Filtered by vendor Opensuse
Subscribe
Total
3283 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2016-2347 | 3 Debian, Lhasa Project, Opensuse | 4 Debian Linux, Lhasa, Leap and 1 more | 2024-02-28 | 6.8 MEDIUM | 7.8 HIGH |
Integer underflow in the decode_level3_header function in lib/lha_file_header.c in Lhasa before 0.3.1 allows remote attackers to execute arbitrary code via a crafted archive. | |||||
CVE-2016-8688 | 2 Libarchive, Opensuse | 2 Libarchive, Leap | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
The mtree bidder in libarchive 3.2.1 does not keep track of line sizes when extending the read-ahead, which allows remote attackers to cause a denial of service (crash) via a crafted file, which triggers an invalid read in the (1) detect_form or (2) bid_entry function in libarchive/archive_read_support_format_mtree.c. | |||||
CVE-2016-5321 | 2 Libtiff, Opensuse | 2 Libtiff, Opensuse | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
The DumpModeDecode function in libtiff 4.0.6 and earlier allows attackers to cause a denial of service (invalid read and crash) via a crafted tiff image. | |||||
CVE-2016-9840 | 8 Apple, Canonical, Debian and 5 more | 19 Iphone Os, Mac Os X, Tvos and 16 more | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
inftrees.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic. | |||||
CVE-2015-8567 | 6 Canonical, Debian, Fedoraproject and 3 more | 10 Ubuntu Linux, Debian Linux, Fedora and 7 more | 2024-02-28 | 6.8 MEDIUM | 7.7 HIGH |
Memory leak in net/vmxnet3.c in QEMU allows remote attackers to cause a denial of service (memory consumption). | |||||
CVE-2017-6318 | 2 Opensuse, Sane-backends Project | 2 Leap, Sane-backends | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
saned in sane-backends 1.0.25 allows remote attackers to obtain sensitive memory information via a crafted SANE_NET_CONTROL_OPTION packet. | |||||
CVE-2016-9398 | 4 Fedoraproject, Jasper Project, Opensuse and 1 more | 6 Fedora, Jasper, Leap and 3 more | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
The jpc_floorlog2 function in jpc_math.c in JasPer before 1.900.17 allows remote attackers to cause a denial of service (assertion failure) via unspecified vectors. | |||||
CVE-2016-2312 | 3 Fedoraproject, Kde, Opensuse | 4 Fedora, Kscreenlocker, Plasma-workspace and 1 more | 2024-02-28 | 4.6 MEDIUM | 6.8 MEDIUM |
Turning all screens off in Plasma-workspace and kscreenlocker while the lock screen is shown can result in the screen being unlocked when turning a screen on again. | |||||
CVE-2016-9436 | 3 Opensuse, Opensuse Project, Tats | 3 Leap, Leap, W3m | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
parsetagx.c in w3m before 0.5.3+git20161009 does not properly initialize values, which allows remote attackers to crash the application via a crafted html file, related to a <i> tag. | |||||
CVE-2016-8866 | 2 Imagemagick, Opensuse | 3 Imagemagick, Leap, Opensuse | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
The AcquireMagickMemory function in MagickCore/memory.c in ImageMagick 7.0.3.3 before 7.0.3.8 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation failure. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8862. | |||||
CVE-2016-8683 | 3 Debian, Graphicsmagick, Opensuse | 3 Debian Linux, Graphicsmagick, Opensuse | 2024-02-28 | 6.8 MEDIUM | 7.8 HIGH |
The ReadPCXImage function in coders/pcx.c in GraphicsMagick 1.3.25 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation failure and a "file truncation error for corrupt file." | |||||
CVE-2015-8864 | 2 Opensuse, Roundcube | 4 Leap, Opensuse, Roundcube Webmail and 1 more | 2024-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 1.0.9 and 1.1.x before 1.1.5 allows remote attackers to inject arbitrary web script or HTML via a crafted SVG, a different vulnerability than CVE-2016-4068. | |||||
CVE-2016-10165 | 6 Canonical, Debian, Littlecms and 3 more | 19 Ubuntu Linux, Debian Linux, Little Cms Color Engine and 16 more | 2024-02-28 | 5.8 MEDIUM | 7.1 HIGH |
The Type_MLU_Read function in cmstypes.c in Little CMS (aka lcms2) allows remote attackers to obtain sensitive information or cause a denial of service via an image with a crafted ICC profile, which triggers an out-of-bounds heap read. | |||||
CVE-2016-7170 | 3 Debian, Opensuse, Qemu | 3 Debian Linux, Leap, Qemu | 2024-02-28 | 2.1 LOW | 4.4 MEDIUM |
The vmsvga_fifo_run function in hw/display/vmware_vga.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) via vectors related to cursor.mask[] and cursor.image[] array sizes when processing a DEFINE_CURSOR svga command. | |||||
CVE-2016-7448 | 3 Debian, Graphicsmagick, Opensuse | 4 Debian Linux, Graphicsmagick, Leap and 1 more | 2024-02-28 | 7.8 HIGH | 7.5 HIGH |
The Utah RLE reader in GraphicsMagick before 1.3.25 allows remote attackers to cause a denial of service (CPU consumption or large memory allocations) via vectors involving the header information and the file size. | |||||
CVE-2016-8568 | 4 Fedoraproject, Libgit2 Project, Opensuse and 1 more | 5 Fedora, Libgit2, Leap and 2 more | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
The git_commit_message function in oid.c in libgit2 before 0.24.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a cat-file command with a crafted object file. | |||||
CVE-2016-5177 | 5 Debian, Fedoraproject, Google and 2 more | 7 Debian Linux, Fedora, Chrome and 4 more | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
Use-after-free vulnerability in V8 in Google Chrome before 53.0.2785.143 allows remote attackers to cause a denial of service (crash) or possibly have unspecified other impact via unknown vectors. | |||||
CVE-2014-9847 | 4 Canonical, Imagemagick, Opensuse and 1 more | 10 Ubuntu Linux, Imagemagick, Opensuse and 7 more | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
The jng decoder in ImageMagick 6.8.9.9 allows remote attackers to have an unspecified impact. | |||||
CVE-2017-5337 | 2 Gnu, Opensuse | 2 Gnutls, Leap | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
Multiple heap-based buffer overflows in the read_attribute function in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allow remote attackers to have unspecified impact via a crafted OpenPGP certificate. | |||||
CVE-2016-9841 | 9 Apple, Canonical, Debian and 6 more | 39 Iphone Os, Mac Os X, Tvos and 36 more | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic. |