Filtered by vendor Opensuse
Subscriptions
Filtered by product Leap
Subscriptions
Total
1917 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-4069 | 2 Opensuse, Roundcube | 2 Leap, Webmail | 2024-11-21 | N/A |
| Cross-site request forgery (CSRF) vulnerability in Roundcube Webmail before 1.1.5 allows remote attackers to hijack the authentication of users for requests that download attachments and cause a denial of service (disk consumption) via unspecified vectors. | ||||
| CVE-2016-4068 | 2 Opensuse, Roundcube | 4 Leap, Opensuse, Roundcube Webmail and 1 more | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 1.0.9 and 1.1.x before 1.1.5 allows remote attackers to inject arbitrary web script or HTML via a crafted SVG, a different vulnerability than CVE-2015-8864. | ||||
| CVE-2016-4049 | 3 Opensuse, Quagga, Redhat | 4 Leap, Opensuse, Quagga and 1 more | 2024-11-21 | N/A |
| The bgp_dump_routes_func function in bgpd/bgp_dump.c in Quagga does not perform size checks when dumping data, which might allow remote attackers to cause a denial of service (assertion failure and daemon crash) via a large BGP packet. | ||||
| CVE-2016-4036 | 1 Opensuse | 2 Leap, Opensuse | 2024-11-21 | N/A |
| The quagga package before 0.99.23-2.6.1 in openSUSE and SUSE Linux Enterprise Server 11 SP 1 uses weak permissions for /etc/quagga, which allows local users to obtain sensitive information by reading files in the directory. | ||||
| CVE-2016-4007 | 1 Opensuse | 2 Leap, Opensuse | 2024-11-21 | N/A |
| Multiple unspecified vulnerabilities in the obs-service-extract_file package before 0.3-5.1 in openSUSE Leap 42.1 and before 0.3-3.1 in openSUSE 13.2 allow attackers to execute arbitrary commands via a service definition, related to executing unzip with "illegal options." | ||||
| CVE-2016-3992 | 3 Cronic Project, Debian, Opensuse | 4 Cronic, Debian Linux, Leap and 1 more | 2024-11-21 | N/A |
| cronic before 3 allows local users to write to arbitrary files via a symlink attack on a (1) cronic.out.$$, (2) cronic.err.$$, or (3) cronic.trace.$$ file in /tmp. | ||||
| CVE-2016-3982 | 4 Canonical, Debian, Opensuse and 1 more | 5 Ubuntu Linux, Debian Linux, Leap and 2 more | 2024-11-21 | N/A |
| Off-by-one error in the bmp_rle4_fread function in pngxrbmp.c in OptiPNG before 0.7.6 allows remote attackers to cause a denial of service (out-of-bounds read or write access and crash) or possibly execute arbitrary code via a crafted image file, which triggers a heap-based buffer overflow. | ||||
| CVE-2016-3959 | 4 Fedoraproject, Golang, Opensuse and 1 more | 4 Fedora, Go, Leap and 1 more | 2024-11-21 | N/A |
| The Verify function in crypto/dsa/dsa.go in Go before 1.5.4 and 1.6.x before 1.6.1 does not properly check parameters passed to the big integer library, which might allow remote attackers to cause a denial of service (infinite loop) via a crafted public key to a program that uses HTTPS client certificates or SSH server libraries. | ||||
| CVE-2016-3718 | 6 Canonical, Imagemagick, Opensuse and 3 more | 31 Ubuntu Linux, Imagemagick, Leap and 28 more | 2024-11-21 | 5.5 Medium |
| The (1) HTTP and (2) FTP coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted image. | ||||
| CVE-2016-3715 | 6 Canonical, Imagemagick, Opensuse and 3 more | 31 Ubuntu Linux, Imagemagick, Leap and 28 more | 2024-11-21 | 5.5 Medium |
| The EPHEMERAL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to delete arbitrary files via a crafted image. | ||||
| CVE-2016-3714 | 6 Canonical, Debian, Imagemagick and 3 more | 7 Ubuntu Linux, Debian Linux, Imagemagick and 4 more | 2024-11-21 | 8.4 High |
| The (1) EPHEMERAL, (2) HTTPS, (3) MVG, (4) MSL, (5) TEXT, (6) SHOW, (7) WIN, and (8) PLT coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to execute arbitrary code via shell metacharacters in a crafted image, aka "ImageTragick." | ||||
| CVE-2016-3705 | 6 Canonical, Debian, Hp and 3 more | 8 Ubuntu Linux, Debian Linux, Icewall Federation Agent and 5 more | 2024-11-21 | N/A |
| The (1) xmlParserEntityCheck and (2) xmlParseAttValueComplex functions in parser.c in libxml2 2.9.3 do not properly keep track of the recursion depth, which allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via a crafted XML document containing a large number of nested entity references. | ||||
| CVE-2016-3630 | 5 Debian, Fedoraproject, Mercurial and 2 more | 7 Debian Linux, Fedora, Mercurial and 4 more | 2024-11-21 | 8.8 High |
| The binary delta decoder in Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a (1) clone, (2) push, or (3) pull command, related to (a) a list sizing rounding error and (b) short records. | ||||
| CVE-2016-3627 | 7 Canonical, Debian, Hp and 4 more | 15 Ubuntu Linux, Debian Linux, Icewall Federation Agent and 12 more | 2024-11-21 | 7.5 High |
| The xmlStringGetNodeList function in tree.c in libxml2 2.9.3 and earlier, when used in recovery mode, allows context-dependent attackers to cause a denial of service (infinite recursion, stack consumption, and application crash) via a crafted XML document. | ||||
| CVE-2016-3427 | 8 Apache, Canonical, Debian and 5 more | 42 Cassandra, Ubuntu Linux, Debian Linux and 39 more | 2024-11-21 | 9.8 Critical |
| Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX. | ||||
| CVE-2016-3119 | 3 Mit, Opensuse, Redhat | 4 Kerberos 5, Leap, Opensuse and 1 more | 2024-11-21 | N/A |
| The process_db_args function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the LDAP KDB module in kadmind in MIT Kerberos 5 (aka krb5) through 1.13.4 and 1.14.x through 1.14.1 mishandles the DB argument, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request to modify a principal. | ||||
| CVE-2016-3100 | 2 Kde, Opensuse | 3 Kde Frameworks, Leap, Opensuse | 2024-11-21 | N/A |
| kinit in KDE Frameworks before 5.23.0 uses weak permissions (644) for /tmp/xauth-xxx-_y, which allows local users to obtain X11 cookies of other users and consequently capture keystrokes and possibly gain privileges by reading the file. | ||||
| CVE-2016-3069 | 6 Debian, Fedoraproject, Mercurial and 3 more | 15 Debian Linux, Fedora, Mercurial and 12 more | 2024-11-21 | N/A |
| Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a crafted name when converting a Git repository. | ||||
| CVE-2016-3068 | 6 Debian, Fedoraproject, Mercurial and 3 more | 15 Debian Linux, Fedora, Mercurial and 12 more | 2024-11-21 | N/A |
| Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a crafted git ext:: URL when cloning a subrepository. | ||||
| CVE-2016-3062 | 4 Debian, Ffmpeg, Libav and 1 more | 4 Debian Linux, Ffmpeg, Libav and 1 more | 2024-11-21 | N/A |
| The mov_read_dref function in libavformat/mov.c in Libav before 11.7 and FFmpeg before 0.11 allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via the entries value in a dref box in an MP4 file. | ||||