Integer overflow in inc/server.hpp in libnet6 (aka net6) before 1.3.14 might allow remote attackers to hijack connections and gain privileges as other users by making a large number of connections until the overflow occurs and an ID of another user is provided.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-190,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| opensuse_project | opensuse | 11.4 |
| armin_burgmeier | net6 | 1.3.10 |
| armin_burgmeier | net6 | 1.3.1 |
| opensuse | opensuse | 11.3 |
| armin_burgmeier | net6 | 1.3.5 |
| armin_burgmeier | net6 | 1.3.12 |
| armin_burgmeier | net6 | 1.3.6 |
| oracle | solaris | 11.2 |
| armin_burgmeier | net6 | 1.3.2 |
| armin_burgmeier | net6 | 1.3.11 |
| armin_burgmeier | net6 | 1.3.4 |
| armin_burgmeier | net6 | 1.3.3 |
| armin_burgmeier | net6 | 1.3.8 |
| armin_burgmeier | net6 | 1.3.7 |
| armin_burgmeier | net6 | * |
| armin_burgmeier | net6 | 1.3.9 |
Mozilla Firefox before 26.0 does not properly remove the Application Installation doorhanger, which makes it easier for remote attackers to spoof a Web App installation site by controlling the timing of page navigation.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| mozilla | firefox | 17.0.9 |
| mozilla | firefox | 1.5.0.1 |
| mozilla | firefox | 3.6.12 |
| mozilla | firefox | 1.5.0.6 |
| mozilla | firefox | 3.0.1 |
| mozilla | firefox | 10.0 |
| canonical | ubuntu_linux | 12.10 |
| mozilla | firefox | 3.0.5 |
| mozilla | firefox | 17.0.5 |
| mozilla | firefox | 3.6.22 |
| mozilla | firefox | 3.0.9 |
| mozilla | firefox | 21.0 |
| canonical | ubuntu_linux | 13.10 |
| mozilla | firefox | 9.0.1 |
| mozilla | firefox | 3.6.18 |
| mozilla | firefox | 3.0.12 |
| mozilla | firefox | 0.9.1 |
| canonical | ubuntu_linux | 13.04 |
| mozilla | firefox | 2.0 |
| mozilla | firefox | 3.5.5 |
| mozilla | firefox | 0.4 |
| mozilla | firefox | 10.0.8 |
| mozilla | firefox | 13.0.1 |
| mozilla | firefox | 24.1.1 |
| mozilla | firefox | 0.10.1 |
| mozilla | firefox | 1.0.7 |
| mozilla | firefox | 2.0.0.15 |
| mozilla | firefox | 23.0 |
| mozilla | firefox | 0.9 |
| mozilla | firefox | 3.6.26 |
| mozilla | firefox | 3.5.19 |
| mozilla | firefox | 0.3 |
| mozilla | firefox | 3.0.10 |
| mozilla | firefox | 6.0.2 |
| mozilla | firefox | 3.6.9 |
| mozilla | firefox | 17.0.2 |
| mozilla | firefox | 3.6.14 |
| mozilla | firefox | 3.0.13 |
| mozilla | firefox | 16.0 |
| mozilla | firefox | 3.6.16 |
| mozilla | firefox | 1.0.6 |
| mozilla | firefox | 3.6.13 |
| mozilla | firefox | 3.6.2 |
| mozilla | firefox | 0.10 |
| mozilla | firefox | 2.0.0.6 |
| mozilla | firefox | 1.5.0.10 |
| mozilla | firefox | 3.5.2 |
| mozilla | firefox | 3.5.18 |
| mozilla | firefox | 1.0 |
| mozilla | firefox | 1.5.5 |
| suse | linux_enterprise_software_development_kit | 11 |
| mozilla | firefox | 0.1 |
| mozilla | firefox | 1.0.3 |
| mozilla | firefox | 19.0.2 |
| mozilla | firefox | 16.0.1 |
| mozilla | firefox | 2.0.0.1 |
| mozilla | firefox | 3.5.6 |
| mozilla | firefox | 3.0.7 |
| mozilla | firefox | 4.0.1 |
| mozilla | firefox | 17.0.3 |
| mozilla | firefox | 3.0.11 |
| mozilla | firefox | 3.5.3 |
| mozilla | firefox | 0.5 |
| mozilla | firefox | 3.6.24 |
| mozilla | firefox | 1.5.1 |
| mozilla | firefox | 23.0.1 |
| mozilla | firefox | 10.0.2 |
| mozilla | firefox | 3.5.13 |
| mozilla | firefox | 3.5.15 |
| mozilla | firefox | 3.0.14 |
| mozilla | firefox | 3.0.19 |
| mozilla | firefox | 2.0.0.18 |
| mozilla | firefox | 3.5.14 |
| mozilla | firefox | 20.0.1 |
| mozilla | firefox | 0.2 |
| mozilla | firefox | 3.6.17 |
| mozilla | firefox | 10.0.7 |
| mozilla | firefox | 3.0 |
| mozilla | firefox | 3.6.23 |
| mozilla | firefox | 14.0.1 |
| mozilla | firefox | 1.5.2 |
| mozilla | firefox | 2.0.0.10 |
| fedoraproject | fedora | 19 |
| mozilla | firefox | 1.5.0.4 |
| mozilla | firefox | 11.0 |
| mozilla | firefox | 3.6.27 |
| mozilla | firefox | 2.0.0.7 |
| mozilla | firefox | 10.0.9 |
| mozilla | firefox | 1.0.4 |
| mozilla | firefox | 1.5.0.11 |
| mozilla | firefox | 6.0 |
| mozilla | firefox | 3.6.3 |
| mozilla | firefox | 0.7.1 |
| mozilla | firefox | 2.0.0.5 |
| mozilla | firefox | 7.0 |
| mozilla | firefox | 3.0.6 |
| mozilla | firefox | 3.5 |
| mozilla | firefox | 3.5.9 |
| mozilla | firefox | 2.0.0.19 |
| canonical | ubuntu_linux | 12.04 |
| mozilla | firefox | 24.1 |
| mozilla | firefox | 1.5.8 |
| mozilla | firefox | 3.5.17 |
| mozilla | firefox | 1.5.0.7 |
| mozilla | firefox | 10.0.10 |
| mozilla | firefox | 1.5.0.3 |
| mozilla | firefox | 6.0.1 |
| mozilla | firefox | 3.0.2 |
| opensuse | opensuse | 13.1 |
| mozilla | firefox | 2.0.0.13 |
| suse | linux_enterprise_server | 11 |
| mozilla | firefox | 3.6.20 |
| mozilla | firefox | 1.5.6 |
| mozilla | firefox | 2.0.0.2 |
| mozilla | firefox | 1.5.4 |
| mozilla | firefox | 10.0.1 |
| mozilla | firefox | 3.6.10 |
| mozilla | firefox | 3.0.4 |
| mozilla | firefox | 7.0.1 |
| mozilla | firefox | 10.0.6 |
| mozilla | firefox | 10.0.4 |
| mozilla | firefox | 2.0.0.3 |
| mozilla | firefox | 3.0.8 |
| mozilla | firefox | 1.5.0.8 |
| mozilla | firefox | 24.0 |
| mozilla | firefox | 0.9.2 |
| mozilla | firefox | 2.0.0.20 |
| mozilla | firefox | 17.0.4 |
| mozilla | firefox | 1.5.0.9 |
| mozilla | firefox | 3.5.1 |
| mozilla | firefox | 10.0.5 |
| mozilla | firefox | 1.0.2 |
| mozilla | firefox | 15.0 |
| mozilla | firefox | 3.5.7 |
| oracle | solaris | 11.3 |
| mozilla | firefox | 10.0.11 |
| mozilla | firefox | 2.0.0.16 |
| mozilla | firefox | 1.0.1 |
| mozilla | firefox | 2.0.0.17 |
| mozilla | firefox | 2.0.0.12 |
| mozilla | firefox | 18.0.2 |
| mozilla | firefox | 1.5.0.5 |
| mozilla | firefox | 3.6.7 |
| mozilla | firefox | 19.0.1 |
| mozilla | firefox | 0.9.3 |
| mozilla | firefox | 13.0 |
| mozilla | firefox | 1.5.7 |
| mozilla | firefox | 17.0.8 |
| mozilla | firefox | 0.8 |
| mozilla | firefox | 3.5.11 |
| mozilla | firefox | 10.0.12 |
| mozilla | firefox | 12.0 |
| mozilla | firefox | 20.0 |
| mozilla | firefox | 3.0.17 |
| mozilla | firefox | 8.0.1 |
| mozilla | firefox | 3.6.6 |
| mozilla | firefox | 3.6.21 |
| mozilla | firefox | 2.0.0.4 |
| mozilla | firefox | 0.6 |
| mozilla | firefox | 0.6.1 |
| mozilla | firefox | 2.0.0.14 |
| mozilla | firefox | 17.0.6 |
| mozilla | firefox | 3.6.25 |
| mozilla | firefox | 5.0 |
| mozilla | firefox | 5.0.1 |
| mozilla | firefox | 2.0.0.11 |
| mozilla | firefox | 3.0.18 |
| mozilla | firefox | 1.5.3 |
| mozilla | firefox | 1.0.8 |
| mozilla | firefox | 19.0 |
| opensuse_project | opensuse | 12.3 |
| fedoraproject | fedora | 20 |
| mozilla | firefox | 16.0.2 |
| mozilla | firefox | 3.6.4 |
| mozilla | firefox | 3.6.19 |
| mozilla | firefox | 1.0.5 |
| mozilla | firefox | 3.5.12 |
