CCID…
CVE-2015-8929 — CVSS 5.5 (medium): Memory leak in the __archive_read_get_extract function in archive_read_extract2.c in libarchive before 3.2.0 allows remote attackers to…
CVE-2014-8559 — CVSS 5.5 (medium): The d_walk function in fs/dcache.c in the Linux kernel through 3.17.2 does not properly maintain the semantics of rename_lock, which allows…
CVE-2014-9853 — CVSS 5.5 (medium): Memory leak in coders/rle.c in ImageMagick allows remote attackers to cause a denial of service (memory consumption) via a crafted rle file.
CVE-2015-8934 — CVSS 5.5 (medium): The copy_from_lzss_window function in archive_read_support_format_rar.c in libarchive 3.2.0 and earlier allows remote attackers to cause a…
CVE-2016-2317 — CVSS 5.5 (medium): Multiple buffer overflows in GraphicsMagick 1.3.23 allow remote attackers to cause a denial of service (crash) via a crafted SVG file…
CVE-2015-8808 — CVSS 5.5 (medium): The DecodeImage function in coders/gif.c in GraphicsMagick 1.3.18 allows remote attackers to cause a denial of service (uninitialized…
CVE-2019-11038 — CVSS 5.3 (medium): When using the gdImageCreateFromXbm() function in the GD Graphics Library (aka LibGD) 2.2.5, as used in the PHP GD extension in PHP…
CVE-2014-1500 — CVSS 5.0 (medium): Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote attackers to cause a denial of service (resource consumption and…
CVE-2014-1484 — CVSS 5.0 (medium): Mozilla Firefox before 27.0 on Android 4.2 and earlier creates system-log entries containing profile paths, which allows attackers to…
CVE-2014-2324 — CVSS 5.0 (medium): Multiple directory traversal vulnerabilities in (1) mod_evhost and (2) mod_simple_vhost in lighttpd before 1.4.35 allow remote attackers to…
CVE-2014-3467 — CVSS 5.0 (medium): Multiple unspecified vulnerabilities in the DER decoder in GNU Libtasn1 before 3.6, as used in GnuTLS, allow remote attackers to cause a…
CVE-2014-3469 — CVSS 5.0 (medium): The (1) asn1_read_value_type and (2) asn1_read_value functions in GNU Libtasn1 before 3.6 allows context-dependent attackers to cause a…
CVE-2013-3801 — CVSS 5.0 (medium): Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.30 and earlier and 5.6.10 allows remote authenticated users to…
CVE-2015-2568 — CVSS 5.0 (medium): Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote attackers to affect availability…
CVE-2013-1861 — CVSS 5.0 (medium): MariaDB 5.5.x before 5.5.30, 5.3.x before 5.3.13, 5.2.x before 5.2.15, and 5.1.x before 5.1.68, and Oracle MySQL 5.1.69 and earlier, 5.5.31…
CVE-2015-0272 — CVSS 5.0 (medium): GNOME NetworkManager allows remote attackers to cause a denial of service (IPv6 traffic disruption) via a crafted MTU value in an IPv6…
CVE-2012-3972 — CVSS 5.0 (medium): The format-number functionality in the XSLT implementation in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird…
CVE-2014-8160 — CVSS 5.0 (medium): net/netfilter/nf_conntrack_proto_generic.c in the Linux kernel before 3.18 generates incorrect conntrack entries during handling of certain…
CVE-2013-0759 — CVSS 5.0 (medium): Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before…
CVE-2014-1498 — CVSS 5.0 (medium): The crypto.generateCRMFRequest method in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 does not properly validate a certain key…
CVE-2015-2695 — CVSS 5.0 (medium): lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) before 1.14 relies on an inappropriate context handle, which allows remote…