Filtered by vendor Opensuse Subscriptions
Filtered by product Opensuse Subscriptions
Total 1465 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2016-3190 3 Cairographics, Opensuse, Redhat 3 Cairo, Opensuse, Enterprise Linux 2024-11-21 N/A
The fill_xrgb32_lerp_opaque_spans function in cairo-image-compositor.c in cairo before 1.14.2 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a negative span length.
CVE-2016-3186 3 Libtiff, Opensuse, Redhat 3 Libtiff, Opensuse, Enterprise Linux 2024-11-21 N/A
Buffer overflow in the readextension function in gif2tiff.c in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (application crash) via a crafted GIF file.
CVE-2016-3125 3 Fedoraproject, Opensuse, Proftpd 3 Fedora, Opensuse, Proftpd 2024-11-21 N/A
The mod_tls module in ProFTPD before 1.3.5b and 1.3.6 before 1.3.6rc2 does not properly handle the TLSDHParamFile directive, which might cause a weaker than intended Diffie-Hellman (DH) key to be used and consequently allow attackers to have unspecified impact via unknown vectors.
CVE-2016-3119 3 Mit, Opensuse, Redhat 4 Kerberos 5, Leap, Opensuse and 1 more 2024-11-21 N/A
The process_db_args function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the LDAP KDB module in kadmind in MIT Kerberos 5 (aka krb5) through 1.13.4 and 1.14.x through 1.14.1 mishandles the DB argument, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request to modify a principal.
CVE-2016-3100 2 Kde, Opensuse 3 Kde Frameworks, Leap, Opensuse 2024-11-21 N/A
kinit in KDE Frameworks before 5.23.0 uses weak permissions (644) for /tmp/xauth-xxx-_y, which allows local users to obtain X11 cookies of other users and consequently capture keystrokes and possibly gain privileges by reading the file.
CVE-2016-3075 5 Canonical, Fedoraproject, Gnu and 2 more 5 Ubuntu Linux, Fedora, Glibc and 2 more 2024-11-21 N/A
Stack-based buffer overflow in the nss_dns implementation of the getnetbyname function in GNU C Library (aka glibc) before 2.24 allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via a long name.
CVE-2016-3074 7 Canonical, Debian, Fedoraproject and 4 more 7 Ubuntu Linux, Debian Linux, Fedora and 4 more 2024-11-21 9.8 Critical
Integer signedness error in GD Graphics Library 2.1.1 (aka libgd or libgd2) allows remote attackers to cause a denial of service (crash) or potentially execute arbitrary code via crafted compressed gd2 data, which triggers a heap-based buffer overflow.
CVE-2016-3069 6 Debian, Fedoraproject, Mercurial and 3 more 15 Debian Linux, Fedora, Mercurial and 12 more 2024-11-21 N/A
Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a crafted name when converting a Git repository.
CVE-2016-3068 6 Debian, Fedoraproject, Mercurial and 3 more 15 Debian Linux, Fedora, Mercurial and 12 more 2024-11-21 N/A
Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a crafted git ext:: URL when cloning a subrepository.
CVE-2016-2851 3 Cypherpunks, Debian, Opensuse 4 Libotr, Debian Linux, Leap and 1 more 2024-11-21 N/A
Integer overflow in proto.c in libotr before 4.1.1 on 64-bit platforms allows remote attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via a series of large OTR messages, which triggers a heap-based buffer overflow.
CVE-2016-2834 5 Canonical, Mozilla, Novell and 2 more 9 Ubuntu Linux, Firefox, Network Security Services and 6 more 2024-11-21 N/A
Mozilla Network Security Services (NSS) before 3.23, as used in Mozilla Firefox before 47.0, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors.
CVE-2016-2833 3 Canonical, Mozilla, Opensuse 4 Ubuntu Linux, Firefox, Leap and 1 more 2024-11-21 N/A
Mozilla Firefox before 47.0 ignores Content Security Policy (CSP) directives for cross-domain Java applets, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted applet.
CVE-2016-2832 3 Canonical, Mozilla, Opensuse 4 Ubuntu Linux, Firefox, Leap and 1 more 2024-11-21 N/A
Mozilla Firefox before 47.0 allows remote attackers to discover the list of disabled plugins via a fingerprinting attack involving Cascading Style Sheets (CSS) pseudo-classes.
CVE-2016-2831 5 Canonical, Debian, Mozilla and 2 more 6 Ubuntu Linux, Debian Linux, Firefox and 3 more 2024-11-21 N/A
Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 do not ensure that the user approves the fullscreen and pointerlock settings, which allows remote attackers to cause a denial of service (UI outage), or conduct clickjacking or spoofing attacks, via a crafted web site.
CVE-2016-2829 3 Canonical, Mozilla, Opensuse 4 Ubuntu Linux, Firefox, Leap and 1 more 2024-11-21 N/A
Mozilla Firefox before 47.0 allows remote attackers to spoof permission notifications via a crafted web site that rapidly triggers permission requests, as demonstrated by the microphone permission or the geolocation permission.
CVE-2016-2828 5 Canonical, Debian, Mozilla and 2 more 6 Ubuntu Linux, Debian Linux, Firefox and 3 more 2024-11-21 N/A
Use-after-free vulnerability in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allows remote attackers to execute arbitrary code via WebGL content that triggers texture access after destruction of the texture's recycle pool.
CVE-2016-2825 3 Canonical, Mozilla, Opensuse 4 Ubuntu Linux, Firefox, Leap and 1 more 2024-11-21 N/A
Mozilla Firefox before 47.0 allows remote attackers to bypass the Same Origin Policy and modify the location.host property via an invalid data: URL.
CVE-2016-2824 3 Microsoft, Mozilla, Opensuse 4 Windows, Firefox, Leap and 1 more 2024-11-21 N/A
The TSymbolTableLevel class in ANGLE, as used in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 on Windows, allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact by triggering use of a WebGL shader that writes to an array.
CVE-2016-2822 5 Canonical, Debian, Mozilla and 2 more 6 Ubuntu Linux, Debian Linux, Firefox and 3 more 2024-11-21 N/A
Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allow remote attackers to spoof the address bar via a SELECT element with a persistent menu.
CVE-2016-2821 5 Canonical, Debian, Mozilla and 2 more 6 Ubuntu Linux, Debian Linux, Firefox and 3 more 2024-11-21 N/A
Use-after-free vulnerability in the mozilla::dom::Element class in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2, when contenteditable mode is enabled, allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) by triggering deletion of DOM elements that were created in the editor.