VYPR

Vendor CVEs

OpenSUSE

All CVEs

1,697 total · sorted by risk
  • CVE-2017-9814HigJul 17, 2017
    risk 0.49cvss 7.5epss 0.03

    cairo-truetype-subset.c in cairo 1.15.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) because of mishandling of an unexpected malloc(0) call.

  • CVE-2017-5335HigMar 24, 2017
    risk 0.49cvss 7.5epss 0.08

    The stream reading functions in lib/opencdk/read-packet.c in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allow remote attackers to cause a denial of service (out-of-memory error and crash) via a crafted OpenPGP certificate.

  • CVE-2016-7797HigMar 24, 2017
    risk 0.49cvss 7.5epss 0.03

    Pacemaker before 1.1.15, when using pacemaker remote, might allow remote attackers to cause a denial of service (node disconnection) via an unauthenticated connection.

  • CVE-2016-9399HigMar 23, 2017
    risk 0.49cvss 7.5epss 0.04

    The calcstepsizes function in jpc_dec.c in JasPer 1.900.22 allows remote attackers to cause a denial of service (assertion failure) via unspecified vectors.

  • CVE-2016-9398HigMar 23, 2017
    risk 0.49cvss 7.5epss 0.06

    The jpc_floorlog2 function in jpc_math.c in JasPer before 1.900.17 allows remote attackers to cause a denial of service (assertion failure) via unspecified vectors.

  • CVE-2017-6318HigMar 20, 2017
    risk 0.49cvss 7.5epss 0.03

    saned in sane-backends 1.0.25 allows remote attackers to obtain sensitive memory information via a crafted SANE_NET_CONTROL_OPTION packet.

  • CVE-2014-9851HigMar 20, 2017
    risk 0.49cvss 7.5epss 0.04

    ImageMagick 6.8.9.9 allows remote attackers to cause a denial of service (application crash).

  • CVE-2014-9850HigMar 20, 2017
    risk 0.49cvss 7.5epss 0.04

    Logic error in ImageMagick 6.8.9.9 allows remote attackers to cause a denial of service (resource consumption).

  • CVE-2014-9849HigMar 20, 2017
    risk 0.49cvss 7.5epss 0.04

    The png coder in ImageMagick allows remote attackers to cause a denial of service (crash).

  • CVE-2014-9848HigMar 20, 2017
    risk 0.49cvss 7.5epss 0.04

    Memory leak in ImageMagick allows remote attackers to cause a denial of service (memory consumption).

  • CVE-2014-9842HigMar 20, 2017
    risk 0.49cvss 7.5epss 0.04

    Memory leak in the ReadPSDLayers function in coders/psd.c in ImageMagick 6.8.9.9 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors.

  • CVE-2014-9854HigMar 17, 2017
    risk 0.49cvss 7.5epss 0.04

    coders/tiff.c in ImageMagick allows remote attackers to cause a denial of service (application crash) via vectors related to the "identification of image."

  • CVE-2016-7972HigMar 3, 2017
    risk 0.49cvss 7.5epss 0.05

    The check_allocations function in libass/ass_shaper.c in libass before 0.13.4 allows remote attackers to cause a denial of service (memory allocation failure) via unspecified vectors.

  • CVE-2016-7969HigMar 3, 2017
    risk 0.49cvss 7.5epss 0.04

    The wrap_lines_smart function in ass_render.c in libass before 0.13.4 allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors, related to "0/3 line wrapping equalization."

  • CVE-2016-8689HigFeb 15, 2017
    risk 0.49cvss 7.5epss 0.03

    The read_Header function in archive_read_support_format_7zip.c in libarchive 3.2.1 allows remote attackers to cause a denial of service (out-of-bounds read) via multiple EmptyStream attributes in a header in a 7zip archive.

  • CVE-2016-8687HigFeb 15, 2017
    risk 0.49cvss 7.5epss 0.05

    Stack-based buffer overflow in the safe_fprintf function in tar/util.c in libarchive 3.2.1 allows remote attackers to cause a denial of service via a crafted non-printable multibyte character in a filename.

  • CVE-2016-8682HigFeb 15, 2017
    risk 0.49cvss 7.5epss 0.04

    The ReadSCTImage function in coders/sct.c in GraphicsMagick 1.3.25 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted SCT header.

  • CVE-2016-7800HigFeb 6, 2017
    risk 0.49cvss 7.5epss 0.04

    Integer underflow in the parse8BIM function in coders/meta.c in GraphicsMagick 1.3.25 and earlier allows remote attackers to cause a denial of service (application crash) via a crafted 8BIM chunk, which triggers a heap-based buffer overflow.

