Lucene search

K
OpensuseLeap

1897 matches found

CVE
CVE
added 2016/06/13 7:59 p.m.56 views

CVE-2016-4579

Libksba before 1.3.4 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via unspecified vectors, related to the "returned length of the object from _ksba_ber_parse_tl."

7.5CVSS7.2AI score0.0218EPSS
CVE
CVE
added 2016/09/26 4:59 p.m.56 views

CVE-2016-6172

PowerDNS (aka pdns) Authoritative Server before 4.0.1 allows remote primary DNS servers to cause a denial of service (memory exhaustion and secondary DNS server crash) via a large (1) AXFR or (2) IXFR response.

7.1CVSS6.7AI score0.00014EPSS
CVE
CVE
added 2017/03/23 4:59 p.m.56 views

CVE-2016-6225

xbcrypt in Percona XtraBackup before 2.3.6 and 2.4.x before 2.4.5 does not properly set the initialization vector (IV) for encryption, which makes it easier for context-dependent attackers to obtain sensitive information from encrypted backup files via a Chosen-Plaintext attack. NOTE: this vulnerab...

5.9CVSS5.2AI score0.00307EPSS
CVE
CVE
added 2016/04/08 3:59 p.m.55 views

CVE-2015-5969

The mysql-systemd-helper script in the mysql-community-server package before 5.6.28-2.17.1 in openSUSE 13.2 and before 5.6.28-13.1 in openSUSE Leap 42.1 and the mariadb package before 10.0.22-2.21.2 in openSUSE 13.2 and before 10.0.22-3.1 in SUSE Linux Enterprise (SLE) 12.1 and openSUSE Leap 42.1 a...

6.2CVSS6AI score0.00134EPSS
CVE
CVE
added 2016/05/23 7:59 p.m.55 views

CVE-2016-3959

The Verify function in crypto/dsa/dsa.go in Go before 1.5.4 and 1.6.x before 1.6.1 does not properly check parameters passed to the big integer library, which might allow remote attackers to cause a denial of service (infinite loop) via a crafted public key to a program that uses HTTPS client certi...

7.5CVSS7.1AI score0.03345EPSS
CVE
CVE
added 2018/05/08 12:29 p.m.55 views

CVE-2018-10380

kwallet-pam in KDE KWallet before 5.12.6 allows local users to obtain ownership of arbitrary files via a symlink attack.

7.8CVSS7.1AI score0.00018EPSS
CVE
CVE
added 2016/10/03 9:59 p.m.54 views

CVE-2013-4118

FreeRDP before 1.1.0-beta1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via unspecified vectors.

7.5CVSS7.2AI score0.01902EPSS
CVE
CVE
added 2015/12/03 8:59 p.m.54 views

CVE-2015-8078

Integer overflow in the index_urlfetch function in imap/index.c in Cyrus IMAP 2.3.19, 2.4.18, and 2.5.6 allows remote attackers to have unspecified impact via vectors related to urlfetch range checks and the section_offset variable. NOTE: this vulnerability exists because of an incomplete fix for C...

7.5CVSS4.3AI score0.02628EPSS
CVE
CVE
added 2016/01/29 7:59 p.m.54 views

CVE-2015-8792

The KaxInternalBlock::ReadData function in libMatroska before 1.4.4 allows context-dependent attackers to obtain sensitive information from process heap memory via crafted EBML lacing, which triggers an invalid memory access.

5.3CVSS4.9AI score0.00312EPSS
CVE
CVE
added 2016/07/03 1:59 a.m.54 views

CVE-2016-5739

The Transformation implementation in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 does not use the no-referrer Content Security Policy (CSP) protection mechanism, which makes it easier for remote attackers to conduct CSRF attacks by reading an authentication toke...

7.5CVSS8.4AI score0.00901EPSS
CVE
CVE
added 2023/09/19 4:15 p.m.54 views

CVE-2023-32182

A Improper Link Resolution Before File Access ('Link Following') vulnerability in SUSE SUSE Linux Enterprise Desktop 15 SP5 postfix, SUSE SUSE Linux Enterprise High Performance Computing 15 SP5 postfix, SUSE openSUSE Leap 15.5 postfix.This issue affects SUSE Linux Enterprise Desktop 15 SP5: before ...

