SUSE CVE-2015-1395

Directory traversal vulnerability in GNU patch versions which support Git-style patching before 2.7.3 allows remote attackers to write to arbitrary files with the permissions of the target user via a .. dot dot in a diff file name...

SUSE CVE-2015-1472

The ADDW macro in stdio-common/vfscanf.c in the GNU C Library aka glibc or libc6 before 2.21 does not properly consider data-type size during memory allocation, which allows context-dependent attackers to cause a denial of service buffer overflow or possibly have unspecified other impact via a lo...

SUSE CVE-2015-1473

The ADDW macro in stdio-common/vfscanf.c in the GNU C Library aka glibc or libc6 before 2.21 does not properly consider data-type size during a risk-management decision for use of the alloca function, which might allow context-dependent attackers to cause a denial of service segmentation violatio...

SUSE CVE-2015-1607

kbx/keybox-search.c in GnuPG before 1.4.19, 2.0.x before 2.0.27, and 2.1.x before 2.1.2 does not properly handle bitwise left-shifts, which allows remote attackers to cause a denial of service invalid read operation via a crafted keyring file, related to sign extensions and "memcpy with overlappi...

SUSE CVE-2015-1781

Buffer overflow in the gethostbynamer and other unspecified NSS functions in the GNU C Library aka glibc or libc6 before 2.22 allows context-dependent attackers to cause a denial of service crash or execute arbitrary code via a crafted DNS response, which triggers a call with a misaligned buffer...

SUSE CVE-2015-3622

The asn1extractderoctet function in lib/decoding.c in GNU Libtasn1 before 4.5 allows remote attackers to cause a denial of service out-of-bounds heap read via a crafted certificate...

SUSE CVE-2015-4042

Integer overflow in the keycomparemb function in sort.c in sort in GNU Coreutils through 8.23 might allow attackers to cause a denial of service application crash or possibly have unspecified other impact via long strings...

SUSE CVE-2015-4155

GNU Parallel before 20150422, when using 1 --pipe, 2 --tmux, 3 --cat, 4 --fifo, or 5 --compress, allows local users to write to arbitrary files via a symlink attack on a temporary file...

SUSE CVE-2015-4156

GNU Parallel before 20150522 Nepal, when using 1 --cat or 2 --fifo with --sshlogin, allows local users to write to arbitrary files via a symlink attack on a temporary file...

SUSE CVE-2015-5229

The calloc function in the glibc package in Red Hat Enterprise Linux RHEL 6.7 and 7.2 does not properly initialize memory areas, which might allow context-dependent attackers to cause a denial of service hang or crash via unspecified vectors...

SUSE CVE-2015-5276

The std::randomdevice class in libstdc++ in the GNU Compiler Collection aka GCC before 4.9.4 does not properly handle short reads from blocking sources, which makes it easier for context-dependent attackers to predict the random values via unspecified vectors...

SUSE CVE-2015-6806

The MScrollV function in ansi.c in GNU screen 4.3.1 and earlier does not properly limit recursion, which allows remote attackers to cause a denial of service stack consumption via an escape sequence with a large repeat count value...

SUSE CVE-2015-7547

Multiple stack-based buffer overflows in the 1 senddg and 2 sendvc functions in the libresolv library in the GNU C Library aka glibc or libc6 before 2.23 allow remote attackers to cause a denial of service crash or possibly execute arbitrary code via a crafted DNS response that triggers a call to...

SUSE CVE-2015-8107

Format string vulnerability in GNU a2ps 4.14 allows remote attackers to execute arbitrary code...

SUSE CVE-2015-8778

Integer overflow in the GNU C Library aka glibc or libc6 before 2.23 allows context-dependent attackers to cause a denial of service application crash or possibly execute arbitrary code via the size argument to the hcreater function, which triggers out-of-bounds heap-memory access...

SUSE CVE-2015-8779

Stack-based buffer overflow in the catopen function in the GNU C Library aka glibc or libc6 before 2.23 allows context-dependent attackers to cause a denial of service application crash or possibly execute arbitrary code via a long catalog name...

SUSE CVE-2015-8948

idn in GNU libidn before 1.33 might allow remote attackers to obtain sensitive memory information by reading a zero byte as input, which triggers an out-of-bounds read...

SUSE CVE-2015-8972

Stack-based buffer overflow in the ValidateMove function in frontend/move.cc in GNU Chess aka gnuchess before 6.2.4 might allow context-dependent attackers to execute arbitrary code via a large input, as demonstrated when in UCI mode...

SUSE CVE-2015-8982

Integer overflow in the strxfrm function in the GNU C Library aka glibc or libc6 before 2.21 allows context-dependent attackers to cause a denial of service crash or possibly execute arbitrary code via a long string, which triggers a stack-based buffer overflow...

SUSE CVE-2015-8983

Integer overflow in the IOwstroverflow function in libio/wstrops.c in the GNU C Library aka glibc or libc6 before 2.22 allows context-dependent attackers to cause a denial of service application crash or possibly execute arbitrary code via vectors related to computing a size in bytes, which...