| mozilla | firefox | 25.0 |
| mozilla | firefox | 1.5.0.12 |
| mozilla | firefox | 9.0 |
| mozilla | firefox | 3.6.15 |
| mozilla | firefox | 3.6 |
| mozilla | firefox | 18.0 |
| mozilla | firefox | 3.6.28 |
| mozilla | firefox | 3.5.8 |
| mozilla | firefox | 3.6.11 |
| mozilla | firefox | 17.0.11 |
| opensuse_project | opensuse | 11.4 |
| mozilla | firefox | 3.5.4 |
| suse | linux_enterprise_desktop | 11 |
| mozilla | firefox | 15.0.1 |
| mozilla | firefox | 17.0.10 |
| mozilla | firefox | * |
| mozilla | firefox | 1.5 |
| mozilla | firefox | 10.0.3 |
| mozilla | firefox | 3.5.10 |
| mozilla | firefox | 8.0 |
| mozilla | firefox | 2.0.0.8 |
| mozilla | firefox | 2.0.0.9 |
| mozilla | firefox | 0.7 |
| mozilla | firefox | 17.0.7 |
| mozilla | firefox | 3.5.16 |
| mozilla | firefox | 3.0.15 |
| mozilla | firefox | 4.0 |
| mozilla | firefox | 3.6.8 |
| mozilla | firefox | 1.5.0.2 |
| mozilla | firefox | 14.0 |
| mozilla | firefox | 18.0.1 |
| mozilla | firefox | 3.0.3 |
| mozilla | firefox | 3.0.16 |
Multiple cross-site scripting (XSS) vulnerabilities in actionview/lib/action_view/helpers/number_helper.rb in Ruby on Rails before 3.2.17, 4.0.x before 4.0.3, and 4.1.x before 4.1.0.beta2 allow remote attackers to inject arbitrary web script or HTML via the (1) format, (2) negative_format, or (3) units parameter to the (a) number_to_currency, (b) number_to_percentage, or (c) number_to_human helper.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| rubyonrails | rails | 1.2.2 |
| rubyonrails | rails | 3.0.6 |
| rubyonrails | rails | 2.2.1 |
| rubyonrails | rails | 0.9.4 |
| redhat | enterprise_linux | 6.0 |
| rubyonrails | rails | 0.9.1 |
| rubyonrails | rails | 3.1.2 |
| rubyonrails | ruby_on_rails | 0.5.6 |
| rubyonrails | rails | 3.2.8 |
| rubyonrails | rails | 3.2.11 |
| rubyonrails | rails | 2.3.4 |
| rubyonrails | rails | 2.3.9 |
| rubyonrails | rails | 3.0.17 |
| rubyonrails | rails | 2.3.1 |
| rubyonrails | ruby_on_rails | 0.9.0 |
| rubyonrails | rails | 1.2.0 |
| rubyonrails | ruby_on_rails | 3.2.15 |
| rubyonrails | rails | 3.0.5 |
| rubyonrails | rails | 3.1.10 |
| rubyonrails | rails | 1.1.4 |
| rubyonrails | rails | 3.0.0 |
| rubyonrails | rails | 2.1.2 |
| rubyonrails | rails | 2.3.11 |
| rubyonrails | rails | 1.1.0 |
| rubyonrails | rails | 3.0.11 |
| rubyonrails | rails | 3.2.10 |
| rubyonrails | rails | 3.0.18 |
| rubyonrails | ruby_on_rails | 0.5.5 |
| rubyonrails | rails | 3.1.7 |
| rubyonrails | ruby_on_rails | 0.8.5 |
| rubyonrails | rails | 0.10.0 |
| rubyonrails | rails | 3.2.13 |
| rubyonrails | rails | 3.1.8 |
| rubyonrails | rails | 3.0.3 |
| rubyonrails | rails | 0.9.4.1 |
| rubyonrails | rails | 3.0.1 |
| rubyonrails | rails | 3.1.1 |
| rubyonrails | rails | 3.0.20 |
| rubyonrails | rails | 3.1.3 |
| rubyonrails | rails | 1.0.0 |
| rubyonrails | rails | 3.0.14 |
| rubyonrails | rails | 2.3.16 |
| rubyonrails | rails | 3.1.5 |
| rubyonrails | rails | 1.9.5 |
| rubyonrails | rails | 2.0.2 |
| rubyonrails | rails | 2.2.0 |
| rubyonrails | rails | 1.1.3 |
| rubyonrails | rails | 1.2.6 |
| rubyonrails | rails | 2.1.1 |
| rubyonrails | rails | 3.2.6 |
| rubyonrails | ruby_on_rails | 0.8.0 |
| rubyonrails | rails | 3.2.0 |
| rubyonrails | rails | 1.2.5 |
| rubyonrails | rails | 2.3.15 |
| rubyonrails | rails | 0.14.2 |
| rubyonrails | rails | 1.1.2 |
| rubyonrails | rails | 3.2.4 |
| rubyonrails | rails | 0.14.4 |
| rubyonrails | rails | 2.1.0 |
| rubyonrails | rails | 3.0.4 |
| rubyonrails | rails | 3.0.2 |
| rubyonrails | rails | 2.2.2 |
| rubyonrails | rails | 3.2.5 |
| rubyonrails | rails | 0.9.2 |
| rubyonrails | rails | 3.2.9 |
| rubyonrails | rails | 3.2.15 |
| rubyonrails | rails | 2.3.2 |
| rubyonrails | rails | 3.2.7 |
| rubyonrails | rails | 1.2.4 |
| rubyonrails | rails | 2.0.0 |
| rubyonrails | rails | 3.2.12 |
| rubyonrails | rails | 0.11.1 |
| rubyonrails | rails | 3.0.16 |
| rubyonrails | rails | 1.1.6 |
| rubyonrails | rails | 4.0.2 |
| rubyonrails | ruby_on_rails | 0.6.0 |
| rubyonrails | rails | 2.3.0 |
| opensuse_project | opensuse | 12.3 |
| rubyonrails | rails | 4.1.0 |
| rubyonrails | rails | 2.0.1 |
| rubyonrails | rails | 0.10.1 |
| rubyonrails | rails | 0.11.0 |
| rubyonrails | rails | 2.0.4 |
| rubyonrails | rails | 0.14.3 |
| rubyonrails | rails | 3.0.12 |
| rubyonrails | rails | 3.1.0 |
| rubyonrails | rails | 3.2.1 |
| redhat | cloudforms | 3.0 |
| rubyonrails | rails | 4.0.1 |
| rubyonrails | rails | 2.3.12 |
| rubyonrails | ruby_on_rails | 0.5.7 |
| rubyonrails | ruby_on_rails | 0.7.0 |
| rubyonrails | rails | 0.12.0 |
| rubyonrails | rails | 3.0.19 |
| rubyonrails | rails | 3.0.7 |
| rubyonrails | ruby_on_rails | 0.5.0 |
| rubyonrails | rails | 2.3.10 |
| rubyonrails | rails | 3.1.9 |
| rubyonrails | rails | 3.1.4 |
| rubyonrails | rails | 1.1.1 |
| rubyonrails | rails | 3.0.8 |
| rubyonrails | rails | 2.3.14 |
| rubyonrails | rails | 1.1.5 |
| rubyonrails | rails | 3.0.13 |
| rubyonrails | rails | 3.1.6 |
| rubyonrails | rails | 0.13.0 |
| rubyonrails | rails | 3.0.9 |
| rubyonrails | ruby_on_rails | 0.6.5 |
| rubyonrails | rails | 2.3.3 |
| rubyonrails | rails | 1.2.1 |
| rubyonrails | rails | 1.2.3 |
| rubyonrails | rails | 0.9.3 |
| rubyonrails | ruby_on_rails | 3.2.14 |
| rubyonrails | rails | 0.13.1 |
| rubyonrails | ruby_on_rails | * |
| rubyonrails | ruby_on_rails | 3.0.4 |
| rubyonrails | rails | 0.14.1 |
| opensuse | opensuse | 13.1 |
| rubyonrails | rails | 3.0.10 |
| rubyonrails | rails | 3.2.3 |
| rubyonrails | rails | 4.0.0 |
| rubyonrails | rails | 3.2.2 |
| rubyonrails | rails | 2.3.13 |
| rubyonrails | rails | 0.12.1 |
The default configuration for the file upload handling system in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3 uses a sequential file name generation process when a file with a conflicting name is uploaded, which allows remote attackers to cause a denial of service (CPU consumption) by unloading a multiple files with the same name.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-399,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| djangoproject | django | 1.4.2 |
| debian | debian_linux | 7.0 |
| djangoproject | django | 1.5.8 |
| djangoproject | django | 1.4.8 |
| djangoproject | django | 1.4.1 |
| djangoproject | django | 1.6.5 |
| djangoproject | django | 1.4 |
| djangoproject | django | 1.7 |
| djangoproject | django | 1.4.12 |
| djangoproject | django | 1.6.2 |
| djangoproject | django | 1.4.4 |
| djangoproject | django | 1.5.4 |
| djangoproject | django | 1.5.7 |
| djangoproject | django | * |
| opensuse_project | opensuse | 12.3 |
| djangoproject | django | 1.6 |
| djangoproject | django | 1.4.9 |
| djangoproject | django | 1.5.5 |
| djangoproject | django | 1.4.11 |
