Lucene search
K
Opensuse ProjectLeap

35 matches found

CVE
CVE
added 2017/12/20 11:0 p.m.294 views

CVE-2017-17805

CVE-2017-17805 affects the Linux kernel prior to 4.14.8. The Salsa20 cipher implementation (crypto/salsa20_generic.c and arch/x86/crypto/salsa20_glue.c) mishandles zero-length inputs, allowing a local attacker to use the AF_ALG-based skcipher interface to trigger uninitialized memory free and ker...

7.8CVSS7.5AI score0.00428EPSS
CVE
CVE
added 2017/12/20 11:0 p.m.207 views

CVE-2017-17806

CVE-2017-17806 affects the Linux kernel before 4.14.8. The HMAC implementation (crypto/hmac.c) does not validate that the underlying hash algorithm is unkeyed, allowing a local attacker who can use the AF_ALG-based hash interface (CONFIG_CRYPTO_USER_API_HASH) and SHA-3 (CONFIG_CRYPTO_SHA3) to tri...

7.8CVSS7.4AI score0.00561EPSS
CVE
CVE
added 2017/07/25 6:0 p.m.139 views

CVE-2015-5221

CVE-2015-5221 is a vulnerability in the JasPer JPEG-2000 library (libjasper/mif/mif_cod.c, function mif_process_cmpt). Multiple connected sources confirm a memory safety issue in this area: the core flaw is described as a use-after-free or memory misreference in the mif_process_cmpt path, exploit...

5.5CVSS5.8AI score0.0219EPSS
CVE
CVE
added 2017/08/02 7:0 p.m.135 views

CVE-2015-5203

CVE-2015-5203 is a double-free flaw in JasPer’s jasper_image_stop_load() used when processing certain JPEG 2000 images. Backed by multiple connected advisories, this vulnerability can allow a remote attacker to crash an application or, in some reports, potentially execute arbitrary code. Affected...

5.5CVSS5.8AI score0.01928EPSS
CVE
CVE
added 2017/03/20 4:0 p.m.113 views

CVE-2014-9847

ImageMagick CVE-2014-9847 concerns the jng decoder. Multiple connected sources confirm a remote denial-of-service possibility: a crafted JNG file can cause the application to crash. The vulnerability affects ImageMagick 6.8.9.9 (jng decoder) and is described in CNVD-2017-04496 as a DoS in the jng...

9.8CVSS6.7AI score0.04584EPSS
CVE
CVE
added 2017/01/20 3:0 p.m.113 views

CVE-2016-5316

The CVE-2016-5316 entry concerns the LibTIFF library. Affected component: libtiff

6.5CVSS7.4AI score0.02168EPSS
CVE
CVE
added 2017/01/20 3:0 p.m.112 views

CVE-2016-5317

CVE-2016-5317 is a vulnerability in the libTIFF library: a buffer/write issue in the PixarLogDecode() path within libtiff, affecting 4.0.6 and earlier. Exploitation via a crafted TIFF file could crash the host application (DoS) and, in some reports, may enable arbitrary code execution in certain ...

6.5CVSS7.2AI score0.01946EPSS
CVE
CVE
added 2017/03/23 6:0 p.m.107 views

CVE-2016-9556

Technical details for CVE-2016-9556 are not available in the provided connected documents; only the core description and references are present. Monitor official advisories for updates.

5.5CVSS6.4AI score0.02277EPSS
CVE
CVE
added 2017/03/27 5:0 p.m.103 views

CVE-2017-6542

CVE-2017-6542 affects PuTTY before 0.68. The vulnerability lies in the ssh_agent_channel_data function processing forwarded SSH agent messages; a large length value can trigger a heap-based buffer overflow, potentially enabling remote code execution or other impact when agent forwarding is used. ...

9.8CVSS9.5AI score0.21816EPSS
CVE
CVE
added 2017/12/05 4:0 p.m.99 views

CVE-2016-1254

Tor before 0.2.8.12 is affected by CVE-2016-1254. The vulnerability arises from parsing hidden service descriptors and can cause a denial-of-service client crash. Affected products are Tor releases prior to 0.2.8.12; exploitation details are not provided beyond the crash condition. Remediation is...

7.5CVSS7AI score0.03004EPSS
CVE
CVE
added 2017/03/20 4:0 p.m.97 views

CVE-2014-9848

Memory leak in ImageMagick (CVE-2014-9848) allows remote attackers to cause a denial of service via crafted inputs. Affected software component is ImageMagick; root cause is a memory leak leading to memory consumption. The connected documents do not specify a patch or fixed version; some advisori...

7.5CVSS7.1AI score0.03734EPSS
CVE
CVE
added 2015/11/09 4:0 p.m.97 views

CVE-2015-5218

CVE-2015-5218 is a buffer overflow in util-linux's text-utils/colcrt.c (colcrt) that allows a local user to crash the system via a crafted file. The description states the issue and the mitigation path provided here is for CP4S: upgrade Cloud Pak for Security to 1.9.0 (per remediation section); n...

