Filtered by vendor Opensuse Subscriptions
Filtered by product Leap Subscriptions
Total 1917 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2015-8948 3 Canonical, Gnu, Opensuse 4 Ubuntu Linux, Libidn, Leap and 1 more 2024-11-21 N/A
idn in GNU libidn before 1.33 might allow remote attackers to obtain sensitive memory information by reading a zero byte as input, which triggers an out-of-bounds read.
CVE-2015-8874 3 Opensuse, Php, Redhat 3 Leap, Php, Rhel Software Collections 2024-11-21 N/A
Stack consumption vulnerability in GD in PHP before 5.6.12 allows remote attackers to cause a denial of service via a crafted imagefilltoborder call.
CVE-2015-8873 3 Opensuse, Php, Redhat 3 Leap, Php, Rhel Software Collections 2024-11-21 7.5 High
Stack consumption vulnerability in Zend/zend_exceptions.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allows remote attackers to cause a denial of service (segmentation fault) via recursive method calls.
CVE-2015-8872 3 Canonical, Dosfstools Project, Opensuse 4 Ubuntu Linux, Dosfstools, Leap and 1 more 2024-11-21 N/A
The set_fat function in fat.c in dosfstools before 4.0 might allow attackers to corrupt a FAT12 filesystem or cause a denial of service (invalid memory read and crash) by writing an odd number of clusters to the third to last entry on a FAT12 filesystem, which triggers an "off-by-two error."
CVE-2015-8866 5 Canonical, Opensuse, Php and 2 more 7 Ubuntu Linux, Leap, Opensuse and 4 more 2024-11-21 9.6 Critical
ext/libxml/libxml.c in PHP before 5.5.22 and 5.6.x before 5.6.6, when PHP-FPM is used, does not isolate each thread from libxml_disable_entity_loader changes in other threads, which allows remote attackers to conduct XML External Entity (XXE) and XML Entity Expansion (XEE) attacks via a crafted XML document, a related issue to CVE-2015-5161.
CVE-2015-8864 2 Opensuse, Roundcube 4 Leap, Opensuse, Roundcube Webmail and 1 more 2024-11-21 N/A
Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 1.0.9 and 1.1.x before 1.1.5 allows remote attackers to inject arbitrary web script or HTML via a crafted SVG, a different vulnerability than CVE-2016-4068.
CVE-2015-8863 3 Jq Project, Opensuse, Redhat 4 Jq, Leap, Opensuse and 1 more 2024-11-21 N/A
Off-by-one error in the tokenadd function in jv_parse.c in jq allows remote attackers to cause a denial of service (crash) via a long JSON-encoded number, which triggers a heap-based buffer overflow.
CVE-2015-8805 4 Canonical, Nettle Project, Opensuse and 1 more 5 Ubuntu Linux, Nettle, Leap and 2 more 2024-11-21 N/A
The ecc_256_modq function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors, a different vulnerability than CVE-2015-8803.
CVE-2015-8804 4 Canonical, Nettle Project, Opensuse and 1 more 5 Ubuntu Linux, Nettle, Leap and 2 more 2024-11-21 N/A
x86_64/ecc-384-modp.asm in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-384 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors.
CVE-2015-8803 4 Canonical, Nettle Project, Opensuse and 1 more 5 Ubuntu Linux, Nettle, Leap and 2 more 2024-11-21 N/A
The ecc_256_modp function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors, a different vulnerability than CVE-2015-8805.
CVE-2015-8792 2 Matroska, Opensuse 3 Libmatroska, Leap, Opensuse 2024-11-21 N/A
The KaxInternalBlock::ReadData function in libMatroska before 1.4.4 allows context-dependent attackers to obtain sensitive information from process heap memory via crafted EBML lacing, which triggers an invalid memory access.
CVE-2015-8631 5 Debian, Mit, Opensuse and 2 more 12 Debian Linux, Kerberos 5, Leap and 9 more 2024-11-21 6.5 Medium
Multiple memory leaks in kadmin/server/server_stubs.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 allow remote authenticated users to cause a denial of service (memory consumption) via a request specifying a NULL principal name.
CVE-2015-8629 5 Debian, Mit, Opensuse and 2 more 13 Debian Linux, Kerberos 5, Leap and 10 more 2024-11-21 5.3 Medium
The xdr_nullstring function in lib/kadm5/kadm_rpc_xdr.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 does not verify whether '\0' characters exist as expected, which allows remote authenticated users to obtain sensitive information or cause a denial of service (out-of-bounds read) via a crafted string.
CVE-2015-8618 2 Golang, Opensuse 2 Go, Leap 2024-11-21 N/A
The Int.Exp Montgomery code in the math/big library in Go 1.5.x before 1.5.3 mishandles carry propagation and produces incorrect output, which makes it easier for attackers to obtain private RSA keys via unspecified vectors.
CVE-2015-8614 2 Claws-mail, Opensuse 3 Claws-mail, Leap, Opensuse 2024-11-21 N/A
Multiple stack-based buffer overflows in the (1) conv_jistoeuc, (2) conv_euctojis, and (3) conv_sjistoeuc functions in codeconv.c in Claws Mail before 3.13.1 allow remote attackers to have unspecified impact via a crafted email, involving Japanese character set conversion.
CVE-2015-8567 6 Canonical, Debian, Fedoraproject and 3 more 10 Ubuntu Linux, Debian Linux, Fedora and 7 more 2024-11-21 7.7 High
Memory leak in net/vmxnet3.c in QEMU allows remote attackers to cause a denial of service (memory consumption).
CVE-2015-8547 2 Opensuse, Quassel-irc 3 Leap, Opensuse, Quassel 2024-11-21 N/A
The CoreUserInputHandler::doMode function in core/coreuserinputhandler.cpp in Quassel 0.10.0 allows remote attackers to cause a denial of service (application crash) via the "/op *" command in a query.
CVE-2015-8126 9 Apple, Canonical, Debian and 6 more 24 Mac Os X, Ubuntu Linux, Debian Linux and 21 more 2024-11-21 N/A
Multiple buffer overflows in the (1) png_set_PLTE and (2) png_get_PLTE functions in libpng before 1.0.64, 1.1.x and 1.2.x before 1.2.54, 1.3.x and 1.4.x before 1.4.17, 1.5.x before 1.5.24, and 1.6.x before 1.6.19 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image.
CVE-2015-8080 4 Debian, Opensuse, Redhat and 1 more 6 Debian Linux, Leap, Opensuse and 3 more 2024-11-21 7.5 High
Integer overflow in the getnum function in lua_struct.c in Redis 2.8.x before 2.8.24 and 3.0.x before 3.0.6 allows context-dependent attackers with permission to run Lua code in a Redis session to cause a denial of service (memory corruption and application crash) or possibly bypass intended sandbox restrictions via a large number, which triggers a stack-based buffer overflow.
CVE-2015-8078 2 Cyrus, Opensuse 3 Imap, Leap, Opensuse 2024-11-21 N/A
Integer overflow in the index_urlfetch function in imap/index.c in Cyrus IMAP 2.3.19, 2.4.18, and 2.5.6 allows remote attackers to have unspecified impact via vectors related to urlfetch range checks and the section_offset variable. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-8076.