Opensuse Project Leap vulnerabilities

CVE-2017-17806 [HIGH] CWE-787 CVE-2017-17806: The HMAC implementation (crypto/hmac.c) in the Linux kernel before 4.14.8 does not validate that the The HMAC implementation (crypto/hmac.c) in the Linux kernel before 4.14.8 does not validate that the underlying cryptographic hash algorithm is unkeyed, allowing a local attacker able to use the AF_ALG-based hash interface (CONFIG_CRYPTO_USER_API_HASH) and the SHA-3 hash algorithm (CONFIG_CRYPTO_SHA3) to cause a kernel stack buffer overflow by executi

CVE-2017-17805 [HIGH] CWE-20 CVE-2017-17805: The Salsa20 encryption algorithm in the Linux kernel before 4.14.8 does not correctly handle zero-le The Salsa20 encryption algorithm in the Linux kernel before 4.14.8 does not correctly handle zero-length inputs, allowing a local attacker able to use the AF_ALG-based skcipher interface (CONFIG_CRYPTO_USER_API_SKCIPHER) to cause a denial of service (uninitialized-memory free and kernel crash) or have unspecified other impact by executing a crafted seq

CVE-2016-1254 [HIGH] CWE-119 CVE-2016-1254: Tor before 0.2.8.12 might allow remote attackers to cause a denial of service (client crash) via a c Tor before 0.2.8.12 might allow remote attackers to cause a denial of service (client crash) via a crafted hidden service descriptor.

CVE-2015-3138 [HIGH] CWE-20 CVE-2015-3138: print-wb.c in tcpdump before 4.7.4 allows remote attackers to cause a denial of service (segmentatio print-wb.c in tcpdump before 4.7.4 allows remote attackers to cause a denial of service (segmentation fault and process crash).

CVE-2015-5203 [MEDIUM] CWE-415 CVE-2015-5203: Double free vulnerability in the jasper_image_stop_load function in JasPer 1.900.17 allows remote at Double free vulnerability in the jasper_image_stop_load function in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via a crafted JPEG 2000 image file.

CVE-2015-5221 [MEDIUM] CWE-416 CVE-2015-5221: Use-after-free vulnerability in the mif_process_cmpt function in libjasper/mif/mif_cod.c in the JasP Use-after-free vulnerability in the mif_process_cmpt function in libjasper/mif/mif_cod.c in the JasPer JPEG-2000 library before 1.900.2 allows remote attackers to cause a denial of service (crash) via a crafted JPEG 2000 image file.

CVE-2016-9961 [CRITICAL] CWE-189 CVE-2016-9961: game-music-emu before 0.6.1 mishandles unspecified integer values. game-music-emu before 0.6.1 mishandles unspecified integer values.

CVE-2016-9960 [MEDIUM] CWE-369 CVE-2016-9960: game-music-emu before 0.6.1 allows local users to cause a denial of service (divide by zero and proc game-music-emu before 0.6.1 allows local users to cause a denial of service (divide by zero and process crash).

CVE-2016-9959 [HIGH] CWE-125 CVE-2016-9959: game-music-emu before 0.6.1 allows remote attackers to generate out of bounds 8-bit values. game-music-emu before 0.6.1 allows remote attackers to generate out of bounds 8-bit values.

CVE-2016-9958 [HIGH] CWE-119 CVE-2016-9958: game-music-emu before 0.6.1 allows remote attackers to write to arbitrary memory locations. game-music-emu before 0.6.1 allows remote attackers to write to arbitrary memory locations.

CVE-2016-9957 [HIGH] CWE-119 CVE-2016-9957: Stack-based buffer overflow in game-music-emu before 0.6.1. Stack-based buffer overflow in game-music-emu before 0.6.1.

CVE-2017-6542 [CRITICAL] CWE-119 CVE-2017-6542: The ssh_agent_channel_data function in PuTTY before 0.68 allows remote attackers to have unspecified The ssh_agent_channel_data function in PuTTY before 0.68 allows remote attackers to have unspecified impact via a large length value in an agent protocol message and leveraging the ability to connect to the Unix-domain socket representing the forwarded agent connection, which trigger a buffer overflow.

CVE-2015-8010 [MEDIUM] CWE-79 CVE-2015-8010: Cross-site scripting (XSS) vulnerability in the Classic-UI with the CSV export link and pagination f Cross-site scripting (XSS) vulnerability in the Classic-UI with the CSV export link and pagination feature in Icinga before 1.14 allows remote attackers to inject arbitrary web script or HTML via the query string to cgi-bin/status.cgi.

CVE-2016-7797 [HIGH] CWE-254 CVE-2016-7797: Pacemaker before 1.1.15, when using pacemaker remote, might allow remote attackers to cause a denial Pacemaker before 1.1.15, when using pacemaker remote, might allow remote attackers to cause a denial of service (node disconnection) via an unauthenticated connection.

CVE-2016-10048 [HIGH] CWE-22 CVE-2016-10048: Directory traversal vulnerability in magick/module.c in ImageMagick 6.9.4-7 allows remote attackers Directory traversal vulnerability in magick/module.c in ImageMagick 6.9.4-7 allows remote attackers to load arbitrary modules via unspecified vectors.

CVE-2016-9556 [MEDIUM] CWE-119 CVE-2016-9556: The IsPixelGray function in MagickCore/pixel-accessor.h in ImageMagick 7.0.3-8 allows remote attacke The IsPixelGray function in MagickCore/pixel-accessor.h in ImageMagick 7.0.3-8 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted image file.

CVE-2014-9847 [CRITICAL] CWE-119 CVE-2014-9847: The jng decoder in ImageMagick 6.8.9.9 allows remote attackers to have an unspecified impact. The jng decoder in ImageMagick 6.8.9.9 allows remote attackers to have an unspecified impact.

CVE-2014-9846 [CRITICAL] CWE-119 CVE-2014-9846: Buffer overflow in the ReadRLEImage function in coders/rle.c in ImageMagick 6.8.9.9 allows remote at Buffer overflow in the ReadRLEImage function in coders/rle.c in ImageMagick 6.8.9.9 allows remote attackers to have unspecified impact.

CVE-2014-9841 [CRITICAL] CWE-388 CVE-2014-9841: The ReadPSDLayers function in coders/psd.c in ImageMagick 6.8.9.9 allows remote attackers to have un The ReadPSDLayers function in coders/psd.c in ImageMagick 6.8.9.9 allows remote attackers to have unspecified impact via unknown vectors, related to "throwing of exceptions."

CVE-2014-9843 [CRITICAL] CWE-119 CVE-2014-9843: The DecodePSDPixels function in coders/psd.c in ImageMagick 6.8.9.9 allows remote attackers to have The DecodePSDPixels function in coders/psd.c in ImageMagick 6.8.9.9 allows remote attackers to have unspecified impact via unknown vectors.