Leap Security Vulnerabilities and Issues — Leap CVE List

Lucene search

Opensuse ProjectLeap

35 matches found

CVE•added 2017/12/20 11:29 p.m.•266 views

CVE-2017-17805

The Salsa20 encryption algorithm in the Linux kernel before 4.14.8 does not correctly handle zero-length inputs, allowing a local attacker able to use the AF_ALG-based skcipher interface (CONFIG_CRYPTO_USER_API_SKCIPHER) to cause a denial of service (uninitialized-memory free and kernel crash) or h...

7.8CVSS7.5AI score0.00109EPSS

CVE•added 2017/12/20 11:29 p.m.•181 views

CVE-2017-17806

The HMAC implementation (crypto/hmac.c) in the Linux kernel before 4.14.8 does not validate that the underlying cryptographic hash algorithm is unkeyed, allowing a local attacker able to use the AF_ALG-based hash interface (CONFIG_CRYPTO_USER_API_HASH) and the SHA-3 hash algorithm (CONFIG_CRYPTO_SH...

7.8CVSS7.4AI score0.00042EPSS

CVE•added 2017/07/25 6:29 p.m.•123 views

CVE-2015-5221

Use-after-free vulnerability in the mif_process_cmpt function in libjasper/mif/mif_cod.c in the JasPer JPEG-2000 library before 1.900.2 allows remote attackers to cause a denial of service (crash) via a crafted JPEG 2000 image file.

5.5CVSS5.8AI score0.00276EPSS

CVE•added 2017/08/02 7:29 p.m.•112 views

CVE-2015-5203

Double free vulnerability in the jasper_image_stop_load function in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via a crafted JPEG 2000 image file.

5.5CVSS5.8AI score0.00237EPSS

CVE•added 2017/01/20 3:59 p.m.•101 views

CVE-2016-5317

Buffer overflow in the PixarLogDecode function in libtiff.so in the PixarLogDecode function in libtiff 4.0.6 and earlier, as used in GNOME nautilus, allows attackers to cause a denial of service attack (crash) via a crafted TIFF file.

6.5CVSS7.2AI score0.00611EPSS

CVE•added 2017/01/20 3:59 p.m.•99 views

CVE-2016-5316

Out-of-bounds read in the PixarLogCleanup function in tif_pixarlog.c in libtiff 4.0.6 and earlier allows remote attackers to crash the application by sending a crafted TIFF image to the rgb2ycbcr tool.

6.5CVSS7.4AI score0.00858EPSS

CVE•added 2017/03/20 4:59 p.m.•88 views

CVE-2014-9847

The jng decoder in ImageMagick 6.8.9.9 allows remote attackers to have an unspecified impact.

9.8CVSS6.7AI score0.03463EPSS

CVE•added 2017/03/23 6:59 p.m.•86 views

CVE-2016-9556

The IsPixelGray function in MagickCore/pixel-accessor.h in ImageMagick 7.0.3-8 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted image file.

5.5CVSS6.4AI score0.00228EPSS

CVE•added 2017/03/27 5:59 p.m.•82 views

CVE-2017-6542

The ssh_agent_channel_data function in PuTTY before 0.68 allows remote attackers to have unspecified impact via a large length value in an agent protocol message and leveraging the ability to connect to the Unix-domain socket representing the forwarded agent connection, which trigger a buffer overf...

9.8CVSS9.5AI score0.25845EPSS

CVE•added 2017/12/05 4:29 p.m.•81 views

CVE-2016-1254

Tor before 0.2.8.12 might allow remote attackers to cause a denial of service (client crash) via a crafted hidden service descriptor.

7.5CVSS7AI score0.03038EPSS

CVE•added 2015/11/09 4:59 p.m.•77 views

CVE-2015-5218

Buffer overflow in text-utils/colcrt.c in colcrt in util-linux before 2.27 allows local users to cause a denial of service (crash) via a crafted file, related to the page global variable.

2.1CVSS8.2AI score0.00078EPSS

CVE•added 2017/03/20 4:59 p.m.•73 views

CVE-2014-9848

Memory leak in ImageMagick allows remote attackers to cause a denial of service (memory consumption).

7.5CVSS7.1AI score0.02111EPSS

CVE•added 2017/03/20 4:59 p.m.•72 views

CVE-2014-9845

The ReadDIBImage function in coders/dib.c in ImageMagick allows remote attackers to cause a denial of service (crash) via a corrupted dib file.

5.5CVSS5.8AI score0.00418EPSS

CVE•added 2017/01/20 3:59 p.m.•69 views

CVE-2016-9435

The HTMLtagproc1 function in file.c in w3m before 0.5.3+git20161009 does not properly initialize values, which allows remote attackers to crash the application via a crafted html file, related to tags.

6.5CVSS6.9AI score0.01402EPSS

CVE•added 2017/03/20 4:59 p.m.•68 views

CVE-2014-9846

Buffer overflow in the ReadRLEImage function in coders/rle.c in ImageMagick 6.8.9.9 allows remote attackers to have unspecified impact.

9.8CVSS7AI score0.02589EPSS

CVE•added 2017/04/12 8:59 p.m.•68 views

CVE-2016-9957

Stack-based buffer overflow in game-music-emu before 0.6.1.

