MidnightBSD

Advisories for opensuse_project

CVE-2011-4093 MEDIUM

Integer overflow in inc/server.hpp in libnet6 (aka net6) before 1.3.14 might allow remote attackers to hijack connections and gain privileges as other users by making a large number of connections until the overflow occurs and an ID of another user is provided.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-190,

Products Affected

Vendor Product Version
opensuse_project opensuse 11.4
armin_burgmeier net6 1.3.10
armin_burgmeier net6 1.3.1
opensuse opensuse 11.3
armin_burgmeier net6 1.3.5
armin_burgmeier net6 1.3.12
armin_burgmeier net6 1.3.6
oracle solaris 11.2
armin_burgmeier net6 1.3.2
armin_burgmeier net6 1.3.11
armin_burgmeier net6 1.3.4
armin_burgmeier net6 1.3.3
armin_burgmeier net6 1.3.8
armin_burgmeier net6 1.3.7
armin_burgmeier net6 *
armin_burgmeier net6 1.3.9
CVE-2013-5611 MEDIUM

Mozilla Firefox before 26.0 does not properly remove the Application Installation doorhanger, which makes it easier for remote attackers to spoof a Web App installation site by controlling the timing of page navigation.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
mozilla firefox 17.0.9
mozilla firefox 1.5.0.1
mozilla firefox 3.6.12
mozilla firefox 1.5.0.6
mozilla firefox 3.0.1
mozilla firefox 10.0
canonical ubuntu_linux 12.10
mozilla firefox 3.0.5
mozilla firefox 17.0.5
mozilla firefox 3.6.22
mozilla firefox 3.0.9
mozilla firefox 21.0
canonical ubuntu_linux 13.10
mozilla firefox 9.0.1
mozilla firefox 3.6.18
mozilla firefox 3.0.12
mozilla firefox 0.9.1
canonical ubuntu_linux 13.04
mozilla firefox 2.0
mozilla firefox 3.5.5
mozilla firefox 0.4
mozilla firefox 10.0.8
mozilla firefox 13.0.1
mozilla firefox 24.1.1
mozilla firefox 0.10.1
mozilla firefox 1.0.7
mozilla firefox 2.0.0.15
mozilla firefox 23.0
mozilla firefox 0.9
mozilla firefox 3.6.26
mozilla firefox 3.5.19
mozilla firefox 0.3
mozilla firefox 3.0.10
mozilla firefox 6.0.2
mozilla firefox 3.6.9
mozilla firefox 17.0.2
mozilla firefox 3.6.14
mozilla firefox 3.0.13
mozilla firefox 16.0
mozilla firefox 3.6.16
mozilla firefox 1.0.6
mozilla firefox 3.6.13
mozilla firefox 3.6.2
mozilla firefox 0.10
mozilla firefox 2.0.0.6
mozilla firefox 1.5.0.10
mozilla firefox 3.5.2
mozilla firefox 3.5.18
mozilla firefox 1.0
mozilla firefox 1.5.5
suse linux_enterprise_software_development_kit 11
mozilla firefox 0.1
mozilla firefox 1.0.3
mozilla firefox 19.0.2
mozilla firefox 16.0.1
mozilla firefox 2.0.0.1
mozilla firefox 3.5.6
mozilla firefox 3.0.7
mozilla firefox 4.0.1
mozilla firefox 17.0.3
mozilla firefox 3.0.11
mozilla firefox 3.5.3
mozilla firefox 0.5
mozilla firefox 3.6.24
mozilla firefox 1.5.1
mozilla firefox 23.0.1
mozilla firefox 10.0.2
mozilla firefox 3.5.13
mozilla firefox 3.5.15
mozilla firefox 3.0.14
mozilla firefox 3.0.19
mozilla firefox 2.0.0.18
mozilla firefox 3.5.14
mozilla firefox 20.0.1
mozilla firefox 0.2
mozilla firefox 3.6.17
mozilla firefox 10.0.7
mozilla firefox 3.0
mozilla firefox 3.6.23
mozilla firefox 14.0.1
mozilla firefox 1.5.2
mozilla firefox 2.0.0.10
fedoraproject fedora 19
mozilla firefox 1.5.0.4
mozilla firefox 11.0
mozilla firefox 3.6.27
mozilla firefox 2.0.0.7
mozilla firefox 10.0.9
mozilla firefox 1.0.4
mozilla firefox 1.5.0.11
mozilla firefox 6.0
mozilla firefox 3.6.3
mozilla firefox 0.7.1
mozilla firefox 2.0.0.5
mozilla firefox 7.0
mozilla firefox 3.0.6
mozilla firefox 3.5
mozilla firefox 3.5.9
mozilla firefox 2.0.0.19
canonical ubuntu_linux 12.04
mozilla firefox 24.1
mozilla firefox 1.5.8
mozilla firefox 3.5.17
mozilla firefox 1.5.0.7
mozilla firefox 10.0.10
mozilla firefox 1.5.0.3
mozilla firefox 6.0.1
mozilla firefox 3.0.2
opensuse opensuse 13.1
mozilla firefox 2.0.0.13
suse linux_enterprise_server 11
mozilla firefox 3.6.20
mozilla firefox 1.5.6
mozilla firefox 2.0.0.2
mozilla firefox 1.5.4
mozilla firefox 10.0.1
mozilla firefox 3.6.10
mozilla firefox 3.0.4
mozilla firefox 7.0.1
mozilla firefox 10.0.6
mozilla firefox 10.0.4
mozilla firefox 2.0.0.3
mozilla firefox 3.0.8
mozilla firefox 1.5.0.8
mozilla firefox 24.0
mozilla firefox 0.9.2
mozilla firefox 2.0.0.20
mozilla firefox 17.0.4
mozilla firefox 1.5.0.9
mozilla firefox 3.5.1
mozilla firefox 10.0.5
mozilla firefox 1.0.2
mozilla firefox 15.0
mozilla firefox 3.5.7
oracle solaris 11.3
mozilla firefox 10.0.11
mozilla firefox 2.0.0.16
mozilla firefox 1.0.1
mozilla firefox 2.0.0.17
mozilla firefox 2.0.0.12
mozilla firefox 18.0.2
mozilla firefox 1.5.0.5
mozilla firefox 3.6.7
mozilla firefox 19.0.1
mozilla firefox 0.9.3
mozilla firefox 13.0
mozilla firefox 1.5.7
mozilla firefox 17.0.8
mozilla firefox 0.8
mozilla firefox 3.5.11
mozilla firefox 10.0.12
mozilla firefox 12.0
mozilla firefox 20.0
mozilla firefox 3.0.17
mozilla firefox 8.0.1
mozilla firefox 3.6.6
mozilla firefox 3.6.21
mozilla firefox 2.0.0.4
mozilla firefox 0.6
mozilla firefox 0.6.1
mozilla firefox 2.0.0.14
mozilla firefox 17.0.6
mozilla firefox 3.6.25
mozilla firefox 5.0
mozilla firefox 5.0.1
mozilla firefox 2.0.0.11
mozilla firefox 3.0.18
mozilla firefox 1.5.3
mozilla firefox 1.0.8
mozilla firefox 19.0
opensuse_project opensuse 12.3
fedoraproject fedora 20
mozilla firefox 16.0.2
mozilla firefox 3.6.4
mozilla firefox 3.6.19
mozilla firefox 1.0.5
mozilla firefox 3.5.12
mozilla firefox 25.0
mozilla firefox 1.5.0.12
mozilla firefox 9.0
mozilla firefox 3.6.15
mozilla firefox 3.6
mozilla firefox 18.0
mozilla firefox 3.6.28
mozilla firefox 3.5.8
mozilla firefox 3.6.11
mozilla firefox 17.0.11
opensuse_project opensuse 11.4
mozilla firefox 3.5.4
suse linux_enterprise_desktop 11
mozilla firefox 15.0.1
mozilla firefox 17.0.10
mozilla firefox *
mozilla firefox 1.5
mozilla firefox 10.0.3
mozilla firefox 3.5.10
mozilla firefox 8.0
mozilla firefox 2.0.0.8
mozilla firefox 2.0.0.9
mozilla firefox 0.7
mozilla firefox 17.0.7
mozilla firefox 3.5.16
mozilla firefox 3.0.15
mozilla firefox 4.0
mozilla firefox 3.6.8
mozilla firefox 1.5.0.2
mozilla firefox 14.0
mozilla firefox 18.0.1
mozilla firefox 3.0.3
mozilla firefox 3.0.16
CVE-2014-0081 MEDIUM

