Total
1465 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-0418 | 3 Debian, Opensuse, Oracle | 3 Debian Linux, Opensuse, Vm Virtualbox | 2025-04-12 | 2.1 LOW | N/A |
| Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 3.2.26, 4.0.28, 4.1.36, and 4.2.28 allows local users to affect availability via unknown vectors related to Core, a different vulnerability than CVE-2015-0377. | |||||
| CVE-2016-2798 | 5 Mozilla, Opensuse, Oracle and 2 more | 6 Firefox, Leap, Opensuse and 3 more | 2025-04-12 | 6.8 MEDIUM | 8.8 HIGH |
| The graphite2::GlyphCache::Loader::Loader function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font. | |||||
| CVE-2015-2695 | 6 Canonical, Debian, Mit and 3 more | 9 Ubuntu Linux, Debian Linux, Kerberos 5 and 6 more | 2025-04-12 | 5.0 MEDIUM | N/A |
| lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) before 1.14 relies on an inappropriate context handle, which allows remote attackers to cause a denial of service (incorrect pointer read and process crash) via a crafted SPNEGO packet that is mishandled during a gss_inquire_context call. | |||||
| CVE-2015-4478 | 3 Canonical, Mozilla, Opensuse | 3 Ubuntu Linux, Firefox, Opensuse | 2025-04-12 | 5.0 MEDIUM | N/A |
| Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 do not impose certain ECMAScript 6 requirements on JavaScript object properties, which allows remote attackers to bypass the Same Origin Policy via the reviver parameter to the JSON.parse method. | |||||
| CVE-2015-4492 | 4 Canonical, Mozilla, Opensuse and 1 more | 4 Ubuntu Linux, Firefox, Opensuse and 1 more | 2025-04-12 | 7.5 HIGH | N/A |
| Use-after-free vulnerability in the XMLHttpRequest::Open implementation in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 might allow remote attackers to execute arbitrary code via a SharedWorker object that makes recursive calls to the open method of an XMLHttpRequest object. | |||||
| CVE-2014-7818 | 2 Opensuse, Rubyonrails | 3 Opensuse, Rails, Ruby On Rails | 2025-04-12 | 4.3 MEDIUM | N/A |
| Directory traversal vulnerability in actionpack/lib/action_dispatch/middleware/static.rb in Action Pack in Ruby on Rails 3.x before 3.2.20, 4.0.x before 4.0.11, 4.1.x before 4.1.7, and 4.2.x before 4.2.0.beta3, when serve_static_assets is enabled, allows remote attackers to determine the existence of files outside the application root via a /..%2F sequence. | |||||
| CVE-2016-5739 | 2 Opensuse, Phpmyadmin | 3 Leap, Opensuse, Phpmyadmin | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
| The Transformation implementation in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 does not use the no-referrer Content Security Policy (CSP) protection mechanism, which makes it easier for remote attackers to conduct CSRF attacks by reading an authentication token in a Referer header, related to libraries/Header.php. | |||||
| CVE-2015-4487 | 4 Canonical, Mozilla, Opensuse and 1 more | 5 Ubuntu Linux, Firefox, Firefox Os and 2 more | 2025-04-12 | 7.5 HIGH | N/A |
| The nsTSubstring::ReplacePrep function in Mozilla Firefox before 40.0, Firefox ESR 38.x before 38.2, and Firefox OS before 2.2 might allow remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, related to an "overflow." | |||||
| CVE-2014-9640 | 2 Opensuse, Xiph | 2 Opensuse, Vorbis-tools | 2025-04-12 | 5.0 MEDIUM | N/A |
| oggenc/oggenc.c in vorbis-tools 1.4.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted raw file. | |||||
| CVE-2016-2802 | 5 Mozilla, Opensuse, Oracle and 2 more | 6 Firefox, Leap, Opensuse and 3 more | 2025-04-12 | 6.8 MEDIUM | 8.8 HIGH |
| The graphite2::TtfUtil::CmapSubtable4NextCodepoint function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font. | |||||
| CVE-2016-1676 | 5 Debian, Google, Opensuse and 2 more | 8 Debian Linux, Chrome, Leap and 5 more | 2025-04-12 | 6.8 MEDIUM | 8.8 HIGH |
| extensions/renderer/resources/binding.js in the extension bindings in Google Chrome before 51.0.2704.63 does not properly use prototypes, which allows remote attackers to bypass the Same Origin Policy via unspecified vectors. | |||||
| CVE-2016-6905 | 2 Libgd, Opensuse | 3 Libgd, Leap, Opensuse | 2025-04-12 | 4.3 MEDIUM | 6.5 MEDIUM |
| The read_image_tga function in gd_tga.c in the GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA image. | |||||
| CVE-2016-2324 | 3 Git-scm, Opensuse, Suse | 8 Git, Leap, Opensuse and 5 more | 2025-04-12 | 10.0 HIGH | 9.8 CRITICAL |
| Integer overflow in Git before 2.7.4 allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, which triggers a heap-based buffer overflow. | |||||
| CVE-2014-7939 | 4 Chromium, Google, Opensuse and 1 more | 7 Chromium, Chrome, Opensuse and 4 more | 2025-04-12 | 4.3 MEDIUM | N/A |
| Google Chrome before 40.0.2214.91, when the Harmony proxy in Google V8 is enabled, allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code with Proxy.create and console.log calls, related to HTTP responses that lack an "X-Content-Type-Options: nosniff" header. | |||||
| CVE-2015-4861 | 7 Canonical, Debian, Fedoraproject and 4 more | 15 Ubuntu Linux, Debian Linux, Fedora and 12 more | 2025-04-12 | 3.5 LOW | N/A |
| Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB. | |||||
| CVE-2016-1930 | 3 Mozilla, Opensuse, Oracle | 4 Firefox, Leap, Opensuse and 1 more | 2025-04-12 | 10.0 HIGH | 9.8 CRITICAL |
| Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 44.0 and Firefox ESR 38.x before 38.6 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | |||||
| CVE-2014-8961 | 2 Opensuse, Phpmyadmin | 2 Opensuse, Phpmyadmin | 2025-04-12 | 4.0 MEDIUM | N/A |
| Directory traversal vulnerability in libraries/error_report.lib.php in the error-reporting feature in phpMyAdmin 4.1.x before 4.1.14.7 and 4.2.x before 4.2.12 allows remote authenticated users to obtain potentially sensitive information about a file's line count via a crafted parameter. | |||||
| CVE-2015-7552 | 1 Opensuse | 1 Opensuse | 2025-04-12 | 9.3 HIGH | 7.8 HIGH |
| Heap-based buffer overflow in the gdk_pixbuf_flip function in gdk-pixbuf-scale.c in gdk-pixbuf 2.30.x allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted BMP file. | |||||
| CVE-2016-2794 | 5 Mozilla, Opensuse, Oracle and 2 more | 6 Firefox, Leap, Opensuse and 3 more | 2025-04-12 | 9.3 HIGH | 8.8 HIGH |
| The graphite2::TtfUtil::CmapSubtable12NextCodepoint function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font. | |||||
| CVE-2015-4826 | 7 Canonical, Debian, Fedoraproject and 4 more | 14 Ubuntu Linux, Debian Linux, Fedora and 11 more | 2025-04-12 | 4.0 MEDIUM | N/A |
| Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Types. | |||||