Opensuse Leap vulnerabilities
1,896 known vulnerabilities affecting opensuse/leap.
Total CVEs
1,896
CISA KEV
18
actively exploited
Public exploits
57
Exploited in wild
19
Severity breakdown
CRITICAL202HIGH798MEDIUM803LOW93
Vulnerabilities
Page 76 of 95
CVE-2014-9846CRITICALCVSS 9.8v42.22017-03-20
CVE-2014-9846 [CRITICAL] CWE-119 CVE-2014-9846: Buffer overflow in the ReadRLEImage function in coders/rle.c in ImageMagick 6.8.9.9 allows remote at
Buffer overflow in the ReadRLEImage function in coders/rle.c in ImageMagick 6.8.9.9 allows remote attackers to have unspecified impact.
nvd
CVE-2017-6318HIGHCVSS 7.5v42.12017-03-20
CVE-2017-6318 [HIGH] CWE-200 CVE-2017-6318: saned in sane-backends 1.0.25 allows remote attackers to obtain sensitive memory information via a c
saned in sane-backends 1.0.25 allows remote attackers to obtain sensitive memory information via a crafted SANE_NET_CONTROL_OPTION packet.
nvd
CVE-2014-9848HIGHCVSS 7.5v42.22017-03-20
CVE-2014-9848 [HIGH] CWE-399 CVE-2014-9848: Memory leak in ImageMagick allows remote attackers to cause a denial of service (memory consumption)
Memory leak in ImageMagick allows remote attackers to cause a denial of service (memory consumption).
nvd
CVE-2014-9845MEDIUMCVSS 5.5v42.22017-03-20
CVE-2014-9845 [MEDIUM] CWE-119 CVE-2014-9845: The ReadDIBImage function in coders/dib.c in ImageMagick allows remote attackers to cause a denial o
The ReadDIBImage function in coders/dib.c in ImageMagick allows remote attackers to cause a denial of service (crash) via a corrupted dib file.
nvd
CVE-2017-5930LOWCVSS 2.7PoCv42.1v42.22017-03-20
CVE-2017-5930 [LOW] CWE-862 CVE-2017-5930: The AliasHandler component in PostfixAdmin before 3.0.2 allows remote authenticated domain admins to
The AliasHandler component in PostfixAdmin before 3.0.2 allows remote authenticated domain admins to delete protected aliases via the delete parameter to delete.php, involving a missing permission check.
nvd
CVE-2014-9852CRITICALCVSS 9.8v42.12017-03-17
CVE-2014-9852 [CRITICAL] CWE-913 CVE-2014-9852: distribute-cache.c in ImageMagick re-uses objects after they have been destroyed, which allows remot
distribute-cache.c in ImageMagick re-uses objects after they have been destroyed, which allows remote attackers to have unspecified impact via unspecified vectors.
nvd
CVE-2014-9854HIGHCVSS 7.5v42.12017-03-17
CVE-2014-9854 [HIGH] CWE-399 CVE-2014-9854: coders/tiff.c in ImageMagick allows remote attackers to cause a denial of service (application crash
coders/tiff.c in ImageMagick allows remote attackers to cause a denial of service (application crash) via vectors related to the "identification of image."
nvd
CVE-2014-9853MEDIUMCVSS 5.5v42.12017-03-17
CVE-2014-9853 [MEDIUM] CWE-399 CVE-2014-9853: Memory leak in coders/rle.c in ImageMagick allows remote attackers to cause a denial of service (mem
Memory leak in coders/rle.c in ImageMagick allows remote attackers to cause a denial of service (memory consumption) via a crafted rle file.
nvd
CVE-2017-5938MEDIUMCVSS 6.1v42.22017-03-15
CVE-2017-5938 [MEDIUM] CWE-79 CVE-2017-5938: Cross-site scripting (XSS) vulnerability in the nav_path function in lib/viewvc.py in ViewVC before
Cross-site scripting (XSS) vulnerability in the nav_path function in lib/viewvc.py in ViewVC before 1.0.14 and 1.1.x before 1.1.26 allows remote attackers to inject arbitrary web script or HTML via the nav_data name.
nvd
CVE-2016-7969HIGHCVSS 7.5v42.12017-03-03
CVE-2016-7969 [HIGH] CWE-125 CVE-2016-7969: The wrap_lines_smart function in ass_render.c in libass before 0.13.4 allows remote attackers to cau
The wrap_lines_smart function in ass_render.c in libass before 0.13.4 allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors, related to "0/3 line wrapping equalization."