  • CVE-2016-7449HigFeb 6, 2017
    risk 0.49cvss 7.5epss 0.03

    The TIFFGetField function in coders/tiff.c in GraphicsMagick 1.3.24 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a file containing an "unterminated" string.

  • CVE-2016-7448HigFeb 6, 2017
    risk 0.49cvss 7.5epss 0.04

    The Utah RLE reader in GraphicsMagick before 1.3.25 allows remote attackers to cause a denial of service (CPU consumption or large memory allocations) via vectors involving the header information and the file size.

  • CVE-2016-9448HigJan 27, 2017
    risk 0.49cvss 7.5epss 0.05

    The TIFFFetchNormalTag function in LibTiff 4.0.6 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) by setting the tags TIFF_SETGET_C16ASCII or TIFF_SETGET_C32_ASCII to values that access 0-byte arrays. NOTE: this vulnerability exists…

  • CVE-2016-5323HigJan 20, 2017
    risk 0.49cvss 7.5epss 0.06

    The _TIFFFax3fillruns function in libtiff before 4.0.6 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted Tiff image.

  • CVE-2016-6323HigOct 7, 2016
    risk 0.49cvss 7.5epss 0.04

    The makecontext function in the GNU C Library (aka glibc or libc6) before 2.25 creates execution contexts incompatible with the unwinder on ARM EABI (32-bit) platforms, which might allow context-dependent attackers to cause a denial of service (hang), as demonstrated by…

  • CVE-2016-6352HigOct 3, 2016
    risk 0.49cvss 7.5epss 0.04

    The OneLine32 function in io-ico.c in gdk-pixbuf before 2.35.3 allows remote attackers to cause a denial of service (out-of-bounds write and crash) via crafted dimensions in an ICO file.

  • CVE-2016-6262HigSep 7, 2016
    risk 0.49cvss 7.5epss 0.07

    idn in libidn before 1.33 might allow remote attackers to obtain sensitive memory information by reading a zero byte as input, which triggers an out-of-bounds read, a different vulnerability than CVE-2015-8948.

  • CVE-2016-6261HigSep 7, 2016
    risk 0.49cvss 7.5epss 0.04

    The idna_to_ascii_4i function in lib/idna.c in libidn before 1.33 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via 64 bytes of input.

  • CVE-2016-6128HigAug 7, 2016
    risk 0.49cvss 7.5epss 0.07

    The gdImageCropThreshold function in gd_crop.c in the GD Graphics Library (aka libgd) before 2.2.3, as used in PHP before 7.0.9, allows remote attackers to cause a denial of service (application crash) via an invalid color index.

  • CVE-2016-5301HigJun 30, 2016
    risk 0.49cvss 7.5epss 0.02

    The parse_chunk_header function in libtorrent before 1.1.1 allows remote attackers to cause a denial of service (crash) via a crafted (1) HTTP response or possibly a (2) UPnP broadcast.

  • CVE-2016-4579HigJun 13, 2016
    risk 0.49cvss 7.5epss 0.03

    Libksba before 1.3.4 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via unspecified vectors, related to the "returned length of the object from _ksba_ber_parse_tl."

  • CVE-2016-4574HigJun 13, 2016
    risk 0.49cvss 7.5epss 0.03

    Off-by-one error in the append_utf8_value function in the DN decoder (dn.c) in Libksba before 1.3.4 allows remote attackers to cause a denial of service (out-of-bounds read) via invalid utf-8 encoded data. NOTE: this vulnerability exists because of an incomplete fix for…

  • CVE-2016-4478HigJun 13, 2016
    risk 0.49cvss 7.5epss 0.02

    Buffer overflow in the xmlrpc_char_encode function in modules/transport/xmlrpc/xmlrpclib.c in Atheme before 7.2.7 allows remote attackers to cause a denial of service via vectors related to XMLRPC response encoding.

  • CVE-2016-4414HigJun 13, 2016
    risk 0.49cvss 7.5epss 0.03

    The onReadyRead function in core/coreauthhandler.cpp in Quassel before 0.12.4 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via invalid handshake data.

