VYPR

Vendor CVEs

OpenSUSE

All CVEs

1,697 total · sorted by risk
  • CVE-2016-5771CriAug 7, 2016
    risk 0.65cvss 9.8epss 0.15

    spl_array.c in the SPL extension in PHP before 5.5.37 and 5.6.x before 5.6.23 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and application…

  • CVE-2016-0718CriMay 26, 2016
    risk 0.65cvss 9.8epss 0.13

    Expat allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a malformed input document, which triggers a buffer overflow.

  • CVE-2016-4543CriMay 22, 2016
    risk 0.65cvss 9.8epss 0.12

    The exif_process_IFD_in_JPEG function in ext/exif/exif.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 does not validate IFD sizes, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via…

  • CVE-2015-7545CriApr 13, 2016
    risk 0.65cvss 9.8epss 0.20

    The (1) git-remote-ext and (2) unspecified other remote helper programs in Git before 2.3.10, 2.4.x before 2.4.10, 2.5.x before 2.5.4, and 2.6.x before 2.6.1 do not properly restrict the allowed protocols, which might allow remote attackers to execute arbitrary code via a URL in…

  • CVE-2016-1931CriJan 31, 2016
    risk 0.65cvss 10.0epss 0.06

    Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 44.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to uninitialized memory encountered…

  • CVE-2013-6671CriDec 11, 2013
    risk 0.65cvss 9.8epss 0.11

    The nsGfxScrollFrameInner::IsLTR function in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary code via crafted use of JavaScript code for ordered list elements.

  • CVE-2013-5618CriDec 11, 2013
    risk 0.65cvss 9.8epss 0.10

    Use-after-free vulnerability in the nsNodeUtils::LastRelease function in the table-editing user interface in the editor component in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute…

  • CVE-2013-0641HigKEVFeb 14, 2013
    risk 0.65cvss 7.8epss 0.32

    Buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.4, 10.x before 10.1.6, and 11.x before 11.0.02 allows remote attackers to execute arbitrary code via a crafted PDF document, as exploited in the wild in February 2013.

  • CVE-2025-23394CriMay 26, 2025
    risk 0.64cvss 9.8epss 0.00

    A UNIX Symbolic Link (Symlink) Following vulnerability in openSUSE Tumbleweed cyrus-imapd allows escalation from cyrus to root.This issue affects openSUSE Tumbleweed cyrus-imapd before 3.8.4-2.1.

  • CVE-2019-5482CriSep 16, 2019
    risk 0.64cvss 9.8epss 0.18

    Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3.

  • CVE-2019-5481CriSep 16, 2019
    risk 0.64cvss 9.8epss 0.07

    Double-free vulnerability in the FTP-kerberos code in cURL 7.52.0 to 7.65.3.

  • CVE-2017-14804CriMar 1, 2018
    risk 0.64cvss 9.9epss 0.02

    The build package before 20171128 did not check directory names during extraction of build results that allowed untrusted builds to write outside of the target system,allowing escape out of buildroots.

  • CVE-2016-9961CriJun 6, 2017
    risk 0.64cvss 9.8epss 0.04

    game-music-emu before 0.6.1 mishandles unspecified integer values.

  • CVE-2016-9843CriMay 23, 2017
    risk 0.64cvss 9.8epss 0.06

    The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving big-endian CRC calculation.

  • CVE-2016-9841CriMay 23, 2017
    risk 0.64cvss 9.8epss 0.07

    inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.

  • CVE-2016-5178CriMay 23, 2017
    risk 0.64cvss 9.8epss 0.02

    Multiple unspecified vulnerabilities in Google Chrome before 53.0.2785.143 allow remote attackers to cause a denial of service or possibly have other impact via unknown vectors.

  • CVE-2017-5337CriMar 24, 2017
    risk 0.64cvss 9.8epss 0.06

    Multiple heap-based buffer overflows in the read_attribute function in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allow remote attackers to have unspecified impact via a crafted OpenPGP certificate.

  • CVE-2017-5336CriMar 24, 2017
    risk 0.64cvss 9.8epss 0.07

    Stack-based buffer overflow in the cdk_pk_get_keyid function in lib/opencdk/pubkey.c in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allows remote attackers to have unspecified impact via a crafted OpenPGP certificate.

