cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2016-5759,https://securityvulnerability.io/vulnerability/CVE-2016-5759,,"The mkdumprd script called ""dracut"" in the current working directory ""."" allows local users to trick the administrator into executing code as root.",Novell,"Suse Linux Enterprise Server,Suse Linux Enterprise Desktop,Leap",7.8,HIGH,0.0005699999746866524,false,false,false,false,,false,false,2017-09-08T18:00:00.000Z,0
CVE-2016-7052,https://securityvulnerability.io/vulnerability/CVE-2016-7052,,crypto/x509/x509_vfy.c in OpenSSL 1.0.2i allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) by triggering a CRL operation.,Novell,Suse Linux Enterprise Module For Web Scripting,7.5,HIGH,0.40961000323295593,false,false,false,false,,false,false,2016-09-26T19:00:00.000Z,0
CVE-2015-8920,https://securityvulnerability.io/vulnerability/CVE-2015-8920,,The _ar_read_header function in archive_read_support_format_ar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds stack read) via a crafted ar file.,Novell,"Suse Linux Enterprise Server,Suse Linux Enterprise Desktop,Suse Linux Enterprise Software Development Kit",5.5,MEDIUM,0.0134699996560812,false,false,false,false,,false,false,2016-09-20T14:00:00.000Z,0
CVE-2015-8918,https://securityvulnerability.io/vulnerability/CVE-2015-8918,,"The archive_string_append function in archive_string.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted cab files, related to ""overlapping memcpy.""",Novell,"Suse Linux Enterprise Server,Suse Linux Enterprise Desktop,Suse Linux Enterprise Software Development Kit",7.5,HIGH,0.07959000021219254,false,false,false,false,,false,false,2016-09-20T14:00:00.000Z,0
CVE-2015-8921,https://securityvulnerability.io/vulnerability/CVE-2015-8921,,The ae_strtofflags function in archive_entry.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mtree file.,Novell,"Suse Linux Enterprise Server,Suse Linux Enterprise Desktop,Suse Linux Enterprise Software Development Kit",7.5,HIGH,0.07728999853134155,false,false,false,false,,false,false,2016-09-20T14:00:00.000Z,0
CVE-2016-0376,https://securityvulnerability.io/vulnerability/CVE-2016-0376,,"The com.ibm.rmi.io.SunSerializableFactory class in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25 (6.1.8.25), 7 before SR9 FP40 (7.0.9.40), 7 R1 before SR3 FP40 (7.1.3.40), and 8 before SR3 (8.0.3.0) does not properly deserialize classes in an AccessController doPrivileged block, which allows remote attackers to bypass a sandbox protection mechanism and execute arbitrary code as demonstrated by the readValue method of the com.ibm.rmi.io.ValueHandlerPool.ValueHandlerSingleton class, which implements the javax.rmi.CORBA.ValueHandler interface.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-5456.",Novell,"Suse Manager,Suse Linux Enterprise Server,Suse Manager Proxy,Suse Linux Enterprise Module For Legacy Software,Suse Openstack Cloud,Suse Linux Enterprise Software Development Kit",8.1,HIGH,0.2616499960422516,false,false,false,false,,false,false,2016-06-03T14:00:00.000Z,0
CVE-2016-4486,https://securityvulnerability.io/vulnerability/CVE-2016-4486,,"The rtnl_fill_link_ifmap function in net/core/rtnetlink.c in the Linux kernel before 4.5.5 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory by reading a Netlink message.",Novell,"Suse Linux Enterprise Module For Public Cloud,Suse Linux Enterprise Server,Suse Linux Enterprise Live Patching,Suse Linux Enterprise Desktop,Suse Linux Enterprise Real Time Extension,Suse Linux Enterprise Workstation Extension,Suse Linux Enterprise Debuginfo,Suse Linux Enterprise Software Development Kit",3.3,LOW,0.0004400000034365803,false,false,false,false,,false,false,2016-05-23T10:00:00.000Z,0
CVE-2016-4485,https://securityvulnerability.io/vulnerability/CVE-2016-4485,,"The llc_cmsg_rcv function in net/llc/af_llc.c in the Linux kernel before 4.5.5 does not initialize a certain data structure, which allows attackers to obtain sensitive information from kernel stack memory by reading a message.",Novell,"Suse Linux Enterprise Server,Suse Linux Enterprise Debuginfo,Suse Linux Enterprise Software Development Kit",7.5,HIGH,0.004730000160634518,false,false,false,false,,false,false,2016-05-23T10:00:00.000Z,0
CVE-2016-4805,https://securityvulnerability.io/vulnerability/CVE-2016-4805,,"Use-after-free vulnerability in drivers/net/ppp/ppp_generic.c in the Linux kernel before 4.5.2 allows local users to cause a denial of service (memory corruption and system crash, or spinlock) or possibly have unspecified other impact by removing a network namespace, related to the ppp_register_net_channel and ppp_unregister_channel functions.",Novell,Suse Linux Enterprise Desktop,7.8,HIGH,0.0006200000061653554,false,false,false,false,,false,false,2016-05-23T10:00:00.000Z,0
