Vulnerabilities (CVE)

Filtered by vendor Opensuse Subscribe
Total 3285 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2016-10064 2 Imagemagick, Opensuse 2 Imagemagick, Leap 2025-04-20 6.8 MEDIUM 7.8 HIGH
Buffer overflow in coders/tiff.c in ImageMagick before 6.9.5-1 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file.
CVE-2016-7448 3 Debian, Graphicsmagick, Opensuse 4 Debian Linux, Graphicsmagick, Leap and 1 more 2025-04-20 7.8 HIGH 7.5 HIGH
The Utah RLE reader in GraphicsMagick before 1.3.25 allows remote attackers to cause a denial of service (CPU consumption or large memory allocations) via vectors involving the header information and the file size.
CVE-2014-9854 4 Canonical, Imagemagick, Opensuse and 1 more 7 Ubuntu Linux, Imagemagick, Leap and 4 more 2025-04-20 5.0 MEDIUM 7.5 HIGH
coders/tiff.c in ImageMagick allows remote attackers to cause a denial of service (application crash) via vectors related to the "identification of image."
CVE-2016-10050 2 Imagemagick, Opensuse 2 Imagemagick, Leap 2025-04-20 6.8 MEDIUM 7.8 HIGH
Heap-based buffer overflow in the ReadRLEImage function in coders/rle.c in ImageMagick 6.9.4-8 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted RLE file.
CVE-2016-7797 5 Clusterlabs, Opensuse, Opensuse Project and 2 more 7 Pacemaker, Leap, Leap and 4 more 2025-04-20 5.0 MEDIUM 7.5 HIGH
Pacemaker before 1.1.15, when using pacemaker remote, might allow remote attackers to cause a denial of service (node disconnection) via an unauthenticated connection.
CVE-2016-8682 3 Debian, Graphicsmagick, Opensuse 3 Debian Linux, Graphicsmagick, Opensuse 2025-04-20 5.0 MEDIUM 7.5 HIGH
The ReadSCTImage function in coders/sct.c in GraphicsMagick 1.3.25 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted SCT header.
CVE-2017-6318 2 Opensuse, Sane-backends Project 2 Leap, Sane-backends 2025-04-20 5.0 MEDIUM 7.5 HIGH
saned in sane-backends 1.0.25 allows remote attackers to obtain sensitive memory information via a crafted SANE_NET_CONTROL_OPTION packet.
CVE-2017-13081 7 Canonical, Debian, Freebsd and 4 more 12 Ubuntu Linux, Debian Linux, Freebsd and 9 more 2025-04-20 2.9 LOW 5.3 MEDIUM
Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the Integrity Group Temporal Key (IGTK) during the group key handshake, allowing an attacker within radio range to spoof frames from access points to clients.
CVE-2016-10068 3 Imagemagick, Opensuse, Opensuse Project 3 Imagemagick, Leap, Leap 2025-04-20 4.3 MEDIUM 5.5 MEDIUM
The MSL interpreter in ImageMagick before 6.9.6-4 allows remote attackers to cause a denial of service (segmentation fault and application crash) via a crafted XML file.
CVE-2014-9849 4 Canonical, Imagemagick, Opensuse and 1 more 9 Ubuntu Linux, Imagemagick, Opensuse and 6 more 2025-04-20 5.0 MEDIUM 7.5 HIGH
The png coder in ImageMagick allows remote attackers to cause a denial of service (crash).
CVE-2015-3405 7 Debian, Fedoraproject, Ntp and 4 more 13 Debian Linux, Fedora, Ntp and 10 more 2025-04-20 5.0 MEDIUM 7.5 HIGH
ntp-keygen in ntp 4.2.8px before 4.2.8p2-RC2 and 4.3.x before 4.3.12 does not generate MD5 keys with sufficient entropy on big endian machines when the lowest order byte of the temp variable is between 0x20 and 0x7f and not #, which might allow remote attackers to obtain the value of generated MD5 keys via a brute force attack with the 93 possible keys.
CVE-2016-9961 5 Fedoraproject, Game-music-emu Project, Novell and 2 more 7 Fedora, Game-music-emu, Suse Linux Enterprise Desktop and 4 more 2025-04-20 10.0 HIGH 9.8 CRITICAL
game-music-emu before 0.6.1 mishandles unspecified integer values.
CVE-2016-5177 5 Debian, Fedoraproject, Google and 2 more 7 Debian Linux, Fedora, Chrome and 4 more 2025-04-20 6.8 MEDIUM 8.8 HIGH
Use-after-free vulnerability in V8 in Google Chrome before 53.0.2785.143 allows remote attackers to cause a denial of service (crash) or possibly have unspecified other impact via unknown vectors.
CVE-2016-9399 3 Fedoraproject, Jasper Project, Opensuse 3 Fedora, Jasper, Leap 2025-04-20 5.0 MEDIUM 7.5 HIGH
The calcstepsizes function in jpc_dec.c in JasPer 1.900.22 allows remote attackers to cause a denial of service (assertion failure) via unspecified vectors.
CVE-2016-10165 6 Canonical, Debian, Littlecms and 3 more 19 Ubuntu Linux, Debian Linux, Little Cms Color Engine and 16 more 2025-04-20 5.8 MEDIUM 7.1 HIGH
The Type_MLU_Read function in cmstypes.c in Little CMS (aka lcms2) allows remote attackers to obtain sensitive information or cause a denial of service via an image with a crafted ICC profile, which triggers an out-of-bounds heap read.
CVE-2016-10207 2 Opensuse, Tigervnc 2 Leap, Tigervnc 2025-04-20 5.0 MEDIUM 7.5 HIGH
The Xvnc server in TigerVNC allows remote attackers to cause a denial of service (invalid memory access and crash) by terminating a TLS handshake early.
CVE-2016-6225 3 Fedoraproject, Opensuse, Percona 3 Fedora, Leap, Xtrabackup 2025-04-20 4.3 MEDIUM 5.9 MEDIUM
xbcrypt in Percona XtraBackup before 2.3.6 and 2.4.x before 2.4.5 does not properly set the initialization vector (IV) for encryption, which makes it easier for context-dependent attackers to obtain sensitive information from encrypted backup files via a Chosen-Plaintext attack. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-6394.
CVE-2017-8932 4 Fedoraproject, Golang, Novell and 1 more 4 Fedora, Go, Suse Package Hub For Suse Linux Enterprise and 1 more 2025-04-20 4.3 MEDIUM 5.9 MEDIUM
A bug in the standard library ScalarMult implementation of curve P-256 for amd64 architectures in Go before 1.7.6 and 1.8.x before 1.8.2 causes incorrect results to be generated for specific input points. An adaptive attack can be mounted to progressively extract the scalar input to ScalarMult by submitting crafted points and observing failures to the derive correct output. This leads to a full key recovery attack against static ECDH, as used in popular JWT libraries.
CVE-2016-7449 3 Debian, Graphicsmagick, Opensuse 4 Debian Linux, Graphicsmagick, Leap and 1 more 2025-04-20 5.0 MEDIUM 7.5 HIGH
The TIFFGetField function in coders/tiff.c in GraphicsMagick 1.3.24 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a file containing an "unterminated" string.
CVE-2016-5321 2 Libtiff, Opensuse 2 Libtiff, Opensuse 2025-04-20 4.3 MEDIUM 6.5 MEDIUM
The DumpModeDecode function in libtiff 4.0.6 and earlier allows attackers to cause a denial of service (invalid read and crash) via a crafted tiff image.