nvd
CVE-2016-10065HIGHCVSS 7.8v42.12017-03-03
CVE-2016-10065 [HIGH] CWE-284 CVE-2016-10065: The ReadVIFFImage function in coders/viff.c in ImageMagick before 7.0.1-0 allows remote attackers to
The ReadVIFFImage function in coders/viff.c in ImageMagick before 7.0.1-0 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file.
nvd
CVE-2016-7972HIGHCVSS 7.5v42.12017-03-03
CVE-2016-7972 [HIGH] CWE-399 CVE-2016-7972: The check_allocations function in libass/ass_shaper.c in libass before 0.13.4 allows remote attacker
The check_allocations function in libass/ass_shaper.c in libass before 0.13.4 allows remote attackers to cause a denial of service (memory allocation failure) via unspecified vectors.
nvd
CVE-2016-10070MEDIUMCVSS 5.5v42.1v42.22017-03-03
CVE-2016-10070 [MEDIUM] CWE-125 CVE-2016-10070: Heap-based buffer overflow in the CalcMinMax function in coders/mat.c in ImageMagick before 6.9.4-0
Heap-based buffer overflow in the CalcMinMax function in coders/mat.c in ImageMagick before 6.9.4-0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted mat file.
nvd
CVE-2016-10064HIGHCVSS 7.8v42.12017-03-02
CVE-2016-10064 [HIGH] CWE-119 CVE-2016-10064: Buffer overflow in coders/tiff.c in ImageMagick before 6.9.5-1 allows remote attackers to cause a de
Buffer overflow in coders/tiff.c in ImageMagick before 6.9.5-1 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file.
nvd
CVE-2016-10068MEDIUMCVSS 5.5v42.22017-03-02
CVE-2016-10068 [MEDIUM] CWE-20 CVE-2016-10068: The MSL interpreter in ImageMagick before 6.9.6-4 allows remote attackers to cause a denial of servi
The MSL interpreter in ImageMagick before 6.9.6-4 allows remote attackers to cause a denial of service (segmentation fault and application crash) via a crafted XML file.
nvd
CVE-2016-9830MEDIUMCVSS 5.5v42.1v42.22017-03-01
CVE-2016-9830 [MEDIUM] CWE-20 CVE-2016-9830: The MagickRealloc function in memory.c in Graphicsmagick 1.3.25 allows remote attackers to cause a d
The MagickRealloc function in memory.c in Graphicsmagick 1.3.25 allows remote attackers to cause a denial of service (crash) via large dimensions in a jpeg image.
nvd
CVE-2016-10207HIGHCVSS 7.5v42.1v42.22017-02-28
CVE-2016-10207 [HIGH] CWE-119 CVE-2016-10207: The Xvnc server in TigerVNC allows remote attackers to cause a denial of service (invalid memory acc
The Xvnc server in TigerVNC allows remote attackers to cause a denial of service (invalid memory access and crash) by terminating a TLS handshake early.
nvd
CVE-2016-8689HIGHCVSS 7.5v42.22017-02-15
CVE-2016-8689 [HIGH] CWE-125 CVE-2016-8689: The read_Header function in archive_read_support_format_7zip.c in libarchive 3.2.1 allows remote att
The read_Header function in archive_read_support_format_7zip.c in libarchive 3.2.1 allows remote attackers to cause a denial of service (out-of-bounds read) via multiple EmptyStream attributes in a header in a 7zip archive.
nvd
CVE-2016-8866HIGHCVSS 8.8v42.1v42.22017-02-15
CVE-2016-8866 [HIGH] CVE-2016-8866: The AcquireMagickMemory function in MagickCore/memory.c in ImageMagick 7.0.3.3 before 7.0.3.8 allows
The AcquireMagickMemory function in MagickCore/memory.c in ImageMagick 7.0.3.3 before 7.0.3.8 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation failure. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8862.
nvd
CVE-2016-8687HIGHCVSS 7.5v42.22017-02-15
CVE-2016-8687 [HIGH] CWE-119 CVE-2016-8687: Stack-based buffer overflow in the safe_fprintf function in tar/util.c in libarchive 3.2.1 allows re
Stack-based buffer overflow in the safe_fprintf function in tar/util.c in libarchive 3.2.1 allows remote attackers to cause a denial of service via a crafted non-printable multibyte character in a filename.
nvd