2.1CVSS8.2AI score0.00612EPSS
CVE
CVE
added 2017/03/20 4:0 p.m.91 views

CVE-2014-9846

CVE-2014-9846 involves a buffer overflow in the ReadRLEImage function (coders/rle.c) of ImageMagick, exposed in at least ImageMagick 6.8.9.9. Remote, unauthenticated attackers could trigger an overflow, with impact described as unspecified in the CVE record. The connected OpenVAS/Nessus entries c...

9.8CVSS7AI score0.04852EPSS
CVE
CVE
added 2017/03/20 4:0 p.m.86 views

CVE-2014-9845

CVE-2014-9845 : ImageMagick’s ReadDIBImage function (coders/dib.c) is vulnerable to a denial of service by processing a corrupted DIB file. The vulnerability exists in the ImageMagick code path that reads DIB images. The connected sources confirm the affected component and the crash outcome but d...

5.5CVSS5.8AI score0.01946EPSS
CVE
CVE
added 2017/04/12 8:0 p.m.86 views

CVE-2016-9957

Summary: CVE-2016-9957 corresponds to a stack-based buffer overflow in the Game Music Emu library prior to version 0.6.1. Multiple connected advisories (Gentoo GLSA-201707-02, Fedora advisories) describe a remotely triggerable condition: a user could be enticed to open a specially crafted SPC mus...

7.8CVSS8.7AI score0.01928EPSS
CVE
CVE
added 2017/03/20 4:0 p.m.85 views

CVE-2014-9843

CVE-2014-9843 : In ImageMagick 6.8.9.9, the DecodePSDPixels function in coders/psd.c is vulnerable. Remote attackers may exploit via unknown vectors to achieve unspecified impact. The provided connected documents do not specify concrete exploit paths, affected versions beyond 6.8.9.9, or remediat...

9.8CVSS7.6AI score0.03933EPSS
CVE
CVE
added 2017/03/20 4:0 p.m.85 views

CVE-2014-9851

CVE-2014-9851 affects ImageMagick 6.8.9.9 and allows remote attackers to cause a denial of service (application crash). The vulnerability is documented in multiple feeds (including CNVD and OSV) with the issue described as a remote DoS via crafted input. Available connected sources confirm the pr...

7.5CVSS7.1AI score0.03702EPSS
CVE
CVE
added 2017/01/20 3:0 p.m.85 views

CVE-2016-9435

CVE-2016-9435 affects the w3m HTML renderer. The HTMLtagproc1 function in file.c does not properly initialize values in w3m before 0.5.3+git20161009, allowing remote attackers to crash the application via a crafted HTML file (notably involving tags). The vulnerability could cause a denial of ser...

6.5CVSS6.9AI score0.03325EPSS
CVE
CVE
added 2017/06/06 6:0 p.m.83 views

CVE-2016-9960

CVE-2016-9960 affects game-music-emu prior to 0.6.1, allowing local users to cause a denial-of-service via a divide-by-zero that crashes the process. The NVD entry documents the vulnerability; Gentoo GLSA-201707-02 and Gentoo advisories describe multiple vulnerabilities in Game Music Emu and reco...

5.5CVSS6.5AI score0.0053EPSS
CVE
CVE
added 2017/03/20 4:0 p.m.82 views

CVE-2014-9841

CVE-2014-9841 affects ImageMagick, with the ReadPSDLayers function in coders/psd.c vulnerable to remote exploitation via unknown vectors, related to throwing of exceptions. Public references in the provided documents confirm ImageMagick 6.8.9.9 exposure and list CVE-2014-9841 among vulnerabilitie...

9.8CVSS7.6AI score0.03933EPSS
CVE
CVE
added 2017/03/23 5:0 p.m.82 views

CVE-2016-10048

CVE-2016-10048 affects ImageMagick. The case details a directory traversal vulnerability in magick/module.c that allows remote attackers to load arbitrary modules via unspecified vectors. The connected feeds document the CVE in unpatched Red Hat advisories, but do not specify a public patch versi...

7.5CVSS7.3AI score0.06534EPSS
CVE
CVE
added 2017/03/02 9:0 p.m.82 views

CVE-2016-10068

CVE-2016-10068 : The MSL interpreter in ImageMagick prior to 6.9.6-4 allows a remote attacker to trigger a denial of service (segmentation fault and application crash) via a crafted XML file. The connected documents corroborate that this vulnerability affects ImageMagick before 6.9.6-4 and descri...

5.5CVSS5.7AI score0.01889EPSS
CVE
CVE
added 2017/03/20 4:0 p.m.81 views

CVE-2014-9849

CVE-2014-9849 : The png coder in ImageMagick is vulnerable to remote denial of service, allowing a remote attacker to crash the process. The description in the initial document confirms a DoS via the png coder, and connected sources reiterate the same CVE with no additional exploit details. The p...

7.5CVSS7.1AI score0.03618EPSS
CVE
CVE
added 2017/04/12 8:0 p.m.79 views

CVE-2016-9958

CVE-2016-9958 affects Game Music Emu, prior to version 0.6.1. The vulnerability enables a remote attacker to cause arbitrary memory writes, potentially enabling arbitrary code execution or DoS when opening a crafted SPC file. Public sources (Gentoo GLSA 201707-02 and related advisories) instruct ...

