Lucene search

K

OpenSUSE Security Vulnerabilities

cve
cve

CVE-2016-2099

Use-after-free vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++ 3.1.3 and earlier allows context-dependent attackers to have unspecified impact via an invalid character in an XML...

9.8CVSS

9.4AI Score

0.004EPSS

2016-05-13 02:59 PM
60
cve
cve

CVE-2015-8863

Off-by-one error in the tokenadd function in jv_parse.c in jq allows remote attackers to cause a denial of service (crash) via a long JSON-encoded number, which triggers a heap-based buffer...

9.8CVSS

8AI Score

0.034EPSS

2016-05-06 05:59 PM
24
cve
cve

CVE-2016-4008

The _asn1_extract_der_octet function in lib/decoding.c in GNU Libtasn1 before 4.8, when used without the ASN1_DECODE_FLAG_STRICT_DER flag, allows remote attackers to cause a denial of service (infinite recursion) via a crafted...

5.9CVSS

5.4AI Score

0.256EPSS

2016-05-05 06:59 PM
66
cve
cve

CVE-2016-3714

The (1) EPHEMERAL, (2) HTTPS, (3) MVG, (4) MSL, (5) TEXT, (6) SHOW, (7) WIN, and (8) PLT coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to execute arbitrary code via shell metacharacters in a crafted image, aka...

8.4CVSS

8AI Score

0.968EPSS

2016-05-05 06:59 PM
295
In Wild
15
cve
cve

CVE-2016-2107

The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h does not consider memory allocation during a certain padding check, which allows remote attackers to obtain sensitive cleartext information via a padding-oracle attack against an AES CBC session. NOTE: this vulnerability...

5.9CVSS

6.9AI Score

0.967EPSS

2016-05-05 01:59 AM
510
4
cve
cve

CVE-2016-2105

Integer overflow in the EVP_EncodeUpdate function in crypto/evp/encode.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of binary...

7.5CVSS

7.7AI Score

0.087EPSS

2016-05-05 01:59 AM
156
cve
cve

CVE-2016-2807

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 46.0, Firefox ESR 38.x before 38.8, and Firefox ESR 45.x before 45.1 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown...

8.8CVSS

9.3AI Score

0.018EPSS

2016-04-30 05:59 PM
85
cve
cve

CVE-2016-2806

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 46.0 and Firefox ESR 45.x before 45.1 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown...

8.8CVSS

9.2AI Score

0.024EPSS

2016-04-30 05:59 PM
62
cve
cve

CVE-2016-3074

Integer signedness error in GD Graphics Library 2.1.1 (aka libgd or libgd2) allows remote attackers to cause a denial of service (crash) or potentially execute arbitrary code via crafted compressed gd2 data, which triggers a heap-based buffer...

9.8CVSS

8.1AI Score

0.487EPSS

2016-04-26 02:59 PM
139
2
cve
cve

CVE-2016-3977

Heap-based buffer overflow in util/gif2rgb.c in gif2rgb in giflib 5.1.2 allows remote attackers to cause a denial of service (application crash) via the background color index in a GIF...

5.5CVSS

5.6AI Score

0.018EPSS

2016-04-21 02:59 PM
57
cve
cve

CVE-2016-3190

The fill_xrgb32_lerp_opaque_spans function in cairo-image-compositor.c in cairo before 1.14.2 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a negative span...

7.5CVSS

7.2AI Score

0.01EPSS

2016-04-21 02:59 PM
26
cve
cve

CVE-2016-0668

Unspecified vulnerability in Oracle MySQL 5.6.28 and earlier and 5.7.10 and earlier and MariaDB 10.0.x before 10.0.24 and 10.1.x before 10.1.12 allows local users to affect availability via vectors related to...

4.1CVSS

4.3AI Score

0.0004EPSS

2016-04-21 10:59 AM
57
3
cve
cve

CVE-2016-0651

Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier allows local users to affect availability via vectors related to...

5.5CVSS

4.6AI Score

0.0004EPSS

2016-04-21 10:59 AM
53
4
cve
cve

CVE-2016-0642

Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier allows local users to affect integrity and availability via vectors related to...

