Vulnerabilities (CVE)

Filtered by vendor Opensuse Subscribe
Filtered by product Opensuse
Total 1465 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2016-4068 2 Opensuse, Roundcube 4 Leap, Opensuse, Roundcube Webmail and 1 more 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 1.0.9 and 1.1.x before 1.1.5 allows remote attackers to inject arbitrary web script or HTML via a crafted SVG, a different vulnerability than CVE-2015-8864.
CVE-2016-4049 2 Opensuse, Quagga 3 Leap, Opensuse, Quagga 2024-11-21 5.0 MEDIUM 7.5 HIGH
The bgp_dump_routes_func function in bgpd/bgp_dump.c in Quagga does not perform size checks when dumping data, which might allow remote attackers to cause a denial of service (assertion failure and daemon crash) via a large BGP packet.
CVE-2016-4036 1 Opensuse 2 Leap, Opensuse 2024-11-21 2.1 LOW 5.5 MEDIUM
The quagga package before 0.99.23-2.6.1 in openSUSE and SUSE Linux Enterprise Server 11 SP 1 uses weak permissions for /etc/quagga, which allows local users to obtain sensitive information by reading files in the directory.
CVE-2016-4024 3 Debian, Enlightenment, Opensuse 3 Debian Linux, Imlib2, Opensuse 2024-11-21 7.5 HIGH 9.8 CRITICAL
Integer overflow in imlib2 before 1.4.9 on 32-bit platforms allows remote attackers to execute arbitrary code via large dimensions in an image, which triggers an out-of-bounds heap memory write operation.
CVE-2016-4008 4 Canonical, Fedoraproject, Gnu and 1 more 4 Ubuntu Linux, Fedora, Libtasn1 and 1 more 2024-11-21 4.3 MEDIUM 5.9 MEDIUM
The _asn1_extract_der_octet function in lib/decoding.c in GNU Libtasn1 before 4.8, when used without the ASN1_DECODE_FLAG_STRICT_DER flag, allows remote attackers to cause a denial of service (infinite recursion) via a crafted certificate.
CVE-2016-4007 1 Opensuse 2 Leap, Opensuse 2024-11-21 10.0 HIGH 9.8 CRITICAL
Multiple unspecified vulnerabilities in the obs-service-extract_file package before 0.3-5.1 in openSUSE Leap 42.1 and before 0.3-3.1 in openSUSE 13.2 allow attackers to execute arbitrary commands via a service definition, related to executing unzip with "illegal options."
CVE-2016-3992 3 Cronic Project, Debian, Opensuse 4 Cronic, Debian Linux, Leap and 1 more 2024-11-21 4.9 MEDIUM 6.2 MEDIUM
cronic before 3 allows local users to write to arbitrary files via a symlink attack on a (1) cronic.out.$$, (2) cronic.err.$$, or (3) cronic.trace.$$ file in /tmp.
CVE-2016-3982 4 Canonical, Debian, Opensuse and 1 more 5 Ubuntu Linux, Debian Linux, Leap and 2 more 2024-11-21 6.8 MEDIUM 8.8 HIGH
Off-by-one error in the bmp_rle4_fread function in pngxrbmp.c in OptiPNG before 0.7.6 allows remote attackers to cause a denial of service (out-of-bounds read or write access and crash) or possibly execute arbitrary code via a crafted image file, which triggers a heap-based buffer overflow.
CVE-2016-3977 2 Giflib Project, Opensuse 2 Giflib, Opensuse 2024-11-21 4.3 MEDIUM 5.5 MEDIUM
Heap-based buffer overflow in util/gif2rgb.c in gif2rgb in giflib 5.1.2 allows remote attackers to cause a denial of service (application crash) via the background color index in a GIF file.
CVE-2016-3718 6 Canonical, Imagemagick, Opensuse and 3 more 30 Ubuntu Linux, Imagemagick, Leap and 27 more 2024-11-21 4.3 MEDIUM 5.5 MEDIUM
The (1) HTTP and (2) FTP coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted image.
CVE-2016-3715 6 Canonical, Imagemagick, Opensuse and 3 more 30 Ubuntu Linux, Imagemagick, Leap and 27 more 2024-11-21 5.8 MEDIUM 5.5 MEDIUM
The EPHEMERAL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to delete arbitrary files via a crafted image.
CVE-2016-3714 5 Canonical, Debian, Imagemagick and 2 more 6 Ubuntu Linux, Debian Linux, Imagemagick and 3 more 2024-11-21 10.0 HIGH 8.4 HIGH
The (1) EPHEMERAL, (2) HTTPS, (3) MVG, (4) MSL, (5) TEXT, (6) SHOW, (7) WIN, and (8) PLT coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to execute arbitrary code via shell metacharacters in a crafted image, aka "ImageTragick."
CVE-2016-3706 2 Gnu, Opensuse 2 Glibc, Opensuse 2024-11-21 5.0 MEDIUM 7.5 HIGH
Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in the GNU C Library (aka glibc or libc6) allows remote attackers to cause a denial of service (crash) via vectors involving hostent conversion. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4458.
CVE-2016-3697 3 Docker, Linuxfoundation, Opensuse 3 Docker, Runc, Opensuse 2024-11-21 2.1 LOW 7.8 HIGH
libcontainer/user/user.go in runC before 0.1.0, as used in Docker before 1.11.2, improperly treats a numeric UID as a potential username, which allows local users to gain privileges via a numeric username in the password file in a container.
CVE-2016-3679 3 Canonical, Google, Opensuse 4 Ubuntu Linux, Chrome, V8 and 1 more 2024-11-21 9.3 HIGH 8.8 HIGH
Multiple unspecified vulnerabilities in Google V8 before 4.9.385.33, as used in Google Chrome before 49.0.2623.108, allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
CVE-2016-3630 5 Debian, Fedoraproject, Mercurial and 2 more 7 Debian Linux, Fedora, Mercurial and 4 more 2024-11-21 6.8 MEDIUM 8.8 HIGH
The binary delta decoder in Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a (1) clone, (2) push, or (3) pull command, related to (a) a list sizing rounding error and (b) short records.
CVE-2016-3623 2 Libtiff, Opensuse 2 Libtiff, Opensuse 2024-11-21 5.0 MEDIUM 7.5 HIGH
The rgb2ycbcr tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (divide-by-zero) by setting the (1) v or (2) h parameter to 0.
CVE-2016-3427 8 Apache, Canonical, Debian and 5 more 38 Cassandra, Ubuntu Linux, Debian Linux and 35 more 2024-11-21 10.0 HIGH 9.8 CRITICAL
Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX.
CVE-2016-3190 2 Cairographics, Opensuse 2 Cairo, Opensuse 2024-11-21 5.0 MEDIUM 7.5 HIGH
The fill_xrgb32_lerp_opaque_spans function in cairo-image-compositor.c in cairo before 1.14.2 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a negative span length.
CVE-2016-3186 2 Libtiff, Opensuse 2 Libtiff, Opensuse 2024-11-21 5.0 MEDIUM 6.2 MEDIUM
Buffer overflow in the readextension function in gif2tiff.c in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (application crash) via a crafted GIF file.