Multiple cross-site scripting (XSS) vulnerabilities in actionview/lib/action_view/helpers/number_helper.rb in Ruby on Rails before 3.2.17, 4.0.x before 4.0.3, and 4.1.x before 4.1.0.beta2 allow remote attackers to inject arbitrary web script or HTML via the (1) format, (2) negative_format, or (3) units parameter to the (a) number_to_currency, (b) number_to_percentage, or (c) number_to_human helper.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
rubyonrails rails 1.2.2
rubyonrails rails 3.0.6
rubyonrails rails 2.2.1
rubyonrails rails 0.9.4
redhat enterprise_linux 6.0
rubyonrails rails 0.9.1
rubyonrails rails 3.1.2
rubyonrails ruby_on_rails 0.5.6
rubyonrails rails 3.2.8
rubyonrails rails 3.2.11
rubyonrails rails 2.3.4
rubyonrails rails 2.3.9
rubyonrails rails 3.0.17
rubyonrails rails 2.3.1
rubyonrails ruby_on_rails 0.9.0
rubyonrails rails 1.2.0
rubyonrails ruby_on_rails 3.2.15
rubyonrails rails 3.0.5
rubyonrails rails 3.1.10
rubyonrails rails 1.1.4
rubyonrails rails 3.0.0
rubyonrails rails 2.1.2
rubyonrails rails 2.3.11
rubyonrails rails 1.1.0
rubyonrails rails 3.0.11
rubyonrails rails 3.2.10
rubyonrails rails 3.0.18
rubyonrails ruby_on_rails 0.5.5
rubyonrails rails 3.1.7
rubyonrails ruby_on_rails 0.8.5
rubyonrails rails 0.10.0
rubyonrails rails 3.2.13
rubyonrails rails 3.1.8
rubyonrails rails 3.0.3
rubyonrails rails 0.9.4.1
rubyonrails rails 3.0.1
rubyonrails rails 3.1.1
rubyonrails rails 3.0.20
rubyonrails rails 3.1.3
rubyonrails rails 1.0.0
rubyonrails rails 3.0.14
rubyonrails rails 2.3.16
rubyonrails rails 3.1.5
rubyonrails rails 1.9.5
rubyonrails rails 2.0.2
rubyonrails rails 2.2.0
rubyonrails rails 1.1.3
rubyonrails rails 1.2.6
rubyonrails rails 2.1.1
rubyonrails rails 3.2.6
rubyonrails ruby_on_rails 0.8.0
rubyonrails rails 3.2.0
rubyonrails rails 1.2.5
rubyonrails rails 2.3.15
rubyonrails rails 0.14.2
rubyonrails rails 1.1.2
rubyonrails rails 3.2.4
rubyonrails rails 0.14.4
rubyonrails rails 2.1.0
rubyonrails rails 3.0.4
rubyonrails rails 3.0.2
rubyonrails rails 2.2.2
rubyonrails rails 3.2.5
rubyonrails rails 0.9.2
rubyonrails rails 3.2.9
rubyonrails rails 3.2.15
rubyonrails rails 2.3.2
rubyonrails rails 3.2.7
rubyonrails rails 1.2.4
rubyonrails rails 2.0.0
rubyonrails rails 3.2.12
rubyonrails rails 0.11.1
rubyonrails rails 3.0.16
rubyonrails rails 1.1.6
rubyonrails rails 4.0.2
rubyonrails ruby_on_rails 0.6.0
rubyonrails rails 2.3.0
opensuse_project opensuse 12.3
rubyonrails rails 4.1.0
rubyonrails rails 2.0.1
rubyonrails rails 0.10.1
rubyonrails rails 0.11.0
rubyonrails rails 2.0.4
rubyonrails rails 0.14.3
rubyonrails rails 3.0.12
rubyonrails rails 3.1.0
rubyonrails rails 3.2.1
redhat cloudforms 3.0
rubyonrails rails 4.0.1
rubyonrails rails 2.3.12
rubyonrails ruby_on_rails 0.5.7
rubyonrails ruby_on_rails 0.7.0
rubyonrails rails 0.12.0
rubyonrails rails 3.0.19
rubyonrails rails 3.0.7
rubyonrails ruby_on_rails 0.5.0
rubyonrails rails 2.3.10
rubyonrails rails 3.1.9
rubyonrails rails 3.1.4
rubyonrails rails 1.1.1
rubyonrails rails 3.0.8
rubyonrails rails 2.3.14
rubyonrails rails 1.1.5
rubyonrails rails 3.0.13
rubyonrails rails 3.1.6
rubyonrails rails 0.13.0
rubyonrails rails 3.0.9
rubyonrails ruby_on_rails 0.6.5
rubyonrails rails 2.3.3
rubyonrails rails 1.2.1
rubyonrails rails 1.2.3
rubyonrails rails 0.9.3
rubyonrails ruby_on_rails 3.2.14
rubyonrails rails 0.13.1
rubyonrails ruby_on_rails *
rubyonrails ruby_on_rails 3.0.4
rubyonrails rails 0.14.1
opensuse opensuse 13.1
rubyonrails rails 3.0.10
rubyonrails rails 3.2.3
rubyonrails rails 4.0.0
rubyonrails rails 3.2.2
rubyonrails rails 2.3.13
rubyonrails rails 0.12.1
CVE-2014-0481 MEDIUM

The default configuration for the file upload handling system in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3 uses a sequential file name generation process when a file with a conflicting name is uploaded, which allows remote attackers to cause a denial of service (CPU consumption) by unloading a multiple files with the same name.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-399,