CVE-2016-3137,https://securityvulnerability.io/vulnerability/CVE-2016-3137,,"drivers/usb/serial/cypress_m8.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a USB device without both an interrupt-in and an interrupt-out endpoint descriptor, related to the cypress_generic_port_probe and cypress_open functions.",Novell,"Suse Linux Enterprise Module For Public Cloud,Suse Linux Enterprise Server,Suse Linux Enterprise Live Patching,Suse Linux Enterprise Real Time Extension,Suse Linux Enterprise Desktop,Suse Linux Enterprise Workstation Extension,Suse Linux Enterprise Debuginfo,Suse Linux Enterprise Software Development Kit",4.6,MEDIUM,0.0023499999660998583,false,false,false,false,,false,false,2016-05-02T10:00:00.000Z,0
CVE-2016-2188,https://securityvulnerability.io/vulnerability/CVE-2016-2188,,The iowarrior_probe function in drivers/usb/misc/iowarrior.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.,Novell,"Suse Linux Enterprise Module For Public Cloud,Suse Linux Enterprise Server,Suse Linux Enterprise Live Patching,Suse Linux Enterprise Real Time Extension,Suse Linux Enterprise Desktop,Suse Linux Enterprise Workstation Extension,Suse Linux Enterprise Debuginfo,Suse Linux Enterprise Software Development Kit",4.6,MEDIUM,0.008940000087022781,false,false,false,false,,false,false,2016-05-02T10:00:00.000Z,0
CVE-2016-3689,https://securityvulnerability.io/vulnerability/CVE-2016-3689,,The ims_pcu_parse_cdc_data function in drivers/input/misc/ims-pcu.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (system crash) via a USB device without both a master and a slave interface.,Novell,"Suse Linux Enterprise Module For Public Cloud,Suse Linux Enterprise Server,Suse Linux Enterprise Live Patching,Suse Linux Enterprise Desktop,Suse Linux Enterprise Real Time Extension,Suse Linux Enterprise Workstation Extension,Suse Linux Enterprise Software Development Kit",4.6,MEDIUM,0.0030900000128895044,false,false,false,false,,false,false,2016-05-02T10:00:00.000Z,0
CVE-2015-8812,https://securityvulnerability.io/vulnerability/CVE-2015-8812,,"drivers/infiniband/hw/cxgb3/iwch_cm.c in the Linux kernel before 4.5 does not properly identify error conditions, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via crafted packets.",Novell,Suse Linux Enterprise Real Time Extension,9.8,CRITICAL,0.04157999902963638,false,false,false,false,,false,false,2016-04-27T17:00:00.000Z,0
CVE-2015-8816,https://securityvulnerability.io/vulnerability/CVE-2015-8816,,"The hub_activate function in drivers/usb/core/hub.c in the Linux kernel before 4.3.5 does not properly maintain a hub-interface data structure, which allows physically proximate attackers to cause a denial of service (invalid memory access and system crash) or possibly have unspecified other impact by unplugging a USB hub device.",Novell,"Suse Linux Enterprise Server,Suse Linux Enterprise Debuginfo,Suse Linux Enterprise Live Patching,Suse Linux Enterprise Real Time Extension,Suse Linux Enterprise Desktop,Suse Linux Enterprise Module For Public Cloud,Suse Linux Enterprise Workstation Extension,Suse Linux Enterprise Software Development Kit",6.8,MEDIUM,0.003370000049471855,false,false,false,false,,false,false,2016-04-27T17:00:00.000Z,0
CVE-2016-3134,https://securityvulnerability.io/vulnerability/CVE-2016-3134,,"The netfilter subsystem in the Linux kernel through 4.5.2 does not validate certain offset fields, which allows local users to gain privileges or cause a denial of service (heap memory corruption) via an IPT_SO_SET_REPLACE setsockopt call.",Novell,"Suse Linux Enterprise Module For Public Cloud,Suse Linux Enterprise Server,Suse Linux Enterprise Live Patching,Suse Linux Enterprise Desktop,Suse Linux Enterprise Real Time Extension,Suse Linux Enterprise Workstation Extension,Suse Linux Enterprise Debuginfo,Suse Linux Enterprise Software Development Kit",8.4,HIGH,0.0016400000313296914,false,false,false,false,,false,false,2016-04-27T17:00:00.000Z,0
CVE-2016-3139,https://securityvulnerability.io/vulnerability/CVE-2016-3139,,The wacom_probe function in drivers/input/tablet/wacom_sys.c in the Linux kernel before 3.17 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.,Novell,"Suse Linux Enterprise Module For Public Cloud,Suse Linux Enterprise Server,Suse Linux Enterprise Live Patching,Suse Linux Enterprise Real Time Extension,Suse Linux Enterprise Desktop,Suse Linux Enterprise Workstation Extension,Suse Linux Enterprise Debuginfo,Suse Linux Enterprise Software Development Kit",4.6,MEDIUM,0.009990000165998936,false,false,false,false,,false,false,2016-04-27T17:00:00.000Z,0
