Vulnerabilities (CVE)

Filtered by vendor Opensuse Subscribe
Filtered by product Opensuse
Total 1465 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2016-2318 4 Debian, Graphicsmagick, Opensuse and 1 more 7 Debian Linux, Graphicsmagick, Leap and 4 more 2024-11-21 4.3 MEDIUM 5.5 MEDIUM
GraphicsMagick 1.3.23 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted SVG file, related to the (1) DrawImage function in magick/render.c, (2) SVGStartElement function in coders/svg.c, and (3) TraceArcPath function in magick/render.c.
CVE-2016-2317 4 Debian, Graphicsmagick, Opensuse and 1 more 7 Debian Linux, Graphicsmagick, Leap and 4 more 2024-11-21 4.3 MEDIUM 5.5 MEDIUM
Multiple buffer overflows in GraphicsMagick 1.3.23 allow remote attackers to cause a denial of service (crash) via a crafted SVG file, related to the (1) TracePoint function in magick/render.c, (2) GetToken function in magick/utility.c, and (3) GetTransformTokens function in coders/svg.c.
CVE-2016-2315 3 Git-scm, Opensuse, Suse 8 Git, Leap, Opensuse and 5 more 2024-11-21 10.0 HIGH 9.8 CRITICAL
revision.c in git before 2.7.4 uses an incorrect integer data type, which allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, leading to a heap-based buffer overflow.
CVE-2016-2313 2 Cacti, Opensuse 3 Cacti, Leap, Opensuse 2024-11-21 6.5 MEDIUM 8.8 HIGH
auth_login.php in Cacti before 0.8.8g allows remote authenticated users who use web authentication to bypass intended access restrictions by logging in as a user not in the cacti database.
CVE-2016-2191 4 Canonical, Debian, Opensuse and 1 more 5 Ubuntu Linux, Debian Linux, Leap and 2 more 2024-11-21 4.3 MEDIUM 6.5 MEDIUM
The bmp_read_rows function in pngxtern/pngxrbmp.c in OptiPNG before 0.7.6 allows remote attackers to cause a denial of service (invalid memory write and crash) via a series of delta escapes in a crafted BMP image.
CVE-2016-2150 5 Debian, Microsoft, Opensuse and 2 more 12 Debian Linux, Windows, Leap and 9 more 2024-11-21 3.6 LOW 7.1 HIGH
SPICE allows local guest OS users to read from or write to arbitrary host memory locations via crafted primary surface parameters, a similar issue to CVE-2015-5261.
CVE-2016-2107 8 Canonical, Debian, Google and 5 more 15 Ubuntu Linux, Debian Linux, Android and 12 more 2024-11-21 2.6 LOW 5.9 MEDIUM
The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h does not consider memory allocation during a certain padding check, which allows remote attackers to obtain sensitive cleartext information via a padding-oracle attack against an AES CBC session. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-0169.
CVE-2016-2105 8 Apple, Canonical, Debian and 5 more 15 Mac Os X, Ubuntu Linux, Debian Linux and 12 more 2024-11-21 5.0 MEDIUM 7.5 HIGH
Integer overflow in the EVP_EncodeUpdate function in crypto/evp/encode.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of binary data.
CVE-2016-2099 2 Apache, Opensuse 2 Xerces-c\+\+, Opensuse 2024-11-21 10.0 HIGH 9.8 CRITICAL
Use-after-free vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++ 3.1.3 and earlier allows context-dependent attackers to have unspecified impact via an invalid character in an XML document.
CVE-2016-2043 3 Fedoraproject, Opensuse, Phpmyadmin 4 Fedora, Leap, Opensuse and 1 more 2024-11-21 3.5 LOW 5.4 MEDIUM
Cross-site scripting (XSS) vulnerability in the goToFinish1NF function in js/normalization.js in phpMyAdmin 4.4.x before 4.4.15.3 and 4.5.x before 4.5.4 allows remote authenticated users to inject arbitrary web script or HTML via a table name to the normalization page.
CVE-2016-2042 3 Fedoraproject, Opensuse, Phpmyadmin 4 Fedora, Leap, Opensuse and 1 more 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
phpMyAdmin 4.4.x before 4.4.15.3 and 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted request to (1) libraries/phpseclib/Crypt/AES.php or (2) libraries/phpseclib/Crypt/Rijndael.php, which reveals the full path in an error message.
CVE-2016-2041 3 Fedoraproject, Opensuse, Phpmyadmin 4 Fedora, Leap, Opensuse and 1 more 2024-11-21 5.0 MEDIUM 7.5 HIGH
libraries/common.inc.php in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 does not use a constant-time algorithm for comparing CSRF tokens, which makes it easier for remote attackers to bypass intended access restrictions by measuring time differences.
CVE-2016-2040 3 Fedoraproject, Opensuse, Phpmyadmin 4 Fedora, Leap, Opensuse and 1 more 2024-11-21 3.5 LOW 5.4 MEDIUM
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 allow remote authenticated users to inject arbitrary web script or HTML via a (1) table name, (2) SET value, (3) search query, or (4) hostname in a Location header.
CVE-2016-2039 3 Fedoraproject, Opensuse, Phpmyadmin 4 Fedora, Leap, Opensuse and 1 more 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
libraries/session.inc.php in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 does not properly generate CSRF token values, which allows remote attackers to bypass intended access restrictions by predicting a value.
CVE-2016-2038 3 Fedoraproject, Opensuse, Phpmyadmin 4 Fedora, Leap, Opensuse and 1 more 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted request, which reveals the full path in an error message.
CVE-2016-1977 5 Mozilla, Opensuse, Oracle and 2 more 6 Firefox, Leap, Opensuse and 3 more 2024-11-21 6.8 MEDIUM 8.8 HIGH
The Machine::Code::decoder::analysis::set_ref function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to execute arbitrary code or cause a denial of service (stack memory corruption) via a crafted Graphite smart font.
CVE-2016-1974 4 Mozilla, Opensuse, Oracle and 1 more 6 Firefox, Thunderbird, Leap and 3 more 2024-11-21 6.8 MEDIUM 8.8 HIGH
The nsScannerString::AppendUnicodeTo function in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 does not verify that memory allocation succeeds, which allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via crafted Unicode data in an HTML, XML, or SVG document.
CVE-2016-1966 3 Mozilla, Opensuse, Oracle 4 Firefox, Thunderbird, Opensuse and 1 more 2024-11-21 6.8 MEDIUM 8.8 HIGH
The nsNPObjWrapper::GetNewOrUsed function in dom/plugins/base/nsJSNPRuntime.cpp in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code or cause a denial of service (invalid pointer dereference and memory corruption) via a crafted NPAPI plugin.
CVE-2016-1965 3 Mozilla, Opensuse, Oracle 3 Firefox, Opensuse, Linux 2024-11-21 4.3 MEDIUM 4.3 MEDIUM
Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 mishandle a navigation sequence that returns to the original page, which allows remote attackers to spoof the address bar via vectors involving the history.back method and the location.protocol property.
CVE-2016-1964 4 Mozilla, Opensuse, Oracle and 1 more 6 Firefox, Thunderbird, Leap and 3 more 2024-11-21 6.8 MEDIUM 8.8 HIGH
Use-after-free vulnerability in the AtomicBaseIncDec function in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) by leveraging mishandling of XML transformations.