Filtered by vendor Opensuse Project Subscriptions
Total 54 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2017-6542 3 Opensuse, Opensuse Project, Putty 3 Leap, Leap, Putty 2024-11-21 N/A
The ssh_agent_channel_data function in PuTTY before 0.68 allows remote attackers to have unspecified impact via a large length value in an agent protocol message and leveraging the ability to connect to the Unix-domain socket representing the forwarded agent connection, which trigger a buffer overflow.
CVE-2017-5938 4 Debian, Opensuse, Opensuse Project and 1 more 4 Debian Linux, Leap, Leap and 1 more 2024-11-21 N/A
Cross-site scripting (XSS) vulnerability in the nav_path function in lib/viewvc.py in ViewVC before 1.0.14 and 1.1.x before 1.1.26 allows remote attackers to inject arbitrary web script or HTML via the nav_data name.
CVE-2017-17806 7 Canonical, Debian, Linux and 4 more 9 Ubuntu Linux, Debian Linux, Linux Kernel and 6 more 2024-11-21 7.8 High
The HMAC implementation (crypto/hmac.c) in the Linux kernel before 4.14.8 does not validate that the underlying cryptographic hash algorithm is unkeyed, allowing a local attacker able to use the AF_ALG-based hash interface (CONFIG_CRYPTO_USER_API_HASH) and the SHA-3 hash algorithm (CONFIG_CRYPTO_SHA3) to cause a kernel stack buffer overflow by executing a crafted sequence of system calls that encounter a missing SHA-3 initialization.
CVE-2017-17805 7 Canonical, Debian, Linux and 4 more 10 Ubuntu Linux, Debian Linux, Linux Kernel and 7 more 2024-11-21 7.8 High
The Salsa20 encryption algorithm in the Linux kernel before 4.14.8 does not correctly handle zero-length inputs, allowing a local attacker able to use the AF_ALG-based skcipher interface (CONFIG_CRYPTO_USER_API_SKCIPHER) to cause a denial of service (uninitialized-memory free and kernel crash) or have unspecified other impact by executing a crafted sequence of system calls that use the blkcipher_walk API. Both the generic implementation (crypto/salsa20_generic.c) and x86 implementation (arch/x86/crypto/salsa20_glue.c) of Salsa20 were vulnerable.
CVE-2016-9961 5 Fedoraproject, Game-music-emu Project, Novell and 2 more 7 Fedora, Game-music-emu, Suse Linux Enterprise Desktop and 4 more 2024-11-21 N/A
game-music-emu before 0.6.1 mishandles unspecified integer values.
CVE-2016-9960 5 Fedoraproject, Game-music-emu Project, Novell and 2 more 7 Fedora, Game-music-emu, Suse Linux Enterprise Desktop and 4 more 2024-11-21 N/A
game-music-emu before 0.6.1 allows local users to cause a denial of service (divide by zero and process crash).
CVE-2016-9959 4 Game-music-emu Project, Opensuse, Opensuse Project and 1 more 9 Game-music-emu, Leap, Opensuse and 6 more 2024-11-21 N/A
game-music-emu before 0.6.1 allows remote attackers to generate out of bounds 8-bit values.
CVE-2016-9958 4 Game-music-emu Project, Opensuse, Opensuse Project and 1 more 9 Game-music-emu, Leap, Opensuse and 6 more 2024-11-21 N/A
game-music-emu before 0.6.1 allows remote attackers to write to arbitrary memory locations.
CVE-2016-9957 4 Game-music-emu Project, Opensuse, Opensuse Project and 1 more 9 Game-music-emu, Leap, Opensuse and 6 more 2024-11-21 N/A
Stack-based buffer overflow in game-music-emu before 0.6.1.
CVE-2016-9556 3 Debian, Imagemagick, Opensuse Project 3 Debian Linux, Imagemagick, Leap 2024-11-21 N/A
The IsPixelGray function in MagickCore/pixel-accessor.h in ImageMagick 7.0.3-8 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted image file.
CVE-2016-9436 3 Opensuse, Opensuse Project, Tats 3 Leap, Leap, W3m 2024-11-21 N/A
parsetagx.c in w3m before 0.5.3+git20161009 does not properly initialize values, which allows remote attackers to crash the application via a crafted html file, related to a <i> tag.
CVE-2016-9435 3 Opensuse, Opensuse Project, Tats 3 Leap, Leap, W3m 2024-11-21 N/A
The HTMLtagproc1 function in file.c in w3m before 0.5.3+git20161009 does not properly initialize values, which allows remote attackers to crash the application via a crafted html file, related to <dd> tags.
CVE-2016-7797 5 Clusterlabs, Opensuse, Opensuse Project and 2 more 8 Pacemaker, Leap, Leap and 5 more 2024-11-21 N/A
Pacemaker before 1.1.15, when using pacemaker remote, might allow remote attackers to cause a denial of service (node disconnection) via an unauthenticated connection.
CVE-2016-5317 3 Libtiff, Opensuse, Opensuse Project 3 Libtiff, Opensuse, Leap 2024-11-21 N/A
Buffer overflow in the PixarLogDecode function in libtiff.so in the PixarLogDecode function in libtiff 4.0.6 and earlier, as used in GNOME nautilus, allows attackers to cause a denial of service attack (crash) via a crafted TIFF file.
CVE-2016-5316 3 Libtiff, Opensuse, Opensuse Project 3 Libtiff, Opensuse, Leap 2024-11-21 N/A
Out-of-bounds read in the PixarLogCleanup function in tif_pixarlog.c in libtiff 4.0.6 and earlier allows remote attackers to crash the application by sending a crafted TIFF image to the rgb2ycbcr tool.
CVE-2016-1254 5 Debian, Fedoraproject, Opensuse and 2 more 6 Debian Linux, Fedora, Leap and 3 more 2024-11-21 N/A
Tor before 0.2.8.12 might allow remote attackers to cause a denial of service (client crash) via a crafted hidden service descriptor.
CVE-2016-10069 2 Imagemagick, Opensuse Project 2 Imagemagick, Leap 2024-11-21 N/A
coders/mat.c in ImageMagick before 6.9.4-5 allows remote attackers to cause a denial of service (application crash) via a mat file with an invalid number of frames.
CVE-2016-10068 3 Imagemagick, Opensuse, Opensuse Project 3 Imagemagick, Leap, Leap 2024-11-21 N/A
The MSL interpreter in ImageMagick before 6.9.6-4 allows remote attackers to cause a denial of service (segmentation fault and application crash) via a crafted XML file.
CVE-2016-10048 2 Imagemagick, Opensuse Project 2 Imagemagick, Leap 2024-11-21 N/A
Directory traversal vulnerability in magick/module.c in ImageMagick 6.9.4-7 allows remote attackers to load arbitrary modules via unspecified vectors.
CVE-2015-8010 3 Icinga, Opensuse, Opensuse Project 3 Icinga, Leap, Leap 2024-11-21 N/A
Cross-site scripting (XSS) vulnerability in the Classic-UI with the CSV export link and pagination feature in Icinga before 1.14 allows remote attackers to inject arbitrary web script or HTML via the query string to cgi-bin/status.cgi.