| djangoproject | django | 1.6.4 |
| djangoproject | django | 1.4.5 |
| djangoproject | django | 1.5 |
| djangoproject | django | 1.6.3 |
| djangoproject | django | 1.4.10 |
| djangoproject | django | 1.6.1 |
| djangoproject | django | 1.5.3 |
| opensuse | opensuse | 13.1 |
| djangoproject | django | 1.4.6 |
| djangoproject | django | 1.5.2 |
| djangoproject | django | 1.5.1 |
| djangoproject | django | 1.4.7 |
| djangoproject | django | 1.5.6 |
Mozilla Firefox before 27.0 on Android 4.2 and earlier creates system-log entries containing profile paths, which allows attackers to obtain sensitive information via a crafted application.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-200,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| mozilla | firefox | 17.0.9 |
| mozilla | firefox | 1.5.0.1 |
| mozilla | firefox | 3.6.12 |
| mozilla | firefox | 1.5.0.6 |
| mozilla | firefox | 3.0.1 |
| mozilla | firefox | 10.0 |
| mozilla | firefox | 3.0.5 |
| mozilla | firefox | 17.0.5 |
| mozilla | firefox | 3.6.22 |
| mozilla | firefox | 3.0.9 |
| mozilla | firefox | 21.0 |
| mozilla | firefox | 9.0.1 |
| mozilla | firefox | 3.6.18 |
| mozilla | firefox | 3.0.12 |
| mozilla | firefox | 0.9.1 |
| mozilla | firefox | 2.0 |
| mozilla | firefox | 3.5.5 |
| mozilla | firefox | 0.4 |
| mozilla | firefox | 10.0.8 |
| mozilla | firefox | 13.0.1 |
| mozilla | firefox | 24.1.1 |
| mozilla | firefox | 0.10.1 |
| mozilla | firefox | 1.0.7 |
| mozilla | firefox | 2.0.0.15 |
| mozilla | firefox | 23.0 |
| mozilla | firefox | 0.9 |
| mozilla | firefox | 3.6.26 |
| mozilla | firefox | 3.5.19 |
| mozilla | firefox | 0.3 |
| mozilla | firefox | 3.0.10 |
| mozilla | firefox | 6.0.2 |
| mozilla | firefox | 3.6.9 |
| mozilla | firefox | 17.0.2 |
| mozilla | firefox | 3.6.14 |
| mozilla | firefox | 3.0.13 |
| mozilla | firefox | 16.0 |
| mozilla | firefox | 3.6.16 |
| mozilla | firefox | 1.0.6 |
| mozilla | firefox | 3.6.13 |
| mozilla | firefox | 3.6.2 |
| mozilla | firefox | 0.10 |
| mozilla | firefox | 2.0.0.6 |
| mozilla | firefox | 1.5.0.10 |
| mozilla | firefox | 3.5.2 |
| mozilla | firefox | 3.5.18 |
| mozilla | firefox | 1.0 |
| mozilla | firefox | 1.5.5 |
| suse | linux_enterprise_software_development_kit | 11 |
| mozilla | firefox | 0.1 |
| mozilla | firefox | 1.0.3 |
| mozilla | firefox | 19.0.2 |
| mozilla | firefox | 16.0.1 |
| mozilla | firefox | 2.0.0.1 |
| mozilla | firefox | 3.5.6 |
| mozilla | firefox | 3.0.7 |
| mozilla | firefox | 4.0.1 |
| mozilla | firefox | 17.0.3 |
| mozilla | firefox | 3.0.11 |
| mozilla | firefox | 3.5.3 |
| mozilla | firefox | 0.5 |
| mozilla | firefox | 3.6.24 |
| mozilla | firefox | 1.5.1 |
| mozilla | firefox | 23.0.1 |
| mozilla | firefox | 10.0.2 |
| mozilla | firefox | 3.5.13 |
| mozilla | firefox | 3.5.15 |
| mozilla | firefox | 3.0.14 |
| mozilla | firefox | 3.0.19 |
| mozilla | firefox | 2.0.0.18 |
| mozilla | firefox | 3.5.14 |
| mozilla | firefox | 20.0.1 |
| mozilla | firefox | 0.2 |
| mozilla | firefox | 3.6.17 |
| mozilla | firefox | 10.0.7 |
| mozilla | firefox | 3.0 |
| mozilla | firefox | 3.6.23 |
| mozilla | firefox | 14.0.1 |
| mozilla | firefox | 1.5.2 |
| mozilla | firefox | 2.0.0.10 |
| mozilla | firefox | 1.5.0.4 |
| mozilla | firefox | 11.0 |
| mozilla | firefox | 3.6.27 |
| mozilla | firefox | 2.0.0.7 |
| mozilla | firefox | 10.0.9 |
| mozilla | firefox | 1.0.4 |
| mozilla | firefox | 1.5.0.11 |
| mozilla | firefox | 6.0 |
| mozilla | firefox | 3.6.3 |
| mozilla | firefox | 0.7.1 |
| mozilla | firefox | 2.0.0.5 |
| mozilla | firefox | 7.0 |
| mozilla | firefox | 3.0.6 |
| mozilla | firefox | 3.5 |
| mozilla | firefox | 3.5.9 |
| mozilla | firefox | 25.0.1 |
| mozilla | firefox | 2.0.0.19 |
| mozilla | firefox | 24.1 |
| mozilla | firefox | 1.5.8 |
| mozilla | firefox | 3.5.17 |
| mozilla | firefox | 1.5.0.7 |
| mozilla | firefox | 10.0.10 |
| mozilla | firefox | 1.5.0.3 |
| mozilla | firefox | 6.0.1 |
| mozilla | firefox | 3.0.2 |
| opensuse | opensuse | 13.1 |
| mozilla | firefox | 2.0.0.13 |
| suse | linux_enterprise_server | 11 |
| mozilla | firefox | 3.6.20 |
| mozilla | firefox | 1.5.6 |
| mozilla | firefox | 2.0.0.2 |
| mozilla | firefox | 1.5.4 |
| mozilla | firefox | 10.0.1 |
| mozilla | firefox | 3.6.10 |
| mozilla | firefox | 3.0.4 |
| mozilla | firefox | 7.0.1 |
| mozilla | firefox | 10.0.6 |
| mozilla | firefox | 10.0.4 |
| mozilla | firefox | 2.0.0.3 |
| mozilla | firefox | 3.0.8 |
| mozilla | firefox | 1.5.0.8 |
| mozilla | firefox | 24.0 |
| mozilla | firefox | 0.9.2 |
| mozilla | firefox | 2.0.0.20 |
| mozilla | firefox | 17.0.4 |
| mozilla | firefox | 1.5.0.9 |
| mozilla | firefox | 3.5.1 |
| mozilla | firefox | 10.0.5 |
| mozilla | firefox | 1.0.2 |
| mozilla | firefox | 15.0 |
| mozilla | firefox | 3.5.7 |
| oracle | solaris | 11.3 |
| mozilla | firefox | 10.0.11 |
| mozilla | firefox | 2.0.0.16 |
| mozilla | firefox | 1.0.1 |
| mozilla | firefox | 2.0.0.17 |
| mozilla | firefox | 2.0.0.12 |
| mozilla | firefox | 18.0.2 |
| mozilla | firefox | 1.5.0.5 |
| mozilla | firefox | 3.6.7 |
| mozilla | firefox | 19.0.1 |
| mozilla | firefox | 0.9.3 |
| mozilla | firefox | 13.0 |
| mozilla | firefox | 1.5.7 |
| mozilla | firefox | 17.0.8 |
| mozilla | firefox | 0.8 |
| mozilla | firefox | 3.5.11 |
| mozilla | firefox | 10.0.12 |
| mozilla | firefox | 12.0 |
| mozilla | firefox | 20.0 |
| mozilla | firefox | 3.0.17 |
| mozilla | firefox | 8.0.1 |
| mozilla | firefox | 3.6.6 |
| mozilla | firefox | 3.6.21 |
| mozilla | firefox | 2.0.0.4 |
| mozilla | firefox | 0.6 |
| mozilla | firefox | 0.6.1 |
| mozilla | firefox | 2.0.0.14 |
| mozilla | firefox | 17.0.6 |
| mozilla | firefox | 3.6.25 |
| mozilla | firefox | 5.0 |
| mozilla | firefox | 5.0.1 |
| mozilla | firefox | 2.0.0.11 |
| mozilla | firefox | 3.0.18 |
| mozilla | firefox | 1.5.3 |
| mozilla | firefox | 1.0.8 |
| mozilla | firefox | 19.0 |
| opensuse_project | opensuse | 12.3 |
| mozilla | firefox | 16.0.2 |
| mozilla | firefox | 3.6.4 |
| mozilla | firefox | 3.6.19 |
| mozilla | firefox | 1.0.5 |
| mozilla | firefox | 3.5.12 |
| mozilla | firefox | 25.0 |
| mozilla | firefox | 1.5.0.12 |
| mozilla | firefox | 9.0 |
| mozilla | firefox | 3.6.15 |
| mozilla | firefox | 3.6 |
| mozilla | firefox | 18.0 |
| mozilla | firefox | 3.6.28 |
| mozilla | firefox | 3.5.8 |
| mozilla | firefox | 3.6.11 |
| mozilla | firefox | 17.0.11 |
| mozilla | firefox | 3.5.4 |
| suse | linux_enterprise_desktop | 11 |
| mozilla | firefox | 15.0.1 |
| mozilla | firefox | 17.0.10 |
| mozilla | firefox | * |
| mozilla | firefox | 1.5 |
| mozilla | firefox | 10.0.3 |
| mozilla | firefox | 3.5.10 |
| mozilla | firefox | 8.0 |
| mozilla | firefox | 2.0.0.8 |
