VYPR

Leap

by OpenSUSE

Source repositories

CVEs (482)

  • CVE-2016-4537CriMay 22, 2016
    risk 0.64cvss 9.8epss 0.06

    The bcpowmod function in ext/bcmath/bcmath.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 accepts a negative integer for the scale argument, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted call.

  • CVE-2016-4346CriMay 22, 2016
    risk 0.64cvss 9.8epss 0.06

    Integer overflow in the str_pad function in ext/standard/string.c in PHP before 7.0.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a long string, leading to a heap-based buffer overflow.

  • CVE-2015-4116CriMay 16, 2016
    risk 0.64cvss 9.8epss 0.05

    Use-after-free vulnerability in the spl_ptr_heap_insert function in ext/spl/spl_heap.c in PHP before 5.5.27 and 5.6.x before 5.6.11 allows remote attackers to execute arbitrary code by triggering a failed SplMinHeap::compare operation.

  • CVE-2016-1659CriApr 18, 2016
    risk 0.64cvss 9.8epss 0.01

    Multiple unspecified vulnerabilities in Google Chrome before 50.0.2661.75 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

  • CVE-2016-4007CriApr 13, 2016
    risk 0.64cvss 9.8epss 0.02

    Multiple unspecified vulnerabilities in the obs-service-extract_file package before 0.3-5.1 in openSUSE Leap 42.1 and before 0.3-3.1 in openSUSE 13.2 allow attackers to execute arbitrary commands via a service definition, related to executing unzip with "illegal options."

  • CVE-2015-8805CriFeb 23, 2016
    risk 0.64cvss 9.8epss 0.03

    The ecc_256_modq function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors, a different…

  • CVE-2015-8804CriFeb 23, 2016
    risk 0.64cvss 9.8epss 0.04

    x86_64/ecc-384-modp.asm in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-384 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors.

  • CVE-2015-8803CriFeb 23, 2016
    risk 0.64cvss 9.8epss 0.04

    The ecc_256_modp function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors, a different…

  • CVE-2016-1629CriFeb 21, 2016
    risk 0.64cvss 9.8epss 0.03

    Google Chrome before 48.0.2564.116 allows remote attackers to bypass the Blink Same Origin Policy and a sandbox protection mechanism via unspecified vectors.

  • CVE-2016-0752HigKEVFeb 16, 2016
    risk 0.64cvss 7.5epss 0.96

    Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 allows remote attackers to read arbitrary files by leveraging an application's unrestricted use of the render…

  • CVE-2016-0746CriFeb 15, 2016
    risk 0.64cvss 9.8epss 0.09

    Use-after-free vulnerability in the resolver in nginx 0.6.18 through 1.8.0 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service (worker process crash) or possibly have unspecified other impact via a crafted DNS response related to CNAME response…

  • CVE-2016-1946CriJan 31, 2016
    risk 0.64cvss 9.8epss 0.06

    The MoofParser::Metadata function in binding/MoofParser.cpp in libstagefright in Mozilla Firefox before 44.0 does not limit the size of read operations, which might allow remote attackers to cause a denial of service (integer overflow and buffer overflow) or possibly have…

  • CVE-2016-1944CriJan 31, 2016
    risk 0.64cvss 9.8epss 0.04

    The Buffer11::NativeBuffer11::map function in ANGLE, as used in Mozilla Firefox before 44.0, might allow remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.

  • CVE-2016-1930CriJan 31, 2016
    risk 0.64cvss 9.8epss 0.06

    Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 44.0 and Firefox ESR 38.x before 38.6 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

  • CVE-2015-8866CriMay 22, 2016
    risk 0.63cvss 9.6epss 0.04

    ext/libxml/libxml.c in PHP before 5.5.22 and 5.6.x before 5.6.6, when PHP-FPM is used, does not isolate each thread from libxml_disable_entity_loader changes in other threads, which allows remote attackers to conduct XML External Entity (XXE) and XML Entity Expansion (XEE)…

  • CVE-2016-1960HigMar 13, 2016
    risk 0.63cvss 8.8epss 0.31

    Integer underflow in the nsHtml5TreeBuilder class in the HTML5 string parser in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) by leveraging mishandling of end tags, as…

  • CVE-2016-2819HigJun 13, 2016
    risk 0.62cvss 8.8epss 0.24

    Heap-based buffer overflow in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allows remote attackers to execute arbitrary code via foreign-context HTML5 fragments, as demonstrated by fragments within an SVG element.

  • CVE-2016-1286HigMar 9, 2016
    risk 0.61cvss 8.6epss 0.62

    named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted signature record for a DNAME record, related to db.c and resolver.c.

  • CVE-2026-31431HigKEVApr 22, 2026
    risk 0.59cvss 7.8epss 0.97

    In the Linux kernel, the following vulnerability has been resolved: crypto: algif_aead - Revert to operating out-of-place This mostly reverts commit 72548b093ee3 except for the copying of the associated data. There is no benefit in operating in-place in algif_aead since the…

  • CVE-2016-5116CriAug 7, 2016
    risk 0.59cvss 9.1epss 0.04

    gd_xbm.c in the GD Graphics Library (aka libgd) before 2.2.0, as used in certain custom PHP 5.5.x configurations, allows context-dependent attackers to obtain sensitive information from process memory or cause a denial of service (stack-based buffer under-read and application…

Page 3 of 25