Vulnerabilities (CVE)

Vendor filter

Opensuse Project Subscribe

Filter

157 total CVE
CVE Vendors Products Updated CVSS
CVE-2017-5930 3 Postfix Admin Project, Opensuse Project, Opensuse 3 Postfix Admin, Leap, Leap 2019-10-03 3.5
The AliasHandler component in PostfixAdmin before 3.0.2 allows remote authenticated domain admins to delete protected aliases via the delete parameter to delete.php, involving a missing permission check.
CVE-2017-8932 5 Novell, Golang, Fedoraproject and 2 more 5 Suse Package Hub For Suse Linux Enterprise, Go, Fedora and 2 more 2019-10-03 4.3
A bug in the standard library ScalarMult implementation of curve P-256 for amd64 architectures in Go before 1.7.6 and 1.8.x before 1.8.2 causes incorrect results to be generated for specific input points. An adaptive attack can be mounted to...
CVE-2017-6594 3 H5l, Opensuse Project, Opensuse 3 Heimdal, Leap, Leap 2019-10-03 5.0
The transit path validation code in Heimdal before 7.3 might allow attackers to bypass the capath policy protection mechanism by leveraging failure to add the previous hop realm to the transit path of issued tickets.
CVE-2017-17806 5 Debian, Linux, Opensuse Project and 2 more 7 Debian Linux, Linux Kernel, Leap and 4 more 2019-10-03 7.2
The HMAC implementation (crypto/hmac.c) in the Linux kernel before 4.14.8 does not validate that the underlying cryptographic hash algorithm is unkeyed, allowing a local attacker able to use the AF_ALG-based hash interface...
CVE-2017-1000366 9 Gnu, Redhat, Suse and 6 more 24 Glibc, Enterprise Linux, Linux Enterprise Server For Raspberry Pi and 21 more 2019-09-04 7.2
glibc contains a vulnerability that allows specially crafted LD_LIBRARY_PATH values to manipulate the heap/stack, causing them to alias, potentially resulting in arbitrary code execution. Please note that additional hardening changes have been...
CVE-2014-0081 4 Opensuse Project, Rubyonrails, Redhat and 1 more 6 Enterprise Linux, Ruby On Rails, Opensuse and 3 more 2019-08-08 4.3
Multiple cross-site scripting (XSS) vulnerabilities in actionview/lib/action_view/helpers/number_helper.rb in Ruby on Rails before 3.2.17, 4.0.x before 4.0.3, and 4.1.x before 4.1.0.beta2 allow remote attackers to inject arbitrary web script or...
CVE-2016-7447 5 Graphicsmagick, Novell, Opensuse Project and 2 more 6 Leap, Graphicsmagick, Opensuse and 3 more 2019-04-15 7.5
Heap-based buffer overflow in the EscapeParenthesis function in GraphicsMagick before 1.3.25 allows remote attackers to have unspecified impact via unknown vectors.
CVE-2016-7446 5 Graphicsmagick, Novell, Opensuse Project and 2 more 6 Leap, Graphicsmagick, Opensuse and 3 more 2019-04-15 7.5
Buffer overflow in the MVG and SVG rendering code in GraphicsMagick 1.3.24 allows remote attackers to have unspecified impact via unknown vectors. Note: This vulnerability exists due to an incomplete patch for CVE-2016-2317.
CVE-2016-5241 5 Graphicsmagick, Novell, Opensuse Project and 2 more 6 Leap, Graphicsmagick, Opensuse and 3 more 2019-04-12 4.3
magick/render.c in GraphicsMagick before 1.3.24 allows remote attackers to cause a denial of service (arithmetic exception and application crash) via a crafted svg file.
CVE-2016-8866 3 Imagemagick, Opensuse Project, Opensuse 5 Imagemagick, Leap, Opensuse and 2 more 2019-04-12 6.8
The AcquireMagickMemory function in MagickCore/memory.c in ImageMagick 7.0.3.3 before 7.0.3.8 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation failure. NOTE: this vulnerability exists...
CVE-2016-7449 5 Graphicsmagick, Novell, Opensuse Project and 2 more 6 Leap, Graphicsmagick, Opensuse and 3 more 2019-04-12 5.0
The TIFFGetField function in coders/tiff.c in GraphicsMagick 1.3.24 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a file containing an "unterminated" string.
CVE-2016-7800 5 Debian, Graphicsmagick, Novell and 2 more 6 Debian Linux, Graphicsmagick, Leap and 3 more 2019-04-12 5.0
Integer underflow in the parse8BIM function in coders/meta.c in GraphicsMagick 1.3.25 and earlier allows remote attackers to cause a denial of service (application crash) via a crafted 8BIM chunk, which triggers a heap-based buffer overflow.
CVE-2016-7448 5 Graphicsmagick, Novell, Opensuse Project and 2 more 6 Leap, Graphicsmagick, Opensuse and 3 more 2019-04-12 7.8
The Utah RLE reader in GraphicsMagick before 1.3.25 allows remote attackers to cause a denial of service (CPU consumption or large memory allocations) via vectors involving the header information and the file size.
CVE-2016-9843 4 Gnu, Opensuse Project, Novell and 1 more 6 Zlib, Opensuse, Leap and 3 more 2019-03-25 7.5
The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving big-endian CRC calculation.
CVE-2016-9842 4 Gnu, Opensuse Project, Novell and 1 more 6 Zlib, Opensuse, Leap and 3 more 2019-03-25 6.8
The inflateMark function in inflate.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving left shifts of negative integers.
CVE-2016-9841 4 Gnu, Opensuse Project, Novell and 1 more 6 Zlib, Opensuse, Leap and 3 more 2019-03-25 7.5
inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.
CVE-2016-9840 4 Gnu, Opensuse Project, Novell and 1 more 6 Zlib, Opensuse, Leap and 3 more 2019-03-25 6.8
inftrees.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.
CVE-2015-1819 9 Apple, Oracle, Canonical and 6 more 14 Ubuntu Linux, Linux, Debian Linux and 11 more 2019-03-14 5.0
The xmlreader in libxml allows remote attackers to cause a denial of service (memory consumption) via crafted XML data, related to an XML Entity Expansion (XEE) attack.
CVE-2016-10051 3 Imagemagick, Opensuse Project, Opensuse 3 Imagemagick, Leap, Leap 2019-03-12 6.8
Use-after-free vulnerability in the ReadPWPImage function in coders/pwp.c in ImageMagick 6.9.5-5 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file.
CVE-2016-10050 3 Imagemagick, Opensuse Project, Opensuse 3 Imagemagick, Leap, Leap 2019-03-12 6.8
Heap-based buffer overflow in the ReadRLEImage function in coders/rle.c in ImageMagick 6.9.4-8 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted RLE file.