| mozilla | firefox | 2.0.0.9 |
| mozilla | firefox | 0.7 |
| mozilla | firefox | 17.0.7 |
| mozilla | firefox | 3.5.16 |
| mozilla | firefox | 3.0.15 |
| mozilla | firefox | 4.0 |
| mozilla | firefox | 3.6.8 |
| mozilla | firefox | 1.5.0.2 |
| mozilla | firefox | 14.0 |
| mozilla | firefox | 18.0.1 |
| mozilla | firefox | 3.0.3 |
| mozilla | firefox | 3.0.16 |
Mozilla Firefox before 27.0 does not properly restrict access to about:home buttons by script on other pages, which allows user-assisted remote attackers to cause a denial of service (session restore) via a crafted web site.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| mozilla | firefox | 17.0.9 |
| mozilla | firefox | 1.5.0.1 |
| mozilla | firefox | 3.6.12 |
| mozilla | firefox | 1.5.0.6 |
| mozilla | firefox | 3.0.1 |
| mozilla | firefox | 10.0 |
| canonical | ubuntu_linux | 12.10 |
| mozilla | firefox | 3.0.5 |
| mozilla | firefox | 17.0.5 |
| mozilla | firefox | 3.6.22 |
| mozilla | firefox | 3.0.9 |
| mozilla | firefox | 21.0 |
| canonical | ubuntu_linux | 13.10 |
| mozilla | firefox | 9.0.1 |
| mozilla | firefox | 3.6.18 |
| mozilla | firefox | 3.0.12 |
| mozilla | firefox | 0.9.1 |
| mozilla | firefox | 2.0 |
| mozilla | firefox | 3.5.5 |
| mozilla | firefox | 0.4 |
| mozilla | firefox | 10.0.8 |
| mozilla | firefox | 13.0.1 |
| mozilla | firefox | 24.1.1 |
| mozilla | firefox | 0.10.1 |
| mozilla | firefox | 1.0.7 |
| mozilla | firefox | 2.0.0.15 |
| mozilla | firefox | 23.0 |
| mozilla | firefox | 0.9 |
| mozilla | firefox | 3.6.26 |
| mozilla | firefox | 3.5.19 |
| mozilla | firefox | 0.3 |
| mozilla | firefox | 3.0.10 |
| mozilla | firefox | 6.0.2 |
| mozilla | firefox | 3.6.9 |
| mozilla | firefox | 17.0.2 |
| mozilla | firefox | 3.6.14 |
| mozilla | firefox | 3.0.13 |
| mozilla | firefox | 16.0 |
| mozilla | firefox | 3.6.16 |
| mozilla | firefox | 1.0.6 |
| mozilla | firefox | 3.6.13 |
| mozilla | firefox | 3.6.2 |
| mozilla | firefox | 0.10 |
| mozilla | firefox | 2.0.0.6 |
| mozilla | firefox | 1.5.0.10 |
| mozilla | firefox | 3.5.2 |
| mozilla | firefox | 3.5.18 |
| mozilla | firefox | 1.0 |
| mozilla | firefox | 1.5.5 |
| suse | linux_enterprise_software_development_kit | 11 |
| mozilla | firefox | 0.1 |
| mozilla | firefox | 1.0.3 |
| mozilla | firefox | 19.0.2 |
| mozilla | firefox | 16.0.1 |
| mozilla | firefox | 2.0.0.1 |
| mozilla | firefox | 3.5.6 |
| mozilla | firefox | 3.0.7 |
| mozilla | firefox | 4.0.1 |
| mozilla | firefox | 17.0.3 |
| mozilla | firefox | 3.0.11 |
| mozilla | firefox | 3.5.3 |
| mozilla | firefox | 0.5 |
| mozilla | firefox | 3.6.24 |
| mozilla | firefox | 1.5.1 |
| mozilla | firefox | 23.0.1 |
| mozilla | firefox | 10.0.2 |
| mozilla | firefox | 3.5.13 |
| mozilla | firefox | 3.5.15 |
| mozilla | firefox | 3.0.14 |
| mozilla | firefox | 3.0.19 |
| mozilla | firefox | 2.0.0.18 |
| mozilla | firefox | 3.5.14 |
| mozilla | firefox | 20.0.1 |
| mozilla | firefox | 0.2 |
| mozilla | firefox | 3.6.17 |
| mozilla | firefox | 10.0.7 |
| mozilla | firefox | 3.0 |
| mozilla | firefox | 3.6.23 |
| mozilla | firefox | 14.0.1 |
| mozilla | firefox | 1.5.2 |
| mozilla | firefox | 2.0.0.10 |
| mozilla | firefox | 1.5.0.4 |
| mozilla | firefox | 11.0 |
| mozilla | firefox | 3.6.27 |
| mozilla | firefox | 2.0.0.7 |
| mozilla | firefox | 10.0.9 |
| mozilla | firefox | 1.0.4 |
| mozilla | firefox | 1.5.0.11 |
| mozilla | firefox | 6.0 |
| mozilla | firefox | 3.6.3 |
| mozilla | firefox | 0.7.1 |
| mozilla | firefox | 2.0.0.5 |
| mozilla | firefox | 7.0 |
| mozilla | firefox | 3.0.6 |
| mozilla | firefox | 3.5 |
| mozilla | firefox | 3.5.9 |
| mozilla | firefox | 25.0.1 |
| mozilla | firefox | 2.0.0.19 |
| canonical | ubuntu_linux | 12.04 |
| mozilla | firefox | 24.1 |
| mozilla | firefox | 1.5.8 |
| mozilla | firefox | 3.5.17 |
| mozilla | firefox | 1.5.0.7 |
| mozilla | firefox | 10.0.10 |
| mozilla | firefox | 1.5.0.3 |
| mozilla | firefox | 6.0.1 |
| mozilla | firefox | 3.0.2 |
| opensuse | opensuse | 13.1 |
| mozilla | firefox | 2.0.0.13 |
| suse | linux_enterprise_server | 11 |
| mozilla | firefox | 3.6.20 |
| mozilla | firefox | 1.5.6 |
| mozilla | firefox | 2.0.0.2 |
| mozilla | firefox | 1.5.4 |
| mozilla | firefox | 10.0.1 |
| mozilla | firefox | 3.6.10 |
| mozilla | firefox | 3.0.4 |
| mozilla | firefox | 7.0.1 |
| mozilla | firefox | 10.0.6 |
| mozilla | firefox | 10.0.4 |
| mozilla | firefox | 2.0.0.3 |
| mozilla | firefox | 3.0.8 |
| mozilla | firefox | 1.5.0.8 |
| mozilla | firefox | 24.0 |
| mozilla | firefox | 0.9.2 |
| mozilla | firefox | 2.0.0.20 |
| mozilla | firefox | 17.0.4 |
| mozilla | firefox | 1.5.0.9 |
| mozilla | firefox | 3.5.1 |
| mozilla | firefox | 10.0.5 |
| mozilla | firefox | 1.0.2 |
| mozilla | firefox | 15.0 |
| mozilla | firefox | 3.5.7 |
| oracle | solaris | 11.3 |
| mozilla | firefox | 10.0.11 |
| mozilla | firefox | 2.0.0.16 |
| mozilla | firefox | 1.0.1 |
| mozilla | firefox | 2.0.0.17 |
| mozilla | firefox | 2.0.0.12 |
| mozilla | firefox | 18.0.2 |
| mozilla | firefox | 1.5.0.5 |
| mozilla | firefox | 3.6.7 |
| mozilla | firefox | 19.0.1 |
| mozilla | firefox | 0.9.3 |
| mozilla | firefox | 13.0 |
| mozilla | firefox | 1.5.7 |
| mozilla | firefox | 17.0.8 |
| mozilla | firefox | 0.8 |
| mozilla | firefox | 3.5.11 |
| mozilla | firefox | 10.0.12 |
| mozilla | firefox | 12.0 |
| mozilla | firefox | 20.0 |
| mozilla | firefox | 3.0.17 |
| mozilla | firefox | 8.0.1 |
| mozilla | firefox | 3.6.6 |
| mozilla | firefox | 3.6.21 |
| mozilla | firefox | 2.0.0.4 |
| mozilla | firefox | 0.6 |
| mozilla | firefox | 0.6.1 |
| mozilla | firefox | 2.0.0.14 |
| mozilla | firefox | 17.0.6 |
| mozilla | firefox | 3.6.25 |
| mozilla | firefox | 5.0 |
| mozilla | firefox | 5.0.1 |
| mozilla | firefox | 2.0.0.11 |
| mozilla | firefox | 3.0.18 |
| mozilla | firefox | 1.5.3 |
| mozilla | firefox | 1.0.8 |
| mozilla | firefox | 19.0 |
| opensuse_project | opensuse | 12.3 |
| mozilla | firefox | 16.0.2 |
| mozilla | firefox | 3.6.4 |
| mozilla | firefox | 3.6.19 |
| mozilla | firefox | 1.0.5 |
| mozilla | firefox | 3.5.12 |
| mozilla | firefox | 25.0 |
| mozilla | firefox | 1.5.0.12 |
| mozilla | firefox | 9.0 |
| mozilla | firefox | 3.6.15 |
| mozilla | firefox | 3.6 |
| mozilla | firefox | 18.0 |
| mozilla | firefox | 3.6.28 |
| mozilla | firefox | 3.5.8 |
| mozilla | firefox | 3.6.11 |
| mozilla | firefox | 17.0.11 |
| mozilla | firefox | 3.5.4 |
| suse | linux_enterprise_desktop | 11 |
| mozilla | firefox | 15.0.1 |
| mozilla | firefox | 17.0.10 |
| mozilla | firefox | * |
| mozilla | firefox | 1.5 |
| mozilla | firefox | 10.0.3 |
| mozilla | firefox | 3.5.10 |
| mozilla | firefox | 8.0 |
| mozilla | firefox | 2.0.0.8 |
| mozilla | firefox | 2.0.0.9 |