Products Affected

Vendor Product Version
djangoproject django 1.4.2
debian debian_linux 7.0
djangoproject django 1.5.8
djangoproject django 1.4.8
djangoproject django 1.4.1
djangoproject django 1.6.5
djangoproject django 1.4
djangoproject django 1.7
djangoproject django 1.4.12
djangoproject django 1.6.2
djangoproject django 1.4.4
djangoproject django 1.5.4
djangoproject django 1.5.7
djangoproject django *
opensuse_project opensuse 12.3
djangoproject django 1.6
djangoproject django 1.4.9
djangoproject django 1.5.5
djangoproject django 1.4.11
djangoproject django 1.6.4
djangoproject django 1.4.5
djangoproject django 1.5
djangoproject django 1.6.3
djangoproject django 1.4.10
djangoproject django 1.6.1
djangoproject django 1.5.3
opensuse opensuse 13.1
djangoproject django 1.4.6
djangoproject django 1.5.2
djangoproject django 1.5.1
djangoproject django 1.4.7
djangoproject django 1.5.6
CVE-2014-1484 MEDIUM

Mozilla Firefox before 27.0 on Android 4.2 and earlier creates system-log entries containing profile paths, which allows attackers to obtain sensitive information via a crafted application.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
mozilla firefox 17.0.9
mozilla firefox 1.5.0.1
mozilla firefox 3.6.12
mozilla firefox 1.5.0.6
mozilla firefox 3.0.1
mozilla firefox 10.0
mozilla firefox 3.0.5
mozilla firefox 17.0.5
mozilla firefox 3.6.22
mozilla firefox 3.0.9
mozilla firefox 21.0
mozilla firefox 9.0.1
mozilla firefox 3.6.18
mozilla firefox 3.0.12
mozilla firefox 0.9.1
mozilla firefox 2.0
mozilla firefox 3.5.5
mozilla firefox 0.4
mozilla firefox 10.0.8
mozilla firefox 13.0.1
mozilla firefox 24.1.1
mozilla firefox 0.10.1
mozilla firefox 1.0.7
mozilla firefox 2.0.0.15
mozilla firefox 23.0
mozilla firefox 0.9
mozilla firefox 3.6.26
mozilla firefox 3.5.19
mozilla firefox 0.3
mozilla firefox 3.0.10
mozilla firefox 6.0.2
mozilla firefox 3.6.9
mozilla firefox 17.0.2
mozilla firefox 3.6.14
mozilla firefox 3.0.13
mozilla firefox 16.0
mozilla firefox 3.6.16
mozilla firefox 1.0.6
mozilla firefox 3.6.13
mozilla firefox 3.6.2
mozilla firefox 0.10
mozilla firefox 2.0.0.6
mozilla firefox 1.5.0.10
mozilla firefox 3.5.2
mozilla firefox 3.5.18
mozilla firefox 1.0
mozilla firefox 1.5.5
suse linux_enterprise_software_development_kit 11
mozilla firefox 0.1
mozilla firefox 1.0.3
mozilla firefox 19.0.2
mozilla firefox 16.0.1
mozilla firefox 2.0.0.1
mozilla firefox 3.5.6
mozilla firefox 3.0.7
mozilla firefox 4.0.1
mozilla firefox 17.0.3
mozilla firefox 3.0.11
mozilla firefox 3.5.3
mozilla firefox 0.5
mozilla firefox 3.6.24
mozilla firefox 1.5.1
mozilla firefox 23.0.1
mozilla firefox 10.0.2
mozilla firefox 3.5.13
mozilla firefox 3.5.15
mozilla firefox 3.0.14
mozilla firefox 3.0.19
mozilla firefox 2.0.0.18
mozilla firefox 3.5.14
mozilla firefox 20.0.1
mozilla firefox 0.2
mozilla firefox 3.6.17
mozilla firefox 10.0.7
mozilla firefox 3.0
mozilla firefox 3.6.23
mozilla firefox 14.0.1
mozilla firefox 1.5.2
mozilla firefox 2.0.0.10
mozilla firefox 1.5.0.4
mozilla firefox 11.0
mozilla firefox 3.6.27
mozilla firefox 2.0.0.7
mozilla firefox 10.0.9
mozilla firefox 1.0.4
mozilla firefox 1.5.0.11
mozilla firefox 6.0
mozilla firefox 3.6.3
mozilla firefox 0.7.1
mozilla firefox 2.0.0.5
mozilla firefox 7.0
mozilla firefox 3.0.6
mozilla firefox 3.5
mozilla firefox 3.5.9
mozilla firefox 25.0.1
mozilla firefox 2.0.0.19
mozilla firefox 24.1
mozilla firefox 1.5.8
mozilla firefox 3.5.17
mozilla firefox 1.5.0.7
mozilla firefox 10.0.10
mozilla firefox 1.5.0.3
mozilla firefox 6.0.1
mozilla firefox 3.0.2
opensuse opensuse 13.1
mozilla firefox 2.0.0.13
suse linux_enterprise_server 11
mozilla firefox 3.6.20
mozilla firefox 1.5.6
mozilla firefox 2.0.0.2
mozilla firefox 1.5.4
mozilla firefox 10.0.1
mozilla firefox 3.6.10
mozilla firefox 3.0.4
mozilla firefox 7.0.1
mozilla firefox 10.0.6
mozilla firefox 10.0.4
mozilla firefox 2.0.0.3
mozilla firefox 3.0.8
mozilla firefox 1.5.0.8
mozilla firefox 24.0
mozilla firefox 0.9.2
mozilla firefox 2.0.0.20
mozilla firefox 17.0.4
mozilla firefox 1.5.0.9
mozilla firefox 3.5.1
mozilla firefox 10.0.5
mozilla firefox 1.0.2
mozilla firefox 15.0
mozilla firefox 3.5.7
oracle solaris 11.3
mozilla firefox 10.0.11
mozilla firefox 2.0.0.16
mozilla firefox 1.0.1
mozilla firefox 2.0.0.17
mozilla firefox 2.0.0.12
mozilla firefox 18.0.2
mozilla firefox 1.5.0.5
mozilla firefox 3.6.7
mozilla firefox 19.0.1
mozilla firefox 0.9.3
mozilla firefox 13.0
mozilla firefox 1.5.7
mozilla firefox 17.0.8
mozilla firefox 0.8
mozilla firefox 3.5.11
mozilla firefox 10.0.12
mozilla firefox 12.0
mozilla firefox 20.0
mozilla firefox 3.0.17
mozilla firefox 8.0.1
mozilla firefox 3.6.6
mozilla firefox 3.6.21
mozilla firefox 2.0.0.4
mozilla firefox 0.6
mozilla firefox 0.6.1
mozilla firefox 2.0.0.14
mozilla firefox 17.0.6
mozilla firefox 3.6.25
mozilla firefox 5.0
mozilla firefox 5.0.1
mozilla firefox 2.0.0.11
mozilla firefox 3.0.18
mozilla firefox 1.5.3
mozilla firefox 1.0.8
mozilla firefox 19.0
opensuse_project opensuse 12.3
mozilla firefox 16.0.2
mozilla firefox 3.6.4
mozilla firefox 3.6.19
mozilla firefox 1.0.5
mozilla firefox 3.5.12
mozilla firefox 25.0
mozilla firefox 1.5.0.12
mozilla firefox 9.0
mozilla firefox 3.6.15
mozilla firefox 3.6
mozilla firefox 18.0
mozilla firefox 3.6.28
mozilla firefox 3.5.8
mozilla firefox 3.6.11
mozilla firefox 17.0.11
mozilla firefox 3.5.4
suse linux_enterprise_desktop 11
mozilla firefox 15.0.1
mozilla firefox 17.0.10
mozilla firefox *
mozilla firefox 1.5
mozilla firefox 10.0.3
mozilla firefox 3.5.10
mozilla firefox 8.0
mozilla firefox 2.0.0.8
mozilla firefox 2.0.0.9
mozilla firefox 0.7
mozilla firefox 17.0.7
mozilla firefox 3.5.16
mozilla firefox 3.0.15
mozilla firefox 4.0
mozilla firefox 3.6.8
mozilla firefox 1.5.0.2
mozilla firefox 14.0
mozilla firefox 18.0.1
mozilla firefox 3.0.3
mozilla firefox 3.0.16
CVE-2014-1489 MEDIUM

