Opensuse

Leap

1897 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.8

CVE-2016-4069

  • EPSS 1.13%
  • Veröffentlicht 25.08.2016 18:59:00
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Cross-site request forgery (CSRF) vulnerability in Roundcube Webmail before 1.1.5 allows remote attackers to hijack the authentication of users for requests that download attachments and cause a denial of service (disk consumption) via unspecified ve...

6.5

CVE-2016-6214

  • EPSS 9.35%
  • Veröffentlicht 12.08.2016 15:59:04
  • Zuletzt bearbeitet 12.04.2025 10:46:40

gd_tga.c in the GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA file.

6.5

CVE-2016-6207

  • EPSS 10.16%
  • Veröffentlicht 12.08.2016 15:59:03
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Integer overflow in the _gdContributionsAlloc function in gd_interpolation.c in GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds memory write or memory consumption) via unspecified vecto...

6.5

CVE-2016-6161

  • EPSS 0.4%
  • Veröffentlicht 12.08.2016 15:59:02
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The output function in gd_gif_out.c in the GD Graphics Library (aka libgd) allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted image.

6.5

CVE-2016-6132

  • EPSS 2.13%
  • Veröffentlicht 12.08.2016 15:59:00
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The gdImageCreateFromTgaCtx function in the GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA file.

8.1

CVE-2016-5421

  • EPSS 1.27%
  • Veröffentlicht 10.08.2016 14:59:06
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Use-after-free vulnerability in libcurl before 7.50.1 allows attackers to control which connection is used or possibly have unspecified other impact via unknown vectors.

7.5

CVE-2016-5420

  • EPSS 1.07%
  • Veröffentlicht 10.08.2016 14:59:05
  • Zuletzt bearbeitet 12.04.2025 10:46:40

curl and libcurl before 7.50.1 do not check the client certificate when choosing the TLS connection to reuse, which might allow remote attackers to hijack the authentication of the connection by leveraging a previously created connection with a diffe...

7.5

CVE-2016-5419

  • EPSS 2.13%
  • Veröffentlicht 10.08.2016 14:59:03
  • Zuletzt bearbeitet 12.04.2025 10:46:40

curl and libcurl before 7.50.1 do not prevent TLS session resumption when the client certificate has changed, which allows remote attackers to bypass intended restrictions by resuming a session.

7.5

CVE-2016-6128

  • EPSS 19.23%
  • Veröffentlicht 07.08.2016 10:59:22
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The gdImageCropThreshold function in gd_crop.c in the GD Graphics Library (aka libgd) before 2.2.3, as used in PHP before 7.0.9, allows remote attackers to cause a denial of service (application crash) via an invalid color index.

9.8

CVE-2016-5772

Exploit
  • EPSS 15.31%
  • Veröffentlicht 07.08.2016 10:59:20
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Double free vulnerability in the php_wddx_process_data function in wddx.c in the WDDX extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allows remote attackers to cause a denial of service (application crash) or possibly execu...