  • CVE-2016-2821HigJun 13, 2016
    risk 0.49cvss 7.5epss 0.03

    Use-after-free vulnerability in the mozilla::dom::Element class in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2, when contenteditable mode is enabled, allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) by…

  • CVE-2016-3706HigJun 10, 2016
    risk 0.49cvss 7.5epss 0.06

    Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in the GNU C Library (aka glibc or libc6) allows remote attackers to cause a denial of service (crash) via vectors involving hostent conversion. NOTE: this vulnerability exists because of an…

  • CVE-2016-1700HigJun 5, 2016
    risk 0.49cvss 7.5epss 0.01

    extensions/renderer/runtime_custom_bindings.cc in Google Chrome before 51.0.2704.79 does not consider side effects during creation of an array of extension views, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other…

  • CVE-2016-1691HigJun 5, 2016
    risk 0.49cvss 7.5epss 0.01

    Skia, as used in Google Chrome before 51.0.2704.63, mishandles coincidence runs, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted curves, related to SkOpCoincidence.cpp and…

  • CVE-2016-1690HigJun 5, 2016
    risk 0.49cvss 7.5epss 0.01

    The Autofill implementation in Google Chrome before 51.0.2704.63 mishandles the interaction between field updates and JavaScript code that triggers a frame deletion, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other…

  • CVE-2016-1683HigJun 5, 2016
    risk 0.49cvss 7.5epss 0.02

    numbers.c in libxslt before 1.1.29, as used in Google Chrome before 51.0.2704.63, mishandles namespace nodes, which allows remote attackers to cause a denial of service (out-of-bounds heap memory access) or possibly have unspecified other impact via a crafted document.

  • CVE-2016-3075HigJun 1, 2016
    risk 0.49cvss 7.5epss 0.07

    Stack-based buffer overflow in the nss_dns implementation of the getnetbyname function in GNU C Library (aka glibc) before 2.24 allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via a long name.

  • CVE-2016-1234HigJun 1, 2016
    risk 0.49cvss 7.5epss 0.05

    Stack-based buffer overflow in the glob implementation in GNU C Library (aka glibc) before 2.24, when GLOB_ALTDIRFUNC is used, allows context-dependent attackers to cause a denial of service (crash) via a long name.

  • CVE-2016-4049HigMay 23, 2016
    risk 0.49cvss 7.5epss 0.05

    The bgp_dump_routes_func function in bgpd/bgp_dump.c in Quagga does not perform size checks when dumping data, which might allow remote attackers to cause a denial of service (assertion failure and daemon crash) via a large BGP packet.

  • CVE-2016-3959HigMay 23, 2016
    risk 0.49cvss 7.5epss 0.04

    The Verify function in crypto/dsa/dsa.go in Go before 1.5.4 and 1.6.x before 1.6.1 does not properly check parameters passed to the big integer library, which might allow remote attackers to cause a denial of service (infinite loop) via a crafted public key to a program that…

  • CVE-2016-4348HigMay 20, 2016
    risk 0.49cvss 7.5epss 0.02

    The _rsvg_css_normalize_font_size function in librsvg 2.40.2 allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via circular definitions in an SVG document.

  • CVE-2016-3705HigMay 17, 2016
    risk 0.49cvss 7.5epss 0.05

    The (1) xmlParserEntityCheck and (2) xmlParseAttValueComplex functions in parser.c in libxml2 2.9.3 do not properly keep track of the recursion depth, which allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via a crafted…

  • CVE-2016-3627HigMay 17, 2016
    risk 0.49cvss 7.5epss 0.07

    The xmlStringGetNodeList function in tree.c in libxml2 2.9.3 and earlier, when used in recovery mode, allows context-dependent attackers to cause a denial of service (infinite recursion, stack consumption, and application crash) via a crafted XML document.

  • CVE-2015-8874HigMay 16, 2016
    risk 0.49cvss 7.5epss 0.08

    Stack consumption vulnerability in GD in PHP before 5.6.12 allows remote attackers to cause a denial of service via a crafted imagefilltoborder call.

  • CVE-2015-8873HigMay 16, 2016
    risk 0.49cvss 7.5epss 0.04

    Stack consumption vulnerability in Zend/zend_exceptions.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allows remote attackers to cause a denial of service (segmentation fault) via recursive method calls.

  • CVE-2016-3190HigApr 21, 2016
    risk 0.49cvss 7.5epss 0.02

    The fill_xrgb32_lerp_opaque_spans function in cairo-image-compositor.c in cairo before 1.14.2 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a negative span length.

  • CVE-2016-1656HigApr 18, 2016
    risk 0.49cvss 7.5epss 0.01

    The download implementation in Google Chrome before 50.0.2661.75 on Android allows remote attackers to bypass intended pathname restrictions via unspecified vectors.

  • CVE-2015-8080HigApr 13, 2016
    risk 0.49cvss 7.5epss 0.05

    Integer overflow in the getnum function in lua_struct.c in Redis 2.8.x before 2.8.24 and 3.0.x before 3.0.6 allows context-dependent attackers with permission to run Lua code in a Redis session to cause a denial of service (memory corruption and application crash) or possibly…

Page 8 of 34