Mozilla Firefox before 27.0 does not properly restrict access to about:home buttons by script on other pages, which allows user-assisted remote attackers to cause a denial of service (session restore) via a crafted web site.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
mozilla firefox 17.0.9
mozilla firefox 1.5.0.1
mozilla firefox 3.6.12
mozilla firefox 1.5.0.6
mozilla firefox 3.0.1
mozilla firefox 10.0
canonical ubuntu_linux 12.10
mozilla firefox 3.0.5
mozilla firefox 17.0.5
mozilla firefox 3.6.22
mozilla firefox 3.0.9
mozilla firefox 21.0
canonical ubuntu_linux 13.10
mozilla firefox 9.0.1
mozilla firefox 3.6.18
mozilla firefox 3.0.12
mozilla firefox 0.9.1
mozilla firefox 2.0
mozilla firefox 3.5.5
mozilla firefox 0.4
mozilla firefox 10.0.8
mozilla firefox 13.0.1
mozilla firefox 24.1.1
mozilla firefox 0.10.1
mozilla firefox 1.0.7
mozilla firefox 2.0.0.15
mozilla firefox 23.0
mozilla firefox 0.9
mozilla firefox 3.6.26
mozilla firefox 3.5.19
mozilla firefox 0.3
mozilla firefox 3.0.10
mozilla firefox 6.0.2
mozilla firefox 3.6.9
mozilla firefox 17.0.2
mozilla firefox 3.6.14
mozilla firefox 3.0.13
mozilla firefox 16.0
mozilla firefox 3.6.16
mozilla firefox 1.0.6
mozilla firefox 3.6.13
mozilla firefox 3.6.2
mozilla firefox 0.10
mozilla firefox 2.0.0.6
mozilla firefox 1.5.0.10
mozilla firefox 3.5.2
mozilla firefox 3.5.18
mozilla firefox 1.0
mozilla firefox 1.5.5
suse linux_enterprise_software_development_kit 11
mozilla firefox 0.1
mozilla firefox 1.0.3
mozilla firefox 19.0.2
mozilla firefox 16.0.1
mozilla firefox 2.0.0.1
mozilla firefox 3.5.6
mozilla firefox 3.0.7
mozilla firefox 4.0.1
mozilla firefox 17.0.3
mozilla firefox 3.0.11
mozilla firefox 3.5.3
mozilla firefox 0.5
mozilla firefox 3.6.24
mozilla firefox 1.5.1
mozilla firefox 23.0.1
mozilla firefox 10.0.2
mozilla firefox 3.5.13
mozilla firefox 3.5.15
mozilla firefox 3.0.14
mozilla firefox 3.0.19
mozilla firefox 2.0.0.18
mozilla firefox 3.5.14
mozilla firefox 20.0.1
mozilla firefox 0.2
mozilla firefox 3.6.17
mozilla firefox 10.0.7
mozilla firefox 3.0
mozilla firefox 3.6.23
mozilla firefox 14.0.1
mozilla firefox 1.5.2
mozilla firefox 2.0.0.10
mozilla firefox 1.5.0.4
mozilla firefox 11.0
mozilla firefox 3.6.27
mozilla firefox 2.0.0.7
mozilla firefox 10.0.9
mozilla firefox 1.0.4
mozilla firefox 1.5.0.11
mozilla firefox 6.0
mozilla firefox 3.6.3
mozilla firefox 0.7.1
mozilla firefox 2.0.0.5
mozilla firefox 7.0
mozilla firefox 3.0.6
mozilla firefox 3.5
mozilla firefox 3.5.9
mozilla firefox 25.0.1
mozilla firefox 2.0.0.19
canonical ubuntu_linux 12.04
mozilla firefox 24.1
mozilla firefox 1.5.8
mozilla firefox 3.5.17
mozilla firefox 1.5.0.7
mozilla firefox 10.0.10
mozilla firefox 1.5.0.3
mozilla firefox 6.0.1
mozilla firefox 3.0.2
opensuse opensuse 13.1
mozilla firefox 2.0.0.13
suse linux_enterprise_server 11
mozilla firefox 3.6.20
mozilla firefox 1.5.6
mozilla firefox 2.0.0.2
mozilla firefox 1.5.4
mozilla firefox 10.0.1
mozilla firefox 3.6.10
mozilla firefox 3.0.4
mozilla firefox 7.0.1
mozilla firefox 10.0.6
mozilla firefox 10.0.4
mozilla firefox 2.0.0.3
mozilla firefox 3.0.8
mozilla firefox 1.5.0.8
mozilla firefox 24.0
mozilla firefox 0.9.2
mozilla firefox 2.0.0.20
mozilla firefox 17.0.4
mozilla firefox 1.5.0.9
mozilla firefox 3.5.1
mozilla firefox 10.0.5
mozilla firefox 1.0.2
mozilla firefox 15.0
mozilla firefox 3.5.7
oracle solaris 11.3
mozilla firefox 10.0.11
mozilla firefox 2.0.0.16
mozilla firefox 1.0.1
mozilla firefox 2.0.0.17
mozilla firefox 2.0.0.12
mozilla firefox 18.0.2
mozilla firefox 1.5.0.5
mozilla firefox 3.6.7
mozilla firefox 19.0.1
mozilla firefox 0.9.3
mozilla firefox 13.0
mozilla firefox 1.5.7
mozilla firefox 17.0.8
mozilla firefox 0.8
mozilla firefox 3.5.11
mozilla firefox 10.0.12
mozilla firefox 12.0
mozilla firefox 20.0
mozilla firefox 3.0.17
mozilla firefox 8.0.1
mozilla firefox 3.6.6
mozilla firefox 3.6.21
mozilla firefox 2.0.0.4
mozilla firefox 0.6
mozilla firefox 0.6.1
mozilla firefox 2.0.0.14
mozilla firefox 17.0.6
mozilla firefox 3.6.25
mozilla firefox 5.0
mozilla firefox 5.0.1
mozilla firefox 2.0.0.11
mozilla firefox 3.0.18
mozilla firefox 1.5.3
mozilla firefox 1.0.8
mozilla firefox 19.0
opensuse_project opensuse 12.3
mozilla firefox 16.0.2
mozilla firefox 3.6.4
mozilla firefox 3.6.19
mozilla firefox 1.0.5
mozilla firefox 3.5.12
mozilla firefox 25.0
mozilla firefox 1.5.0.12
mozilla firefox 9.0
mozilla firefox 3.6.15
mozilla firefox 3.6
mozilla firefox 18.0
mozilla firefox 3.6.28
mozilla firefox 3.5.8
mozilla firefox 3.6.11
mozilla firefox 17.0.11
mozilla firefox 3.5.4
suse linux_enterprise_desktop 11
mozilla firefox 15.0.1
mozilla firefox 17.0.10
mozilla firefox *
mozilla firefox 1.5
mozilla firefox 10.0.3
mozilla firefox 3.5.10
mozilla firefox 8.0
mozilla firefox 2.0.0.8
mozilla firefox 2.0.0.9
mozilla firefox 0.7
mozilla firefox 17.0.7
mozilla firefox 3.5.16
mozilla firefox 3.0.15
mozilla firefox 4.0
mozilla firefox 3.6.8
mozilla firefox 1.5.0.2
mozilla firefox 14.0
mozilla firefox 18.0.1
mozilla firefox 3.0.3
mozilla firefox 3.0.16
CVE-2014-1494 HIGH

