Leap

leap

Vendor: Opensuse • 1,898 CVEs

CVEs (1,898)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2016-3982 4Canonical DebianOpensuse+1 more 5Debian Linux LeapOpensuse+2 more May 6, 2026 Apr 13, 2016 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Off-by-one error in the bmp_rle4_fread function in pngxrbmp.c in OptiPNG before 0.7.6 allows remote attackers to cause a denial of service (out-of-bounds read or write access and crash) or possibly execute arbitrary code...Show more Off-by-one error in the bmp_rle4_fread function in pngxrbmp.c in OptiPNG before 0.7.6 allows remote attackers to cause a denial of service (out-of-bounds read or write access and crash) or possibly execute arbitrary code via a crafted image file, which triggers a heap-based buffer overflow.Show less
CVE-2016-3630 5Debian FedoraprojectMercurial+2 more 7Debian Linux FedoraLeap+4 more May 6, 2026 Apr 13, 2016 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 The binary delta decoder in Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a (1) clone, (2) push, or (3) pull command, related to (a) a list sizing rounding error and (b) short records.
CVE-2016-3069 6Debian FedoraprojectMercurial+3 more 14Debian Linux Enterprise Linux DesktopEnterprise Linux Hpc Node+11 more May 6, 2026 Apr 13, 2016 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a crafted name when converting a Git repository.
CVE-2016-3068 6Debian FedoraprojectMercurial+3 more 14Debian Linux Enterprise Linux DesktopEnterprise Linux Hpc Node+11 more May 6, 2026 Apr 13, 2016 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a crafted git ext:: URL when cloning a subrepository.
CVE-2016-2191 4Canonical DebianOpensuse+1 more 5Debian Linux LeapOpensuse+2 more May 6, 2026 Apr 13, 2016 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 The bmp_read_rows function in pngxtern/pngxrbmp.c in OptiPNG before 0.7.6 allows remote attackers to cause a denial of service (invalid memory write and crash) via a series of delta escapes in a crafted BMP image.
CVE-2015-8080 4Debian OpensuseRedhat+1 more 5Debian Linux LeapOpenstack+2 more May 6, 2026 Apr 13, 2016 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Integer overflow in the getnum function in lua_struct.c in Redis 2.8.x before 2.8.24 and 3.0.x before 3.0.6 allows context-dependent attackers with permission to run Lua code in a Redis session to cause a denial of servi...Show more Integer overflow in the getnum function in lua_struct.c in Redis 2.8.x before 2.8.24 and 3.0.x before 3.0.6 allows context-dependent attackers with permission to run Lua code in a Redis session to cause a denial of service (memory corruption and application crash) or possibly bypass intended sandbox restrictions via a large number, which triggers a stack-based buffer overflow.Show less
CVE-2016-4007 1Opensuse 2Leap Opensuse May 6, 2026 Apr 13, 2016 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 Multiple unspecified vulnerabilities in the obs-service-extract_file package before 0.3-5.1 in openSUSE Leap 42.1 and before 0.3-3.1 in openSUSE 13.2 allow attackers to execute arbitrary commands via a service definition...Show more Multiple unspecified vulnerabilities in the obs-service-extract_file package before 0.3-5.1 in openSUSE Leap 42.1 and before 0.3-3.1 in openSUSE 13.2 allow attackers to execute arbitrary commands via a service definition, related to executing unzip with "illegal options."Show less
CVE-2016-1866 2Opensuse Saltstack 2Leap Salt May 6, 2026 Apr 12, 2016 N/A· v4 8.1 HIGH· v3 6.8 MEDIUM· v2 Salt 2015.8.x before 2015.8.4 does not properly handle clear messages on the minion, which allows man-in-the-middle attackers to execute arbitrary code by inserting packets into the minion-master data stream.
CVE-2015-8614 2Claws Mail Opensuse 3Claws Mail LeapOpensuse May 6, 2026 Apr 11, 2016 N/A· v4 7.3 HIGH· v3 7.5 HIGH· v2 Multiple stack-based buffer overflows in the (1) conv_jistoeuc, (2) conv_euctojis, and (3) conv_sjistoeuc functions in codeconv.c in Claws Mail before 3.13.1 allow remote attackers to have unspecified impact via a crafte...Show more Multiple stack-based buffer overflows in the (1) conv_jistoeuc, (2) conv_euctojis, and (3) conv_sjistoeuc functions in codeconv.c in Claws Mail before 3.13.1 allow remote attackers to have unspecified impact via a crafted email, involving Japanese character set conversion.Show less
CVE-2015-5969 2Opensuse Suse 6Leap Linux Enterprise DesktopLinux Enterprise Server+3 more May 6, 2026 Apr 8, 2016 N/A· v4 6.2 MEDIUM· v3 2.1 LOW· v2 The mysql-systemd-helper script in the mysql-community-server package before 5.6.28-2.17.1 in openSUSE 13.2 and before 5.6.28-13.1 in openSUSE Leap 42.1 and the mariadb package before 10.0.22-2.21.2 in openSUSE 13.2 and...Show more The mysql-systemd-helper script in the mysql-community-server package before 5.6.28-2.17.1 in openSUSE 13.2 and before 5.6.28-13.1 in openSUSE Leap 42.1 and the mariadb package before 10.0.22-2.21.2 in openSUSE 13.2 and before 10.0.22-3.1 in SUSE Linux Enterprise (SLE) 12.1 and openSUSE Leap 42.1 allows local users to discover database credentials by listing a process and its arguments.Show less