7.8CVSS8.7AI score0.00291EPSS

CVE•added 2017/03/20 4:59 p.m.•65 views

CVE-2014-9841

The ReadPSDLayers function in coders/psd.c in ImageMagick 6.8.9.9 allows remote attackers to have unspecified impact via unknown vectors, related to "throwing of exceptions."

9.8CVSS7.6AI score0.01088EPSS

CVE•added 2017/03/20 4:59 p.m.•65 views

CVE-2014-9843

The DecodePSDPixels function in coders/psd.c in ImageMagick 6.8.9.9 allows remote attackers to have unspecified impact via unknown vectors.

9.8CVSS7.6AI score0.01088EPSS

CVE•added 2017/03/20 4:59 p.m.•64 views

CVE-2014-9849

The png coder in ImageMagick allows remote attackers to cause a denial of service (crash).

7.5CVSS7.1AI score0.01602EPSS

CVE•added 2017/03/20 4:59 p.m.•64 views

CVE-2014-9851

ImageMagick 6.8.9.9 allows remote attackers to cause a denial of service (application crash).

7.5CVSS7.1AI score0.02032EPSS

CVE•added 2017/03/23 5:59 p.m.•63 views

CVE-2016-10048

Directory traversal vulnerability in magick/module.c in ImageMagick 6.9.4-7 allows remote attackers to load arbitrary modules via unspecified vectors.

7.5CVSS7.3AI score0.04943EPSS

CVE•added 2017/03/02 9:59 p.m.•62 views

CVE-2016-10068

The MSL interpreter in ImageMagick before 6.9.6-4 allows remote attackers to cause a denial of service (segmentation fault and application crash) via a crafted XML file.

5.5CVSS5.7AI score0.00811EPSS

CVE•added 2017/04/12 8:59 p.m.•62 views

CVE-2016-9958

game-music-emu before 0.6.1 allows remote attackers to write to arbitrary memory locations.

7.8CVSS8.5AI score0.00313EPSS

CVE•added 2017/03/02 9:59 p.m.•61 views

CVE-2016-10069

coders/mat.c in ImageMagick before 6.9.4-5 allows remote attackers to cause a denial of service (application crash) via a mat file with an invalid number of frames.

5.5CVSS5.8AI score0.00571EPSS

CVE•added 2017/01/20 3:59 p.m.•60 views

CVE-2016-9436

parsetagx.c in w3m before 0.5.3+git20161009 does not properly initialize values, which allows remote attackers to crash the application via a crafted html file, related to a tag.

6.5CVSS6.9AI score0.01351EPSS

CVE•added 2017/06/06 6:29 p.m.•60 views

CVE-2016-9961

game-music-emu before 0.6.1 mishandles unspecified integer values.

10CVSS9.3AI score0.02847EPSS

CVE•added 2017/03/15 2:59 p.m.•60 views

CVE-2017-5938

Cross-site scripting (XSS) vulnerability in the nav_path function in lib/viewvc.py in ViewVC before 1.0.14 and 1.1.x before 1.1.26 allows remote attackers to inject arbitrary web script or HTML via the nav_data name.

6.1CVSS5.9AI score0.00631EPSS

CVE•added 2017/03/20 4:59 p.m.•59 views

CVE-2014-9842

Memory leak in the ReadPSDLayers function in coders/psd.c in ImageMagick 6.8.9.9 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors.

7.5CVSS7.1AI score0.02361EPSS

CVE•added 2017/03/24 3:59 p.m.•59 views

CVE-2016-7797

Pacemaker before 1.1.15, when using pacemaker remote, might allow remote attackers to cause a denial of service (node disconnection) via an unauthenticated connection.

7.5CVSS7.2AI score0.02954EPSS

CVE•added 2017/03/20 4:59 p.m.•58 views

CVE-2014-9850

Logic error in ImageMagick 6.8.9.9 allows remote attackers to cause a denial of service (resource consumption).

7.5CVSS7.1AI score0.01602EPSS

CVE•added 2017/06/06 6:29 p.m.•58 views

CVE-2016-9960

game-music-emu before 0.6.1 allows local users to cause a denial of service (divide by zero and process crash).

5.5CVSS6.5AI score0.00102EPSS

CVE•added 2017/03/20 4:59 p.m.•57 views

CVE-2014-9844

The ReadRLEImage function in coders/rle.c in ImageMagick 6.8.9.9 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted image file.

5.5CVSS5.7AI score0.00295EPSS

CVE•added 2017/09/28 1:29 a.m.•53 views

CVE-2015-3138

print-wb.c in tcpdump before 4.7.4 allows remote attackers to cause a denial of service (segmentation fault and process crash).

7.5CVSS8.1AI score0.00935EPSS

CVE•added 2017/03/27 5:59 p.m.•53 views

CVE-2015-8010

Cross-site scripting (XSS) vulnerability in the Classic-UI with the CSV export link and pagination feature in Icinga before 1.14 allows remote attackers to inject arbitrary web script or HTML via the query string to cgi-bin/status.cgi.

6.1CVSS6.2AI score0.00354EPSS

CVE•added 2017/04/12 8:59 p.m.•52 views

CVE-2016-9959

game-music-emu before 0.6.1 allows remote attackers to generate out of bounds 8-bit values.

7.8CVSS8.5AI score0.00313EPSS