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
opensuse_project opensuse 11.4
opensuse_project opensuse 12.3
suse linux_enterprise_desktop 11
mozilla seamonkey *
oracle solaris 11.3
opensuse opensuse 13.1
mozilla firefox *
suse linux_enterprise_server 11
suse linux_enterprise_software_development_kit 11
CVE-2014-1498 MEDIUM

The crypto.generateCRMFRequest method in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 does not properly validate a certain key type, which allows remote attackers to cause a denial of service (application crash) via vectors that trigger generation of a key that supports the Elliptic Curve ec-dual-use algorithm.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-347,

Products Affected

Vendor Product Version
opensuse_project opensuse 11.4
opensuse_project opensuse 12.3
suse linux_enterprise_desktop 11
mozilla seamonkey *
oracle solaris 11.3
opensuse opensuse 13.1
mozilla firefox *
suse linux_enterprise_server 11
suse linux_enterprise_software_development_kit 11
CVE-2014-1499 MEDIUM

Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote attackers to spoof the domain name in the WebRTC (1) camera or (2) microphone permission prompt by triggering navigation at a certain time during generation of this prompt.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
opensuse_project opensuse 11.4
opensuse_project opensuse 12.3
suse linux_enterprise_desktop 11
mozilla seamonkey *
oracle solaris 11.3
opensuse opensuse 13.1
mozilla firefox *
suse linux_enterprise_server 11
suse linux_enterprise_software_development_kit 11
CVE-2014-1500 MEDIUM

Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote attackers to cause a denial of service (resource consumption and application hang) via onbeforeunload events that trigger background JavaScript execution.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-400,

Products Affected

Vendor Product Version
opensuse_project opensuse 11.4
opensuse_project opensuse 12.3
suse linux_enterprise_desktop 11
mozilla seamonkey *
oracle solaris 11.3
opensuse opensuse 13.1
mozilla firefox *
suse linux_enterprise_server 11
suse linux_enterprise_software_development_kit 11
CVE-2014-1502 MEDIUM

The (1) WebGL.compressedTexImage2D and (2) WebGL.compressedTexSubImage2D functions in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote attackers to bypass the Same Origin Policy and render content in a different domain via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-346,

Products Affected

Vendor Product Version
opensuse_project opensuse 11.4
opensuse_project opensuse 12.3
suse linux_enterprise_desktop 11
mozilla seamonkey *
oracle solaris 11.3
opensuse opensuse 13.1
mozilla firefox *
suse linux_enterprise_server 11
suse linux_enterprise_software_development_kit 11
CVE-2014-1528 HIGH

The sse2_composite_src_x888_8888 function in Pixman, as used in Cairo in Mozilla Firefox 28.0 and SeaMonkey 2.25 on Windows, allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds write and application crash) by painting on a CANVAS element.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
mozilla seamonkey 2.25
mozilla firefox 28.0
opensuse_project opensuse 12.3
canonical ubuntu_linux 12.10
oracle solaris 11.3
opensuse opensuse 13.1
canonical ubuntu_linux 12.04
fedoraproject fedora 19
canonical ubuntu_linux 14.04
canonical ubuntu_linux 13.10
CVE-2014-1542 MEDIUM

Buffer overflow in the Speex resampler in the Web Audio subsystem in Mozilla Firefox before 30.0 allows remote attackers to execute arbitrary code via vectors related to a crafted AudioBuffer channel count and sample rate.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
opensuse_project opensuse 12.3
oracle solaris 11.3
opensuse opensuse 13.1
mozilla firefox *
CVE-2014-3004 MEDIUM

The default configuration for the Xerces SAX Parser in Castor before 1.3.3 allows context-dependent attackers to conduct XML External Entity (XXE) attacks via a crafted XML document.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-611,

Products Affected

Vendor Product Version
opensuse_project opensuse 12.3
castor_project castor *
castor_project castor 1.3
opensuse opensuse 13.1
castor_project castor 1.3.1
CVE-2014-4258 MEDIUM

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier and 5.6.17 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to SRINFOSC.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
suse linux_enterprise_desktop 11
oracle solaris 11.3
opensuse_project suse_linux_enterprise_desktop 11.0
suse linux_enterprise_software_development_kit 12
suse linux_enterprise_software_development_kit 11
debian debian_linux 7.0
opensuse_project suse_linux_enterprise_server 11.0
opensuse_project suse_linux_enterprise_software_development_kit 11.0
vmware vcenter_server_appliance 5.1
suse linux_enterprise_workstation_extension 12
mariadb mariadb *
vmware vcenter_server_appliance 5.0
suse linux_enterprise_desktop 12
suse linux_enterprise_server 11
suse linux_enterprise_server 12
vmware vcenter_server_appliance 5.5
oracle mysql *
CVE-2014-4616 MEDIUM

Array index error in the scanstring function in the _json module in Python 2.7 through 3.5 and simplejson before 2.6.1 allows context-dependent attackers to read arbitrary process memory via a negative index value in the idx argument to the raw_decode function.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N 2.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-129,

Products Affected

Vendor Product Version
opensuse_project opensuse 12.3
python python *
opensuse opensuse 13.1
simplejson_project simplejson *
CVE-2014-9841 HIGH

The ReadPSDLayers function in coders/psd.c in ImageMagick 6.8.9.9 allows remote attackers to have unspecified impact via unknown vectors, related to "throwing of exceptions."