| mozilla | firefox | 0.7 |
| mozilla | firefox | 17.0.7 |
| mozilla | firefox | 3.5.16 |
| mozilla | firefox | 3.0.15 |
| mozilla | firefox | 4.0 |
| mozilla | firefox | 3.6.8 |
| mozilla | firefox | 1.5.0.2 |
| mozilla | firefox | 14.0 |
| mozilla | firefox | 18.0.1 |
| mozilla | firefox | 3.0.3 |
| mozilla | firefox | 3.0.16 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| opensuse_project | opensuse | 11.4 |
| opensuse_project | opensuse | 12.3 |
| suse | linux_enterprise_desktop | 11 |
| mozilla | seamonkey | * |
| oracle | solaris | 11.3 |
| opensuse | opensuse | 13.1 |
| mozilla | firefox | * |
| suse | linux_enterprise_server | 11 |
| suse | linux_enterprise_software_development_kit | 11 |
The crypto.generateCRMFRequest method in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 does not properly validate a certain key type, which allows remote attackers to cause a denial of service (application crash) via vectors that trigger generation of a key that supports the Elliptic Curve ec-dual-use algorithm.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-347,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| opensuse_project | opensuse | 11.4 |
| opensuse_project | opensuse | 12.3 |
| suse | linux_enterprise_desktop | 11 |
| mozilla | seamonkey | * |
| oracle | solaris | 11.3 |
| opensuse | opensuse | 13.1 |
| mozilla | firefox | * |
| suse | linux_enterprise_server | 11 |
| suse | linux_enterprise_software_development_kit | 11 |
Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote attackers to spoof the domain name in the WebRTC (1) camera or (2) microphone permission prompt by triggering navigation at a certain time during generation of this prompt.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| opensuse_project | opensuse | 11.4 |
| opensuse_project | opensuse | 12.3 |
| suse | linux_enterprise_desktop | 11 |
| mozilla | seamonkey | * |
| oracle | solaris | 11.3 |
| opensuse | opensuse | 13.1 |
| mozilla | firefox | * |
| suse | linux_enterprise_server | 11 |
| suse | linux_enterprise_software_development_kit | 11 |
Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote attackers to cause a denial of service (resource consumption and application hang) via onbeforeunload events that trigger background JavaScript execution.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-400,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| opensuse_project | opensuse | 11.4 |
| opensuse_project | opensuse | 12.3 |
| suse | linux_enterprise_desktop | 11 |
| mozilla | seamonkey | * |
| oracle | solaris | 11.3 |
| opensuse | opensuse | 13.1 |
| mozilla | firefox | * |
| suse | linux_enterprise_server | 11 |
| suse | linux_enterprise_software_development_kit | 11 |
The (1) WebGL.compressedTexImage2D and (2) WebGL.compressedTexSubImage2D functions in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote attackers to bypass the Same Origin Policy and render content in a different domain via unspecified vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-346,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| opensuse_project | opensuse | 11.4 |
| opensuse_project | opensuse | 12.3 |
| suse | linux_enterprise_desktop | 11 |
| mozilla | seamonkey | * |
| oracle | solaris | 11.3 |
| opensuse | opensuse | 13.1 |
| mozilla | firefox | * |
| suse | linux_enterprise_server | 11 |
| suse | linux_enterprise_software_development_kit | 11 |
The sse2_composite_src_x888_8888 function in Pixman, as used in Cairo in Mozilla Firefox 28.0 and SeaMonkey 2.25 on Windows, allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds write and application crash) by painting on a CANVAS element.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| mozilla | seamonkey | 2.25 |
| mozilla | firefox | 28.0 |
| opensuse_project | opensuse | 12.3 |
| canonical | ubuntu_linux | 12.10 |
| oracle | solaris | 11.3 |
| opensuse | opensuse | 13.1 |
| canonical | ubuntu_linux | 12.04 |
| fedoraproject | fedora | 19 |
| canonical | ubuntu_linux | 14.04 |
| canonical | ubuntu_linux | 13.10 |
Buffer overflow in the Speex resampler in the Web Audio subsystem in Mozilla Firefox before 30.0 allows remote attackers to execute arbitrary code via vectors related to a crafted AudioBuffer channel count and sample rate.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| opensuse_project | opensuse | 12.3 |
| oracle | solaris | 11.3 |
| opensuse | opensuse | 13.1 |
| mozilla | firefox | * |
The default configuration for the Xerces SAX Parser in Castor before 1.3.3 allows context-dependent attackers to conduct XML External Entity (XXE) attacks via a crafted XML document.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-611,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| opensuse_project | opensuse | 12.3 |
| castor_project | castor | * |
| castor_project | castor | 1.3 |
| opensuse | opensuse | 13.1 |
| castor_project | castor | 1.3.1 |
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier and 5.6.17 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to SRINFOSC.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| suse | linux_enterprise_desktop | 11 |
| oracle | solaris | 11.3 |
| opensuse_project | suse_linux_enterprise_desktop | 11.0 |
| suse | linux_enterprise_software_development_kit | 12 |
| suse | linux_enterprise_software_development_kit | 11 |
| debian | debian_linux | 7.0 |
| opensuse_project | suse_linux_enterprise_server | 11.0 |
| opensuse_project | suse_linux_enterprise_software_development_kit | 11.0 |
| vmware | vcenter_server_appliance | 5.1 |
| suse | linux_enterprise_workstation_extension | 12 |
| mariadb | mariadb | * |
| vmware | vcenter_server_appliance | 5.0 |
| suse | linux_enterprise_desktop | 12 |
| suse | linux_enterprise_server | 11 |
| suse | linux_enterprise_server | 12 |
| vmware | vcenter_server_appliance | 5.5 |
| oracle | mysql | * |
Array index error in the scanstring function in the _json module in Python 2.7 through 3.5 and simplejson before 2.6.1 allows context-dependent attackers to read arbitrary process memory via a negative index value in the idx argument to the raw_decode function.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.9 | MEDIUM | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N | 2.2 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-129,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| opensuse_project | opensuse | 12.3 |
| python | python | * |
| opensuse | opensuse | 13.1 |
| simplejson_project | simplejson | * |
The ReadPSDLayers function in coders/psd.c in ImageMagick 6.8.9.9 allows remote attackers to have unspecified impact via unknown vectors, related to "throwing of exceptions."
