Filtered by vendor Opensuse Subscriptions
Filtered by product Leap Subscriptions
Total 1917 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2016-1572 5 Canonical, Debian, Ecryptfs and 2 more 6 Ubuntu Linux, Debian Linux, Ecryptfs-utils and 3 more 2024-11-21 8.4 High
mount.ecryptfs_private.c in eCryptfs-utils does not validate mount destination filesystem types, which allows local users to gain privileges by mounting over a nonstandard filesystem, as demonstrated by /proc/$pid.
CVE-2016-1494 3 Fedoraproject, Opensuse, Python 4 Fedora, Leap, Opensuse and 1 more 2024-11-21 N/A
The verify function in the RSA package for Python (Python-RSA) before 3.3 allows attackers to spoof signatures with a small public exponent via crafted signature padding, aka a BERserk attack.
CVE-2016-1286 8 Canonical, Debian, Fedoraproject and 5 more 51 Ubuntu Linux, Debian Linux, Fedora and 48 more 2024-11-21 8.6 High
named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted signature record for a DNAME record, related to db.c and resolver.c.
CVE-2016-1285 8 Canonical, Debian, Fedoraproject and 5 more 51 Ubuntu Linux, Debian Linux, Fedora and 48 more 2024-11-21 6.8 Medium
named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 does not properly handle DNAME records when parsing fetch reply messages, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a malformed packet to the rndc (aka control channel) interface, related to alist.c and sexpr.c.
CVE-2016-1254 5 Debian, Fedoraproject, Opensuse and 2 more 6 Debian Linux, Fedora, Leap and 3 more 2024-11-21 N/A
Tor before 0.2.8.12 might allow remote attackers to cause a denial of service (client crash) via a crafted hidden service descriptor.
CVE-2016-1238 5 Apache, Debian, Fedoraproject and 2 more 5 Spamassassin, Debian Linux, Fedora and 2 more 2024-11-21 7.8 High
(1) cpan/Archive-Tar/bin/ptar, (2) cpan/Archive-Tar/bin/ptardiff, (3) cpan/Archive-Tar/bin/ptargrep, (4) cpan/CPAN/scripts/cpan, (5) cpan/Digest-SHA/shasum, (6) cpan/Encode/bin/enc2xs, (7) cpan/Encode/bin/encguess, (8) cpan/Encode/bin/piconv, (9) cpan/Encode/bin/ucmlint, (10) cpan/Encode/bin/unidump, (11) cpan/ExtUtils-MakeMaker/bin/instmodsh, (12) cpan/IO-Compress/bin/zipdetails, (13) cpan/JSON-PP/bin/json_pp, (14) cpan/Test-Harness/bin/prove, (15) dist/ExtUtils-ParseXS/lib/ExtUtils/xsubpp, (16) dist/Module-CoreList/corelist, (17) ext/Pod-Html/bin/pod2html, (18) utils/c2ph.PL, (19) utils/h2ph.PL, (20) utils/h2xs.PL, (21) utils/libnetcfg.PL, (22) utils/perlbug.PL, (23) utils/perldoc.PL, (24) utils/perlivp.PL, and (25) utils/splain.PL in Perl 5.x before 5.22.3-RC2 and 5.24 before 5.24.1-RC2 do not properly remove . (period) characters from the end of the includes directory array, which might allow local users to gain privileges via a Trojan horse module under the current working directory.
CVE-2016-1234 3 Fedoraproject, Gnu, Opensuse 4 Fedora, Glibc, Leap and 1 more 2024-11-21 N/A
Stack-based buffer overflow in the glob implementation in GNU C Library (aka glibc) before 2.24, when GLOB_ALTDIRFUNC is used, allows context-dependent attackers to cause a denial of service (crash) via a long name.
CVE-2016-10937 4 Debian, Fedoraproject, Imapfilter Project and 1 more 5 Debian Linux, Fedora, Imapfilter and 2 more 2024-11-21 7.5 High
IMAPFilter through 2.6.12 does not validate the hostname in an SSL certificate.
CVE-2016-10739 3 Gnu, Opensuse, Redhat 4 Glibc, Leap, Ansible Tower and 1 more 2024-11-21 N/A
In the GNU C Library (aka glibc or libc6) through 2.28, the getaddrinfo function would successfully parse a string that contained an IPv4 address followed by whitespace and arbitrary characters, which could lead applications to incorrectly assume that it had parsed a valid string, without the possibility of embedded HTTP headers or other potentially dangerous substrings.
CVE-2016-10207 3 Opensuse, Redhat, Tigervnc 3 Leap, Enterprise Linux, Tigervnc 2024-11-21 N/A
The Xvnc server in TigerVNC allows remote attackers to cause a denial of service (invalid memory access and crash) by terminating a TLS handshake early.
CVE-2016-10165 6 Canonical, Debian, Littlecms and 3 more 23 Ubuntu Linux, Debian Linux, Little Cms Color Engine and 20 more 2024-11-21 7.1 High
The Type_MLU_Read function in cmstypes.c in Little CMS (aka lcms2) allows remote attackers to obtain sensitive information or cause a denial of service via an image with a crafted ICC profile, which triggers an out-of-bounds heap read.
CVE-2016-10070 2 Imagemagick, Opensuse 2 Imagemagick, Leap 2024-11-21 5.5 Medium
Heap-based buffer overflow in the CalcMinMax function in coders/mat.c in ImageMagick before 6.9.4-0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted mat file.
CVE-2016-10068 3 Imagemagick, Opensuse, Opensuse Project 3 Imagemagick, Leap, Leap 2024-11-21 N/A
The MSL interpreter in ImageMagick before 6.9.6-4 allows remote attackers to cause a denial of service (segmentation fault and application crash) via a crafted XML file.
CVE-2016-10065 2 Imagemagick, Opensuse 2 Imagemagick, Leap 2024-11-21 N/A
The ReadVIFFImage function in coders/viff.c in ImageMagick before 7.0.1-0 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file.
CVE-2016-10064 2 Imagemagick, Opensuse 2 Imagemagick, Leap 2024-11-21 7.8 High
Buffer overflow in coders/tiff.c in ImageMagick before 6.9.5-1 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file.
CVE-2016-10051 2 Imagemagick, Opensuse 2 Imagemagick, Leap 2024-11-21 7.8 High
Use-after-free vulnerability in the ReadPWPImage function in coders/pwp.c in ImageMagick 6.9.5-5 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file.
CVE-2016-10050 2 Imagemagick, Opensuse 2 Imagemagick, Leap 2024-11-21 7.8 High
Heap-based buffer overflow in the ReadRLEImage function in coders/rle.c in ImageMagick 6.9.4-8 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted RLE file.
CVE-2016-1000104 2 Apache, Opensuse 3 Mod Fcgid, Leap, Opensuse 2024-11-21 8.8 High
A security Bypass vulnerability exists in the FcgidPassHeader Proxy in mod_fcgid through 2016-07-07.
CVE-2016-1000002 4 Debian, Gnome, Opensuse and 1 more 4 Debian Linux, Gnome Display Manager, Leap and 1 more 2024-11-21 2.4 Low
gdm3 3.14.2 and possibly later has an information leak before screen lock
CVE-2016-0753 5 Debian, Fedoraproject, Opensuse and 2 more 5 Debian Linux, Fedora, Leap and 2 more 2024-11-21 5.3 Medium
Active Model in Ruby on Rails 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 supports the use of instance-level writers for class accessors, which allows remote attackers to bypass intended validation steps via crafted parameters.