Filtered by vendor Suse
Subscriptions
Filtered by product Linux Enterprise
Subscriptions
Total
139 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2010-0013 | 6 Adium, Fedoraproject, Opensuse and 3 more | 7 Adium, Fedora, Opensuse and 4 more | 2024-08-07 | 7.5 High |
Directory traversal vulnerability in slp.c in the MSN protocol plugin in libpurple in Pidgin 2.6.4 and Adium 1.3.8 allows remote attackers to read arbitrary files via a .. (dot dot) in an application/x-msnmsgrp2p MSN emoticon (aka custom smiley) request, a related issue to CVE-2004-0122. NOTE: it could be argued that this is resultant from a vulnerability in which an emoticon download request is processed even without a preceding text/x-mms-emoticon message that announced availability of the emoticon. | ||||
CVE-2011-0609 | 9 Adobe, Apple, Google and 6 more | 15 Acrobat, Acrobat Reader, Air and 12 more | 2024-08-06 | 7.8 High |
Unspecified vulnerability in Adobe Flash Player 10.2.154.13 and earlier on Windows, Mac OS X, Linux, and Solaris; 10.1.106.16 and earlier on Android; Adobe AIR 2.5.1 and earlier; and Authplay.dll (aka AuthPlayLib.bundle) in Adobe Reader and Acrobat 9.x through 9.4.2 and 10.x through 10.0.1 on Windows and Mac OS X, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted Flash content, as demonstrated by a .swf file embedded in an Excel spreadsheet, and as exploited in the wild in March 2011. | ||||
CVE-2013-4480 | 2 Redhat, Suse | 5 Network Satellite, Satellite, Satellite With Embedded Oracle and 2 more | 2024-08-06 | N/A |
Red Hat Satellite 5.6 and earlier does not disable the web interface that is used to create the first user for a satellite, which allows remote attackers to create administrator accounts. | ||||
CVE-2015-1241 | 6 Canonical, Debian, Google and 3 more | 12 Ubuntu Linux, Debian Linux, Chrome and 9 more | 2024-08-06 | N/A |
Google Chrome before 42.0.2311.90 does not properly consider the interaction of page navigation with the handling of touch events and gesture events, which allows remote attackers to trigger unintended UI actions via a crafted web site that conducts a "tapjacking" attack. | ||||
CVE-2016-9958 | 4 Game-music-emu Project, Opensuse, Opensuse Project and 1 more | 9 Game-music-emu, Leap, Opensuse and 6 more | 2024-08-06 | N/A |
game-music-emu before 0.6.1 allows remote attackers to write to arbitrary memory locations. | ||||
CVE-2016-9959 | 4 Game-music-emu Project, Opensuse, Opensuse Project and 1 more | 9 Game-music-emu, Leap, Opensuse and 6 more | 2024-08-06 | N/A |
game-music-emu before 0.6.1 allows remote attackers to generate out of bounds 8-bit values. | ||||
CVE-2016-9957 | 4 Game-music-emu Project, Opensuse, Opensuse Project and 1 more | 9 Game-music-emu, Leap, Opensuse and 6 more | 2024-08-06 | N/A |
Stack-based buffer overflow in game-music-emu before 0.6.1. | ||||
CVE-2016-8569 | 4 Fedoraproject, Libgit2 Project, Opensuse and 1 more | 5 Fedora, Libgit2, Leap and 2 more | 2024-08-06 | N/A |
The git_oid_nfmt function in commit.c in libgit2 before 0.24.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via a cat-file command with a crafted object file. | ||||
CVE-2016-8568 | 4 Fedoraproject, Libgit2 Project, Opensuse and 1 more | 5 Fedora, Libgit2, Leap and 2 more | 2024-08-06 | N/A |
The git_commit_message function in oid.c in libgit2 before 0.24.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a cat-file command with a crafted object file. | ||||
CVE-2016-7966 | 4 Debian, Fedoraproject, Kde and 1 more | 4 Debian Linux, Fedora, Kmail and 1 more | 2024-08-06 | N/A |