4.7CVSS

4.2AI Score

0.0004EPSS

2016-04-21 10:59 AM
65
cve
cve

CVE-2015-8842

tmpfiles.d/systemd.conf in systemd before 229 uses weak permissions for /var/log/journal/%m/system.journal, which allows local users to obtain sensitive information by reading the...

3.3CVSS

3.5AI Score

0.0004EPSS

2016-04-20 04:59 PM
28
cve
cve

CVE-2014-9770

tmpfiles.d/systemd.conf in systemd before 214 uses weak permissions for journal files under (1) /run/log/journal/%m and (2) /var/log/journal/%m, which allows local users to obtain sensitive information by reading these...

3.3CVSS

3.6AI Score

0.0004EPSS

2016-04-20 04:59 PM
29
cve
cve

CVE-2015-8779

Stack-based buffer overflow in the catopen function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long catalog...

9.8CVSS

9.2AI Score

0.049EPSS

2016-04-19 09:59 PM
89
cve
cve

CVE-2015-8778

Integer overflow in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via the size argument to the __hcreate_r function, which triggers out-of-bounds heap-memory...

9.8CVSS

9.1AI Score

0.035EPSS

2016-04-19 09:59 PM
87
cve
cve

CVE-2015-8776

The strftime function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly obtain sensitive information via an out-of-range time...

9.1CVSS

8.5AI Score

0.006EPSS

2016-04-19 09:59 PM
86
cve
cve

CVE-2014-9765

Buffer overflow in the main_get_appheader function in xdelta3-main.h in xdelta3 before 3.0.9 allows remote attackers to execute arbitrary code via a crafted input...

8.8CVSS

8.7AI Score

0.046EPSS

2016-04-19 09:59 PM
45
cve
cve

CVE-2014-9761

Multiple stack-based buffer overflows in the GNU C Library (aka glibc or libc6) before 2.23 allow context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long argument to the (1) nan, (2) nanf, or (3) nanl...

9.8CVSS

9AI Score

0.055EPSS

2016-04-19 09:59 PM
85
cve
cve

CVE-2016-3186

Buffer overflow in the readextension function in gif2tiff.c in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (application crash) via a crafted GIF...

6.2CVSS

6.7AI Score

0.019EPSS

2016-04-19 02:59 PM
139
cve
cve

CVE-2016-4036

The quagga package before 0.99.23-2.6.1 in openSUSE and SUSE Linux Enterprise Server 11 SP 1 uses weak permissions for /etc/quagga, which allows local users to obtain sensitive information by reading files in the...

5.5CVSS

5.8AI Score

0.0004EPSS

2016-04-18 02:59 PM
36
cve
cve

CVE-2015-7552

Heap-based buffer overflow in the gdk_pixbuf_flip function in gdk-pixbuf-scale.c in gdk-pixbuf 2.30.x allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted BMP...

7.8CVSS

7.9AI Score

0.024EPSS

2016-04-18 02:59 PM
58
cve
cve

CVE-2016-2313

auth_login.php in Cacti before 0.8.8g allows remote authenticated users who use web authentication to bypass intended access restrictions by logging in as a user not in the cacti...

8.8CVSS

8.3AI Score

0.004EPSS

2016-04-13 05:59 PM
29
cve
cve

CVE-2016-0787

The diffie_hellman_sha256 function in kex.c in libssh2 before 1.7.0 improperly truncates secrets to 128 or 256 bits, which makes it easier for man-in-the-middle attackers to decrypt or intercept SSH sessions via unspecified vectors, aka a "bits/bytes confusion...

5.9CVSS

5.7AI Score

0.005EPSS

2016-04-13 05:59 PM
142
cve
cve

CVE-2016-3982

Off-by-one error in the bmp_rle4_fread function in pngxrbmp.c in OptiPNG before 0.7.6 allows remote attackers to cause a denial of service (out-of-bounds read or write access and crash) or possibly execute arbitrary code via a crafted image file, which triggers a heap-based buffer...

