Leap

leap

Vendor: Opensuse • 1,898 CVEs

CVEs (1,898)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2016-3627 7Canonical DebianHp+4 more 14Debian Linux Enterprise Linux DesktopEnterprise Linux Eus+11 more May 6, 2026 May 17, 2016 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 The xmlStringGetNodeList function in tree.c in libxml2 2.9.3 and earlier, when used in recovery mode, allows context-dependent attackers to cause a denial of service (infinite recursion, stack consumption, and applicatio...Show more The xmlStringGetNodeList function in tree.c in libxml2 2.9.3 and earlier, when used in recovery mode, allows context-dependent attackers to cause a denial of service (infinite recursion, stack consumption, and application crash) via a crafted XML document.Show less
CVE-2015-8874 2Opensuse Php 2Leap Php May 6, 2026 May 16, 2016 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Stack consumption vulnerability in GD in PHP before 5.6.12 allows remote attackers to cause a denial of service via a crafted imagefilltoborder call.
CVE-2015-8873 2Opensuse Php 2Leap Php May 6, 2026 May 16, 2016 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Stack consumption vulnerability in Zend/zend_exceptions.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allows remote attackers to cause a denial of service (segmentation fault) via recursive method...Show more Stack consumption vulnerability in Zend/zend_exceptions.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allows remote attackers to cause a denial of service (segmentation fault) via recursive method calls.Show less
CVE-2015-4116 2Opensuse Php 2Leap Php May 6, 2026 May 16, 2016 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Use-after-free vulnerability in the spl_ptr_heap_insert function in ext/spl/spl_heap.c in PHP before 5.5.27 and 5.6.x before 5.6.11 allows remote attackers to execute arbitrary code by triggering a failed SplMinHeap::com...Show more Use-after-free vulnerability in the spl_ptr_heap_insert function in ext/spl/spl_heap.c in PHP before 5.5.27 and 5.6.x before 5.6.11 allows remote attackers to execute arbitrary code by triggering a failed SplMinHeap::compare operation.Show less
CVE-2015-8863 2Jq Project Opensuse 3Jq LeapOpensuse May 6, 2026 May 6, 2016 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 Off-by-one error in the tokenadd function in jv_parse.c in jq allows remote attackers to cause a denial of service (crash) via a long JSON-encoded number, which triggers a heap-based buffer overflow.
CVE-2016-3718 6Canonical ImagemagickOpensuse+3 more 30Enterprise Linux Desktop Enterprise Linux EusEnterprise Linux For Ibm Z Systems+27 more Apr 22, 2026 May 5, 2016 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 The (1) HTTP and (2) FTP coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted image.
CVE-2016-3715 6Canonical ImagemagickOpensuse+3 more 30Enterprise Linux Desktop Enterprise Linux EusEnterprise Linux For Ibm Z Systems+27 more Apr 22, 2026 May 5, 2016 N/A· v4 5.5 MEDIUM· v3 5.8 MEDIUM· v2 The EPHEMERAL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to delete arbitrary files via a crafted image.
CVE-2016-3714 5Canonical DebianImagemagick+2 more 6Debian Linux ImagemagickLeap+3 more Apr 21, 2026 May 5, 2016 N/A· v4 8.4 HIGH· v3 10.0 HIGH· v2 The (1) EPHEMERAL, (2) HTTPS, (3) MVG, (4) MSL, (5) TEXT, (6) SHOW, (7) WIN, and (8) PLT coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to execute arbitrary code via shell metacharact...Show more The (1) EPHEMERAL, (2) HTTPS, (3) MVG, (4) MSL, (5) TEXT, (6) SHOW, (7) WIN, and (8) PLT coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to execute arbitrary code via shell metacharacters in a crafted image, aka "ImageTragick."Show less
CVE-2016-2107 8Canonical DebianGoogle+5 more 15Android Debian LinuxEnterprise Linux Desktop+12 more May 6, 2026 May 5, 2016 N/A· v4 5.9 MEDIUM· v3 2.6 LOW· v2 The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h does not consider memory allocation during a certain padding check, which allows remote attackers to obtain sensitive cleartext information via a...Show more The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h does not consider memory allocation during a certain padding check, which allows remote attackers to obtain sensitive cleartext information via a padding-oracle attack against an AES CBC session. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-0169.Show less
