Opensuse Leap vulnerabilities
1,896 known vulnerabilities affecting opensuse/leap.
Total CVEs
1,896
CISA KEV
18
actively exploited
Public exploits
57
Exploited in wild
19
Severity breakdown
CRITICAL202HIGH798MEDIUM803LOW93
Vulnerabilities
Page 75 of 95
CVE-2016-9840HIGHCVSS 8.8v42.1v42.22017-05-23
CVE-2016-9840 [HIGH] CVE-2016-9840: inftrees.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by lever
inftrees.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.
nvd
CVE-2016-2347HIGHCVSS 7.8v42.12017-04-21
CVE-2016-2347 [HIGH] CWE-190 CVE-2016-2347: Integer underflow in the decode_level3_header function in lib/lha_file_header.c in Lhasa before 0.3.
Integer underflow in the decode_level3_header function in lib/lha_file_header.c in Lhasa before 0.3.1 allows remote attackers to execute arbitrary code via a crafted archive.
nvd
CVE-2015-8567HIGHCVSS 7.7v42.12017-04-13
CVE-2015-8567 [HIGH] CWE-401 CVE-2015-8567: Memory leak in net/vmxnet3.c in QEMU allows remote attackers to cause a denial of service (memory co
Memory leak in net/vmxnet3.c in QEMU allows remote attackers to cause a denial of service (memory consumption).
nvd
CVE-2015-8864MEDIUMCVSS 6.1v42.12017-04-13
CVE-2015-8864 [MEDIUM] CWE-79 CVE-2015-8864: Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 1.0.9 and 1.1.x before 1.1.5 al
Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 1.0.9 and 1.1.x before 1.1.5 allows remote attackers to inject arbitrary web script or HTML via a crafted SVG, a different vulnerability than CVE-2016-4068.
nvd
CVE-2016-4068MEDIUMCVSS 6.1v42.12017-04-13
CVE-2016-4068 [MEDIUM] CVE-2016-4068: Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 1.0.9 and 1.1.x before 1.1.5 al
Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 1.0.9 and 1.1.x before 1.1.5 allows remote attackers to inject arbitrary web script or HTML via a crafted SVG, a different vulnerability than CVE-2015-8864.
nvd
CVE-2016-9959HIGHCVSS 7.8v42.22017-04-12
CVE-2016-9959 [HIGH] CWE-125 CVE-2016-9959: game-music-emu before 0.6.1 allows remote attackers to generate out of bounds 8-bit values.
game-music-emu before 0.6.1 allows remote attackers to generate out of bounds 8-bit values.
nvd
CVE-2016-9958HIGHCVSS 7.8v42.22017-04-12
CVE-2016-9958 [HIGH] CWE-119 CVE-2016-9958: game-music-emu before 0.6.1 allows remote attackers to write to arbitrary memory locations.
game-music-emu before 0.6.1 allows remote attackers to write to arbitrary memory locations.
nvd
CVE-2016-9957HIGHCVSS 7.8v42.22017-04-12
CVE-2016-9957 [HIGH] CWE-119 CVE-2016-9957: Stack-based buffer overflow in game-music-emu before 0.6.1.
Stack-based buffer overflow in game-music-emu before 0.6.1.
nvd
CVE-2017-6542CRITICALCVSS 9.8PoCv42.22017-03-27
CVE-2017-6542 [CRITICAL] CWE-119 CVE-2017-6542: The ssh_agent_channel_data function in PuTTY before 0.68 allows remote attackers to have unspecified
The ssh_agent_channel_data function in PuTTY before 0.68 allows remote attackers to have unspecified impact via a large length value in an agent protocol message and leveraging the ability to connect to the Unix-domain socket representing the forwarded agent connection, which trigger a buffer overflow.
nvd
CVE-2015-8010MEDIUMCVSS 6.1v42.22017-03-27
CVE-2015-8010 [MEDIUM] CWE-79 CVE-2015-8010: Cross-site scripting (XSS) vulnerability in the Classic-UI with the CSV export link and pagination f
Cross-site scripting (XSS) vulnerability in the Classic-UI with the CSV export link and pagination feature in Icinga before 1.14 allows remote attackers to inject arbitrary web script or HTML via the query string to cgi-bin/status.cgi.
nvd
CVE-2017-5336CRITICALCVSS 9.8v42.1v42.22017-03-24
CVE-2017-5336 [CRITICAL] CWE-119 CVE-2017-5336: Stack-based buffer overflow in the cdk_pk_get_keyid function in lib/opencdk/pubkey.c in GnuTLS befor
Stack-based buffer overflow in the cdk_pk_get_keyid function in lib/opencdk/pubkey.c in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allows remote attackers to have unspecified impact via a crafted OpenPGP certificate.
nvd
CVE-2017-5337CRITICALCVSS 9.8v42.1v42.22017-03-24
CVE-2017-5337 [CRITICAL] CWE-119 CVE-2017-5337: Multiple heap-based buffer overflows in the read_attribute function in GnuTLS before 3.3.26 and 3.5.