7.8CVSS7.4AI score0.00022EPSS
CVE
CVE
added 2017/09/28 1:29 a.m.53 views

CVE-2015-3138

print-wb.c in tcpdump before 4.7.4 allows remote attackers to cause a denial of service (segmentation fault and process crash).

7.5CVSS8.1AI score0.00935EPSS
CVE
CVE
added 2017/03/27 5:59 p.m.53 views

CVE-2015-8010

Cross-site scripting (XSS) vulnerability in the Classic-UI with the CSV export link and pagination feature in Icinga before 1.14 allows remote attackers to inject arbitrary web script or HTML via the query string to cgi-bin/status.cgi.

6.1CVSS6.2AI score0.00354EPSS
CVE
CVE
added 2016/07/03 1:59 a.m.53 views

CVE-2016-5731

Cross-site scripting (XSS) vulnerability in examples/openid.php in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allows remote attackers to inject arbitrary web script or HTML via vectors involving an OpenID error message.

6.1CVSS6.7AI score0.00408EPSS
CVE
CVE
added 2016/09/22 3:59 p.m.53 views

CVE-2016-6265

Use-after-free vulnerability in the pdf_load_xref function in pdf/pdf-xref.c in MuPDF allows remote attackers to cause a denial of service (crash) via a crafted PDF file.

5.5CVSS5.2AI score0.00498EPSS
CVE
CVE
added 2016/07/03 1:59 a.m.52 views

CVE-2016-5703

SQL injection vulnerability in libraries/central_columns.lib.php in phpMyAdmin 4.4.x before 4.4.15.7 and 4.6.x before 4.6.3 allows remote attackers to execute arbitrary SQL commands via a crafted database name that is mishandled in a central column query.

9.8CVSS9.6AI score0.01544EPSS
CVE
CVE
added 2017/04/12 8:59 p.m.52 views

CVE-2016-9959

game-music-emu before 0.6.1 allows remote attackers to generate out of bounds 8-bit values.

7.8CVSS8.5AI score0.00313EPSS
CVE
CVE
added 2016/05/06 5:59 p.m.51 views

CVE-2015-8863

Off-by-one error in the tokenadd function in jv_parse.c in jq allows remote attackers to cause a denial of service (crash) via a long JSON-encoded number, which triggers a heap-based buffer overflow.

10CVSS8AI score0.15664EPSS
CVE
CVE
added 2016/04/12 2:59 p.m.51 views

CVE-2016-1866

Salt 2015.8.x before 2015.8.4 does not properly handle clear messages on the minion, which allows man-in-the-middle attackers to execute arbitrary code by inserting packets into the minion-master data stream.

8.1CVSS8.2AI score0.00893EPSS
CVE
CVE
added 2016/06/13 7:59 p.m.51 views

CVE-2016-4414

The onReadyRead function in core/coreauthhandler.cpp in Quassel before 0.12.4 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via invalid handshake data.

7.5CVSS7.1AI score0.02898EPSS
CVE
CVE
added 2016/07/03 1:59 a.m.50 views

CVE-2016-5730

phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allows remote attackers to obtain sensitive information via vectors involving (1) an array value to FormDisplay.php, (2) incorrect data to validate.php, (3) unexpected data to Validator.php, (4) a missing config direct...

5.3CVSS6.6AI score0.00954EPSS
CVE
CVE
added 2016/10/03 9:59 p.m.50 views

CVE-2016-6905

The read_image_tga function in gd_tga.c in the GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA image.

6.5CVSS6.2AI score0.01086EPSS
CVE
CVE
added 2015/12/03 8:59 p.m.49 views

CVE-2015-8077

Integer overflow in the index_urlfetch function in imap/index.c in Cyrus IMAP 2.3.19, 2.4.18, and 2.5.6 allows remote attackers to have unspecified impact via vectors related to urlfetch range checks and the start_octet variable. NOTE: this vulnerability exists because of an incomplete fix for CVE-...

7.5CVSS4.3AI score0.03429EPSS
CVE
CVE
added 2016/02/20 1:59 a.m.49 views

CVE-2016-2042

phpMyAdmin 4.4.x before 4.4.15.3 and 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted request to (1) libraries/phpseclib/Crypt/AES.php or (2) libraries/phpseclib/Crypt/Rijndael.php, which reveals the full path in an error message.