CVSS 2.0

Severity: HIGH

Problem Type: CWE-388,

Products Affected

Vendor Product Version
opensuse opensuse 13.2
imagemagick imagemagick 6.8.8-9
opensuse_project suse_linux_enterprise_server 12.0
opensuse_project suse_linux_enterprise_workstation_extension 12.0
canonical ubuntu_linux 16.10
canonical ubuntu_linux 12.04
canonical ubuntu_linux 14.04
canonical ubuntu_linux 16.04
opensuse_project suse_linux_enterprise_software_development_kit 12.0
opensuse_project leap 42.1
opensuse_project suse_linux_enterprise_desktop 12.0
CVE-2014-9842 MEDIUM

Memory leak in the ReadPSDLayers function in coders/psd.c in ImageMagick 6.8.9.9 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-400,

Products Affected

Vendor Product Version
opensuse opensuse 13.2
imagemagick imagemagick 6.8.8-9
opensuse_project suse_linux_enterprise_server 12.0
opensuse_project suse_linux_enterprise_workstation_extension 12.0
opensuse_project suse_linux_enterprise_server 11.0
canonical ubuntu_linux 14.04
opensuse_project suse_linux_enterprise_software_development_kit 11.0
opensuse_project suse_linux_enterprise_software_development_kit 12.0
opensuse_project leap 42.1
opensuse_project suse_linux_enterprise_debuginfo 11.0
canonical ubuntu_linux 16.10
canonical ubuntu_linux 12.04
canonical ubuntu_linux 16.04
opensuse_project suse_linux_enterprise_desktop 12.0
CVE-2014-9843 HIGH

The DecodePSDPixels function in coders/psd.c in ImageMagick 6.8.9.9 allows remote attackers to have unspecified impact via unknown vectors.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
opensuse opensuse 13.2
imagemagick imagemagick 6.8.8-9
opensuse_project suse_linux_enterprise_server 12.0
opensuse_project suse_linux_enterprise_workstation_extension 12.0
canonical ubuntu_linux 16.10
canonical ubuntu_linux 12.04
canonical ubuntu_linux 14.04
canonical ubuntu_linux 16.04
opensuse_project suse_linux_enterprise_software_development_kit 12.0
opensuse_project leap 42.1
opensuse_project suse_linux_enterprise_desktop 12.0
CVE-2014-9844 MEDIUM

The ReadRLEImage function in coders/rle.c in ImageMagick 6.8.9.9 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted image file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
opensuse opensuse 13.2
imagemagick imagemagick 6.8.8-9
opensuse_project suse_linux_enterprise_server 12.0
opensuse_project suse_linux_enterprise_workstation_extension 12.0
opensuse_project suse_linux_enterprise_server 11.0
canonical ubuntu_linux 14.04
opensuse_project suse_linux_enterprise_software_development_kit 11.0
opensuse_project suse_linux_enterprise_software_development_kit 12.0
opensuse_project leap 42.1
opensuse_project suse_linux_enterprise_debuginfo 11.0
suse studio_onsite 1.3
canonical ubuntu_linux 16.10
canonical ubuntu_linux 12.04
canonical ubuntu_linux 16.04
opensuse_project suse_linux_enterprise_desktop 12.0
CVE-2014-9845 MEDIUM

The ReadDIBImage function in coders/dib.c in ImageMagick allows remote attackers to cause a denial of service (crash) via a corrupted dib file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
opensuse opensuse 13.2
imagemagick imagemagick 6.8.8-9
opensuse_project suse_linux_enterprise_server 12.0
opensuse_project suse_linux_enterprise_workstation_extension 12.0
opensuse_project suse_linux_enterprise_server 11.0
canonical ubuntu_linux 14.04
opensuse_project suse_linux_enterprise_software_development_kit 11.0
opensuse_project suse_linux_enterprise_software_development_kit 12.0
opensuse_project leap 42.1
opensuse_project suse_linux_enterprise_debuginfo 11.0
suse studio_onsite 1.3
opensuse leap 42.2
canonical ubuntu_linux 16.10
canonical ubuntu_linux 12.04
canonical ubuntu_linux 16.04
opensuse_project suse_linux_enterprise_desktop 12.0
CVE-2014-9846 HIGH

Buffer overflow in the ReadRLEImage function in coders/rle.c in ImageMagick 6.8.9.9 allows remote attackers to have unspecified impact.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
opensuse opensuse 13.2
imagemagick imagemagick 6.8.8-9
opensuse_project suse_linux_enterprise_server 12.0
opensuse_project suse_linux_enterprise_workstation_extension 12.0
opensuse_project suse_linux_enterprise_server 11.0
canonical ubuntu_linux 14.04
opensuse_project suse_linux_enterprise_software_development_kit 11.0
opensuse_project suse_linux_enterprise_software_development_kit 12.0
opensuse_project leap 42.1
opensuse_project suse_linux_enterprise_debuginfo 11.0
suse studio_onsite 1.3
opensuse leap 42.2
canonical ubuntu_linux 16.10
canonical ubuntu_linux 12.04
canonical ubuntu_linux 16.04
opensuse_project suse_linux_enterprise_desktop 12.0
CVE-2014-9847 HIGH

The jng decoder in ImageMagick 6.8.9.9 allows remote attackers to have an unspecified impact.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
opensuse opensuse 13.2
imagemagick imagemagick 6.8.8-9
opensuse_project suse_linux_enterprise_server 12.0
opensuse_project studio_onsite 1.3
opensuse_project suse_linux_enterprise_workstation_extension 12.0
opensuse_project suse_linux_enterprise_server 11.0
canonical ubuntu_linux 14.04
opensuse_project suse_linux_enterprise_software_development_kit 11.0
opensuse_project suse_linux_enterprise_software_development_kit 12.0
opensuse_project leap 42.1
opensuse_project suse_linux_enterprise_debuginfo 11.0
canonical ubuntu_linux 16.10
canonical ubuntu_linux 12.04
canonical ubuntu_linux 16.04
opensuse_project suse_linux_enterprise_desktop 12.0
CVE-2014-9848 MEDIUM

Memory leak in ImageMagick allows remote attackers to cause a denial of service (memory consumption).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-399,

Products Affected

Vendor Product Version
imagemagick imagemagick *
opensuse opensuse 13.2
opensuse_project suse_linux_enterprise_server 12.0
opensuse_project suse_linux_enterprise_workstation_extension 12.0
canonical ubuntu_linux 14.04
opensuse_project suse_linux_enterprise_software_development_kit 12.0
opensuse_project leap 42.1
opensuse_project suse_linux_enterprise_server_for_raspberry_pi 12.0
opensuse leap 42.2
canonical ubuntu_linux 16.10
canonical ubuntu_linux 12.04
canonical ubuntu_linux 16.04
opensuse_project suse_linux_enterprise_desktop 12.0
CVE-2014-9849 MEDIUM

The png coder in ImageMagick allows remote attackers to cause a denial of service (crash).

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-400,

Products Affected

Vendor Product Version
opensuse opensuse 13.2
imagemagick imagemagick 6.8.8-9
opensuse_project suse_linux_enterprise_server 12.0
opensuse_project suse_linux_enterprise_workstation_extension 12.0
opensuse_project suse_linux_enterprise_server 11.0
canonical ubuntu_linux 14.04
opensuse_project suse_linux_enterprise_software_development_kit 11.0
opensuse_project suse_linux_enterprise_software_development_kit 12.0
opensuse_project leap 42.1
opensuse_project suse_linux_enterprise_debuginfo 11.0
canonical ubuntu_linux 16.10
canonical ubuntu_linux 12.04
canonical ubuntu_linux 16.04
opensuse_project suse_linux_enterprise_desktop 12.0
CVE-2014-9850 MEDIUM

Logic error in ImageMagick 6.8.9.9 allows remote attackers to cause a denial of service (resource consumption).

