Opensuse Leap vulnerabilities

CVE-2016-5759 [HIGH] CWE-20 CVE-2016-5759: The mkdumprd script called "dracut" in the current working directory "." allows local users to trick The mkdumprd script called "dracut" in the current working directory "." allows local users to trick the administrator into executing code as root.

CVE-2017-6594 [HIGH] CWE-295 CVE-2017-6594: The transit path validation code in Heimdal before 7.3 might allow attackers to bypass the capath po The transit path validation code in Heimdal before 7.3 might allow attackers to bypass the capath policy protection mechanism by leveraging failure to add the previous hop realm to the transit path of issued tickets.

CVE-2014-3462 [HIGH] CWE-200 CVE-2014-3462: The ".encfs6.xml" configuration file in encfs before 1.7.5 allows remote attackers to access sensiti The ".encfs6.xml" configuration file in encfs before 1.7.5 allows remote attackers to access sensitive data by setting "blockMACBytes" to 0 and adding 8 to "blockMACRandBytes".

CVE-2015-5203 [MEDIUM] CWE-415 CVE-2015-5203: Double free vulnerability in the jasper_image_stop_load function in JasPer 1.900.17 allows remote at Double free vulnerability in the jasper_image_stop_load function in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via a crafted JPEG 2000 image file.

CVE-2015-5221 [MEDIUM] CWE-416 CVE-2015-5221: Use-after-free vulnerability in the mif_process_cmpt function in libjasper/mif/mif_cod.c in the JasP Use-after-free vulnerability in the mif_process_cmpt function in libjasper/mif/mif_cod.c in the JasPer JPEG-2000 library before 1.900.2 allows remote attackers to cause a denial of service (crash) via a crafted JPEG 2000 image file.

CVE-2015-5219 [HIGH] CWE-704 CVE-2015-5219: The ULOGTOD function in ntp.d in SNTP before 4.2.7p366 does not properly perform type conversions fr The ULOGTOD function in ntp.d in SNTP before 4.2.7p366 does not properly perform type conversions from a precision value to a double, which allows remote attackers to cause a denial of service (infinite loop) via a crafted NTP packet.

CVE-2015-5300 [HIGH] CWE-361 CVE-2015-5300: The panic_gate check in NTP before 4.2.8p5 is only re-enabled after the first change to the system c The panic_gate check in NTP before 4.2.8p5 is only re-enabled after the first change to the system clock that was greater than 128 milliseconds by default, which allows remote attackers to set NTP to an arbitrary time when started with the -g option, or to alter the time by up to 900 seconds otherwise by responding to an unspecified number of requests f

CVE-2017-9814 [HIGH] CWE-125 CVE-2017-9814: cairo-truetype-subset.c in cairo 1.15.6 and earlier allows remote attackers to cause a denial of ser cairo-truetype-subset.c in cairo 1.15.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) because of mishandling of an unexpected malloc(0) call.

CVE-2017-8932 [MEDIUM] CWE-682 CVE-2017-8932: A bug in the standard library ScalarMult implementation of curve P-256 for amd64 architectures in Go A bug in the standard library ScalarMult implementation of curve P-256 for amd64 architectures in Go before 1.7.6 and 1.8.x before 1.8.2 causes incorrect results to be generated for specific input points. An adaptive attack can be mounted to progressively extract the scalar input to ScalarMult by submitting crafted points and observing failures to the

CVE-2017-1000366 [HIGH] CWE-119 CVE-2017-1000366: glibc contains a vulnerability that allows specially crafted LD_LIBRARY_PATH values to manipulate th glibc contains a vulnerability that allows specially crafted LD_LIBRARY_PATH values to manipulate the heap/stack, causing them to alias, potentially resulting in arbitrary code execution. Please note that additional hardening changes have been made to glibc to prevent manipulation of stack and heap memory but these issues are not directly exploita

CVE-2017-8834 [MEDIUM] CWE-119 CVE-2017-8834: The cr_tknzr_parse_comment function in cr-tknzr.c in libcroco 0.6.12 allows remote attackers to caus The cr_tknzr_parse_comment function in cr-tknzr.c in libcroco 0.6.12 allows remote attackers to cause a denial of service (memory allocation error) via a crafted CSS file.

CVE-2017-8871 [MEDIUM] CWE-835 CVE-2017-8871: The cr_parser_parse_selector_core function in cr-parser.c in libcroco 0.6.12 allows remote attackers The cr_parser_parse_selector_core function in cr-parser.c in libcroco 0.6.12 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted CSS file.

CVE-2016-9961 [CRITICAL] CWE-189 CVE-2016-9961: game-music-emu before 0.6.1 mishandles unspecified integer values. game-music-emu before 0.6.1 mishandles unspecified integer values.

CVE-2016-9960 [MEDIUM] CWE-369 CVE-2016-9960: game-music-emu before 0.6.1 allows local users to cause a denial of service (divide by zero and proc game-music-emu before 0.6.1 allows local users to cause a denial of service (divide by zero and process crash).

CVE-2017-8386 [HIGH] CVE-2017-8386: git-shell in git before 2.4.12, 2.5.x before 2.5.6, 2.6.x before 2.6.7, 2.7.x before 2.7.5, 2.8.x be git-shell in git before 2.4.12, 2.5.x before 2.5.6, 2.6.x before 2.6.7, 2.7.x before 2.7.5, 2.8.x before 2.8.5, 2.9.x before 2.9.4, 2.10.x before 2.10.3, 2.11.x before 2.11.2, and 2.12.x before 2.12.3 might allow remote authenticated users to gain privileges via a repository name that starts with a - (dash) character.

CVE-2016-5178 [CRITICAL] CWE-20 CVE-2016-5178: Multiple unspecified vulnerabilities in Google Chrome before 53.0.2785.143 allow remote attackers to Multiple unspecified vulnerabilities in Google Chrome before 53.0.2785.143 allow remote attackers to cause a denial of service or possibly have other impact via unknown vectors.

CVE-2016-9841 [CRITICAL] CVE-2016-9841: inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by levera inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.

CVE-2016-9843 [CRITICAL] CVE-2016-9843: The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unsp The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving big-endian CRC calculation.

CVE-2016-9842 [HIGH] CWE-1335 CVE-2016-9842: The inflateMark function in inflate.c in zlib 1.2.8 might allow context-dependent attackers to have The inflateMark function in inflate.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving left shifts of negative integers.

CVE-2016-5177 [HIGH] CWE-416 CVE-2016-5177: Use-after-free vulnerability in V8 in Google Chrome before 53.0.2785.143 allows remote attackers to Use-after-free vulnerability in V8 in Google Chrome before 53.0.2785.143 allows remote attackers to cause a denial of service (crash) or possibly have unspecified other impact via unknown vectors.