5.3CVSS5.1AI score0.00603EPSS
CVE
CVE
added 2016/04/13 4:59 p.m.49 views

CVE-2016-3982

Off-by-one error in the bmp_rle4_fread function in pngxrbmp.c in OptiPNG before 0.7.6 allows remote attackers to cause a denial of service (out-of-bounds read or write access and crash) or possibly execute arbitrary code via a crafted image file, which triggers a heap-based buffer overflow.

8.8CVSS8.9AI score0.01934EPSS
CVE
CVE
added 2016/06/13 7:59 p.m.49 views

CVE-2016-4574

Off-by-one error in the append_utf8_value function in the DN decoder (dn.c) in Libksba before 1.3.4 allows remote attackers to cause a denial of service (out-of-bounds read) via invalid utf-8 encoded data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-4356.

7.5CVSS7.3AI score0.0109EPSS
CVE
CVE
added 2016/09/26 3:59 p.m.48 views

CVE-2016-5746

libstorage, libstorage-ng, and yast-storage improperly store passphrases for encrypted storage devices in a temporary file on disk, which might allow local users to obtain sensitive information by reading the file, as demonstrated by /tmp/libstorage-XXXXXX/pwdf.

5.1CVSS4.8AI score0.00058EPSS
CVE
CVE
added 2016/02/20 1:59 a.m.46 views

CVE-2016-2043

Cross-site scripting (XSS) vulnerability in the goToFinish1NF function in js/normalization.js in phpMyAdmin 4.4.x before 4.4.15.3 and 4.5.x before 4.5.4 allows remote authenticated users to inject arbitrary web script or HTML via a table name to the normalization page.

5.4CVSS5.1AI score0.00405EPSS
CVE
CVE
added 2016/07/26 5:59 p.m.46 views

CVE-2016-3992

cronic before 3 allows local users to write to arbitrary files via a symlink attack on a (1) cronic.out.$$, (2) cronic.err.$$, or (3) cronic.trace.$$ file in /tmp.

6.2CVSS6.1AI score0.00059EPSS
CVE
CVE
added 2016/08/25 6:59 p.m.46 views

CVE-2016-4069

Cross-site request forgery (CSRF) vulnerability in Roundcube Webmail before 1.1.5 allows remote attackers to hijack the authentication of users for requests that download attachments and cause a denial of service (disk consumption) via unspecified vectors.

8.8CVSS8.5AI score0.01131EPSS
CVE
CVE
added 2016/01/08 7:59 p.m.45 views

CVE-2015-7758

Gummi 0.6.5 allows local users to write to arbitrary files via a symlink attack on a temporary dot file that uses the name of an existing file and a (1) .aux, (2) .log, (3) .out, (4) .pdf, or (5) .toc extension for the file name, as demonstrated by .thesis.tex.aux.

3.3CVSS3.9AI score0.00048EPSS
CVE
CVE
added 2016/01/08 7:59 p.m.45 views

CVE-2015-8547

The CoreUserInputHandler::doMode function in core/coreuserinputhandler.cpp in Quassel 0.10.0 allows remote attackers to cause a denial of service (application crash) via the "/op *" command in a query.

7.5CVSS7.2AI score0.02362EPSS
CVE
CVE
added 2012/08/31 8:55 p.m.44 views

CVE-2012-3534

GNU Gatekeeper before 3.1 does not limit the number of connections to the status port, which allows remote attackers to cause a denial of service (connection and thread consumption) via a large number of connections.

5CVSS6.5AI score0.01691EPSS
CVE
CVE
added 2016/06/13 7:59 p.m.44 views

CVE-2014-9773

modules/chanserv/flags.c in Atheme before 7.2.7 allows remote attackers to modify the Anope FLAGS behavior by registering and dropping the (1) LIST, (2) CLEAR, or (3) MODIFY keyword nicks.

7.5CVSS7.4AI score0.00394EPSS
CVE
CVE
added 2016/01/27 8:59 p.m.43 views

CVE-2015-8618

The Int.Exp Montgomery code in the math/big library in Go 1.5.x before 1.5.3 mishandles carry propagation and produces incorrect output, which makes it easier for attackers to obtain private RSA keys via unspecified vectors.

