Opensuse

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2016-1680 6Canonical DebianGoogle+3 more 9Chrome Debian LinuxEnterprise Linux Desktop+6 more May 6, 2026 Jun 5, 2016 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Use-after-free vulnerability in ports/SkFontHost_FreeType.cpp in Skia, as used in Google Chrome before 51.0.2704.63, allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecif...Show more Use-after-free vulnerability in ports/SkFontHost_FreeType.cpp in Skia, as used in Google Chrome before 51.0.2704.63, allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via unknown vectors.Show less
CVE-2016-1679 6Canonical DebianGoogle+3 more 9Chrome Debian LinuxEnterprise Linux Desktop+6 more May 6, 2026 Jun 5, 2016 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 The ToV8Value function in content/child/v8_value_converter_impl.cc in the V8 bindings in Google Chrome before 51.0.2704.63 does not properly restrict use of getters and setters, which allows remote attackers to cause a d...Show more The ToV8Value function in content/child/v8_value_converter_impl.cc in the V8 bindings in Google Chrome before 51.0.2704.63 does not properly restrict use of getters and setters, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted JavaScript code.Show less
CVE-2016-1678 6Canonical DebianGoogle+3 more 10Chrome Debian LinuxEnterprise Linux Desktop+7 more May 6, 2026 Jun 5, 2016 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 objects.cc in Google V8 before 5.0.71.32, as used in Google Chrome before 51.0.2704.63, does not properly restrict lazy deoptimization, which allows remote attackers to cause a denial of service (heap-based buffer overfl...Show more objects.cc in Google V8 before 5.0.71.32, as used in Google Chrome before 51.0.2704.63, does not properly restrict lazy deoptimization, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted JavaScript code.Show less
CVE-2016-1677 6Canonical DebianGoogle+3 more 10Chrome Debian LinuxEnterprise Linux Desktop+7 more May 6, 2026 Jun 5, 2016 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 uri.js in Google V8 before 5.1.281.26, as used in Google Chrome before 51.0.2704.63, uses an incorrect array type, which allows remote attackers to obtain sensitive information by calling the decodeURI function and lever...Show more uri.js in Google V8 before 5.1.281.26, as used in Google Chrome before 51.0.2704.63, uses an incorrect array type, which allows remote attackers to obtain sensitive information by calling the decodeURI function and leveraging "type confusion."Show less
CVE-2016-1676 5Debian GoogleOpensuse+2 more 8Chrome Debian LinuxEnterprise Linux Desktop+5 more May 6, 2026 Jun 5, 2016 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 extensions/renderer/resources/binding.js in the extension bindings in Google Chrome before 51.0.2704.63 does not properly use prototypes, which allows remote attackers to bypass the Same Origin Policy via unspecified vec...Show more extensions/renderer/resources/binding.js in the extension bindings in Google Chrome before 51.0.2704.63 does not properly use prototypes, which allows remote attackers to bypass the Same Origin Policy via unspecified vectors.Show less
CVE-2016-1675 6Canonical DebianGoogle+3 more 9Chrome Debian LinuxEnterprise Linux Desktop+6 more May 6, 2026 Jun 5, 2016 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Blink, as used in Google Chrome before 51.0.2704.63, allows remote attackers to bypass the Same Origin Policy by leveraging the mishandling of Document reattachment during destruction, related to FrameLoader.cpp and Loca...Show more Blink, as used in Google Chrome before 51.0.2704.63, allows remote attackers to bypass the Same Origin Policy by leveraging the mishandling of Document reattachment during destruction, related to FrameLoader.cpp and LocalFrame.cpp.Show less
CVE-2016-1674 5Debian GoogleOpensuse+2 more 8Chrome Debian LinuxEnterprise Linux Desktop+5 more May 6, 2026 Jun 5, 2016 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 The extensions subsystem in Google Chrome before 51.0.2704.63 allows remote attackers to bypass the Same Origin Policy via unspecified vectors.
CVE-2016-1673 6Canonical DebianGoogle+3 more 9Chrome Debian LinuxEnterprise Linux Desktop+6 more May 6, 2026 Jun 5, 2016 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Blink, as used in Google Chrome before 51.0.2704.63, allows remote attackers to bypass the Same Origin Policy via unspecified vectors.
