Leap

leap

Vendor: Opensuse • 1,898 CVEs

CVEs (1,898)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2017-14493 5Canonical DebianOpensuse+2 more 7Debian Linux DnsmasqEnterprise Linux Desktop+4 more May 13, 2026 Oct 3, 2017 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Stack-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DHCPv6 request.
CVE-2015-3138 3Opensuse Opensuse ProjectTcpdump 3Leap LeapTcpdump May 13, 2026 Sep 28, 2017 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 print-wb.c in tcpdump before 4.7.4 allows remote attackers to cause a denial of service (segmentation fault and process crash).
CVE-2016-5759 2Novell Opensuse 3Leap Suse Linux Enterprise DesktopSuse Linux Enterprise Server May 13, 2026 Sep 8, 2017 N/A· v4 7.8 HIGH· v3 6.9 MEDIUM· v2 The mkdumprd script called "dracut" in the current working directory "." allows local users to trick the administrator into executing code as root.
CVE-2017-6594 2Heimdal Project Opensuse 2Heimdal Leap May 13, 2026 Aug 28, 2017 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 The transit path validation code in Heimdal before 7.3 might allow attackers to bypass the capath policy protection mechanism by leveraging failure to add the previous hop realm to the transit path of issued tickets.
CVE-2014-3462 2Encfs Project Opensuse 3Encfs LeapOpensuse May 13, 2026 Aug 7, 2017 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 The ".encfs6.xml" configuration file in encfs before 1.7.5 allows remote attackers to access sensitive data by setting "blockMACBytes" to 0 and adding 8 to "blockMACRandBytes".
CVE-2015-5203 4Fedoraproject Jasper ProjectOpensuse+1 more 5Fedora JasperLeap+2 more May 13, 2026 Aug 2, 2017 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 Double free vulnerability in the jasper_image_stop_load function in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via a crafted JPEG 2000 image file.
CVE-2015-5221 4Fedoraproject Jasper ProjectOpensuse+1 more 5Fedora JasperLeap+2 more May 13, 2026 Jul 25, 2017 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 Use-after-free vulnerability in the mif_process_cmpt function in libjasper/mif/mif_cod.c in the JasPer JPEG-2000 library before 1.900.2 allows remote attackers to cause a denial of service (crash) via a crafted JPEG 2000...Show more Use-after-free vulnerability in the mif_process_cmpt function in libjasper/mif/mif_cod.c in the JasPer JPEG-2000 library before 1.900.2 allows remote attackers to cause a denial of service (crash) via a crafted JPEG 2000 image file.Show less
CVE-2015-5300 7Canonical DebianFedoraproject+4 more 20Debian Linux Enterprise Linux DesktopEnterprise Linux Hpc Node+17 more May 13, 2026 Jul 21, 2017 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 The panic_gate check in NTP before 4.2.8p5 is only re-enabled after the first change to the system clock that was greater than 128 milliseconds by default, which allows remote attackers to set NTP to an arbitrary time wh...Show more The panic_gate check in NTP before 4.2.8p5 is only re-enabled after the first change to the system clock that was greater than 128 milliseconds by default, which allows remote attackers to set NTP to an arbitrary time when started with the -g option, or to alter the time by up to 900 seconds otherwise by responding to an unspecified number of requests from trusted sources, and leveraging a resulting denial of service (abort and restart).Show less
CVE-2015-5219 10Canonical DebianFedoraproject+7 more 18Debian Linux Enterprise Linux DesktopEnterprise Linux Hpc Node+15 more May 13, 2026 Jul 21, 2017 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 The ULOGTOD function in ntp.d in SNTP before 4.2.7p366 does not properly perform type conversions from a precision value to a double, which allows remote attackers to cause a denial of service (infinite loop) via a craft...Show more The ULOGTOD function in ntp.d in SNTP before 4.2.7p366 does not properly perform type conversions from a precision value to a double, which allows remote attackers to cause a denial of service (infinite loop) via a crafted NTP packet.Show less
CVE-2017-9814 2Cairographics Opensuse 2Cairo Leap May 13, 2026 Jul 17, 2017 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 cairo-truetype-subset.c in cairo 1.15.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) because of mishandling of an unexpected malloc(0) call.
