Total
1919 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-2818 | 6 Canonical, Debian, Mozilla and 3 more | 21 Ubuntu Linux, Debian Linux, Firefox and 18 more | 2025-04-12 | 6.8 MEDIUM | 8.8 HIGH |
| Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | |||||
| CVE-2015-8863 | 2 Jq Project, Opensuse | 3 Jq, Leap, Opensuse | 2025-04-12 | 10.0 HIGH | 9.8 CRITICAL |
| Off-by-one error in the tokenadd function in jv_parse.c in jq allows remote attackers to cause a denial of service (crash) via a long JSON-encoded number, which triggers a heap-based buffer overflow. | |||||
| CVE-2016-0503 | 4 Canonical, Opensuse, Oracle and 1 more | 5 Ubuntu Linux, Leap, Opensuse and 2 more | 2025-04-12 | 4.0 MEDIUM | N/A |
| Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier and 5.7.9 allows remote authenticated users to affect availability via vectors related to DML, a different vulnerability than CVE-2016-0504. | |||||
| CVE-2016-1674 | 5 Debian, Google, Opensuse and 2 more | 8 Debian Linux, Chrome, Leap and 5 more | 2025-04-12 | 6.8 MEDIUM | 8.8 HIGH |
| The extensions subsystem in Google Chrome before 51.0.2704.63 allows remote attackers to bypass the Same Origin Policy via unspecified vectors. | |||||
| CVE-2015-4116 | 2 Opensuse, Php | 2 Leap, Php | 2025-04-12 | 7.5 HIGH | 9.8 CRITICAL |
| Use-after-free vulnerability in the spl_ptr_heap_insert function in ext/spl/spl_heap.c in PHP before 5.5.27 and 5.6.x before 5.6.11 allows remote attackers to execute arbitrary code by triggering a failed SplMinHeap::compare operation. | |||||
| CVE-2016-6352 | 3 Canonical, Gnome, Opensuse | 4 Ubuntu Linux, Gdk-pixbuf, Leap and 1 more | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
| The OneLine32 function in io-ico.c in gdk-pixbuf before 2.35.3 allows remote attackers to cause a denial of service (out-of-bounds write and crash) via crafted dimensions in an ICO file. | |||||
| CVE-2015-4802 | 7 Canonical, Debian, Fedoraproject and 4 more | 15 Ubuntu Linux, Debian Linux, Fedora and 12 more | 2025-04-12 | 4.0 MEDIUM | N/A |
| Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition, a different vulnerability than CVE-2015-4792. | |||||
| CVE-2016-1977 | 5 Mozilla, Opensuse, Oracle and 2 more | 6 Firefox, Leap, Opensuse and 3 more | 2025-04-12 | 6.8 MEDIUM | 8.8 HIGH |
| The Machine::Code::decoder::analysis::set_ref function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to execute arbitrary code or cause a denial of service (stack memory corruption) via a crafted Graphite smart font. | |||||
| CVE-2016-0611 | 4 Canonical, Opensuse, Oracle and 1 more | 5 Ubuntu Linux, Leap, Opensuse and 2 more | 2025-04-12 | 4.0 MEDIUM | N/A |
| Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier and 5.7.9 allows remote authenticated users to affect availability via unknown vectors related to Optimizer. | |||||
| CVE-2015-8631 | 5 Debian, Mit, Opensuse and 2 more | 11 Debian Linux, Kerberos 5, Leap and 8 more | 2025-04-12 | 4.0 MEDIUM | 6.5 MEDIUM |
| Multiple memory leaks in kadmin/server/server_stubs.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 allow remote authenticated users to cause a denial of service (memory consumption) via a request specifying a NULL principal name. | |||||
| CVE-2016-6265 | 2 Artifex, Opensuse | 3 Mupdf, Leap, Opensuse | 2025-04-12 | 4.3 MEDIUM | 5.5 MEDIUM |
| Use-after-free vulnerability in the pdf_load_xref function in pdf/pdf-xref.c in MuPDF allows remote attackers to cause a denial of service (crash) via a crafted PDF file. | |||||
| CVE-2016-7995 | 2 Opensuse, Qemu | 2 Leap, Qemu | 2025-04-12 | 2.1 LOW | 6.0 MEDIUM |
| Memory leak in the ehci_process_itd function in hw/usb/hcd-ehci.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption) via a large number of crafted buffer page select (PG) indexes. | |||||
| CVE-2015-8792 | 2 Matroska, Opensuse | 3 Libmatroska, Leap, Opensuse | 2025-04-12 | 5.0 MEDIUM | 5.3 MEDIUM |
| The KaxInternalBlock::ReadData function in libMatroska before 1.4.4 allows context-dependent attackers to obtain sensitive information from process heap memory via crafted EBML lacing, which triggers an invalid memory access. | |||||
| CVE-2016-2825 | 3 Canonical, Mozilla, Opensuse | 4 Ubuntu Linux, Firefox, Leap and 1 more | 2025-04-12 | 4.3 MEDIUM | 6.5 MEDIUM |
| Mozilla Firefox before 47.0 allows remote attackers to bypass the Same Origin Policy and modify the location.host property via an invalid data: URL. | |||||
| CVE-2016-8910 | 4 Debian, Opensuse, Qemu and 1 more | 6 Debian Linux, Leap, Qemu and 3 more | 2025-04-12 | 2.1 LOW | 6.0 MEDIUM |
| The rtl8139_cplus_transmit function in hw/net/rtl8139.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) by leveraging failure to limit the ring descriptor count. | |||||
| CVE-2015-8629 | 5 Debian, Mit, Opensuse and 2 more | 12 Debian Linux, Kerberos 5, Leap and 9 more | 2025-04-12 | 2.1 LOW | 5.3 MEDIUM |
| The xdr_nullstring function in lib/kadm5/kadm_rpc_xdr.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 does not verify whether '\0' characters exist as expected, which allows remote authenticated users to obtain sensitive information or cause a denial of service (out-of-bounds read) via a crafted string. | |||||
| CVE-2016-3068 | 6 Debian, Fedoraproject, Mercurial and 3 more | 14 Debian Linux, Fedora, Mercurial and 11 more | 2025-04-12 | 6.8 MEDIUM | 8.8 HIGH |
| Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a crafted git ext:: URL when cloning a subrepository. | |||||
| CVE-2016-6172 | 2 Opensuse, Powerdns | 3 Leap, Opensuse, Authoritative Server | 2025-04-12 | 7.1 HIGH | 6.8 MEDIUM |
| PowerDNS (aka pdns) Authoritative Server before 4.0.1 allows remote primary DNS servers to cause a denial of service (memory exhaustion and secondary DNS server crash) via a large (1) AXFR or (2) IXFR response. | |||||
| CVE-2016-6261 | 3 Canonical, Gnu, Opensuse | 3 Ubuntu Linux, Libidn, Leap | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
| The idna_to_ascii_4i function in lib/idna.c in libidn before 1.33 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via 64 bytes of input. | |||||
| CVE-2016-5153 | 2 Google, Opensuse | 2 Chrome, Leap | 2025-04-12 | 6.8 MEDIUM | 8.8 HIGH |
| The Web Animations implementation in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, improperly relies on list iteration, which allows remote attackers to cause a denial of service (use-after-destruction) or possibly have unspecified other impact via a crafted web site. | |||||