  • CVE-2014-9847CriMar 20, 2017
    risk 0.64cvss 9.8epss 0.05

    The jng decoder in ImageMagick 6.8.9.9 allows remote attackers to have an unspecified impact.

  • CVE-2014-9846CriMar 20, 2017
    risk 0.64cvss 9.8epss 0.05

    Buffer overflow in the ReadRLEImage function in coders/rle.c in ImageMagick 6.8.9.9 allows remote attackers to have unspecified impact.

  • CVE-2014-9843CriMar 20, 2017
    risk 0.64cvss 9.8epss 0.04

    The DecodePSDPixels function in coders/psd.c in ImageMagick 6.8.9.9 allows remote attackers to have unspecified impact via unknown vectors.

  • CVE-2014-9841CriMar 20, 2017
    risk 0.64cvss 9.8epss 0.04

    The ReadPSDLayers function in coders/psd.c in ImageMagick 6.8.9.9 allows remote attackers to have unspecified impact via unknown vectors, related to "throwing of exceptions."

  • CVE-2014-9852CriMar 17, 2017
    risk 0.64cvss 9.8epss 0.03

    distribute-cache.c in ImageMagick re-uses objects after they have been destroyed, which allows remote attackers to have unspecified impact via unspecified vectors.

  • CVE-2016-7447CriFeb 6, 2017
    risk 0.64cvss 9.8epss 0.04

    Heap-based buffer overflow in the EscapeParenthesis function in GraphicsMagick before 1.3.25 allows remote attackers to have unspecified impact via unknown vectors.

  • CVE-2016-7446CriFeb 6, 2017
    risk 0.64cvss 9.8epss 0.04

    Buffer overflow in the MVG and SVG rendering code in GraphicsMagick 1.3.24 allows remote attackers to have unspecified impact via unknown vectors. Note: This vulnerability exists due to an incomplete patch for CVE-2016-2317.

  • CVE-2016-9427CriDec 12, 2016
    risk 0.64cvss 9.8epss 0.04

    Integer overflow vulnerability in bdwgc before 2016-09-27 allows attackers to cause client of bdwgc denial of service (heap buffer overflow crash) and possibly execute arbitrary code via huge allocation.

  • CVE-2016-4303CriSep 26, 2016
    risk 0.64cvss 9.8epss 0.07

    The parse_string function in cjson.c in the cJSON library mishandles UTF8/16 strings, which allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a non-hex character in a JSON string, which triggers a heap-based buffer overflow.

  • CVE-2016-5772CriAug 7, 2016
    risk 0.64cvss 9.8epss 0.10

    Double free vulnerability in the php_wddx_process_data function in wddx.c in the WDDX extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted…

  • CVE-2016-5770CriAug 7, 2016
    risk 0.64cvss 9.8epss 0.07

    Integer overflow in the SplFileObject::fread function in spl_directory.c in the SPL extension in PHP before 5.5.37 and 5.6.x before 5.6.23 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large integer argument, a related issue…

  • CVE-2016-5703CriJul 3, 2016
    risk 0.64cvss 9.8epss 0.02

    SQL injection vulnerability in libraries/central_columns.lib.php in phpMyAdmin 4.4.x before 4.4.15.7 and 4.6.x before 4.6.3 allows remote attackers to execute arbitrary SQL commands via a crafted database name that is mishandled in a central column query.

  • CVE-2016-0749CriJun 9, 2016
    risk 0.64cvss 9.8epss 0.08

    The smartcard interaction in SPICE allows remote attackers to cause a denial of service (QEMU-KVM process crash) or possibly execute arbitrary code via vectors related to connecting to a guest VM, which triggers a heap-based buffer overflow.

  • CVE-2016-4544CriMay 22, 2016
    risk 0.64cvss 9.8epss 0.07

    The exif_process_TIFF_in_JPEG function in ext/exif/exif.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 does not validate TIFF start data, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact…

  • CVE-2016-4542CriMay 22, 2016
    risk 0.64cvss 9.8epss 0.06

    The exif_process_IFD_TAG function in ext/exif/exif.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 does not properly construct spprintf arguments, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other…

  • CVE-2016-4541CriMay 22, 2016
    risk 0.64cvss 9.8epss 0.06

    The grapheme_strpos function in ext/intl/grapheme/grapheme_string.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a negative offset.