7.5CVSS7.2AI score0.00735EPSS
CVE
CVE
added 2016/12/23 10:59 p.m.43 views

CVE-2016-2312

Turning all screens off in Plasma-workspace and kscreenlocker while the lock screen is shown can result in the screen being unlocked when turning a screen on again.

6.8CVSS6.4AI score0.00077EPSS
CVE
CVE
added 2016/06/30 5:59 p.m.41 views

CVE-2016-5301

The parse_chunk_header function in libtorrent before 1.1.1 allows remote attackers to cause a denial of service (crash) via a crafted (1) HTTP response or possibly a (2) UPnP broadcast.

7.5CVSS7.4AI score0.01385EPSS
CVE
CVE
added 2016/12/23 10:59 p.m.41 views

CVE-2016-7787

A maliciously crafted command line for kdesu can result in the user only seeing part of the commands that will actually get executed as super user.

4.9CVSS5.2AI score0.0054EPSS
CVE
CVE
added 2018/03/05 6:29 p.m.41 views

CVE-2017-18215

xvpng.c in xv 3.10a has memory corruption (out-of-bounds write) when decoding PNG comment fields, leading to crashes or potentially code execution, because it uses an incorrect length value.

9.8CVSS9.6AI score0.01153EPSS
CVE
CVE
added 2017/09/08 6:29 p.m.39 views

CVE-2016-5759

The mkdumprd script called "dracut" in the current working directory "." allows local users to trick the administrator into executing code as root.

7.8CVSS7.4AI score0.00029EPSS
CVE
CVE
added 2018/10/09 1:29 p.m.39 views

CVE-2018-12477

A Improper Neutralization of CRLF Sequences vulnerability in Open Build Service allows remote attackers to cause deletion of directories by tricking obs-service-refresh_patches to delete them. Affected releases are openSUSE Open Build Service: versions prior to d6244245dda5367767efc989446fe4b5e4609...

7.5CVSS5.6AI score0.00315EPSS
CVE
CVE
added 2020/06/29 12:15 p.m.39 views

CVE-2020-8014

A UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of kopano-spamd of openSUSE Leap 15.1, openSUSE Tumbleweed allowed local attackers with the privileges of the kopano user to escalate to root. This issue affects: openSUSE Leap 15.1 kopano-spamd versions prior to 10.0.5-lp151.4...

7.8CVSS7.5AI score0.00034EPSS
CVE
CVE
added 2016/07/13 3:59 p.m.38 views

CVE-2016-3100

kinit in KDE Frameworks before 5.23.0 uses weak permissions (644) for /tmp/xauth-xxx-_y, which allows local users to obtain X11 cookies of other users and consequently capture keystrokes and possibly gain privileges by reading the file.

8.4CVSS8.1AI score0.00071EPSS
CVE
CVE
added 2018/03/01 8:29 p.m.38 views

CVE-2017-9286

The packaging of NextCloud in openSUSE used /srv/www/htdocs in an unsafe manner, which could have allowed scripts running as wwwrun user to escalate privileges to root during nextcloud package upgrade.

9CVSS8.4AI score0.0021EPSS
CVE
CVE
added 2020/01/24 12:15 p.m.37 views

CVE-2019-3697

UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of gnump3d in openSUSE Leap 15.1 allows local attackers to escalate from user gnump3d to root. This issue affects: openSUSE Leap 15.1 gnump3d version 3.0-lp151.2.1 and prior versions.

7.8CVSS7.6AI score0.00129EPSS
CVE
CVE
added 2016/04/13 2:59 p.m.34 views

CVE-2016-4007

Multiple unspecified vulnerabilities in the obs-service-extract_file package before 0.3-5.1 in openSUSE Leap 42.1 and before 0.3-3.1 in openSUSE 13.2 allow attackers to execute arbitrary commands via a service definition, related to executing unzip with "illegal options."

10CVSS9.7AI score0.01314EPSS
CVE
CVE
added 2019/03/14 9:29 a.m.29 views

CVE-2019-9772

An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a NULL pointer dereference in the function dwg_dxf_LEADER at dwg.spec.

7.5CVSS8.2AI score0.02442EPSS
Total number of security vulnerabilities1897