VYPR

openSUSE

by OpenSUSE

Source repositories

CVEs (1,425)

  • CVE-2008-3188HigJul 22, 2008
    risk 0.49cvss 7.5epss 0.01

    libxcrypt in SUSE openSUSE 11.0 uses the DES algorithm when the configuration specifies the MD5 algorithm, which makes it easier for attackers to conduct brute-force attacks against hashed passwords.

  • CVE-2008-0063HigMar 19, 2008
    risk 0.49cvss 7.5epss 0.03

    The Kerberos 4 support in KDC in MIT Kerberos 5 (krb5kdc) does not properly clear the unused portion of a buffer when generating an error message, which might allow remote attackers to obtain sensitive information, aka "Uninitialized stack values."

  • CVE-2016-2107MedMay 5, 2016
    risk 0.48cvss 5.9epss 0.89

    The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h does not consider memory allocation during a certain padding check, which allows remote attackers to obtain sensitive cleartext information via a padding-oracle attack against an AES CBC session. NOTE:…

  • CVE-2015-8614HigApr 11, 2016
    risk 0.48cvss 7.3epss 0.03

    Multiple stack-based buffer overflows in the (1) conv_jistoeuc, (2) conv_euctojis, and (3) conv_sjistoeuc functions in codeconv.c in Claws Mail before 3.13.1 allow remote attackers to have unspecified impact via a crafted email, involving Japanese character set conversion.

  • CVE-2016-1942HigJan 31, 2016
    risk 0.48cvss 7.4epss 0.02

    Mozilla Firefox before 44.0 allows user-assisted remote attackers to spoof a trailing substring in the address bar by leveraging a user's paste of a (1) wyciwyg: URI or (2) resource: URI.

  • CVE-2015-4902MedKEVOct 22, 2015
    risk 0.48cvss 5.3epss 0.13

    Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60 allows remote attackers to affect integrity via unknown vectors related to Deployment.

  • CVE-2010-4226HigFeb 6, 2014
    risk 0.47cvss 7.2epss 0.03

    cpio, as used in build 2007.05.10, 2010.07.28, and possibly other versions, allows remote attackers to overwrite arbitrary files via a symlink within an RPM package archive.

  • CVE-2016-2150HigJun 9, 2016
    risk 0.46cvss 7.1epss 0.00

    SPICE allows local guest OS users to read from or write to arbitrary host memory locations via crafted primary surface parameters, a similar issue to CVE-2015-5261.

  • CVE-2013-2423LowKEVApr 17, 2013
    risk 0.46cvss 3.7epss 0.85

    Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 7, allows remote attackers to affect integrity via unknown vectors related to HotSpot. NOTE: the previous information is from the April 2013 CPU.…

  • CVE-2009-3939HigNov 16, 2009
    risk 0.46cvss 7.1epss 0.00

    The poll_mode_io file for the megaraid_sas driver in the Linux kernel 2.6.31.6 and earlier has world-writable permissions, which allows local users to change the I/O mode of the driver by modifying this file.

  • CVE-2016-6172MedSep 26, 2016
    risk 0.45cvss 6.8epss 0.04

    PowerDNS (aka pdns) Authoritative Server before 4.0.1 allows remote primary DNS servers to cause a denial of service (memory exhaustion and secondary DNS server crash) via a large (1) AXFR or (2) IXFR response.

  • CVE-2016-2347HigApr 21, 2017
    risk 0.44cvss 7.8epss 0.03

    Integer underflow in the decode_level3_header function in lib/lha_file_header.c in Lhasa before 0.3.1 allows remote attackers to execute arbitrary code via a crafted archive.

  • CVE-2014-9114HigMar 31, 2017
    risk 0.44cvss 7.8epss 0.01

    Blkid in util-linux before 2.26rc-1 allows local users to execute arbitrary code.

  • CVE-2016-3697HigJun 1, 2016
    risk 0.44cvss 7.8epss 0.00

    libcontainer/user/user.go in runC before 0.1.0, as used in Docker before 1.11.2, improperly treats a numeric UID as a potential username, which allows local users to gain privileges via a numeric username in the password file in a container.

  • CVE-2015-3629HigMay 18, 2015
    risk 0.44cvss 7.8epss 0.01

    Libcontainer 1.6.0, as used in Docker Engine, allows local users to escape containerization ("mount namespace breakout") and write to arbitrary file on the host system via a symlink attack in an image when respawning a container.

  • CVE-2014-8127MedJun 26, 2017
    risk 0.43cvss 6.5epss 0.06

    LibTIFF 4.0.3 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted TIFF image to the (1) checkInkNamesString function in tif_dir.c in the thumbnail tool, (2) compresscontig function in tiff2bw.c in the tiff2bw tool, (3)…

  • CVE-2016-2191MedApr 13, 2016
    risk 0.43cvss 6.5epss 0.04

    The bmp_read_rows function in pngxtern/pngxrbmp.c in OptiPNG before 0.7.6 allows remote attackers to cause a denial of service (invalid memory write and crash) via a series of delta escapes in a crafted BMP image.

  • CVE-2014-1523MedApr 30, 2014
    risk 0.43cvss 6.5epss 0.03

    Heap-based buffer overflow in the read_u32 function in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG…

  • CVE-2010-0629MedApr 7, 2010
    risk 0.43cvss 6.5epss 0.05

    Use-after-free vulnerability in kadmin/server/server_stubs.c in kadmind in MIT Kerberos 5 (aka krb5) 1.5 through 1.6.3 allows remote authenticated users to cause a denial of service (daemon crash) via a request from a kadmin client that sends an invalid API version number.

  • CVE-2016-1254HigDec 5, 2017
    risk 0.42cvss 7.5epss 0.03

    Tor before 0.2.8.12 might allow remote attackers to cause a denial of service (client crash) via a crafted hidden service descriptor.

Page 17 of 72