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-399,

Products Affected

Vendor Product Version
opensuse opensuse 13.2
imagemagick imagemagick 6.8.8-9
opensuse_project suse_linux_enterprise_server 12.0
opensuse_project suse_linux_enterprise_workstation_extension 12.0
canonical ubuntu_linux 16.10
canonical ubuntu_linux 12.04
canonical ubuntu_linux 14.04
canonical ubuntu_linux 16.04
opensuse_project suse_linux_enterprise_software_development_kit 12.0
opensuse_project leap 42.1
opensuse_project suse_linux_enterprise_desktop 12.0
CVE-2014-9851 MEDIUM

ImageMagick 6.8.9.9 allows remote attackers to cause a denial of service (application crash).

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
opensuse opensuse 13.2
imagemagick imagemagick 6.8.8-9
opensuse_project suse_linux_enterprise_server 12.0
opensuse_project suse_linux_enterprise_workstation_extension 12.0
opensuse_project suse_linux_enterprise_server 11.0
canonical ubuntu_linux 14.04
opensuse_project suse_linux_enterprise_software_development_kit 11.0
opensuse_project suse_linux_enterprise_software_development_kit 12.0
opensuse_project leap 42.1
opensuse_project suse_linux_enterprise_debuginfo 11.0
canonical ubuntu_linux 16.10
canonical ubuntu_linux 12.04
canonical ubuntu_linux 16.04
opensuse_project suse_linux_enterprise_desktop 12.0
CVE-2014-9853 MEDIUM

Memory leak in coders/rle.c in ImageMagick allows remote attackers to cause a denial of service (memory consumption) via a crafted rle file.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-399,

Products Affected

Vendor Product Version
imagemagick imagemagick *
opensuse opensuse 13.2
suse linux_enterprise_software_development_kit 12
canonical ubuntu_linux 14.04
opensuse_project suse_linux_enterprise_software_development_kit 11.0
suse linux_enterprise_debuginfo 11
suse linux_enterprise_workstation_extension 12
novell leap 42.2
suse linux_enterprise_desktop 12
opensuse leap 42.1
suse linux_enterprise_server 11
canonical ubuntu_linux 16.10
suse linux_enterprise_server 12
canonical ubuntu_linux 12.04
canonical ubuntu_linux 16.04
CVE-2015-3138 MEDIUM

print-wb.c in tcpdump before 4.7.4 allows remote attackers to cause a denial of service (segmentation fault and process crash).

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
opensuse leap 42.2
tcpdump tcpdump *
opensuse_project leap 42.1
CVE-2015-3405 MEDIUM

ntp-keygen in ntp 4.2.8px before 4.2.8p2-RC2 and 4.3.x before 4.3.12 does not generate MD5 keys with sufficient entropy on big endian machines when the lowest order byte of the temp variable is between 0x20 and 0x7f and not #, which might allow remote attackers to obtain the value of generated MD5 keys via a brute force attack with the 93 possible keys.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-331,

Products Affected

Vendor Product Version
redhat enterprise_linux_desktop 6.0
ntp ntp 4.2.8
redhat enterprise_linux_server 6.0
ntp ntp 4.3.8
ntp ntp 4.3.11
opensuse_project suse_linux_enterprise_desktop 11.0
ntp ntp 4.3.2
debian debian_linux 7.0
ntp ntp 4.3.3
redhat enterprise_linux_for_power_big_endian 6.0
ntp ntp 4.3.7
ntp ntp 4.3.0
debian debian_linux 8.0
ntp ntp 4.3.10
opensuse suse_linux_enterprise_server 11.0
ntp ntp 4.3.5
redhat enterprise_linux_for_ibm_z_systems 6.0
redhat enterprise_linux_server_from_rhui_6 6.0
redhat enterprise_linux_workstation 6.0
redhat enterprise_linux_for_scientific_computing 6.0
ntp ntp 4.3.1
suse suse_linux_enterprise_server 11.0
ntp ntp 4.3.9
ntp ntp 4.3.4
ntp ntp 4.3.6
fedoraproject fedora 21
CVE-2015-5203 MEDIUM

Double free vulnerability in the jasper_image_stop_load function in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via a crafted JPEG 2000 image file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-415,

Products Affected

Vendor Product Version
opensuse opensuse 13.2
fedoraproject fedora 24
fedoraproject fedora 23
opensuse opensuse 13.1
fedoraproject fedora 25
opensuse leap 42.2
jasper_project jasper 1.900.17
opensuse_project leap 42.1
CVE-2015-5218 LOW

Buffer overflow in text-utils/colcrt.c in colcrt in util-linux before 2.27 allows local users to cause a denial of service (crash) via a crafted file, related to the page global variable.

CVSS 2.0

Severity: LOW

Problem Type: CWE-119,

Products Affected

Vendor Product Version
opensuse opensuse 13.2
opensuse opensuse 13.1
kernel util-linux *
opensuse_project leap 42.1
CVE-2015-5221 MEDIUM

Use-after-free vulnerability in the mif_process_cmpt function in libjasper/mif/mif_cod.c in the JasPer JPEG-2000 library before 1.900.2 allows remote attackers to cause a denial of service (crash) via a crafted JPEG 2000 image file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-416,

Products Affected

Vendor Product Version
opensuse opensuse 13.2
fedoraproject fedora 24
fedoraproject fedora 23
opensuse opensuse 13.1
fedoraproject fedora 25
opensuse leap 42.2
jasper_project jasper *
opensuse_project leap 42.1
CVE-2015-8010 MEDIUM

Cross-site scripting (XSS) vulnerability in the Classic-UI with the CSV export link and pagination feature in Icinga before 1.14 allows remote attackers to inject arbitrary web script or HTML via the query string to cgi-bin/status.cgi.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
opensuse leap 42.2
icinga icinga *
opensuse_project leap 42.1
CVE-2016-10048 MEDIUM

Directory traversal vulnerability in magick/module.c in ImageMagick 6.9.4-7 allows remote attackers to load arbitrary modules via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
imagemagick imagemagick 6.9.4-7
opensuse_project leap 42.1
CVE-2016-10068 MEDIUM

The MSL interpreter in ImageMagick before 6.9.6-4 allows remote attackers to cause a denial of service (segmentation fault and application crash) via a crafted XML file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
imagemagick imagemagick *
opensuse leap 42.2
opensuse_project leap 42.1
CVE-2016-10069 MEDIUM

coders/mat.c in ImageMagick before 6.9.4-5 allows remote attackers to cause a denial of service (application crash) via a mat file with an invalid number of frames.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
imagemagick imagemagick *
opensuse_project leap 42.1
CVE-2016-1254 MEDIUM

Tor before 0.2.8.12 might allow remote attackers to cause a denial of service (client crash) via a crafted hidden service descriptor.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
opensuse opensuse 13.2
fedoraproject fedora 24
debian debian_linux 9.0
fedoraproject fedora 25
opensuse leap 42.2
debian debian_linux 8.0
torproject tor *
opensuse_project leap 42.1
CVE-2016-5316 MEDIUM

Out-of-bounds read in the PixarLogCleanup function in tif_pixarlog.c in libtiff 4.0.6 and earlier allows remote attackers to crash the application by sending a crafted TIFF image to the rgb2ycbcr tool.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
opensuse opensuse 13.2
opensuse opensuse 13.1
libtiff libtiff *
opensuse_project leap 42.1
CVE-2016-5317 MEDIUM

