Leap

leap

Vendor: Opensuse • 1,898 CVEs

CVEs (1,898)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2016-2822 4Canonical DebianMozilla+1 more 5Debian Linux FirefoxLeap+2 more May 6, 2026 Jun 13, 2016 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allow remote attackers to spoof the address bar via a SELECT element with a persistent menu.
CVE-2016-2821 4Canonical DebianMozilla+1 more 5Debian Linux FirefoxLeap+2 more May 6, 2026 Jun 13, 2016 N/A· v4 7.5 HIGH· v3 6.8 MEDIUM· v2 Use-after-free vulnerability in the mozilla::dom::Element class in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2, when contenteditable mode is enabled, allows remote attackers to execute arbitrary code or...Show more Use-after-free vulnerability in the mozilla::dom::Element class in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2, when contenteditable mode is enabled, allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) by triggering deletion of DOM elements that were created in the editor.Show less
CVE-2016-2819 4Canonical DebianMozilla+1 more 5Debian Linux FirefoxLeap+2 more May 6, 2026 Jun 13, 2016 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Heap-based buffer overflow in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allows remote attackers to execute arbitrary code via foreign-context HTML5 fragments, as demonstrated by fragments within an SVG...Show more Heap-based buffer overflow in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allows remote attackers to execute arbitrary code via foreign-context HTML5 fragments, as demonstrated by fragments within an SVG element.Show less
CVE-2016-2818 6Canonical DebianMozilla+3 more 21Debian Linux Enterprise Linux DesktopEnterprise Linux For Ibm Z Systems+18 more May 6, 2026 Jun 13, 2016 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allow remote attackers to cause a denial of service (memory corruption and application crash) or...Show more Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.Show less
CVE-2016-2815 4Canonical MozillaNovell+1 more 7Firefox LeapOpensuse+4 more May 6, 2026 Jun 13, 2016 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 47.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code v...Show more Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 47.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.Show less
CVE-2016-5118 7Canonical DebianGraphicsmagick+4 more 14Debian Linux GraphicsmagickImagemagick+11 more May 6, 2026 Jun 10, 2016 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 The OpenBlob function in blob.c in GraphicsMagick before 1.3.24 and ImageMagick allows remote attackers to execute arbitrary code via a \| (pipe) character at the start of a filename.
CVE-2016-4429 3Canonical GnuOpensuse 4Glibc LeapOpensuse+1 more May 6, 2026 Jun 10, 2016 N/A· v4 5.9 MEDIUM· v3 4.3 MEDIUM· v2 Stack-based buffer overflow in the clntudp_call function in sunrpc/clnt_udp.c in the GNU C Library (aka glibc or libc6) allows remote servers to cause a denial of service (crash) or possibly unspecified other impact via...Show more Stack-based buffer overflow in the clntudp_call function in sunrpc/clnt_udp.c in the GNU C Library (aka glibc or libc6) allows remote servers to cause a denial of service (crash) or possibly unspecified other impact via a flood of crafted ICMP and UDP packets.Show less
CVE-2016-2150 4Debian OpensuseRedhat+1 more 11Debian Linux Enterprise LinuxEnterprise Linux Desktop+8 more May 6, 2026 Jun 9, 2016 N/A· v4 7.1 HIGH· v3 3.6 LOW· v2 SPICE allows local guest OS users to read from or write to arbitrary host memory locations via crafted primary surface parameters, a similar issue to CVE-2015-5261.
CVE-2016-0749 4Debian OpensuseRedhat+1 more 11Debian Linux Enterprise LinuxEnterprise Linux Desktop+8 more May 6, 2026 Jun 9, 2016 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 The smartcard interaction in SPICE allows remote attackers to cause a denial of service (QEMU-KVM process crash) or possibly execute arbitrary code via vectors related to connecting to a guest VM, which triggers a heap-b...Show more The smartcard interaction in SPICE allows remote attackers to cause a denial of service (QEMU-KVM process crash) or possibly execute arbitrary code via vectors related to connecting to a guest VM, which triggers a heap-based buffer overflow.Show less
CVE-2016-1703 6Canonical DebianGoogle+3 more 9Chrome Debian LinuxEnterprise Linux Desktop+6 more May 6, 2026 Jun 5, 2016 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Multiple unspecified vulnerabilities in Google Chrome before 51.0.2704.79 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
CVE-2016-1702 6Canonical DebianGoogle+3 more 9Chrome Debian LinuxEnterprise Linux Desktop+6 more May 6, 2026 Jun 5, 2016 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 The SkRegion::readFromMemory function in core/SkRegion.cpp in Skia, as used in Google Chrome before 51.0.2704.79, does not validate the interval count, which allows remote attackers to cause a denial of service (out-of-b...Show more The SkRegion::readFromMemory function in core/SkRegion.cpp in Skia, as used in Google Chrome before 51.0.2704.79, does not validate the interval count, which allows remote attackers to cause a denial of service (out-of-bounds read) via crafted serialized data.Show less
