Opensuse

opensuse

Vendor: Opensuse • 1,454 CVEs

CVEs (1,454)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2016-6352 3Canonical GnomeOpensuse 4Gdk Pixbuf LeapOpensuse+1 more May 6, 2026 Oct 3, 2016 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 The OneLine32 function in io-ico.c in gdk-pixbuf before 2.35.3 allows remote attackers to cause a denial of service (out-of-bounds write and crash) via crafted dimensions in an ICO file.
CVE-2016-3623 2Libtiff Opensuse 2Libtiff Opensuse May 6, 2026 Oct 3, 2016 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 The rgb2ycbcr tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (divide-by-zero) by setting the (1) v or (2) h parameter to 0.
CVE-2016-6172 2Opensuse Powerdns 3Authoritative Server LeapOpensuse May 6, 2026 Sep 26, 2016 N/A· v4 6.8 MEDIUM· v3 7.1 HIGH· v2 PowerDNS (aka pdns) Authoritative Server before 4.0.1 allows remote primary DNS servers to cause a denial of service (memory exhaustion and secondary DNS server crash) via a large (1) AXFR or (2) IXFR response.
CVE-2016-4303 4Debian EsNovell+1 more 5Debian Linux Iperf3Leap+2 more May 6, 2026 Sep 26, 2016 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 The parse_string function in cjson.c in the cJSON library mishandles UTF8/16 strings, which allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a non-hex character in a JSON string,...Show more The parse_string function in cjson.c in the cJSON library mishandles UTF8/16 strings, which allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a non-hex character in a JSON string, which triggers a heap-based buffer overflow.Show less
CVE-2016-6265 2Artifex Opensuse 3Leap MupdfOpensuse May 6, 2026 Sep 22, 2016 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 Use-after-free vulnerability in the pdf_load_xref function in pdf/pdf-xref.c in MuPDF allows remote attackers to cause a denial of service (crash) via a crafted PDF file.
CVE-2016-6262 3Canonical GnuOpensuse 4Leap LibidnOpensuse+1 more May 6, 2026 Sep 7, 2016 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 idn in libidn before 1.33 might allow remote attackers to obtain sensitive memory information by reading a zero byte as input, which triggers an out-of-bounds read, a different vulnerability than CVE-2015-8948.
CVE-2015-8948 3Canonical GnuOpensuse 4Leap LibidnOpensuse+1 more May 6, 2026 Sep 7, 2016 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 idn in GNU libidn before 1.33 might allow remote attackers to obtain sensitive memory information by reading a zero byte as input, which triggers an out-of-bounds read.
CVE-2016-6855 4Canonical FedoraprojectGnome+1 more 5Eye Of Gnome FedoraLeap+2 more May 6, 2026 Sep 7, 2016 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Eye of GNOME (aka eog) 3.16.5, 3.17.x, 3.18.x before 3.18.3, 3.19.x, and 3.20.x before 3.20.4, when used with glib before 2.44.1, allow remote attackers to cause a denial of service (out-of-bounds write and crash) via ve...Show more Eye of GNOME (aka eog) 3.16.5, 3.17.x, 3.18.x before 3.18.3, 3.19.x, and 3.20.x before 3.20.4, when used with glib before 2.44.1, allow remote attackers to cause a denial of service (out-of-bounds write and crash) via vectors involving passing invalid UTF-8 to GMarkup.Show less
CVE-2016-5421 5Canonical DebianFedoraproject+2 more 6Debian Linux FedoraLeap+3 more May 6, 2026 Aug 10, 2016 N/A· v4 8.1 HIGH· v3 6.8 MEDIUM· v2 Use-after-free vulnerability in libcurl before 7.50.1 allows attackers to control which connection is used or possibly have unspecified other impact via unknown vectors.
CVE-2016-5772 4Debian OpensusePhp+1 more 7Debian Linux LeapLinux Enterprise Debuginfo+4 more May 6, 2026 Aug 7, 2016 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Double free vulnerability in the php_wddx_process_data function in wddx.c in the WDDX extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allows remote attackers to cause a denial of service (applic...Show more Double free vulnerability in the php_wddx_process_data function in wddx.c in the WDDX extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted XML data that is mishandled in a wddx_deserialize call.Show less
CVE-2016-5771 3Debian OpensusePhp 4Debian Linux LeapOpensuse+1 more May 6, 2026 Aug 7, 2016 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 spl_array.c in the SPL extension in PHP before 5.5.37 and 5.6.x before 5.6.23 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to execute arbitrary code or ca...Show more spl_array.c in the SPL extension in PHP before 5.5.37 and 5.6.x before 5.6.23 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and application crash) via crafted serialized data.Show less