8.8CVSS

8.9AI Score

0.018EPSS

2016-04-13 04:59 PM
28
cve
cve

CVE-2016-3630

The binary delta decoder in Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a (1) clone, (2) push, or (3) pull command, related to (a) a list sizing rounding error and (b) short...

8.8CVSS

8.7AI Score

0.031EPSS

2016-04-13 04:59 PM
47
cve
cve

CVE-2016-3069

Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a crafted name when converting a Git...

8.8CVSS

8.7AI Score

0.045EPSS

2016-04-13 04:59 PM
42
cve
cve

CVE-2016-3068

Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a crafted git ext:: URL when cloning a...

8.8CVSS

8.7AI Score

0.053EPSS

2016-04-13 04:59 PM
42
cve
cve

CVE-2016-2191

The bmp_read_rows function in pngxtern/pngxrbmp.c in OptiPNG before 0.7.6 allows remote attackers to cause a denial of service (invalid memory write and crash) via a series of delta escapes in a crafted BMP...

6.5CVSS

6.2AI Score

0.022EPSS

2016-04-13 04:59 PM
39
cve
cve

CVE-2015-8551

The PCI backend driver in Xen, when running on an x86 system and using Linux 3.1.x through 4.3.x as the driver domain, allows local guest administrators to hit BUG conditions and cause a denial of service (NULL pointer dereference and host OS crash) by leveraging a system with access to a...

6CVSS

5.6AI Score

0.001EPSS

2016-04-13 03:59 PM
78
cve
cve

CVE-2015-8080

Integer overflow in the getnum function in lua_struct.c in Redis 2.8.x before 2.8.24 and 3.0.x before 3.0.6 allows context-dependent attackers with permission to run Lua code in a Redis session to cause a denial of service (memory corruption and application crash) or possibly bypass intended...

7.5CVSS

8AI Score

0.827EPSS

2016-04-13 03:59 PM
99
cve
cve

CVE-2015-7545

The (1) git-remote-ext and (2) unspecified other remote helper programs in Git before 2.3.10, 2.4.x before 2.4.10, 2.5.x before 2.5.4, and 2.6.x before 2.6.1 do not properly restrict the allowed protocols, which might allow remote attackers to execute arbitrary code via a URL in a (a) .gitmodules.....

9.8CVSS

9.5AI Score

0.08EPSS

2016-04-13 03:59 PM
64
cve
cve

CVE-2016-4007

Multiple unspecified vulnerabilities in the obs-service-extract_file package before 0.3-5.1 in openSUSE Leap 42.1 and before 0.3-3.1 in openSUSE 13.2 allow attackers to execute arbitrary commands via a service definition, related to executing unzip with "illegal...

9.8CVSS

9.7AI Score

0.004EPSS

2016-04-13 02:59 PM
19
cve
cve

CVE-2015-8614

Multiple stack-based buffer overflows in the (1) conv_jistoeuc, (2) conv_euctojis, and (3) conv_sjistoeuc functions in codeconv.c in Claws Mail before 3.13.1 allow remote attackers to have unspecified impact via a crafted email, involving Japanese character set...

7.3CVSS

5.5AI Score

0.006EPSS

2016-04-11 09:59 PM
46
cve
cve

CVE-2016-2381

Perl might allow context-dependent attackers to bypass the taint protection mechanism in a child process via duplicate environment variables in...

7.5CVSS

7.3AI Score

0.004EPSS

2016-04-08 03:59 PM
99
cve
cve

CVE-2015-5969

The mysql-systemd-helper script in the mysql-community-server package before 5.6.28-2.17.1 in openSUSE 13.2 and before 5.6.28-13.1 in openSUSE Leap 42.1 and the mariadb package before 10.0.22-2.21.2 in openSUSE 13.2 and before 10.0.22-3.1 in SUSE Linux Enterprise (SLE) 12.1 and openSUSE Leap 42.1.....

