Opensuse

Leap

1897 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.8

CVE-2016-4069

  • EPSS 1.13%
  • Published 25.08.2016 18:59:00
  • Last modified 12.04.2025 10:46:40

Cross-site request forgery (CSRF) vulnerability in Roundcube Webmail before 1.1.5 allows remote attackers to hijack the authentication of users for requests that download attachments and cause a denial of service (disk consumption) via unspecified ve...

6.5

CVE-2016-6214

  • EPSS 9.35%
  • Published 12.08.2016 15:59:04
  • Last modified 12.04.2025 10:46:40

gd_tga.c in the GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA file.

6.5

CVE-2016-6207

  • EPSS 10.16%
  • Published 12.08.2016 15:59:03
  • Last modified 12.04.2025 10:46:40

Integer overflow in the _gdContributionsAlloc function in gd_interpolation.c in GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds memory write or memory consumption) via unspecified vecto...

6.5

CVE-2016-6161

  • EPSS 0.4%
  • Published 12.08.2016 15:59:02
  • Last modified 12.04.2025 10:46:40

The output function in gd_gif_out.c in the GD Graphics Library (aka libgd) allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted image.

6.5

CVE-2016-6132

  • EPSS 2.13%
  • Published 12.08.2016 15:59:00
  • Last modified 12.04.2025 10:46:40

The gdImageCreateFromTgaCtx function in the GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA file.

8.1

CVE-2016-5421

  • EPSS 1.27%
  • Published 10.08.2016 14:59:06
  • Last modified 12.04.2025 10:46:40

Use-after-free vulnerability in libcurl before 7.50.1 allows attackers to control which connection is used or possibly have unspecified other impact via unknown vectors.

7.5

CVE-2016-5420

  • EPSS 1.07%
  • Published 10.08.2016 14:59:05
  • Last modified 12.04.2025 10:46:40

curl and libcurl before 7.50.1 do not check the client certificate when choosing the TLS connection to reuse, which might allow remote attackers to hijack the authentication of the connection by leveraging a previously created connection with a diffe...

7.5

CVE-2016-5419

  • EPSS 2.13%
  • Published 10.08.2016 14:59:03
  • Last modified 12.04.2025 10:46:40

curl and libcurl before 7.50.1 do not prevent TLS session resumption when the client certificate has changed, which allows remote attackers to bypass intended restrictions by resuming a session.

7.5

CVE-2016-6128

  • EPSS 19.23%
  • Published 07.08.2016 10:59:22
  • Last modified 12.04.2025 10:46:40

The gdImageCropThreshold function in gd_crop.c in the GD Graphics Library (aka libgd) before 2.2.3, as used in PHP before 7.0.9, allows remote attackers to cause a denial of service (application crash) via an invalid color index.

9.8

CVE-2016-5772

Exploit
  • EPSS 15.31%
  • Published 07.08.2016 10:59:20
  • Last modified 12.04.2025 10:46:40

Double free vulnerability in the php_wddx_process_data function in wddx.c in the WDDX extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allows remote attackers to cause a denial of service (application crash) or possibly execu...