Filtered by vendor Opensuse
Subscriptions
Filtered by product Leap
Subscriptions
Total
1918 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2016-3992 | 3 Cronic Project, Debian, Opensuse | 4 Cronic, Debian Linux, Leap and 1 more | 2025-04-12 | N/A |
cronic before 3 allows local users to write to arbitrary files via a symlink attack on a (1) cronic.out.$$, (2) cronic.err.$$, or (3) cronic.trace.$$ file in /tmp. | ||||
CVE-2016-1697 | 6 Canonical, Debian, Google and 3 more | 10 Ubuntu Linux, Debian Linux, Chrome and 7 more | 2025-04-12 | N/A |
The FrameLoader::startLoad function in WebKit/Source/core/loader/FrameLoader.cpp in Blink, as used in Google Chrome before 51.0.2704.79, does not prevent frame navigations during DocumentLoader detach operations, which allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code. | ||||
CVE-2016-0651 | 5 Mariadb, Opensuse, Oracle and 2 more | 17 Mariadb, Leap, Opensuse and 14 more | 2025-04-12 | 5.5 Medium |
Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier allows local users to affect availability via vectors related to Optimizer. | ||||
CVE-2016-2825 | 3 Canonical, Mozilla, Opensuse | 4 Ubuntu Linux, Firefox, Leap and 1 more | 2025-04-12 | N/A |
Mozilla Firefox before 47.0 allows remote attackers to bypass the Same Origin Policy and modify the location.host property via an invalid data: URL. | ||||
CVE-2016-2824 | 3 Microsoft, Mozilla, Opensuse | 4 Windows, Firefox, Leap and 1 more | 2025-04-12 | N/A |
The TSymbolTableLevel class in ANGLE, as used in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 on Windows, allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact by triggering use of a WebGL shader that writes to an array. | ||||
CVE-2016-2834 | 5 Canonical, Mozilla, Novell and 2 more | 9 Ubuntu Linux, Firefox, Network Security Services and 6 more | 2025-04-12 | N/A |
Mozilla Network Security Services (NSS) before 3.23, as used in Mozilla Firefox before 47.0, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors. | ||||
CVE-2016-3062 | 4 Debian, Ffmpeg, Libav and 1 more | 4 Debian Linux, Ffmpeg, Libav and 1 more | 2025-04-12 | N/A |
The mov_read_dref function in libavformat/mov.c in Libav before 11.7 and FFmpeg before 0.11 allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via the entries value in a dref box in an MP4 file. | ||||
CVE-2016-3069 | 6 Debian, Fedoraproject, Mercurial and 3 more | 15 Debian Linux, Fedora, Mercurial and 12 more | 2025-04-12 | N/A |
Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a crafted name when converting a Git repository. | ||||
CVE-2016-3119 | 3 Mit, Opensuse, Redhat | 4 Kerberos 5, Leap, Opensuse and 1 more | 2025-04-12 | N/A |
The process_db_args function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the LDAP KDB module in kadmind in MIT Kerberos 5 (aka krb5) through 1.13.4 and 1.14.x through 1.14.1 mishandles the DB argument, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request to modify a principal. | ||||
CVE-2016-3630 | 5 Debian, Fedoraproject, Mercurial and 2 more | 7 Debian Linux, Fedora, Mercurial and 4 more | 2025-04-12 | 8.8 High |
The binary delta decoder in Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a (1) clone, (2) push, or (3) pull command, related to (a) a list sizing rounding error and (b) short records. | ||||
CVE-2016-3714 | 6 Canonical, Debian, Imagemagick and 3 more | 7 Ubuntu Linux, Debian Linux, Imagemagick and 4 more | 2025-04-12 | 8.4 High |
The (1) EPHEMERAL, (2) HTTPS, (3) MVG, (4) MSL, (5) TEXT, (6) SHOW, (7) WIN, and (8) PLT coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to execute arbitrary code via shell metacharacters in a crafted image, aka "ImageTragick." | ||||
CVE-2016-3959 | 4 Fedoraproject, Golang, Opensuse and 1 more | 4 Fedora, Go, Leap and 1 more | 2025-04-12 | N/A |
The Verify function in crypto/dsa/dsa.go in Go before 1.5.4 and 1.6.x before 1.6.1 does not properly check parameters passed to the big integer library, which might allow remote attackers to cause a denial of service (infinite loop) via a crafted public key to a program that uses HTTPS client certificates or SSH server libraries. | ||||
CVE-2016-3982 | 4 Canonical, Debian, Opensuse and 1 more | 5 Ubuntu Linux, Debian Linux, Leap and 2 more | 2025-04-12 | N/A |
Off-by-one error in the bmp_rle4_fread function in pngxrbmp.c in OptiPNG before 0.7.6 allows remote attackers to cause a denial of service (out-of-bounds read or write access and crash) or possibly execute arbitrary code via a crafted image file, which triggers a heap-based buffer overflow. | ||||
CVE-2016-4007 | 1 Opensuse | 2 Leap, Opensuse | 2025-04-12 | N/A |
Multiple unspecified vulnerabilities in the obs-service-extract_file package before 0.3-5.1 in openSUSE Leap 42.1 and before 0.3-3.1 in openSUSE 13.2 allow attackers to execute arbitrary commands via a service definition, related to executing unzip with "illegal options." | ||||
CVE-2016-4036 | 1 Opensuse | 2 Leap, Opensuse | 2025-04-12 | N/A |
The quagga package before 0.99.23-2.6.1 in openSUSE and SUSE Linux Enterprise Server 11 SP 1 uses weak permissions for /etc/quagga, which allows local users to obtain sensitive information by reading files in the directory. | ||||
CVE-2016-4049 | 3 Opensuse, Quagga, Redhat | 4 Leap, Opensuse, Quagga and 1 more | 2025-04-12 | N/A |
The bgp_dump_routes_func function in bgpd/bgp_dump.c in Quagga does not perform size checks when dumping data, which might allow remote attackers to cause a denial of service (assertion failure and daemon crash) via a large BGP packet. | ||||
CVE-2016-4069 | 2 Opensuse, Roundcube | 2 Leap, Webmail | 2025-04-12 | N/A |
Cross-site request forgery (CSRF) vulnerability in Roundcube Webmail before 1.1.5 allows remote attackers to hijack the authentication of users for requests that download attachments and cause a denial of service (disk consumption) via unspecified vectors. | ||||
CVE-2015-5309 | 2 Opensuse, Simon Tatham | 3 Leap, Opensuse, Putty | 2025-04-12 | N/A |
Integer overflow in the terminal emulator in PuTTY before 0.66 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via an ECH (erase characters) escape sequence with a large parameter value, which triggers a buffer underflow. | ||||
CVE-2016-4303 | 4 Debian, Es, Novell and 1 more | 5 Debian Linux, Iperf3, Suse Package Hub For Suse Linux Enterprise and 2 more | 2025-04-12 | 9.8 Critical |
The parse_string function in cjson.c in the cJSON library mishandles UTF8/16 strings, which allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a non-hex character in a JSON string, which triggers a heap-based buffer overflow. | ||||
CVE-2016-2822 | 5 Canonical, Debian, Mozilla and 2 more | 6 Ubuntu Linux, Debian Linux, Firefox and 3 more | 2025-04-12 | N/A |
Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allow remote attackers to spoof the address bar via a SELECT element with a persistent menu. |