CVE-2016-1672 5Debian GoogleOpensuse+2 more 8Chrome Debian LinuxEnterprise Linux Desktop+5 more May 6, 2026 Jun 5, 2016 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 The ModuleSystem::RequireForJsInner function in extensions/renderer/module_system.cc in the extension bindings in Google Chrome before 51.0.2704.63 mishandles properties, which allows remote attackers to conduct bindings...Show more The ModuleSystem::RequireForJsInner function in extensions/renderer/module_system.cc in the extension bindings in Google Chrome before 51.0.2704.63 mishandles properties, which allows remote attackers to conduct bindings-interception attacks and bypass the Same Origin Policy via unspecified vectors.Show less
CVE-2016-4804 3Canonical Dosfstools ProjectOpensuse 4Dosfstools LeapOpensuse+1 more May 6, 2026 Jun 3, 2016 N/A· v4 6.2 MEDIUM· v3 2.1 LOW· v2 The read_boot function in boot.c in dosfstools before 4.0 allows attackers to cause a denial of service (crash) via a crafted filesystem, which triggers a heap-based buffer overflow in the (1) read_fat function or an out...Show more The read_boot function in boot.c in dosfstools before 4.0 allows attackers to cause a denial of service (crash) via a crafted filesystem, which triggers a heap-based buffer overflow in the (1) read_fat function or an out-of-bounds heap read in (2) get_fat function.Show less
CVE-2015-8872 3Canonical Dosfstools ProjectOpensuse 4Dosfstools LeapOpensuse+1 more May 6, 2026 Jun 3, 2016 N/A· v4 6.2 MEDIUM· v3 2.1 LOW· v2 The set_fat function in fat.c in dosfstools before 4.0 might allow attackers to corrupt a FAT12 filesystem or cause a denial of service (invalid memory read and crash) by writing an odd number of clusters to the third to...Show more The set_fat function in fat.c in dosfstools before 4.0 might allow attackers to corrupt a FAT12 filesystem or cause a denial of service (invalid memory read and crash) by writing an odd number of clusters to the third to last entry on a FAT12 filesystem, which triggers an "off-by-two error."Show less
CVE-2016-3697 3Docker LinuxfoundationOpensuse 3Docker OpensuseRunc May 6, 2026 Jun 1, 2016 N/A· v4 7.8 HIGH· v3 2.1 LOW· v2 libcontainer/user/user.go in runC before 0.1.0, as used in Docker before 1.11.2, improperly treats a numeric UID as a potential username, which allows local users to gain privileges via a numeric username in the password...Show more libcontainer/user/user.go in runC before 0.1.0, as used in Docker before 1.11.2, improperly treats a numeric UID as a potential username, which allows local users to gain privileges via a numeric username in the password file in a container.Show less
CVE-2016-3075 4Canonical FedoraprojectGnu+1 more 4Fedora GlibcOpensuse+1 more May 6, 2026 Jun 1, 2016 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Stack-based buffer overflow in the nss_dns implementation of the getnetbyname function in GNU C Library (aka glibc) before 2.24 allows context-dependent attackers to cause a denial of service (stack consumption and appli...Show more Stack-based buffer overflow in the nss_dns implementation of the getnetbyname function in GNU C Library (aka glibc) before 2.24 allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via a long name.Show less
CVE-2016-1234 3Fedoraproject GnuOpensuse 4Fedora GlibcLeap+1 more May 6, 2026 Jun 1, 2016 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Stack-based buffer overflow in the glob implementation in GNU C Library (aka glibc) before 2.24, when GLOB_ALTDIRFUNC is used, allows context-dependent attackers to cause a denial of service (crash) via a long name.
CVE-2016-0718 9Apple CanonicalDebian+6 more 14Debian Linux FirefoxLeap+11 more May 6, 2026 May 26, 2016 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Expat allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a malformed input document, which triggers a buffer overflow.
CVE-2016-4049 2Opensuse Quagga 3Leap OpensuseQuagga May 6, 2026 May 23, 2016 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 The bgp_dump_routes_func function in bgpd/bgp_dump.c in Quagga does not perform size checks when dumping data, which might allow remote attackers to cause a denial of service (assertion failure and daemon crash) via a la...Show more The bgp_dump_routes_func function in bgpd/bgp_dump.c in Quagga does not perform size checks when dumping data, which might allow remote attackers to cause a denial of service (assertion failure and daemon crash) via a large BGP packet.Show less
CVE-2016-3959 3Fedoraproject GolangOpensuse 3Fedora GoLeap May 6, 2026 May 23, 2016 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 The Verify function in crypto/dsa/dsa.go in Go before 1.5.4 and 1.6.x before 1.6.1 does not properly check parameters passed to the big integer library, which might allow remote attackers to cause a denial of service (in...Show more The Verify function in crypto/dsa/dsa.go in Go before 1.5.4 and 1.6.x before 1.6.1 does not properly check parameters passed to the big integer library, which might allow remote attackers to cause a denial of service (infinite loop) via a crafted public key to a program that uses HTTPS client certificates or SSH server libraries.Show less
CVE-2016-4578 5Canonical DebianLinux+2 more 11Debian Linux Enterprise Linux DesktopEnterprise Linux Server+8 more May 6, 2026 May 23, 2016 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 sound/core/timer.c in the Linux kernel through 4.6 does not initialize certain r1 data structures, which allows local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer inter...Show more sound/core/timer.c in the Linux kernel through 4.6 does not initialize certain r1 data structures, which allows local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface, related to the (1) snd_timer_user_ccallback and (2) snd_timer_user_tinterrupt functions.Show less
CVE-2016-4544 4Debian FedoraprojectOpensuse+1 more 5Debian Linux FedoraLeap+2 more May 6, 2026 May 22, 2016 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 The exif_process_TIFF_in_JPEG function in ext/exif/exif.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 does not validate TIFF start data, which allows remote attackers to cause a denial of service (out...Show more The exif_process_TIFF_in_JPEG function in ext/exif/exif.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 does not validate TIFF start data, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via crafted header data.Show less
CVE-2016-4543 4Fedoraproject HpOpensuse+1 more 4Fedora LeapPhp+1 more May 6, 2026 May 22, 2016 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 The exif_process_IFD_in_JPEG function in ext/exif/exif.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 does not validate IFD sizes, which allows remote attackers to cause a denial of service (out-of-bou...Show more The exif_process_IFD_in_JPEG function in ext/exif/exif.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 does not validate IFD sizes, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via crafted header data.Show less

Previous 1...9899100...164 Next