Through a malicious URL that contained a quote character it was possible to inject HTML code in KMail's plaintext viewer. Due to the parser used on the URL it was not possible to include the equal sign (=) or a space into the injected HTML, which greatly reduces the available HTML functionality. Although it is possible to include an HTML comment indicator to hide content. | ||||
CVE-2016-7099 | 3 Nodejs, Redhat, Suse | 3 Node.js, Rhel Software Collections, Linux Enterprise | 2024-08-06 | N/A |
The tls.checkServerIdentity function in Node.js 0.10.x before 0.10.47, 0.12.x before 0.12.16, 4.x before 4.6.0, and 6.x before 6.7.0 does not properly handle wildcards in name fields of X.509 certificates, which allows man-in-the-middle attackers to spoof servers via a crafted certificate. | ||||
CVE-2016-5325 | 3 Nodejs, Redhat, Suse | 4 Node.js, Openshift, Rhel Software Collections and 1 more | 2024-08-06 | N/A |
CRLF injection vulnerability in the ServerResponse#writeHead function in Node.js 0.10.x before 0.10.47, 0.12.x before 0.12.16, 4.x before 4.6.0, and 6.x before 6.7.0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the reason argument. | ||||
CVE-2016-5131 | 8 Apple, Canonical, Debian and 5 more | 18 Iphone Os, Mac Os X, Tvos and 15 more | 2024-08-06 | N/A |
Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function. | ||||
CVE-2016-2806 | 5 Debian, Mozilla, Opensuse and 2 more | 6 Debian Linux, Firefox, Leap and 3 more | 2024-08-05 | N/A |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 46.0 and Firefox ESR 45.x before 45.1 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||||
CVE-2016-2178 | 7 Canonical, Debian, Nodejs and 4 more | 10 Ubuntu Linux, Debian Linux, Node.js and 7 more | 2024-08-05 | 5.5 Medium |
The dsa_sign_setup function in crypto/dsa/dsa_ossl.c in OpenSSL through 1.0.2h does not properly ensure the use of constant-time operations, which makes it easier for local users to discover a DSA private key via a timing side-channel attack. | ||||
CVE-2016-1681 | 5 Debian, Google, Opensuse and 2 more | 9 Debian Linux, Chrome, Leap and 6 more | 2024-08-05 | N/A |
Heap-based buffer overflow in the opj_j2k_read_SPCod_SPCoc function in j2k.c in OpenJPEG, as used in PDFium in Google Chrome before 51.0.2704.63, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PDF document. | ||||
CVE-2016-1683 | 7 Canonical, Debian, Google and 4 more | 11 Ubuntu Linux, Debian Linux, Chrome and 8 more | 2024-08-05 | N/A |
numbers.c in libxslt before 1.1.29, as used in Google Chrome before 51.0.2704.63, mishandles namespace nodes, which allows remote attackers to cause a denial of service (out-of-bounds heap memory access) or possibly have unspecified other impact via a crafted document. | ||||
CVE-2016-1691 | 6 Canonical, Debian, Google and 3 more | 10 Ubuntu Linux, Debian Linux, Chrome and 7 more | 2024-08-05 | N/A |
Skia, as used in Google Chrome before 51.0.2704.63, mishandles coincidence runs, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted curves, related to SkOpCoincidence.cpp and SkPathOpsCommon.cpp. | ||||
CVE-2016-1698 | 5 Debian, Google, Opensuse and 2 more | 9 Debian Linux, Chrome, Leap and 6 more | 2024-08-05 | N/A |
The createCustomType function in extensions/renderer/resources/binding.js in the extension bindings in Google Chrome before 51.0.2704.79 does not validate module types, which might allow attackers to load arbitrary modules or obtain sensitive information by leveraging a poisoned definition. | ||||
CVE-2016-1677 | 6 Canonical, Debian, Google and 3 more | 11 Ubuntu Linux, Debian Linux, Chrome and 8 more | 2024-08-05 | N/A |
uri.js in Google V8 before 5.1.281.26, as used in Google Chrome before 51.0.2704.63, uses an incorrect array type, which allows remote attackers to obtain sensitive information by calling the decodeURI function and leveraging "type confusion." |