CVE-2016-2105 8Apple CanonicalDebian+5 more 15Debian Linux Enterprise Linux DesktopEnterprise Linux Hpc Node+12 more May 6, 2026 May 5, 2016 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Integer overflow in the EVP_EncodeUpdate function in crypto/evp/encode.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount o...Show more Integer overflow in the EVP_EncodeUpdate function in crypto/evp/encode.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of binary data.Show less
CVE-2016-2807 3Mozilla OpensuseSuse 4Firefox LeapLinux Enterprise+1 more May 6, 2026 Apr 30, 2016 N/A· v4 8.8 HIGH· v3 10.0 HIGH· v2 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 46.0, Firefox ESR 38.x before 38.8, and Firefox ESR 45.x before 45.1 allow remote attackers to cause a denial of service (memory corrup...Show more Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 46.0, Firefox ESR 38.x before 38.8, and Firefox ESR 45.x before 45.1 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.Show less
CVE-2016-2806 4Debian MozillaOpensuse+1 more 5Debian Linux FirefoxLeap+2 more May 6, 2026 Apr 30, 2016 N/A· v4 8.8 HIGH· v3 10.0 HIGH· v2 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 46.0 and Firefox ESR 45.x before 45.1 allow remote attackers to cause a denial of service (memory corruption and application crash) or...Show more Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 46.0 and Firefox ESR 45.x before 45.1 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.Show less
CVE-2016-2383 3Canonical LinuxOpensuse 3Leap Linux KernelUbuntu Linux May 6, 2026 Apr 27, 2016 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 The adjust_branches function in kernel/bpf/verifier.c in the Linux kernel before 4.5 does not consider the delta in the backward-jump case, which allows local users to obtain sensitive information from kernel memory by c...Show more The adjust_branches function in kernel/bpf/verifier.c in the Linux kernel before 4.5 does not consider the delta in the backward-jump case, which allows local users to obtain sensitive information from kernel memory by creating a packet filter and then loading crafted BPF instructions.Show less
CVE-2016-3427 8Apache CanonicalDebian+5 more 38Cassandra Debian LinuxE Series Santricity Management Plug Ins+35 more Apr 22, 2026 Apr 21, 2016 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX.
CVE-2016-0668 6Canonical DebianMariadb+3 more 10Debian Linux LeapLinux Enterprise Desktop+7 more May 6, 2026 Apr 21, 2016 N/A· v4 4.1 MEDIUM· v3 1.7 LOW· v2 Unspecified vulnerability in Oracle MySQL 5.6.28 and earlier and 5.7.10 and earlier and MariaDB 10.0.x before 10.0.24 and 10.1.x before 10.1.12 allows local users to affect availability via vectors related to InnoDB.
CVE-2016-0666 6Debian IbmMariadb+3 more 7Debian Linux Enterprise LinuxLeap+4 more May 6, 2026 Apr 21, 2016 N/A· v4 5.5 MEDIUM· v3 3.5 LOW· v2 Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows local users to affect availabili...Show more Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows local users to affect availability via vectors related to Security: Privileges.Show less
CVE-2016-0655 5Debian MariadbOpensuse+2 more 5Debian Linux Enterprise LinuxLeap+2 more May 6, 2026 Apr 21, 2016 N/A· v4 4.7 MEDIUM· v3 3.5 LOW· v2 Unspecified vulnerability in Oracle MySQL 5.6.29 and earlier and 5.7.11 and earlier and MariaDB 10.0.x before 10.0.25 and 10.1.x before 10.1.14 allows local users to affect availability via vectors related to InnoDB.
CVE-2016-0651 5Mariadb OpensuseOracle+2 more 15Enterprise Linux Desktop Enterprise Linux EusEnterprise Linux Server+12 more May 6, 2026 Apr 21, 2016 N/A· v4 5.5 MEDIUM· v3 3.5 LOW· v2 Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier allows local users to affect availability via vectors related to Optimizer.
CVE-2016-0650 6Debian IbmMariadb+3 more 7Debian Linux Enterprise LinuxLeap+4 more May 6, 2026 Apr 21, 2016 N/A· v4 5.5 MEDIUM· v3 4.0 MEDIUM· v2 Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect availabili...Show more Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect availability via vectors related to Replication.Show less
CVE-2016-0649 6Debian IbmMariadb+3 more 7Debian Linux Enterprise LinuxLeap+4 more May 6, 2026 Apr 21, 2016 N/A· v4 5.5 MEDIUM· v3 4.0 MEDIUM· v2 Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect availabili...Show more Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect availability via vectors related to PS.Show less

Previous 1...858687...95 Next