CVSS 2.0
Severity: HIGH
Problem Type: CWE-388,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| opensuse | opensuse | 13.2 |
| imagemagick | imagemagick | 6.8.8-9 |
| opensuse_project | suse_linux_enterprise_server | 12.0 |
| opensuse_project | suse_linux_enterprise_workstation_extension | 12.0 |
| canonical | ubuntu_linux | 16.10 |
| canonical | ubuntu_linux | 12.04 |
| canonical | ubuntu_linux | 14.04 |
| canonical | ubuntu_linux | 16.04 |
| opensuse_project | suse_linux_enterprise_software_development_kit | 12.0 |
| opensuse_project | leap | 42.1 |
| opensuse_project | suse_linux_enterprise_desktop | 12.0 |
Memory leak in the ReadPSDLayers function in coders/psd.c in ImageMagick 6.8.9.9 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-400,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| opensuse | opensuse | 13.2 |
| imagemagick | imagemagick | 6.8.8-9 |
| opensuse_project | suse_linux_enterprise_server | 12.0 |
| opensuse_project | suse_linux_enterprise_workstation_extension | 12.0 |
| opensuse_project | suse_linux_enterprise_server | 11.0 |
| canonical | ubuntu_linux | 14.04 |
| opensuse_project | suse_linux_enterprise_software_development_kit | 11.0 |
| opensuse_project | suse_linux_enterprise_software_development_kit | 12.0 |
| opensuse_project | leap | 42.1 |
| opensuse_project | suse_linux_enterprise_debuginfo | 11.0 |
| canonical | ubuntu_linux | 16.10 |
| canonical | ubuntu_linux | 12.04 |
| canonical | ubuntu_linux | 16.04 |
| opensuse_project | suse_linux_enterprise_desktop | 12.0 |
The DecodePSDPixels function in coders/psd.c in ImageMagick 6.8.9.9 allows remote attackers to have unspecified impact via unknown vectors.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| opensuse | opensuse | 13.2 |
| imagemagick | imagemagick | 6.8.8-9 |
| opensuse_project | suse_linux_enterprise_server | 12.0 |
| opensuse_project | suse_linux_enterprise_workstation_extension | 12.0 |
| canonical | ubuntu_linux | 16.10 |
| canonical | ubuntu_linux | 12.04 |
| canonical | ubuntu_linux | 14.04 |
| canonical | ubuntu_linux | 16.04 |
| opensuse_project | suse_linux_enterprise_software_development_kit | 12.0 |
| opensuse_project | leap | 42.1 |
| opensuse_project | suse_linux_enterprise_desktop | 12.0 |
The ReadRLEImage function in coders/rle.c in ImageMagick 6.8.9.9 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted image file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| opensuse | opensuse | 13.2 |
| imagemagick | imagemagick | 6.8.8-9 |
| opensuse_project | suse_linux_enterprise_server | 12.0 |
| opensuse_project | suse_linux_enterprise_workstation_extension | 12.0 |
| opensuse_project | suse_linux_enterprise_server | 11.0 |
| canonical | ubuntu_linux | 14.04 |
| opensuse_project | suse_linux_enterprise_software_development_kit | 11.0 |
| opensuse_project | suse_linux_enterprise_software_development_kit | 12.0 |
| opensuse_project | leap | 42.1 |
| opensuse_project | suse_linux_enterprise_debuginfo | 11.0 |
| suse | studio_onsite | 1.3 |
| canonical | ubuntu_linux | 16.10 |
| canonical | ubuntu_linux | 12.04 |
| canonical | ubuntu_linux | 16.04 |
| opensuse_project | suse_linux_enterprise_desktop | 12.0 |
The ReadDIBImage function in coders/dib.c in ImageMagick allows remote attackers to cause a denial of service (crash) via a corrupted dib file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| opensuse | opensuse | 13.2 |
| imagemagick | imagemagick | 6.8.8-9 |
| opensuse_project | suse_linux_enterprise_server | 12.0 |
| opensuse_project | suse_linux_enterprise_workstation_extension | 12.0 |
| opensuse_project | suse_linux_enterprise_server | 11.0 |
| canonical | ubuntu_linux | 14.04 |
| opensuse_project | suse_linux_enterprise_software_development_kit | 11.0 |
| opensuse_project | suse_linux_enterprise_software_development_kit | 12.0 |
| opensuse_project | leap | 42.1 |
| opensuse_project | suse_linux_enterprise_debuginfo | 11.0 |
| suse | studio_onsite | 1.3 |
| opensuse | leap | 42.2 |
| canonical | ubuntu_linux | 16.10 |
| canonical | ubuntu_linux | 12.04 |
| canonical | ubuntu_linux | 16.04 |
| opensuse_project | suse_linux_enterprise_desktop | 12.0 |
Buffer overflow in the ReadRLEImage function in coders/rle.c in ImageMagick 6.8.9.9 allows remote attackers to have unspecified impact.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| opensuse | opensuse | 13.2 |
| imagemagick | imagemagick | 6.8.8-9 |
| opensuse_project | suse_linux_enterprise_server | 12.0 |
| opensuse_project | suse_linux_enterprise_workstation_extension | 12.0 |
| opensuse_project | suse_linux_enterprise_server | 11.0 |
| canonical | ubuntu_linux | 14.04 |
| opensuse_project | suse_linux_enterprise_software_development_kit | 11.0 |
| opensuse_project | suse_linux_enterprise_software_development_kit | 12.0 |
| opensuse_project | leap | 42.1 |
| opensuse_project | suse_linux_enterprise_debuginfo | 11.0 |
| suse | studio_onsite | 1.3 |
| opensuse | leap | 42.2 |
| canonical | ubuntu_linux | 16.10 |
| canonical | ubuntu_linux | 12.04 |
| canonical | ubuntu_linux | 16.04 |
| opensuse_project | suse_linux_enterprise_desktop | 12.0 |
The jng decoder in ImageMagick 6.8.9.9 allows remote attackers to have an unspecified impact.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| opensuse | opensuse | 13.2 |
| imagemagick | imagemagick | 6.8.8-9 |
| opensuse_project | suse_linux_enterprise_server | 12.0 |
| opensuse_project | studio_onsite | 1.3 |
| opensuse_project | suse_linux_enterprise_workstation_extension | 12.0 |
| opensuse_project | suse_linux_enterprise_server | 11.0 |
| canonical | ubuntu_linux | 14.04 |
| opensuse_project | suse_linux_enterprise_software_development_kit | 11.0 |
| opensuse_project | suse_linux_enterprise_software_development_kit | 12.0 |
| opensuse_project | leap | 42.1 |
| opensuse_project | suse_linux_enterprise_debuginfo | 11.0 |
| canonical | ubuntu_linux | 16.10 |
| canonical | ubuntu_linux | 12.04 |
| canonical | ubuntu_linux | 16.04 |
| opensuse_project | suse_linux_enterprise_desktop | 12.0 |
Memory leak in ImageMagick allows remote attackers to cause a denial of service (memory consumption).
