Vulnerabilities (CVE)

Filtered by vendor Opensuse Subscribe
Filtered by product Leap
Total 1918 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-8871 2 Gnome, Opensuse 2 Libcroco, Leap 2025-04-20 7.1 HIGH 6.5 MEDIUM
The cr_parser_parse_selector_core function in cr-parser.c in libcroco 0.6.12 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted CSS file.
CVE-2014-9852 3 Imagemagick, Opensuse, Suse 7 Imagemagick, Leap, Opensuse and 4 more 2025-04-20 7.5 HIGH 9.8 CRITICAL
distribute-cache.c in ImageMagick re-uses objects after they have been destroyed, which allows remote attackers to have unspecified impact via unspecified vectors.
CVE-2017-13087 7 Canonical, Debian, Freebsd and 4 more 12 Ubuntu Linux, Debian Linux, Freebsd and 9 more 2025-04-20 2.9 LOW 5.3 MEDIUM
Wi-Fi Protected Access (WPA and WPA2) that support 802.11v allows reinstallation of the Group Temporal Key (GTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame, allowing an attacker within radio range to replay frames from access points to clients.
CVE-2017-5337 2 Gnu, Opensuse 2 Gnutls, Leap 2025-04-20 7.5 HIGH 9.8 CRITICAL
Multiple heap-based buffer overflows in the read_attribute function in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allow remote attackers to have unspecified impact via a crafted OpenPGP certificate.
CVE-2015-3138 3 Opensuse, Opensuse Project, Tcpdump 3 Leap, Leap, Tcpdump 2025-04-20 5.0 MEDIUM 7.5 HIGH
print-wb.c in tcpdump before 4.7.4 allows remote attackers to cause a denial of service (segmentation fault and process crash).
CVE-2017-8834 2 Gnome, Opensuse 2 Libcroco, Leap 2025-04-20 4.3 MEDIUM 6.5 MEDIUM
The cr_tknzr_parse_comment function in cr-tknzr.c in libcroco 0.6.12 allows remote attackers to cause a denial of service (memory allocation error) via a crafted CSS file.
CVE-2017-17740 4 Mcafee, Openldap, Opensuse and 1 more 4 Policy Auditor, Openldap, Leap and 1 more 2025-04-20 5.0 MEDIUM 7.5 HIGH
contrib/slapd-modules/nops/nops.c in OpenLDAP through 2.4.45, when both the nops module and the memberof overlay are enabled, attempts to free a buffer that was allocated on the stack, which allows remote attackers to cause a denial of service (slapd crash) via a member MODDN operation.
CVE-2015-5219 10 Canonical, Debian, Fedoraproject and 7 more 20 Ubuntu Linux, Debian Linux, Fedora and 17 more 2025-04-20 5.0 MEDIUM 7.5 HIGH
The ULOGTOD function in ntp.d in SNTP before 4.2.7p366 does not properly perform type conversions from a precision value to a double, which allows remote attackers to cause a denial of service (infinite loop) via a crafted NTP packet.
CVE-2016-7969 3 Fedoraproject, Libass Project, Opensuse 4 Fedora, Libass, Leap and 1 more 2025-04-20 5.0 MEDIUM 7.5 HIGH
The wrap_lines_smart function in ass_render.c in libass before 0.13.4 allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors, related to "0/3 line wrapping equalization."
CVE-2016-5759 2 Novell, Opensuse 3 Suse Linux Enterprise Desktop, Suse Linux Enterprise Server, Leap 2025-04-20 6.9 MEDIUM 7.8 HIGH
The mkdumprd script called "dracut" in the current working directory "." allows local users to trick the administrator into executing code as root.
CVE-2016-9840 9 Apple, Boost, Canonical and 6 more 20 Iphone Os, Mac Os X, Tvos and 17 more 2025-04-20 6.8 MEDIUM 8.8 HIGH
inftrees.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.
CVE-2016-8689 2 Libarchive, Opensuse 2 Libarchive, Leap 2025-04-20 5.0 MEDIUM 7.5 HIGH
The read_Header function in archive_read_support_format_7zip.c in libarchive 3.2.1 allows remote attackers to cause a denial of service (out-of-bounds read) via multiple EmptyStream attributes in a header in a 7zip archive.
CVE-2014-9853 6 Canonical, Imagemagick, Novell and 3 more 11 Ubuntu Linux, Imagemagick, Leap and 8 more 2025-04-20 4.3 MEDIUM 5.5 MEDIUM
Memory leak in coders/rle.c in ImageMagick allows remote attackers to cause a denial of service (memory consumption) via a crafted rle file.
CVE-2016-9436 3 Opensuse, Opensuse Project, Tats 3 Leap, Leap, W3m 2025-04-20 4.3 MEDIUM 6.5 MEDIUM
parsetagx.c in w3m before 0.5.3+git20161009 does not properly initialize values, which allows remote attackers to crash the application via a crafted html file, related to a <i> tag.
CVE-2016-9959 4 Game-music-emu Project, Opensuse, Opensuse Project and 1 more 9 Game-music-emu, Leap, Opensuse and 6 more 2025-04-20 6.8 MEDIUM 7.8 HIGH
game-music-emu before 0.6.1 allows remote attackers to generate out of bounds 8-bit values.
CVE-2017-5930 2 Opensuse, Postfixadmin Project 2 Leap, Postfixadmin 2025-04-20 3.5 LOW 2.7 LOW
The AliasHandler component in PostfixAdmin before 3.0.2 allows remote authenticated domain admins to delete protected aliases via the delete parameter to delete.php, involving a missing permission check.
CVE-2017-14491 13 Arista, Arubanetworks, Canonical and 10 more 29 Eos, Arubaos, Ubuntu Linux and 26 more 2025-04-20 7.5 HIGH 9.8 CRITICAL
Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response.
CVE-2016-7447 3 Debian, Graphicsmagick, Opensuse 4 Debian Linux, Graphicsmagick, Leap and 1 more 2025-04-20 7.5 HIGH 9.8 CRITICAL
Heap-based buffer overflow in the EscapeParenthesis function in GraphicsMagick before 1.3.25 allows remote attackers to have unspecified impact via unknown vectors.
CVE-2015-8864 2 Opensuse, Roundcube 4 Leap, Opensuse, Roundcube Webmail and 1 more 2025-04-20 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 1.0.9 and 1.1.x before 1.1.5 allows remote attackers to inject arbitrary web script or HTML via a crafted SVG, a different vulnerability than CVE-2016-4068.
CVE-2017-5938 4 Debian, Opensuse, Opensuse Project and 1 more 4 Debian Linux, Leap, Leap and 1 more 2025-04-20 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting (XSS) vulnerability in the nav_path function in lib/viewvc.py in ViewVC before 1.0.14 and 1.1.x before 1.1.26 allows remote attackers to inject arbitrary web script or HTML via the nav_data name.