Filtered by vendor Opensuse
Subscriptions
Filtered by product Leap
Subscriptions
Total
1917 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-0195 | 5 Fedoraproject, Mariadb, Openssl and 2 more | 7 Fedora, Mariadb, Openssl and 4 more | 2024-08-06 | N/A |
| The dtls1_reassemble_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly validate fragment lengths in DTLS ClientHello messages, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a long non-initial fragment. | ||||
| CVE-2015-8980 | 4 Fedoraproject, Opensuse, Php-gettext Project and 1 more | 4 Fedora, Leap, Php-gettext and 1 more | 2024-08-06 | 9.8 Critical |
| The plural form formula in ngettext family of calls in php-gettext before 1.0.12 allows remote attackers to execute arbitrary code. | ||||
| CVE-2015-8948 | 3 Canonical, Gnu, Opensuse | 4 Ubuntu Linux, Libidn, Leap and 1 more | 2024-08-06 | N/A |
| idn in GNU libidn before 1.33 might allow remote attackers to obtain sensitive memory information by reading a zero byte as input, which triggers an out-of-bounds read. | ||||
| CVE-2015-8874 | 3 Opensuse, Php, Redhat | 3 Leap, Php, Rhel Software Collections | 2024-08-06 | N/A |
| Stack consumption vulnerability in GD in PHP before 5.6.12 allows remote attackers to cause a denial of service via a crafted imagefilltoborder call. | ||||
| CVE-2015-8872 | 3 Canonical, Dosfstools Project, Opensuse | 4 Ubuntu Linux, Dosfstools, Leap and 1 more | 2024-08-06 | N/A |
| The set_fat function in fat.c in dosfstools before 4.0 might allow attackers to corrupt a FAT12 filesystem or cause a denial of service (invalid memory read and crash) by writing an odd number of clusters to the third to last entry on a FAT12 filesystem, which triggers an "off-by-two error." | ||||
| CVE-2015-8863 | 3 Jq Project, Opensuse, Redhat | 4 Jq, Leap, Opensuse and 1 more | 2024-08-06 | N/A |
| Off-by-one error in the tokenadd function in jv_parse.c in jq allows remote attackers to cause a denial of service (crash) via a long JSON-encoded number, which triggers a heap-based buffer overflow. | ||||
| CVE-2015-8866 | 5 Canonical, Opensuse, Php and 2 more | 7 Ubuntu Linux, Leap, Opensuse and 4 more | 2024-08-06 | 9.6 Critical |
| ext/libxml/libxml.c in PHP before 5.5.22 and 5.6.x before 5.6.6, when PHP-FPM is used, does not isolate each thread from libxml_disable_entity_loader changes in other threads, which allows remote attackers to conduct XML External Entity (XXE) and XML Entity Expansion (XEE) attacks via a crafted XML document, a related issue to CVE-2015-5161. | ||||
| CVE-2015-8792 | 2 Matroska, Opensuse | 3 Libmatroska, Leap, Opensuse | 2024-08-06 | N/A |
| The KaxInternalBlock::ReadData function in libMatroska before 1.4.4 allows context-dependent attackers to obtain sensitive information from process heap memory via crafted EBML lacing, which triggers an invalid memory access. | ||||
| CVE-2015-8873 | 3 Opensuse, Php, Redhat | 3 Leap, Php, Rhel Software Collections | 2024-08-06 | 7.5 High |
| Stack consumption vulnerability in Zend/zend_exceptions.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allows remote attackers to cause a denial of service (segmentation fault) via recursive method calls. | ||||
| CVE-2015-8803 | 4 Canonical, Nettle Project, Opensuse and 1 more | 5 Ubuntu Linux, Nettle, Leap and 2 more | 2024-08-06 | N/A |
| The ecc_256_modp function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors, a different vulnerability than CVE-2015-8805. | ||||
| CVE-2015-8864 | 2 Opensuse, Roundcube | 4 Leap, Opensuse, Roundcube Webmail and 1 more | 2024-08-06 | N/A |
| Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 1.0.9 and 1.1.x before 1.1.5 allows remote attackers to inject arbitrary web script or HTML via a crafted SVG, a different vulnerability than CVE-2016-4068. | ||||
| CVE-2015-8805 | 4 Canonical, Nettle Project, Opensuse and 1 more | 5 Ubuntu Linux, Nettle, Leap and 2 more | 2024-08-06 | N/A |
| The ecc_256_modq function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors, a different vulnerability than CVE-2015-8803. | ||||
| CVE-2015-8804 | 4 Canonical, Nettle Project, Opensuse and 1 more | 5 Ubuntu Linux, Nettle, Leap and 2 more | 2024-08-06 | N/A |
| x86_64/ecc-384-modp.asm in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-384 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors. | ||||
| CVE-2015-8629 | 5 Debian, Mit, Opensuse and 2 more | 13 Debian Linux, Kerberos 5, Leap and 10 more | 2024-08-06 | 5.3 Medium |
| The xdr_nullstring function in lib/kadm5/kadm_rpc_xdr.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 does not verify whether '\0' characters exist as expected, which allows remote authenticated users to obtain sensitive information or cause a denial of service (out-of-bounds read) via a crafted string. | ||||
| CVE-2015-8631 | 5 Debian, Mit, Opensuse and 2 more | 12 Debian Linux, Kerberos 5, Leap and 9 more | 2024-08-06 | 6.5 Medium |
| Multiple memory leaks in kadmin/server/server_stubs.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 allow remote authenticated users to cause a denial of service (memory consumption) via a request specifying a NULL principal name. | ||||
| CVE-2015-8614 | 2 Claws-mail, Opensuse | 3 Claws-mail, Leap, Opensuse | 2024-08-06 | N/A |
| Multiple stack-based buffer overflows in the (1) conv_jistoeuc, (2) conv_euctojis, and (3) conv_sjistoeuc functions in codeconv.c in Claws Mail before 3.13.1 allow remote attackers to have unspecified impact via a crafted email, involving Japanese character set conversion. | ||||
| CVE-2015-8547 | 2 Opensuse, Quassel-irc | 3 Leap, Opensuse, Quassel | 2024-08-06 | N/A |
| The CoreUserInputHandler::doMode function in core/coreuserinputhandler.cpp in Quassel 0.10.0 allows remote attackers to cause a denial of service (application crash) via the "/op *" command in a query. | ||||
| CVE-2015-8618 | 2 Golang, Opensuse | 2 Go, Leap | 2024-08-06 | N/A |
| The Int.Exp Montgomery code in the math/big library in Go 1.5.x before 1.5.3 mishandles carry propagation and produces incorrect output, which makes it easier for attackers to obtain private RSA keys via unspecified vectors. | ||||
| CVE-2015-8567 | 6 Canonical, Debian, Fedoraproject and 3 more | 10 Ubuntu Linux, Debian Linux, Fedora and 7 more | 2024-08-06 | 7.7 High |
| Memory leak in net/vmxnet3.c in QEMU allows remote attackers to cause a denial of service (memory consumption). | ||||
| CVE-2015-8126 | 9 Apple, Canonical, Debian and 6 more | 24 Mac Os X, Ubuntu Linux, Debian Linux and 21 more | 2024-08-06 | N/A |
| Multiple buffer overflows in the (1) png_set_PLTE and (2) png_get_PLTE functions in libpng before 1.0.64, 1.1.x and 1.2.x before 1.2.54, 1.3.x and 1.4.x before 1.4.17, 1.5.x before 1.5.24, and 1.6.x before 1.6.19 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image. | ||||