Multiple heap-based buffer overflows in the read_attribute function in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allow remote attackers to have unspecified impact via a crafted OpenPGP certificate.
nvd
CVE-2017-5334CRITICALCVSS 9.8v42.1v42.22017-03-24
CVE-2017-5334 [CRITICAL] CWE-415 CVE-2017-5334: Double free vulnerability in the gnutls_x509_ext_import_proxy function in GnuTLS before 3.3.26 and 3
Double free vulnerability in the gnutls_x509_ext_import_proxy function in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allows remote attackers to have unspecified impact via crafted policy language information in an X.509 certificate with a Proxy Certificate Information extension.
nvd
CVE-2016-7797HIGHCVSS 7.5v42.22017-03-24
CVE-2016-7797 [HIGH] CWE-254 CVE-2016-7797: Pacemaker before 1.1.15, when using pacemaker remote, might allow remote attackers to cause a denial
Pacemaker before 1.1.15, when using pacemaker remote, might allow remote attackers to cause a denial of service (node disconnection) via an unauthenticated connection.
nvd
CVE-2017-5335HIGHCVSS 7.5v42.1v42.22017-03-24
CVE-2017-5335 [HIGH] CWE-125 CVE-2017-5335: The stream reading functions in lib/opencdk/read-packet.c in GnuTLS before 3.3.26 and 3.5.x before 3
The stream reading functions in lib/opencdk/read-packet.c in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allow remote attackers to cause a denial of service (out-of-memory error and crash) via a crafted OpenPGP certificate.
nvd
CVE-2016-10051HIGHCVSS 7.8v42.1v42.22017-03-23
CVE-2016-10051 [HIGH] CWE-416 CVE-2016-10051: Use-after-free vulnerability in the ReadPWPImage function in coders/pwp.c in ImageMagick 6.9.5-5 all
Use-after-free vulnerability in the ReadPWPImage function in coders/pwp.c in ImageMagick 6.9.5-5 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file.
nvd
CVE-2016-9399HIGHCVSS 7.5v15.1v15.22017-03-23
CVE-2016-9399 [HIGH] CWE-617 CVE-2016-9399: The calcstepsizes function in jpc_dec.c in JasPer 1.900.22 allows remote attackers to cause a denial
The calcstepsizes function in jpc_dec.c in JasPer 1.900.22 allows remote attackers to cause a denial of service (assertion failure) via unspecified vectors.
nvd
CVE-2016-9398HIGHCVSS 7.5v15.1v15.2+2 more2017-03-23
CVE-2016-9398 [HIGH] CWE-617 CVE-2016-9398: The jpc_floorlog2 function in jpc_math.c in JasPer before 1.900.17 allows remote attackers to cause
The jpc_floorlog2 function in jpc_math.c in JasPer before 1.900.17 allows remote attackers to cause a denial of service (assertion failure) via unspecified vectors.
nvd
CVE-2016-10050HIGHCVSS 7.8v42.1v42.22017-03-23
CVE-2016-10050 [HIGH] CWE-119 CVE-2016-10050: Heap-based buffer overflow in the ReadRLEImage function in coders/rle.c in ImageMagick 6.9.4-8 allow
Heap-based buffer overflow in the ReadRLEImage function in coders/rle.c in ImageMagick 6.9.4-8 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted RLE file.
nvd
CVE-2016-6225MEDIUMCVSS 5.9v42.1v42.22017-03-23
CVE-2016-6225 [MEDIUM] CVE-2016-6225: xbcrypt in Percona XtraBackup before 2.3.6 and 2.4.x before 2.4.5 does not properly set the initiali
xbcrypt in Percona XtraBackup before 2.3.6 and 2.4.x before 2.4.5 does not properly set the initialization vector (IV) for encryption, which makes it easier for context-dependent attackers to obtain sensitive information from encrypted backup files via a Chosen-Plaintext attack. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-6394.
nvd