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | 3.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-399,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | * |
| opensuse | opensuse | 13.2 |
| opensuse_project | suse_linux_enterprise_server | 12.0 |
| opensuse_project | suse_linux_enterprise_workstation_extension | 12.0 |
| canonical | ubuntu_linux | 14.04 |
| opensuse_project | suse_linux_enterprise_software_development_kit | 12.0 |
| opensuse_project | leap | 42.1 |
| opensuse_project | suse_linux_enterprise_server_for_raspberry_pi | 12.0 |
| opensuse | leap | 42.2 |
| canonical | ubuntu_linux | 16.10 |
| canonical | ubuntu_linux | 12.04 |
| canonical | ubuntu_linux | 16.04 |
| opensuse_project | suse_linux_enterprise_desktop | 12.0 |
The png coder in ImageMagick allows remote attackers to cause a denial of service (crash).
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-400,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| opensuse | opensuse | 13.2 |
| imagemagick | imagemagick | 6.8.8-9 |
| opensuse_project | suse_linux_enterprise_server | 12.0 |
| opensuse_project | suse_linux_enterprise_workstation_extension | 12.0 |
| opensuse_project | suse_linux_enterprise_server | 11.0 |
| canonical | ubuntu_linux | 14.04 |
| opensuse_project | suse_linux_enterprise_software_development_kit | 11.0 |
| opensuse_project | suse_linux_enterprise_software_development_kit | 12.0 |
| opensuse_project | leap | 42.1 |
| opensuse_project | suse_linux_enterprise_debuginfo | 11.0 |
| canonical | ubuntu_linux | 16.10 |
| canonical | ubuntu_linux | 12.04 |
| canonical | ubuntu_linux | 16.04 |
| opensuse_project | suse_linux_enterprise_desktop | 12.0 |
Logic error in ImageMagick 6.8.9.9 allows remote attackers to cause a denial of service (resource consumption).
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-399,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| opensuse | opensuse | 13.2 |
| imagemagick | imagemagick | 6.8.8-9 |
| opensuse_project | suse_linux_enterprise_server | 12.0 |
| opensuse_project | suse_linux_enterprise_workstation_extension | 12.0 |
| canonical | ubuntu_linux | 16.10 |
| canonical | ubuntu_linux | 12.04 |
| canonical | ubuntu_linux | 14.04 |
| canonical | ubuntu_linux | 16.04 |
| opensuse_project | suse_linux_enterprise_software_development_kit | 12.0 |
| opensuse_project | leap | 42.1 |
| opensuse_project | suse_linux_enterprise_desktop | 12.0 |
ImageMagick 6.8.9.9 allows remote attackers to cause a denial of service (application crash).
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| opensuse | opensuse | 13.2 |
| imagemagick | imagemagick | 6.8.8-9 |
| opensuse_project | suse_linux_enterprise_server | 12.0 |
| opensuse_project | suse_linux_enterprise_workstation_extension | 12.0 |
| opensuse_project | suse_linux_enterprise_server | 11.0 |
| canonical | ubuntu_linux | 14.04 |
| opensuse_project | suse_linux_enterprise_software_development_kit | 11.0 |
| opensuse_project | suse_linux_enterprise_software_development_kit | 12.0 |
| opensuse_project | leap | 42.1 |
| opensuse_project | suse_linux_enterprise_debuginfo | 11.0 |
| canonical | ubuntu_linux | 16.10 |
| canonical | ubuntu_linux | 12.04 |
| canonical | ubuntu_linux | 16.04 |
| opensuse_project | suse_linux_enterprise_desktop | 12.0 |
Memory leak in coders/rle.c in ImageMagick allows remote attackers to cause a denial of service (memory consumption) via a crafted rle file.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 1.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-399,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | * |
| opensuse | opensuse | 13.2 |
| suse | linux_enterprise_software_development_kit | 12 |
| canonical | ubuntu_linux | 14.04 |
| opensuse_project | suse_linux_enterprise_software_development_kit | 11.0 |
| suse | linux_enterprise_debuginfo | 11 |
| suse | linux_enterprise_workstation_extension | 12 |
| novell | leap | 42.2 |
| suse | linux_enterprise_desktop | 12 |
| opensuse | leap | 42.1 |
| suse | linux_enterprise_server | 11 |
| canonical | ubuntu_linux | 16.10 |
| suse | linux_enterprise_server | 12 |
| canonical | ubuntu_linux | 12.04 |
| canonical | ubuntu_linux | 16.04 |
print-wb.c in tcpdump before 4.7.4 allows remote attackers to cause a denial of service (segmentation fault and process crash).
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| opensuse | leap | 42.2 |
| tcpdump | tcpdump | * |
| opensuse_project | leap | 42.1 |
ntp-keygen in ntp 4.2.8px before 4.2.8p2-RC2 and 4.3.x before 4.3.12 does not generate MD5 keys with sufficient entropy on big endian machines when the lowest order byte of the temp variable is between 0x20 and 0x7f and not #, which might allow remote attackers to obtain the value of generated MD5 keys via a brute force attack with the 93 possible keys.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-331,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| redhat | enterprise_linux_desktop | 6.0 |
| ntp | ntp | 4.2.8 |
| redhat | enterprise_linux_server | 6.0 |
| ntp | ntp | 4.3.8 |
| ntp | ntp | 4.3.11 |
| opensuse_project | suse_linux_enterprise_desktop | 11.0 |
| ntp | ntp | 4.3.2 |
| debian | debian_linux | 7.0 |
| ntp | ntp | 4.3.3 |
| redhat | enterprise_linux_for_power_big_endian | 6.0 |
| ntp | ntp | 4.3.7 |
| ntp | ntp | 4.3.0 |
| debian | debian_linux | 8.0 |
| ntp | ntp | 4.3.10 |
| opensuse | suse_linux_enterprise_server | 11.0 |
| ntp | ntp | 4.3.5 |
| redhat | enterprise_linux_for_ibm_z_systems | 6.0 |
| redhat | enterprise_linux_server_from_rhui_6 | 6.0 |
| redhat | enterprise_linux_workstation | 6.0 |
| redhat | enterprise_linux_for_scientific_computing | 6.0 |
| ntp | ntp | 4.3.1 |
| suse | suse_linux_enterprise_server | 11.0 |
| ntp | ntp | 4.3.9 |
| ntp | ntp | 4.3.4 |
| ntp | ntp | 4.3.6 |
| fedoraproject | fedora | 21 |
Double free vulnerability in the jasper_image_stop_load function in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via a crafted JPEG 2000 image file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-415,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| opensuse | opensuse | 13.2 |
| fedoraproject | fedora | 24 |
| fedoraproject | fedora | 23 |
| opensuse | opensuse | 13.1 |
| fedoraproject | fedora | 25 |
| opensuse | leap | 42.2 |
| jasper_project | jasper | 1.900.17 |
| opensuse_project | leap | 42.1 |
Buffer overflow in text-utils/colcrt.c in colcrt in util-linux before 2.27 allows local users to cause a denial of service (crash) via a crafted file, related to the page global variable.
