VYPR

openSUSE

by OpenSUSE

Source repositories

CVEs (1,425)

  • CVE-2016-7446CriFeb 6, 2017
    risk 0.64cvss 9.8epss 0.04

    Buffer overflow in the MVG and SVG rendering code in GraphicsMagick 1.3.24 allows remote attackers to have unspecified impact via unknown vectors. Note: This vulnerability exists due to an incomplete patch for CVE-2016-2317.

  • CVE-2016-9427CriDec 12, 2016
    risk 0.64cvss 9.8epss 0.04

    Integer overflow vulnerability in bdwgc before 2016-09-27 allows attackers to cause client of bdwgc denial of service (heap buffer overflow crash) and possibly execute arbitrary code via huge allocation.

  • CVE-2016-4303CriSep 26, 2016
    risk 0.64cvss 9.8epss 0.07

    The parse_string function in cjson.c in the cJSON library mishandles UTF8/16 strings, which allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a non-hex character in a JSON string, which triggers a heap-based buffer overflow.

  • CVE-2016-5772CriAug 7, 2016
    risk 0.64cvss 9.8epss 0.10

    Double free vulnerability in the php_wddx_process_data function in wddx.c in the WDDX extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted…

  • CVE-2016-5770CriAug 7, 2016
    risk 0.64cvss 9.8epss 0.07

    Integer overflow in the SplFileObject::fread function in spl_directory.c in the SPL extension in PHP before 5.5.37 and 5.6.x before 5.6.23 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large integer argument, a related issue…

  • CVE-2016-5703CriJul 3, 2016
    risk 0.64cvss 9.8epss 0.02

    SQL injection vulnerability in libraries/central_columns.lib.php in phpMyAdmin 4.4.x before 4.4.15.7 and 4.6.x before 4.6.3 allows remote attackers to execute arbitrary SQL commands via a crafted database name that is mishandled in a central column query.

  • CVE-2016-0749CriJun 9, 2016
    risk 0.64cvss 9.8epss 0.08

    The smartcard interaction in SPICE allows remote attackers to cause a denial of service (QEMU-KVM process crash) or possibly execute arbitrary code via vectors related to connecting to a guest VM, which triggers a heap-based buffer overflow.

  • CVE-2016-4544CriMay 22, 2016
    risk 0.64cvss 9.8epss 0.07

    The exif_process_TIFF_in_JPEG function in ext/exif/exif.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 does not validate TIFF start data, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact…

  • CVE-2016-4346CriMay 22, 2016
    risk 0.64cvss 9.8epss 0.06

    Integer overflow in the str_pad function in ext/standard/string.c in PHP before 7.0.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a long string, leading to a heap-based buffer overflow.

  • CVE-2016-1666CriMay 14, 2016
    risk 0.64cvss 9.8epss 0.01

    Multiple unspecified vulnerabilities in Google Chrome before 50.0.2661.94 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

  • CVE-2016-1662CriMay 14, 2016
    risk 0.64cvss 9.8epss 0.04

    extensions/renderer/gc_callback.cc in Google Chrome before 50.0.2661.94 does not prevent fallback execution once the Garbage Collection callback has started, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via…

  • CVE-2016-4024CriMay 13, 2016
    risk 0.64cvss 9.8epss 0.06

    Integer overflow in imlib2 before 1.4.9 on 32-bit platforms allows remote attackers to execute arbitrary code via large dimensions in an image, which triggers an out-of-bounds heap memory write operation.

  • CVE-2015-8779CriApr 19, 2016
    risk 0.64cvss 9.8epss 0.06

    Stack-based buffer overflow in the catopen function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long catalog name.

  • CVE-2015-8778CriApr 19, 2016
    risk 0.64cvss 9.8epss 0.06

    Integer overflow in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via the size argument to the __hcreate_r function, which triggers out-of-bounds…

  • CVE-2014-9761CriApr 19, 2016
    risk 0.64cvss 9.8epss 0.06

    Multiple stack-based buffer overflows in the GNU C Library (aka glibc or libc6) before 2.23 allow context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long argument to the (1) nan, (2) nanf, or (3) nanl function.

  • CVE-2016-4007CriApr 13, 2016
    risk 0.64cvss 9.8epss 0.02

    Multiple unspecified vulnerabilities in the obs-service-extract_file package before 0.3-5.1 in openSUSE Leap 42.1 and before 0.3-3.1 in openSUSE 13.2 allow attackers to execute arbitrary commands via a service definition, related to executing unzip with "illegal options."

  • CVE-2016-1962CriMar 13, 2016
    risk 0.64cvss 9.8epss 0.06

    Use-after-free vulnerability in the mozilla::DataChannelConnection::Close function in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code by leveraging mishandling of WebRTC data-channel connections.

  • CVE-2015-8805CriFeb 23, 2016
    risk 0.64cvss 9.8epss 0.03

    The ecc_256_modq function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors, a different…

  • CVE-2015-8804CriFeb 23, 2016
    risk 0.64cvss 9.8epss 0.04

    x86_64/ecc-384-modp.asm in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-384 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors.

  • CVE-2015-8803CriFeb 23, 2016
    risk 0.64cvss 9.8epss 0.04

    The ecc_256_modp function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors, a different…

Page 4 of 72