CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Opensuse » Leap » 42.1 : Security Vulnerabilities

Cpe Name:cpe:/o:opensuse:leap:42.1
Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2017-8386 +Priv 2017-06-01 2019-10-02
6.5
None Remote Low Single system Partial Partial Partial
git-shell in git before 2.4.12, 2.5.x before 2.5.6, 2.6.x before 2.6.7, 2.7.x before 2.7.5, 2.8.x before 2.8.5, 2.9.x before 2.9.4, 2.10.x before 2.10.3, 2.11.x before 2.11.2, and 2.12.x before 2.12.3 might allow remote authenticated users to gain privileges via a repository name that starts with a - (dash) character.
2 CVE-2017-6318 200 +Info 2017-03-20 2018-10-30
5.0
None Remote Low Not required Partial None None
saned in sane-backends 1.0.25 allows remote attackers to obtain sensitive memory information via a crafted SANE_NET_CONTROL_OPTION packet.
3 CVE-2017-5337 119 Overflow 2017-03-24 2018-10-30
7.5
None Remote Low Not required Partial Partial Partial
Multiple heap-based buffer overflows in the read_attribute function in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allow remote attackers to have unspecified impact via a crafted OpenPGP certificate.
4 CVE-2017-5336 119 Overflow 2017-03-24 2018-10-30
7.5
None Remote Low Not required Partial Partial Partial
Stack-based buffer overflow in the cdk_pk_get_keyid function in lib/opencdk/pubkey.c in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allows remote attackers to have unspecified impact via a crafted OpenPGP certificate.
5 CVE-2017-5335 125 DoS 2017-03-24 2018-10-30
5.0
None Remote Low Not required None None Partial
The stream reading functions in lib/opencdk/read-packet.c in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allow remote attackers to cause a denial of service (out-of-memory error and crash) via a crafted OpenPGP certificate.
6 CVE-2017-5334 415 2017-03-24 2018-10-30
7.5
None Remote Low Not required Partial Partial Partial
Double free vulnerability in the gnutls_x509_ext_import_proxy function in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allows remote attackers to have unspecified impact via crafted policy language information in an X.509 certificate with a Proxy Certificate Information extension.
7 CVE-2016-10207 119 DoS Overflow 2017-02-28 2018-02-01
5.0
None Remote Low Not required None None Partial
The Xvnc server in TigerVNC allows remote attackers to cause a denial of service (invalid memory access and crash) by terminating a TLS handshake early.
8 CVE-2016-10165 125 DoS +Info 2017-02-03 2018-10-30
5.8
None Remote Medium Not required Partial None Partial
The Type_MLU_Read function in cmstypes.c in Little CMS (aka lcms2) allows remote attackers to obtain sensitive information or cause a denial of service via an image with a crafted ICC profile, which triggers an out-of-bounds heap read.
9 CVE-2016-10070 125 DoS Overflow 2017-03-03 2018-10-30
4.3
None Remote Medium Not required None None Partial
Heap-based buffer overflow in the CalcMinMax function in coders/mat.c in ImageMagick before 6.9.4-0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted mat file.
10 CVE-2016-10065 284 DoS 2017-03-03 2019-04-12
6.8
None Remote Medium Not required Partial Partial Partial
The ReadVIFFImage function in coders/viff.c in ImageMagick before 7.0.1-0 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file.
11 CVE-2016-10064 119 DoS Overflow 2017-03-02 2018-10-30
6.8
None Remote Medium Not required Partial Partial Partial
Buffer overflow in coders/tiff.c in ImageMagick before 6.9.5-1 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file.
12 CVE-2016-9843 189 2017-05-23 2018-10-30
7.5
None Remote Low Not required Partial Partial Partial
The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving big-endian CRC calculation.
13 CVE-2016-9842 189 2017-05-23 2018-10-30
6.8
None Remote Medium Not required Partial Partial Partial
The inflateMark function in inflate.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving left shifts of negative integers.
14 CVE-2016-9841 189 2017-05-23 2018-10-30
7.5
None Remote Low Not required Partial Partial Partial
inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.
15 CVE-2016-9840 189 2017-05-23 2018-10-30
6.8
None Remote Medium Not required Partial Partial Partial
inftrees.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.
16 CVE-2016-9830 20 DoS 2017-03-01 2018-10-30
4.3
None Remote Medium Not required None None Partial
The MagickRealloc function in memory.c in Graphicsmagick 1.3.25 allows remote attackers to cause a denial of service (crash) via large dimensions in a jpeg image.
17 CVE-2016-9597 119 DoS Overflow 2018-07-30 2019-10-09
5.0
None Remote Low Not required None None Partial
It was found that Red Hat JBoss Core Services erratum RHSA-2016:2957 for CVE-2016-3705 did not actually include the fix for the issue found in libxml2, making it vulnerable to a Denial of Service attack due to a Stack Overflow. This is a regression CVE for the same issue as CVE-2016-3705.
