Vulnerabilities (CVE)

Vendor filter

Opensuse Subscribe

Filter

1106 total CVE
CVE Vendors Products Updated CVSS
CVE-2016-9105 3 Qemu, Opensuse Project, Opensuse 3 Leap, Qemu, Leap 2018-12-01 2.1
Memory leak in the v9fs_link function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption) via vectors involving a reference to the source fid object.
CVE-2016-9101 3 Qemu, Opensuse Project, Opensuse 3 Leap, Qemu, Leap 2018-12-01 2.1
Memory leak in hw/net/eepro100.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption and QEMU process crash) by repeatedly unplugging an i8255x (PRO100) NIC device.
CVE-2015-7547 11 Sophos, Oracle, Canonical and 8 more 31 Big-ip Policy Enforcement Manager, Linux Enterprise Debuginfo, Helion Openstack and 28 more 2018-11-30 6.8
Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute...
CVE-2016-8689 3 Libarchive, Opensuse Project, Opensuse 3 Leap, Libarchive, Leap 2018-11-30 5.0
The read_Header function in archive_read_support_format_7zip.c in libarchive 3.2.1 allows remote attackers to cause a denial of service (out-of-bounds read) via multiple EmptyStream attributes in a header in a 7zip archive.
CVE-2016-8688 3 Libarchive, Opensuse Project, Opensuse 3 Leap, Libarchive, Leap 2018-11-30 4.3
The mtree bidder in libarchive 3.2.1 does not keep track of line sizes when extending the read-ahead, which allows remote attackers to cause a denial of service (crash) via a crafted file, which triggers an invalid read in the (1) detect_form or...
CVE-2016-8687 3 Libarchive, Opensuse Project, Opensuse 3 Leap, Libarchive, Leap 2018-11-30 5.0
Stack-based buffer overflow in the safe_fprintf function in tar/util.c in libarchive 3.2.1 allows remote attackers to cause a denial of service via a crafted non-printable multibyte character in a filename.
CVE-2017-5934 4 Moinmo, Canonical, Debian and 1 more 4 Moinmoin, Ubuntu Linux, Debian Linux and 1 more 2018-11-29 4.3
Cross-site scripting (XSS) vulnerability in the link dialogue in GUI editor in MoinMoin before 1.9.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2015-5221 4 Fedoraproject, Opensuse Project, Jasper Project and 1 more 6 Fedora, Opensuse, Jasper and 3 more 2018-11-22 4.3
Use-after-free vulnerability in the mif_process_cmpt function in libjasper/mif/mif_cod.c in the JasPer JPEG-2000 library before 1.900.2 allows remote attackers to cause a denial of service (crash) via a crafted JPEG 2000 image file.
CVE-2015-5203 4 Opensuse Project, Jasper Project, Fedoraproject and 1 more 6 Opensuse, Jasper, Fedora and 3 more 2018-11-22 4.3
Double free vulnerability in the jasper_image_stop_load function in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via a crafted JPEG 2000 image file.
CVE-2016-0718 8 Libexpat, Apple, Canonical and 5 more 14 Linux Enterprise Software Development Kit, Ubuntu Linux, Leap and 11 more 2018-11-16 7.5
Expat allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a malformed input document, which triggers a buffer overflow.
CVE-2017-13081 7 W1.fi, Canonical, Debian and 4 more 12 Hostapd, Wpa Supplicant, Ubuntu Linux and 9 more 2018-11-13 2.9
Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the Integrity Group Temporal Key (IGTK) during the group key handshake, allowing an attacker within radio range to spoof frames from access points to clients.
CVE-2017-13080 7 W1.fi, Canonical, Debian and 4 more 12 Hostapd, Wpa Supplicant, Ubuntu Linux and 9 more 2018-11-13 2.9
Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during the group key handshake, allowing an attacker within radio range to replay frames from access points to clients.
CVE-2017-13079 7 W1.fi, Canonical, Debian and 4 more 12 Hostapd, Wpa Supplicant, Ubuntu Linux and 9 more 2018-11-13 2.9
Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the Integrity Group Temporal Key (IGTK) during the four-way handshake, allowing an attacker within radio range to spoof frames from access points to clients.
CVE-2017-13078 7 W1.fi, Canonical, Debian and 4 more 12 Hostapd, Wpa Supplicant, Ubuntu Linux and 9 more 2018-11-13 2.9
Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during the four-way handshake, allowing an attacker within radio range to replay frames from access points to clients.
CVE-2017-13077 9 Wpa, Wpa2, W1.fi and 6 more 14 Wpa, Wpa2, Hostapd and 11 more 2018-11-13 5.4
Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Pairwise Transient Key (PTK) Temporal Key (TK) during the four-way handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames.
CVE-2016-7141 3 Haxx, Novell, Opensuse 3 Leap, Libcurl, Leap 2018-11-13 5.0
curl and libcurl before 7.50.2, when built with NSS and the libnsspem.so library is available at runtime, allow remote attackers to hijack the authentication of a TLS connection by leveraging reuse of a previously loaded client certificate from...
CVE-2016-5421 4 Debian, Haxx, Novell and 1 more 4 Debian Linux, Leap, Libcurl and 1 more 2018-11-13 7.5
Use-after-free vulnerability in libcurl before 7.50.1 allows attackers to control which connection is used or possibly have unspecified other impact via unknown vectors.
CVE-2016-5420 4 Debian, Haxx, Novell and 1 more 4 Debian Linux, Leap, Libcurl and 1 more 2018-11-13 5.0
curl and libcurl before 7.50.1 do not check the client certificate when choosing the TLS connection to reuse, which might allow remote attackers to hijack the authentication of the connection by leveraging a previously created connection with a...
CVE-2016-5419 4 Debian, Haxx, Novell and 1 more 4 Debian Linux, Leap, Libcurl and 1 more 2018-11-13 5.0
curl and libcurl before 7.50.1 do not prevent TLS session resumption when the client certificate has changed, which allows remote attackers to bypass intended restrictions by resuming a session.
CVE-2017-13082 7 W1.fi, Canonical, Debian and 4 more 12 Hostapd, Wpa Supplicant, Ubuntu Linux and 9 more 2018-11-02 5.8
Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11r allows reinstallation of the Pairwise Transient Key (PTK) Temporal Key (TK) during the fast BSS transmission (FT) handshake, allowing an attacker within radio range to replay,...