Buffer overflow in the PixarLogDecode function in libtiff.so in the PixarLogDecode function in libtiff 4.0.6 and earlier, as used in GNOME nautilus, allows attackers to cause a denial of service attack (crash) via a crafted TIFF file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
opensuse opensuse 13.2
opensuse opensuse 13.1
libtiff libtiff 4.0.6
opensuse_project leap 42.1
CVE-2016-7797 MEDIUM

Pacemaker before 1.1.15, when using pacemaker remote, might allow remote attackers to cause a denial of service (node disconnection) via an unauthenticated connection.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-254,

Products Affected

Vendor Product Version
suse linux_enterprise_high_availability 12
opensuse leap 42.2
suse linux_enterprise_software_development_kit 12
redhat enterprise_linux_resilient_storage 7.0
redhat enterprise_linux_high_availability 7.0
clusterlabs pacemaker *
opensuse_project leap 42.1
CVE-2016-9435 MEDIUM

The HTMLtagproc1 function in file.c in w3m before 0.5.3+git20161009 does not properly initialize values, which allows remote attackers to crash the application via a crafted html file, related to <dd> tags.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
opensuse leap 42.2
tats w3m *
opensuse_project leap 42.1
CVE-2016-9436 MEDIUM

parsetagx.c in w3m before 0.5.3+git20161009 does not properly initialize values, which allows remote attackers to crash the application via a crafted html file, related to a <i> tag.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
opensuse leap 42.2
tats w3m *
opensuse_project leap 42.1
CVE-2016-9556 MEDIUM

The IsPixelGray function in MagickCore/pixel-accessor.h in ImageMagick 7.0.3-8 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted image file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
debian debian_linux 8.0
imagemagick imagemagick 7.0.3-8
opensuse_project leap 42.1
CVE-2016-9957 MEDIUM

Stack-based buffer overflow in game-music-emu before 0.6.1.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
suse linux_enterprise_workstation_extension 12
suse linux_enterprise 12.0
opensuse opensuse 12.1
suse suse_linux_enterprise_server 12
suse linux_enterprise_desktop 12
opensuse leap 42.2
suse linux_enterprise_software_development_kit 12
game-music-emu_project game-music-emu *
opensuse_project leap 42.1
CVE-2016-9958 MEDIUM

game-music-emu before 0.6.1 allows remote attackers to write to arbitrary memory locations.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
suse linux_enterprise_workstation_extension 12
suse linux_enterprise 12.0
opensuse opensuse 12.1
suse suse_linux_enterprise_server 12
suse linux_enterprise_desktop 12
opensuse leap 42.2
suse linux_enterprise_software_development_kit 12
game-music-emu_project game-music-emu *
opensuse_project leap 42.1
CVE-2016-9959 MEDIUM

game-music-emu before 0.6.1 allows remote attackers to generate out of bounds 8-bit values.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,CWE-787,

Products Affected

Vendor Product Version
suse linux_enterprise_workstation_extension 12
suse linux_enterprise 12.0
opensuse opensuse 12.1
suse suse_linux_enterprise_server 12
suse linux_enterprise_desktop 12
opensuse leap 42.2
suse linux_enterprise_software_development_kit 12
game-music-emu_project game-music-emu *
opensuse_project leap 42.1
CVE-2016-9960 LOW

game-music-emu before 0.6.1 allows local users to cause a denial of service (divide by zero and process crash).

CVSS 2.0

Severity: LOW

Problem Type: CWE-369,

Products Affected

Vendor Product Version
fedoraproject fedora 24
novell suse_linux_enterprise_software_development_kit 12.0
novell suse_linux_enterprise_server 12.0
fedoraproject fedora 25
opensuse leap 42.2
novell suse_linux_enterprise_desktop 12.0
game-music-emu_project game-music-emu *
opensuse_project leap 42.1
CVE-2016-9961 HIGH

game-music-emu before 0.6.1 mishandles unspecified integer values.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-189,

Products Affected

Vendor Product Version
fedoraproject fedora 24
novell suse_linux_enterprise_software_development_kit 12.0
novell suse_linux_enterprise_server 12.0
fedoraproject fedora 25
opensuse leap 42.2
novell suse_linux_enterprise_desktop 12.0
game-music-emu_project game-music-emu *
opensuse_project leap 42.1
CVE-2017-17805 HIGH

The Salsa20 encryption algorithm in the Linux kernel before 4.14.8 does not correctly handle zero-length inputs, allowing a local attacker able to use the AF_ALG-based skcipher interface (CONFIG_CRYPTO_USER_API_SKCIPHER) to cause a denial of service (uninitialized-memory free and kernel crash) or have unspecified other impact by executing a crafted sequence of system calls that use the blkcipher_walk API. Both the generic implementation (crypto/salsa20_generic.c) and x86 implementation (arch/x86/crypto/salsa20_glue.c) of Salsa20 were vulnerable.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
canonical ubuntu_linux 17.10
linux linux_kernel *
canonical ubuntu_linux 14.04
debian debian_linux 9.0
opensuse_project leap 42.3
suse linux_enterprise_desktop 12
opensuse leap 42.2
suse linux_enterprise_server 11
debian debian_linux 8.0
suse linux_enterprise_server_for_raspberry_pi 12
suse linux_enterprise_server 12
canonical ubuntu_linux 12.04
canonical ubuntu_linux 16.04
CVE-2017-17806 HIGH

The HMAC implementation (crypto/hmac.c) in the Linux kernel before 4.14.8 does not validate that the underlying cryptographic hash algorithm is unkeyed, allowing a local attacker able to use the AF_ALG-based hash interface (CONFIG_CRYPTO_USER_API_HASH) and the SHA-3 hash algorithm (CONFIG_CRYPTO_SHA3) to cause a kernel stack buffer overflow by executing a crafted sequence of system calls that encounter a missing SHA-3 initialization.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-787,

Products Affected

Vendor Product Version
canonical ubuntu_linux 17.10
linux linux_kernel *
canonical ubuntu_linux 14.04
debian debian_linux 9.0
opensuse_project leap 42.3
suse linux_enterprise_desktop 12
opensuse leap 42.2
suse linux_enterprise_server 11
debian debian_linux 8.0
suse linux_enterprise_server_for_raspberry_pi 12
suse linux_enterprise_server 12
canonical ubuntu_linux 12.04
canonical ubuntu_linux 16.04
CVE-2017-5938 MEDIUM

Cross-site scripting (XSS) vulnerability in the nav_path function in lib/viewvc.py in ViewVC before 1.0.14 and 1.1.x before 1.1.26 allows remote attackers to inject arbitrary web script or HTML via the nav_data name.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
viewvc viewvc *
opensuse leap 42.2
debian debian_linux 8.0
opensuse_project leap 42.1
CVE-2017-6542 HIGH

The ssh_agent_channel_data function in PuTTY before 0.68 allows remote attackers to have unspecified impact via a large length value in an agent protocol message and leveraging the ability to connect to the Unix-domain socket representing the forwarded agent connection, which trigger a buffer overflow.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
putty putty *
opensuse leap 42.2
opensuse_project leap 42.1