  • CVE-2016-4540CriMay 22, 2016
    risk 0.64cvss 9.8epss 0.06

    The grapheme_stripos function in ext/intl/grapheme/grapheme_string.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a negative offset.

  • CVE-2016-4539CriMay 22, 2016
    risk 0.64cvss 9.8epss 0.06

    The xml_parse_into_struct function in ext/xml/xml.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 allows remote attackers to cause a denial of service (buffer under-read and segmentation fault) or possibly have unspecified other impact via crafted XML data in…

  • CVE-2016-4538CriMay 22, 2016
    risk 0.64cvss 9.8epss 0.06

    The bcpowmod function in ext/bcmath/bcmath.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 modifies certain data structures without considering whether they are copies of the _zero_, _one_, or _two_ global variable, which allows remote attackers to cause a…

  • CVE-2016-4537CriMay 22, 2016
    risk 0.64cvss 9.8epss 0.06

    The bcpowmod function in ext/bcmath/bcmath.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 accepts a negative integer for the scale argument, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted call.

  • CVE-2016-4346CriMay 22, 2016
    risk 0.64cvss 9.8epss 0.06

    Integer overflow in the str_pad function in ext/standard/string.c in PHP before 7.0.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a long string, leading to a heap-based buffer overflow.

  • CVE-2015-4116CriMay 16, 2016
    risk 0.64cvss 9.8epss 0.05

    Use-after-free vulnerability in the spl_ptr_heap_insert function in ext/spl/spl_heap.c in PHP before 5.5.27 and 5.6.x before 5.6.11 allows remote attackers to execute arbitrary code by triggering a failed SplMinHeap::compare operation.

  • CVE-2016-1666CriMay 14, 2016
    risk 0.64cvss 9.8epss 0.01

    Multiple unspecified vulnerabilities in Google Chrome before 50.0.2661.94 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

  • CVE-2016-1662CriMay 14, 2016
    risk 0.64cvss 9.8epss 0.04

    extensions/renderer/gc_callback.cc in Google Chrome before 50.0.2661.94 does not prevent fallback execution once the Garbage Collection callback has started, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via…

  • CVE-2016-4024CriMay 13, 2016
    risk 0.64cvss 9.8epss 0.06

    Integer overflow in imlib2 before 1.4.9 on 32-bit platforms allows remote attackers to execute arbitrary code via large dimensions in an image, which triggers an out-of-bounds heap memory write operation.

  • CVE-2015-8779CriApr 19, 2016
    risk 0.64cvss 9.8epss 0.06

    Stack-based buffer overflow in the catopen function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long catalog name.

  • CVE-2015-8778CriApr 19, 2016
    risk 0.64cvss 9.8epss 0.06

    Integer overflow in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via the size argument to the __hcreate_r function, which triggers out-of-bounds…

  • CVE-2014-9761CriApr 19, 2016
    risk 0.64cvss 9.8epss 0.06

    Multiple stack-based buffer overflows in the GNU C Library (aka glibc or libc6) before 2.23 allow context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long argument to the (1) nan, (2) nanf, or (3) nanl function.

  • CVE-2016-1659CriApr 18, 2016
    risk 0.64cvss 9.8epss 0.01

    Multiple unspecified vulnerabilities in Google Chrome before 50.0.2661.75 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

  • CVE-2016-4007CriApr 13, 2016
    risk 0.64cvss 9.8epss 0.02

    Multiple unspecified vulnerabilities in the obs-service-extract_file package before 0.3-5.1 in openSUSE Leap 42.1 and before 0.3-3.1 in openSUSE 13.2 allow attackers to execute arbitrary commands via a service definition, related to executing unzip with "illegal options."

  • CVE-2016-1962CriMar 13, 2016
    risk 0.64cvss 9.8epss 0.06

    Use-after-free vulnerability in the mozilla::DataChannelConnection::Close function in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code by leveraging mishandling of WebRTC data-channel connections.

  • CVE-2015-8805CriFeb 23, 2016
    risk 0.64cvss 9.8epss 0.03

    The ecc_256_modq function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors, a different…

Page 2 of 34