CVE-2016-5770 3Debian OpensusePhp 4Debian Linux LeapOpensuse+1 more May 6, 2026 Aug 7, 2016 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Integer overflow in the SplFileObject::fread function in spl_directory.c in the SPL extension in PHP before 5.5.37 and 5.6.x before 5.6.23 allows remote attackers to cause a denial of service or possibly have unspecified...Show more Integer overflow in the SplFileObject::fread function in spl_directory.c in the SPL extension in PHP before 5.5.37 and 5.6.x before 5.6.23 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large integer argument, a related issue to CVE-2016-5096.Show less
CVE-2016-3992 3Cronic Project DebianOpensuse 4Cronic Debian LinuxLeap+1 more May 6, 2026 Jul 26, 2016 N/A· v4 6.2 MEDIUM· v3 4.9 MEDIUM· v2 cronic before 3 allows local users to write to arbitrary files via a symlink attack on a (1) cronic.out.$$, (2) cronic.err.$$, or (3) cronic.trace.$$ file in /tmp.
CVE-2016-5131 8Apple CanonicalDebian+5 more 14Chrome Debian LinuxEnterprise Linux Desktop+11 more May 6, 2026 Jul 23, 2016 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to t...Show more Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function.Show less
CVE-2016-5387 8Apache CanonicalDebian+5 more 20Communications User Data Repository Debian LinuxEnterprise Linux Desktop+17 more May 6, 2026 Jul 19, 2016 N/A· v4 8.1 HIGH· v3 6.8 MEDIUM· v2 The Apache HTTP Server through 2.4.23 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remot...Show more The Apache HTTP Server through 2.4.23 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue. NOTE: the vendor states "This mitigation has been assigned the identifier CVE-2016-5387"; in other words, this is not a CVE ID for a vulnerability.Show less
CVE-2016-3100 2Kde Opensuse 3Kde Frameworks LeapOpensuse May 6, 2026 Jul 13, 2016 N/A· v4 8.4 HIGH· v3 2.1 LOW· v2 kinit in KDE Frameworks before 5.23.0 uses weak permissions (644) for /tmp/xauth-xxx-_y, which allows local users to obtain X11 cookies of other users and consequently capture keystrokes and possibly gain privileges by r...Show more kinit in KDE Frameworks before 5.23.0 uses weak permissions (644) for /tmp/xauth-xxx-_y, which allows local users to obtain X11 cookies of other users and consequently capture keystrokes and possibly gain privileges by reading the file.Show less
CVE-2016-5099 2Opensuse Phpmyadmin 2Opensuse Phpmyadmin May 6, 2026 Jul 5, 2016 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 Cross-site scripting (XSS) vulnerability in phpMyAdmin 4.4.x before 4.4.15.6 and 4.6.x before 4.6.2 allows remote attackers to inject arbitrary web script or HTML via special characters that are mishandled during double...Show more Cross-site scripting (XSS) vulnerability in phpMyAdmin 4.4.x before 4.4.15.6 and 4.6.x before 4.6.2 allows remote attackers to inject arbitrary web script or HTML via special characters that are mishandled during double URL decoding.Show less
CVE-2016-5098 2Opensuse Phpmyadmin 2Opensuse Phpmyadmin May 6, 2026 Jul 5, 2016 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 Directory traversal vulnerability in libraries/error_report.lib.php in phpMyAdmin before 4.6.2-prerelease allows remote attackers to determine the existence of arbitrary files by triggering an error.
CVE-2016-5097 2Opensuse Phpmyadmin 2Opensuse Phpmyadmin May 6, 2026 Jul 5, 2016 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 phpMyAdmin before 4.6.2 places tokens in query strings and does not arrange for them to be stripped before external navigation, which allows remote attackers to obtain sensitive information by reading (1) HTTP requests o...Show more phpMyAdmin before 4.6.2 places tokens in query strings and does not arrange for them to be stripped before external navigation, which allows remote attackers to obtain sensitive information by reading (1) HTTP requests or (2) server logs.Show less
CVE-2016-4957 5Novell NtpOpensuse+2 more 9Leap Linux Enterprise DesktopLinux Enterprise Server+6 more May 6, 2026 Jul 5, 2016 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 ntpd in NTP before 4.2.8p8 allows remote attackers to cause a denial of service (daemon crash) via a crypto-NAK packet. NOTE: this vulnerability exists because of an incorrect fix for CVE-2016-1547.

Previous 1...567...73 Next