VYPR

Leap

by OpenSUSE

Source repositories

CVEs (482)

  • CVE-2016-9959HigApr 12, 2017
    risk 0.51cvss 7.8epss 0.02

    game-music-emu before 0.6.1 allows remote attackers to generate out of bounds 8-bit values.

  • CVE-2016-9958HigApr 12, 2017
    risk 0.51cvss 7.8epss 0.02

    game-music-emu before 0.6.1 allows remote attackers to write to arbitrary memory locations.

  • CVE-2016-9957HigApr 12, 2017
    risk 0.51cvss 7.8epss 0.02

    Stack-based buffer overflow in game-music-emu before 0.6.1.

  • CVE-2016-6318HigSep 7, 2016
    risk 0.51cvss 7.8epss 0.01

    Stack-based buffer overflow in the FascistGecosUser function in lib/fascist.c in cracklib allows local users to cause a denial of service (application crash) or gain privileges via a long GECOS field, involving longbuffer.

  • CVE-2016-1238HigAug 2, 2016
    risk 0.51cvss 7.8epss 0.01

    (1) cpan/Archive-Tar/bin/ptar, (2) cpan/Archive-Tar/bin/ptardiff, (3) cpan/Archive-Tar/bin/ptargrep, (4) cpan/CPAN/scripts/cpan, (5) cpan/Digest-SHA/shasum, (6) cpan/Encode/bin/enc2xs, (7) cpan/Encode/bin/encguess, (8) cpan/Encode/bin/piconv, (9) cpan/Encode/bin/ucmlint, (10)…

  • CVE-2015-8567HigApr 13, 2017
    risk 0.50cvss 7.7epss 0.06

    Memory leak in net/vmxnet3.c in QEMU allows remote attackers to cause a denial of service (memory consumption).

  • CVE-2016-5420HigAug 10, 2016
    risk 0.50cvss 7.5epss 0.15

    curl and libcurl before 7.50.1 do not check the client certificate when choosing the TLS connection to reuse, which might allow remote attackers to hijack the authentication of the connection by leveraging a previously created connection with a different client certificate.

  • CVE-2016-5419HigAug 10, 2016
    risk 0.50cvss 7.5epss 0.15

    curl and libcurl before 7.50.1 do not prevent TLS session resumption when the client certificate has changed, which allows remote attackers to bypass intended restrictions by resuming a session.

  • CVE-2016-4954HigJul 5, 2016
    risk 0.50cvss 7.5epss 0.13

    The process_packet function in ntp_proto.c in ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (peer-variable modification) by sending spoofed packets from many source IP addresses in a certain scenario, as demonstrated by triggering an…

  • CVE-2016-4953HigJul 5, 2016
    risk 0.50cvss 7.5epss 0.17

    ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (ephemeral-association demobilization) by sending a spoofed crypto-NAK packet with incorrect authentication data at a certain time.

  • CVE-2020-27153HigOct 15, 2020
    risk 0.49cvss 8.6epss 0.04

    In BlueZ before 5.55, a double free was found in the gatttool disconnect_cb() routine from shared/att.c. A remote attacker could potentially cause a denial of service or code execution, during service discovery, due to a redundant disconnect MGMT event.

  • CVE-2020-11022MedApr 29, 2020
    risk 0.49cvss 6.9epss 0.99

    In jQuery starting with 1.12.0 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.

  • CVE-2017-17740HigDec 18, 2017
    risk 0.49cvss 7.5epss 0.07

    contrib/slapd-modules/nops/nops.c in OpenLDAP through 2.4.45, when both the nops module and the memberof overlay are enabled, attempts to free a buffer that was allocated on the stack, which allows remote attackers to cause a denial of service (slapd crash) via a member MODDN…

  • CVE-2017-6594HigAug 28, 2017
    risk 0.49cvss 7.5epss 0.02

    The transit path validation code in Heimdal before 7.3 might allow attackers to bypass the capath policy protection mechanism by leveraging failure to add the previous hop realm to the transit path of issued tickets.

  • CVE-2014-3462HigAug 7, 2017
    risk 0.49cvss 7.5epss 0.03

    The ".encfs6.xml" configuration file in encfs before 1.7.5 allows remote attackers to access sensitive data by setting "blockMACBytes" to 0 and adding 8 to "blockMACRandBytes".

  • CVE-2015-5300HigJul 21, 2017
    risk 0.49cvss 7.5epss 0.09

    The panic_gate check in NTP before 4.2.8p5 is only re-enabled after the first change to the system clock that was greater than 128 milliseconds by default, which allows remote attackers to set NTP to an arbitrary time when started with the -g option, or to alter the time by up…

  • CVE-2017-9814HigJul 17, 2017
    risk 0.49cvss 7.5epss 0.03

    cairo-truetype-subset.c in cairo 1.15.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) because of mishandling of an unexpected malloc(0) call.

  • CVE-2017-5335HigMar 24, 2017
    risk 0.49cvss 7.5epss 0.08

    The stream reading functions in lib/opencdk/read-packet.c in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allow remote attackers to cause a denial of service (out-of-memory error and crash) via a crafted OpenPGP certificate.

  • CVE-2016-7797HigMar 24, 2017
    risk 0.49cvss 7.5epss 0.03

    Pacemaker before 1.1.15, when using pacemaker remote, might allow remote attackers to cause a denial of service (node disconnection) via an unauthenticated connection.

  • CVE-2016-9399HigMar 23, 2017
    risk 0.49cvss 7.5epss 0.04

    The calcstepsizes function in jpc_dec.c in JasPer 1.900.22 allows remote attackers to cause a denial of service (assertion failure) via unspecified vectors.

Page 9 of 25