Vulnerabilities > Opensuse > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-02-14 | CVE-2016-1624 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Integer underflow in the ProcessCommandsInternal function in dec/decode.c in Brotli, as used in Google Chrome before 48.0.2564.109, allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via crafted data with brotli compression. | 8.8 |
| 2016-02-14 | CVE-2016-1623 | Permissions, Privileges, and Access Controls vulnerability in multiple products The DOM implementation in Google Chrome before 48.0.2564.109 does not properly restrict frame-attach operations from occurring during or after frame-detach operations, which allows remote attackers to bypass the Same Origin Policy via a crafted web site, related to FrameLoader.cpp, HTMLFrameOwnerElement.h, LocalFrame.cpp, and WebLocalFrameImpl.cpp. | 8.8 |
| 2016-02-14 | CVE-2016-1622 | Permissions, Privileges, and Access Controls vulnerability in multiple products The Extensions subsystem in Google Chrome before 48.0.2564.109 does not prevent use of the Object.defineProperty method to override intended extension behavior, which allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code. | 8.8 |
| 2016-02-12 | CVE-2016-2329 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products libavcodec/tiff.c in FFmpeg before 2.8.6 does not properly validate RowsPerStrip values and YCbCr chrominance subsampling factors, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via a crafted TIFF file, related to the tiff_decode_tag and decode_frame functions. | 8.8 |
| 2016-01-31 | CVE-2016-1945 | The nsZipArchive function in Mozilla Firefox before 44.0 might allow remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging incorrect use of a pointer during processing of a ZIP archive. | 8.8 |
| 2016-01-31 | CVE-2016-1942 | Improper Input Validation vulnerability in multiple products Mozilla Firefox before 44.0 allows user-assisted remote attackers to spoof a trailing substring in the address bar by leveraging a user's paste of a (1) wyciwyg: URI or (2) resource: URI. | 7.4 |
| 2016-01-31 | CVE-2016-1935 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Buffer overflow in the BufferSubData function in Mozilla Firefox before 44.0 and Firefox ESR 38.x before 38.6 allows remote attackers to execute arbitrary code via crafted WebGL content. | 8.8 |
| 2016-01-27 | CVE-2015-8618 | Information Exposure vulnerability in multiple products The Int.Exp Montgomery code in the math/big library in Go 1.5.x before 1.5.3 mishandles carry propagation and produces incorrect output, which makes it easier for attackers to obtain private RSA keys via unspecified vectors. | 7.5 |
| 2016-01-22 | CVE-2016-1572 | Improper Privilege Management vulnerability in multiple products mount.ecryptfs_private.c in eCryptfs-utils does not validate mount destination filesystem types, which allows local users to gain privileges by mounting over a nonstandard filesystem, as demonstrated by /proc/$pid. | 8.4 |
| 2016-01-08 | CVE-2015-8547 | Code vulnerability in multiple products The CoreUserInputHandler::doMode function in core/coreuserinputhandler.cpp in Quassel 0.10.0 allows remote attackers to cause a denial of service (application crash) via the "/op *" command in a query. | 7.5 |