CVE-2017-8932 4Fedoraproject GolangNovell+1 more 4Fedora GoLeap+1 more May 13, 2026 Jul 6, 2017 N/A· v4 5.9 MEDIUM· v3 4.3 MEDIUM· v2 A bug in the standard library ScalarMult implementation of curve P-256 for amd64 architectures in Go before 1.7.6 and 1.8.x before 1.8.2 causes incorrect results to be generated for specific input points. An adaptive att...Show more A bug in the standard library ScalarMult implementation of curve P-256 for amd64 architectures in Go before 1.7.6 and 1.8.x before 1.8.2 causes incorrect results to be generated for specific input points. An adaptive attack can be mounted to progressively extract the scalar input to ScalarMult by submitting crafted points and observing failures to the derive correct output. This leads to a full key recovery attack against static ECDH, as used in popular JWT libraries.Show less
CVE-2017-1000366 8Debian GnuMcafee+5 more 20Cloud Magnum Orchestration Debian LinuxEnterprise Linux+17 more May 13, 2026 Jun 19, 2017 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 glibc contains a vulnerability that allows specially crafted LD_LIBRARY_PATH values to manipulate the heap/stack, causing them to alias, potentially resulting in arbitrary code execution. Please note that additional hard...Show more glibc contains a vulnerability that allows specially crafted LD_LIBRARY_PATH values to manipulate the heap/stack, causing them to alias, potentially resulting in arbitrary code execution. Please note that additional hardening changes have been made to glibc to prevent manipulation of stack and heap memory but these issues are not directly exploitable, as such they have not been given a CVE. This affects glibc 2.25 and earlier.Show less
CVE-2017-8871 2Gnome Opensuse 2Leap Libcroco May 13, 2026 Jun 12, 2017 N/A· v4 6.5 MEDIUM· v3 7.1 HIGH· v2 The cr_parser_parse_selector_core function in cr-parser.c in libcroco 0.6.12 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted CSS file.
CVE-2017-8834 2Gnome Opensuse 2Leap Libcroco May 13, 2026 Jun 12, 2017 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 The cr_tknzr_parse_comment function in cr-tknzr.c in libcroco 0.6.12 allows remote attackers to cause a denial of service (memory allocation error) via a crafted CSS file.
CVE-2016-9961 5Fedoraproject Game Music Emu ProjectNovell+2 more 7Fedora Game Music EmuLeap+4 more May 13, 2026 Jun 6, 2017 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 game-music-emu before 0.6.1 mishandles unspecified integer values.
CVE-2016-9960 5Fedoraproject Game Music Emu ProjectNovell+2 more 7Fedora Game Music EmuLeap+4 more May 13, 2026 Jun 6, 2017 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 game-music-emu before 0.6.1 allows local users to cause a denial of service (divide by zero and process crash).
CVE-2017-8386 5Canonical DebianFedoraproject+2 more 5Debian Linux FedoraGit Shell+2 more May 13, 2026 Jun 1, 2017 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 git-shell in git before 2.4.12, 2.5.x before 2.5.6, 2.6.x before 2.6.7, 2.7.x before 2.7.5, 2.8.x before 2.8.5, 2.9.x before 2.9.4, 2.10.x before 2.10.3, 2.11.x before 2.11.2, and 2.12.x before 2.12.3 might allow remote...Show more git-shell in git before 2.4.12, 2.5.x before 2.5.6, 2.6.x before 2.6.7, 2.7.x before 2.7.5, 2.8.x before 2.8.5, 2.9.x before 2.9.4, 2.10.x before 2.10.3, 2.11.x before 2.11.2, and 2.12.x before 2.12.3 might allow remote authenticated users to gain privileges via a repository name that starts with a - (dash) character.Show less
CVE-2016-9843 10Apple CanonicalDebian+7 more 24Active Iq Unified Manager Database ServerDebian Linux+21 more May 13, 2026 May 23, 2017 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving big-endian CRC calculation.
CVE-2016-9842 8Apple CanonicalDebian+5 more 19Database Server Debian LinuxEnterprise Linux Desktop+16 more May 13, 2026 May 23, 2017 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 The inflateMark function in inflate.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving left shifts of negative integers.
CVE-2016-9841 9Apple CanonicalDebian+6 more 39Active Iq Unified Manager Cloud BackupDatabase Server+36 more May 13, 2026 May 23, 2017 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.

Previous 1...737475...95 Next