CVE-2016-3156,https://securityvulnerability.io/vulnerability/CVE-2016-3156,,"The IPv4 implementation in the Linux kernel before 4.5.2 mishandles destruction of device objects, which allows guest OS users to cause a denial of service (host OS networking outage) by arranging for a large number of IP addresses.",Novell,"Suse Linux Enterprise Module For Public Cloud,Suse Linux Enterprise Server,Suse Linux Enterprise Live Patching,Suse Linux Enterprise Real Time Extension,Suse Linux Enterprise Desktop,Suse Linux Enterprise Workstation Extension,Suse Linux Enterprise Debuginfo,Suse Linux Enterprise Software Development Kit",5.5,MEDIUM,0.0006399999838322401,false,false,false,false,,false,false,2016-04-27T17:00:00.000Z,0
CVE-2016-1658,https://securityvulnerability.io/vulnerability/CVE-2016-1658,,"The Extensions subsystem in Google Chrome before 50.0.2661.75 incorrectly relies on GetOrigin method calls for origin comparisons, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted extension.",Novell,"Suse Package Hub For Suse Linux Enterprise,Leap",4.3,MEDIUM,0.005160000175237656,false,false,false,false,,false,false,2016-04-18T10:00:00.000Z,0
CVE-2016-1957,https://securityvulnerability.io/vulnerability/CVE-2016-1957,,Memory leak in libstagefright in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to cause a denial of service (memory consumption) via an MPEG-4 file that triggers a delete operation on an array.,Novell,"Suse Package Hub For Suse Linux Enterprise,Leap,Opensuse",4.3,MEDIUM,0.007430000230669975,false,false,false,false,,false,false,2016-03-13T18:00:00.000Z,0
CVE-2016-1955,https://securityvulnerability.io/vulnerability/CVE-2016-1955,,Mozilla Firefox before 45.0 allows remote attackers to bypass the Same Origin Policy and obtain sensitive information by reading a Content Security Policy (CSP) violation report that contains path information associated with an IFRAME element.,Novell,"Suse Package Hub For Suse Linux Enterprise,Leap,Opensuse",4.3,MEDIUM,0.0031500000040978193,false,false,false,false,,false,false,2016-03-13T18:00:00.000Z,0
CVE-2015-7566,https://securityvulnerability.io/vulnerability/CVE-2015-7566,,The clie_5_attach function in drivers/usb/serial/visor.c in the Linux kernel through 4.4.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by inserting a USB device that lacks a bulk-out endpoint.,Novell,"Suse Linux Enterprise Server,Suse Linux Enterprise Debuginfo,Suse Linux Enterprise Software Development Kit,Suse Linux Enterprise Real Time Extension",4.6,MEDIUM,0.007910000160336494,false,false,false,false,,false,false,2016-02-08T02:00:00.000Z,0
CVE-2015-7833,https://securityvulnerability.io/vulnerability/CVE-2015-7833,,The usbvision driver in the Linux kernel package 3.10.0-123.20.1.el7 through 3.10.0-229.14.1.el7 in Red Hat Enterprise Linux (RHEL) 7.1 allows physically proximate attackers to cause a denial of service (panic) via a nonzero bInterfaceNumber value in a USB device descriptor.,Novell,Suse Linux Enterprise Real Time Extension,,,0.0020800000056624413,false,false,false,false,,false,false,2015-10-19T10:00:00.000Z,0
CVE-2015-2730,https://securityvulnerability.io/vulnerability/CVE-2015-2730,,"Mozilla Network Security Services (NSS) before 3.19.1, as used in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and other products, does not properly perform Elliptical Curve Cryptography (ECC) multiplications, which makes it easier for remote attackers to spoof ECDSA signatures via unspecified vectors.",Novell,"Suse Linux Enterprise Server,Debian Linux,Suse Linux Enterprise Desktop,Suse Linux Enterprise Software Development Kit",,,0.0026400000788271427,false,false,false,false,,false,false,2015-07-06T01:00:00.000Z,0
CVE-2015-2725,https://securityvulnerability.io/vulnerability/CVE-2015-2725,,"Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 39.0, Firefox ESR 38.x before 38.1, and Thunderbird before 38.1 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.",Novell,"Suse Linux Enterprise Server,Suse Linux Enterprise Desktop,Suse Linux Enterprise Software Development Kit",,,0.007499999832361937,false,false,false,false,,false,false,2015-07-06T01:00:00.000Z,0
CVE-2015-2728,https://securityvulnerability.io/vulnerability/CVE-2015-2728,,"The IndexedDatabaseManager class in the IndexedDB implementation in Mozilla Firefox before 39.0 and Firefox ESR 31.x before 31.8 and 38.x before 38.1 misinterprets an unspecified IDBDatabase field as a pointer, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors, related to a ""type confusion"" issue.",Novell,"Suse Linux Enterprise Server,Suse Linux Enterprise Desktop",,,0.022630000486969948,false,false,false,false,,false,false,2015-07-06T01:00:00.000Z,0