7.8CVSS8.5AI score0.0233EPSS
CVE
CVE
added 2017/06/06 6:0 p.m.79 views

CVE-2016-9961

CVE-2016-9961 affects Game Music Emu (game-music-emu) prior to version 0.6.1, where unspecified integer values are mishandled. The vulnerability can allow a remote attacker to entice a user to open a specially crafted SPC music file, potentially resulting in arbitrary code execution or a Denial o...

10CVSS9.3AI score0.04364EPSS
CVE
CVE
added 2017/03/20 4:0 p.m.78 views

CVE-2014-9844

CVE-2014-9844 affects ImageMagick 6.8.9.9, where the ReadRLEImage function in coders/rle.c is vulnerable. A crafted image file can trigger an out-of-bounds read, enabling a remote denial of service. The vulnerability is tied to processing of RLE-encoded data within ImageMagick. The provided conne...

5.5CVSS5.7AI score0.02054EPSS
CVE
CVE
added 2017/03/27 5:0 p.m.78 views

CVE-2015-8010

The CVE-2015-8010 issue is a Cross-Site Scripting (XSS) vulnerability in Icinga’s Classic-UI, exploitable via the CSV export link and pagination on cgi-bin/status.cgi. Affected software is Icinga prior to 1.14; the vulnerability is triggered by unvalidated query string input, allowing remote atta...

6.1CVSS6.2AI score0.01486EPSS
Web
CVE
CVE
added 2017/03/02 9:0 p.m.78 views

CVE-2016-10069

CVE-2016-10069 affects ImageMagick (before 6.9.4-5). The vulnerability in coders/mat.c allows a remote attacker to cause an application crash (DoS) by sending a MAT file with an invalid number of frames. The issue is triggered during MAT file processing, leading to denial of service without requi...

5.5CVSS5.8AI score0.01883EPSS
CVE
CVE
added 2017/01/20 3:0 p.m.75 views

CVE-2016-9436

CVE-2016-9436 affects the w3m HTML rendering component, specifically parsetagx.c, where an improper initialization of values in versions before 0.5.3+git20161009 can lead to a crash when parsing a crafted HTML file (related to a tag). The vulnerability is triggered remotely via crafted input, ca...

6.5CVSS6.9AI score0.03325EPSS
CVE
CVE
added 2017/03/24 3:0 p.m.74 views

CVE-2016-7797

CVE-2016-7797 affects Pacemaker prior to 1.1.15. The issue can allow a remote, unauthenticated attacker (via pacemaker remote) to cause a denial of service resulting in node disconnection. The connected sources corroborate the high-level impact and reference related advisories (e.g., RHSA-2016:25...

7.5CVSS7.2AI score0.0325EPSS
CVE
CVE
added 2017/04/12 8:0 p.m.74 views

CVE-2016-9959

CVE-2016-9959 affects Game Music Emu prior to 0.6.1. The vulnerability allows a remote attacker to cause out-of-bounds 8-bit values in SPC/music processing, as described by NVD. Consequences are stated as enabling potential arbitrary behavior from crafted inputs; exploitation details are not prov...

7.8CVSS8.5AI score0.0233EPSS
CVE
CVE
added 2017/03/20 4:0 p.m.73 views

CVE-2014-9842

CVE-2014-9842 affects ImageMagick 6.8.9.9, where a memory leak in the ReadPSDLayers function (coders/psd.c) can allow remote attackers to cause a denial of service via memory consumption. The vectors are unspecified in the provided description. No explicit exploitation details or patch/remediatio...

7.5CVSS7.1AI score0.03618EPSS
CVE
CVE
added 2017/03/20 4:0 p.m.73 views

CVE-2014-9850

CVE-2014-9850 describes a logic error in ImageMagick 6.8.9.9 that can allow remote attackers to cause a denial of service through resource consumption. The provided documents do not include further technical details (e.g., vulnerable component specifics, affected versions beyond 6.8.9.9, or expli...

7.5CVSS7.1AI score0.03618EPSS
CVE
CVE
added 2017/03/15 2:0 p.m.73 views

CVE-2017-5938

CVE-2017-5938 is a Cross-site scripting (XSS) vulnerability in ViewVC’s nav_path function (lib/viewvc.py). Affected: ViewVC versions before 1.0.14 and 1.1.x before 1.1.26. Impact: remote attackers can inject arbitrary JavaScript/HTML via the nav_data name. Mitigation: upgrade to ViewVC 1.1.26 (or...

6.1CVSS5.9AI score0.01318EPSS
CVE
CVE
added 2017/09/27 6:0 p.m.65 views

CVE-2015-3138

CVE-2015-3138 affects tcpdump before version 4.7.4, where print-wb.c can be exploited remotely to cause a denial of service (segmentation fault and process crash). The vulnerability is triggered via crafted input that impacts the WB (print-wb) path. The available description specifies the vulnera...

7.5CVSS8.1AI score0.02284EPSS