CVE-2016-1701 5Debian GoogleOpensuse+2 more 8Chrome Debian LinuxEnterprise Linux Desktop+5 more May 6, 2026 Jun 5, 2016 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 The Autofill implementation in Google Chrome before 51.0.2704.79 mishandles the interaction between field updates and JavaScript code that triggers a frame deletion, which allows remote attackers to cause a denial of ser...Show more The Autofill implementation in Google Chrome before 51.0.2704.79 mishandles the interaction between field updates and JavaScript code that triggers a frame deletion, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted web site, a different vulnerability than CVE-2016-1690.Show less
CVE-2016-1700 5Debian GoogleOpensuse+2 more 8Chrome Debian LinuxEnterprise Linux Desktop+5 more May 6, 2026 Jun 5, 2016 N/A· v4 7.5 HIGH· v3 5.1 MEDIUM· v2 extensions/renderer/runtime_custom_bindings.cc in Google Chrome before 51.0.2704.79 does not consider side effects during creation of an array of extension views, which allows remote attackers to cause a denial of servic...Show more extensions/renderer/runtime_custom_bindings.cc in Google Chrome before 51.0.2704.79 does not consider side effects during creation of an array of extension views, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via vectors related to extensions.Show less
CVE-2016-1699 6Canonical DebianGoogle+3 more 9Chrome Debian LinuxEnterprise Linux Desktop+6 more May 6, 2026 Jun 5, 2016 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 WebKit/Source/devtools/front_end/devtools.js in the Developer Tools (aka DevTools) subsystem in Blink, as used in Google Chrome before 51.0.2704.79, does not ensure that the remoteFrontendUrl parameter is associated with...Show more WebKit/Source/devtools/front_end/devtools.js in the Developer Tools (aka DevTools) subsystem in Blink, as used in Google Chrome before 51.0.2704.79, does not ensure that the remoteFrontendUrl parameter is associated with a chrome-devtools-frontend.appspot.com URL, which allows remote attackers to bypass intended access restrictions via a crafted URL.Show less
CVE-2016-1698 5Debian GoogleOpensuse+2 more 8Chrome Debian LinuxEnterprise Linux Desktop+5 more May 6, 2026 Jun 5, 2016 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 The createCustomType function in extensions/renderer/resources/binding.js in the extension bindings in Google Chrome before 51.0.2704.79 does not validate module types, which might allow attackers to load arbitrary modul...Show more The createCustomType function in extensions/renderer/resources/binding.js in the extension bindings in Google Chrome before 51.0.2704.79 does not validate module types, which might allow attackers to load arbitrary modules or obtain sensitive information by leveraging a poisoned definition.Show less
CVE-2016-1697 6Canonical DebianGoogle+3 more 9Chrome Debian LinuxEnterprise Linux Desktop+6 more May 6, 2026 Jun 5, 2016 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 The FrameLoader::startLoad function in WebKit/Source/core/loader/FrameLoader.cpp in Blink, as used in Google Chrome before 51.0.2704.79, does not prevent frame navigations during DocumentLoader detach operations, which a...Show more The FrameLoader::startLoad function in WebKit/Source/core/loader/FrameLoader.cpp in Blink, as used in Google Chrome before 51.0.2704.79, does not prevent frame navigations during DocumentLoader detach operations, which allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code.Show less
CVE-2016-1696 5Debian GoogleOpensuse+2 more 8Chrome Debian LinuxEnterprise Linux Desktop+5 more May 6, 2026 Jun 5, 2016 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 The extensions subsystem in Google Chrome before 51.0.2704.79 does not properly restrict bindings access, which allows remote attackers to bypass the Same Origin Policy via unspecified vectors.
CVE-2016-1695 6Canonical DebianGoogle+3 more 9Chrome Debian LinuxEnterprise Linux Desktop+6 more May 6, 2026 Jun 5, 2016 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Multiple unspecified vulnerabilities in Google Chrome before 51.0.2704.63 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
CVE-2016-1694 5Debian GoogleOpensuse+2 more 8Chrome Debian LinuxEnterprise Linux Desktop+5 more May 6, 2026 Jun 5, 2016 N/A· v4 5.3 MEDIUM· v3 4.3 MEDIUM· v2 browser/browsing_data/browsing_data_remover.cc in Google Chrome before 51.0.2704.63 deletes HPKP pins during cache clearing, which makes it easier for remote attackers to spoof web sites via a valid certificate from an a...Show more browser/browsing_data/browsing_data_remover.cc in Google Chrome before 51.0.2704.63 deletes HPKP pins during cache clearing, which makes it easier for remote attackers to spoof web sites via a valid certificate from an arbitrary recognized Certification Authority.Show less
CVE-2016-1693 5Debian GoogleOpensuse+2 more 8Chrome Debian LinuxEnterprise Linux Desktop+5 more May 6, 2026 Jun 5, 2016 N/A· v4 5.3 MEDIUM· v3 2.6 LOW· v2 browser/safe_browsing/srt_field_trial_win.cc in Google Chrome before 51.0.2704.63 does not use the HTTPS service on dl.google.com to obtain the Software Removal Tool, which allows remote attackers to spoof the chrome_cle...Show more browser/safe_browsing/srt_field_trial_win.cc in Google Chrome before 51.0.2704.63 does not use the HTTPS service on dl.google.com to obtain the Software Removal Tool, which allows remote attackers to spoof the chrome_cleanup_tool.exe (aka CCT) file via a man-in-the-middle attack on an HTTP session.Show less

Previous 1...828384...95 Next