CVE-2016-2324 3Git Scm OpensuseSuse 8Git LeapLinux Enterprise Debuginfo+5 more May 6, 2026 Apr 8, 2016 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 Integer overflow in Git before 2.7.4 allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, which triggers a heap-based buffer overflow.
CVE-2016-2315 3Git Scm OpensuseSuse 8Git LeapLinux Enterprise Debuginfo+5 more May 6, 2026 Apr 8, 2016 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 revision.c in git before 2.7.4 uses an incorrect integer data type, which allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, leading to a heap-based buffer overflow.
CVE-2016-2851 3Cypherpunks DebianOpensuse 4Debian Linux LeapLibotr+1 more May 6, 2026 Apr 7, 2016 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Integer overflow in proto.c in libotr before 4.1.1 on 64-bit platforms allows remote attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via a series of large OTR me...Show more Integer overflow in proto.c in libotr before 4.1.1 on 64-bit platforms allows remote attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via a series of large OTR messages, which triggers a heap-based buffer overflow.Show less
CVE-2016-1646 6Canonical DebianGoogle+3 more 10Chrome Debian LinuxEnterprise Linux Desktop+7 more Apr 21, 2026 Mar 29, 2016 N/A· v4 8.8 HIGH· v3 9.3 HIGH· v2 The Array.prototype.concat implementation in builtins.cc in Google V8, as used in Google Chrome before 49.0.2623.108, does not properly consider element data types, which allows remote attackers to cause a denial of serv...Show more The Array.prototype.concat implementation in builtins.cc in Google V8, as used in Google Chrome before 49.0.2623.108, does not properly consider element data types, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via crafted JavaScript code.Show less
CVE-2016-3119 2Mit Opensuse 3Kerberos 5 LeapOpensuse May 6, 2026 Mar 26, 2016 N/A· v4 5.3 MEDIUM· v3 3.5 LOW· v2 The process_db_args function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the LDAP KDB module in kadmind in MIT Kerberos 5 (aka krb5) through 1.13.4 and 1.14.x through 1.14.1 mishandles the DB argument, which all...Show more The process_db_args function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the LDAP KDB module in kadmind in MIT Kerberos 5 (aka krb5) through 1.13.4 and 1.14.x through 1.14.1 mishandles the DB argument, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request to modify a principal.Show less
CVE-2016-1645 3Debian GoogleOpensuse 5Chrome Debian LinuxLeap+2 more May 6, 2026 Mar 13, 2016 N/A· v4 8.8 HIGH· v3 9.3 HIGH· v2 Multiple integer signedness errors in the opj_j2k_update_image_data function in j2k.c in OpenJPEG, as used in PDFium in Google Chrome before 49.0.2623.87, allow remote attackers to cause a denial of service (incorrect ca...Show more Multiple integer signedness errors in the opj_j2k_update_image_data function in j2k.c in OpenJPEG, as used in PDFium in Google Chrome before 49.0.2623.87, allow remote attackers to cause a denial of service (incorrect cast and out-of-bounds write) or possibly have unspecified other impact via crafted JPEG 2000 data.Show less
CVE-2016-2802 5Mozilla OpensuseOracle+2 more 6Firefox Graphite2Leap+3 more May 6, 2026 Mar 13, 2016 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 The graphite2::TtfUtil::CmapSubtable4NextCodepoint function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffe...Show more The graphite2::TtfUtil::CmapSubtable4NextCodepoint function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font.Show less
CVE-2016-2801 5Mozilla OpensuseOracle+2 more 6Firefox Graphite2Leap+3 more May 6, 2026 Mar 13, 2016 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 The graphite2::TtfUtil::CmapSubtable12Lookup function in TtfUtil.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of servi...Show more The graphite2::TtfUtil::CmapSubtable12Lookup function in TtfUtil.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font, a different vulnerability than CVE-2016-2797.Show less
CVE-2016-2800 5Mozilla OpensuseOracle+2 more 6Firefox Graphite2Leap+3 more May 6, 2026 Mar 13, 2016 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 The graphite2::Slot::getAttr function in Slot.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-rea...Show more The graphite2::Slot::getAttr function in Slot.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font, a different vulnerability than CVE-2016-2792.Show less
CVE-2016-2799 5Mozilla OpensuseOracle+2 more 6Firefox Graphite2Leap+3 more May 6, 2026 Mar 13, 2016 N/A· v4 8.8 HIGH· v3 9.3 HIGH· v2 Heap-based buffer overflow in the graphite2::Slot::setAttr function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of servic...Show more Heap-based buffer overflow in the graphite2::Slot::setAttr function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted Graphite smart font.Show less

Previous 1...878889...95 Next