VYPR

Leap

by OpenSUSE

Source repositories

CVEs (482)

  • CVE-2016-3714HigKEVMay 5, 2016
    risk 0.77cvss 8.4epss 0.97

    The (1) EPHEMERAL, (2) HTTPS, (3) MVG, (4) MSL, (5) TEXT, (6) SHOW, (7) WIN, and (8) PLT coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to execute arbitrary code via shell metacharacters in a crafted image, aka "ImageTragick."

  • CVE-2016-3427CriKEVApr 21, 2016
    risk 0.76cvss 9.8epss 0.92

    Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX.

  • CVE-2017-14491CriOct 4, 2017
    risk 0.73cvss 9.8epss 0.85

    Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response.

  • CVE-2017-14493CriOct 3, 2017
    risk 0.73cvss 9.8epss 0.84

    Stack-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DHCPv6 request.

  • CVE-2016-1646HigKEVMar 29, 2016
    risk 0.73cvss 8.8epss 0.48

    The Array.prototype.concat implementation in builtins.cc in Google V8, as used in Google Chrome before 49.0.2623.108, does not properly consider element data types, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other…

  • CVE-2016-2851CriApr 7, 2016
    risk 0.69cvss 9.8epss 0.25

    Integer overflow in proto.c in libotr before 4.1.1 on 64-bit platforms allows remote attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via a series of large OTR messages, which triggers a heap-based buffer overflow.

  • CVE-2017-6542CriMar 27, 2017
    risk 0.68cvss 9.8epss 0.22

    The ssh_agent_channel_data function in PuTTY before 0.68 allows remote attackers to have unspecified impact via a large length value in an agent protocol message and leveraging the ability to connect to the Unix-domain socket representing the forwarded agent connection, which…

  • CVE-2016-5118CriJun 10, 2016
    risk 0.68cvss 9.8epss 0.50

    The OpenBlob function in blob.c in GraphicsMagick before 1.3.24 and ImageMagick allows remote attackers to execute arbitrary code via a | (pipe) character at the start of a filename.

  • CVE-2017-5334CriMar 24, 2017
    risk 0.66cvss 9.8epss 0.33

    Double free vulnerability in the gnutls_x509_ext_import_proxy function in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allows remote attackers to have unspecified impact via crafted policy language information in an X.509 certificate with a Proxy Certificate Information extension.

  • CVE-2016-5771CriAug 7, 2016
    risk 0.65cvss 9.8epss 0.15

    spl_array.c in the SPL extension in PHP before 5.5.37 and 5.6.x before 5.6.23 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and application…

  • CVE-2016-0718CriMay 26, 2016
    risk 0.65cvss 9.8epss 0.13

    Expat allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a malformed input document, which triggers a buffer overflow.

  • CVE-2016-4543CriMay 22, 2016
    risk 0.65cvss 9.8epss 0.12

    The exif_process_IFD_in_JPEG function in ext/exif/exif.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 does not validate IFD sizes, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via…

  • CVE-2016-1931CriJan 31, 2016
    risk 0.65cvss 10.0epss 0.06

    Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 44.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to uninitialized memory encountered…

  • CVE-2019-5482CriSep 16, 2019
    risk 0.64cvss 9.8epss 0.18

    Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3.

  • CVE-2019-5481CriSep 16, 2019
    risk 0.64cvss 9.8epss 0.07

    Double-free vulnerability in the FTP-kerberos code in cURL 7.52.0 to 7.65.3.

  • CVE-2016-9961CriJun 6, 2017
    risk 0.64cvss 9.8epss 0.04

    game-music-emu before 0.6.1 mishandles unspecified integer values.

  • CVE-2016-9843CriMay 23, 2017
    risk 0.64cvss 9.8epss 0.06

    The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving big-endian CRC calculation.

  • CVE-2016-9841CriMay 23, 2017
    risk 0.64cvss 9.8epss 0.07

    inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.

  • CVE-2016-5178CriMay 23, 2017
    risk 0.64cvss 9.8epss 0.02

    Multiple unspecified vulnerabilities in Google Chrome before 53.0.2785.143 allow remote attackers to cause a denial of service or possibly have other impact via unknown vectors.

  • CVE-2017-5337CriMar 24, 2017
    risk 0.64cvss 9.8epss 0.06

    Multiple heap-based buffer overflows in the read_attribute function in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allow remote attackers to have unspecified impact via a crafted OpenPGP certificate.

Page 1 of 25