6.2CVSS

6AI Score

0.001EPSS

2016-04-08 03:59 PM
27
cve
cve

CVE-2016-2324

Integer overflow in Git before 2.7.4 allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, which triggers a heap-based buffer...

9.8CVSS

9.7AI Score

0.13EPSS

2016-04-08 02:59 PM
61
cve
cve

CVE-2016-2315

revision.c in git before 2.7.4 uses an incorrect integer data type, which allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, leading to a heap-based buffer...

9.8CVSS

9.6AI Score

0.141EPSS

2016-04-08 02:59 PM
65
cve
cve

CVE-2016-2851

Integer overflow in proto.c in libotr before 4.1.1 on 64-bit platforms allows remote attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via a series of large OTR messages, which triggers a heap-based buffer...

9.8CVSS

9.7AI Score

0.036EPSS

2016-04-07 11:59 PM
39
cve
cve

CVE-2015-2774

Erlang/OTP before 18.0-rc1 does not properly check CBC padding bytes when terminating connections, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, a variant of CVE-2014-3566 (aka...

5.9CVSS

4.6AI Score

0.975EPSS

2016-04-07 09:59 PM
51
cve
cve

CVE-2016-3125

The mod_tls module in ProFTPD before 1.3.5b and 1.3.6 before 1.3.6rc2 does not properly handle the TLSDHParamFile directive, which might cause a weaker than intended Diffie-Hellman (DH) key to be used and consequently allow attackers to have unspecified impact via unknown...

7.5CVSS

7.4AI Score

0.006EPSS

2016-04-05 08:59 PM
637
cve
cve

CVE-2016-3679

Multiple unspecified vulnerabilities in Google V8 before 4.9.385.33, as used in Google Chrome before 49.0.2623.108, allow attackers to cause a denial of service or possibly have other impact via unknown...

8.8CVSS

8.7AI Score

0.005EPSS

2016-03-29 10:59 AM
44
cve
cve

CVE-2016-1650

The PageCaptureSaveAsMHTMLFunction::ReturnFailure function in browser/extensions/api/page_capture/page_capture_api.cc in Google Chrome before 49.0.2623.108 allows attackers to cause a denial of service or possibly have unspecified other impact by triggering an error in creating an MHTML...

8.8CVSS

8.7AI Score

0.005EPSS

2016-03-29 10:59 AM
47
cve
cve

CVE-2016-1649

The Program::getUniformInternal function in Program.cpp in libANGLE, as used in Google Chrome before 49.0.2623.108, does not properly handle a certain data-type mismatch, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via...

8.8CVSS

8.7AI Score

0.03EPSS

2016-03-29 10:59 AM
49
cve
cve

CVE-2016-1648

Use-after-free vulnerability in the GetLoadTimes function in renderer/loadtimes_extension_bindings.cc in the Extensions implementation in Google Chrome before 49.0.2623.108 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript...

8.8CVSS

8.7AI Score

0.021EPSS

2016-03-29 10:59 AM
42
cve
cve

CVE-2016-1647

Use-after-free vulnerability in the RenderWidgetHostImpl::Destroy function in content/browser/renderer_host/render_widget_host_impl.cc in the Navigation implementation in Google Chrome before 49.0.2623.108 allows remote attackers to cause a denial of service or possibly have unspecified other...

8.8CVSS

8.7AI Score

0.012EPSS

2016-03-29 10:59 AM
51
cve
cve

CVE-2016-1646

The Array.prototype.concat implementation in builtins.cc in Google V8, as used in Google Chrome before 49.0.2623.108, does not properly consider element data types, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via crafted....

8.8CVSS

8.7AI Score

0.043EPSS

2016-03-29 10:59 AM
847
In Wild
cve
cve

CVE-2016-3119

The process_db_args function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the LDAP KDB module in kadmind in MIT Kerberos 5 (aka krb5) through 1.13.4 and 1.14.x through 1.14.1 mishandles the DB argument, which allows remote authenticated users to cause a denial of service (NULL pointer...

5.3CVSS

5.3AI Score

0.071EPSS

2016-03-26 01:59 AM
85
Total number of security vulnerabilities1478