CVSS 2.0
Severity: LOW
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| opensuse | opensuse | 13.2 |
| opensuse | opensuse | 13.1 |
| kernel | util-linux | * |
| opensuse_project | leap | 42.1 |
Use-after-free vulnerability in the mif_process_cmpt function in libjasper/mif/mif_cod.c in the JasPer JPEG-2000 library before 1.900.2 allows remote attackers to cause a denial of service (crash) via a crafted JPEG 2000 image file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-416,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| opensuse | opensuse | 13.2 |
| fedoraproject | fedora | 24 |
| fedoraproject | fedora | 23 |
| opensuse | opensuse | 13.1 |
| fedoraproject | fedora | 25 |
| opensuse | leap | 42.2 |
| jasper_project | jasper | * |
| opensuse_project | leap | 42.1 |
Cross-site scripting (XSS) vulnerability in the Classic-UI with the CSV export link and pagination feature in Icinga before 1.14 allows remote attackers to inject arbitrary web script or HTML via the query string to cgi-bin/status.cgi.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| opensuse | leap | 42.2 |
| icinga | icinga | * |
| opensuse_project | leap | 42.1 |
Directory traversal vulnerability in magick/module.c in ImageMagick 6.9.4-7 allows remote attackers to load arbitrary modules via unspecified vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-22,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 6.9.4-7 |
| opensuse_project | leap | 42.1 |
The MSL interpreter in ImageMagick before 6.9.6-4 allows remote attackers to cause a denial of service (segmentation fault and application crash) via a crafted XML file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | * |
| opensuse | leap | 42.2 |
| opensuse_project | leap | 42.1 |
coders/mat.c in ImageMagick before 6.9.4-5 allows remote attackers to cause a denial of service (application crash) via a mat file with an invalid number of frames.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | * |
| opensuse_project | leap | 42.1 |
Tor before 0.2.8.12 might allow remote attackers to cause a denial of service (client crash) via a crafted hidden service descriptor.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| opensuse | opensuse | 13.2 |
| fedoraproject | fedora | 24 |
| debian | debian_linux | 9.0 |
| fedoraproject | fedora | 25 |
| opensuse | leap | 42.2 |
| debian | debian_linux | 8.0 |
| torproject | tor | * |
| opensuse_project | leap | 42.1 |
Out-of-bounds read in the PixarLogCleanup function in tif_pixarlog.c in libtiff 4.0.6 and earlier allows remote attackers to crash the application by sending a crafted TIFF image to the rgb2ycbcr tool.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| opensuse | opensuse | 13.2 |
| opensuse | opensuse | 13.1 |
| libtiff | libtiff | * |
| opensuse_project | leap | 42.1 |
Buffer overflow in the PixarLogDecode function in libtiff.so in the PixarLogDecode function in libtiff 4.0.6 and earlier, as used in GNOME nautilus, allows attackers to cause a denial of service attack (crash) via a crafted TIFF file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| opensuse | opensuse | 13.2 |
| opensuse | opensuse | 13.1 |
| libtiff | libtiff | 4.0.6 |
| opensuse_project | leap | 42.1 |
Pacemaker before 1.1.15, when using pacemaker remote, might allow remote attackers to cause a denial of service (node disconnection) via an unauthenticated connection.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-254,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| suse | linux_enterprise_high_availability | 12 |
| opensuse | leap | 42.2 |
| suse | linux_enterprise_software_development_kit | 12 |
| redhat | enterprise_linux_resilient_storage | 7.0 |
| redhat | enterprise_linux_high_availability | 7.0 |
| clusterlabs | pacemaker | * |
| opensuse_project | leap | 42.1 |
The HTMLtagproc1 function in file.c in w3m before 0.5.3+git20161009 does not properly initialize values, which allows remote attackers to crash the application via a crafted html file, related to <dd> tags.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| opensuse | leap | 42.2 |
| tats | w3m | * |
| opensuse_project | leap | 42.1 |
parsetagx.c in w3m before 0.5.3+git20161009 does not properly initialize values, which allows remote attackers to crash the application via a crafted html file, related to a <i> tag.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| opensuse | leap | 42.2 |
| tats | w3m | * |
| opensuse_project | leap | 42.1 |
The IsPixelGray function in MagickCore/pixel-accessor.h in ImageMagick 7.0.3-8 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted image file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| debian | debian_linux | 8.0 |
| imagemagick | imagemagick | 7.0.3-8 |
| opensuse_project | leap | 42.1 |
Stack-based buffer overflow in game-music-emu before 0.6.1.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| suse | linux_enterprise_workstation_extension | 12 |
| suse | linux_enterprise | 12.0 |
| opensuse | opensuse | 12.1 |
| suse | suse_linux_enterprise_server | 12 |
| suse | linux_enterprise_desktop | 12 |
| opensuse | leap | 42.2 |
| suse | linux_enterprise_software_development_kit | 12 |
| game-music-emu_project | game-music-emu | * |
| opensuse_project | leap | 42.1 |
game-music-emu before 0.6.1 allows remote attackers to write to arbitrary memory locations.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| suse | linux_enterprise_workstation_extension | 12 |
| suse | linux_enterprise | 12.0 |
| opensuse | opensuse | 12.1 |
| suse | suse_linux_enterprise_server | 12 |
| suse | linux_enterprise_desktop | 12 |
| opensuse | leap | 42.2 |
| suse | linux_enterprise_software_development_kit | 12 |
| game-music-emu_project | game-music-emu | * |
| opensuse_project | leap | 42.1 |
game-music-emu before 0.6.1 allows remote attackers to generate out of bounds 8-bit values.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| suse | linux_enterprise_workstation_extension | 12 |
| suse | linux_enterprise | 12.0 |
| opensuse | opensuse | 12.1 |
| suse | suse_linux_enterprise_server | 12 |
| suse | linux_enterprise_desktop | 12 |
| opensuse | leap | 42.2 |
| suse | linux_enterprise_software_development_kit | 12 |
| game-music-emu_project | game-music-emu | * |
| opensuse_project | leap | 42.1 |
game-music-emu before 0.6.1 allows local users to cause a denial of service (divide by zero and process crash).
CVSS 2.0
Severity: LOW
Problem Type: CWE-369,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| fedoraproject | fedora | 24 |
| novell | suse_linux_enterprise_software_development_kit | 12.0 |
| novell | suse_linux_enterprise_server | 12.0 |
| fedoraproject | fedora | 25 |
| opensuse | leap | 42.2 |
| novell | suse_linux_enterprise_desktop | 12.0 |
| game-music-emu_project | game-music-emu | * |
| opensuse_project | leap | 42.1 |
game-music-emu before 0.6.1 mishandles unspecified integer values.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-189,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| fedoraproject | fedora | 24 |
| novell | suse_linux_enterprise_software_development_kit | 12.0 |
| novell | suse_linux_enterprise_server | 12.0 |
| fedoraproject | fedora | 25 |
| opensuse | leap | 42.2 |
| novell | suse_linux_enterprise_desktop | 12.0 |
| game-music-emu_project | game-music-emu | * |
| opensuse_project | leap | 42.1 |
The Salsa20 encryption algorithm in the Linux kernel before 4.14.8 does not correctly handle zero-length inputs, allowing a local attacker able to use the AF_ALG-based skcipher interface (CONFIG_CRYPTO_USER_API_SKCIPHER) to cause a denial of service (uninitialized-memory free and kernel crash) or have unspecified other impact by executing a crafted sequence of system calls that use the blkcipher_walk API. Both the generic implementation (crypto/salsa20_generic.c) and x86 implementation (arch/x86/crypto/salsa20_glue.c) of Salsa20 were vulnerable.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 17.10 |
| linux | linux_kernel | * |
| canonical | ubuntu_linux | 14.04 |
| debian | debian_linux | 9.0 |
| opensuse_project | leap | 42.3 |
| suse | linux_enterprise_desktop | 12 |
| opensuse | leap | 42.2 |
| suse | linux_enterprise_server | 11 |
| debian | debian_linux | 8.0 |
| suse | linux_enterprise_server_for_raspberry_pi | 12 |
| suse | linux_enterprise_server | 12 |
| canonical | ubuntu_linux | 12.04 |
| canonical | ubuntu_linux | 16.04 |
The HMAC implementation (crypto/hmac.c) in the Linux kernel before 4.14.8 does not validate that the underlying cryptographic hash algorithm is unkeyed, allowing a local attacker able to use the AF_ALG-based hash interface (CONFIG_CRYPTO_USER_API_HASH) and the SHA-3 hash algorithm (CONFIG_CRYPTO_SHA3) to cause a kernel stack buffer overflow by executing a crafted sequence of system calls that encounter a missing SHA-3 initialization.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 17.10 |
| linux | linux_kernel | * |
| canonical | ubuntu_linux | 14.04 |
| debian | debian_linux | 9.0 |
| opensuse_project | leap | 42.3 |
| suse | linux_enterprise_desktop | 12 |
| opensuse | leap | 42.2 |
| suse | linux_enterprise_server | 11 |
| debian | debian_linux | 8.0 |
| suse | linux_enterprise_server_for_raspberry_pi | 12 |
| suse | linux_enterprise_server | 12 |
| canonical | ubuntu_linux | 12.04 |
| canonical | ubuntu_linux | 16.04 |
Cross-site scripting (XSS) vulnerability in the nav_path function in lib/viewvc.py in ViewVC before 1.0.14 and 1.1.x before 1.1.26 allows remote attackers to inject arbitrary web script or HTML via the nav_data name.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| viewvc | viewvc | * |
| opensuse | leap | 42.2 |
| debian | debian_linux | 8.0 |
| opensuse_project | leap | 42.1 |
The ssh_agent_channel_data function in PuTTY before 0.68 allows remote attackers to have unspecified impact via a large length value in an agent protocol message and leveraging the ability to connect to the Unix-domain socket representing the forwarded agent connection, which trigger a buffer overflow.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| putty | putty | * |
| opensuse | leap | 42.2 |
| opensuse_project | leap | 42.1 |