Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Novell Subscribe
Filtered by product Suse Package Hub For Suse Linux Enterprise
Total 17 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-9811 4 Debian, Mozilla, Novell and 1 more 6 Debian Linux, Firefox, Firefox Esr and 3 more 2023-02-28 5.1 MEDIUM 8.3 HIGH
As part of a winning Pwn2Own entry, a researcher demonstrated a sandbox escape by installing a malicious language pack and then opening a browser feature that used the compromised translation. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8.
CVE-2019-11717 4 Debian, Mozilla, Novell and 1 more 6 Debian Linux, Firefox, Firefox Esr and 3 more 2023-02-28 5.0 MEDIUM 5.3 MEDIUM
A vulnerability exists where the caret ("^") character is improperly escaped constructing some URIs due to it being used as a separator, allowing for possible spoofing of origin attributes. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8.
CVE-2019-11338 4 Canonical, Debian, Ffmpeg and 1 more 4 Ubuntu Linux, Debian Linux, Ffmpeg and 1 more 2022-10-07 6.8 MEDIUM 8.8 HIGH
libavcodec/hevcdec.c in FFmpeg 3.4 and 4.1.2 mishandles detection of duplicate first slices, which allows remote attackers to cause a denial of service (NULL pointer dereference and out-of-array access) or possibly have unspecified other impact via crafted HEVC data.
CVE-2016-4303 4 Debian, Iperf3 Project, Novell and 1 more 5 Debian Linux, Iperf3, Suse Package Hub For Suse Linux Enterprise and 2 more 2022-06-30 7.5 HIGH 9.8 CRITICAL
The parse_string function in cjson.c in the cJSON library mishandles UTF8/16 strings, which allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a non-hex character in a JSON string, which triggers a heap-based buffer overflow.
CVE-2019-13730 6 Debian, Fedoraproject, Google and 3 more 9 Debian Linux, Fedora, Chrome and 6 more 2022-01-01 6.8 MEDIUM 8.8 HIGH
Type confusion in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2016-1954 4 Mozilla, Novell, Opensuse and 1 more 7 Firefox, Firefox Esr, Thunderbird and 4 more 2019-12-27 6.8 MEDIUM 8.8 HIGH
The nsCSPContext::SendReports function in dom/security/nsCSPContext.cpp in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 does not prevent use of a non-HTTP report-uri for a Content Security Policy (CSP) violation report, which allows remote attackers to cause a denial of service (data overwrite) or possibly gain privileges by specifying a URL of a local file.
CVE-2016-1952 4 Mozilla, Novell, Opensuse and 1 more 7 Firefox, Firefox Esr, Thunderbird and 4 more 2019-12-27 6.8 MEDIUM 8.8 HIGH
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
CVE-2016-1957 4 Mozilla, Novell, Opensuse and 1 more 7 Firefox, Firefox Esr, Thunderbird and 4 more 2019-12-27 4.3 MEDIUM 4.3 MEDIUM
Memory leak in libstagefright in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to cause a denial of service (memory consumption) via an MPEG-4 file that triggers a delete operation on an array.
CVE-2017-8932 4 Fedoraproject, Golang, Novell and 1 more 4 Fedora, Go, Suse Package Hub For Suse Linux Enterprise and 1 more 2019-10-02 4.3 MEDIUM 5.9 MEDIUM
A bug in the standard library ScalarMult implementation of curve P-256 for amd64 architectures in Go before 1.7.6 and 1.8.x before 1.8.2 causes incorrect results to be generated for specific input points. An adaptive attack can be mounted to progressively extract the scalar input to ScalarMult by submitting crafted points and observing failures to the derive correct output. This leads to a full key recovery attack against static ECDH, as used in popular JWT libraries.
CVE-2016-1956 4 Linux, Mozilla, Novell and 1 more 5 Linux Kernel, Firefox, Suse Package Hub For Suse Linux Enterprise and 2 more 2018-10-30 7.1 HIGH 6.5 MEDIUM
Mozilla Firefox before 45.0 on Linux, when an Intel video driver is used, allows remote attackers to cause a denial of service (memory consumption or stack memory corruption) by triggering use of a WebGL shader.
CVE-2016-1657 4 Debian, Google, Novell and 1 more 4 Debian Linux, Chrome, Suse Package Hub For Suse Linux Enterprise and 1 more 2018-10-30 4.3 MEDIUM 4.3 MEDIUM
The WebContentsImpl::FocusLocationBarByDefault function in content/browser/web_contents/web_contents_impl.cc in Google Chrome before 50.0.2661.75 mishandles focus for certain about:blank pages, which allows remote attackers to spoof the address bar via a crafted URL.
CVE-2016-1658 4 Debian, Google, Novell and 1 more 4 Debian Linux, Chrome, Suse Package Hub For Suse Linux Enterprise and 1 more 2018-10-30 4.3 MEDIUM 4.3 MEDIUM
The Extensions subsystem in Google Chrome before 50.0.2661.75 incorrectly relies on GetOrigin method calls for origin comparisons, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted extension.
CVE-2016-1704 5 Canonical, Google, Novell and 2 more 8 Ubuntu Linux, Chrome, Suse Package Hub For Suse Linux Enterprise and 5 more 2018-10-30 6.8 MEDIUM 8.8 HIGH
Multiple unspecified vulnerabilities in Google Chrome before 51.0.2704.103 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
CVE-2016-1953 3 Mozilla, Novell, Opensuse 6 Firefox, Firefox Esr, Thunderbird and 3 more 2018-10-30 6.8 MEDIUM 8.8 HIGH
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 45.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to js/src/jit/arm/Assembler-arm.cpp, and unknown other vectors.
CVE-2016-1955 3 Mozilla, Novell, Opensuse 4 Firefox, Suse Package Hub For Suse Linux Enterprise, Leap and 1 more 2018-10-30 4.3 MEDIUM 4.3 MEDIUM
Mozilla Firefox before 45.0 allows remote attackers to bypass the Same Origin Policy and obtain sensitive information by reading a Content Security Policy (CSP) violation report that contains path information associated with an IFRAME element.
CVE-2016-1629 4 Debian, Google, Novell and 1 more 5 Debian Linux, Chrome, Suse Package Hub For Suse Linux Enterprise and 2 more 2018-10-30 10.0 HIGH 9.8 CRITICAL
Google Chrome before 48.0.2564.116 allows remote attackers to bypass the Blink Same Origin Policy and a sandbox protection mechanism via unspecified vectors.
CVE-2016-2818 6 Canonical, Debian, Mozilla and 3 more 22 Ubuntu Linux, Debian Linux, Firefox and 19 more 2018-10-30 6.8 MEDIUM 8.8 HIGH
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.