18 CVE-2016-8569 476 DoS 2017-02-03 2018-10-30
4.3
None Remote Medium Not required None None Partial
The git_oid_nfmt function in commit.c in libgit2 before 0.24.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via a cat-file command with a crafted object file.
19 CVE-2016-8568 125 DoS 2017-02-03 2018-10-30
4.3
None Remote Medium Not required None None Partial
The git_commit_message function in oid.c in libgit2 before 0.24.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a cat-file command with a crafted object file.
20 CVE-2016-7972 399 DoS 2017-03-03 2018-10-30
5.0
None Remote Low Not required None None Partial
The check_allocations function in libass/ass_shaper.c in libass before 0.13.4 allows remote attackers to cause a denial of service (memory allocation failure) via unspecified vectors.
21 CVE-2016-7969 125 DoS 2017-03-03 2018-10-30
5.0
None Remote Low Not required None None Partial
The wrap_lines_smart function in ass_render.c in libass before 0.13.4 allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors, related to "0/3 line wrapping equalization."
22 CVE-2016-7800 119 DoS Overflow 2017-02-06 2019-04-12
5.0
None Remote Low Not required None None Partial
Integer underflow in the parse8BIM function in coders/meta.c in GraphicsMagick 1.3.25 and earlier allows remote attackers to cause a denial of service (application crash) via a crafted 8BIM chunk, which triggers a heap-based buffer overflow.
23 CVE-2016-7787 94 Exec Code 2016-12-23 2018-10-30
4.0
None Remote Low Single system None Partial None
A maliciously crafted command line for kdesu can result in the user only seeing part of the commands that will actually get executed as super user.
24 CVE-2016-7449 125 DoS 2017-02-06 2019-04-12
5.0
None Remote Low Not required None None Partial
The TIFFGetField function in coders/tiff.c in GraphicsMagick 1.3.24 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a file containing an "unterminated" string.
25 CVE-2016-7448 399 DoS 2017-02-06 2019-04-12
7.8
None Remote Low Not required None None Complete
The Utah RLE reader in GraphicsMagick before 1.3.25 allows remote attackers to cause a denial of service (CPU consumption or large memory allocations) via vectors involving the header information and the file size.
26 CVE-2016-7447 119 Overflow 2017-02-06 2019-04-15
7.5
None Remote Low Not required Partial Partial Partial
Heap-based buffer overflow in the EscapeParenthesis function in GraphicsMagick before 1.3.25 allows remote attackers to have unspecified impact via unknown vectors.
27 CVE-2016-7446 119 Overflow 2017-02-06 2019-04-15
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in the MVG and SVG rendering code in GraphicsMagick 1.3.24 allows remote attackers to have unspecified impact via unknown vectors. Note: This vulnerability exists due to an incomplete patch for CVE-2016-2317.
28 CVE-2016-7445 476 DoS 2016-10-03 2018-10-30
5.0
None Remote Low Not required None None Partial
convert.c in OpenJPEG before 2.1.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors involving the variable s.
29 CVE-2016-7141 287 2016-10-03 2018-11-13
5.0
None Remote Low Not required None Partial None
curl and libcurl before 7.50.2, when built with NSS and the libnsspem.so library is available at runtime, allow remote attackers to hijack the authentication of a TLS connection by leveraging reuse of a previously loaded client certificate from file for a connection for which no certificate has been set, a different vulnerability than CVE-2016-5420.
30 CVE-2016-6905 125 DoS 2016-10-03 2018-10-30
4.3
None Remote Medium Not required None None Partial
The read_image_tga function in gd_tga.c in the GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA image.
31 CVE-2016-6855 787 DoS 2016-09-07 2018-10-30
5.0
None Remote Low Not required None None Partial
Eye of GNOME (aka eog) 3.16.5, 3.17.x, 3.18.x before 3.18.3, 3.19.x, and 3.20.x before 3.20.4, when used with glib before 2.44.1, allow remote attackers to cause a denial of service (out-of-bounds write and crash) via vectors involving passing invalid UTF-8 to GMarkup.
32 CVE-2016-6352 787 DoS 2016-10-03 2018-10-30
5.0
None Remote Low Not required None None Partial
The OneLine32 function in io-ico.c in gdk-pixbuf before 2.35.3 allows remote attackers to cause a denial of service (out-of-bounds write and crash) via crafted dimensions in an ICO file.
33 CVE-2016-6318 119 DoS Overflow +Priv 2016-09-07 2018-10-30
7.2
None Local Low Not required Complete Complete Complete
Stack-based buffer overflow in the FascistGecosUser function in lib/fascist.c in cracklib allows local users to cause a denial of service (application crash) or gain privileges via a long GECOS field, involving longbuffer.
34 CVE-2016-6265 416 DoS 2016-09-22 2018-10-30
4.3
None Remote Medium Not required None None Partial
Use-after-free vulnerability in the pdf_load_xref function in pdf/pdf-xref.c in MuPDF allows remote attackers to cause a denial of service (crash) via a crafted PDF file.
