Vulnerabilities (CVE)

Filtered by vendor Opensuse Subscribe
Filtered by product Leap
Total 1920 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2016-6318 3 Cracklib Project, Debian, Opensuse 3 Cracklib, Debian Linux, Leap 2026-06-17 7.2 HIGH 7.8 HIGH
Stack-based buffer overflow in the FascistGecosUser function in lib/fascist.c in cracklib allows local users to cause a denial of service (application crash) or gain privileges via a long GECOS field, involving longbuffer.
CVE-2016-6265 2 Artifex, Opensuse 3 Mupdf, Leap, Opensuse 2026-06-17 4.3 MEDIUM 5.5 MEDIUM
Use-after-free vulnerability in the pdf_load_xref function in pdf/pdf-xref.c in MuPDF allows remote attackers to cause a denial of service (crash) via a crafted PDF file.
CVE-2016-6262 3 Canonical, Gnu, Opensuse 4 Ubuntu Linux, Libidn, Leap and 1 more 2026-06-17 5.0 MEDIUM 7.5 HIGH
idn in libidn before 1.33 might allow remote attackers to obtain sensitive memory information by reading a zero byte as input, which triggers an out-of-bounds read, a different vulnerability than CVE-2015-8948.
CVE-2016-6261 3 Canonical, Gnu, Opensuse 3 Ubuntu Linux, Libidn, Leap 2026-06-17 5.0 MEDIUM 7.5 HIGH
The idna_to_ascii_4i function in lib/idna.c in libidn before 1.33 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via 64 bytes of input.
CVE-2016-6225 3 Fedoraproject, Opensuse, Percona 3 Fedora, Leap, Xtrabackup 2026-06-17 4.3 MEDIUM 5.9 MEDIUM
xbcrypt in Percona XtraBackup before 2.3.6 and 2.4.x before 2.4.5 does not properly set the initialization vector (IV) for encryption, which makes it easier for context-dependent attackers to obtain sensitive information from encrypted backup files via a Chosen-Plaintext attack. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-6394.
CVE-2016-6214 3 Debian, Libgd, Opensuse 3 Debian Linux, Libgd, Leap 2026-06-17 4.3 MEDIUM 6.5 MEDIUM
gd_tga.c in the GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA file.
CVE-2016-6207 4 Debian, Libgd, Opensuse and 1 more 4 Debian Linux, Libgd, Leap and 1 more 2026-06-17 4.3 MEDIUM 6.5 MEDIUM
Integer overflow in the _gdContributionsAlloc function in gd_interpolation.c in GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds memory write or memory consumption) via unspecified vectors.
CVE-2016-6172 2 Opensuse, Powerdns 3 Leap, Opensuse, Authoritative Server 2026-06-17 7.1 HIGH 6.8 MEDIUM
PowerDNS (aka pdns) Authoritative Server before 4.0.1 allows remote primary DNS servers to cause a denial of service (memory exhaustion and secondary DNS server crash) via a large (1) AXFR or (2) IXFR response.
CVE-2016-6161 3 Debian, Libgd, Opensuse 3 Debian Linux, Libgd, Leap 2026-06-17 4.3 MEDIUM 6.5 MEDIUM
The output function in gd_gif_out.c in the GD Graphics Library (aka libgd) allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted image.
CVE-2016-6153 3 Fedoraproject, Opensuse, Sqlite 3 Fedora, Leap, Sqlite 2026-06-17 4.6 MEDIUM 5.9 MEDIUM
os_unix.c in SQLite before 3.13.0 improperly implements the temporary directory search algorithm, which might allow local users to obtain sensitive information, cause a denial of service (application crash), or have unspecified other impact by leveraging use of the current working directory for temporary files.
CVE-2016-6132 3 Debian, Libgd, Opensuse 3 Debian Linux, Libgd, Leap 2026-06-17 4.3 MEDIUM 6.5 MEDIUM
The gdImageCreateFromTgaCtx function in the GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA file.
CVE-2016-6128 5 Canonical, Debian, Libgd and 2 more 5 Ubuntu Linux, Debian Linux, Libgd and 2 more 2026-06-17 5.0 MEDIUM 7.5 HIGH
The gdImageCropThreshold function in gd_crop.c in the GD Graphics Library (aka libgd) before 2.2.3, as used in PHP before 7.0.9, allows remote attackers to cause a denial of service (application crash) via an invalid color index.
CVE-2016-5772 4 Debian, Opensuse, Php and 1 more 7 Debian Linux, Leap, Opensuse and 4 more 2026-06-17 7.5 HIGH 9.8 CRITICAL
Double free vulnerability in the php_wddx_process_data function in wddx.c in the WDDX extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted XML data that is mishandled in a wddx_deserialize call.
CVE-2016-5771 3 Debian, Opensuse, Php 4 Debian Linux, Leap, Opensuse and 1 more 2026-06-17 7.5 HIGH 9.8 CRITICAL
spl_array.c in the SPL extension in PHP before 5.5.37 and 5.6.x before 5.6.23 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and application crash) via crafted serialized data.
CVE-2016-5770 3 Debian, Opensuse, Php 4 Debian Linux, Leap, Opensuse and 1 more 2026-06-17 7.5 HIGH 9.8 CRITICAL
Integer overflow in the SplFileObject::fread function in spl_directory.c in the SPL extension in PHP before 5.5.37 and 5.6.x before 5.6.23 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large integer argument, a related issue to CVE-2016-5096.
CVE-2016-5759 2 Novell, Opensuse 3 Suse Linux Enterprise Desktop, Suse Linux Enterprise Server, Leap 2026-06-17 6.9 MEDIUM 7.8 HIGH
The mkdumprd script called "dracut" in the current working directory "." allows local users to trick the administrator into executing code as root.
CVE-2016-5746 2 Opensuse, Yast 4 Leap, Libstorage, Libstorage-ng and 1 more 2026-06-17 1.2 LOW 5.1 MEDIUM
libstorage, libstorage-ng, and yast-storage improperly store passphrases for encrypted storage devices in a temporary file on disk, which might allow local users to obtain sensitive information by reading the file, as demonstrated by /tmp/libstorage-XXXXXX/pwdf.
CVE-2016-5739 2 Opensuse, Phpmyadmin 3 Leap, Opensuse, Phpmyadmin 2026-06-17 5.0 MEDIUM 7.5 HIGH
The Transformation implementation in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 does not use the no-referrer Content Security Policy (CSP) protection mechanism, which makes it easier for remote attackers to conduct CSRF attacks by reading an authentication token in a Referer header, related to libraries/Header.php.
CVE-2016-5733 2 Opensuse, Phpmyadmin 3 Leap, Opensuse, Phpmyadmin 2026-06-17 4.3 MEDIUM 6.1 MEDIUM
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) a crafted table name that is mishandled during privilege checking in table_row.phtml, (2) a crafted mysqld log_bin directive that is mishandled in log_selector.phtml, (3) the Transformation implementation, (4) AJAX error handling in js/ajax.js, (5) the Designer implementation, (6) the charts implementation in js/tbl_chart.js, or (7) the zoom-search implementation in rows_zoom.phtml.
CVE-2016-5731 2 Opensuse, Phpmyadmin 3 Leap, Opensuse, Phpmyadmin 2026-06-17 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting (XSS) vulnerability in examples/openid.php in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allows remote attackers to inject arbitrary web script or HTML via vectors involving an OpenID error message.