35 CVE-2016-6262 125 +Info 2016-09-07 2018-10-30
5.0
None Remote Low Not required Partial None None
idn in libidn before 1.33 might allow remote attackers to obtain sensitive memory information by reading a zero byte as input, which triggers an out-of-bounds read, a different vulnerability than CVE-2015-8948.
36 CVE-2016-6261 125 DoS 2016-09-07 2018-10-30
5.0
None Remote Low Not required None None Partial
The idna_to_ascii_4i function in lib/idna.c in libidn before 1.33 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via 64 bytes of input.
37 CVE-2016-6225 326 +Info 2017-03-23 2018-10-30
4.3
None Remote Medium Not required Partial None None
xbcrypt in Percona XtraBackup before 2.3.6 and 2.4.x before 2.4.5 does not properly set the initialization vector (IV) for encryption, which makes it easier for context-dependent attackers to obtain sensitive information from encrypted backup files via a Chosen-Plaintext attack. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-6394.
38 CVE-2016-6214 125 DoS 2016-08-12 2018-10-30
4.3
None Remote Medium Not required None None Partial
gd_tga.c in the GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA file.
39 CVE-2016-6207 787 DoS Overflow 2016-08-12 2018-10-30
4.3
None Remote Medium Not required None None Partial
Integer overflow in the _gdContributionsAlloc function in gd_interpolation.c in GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds memory write or memory consumption) via unspecified vectors.
40 CVE-2016-6172 400 DoS 2016-09-26 2018-10-30
7.1
None Remote Medium Not required None None Complete
PowerDNS (aka pdns) Authoritative Server before 4.0.1 allows remote primary DNS servers to cause a denial of service (memory exhaustion and secondary DNS server crash) via a large (1) AXFR or (2) IXFR response.
41 CVE-2016-6161 125 DoS 2016-08-12 2018-10-30
4.3
None Remote Medium Not required None None Partial
The output function in gd_gif_out.c in the GD Graphics Library (aka libgd) allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted image.
42 CVE-2016-6153 20 DoS +Info 2016-09-26 2018-10-30
4.6
None Local Low Not required Partial Partial Partial
os_unix.c in SQLite before 3.13.0 improperly implements the temporary directory search algorithm, which might allow local users to obtain sensitive information, cause a denial of service (application crash), or have unspecified other impact by leveraging use of the current working directory for temporary files.
43 CVE-2016-6132 125 DoS 2016-08-12 2018-10-30
4.3
None Remote Medium Not required None None Partial
The gdImageCreateFromTgaCtx function in the GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA file.
44 CVE-2016-6128 20 DoS 2016-08-07 2018-10-30
5.0
None Remote Low Not required None None Partial
The gdImageCropThreshold function in gd_crop.c in the GD Graphics Library (aka libgd) before 2.2.3, as used in PHP before 7.0.9, allows remote attackers to cause a denial of service (application crash) via an invalid color index.
45 CVE-2016-5759 20 2017-09-08 2018-10-30
6.9
None Local Medium Not required Complete Complete Complete
The mkdumprd script called "dracut" in the current working directory "." allows local users to trick the administrator into executing code as root.
46 CVE-2016-5746 +Info 2016-09-26 2018-10-30
1.2
None Local High Not required Partial None None
libstorage, libstorage-ng, and yast-storage improperly store passphrases for encrypted storage devices in a temporary file on disk, which might allow local users to obtain sensitive information by reading the file, as demonstrated by /tmp/libstorage-XXXXXX/pwdf.
47 CVE-2016-5739 200 +Info CSRF 2016-07-02 2018-10-30
5.0
None Remote Low Not required Partial None None
The Transformation implementation in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 does not use the no-referrer Content Security Policy (CSP) protection mechanism, which makes it easier for remote attackers to conduct CSRF attacks by reading an authentication token in a Referer header, related to libraries/Header.php.
48 CVE-2016-5733 79 XSS 2016-07-02 2018-10-30
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) a crafted table name that is mishandled during privilege checking in table_row.phtml, (2) a crafted mysqld log_bin directive that is mishandled in log_selector.phtml, (3) the Transformation implementation, (4) AJAX error handling in js/ajax.js, (5) the Designer implementation, (6) the charts implementation in js/tbl_chart.js, or (7) the zoom-search implementation in rows_zoom.phtml.
49 CVE-2016-5731 79 XSS 2016-07-02 2018-10-30
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in examples/openid.php in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allows remote attackers to inject arbitrary web script or HTML via vectors involving an OpenID error message.
50 CVE-2016-5730 200 +Info 2016-07-02 2018-10-30
5.0
None Remote Low Not required Partial None None
phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allows remote attackers to obtain sensitive information via vectors involving (1) an array value to FormDisplay.php, (2) incorrect data to validate.php, (3) unexpected data to Validator.php, (4) a missing config directory during setup, or (5) an incorrect OpenID identifier data type, which reveals the full path in an error message.
Total number of vulnerabilities : 349   Page : 1 (This Page)2 3 4 5 6 7
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.