Vulnerabilities (CVE)

Filtered by vendor Opensuse Subscribe
Filtered by product Leap
Total 1920 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2016-1646 6 Canonical, Debian, Google and 3 more 10 Ubuntu Linux, Debian Linux, Chrome and 7 more 2026-06-17 9.3 HIGH 8.8 HIGH
The Array.prototype.concat implementation in builtins.cc in Google V8, as used in Google Chrome before 49.0.2623.108, does not properly consider element data types, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via crafted JavaScript code.
CVE-2016-1645 3 Debian, Google, Opensuse 5 Debian Linux, Chrome, Leap and 2 more 2026-06-17 9.3 HIGH 8.8 HIGH
Multiple integer signedness errors in the opj_j2k_update_image_data function in j2k.c in OpenJPEG, as used in PDFium in Google Chrome before 49.0.2623.87, allow remote attackers to cause a denial of service (incorrect cast and out-of-bounds write) or possibly have unspecified other impact via crafted JPEG 2000 data.
CVE-2016-1629 4 Debian, Google, Novell and 1 more 5 Debian Linux, Chrome, Suse Package Hub For Suse Linux Enterprise and 2 more 2026-06-17 10.0 HIGH 9.8 CRITICAL
Google Chrome before 48.0.2564.116 allows remote attackers to bypass the Blink Same Origin Policy and a sandbox protection mechanism via unspecified vectors.
CVE-2016-1572 5 Canonical, Debian, Ecryptfs and 2 more 6 Ubuntu Linux, Debian Linux, Ecryptfs-utils and 3 more 2026-06-17 4.6 MEDIUM 8.4 HIGH
mount.ecryptfs_private.c in eCryptfs-utils does not validate mount destination filesystem types, which allows local users to gain privileges by mounting over a nonstandard filesystem, as demonstrated by /proc/$pid.
CVE-2016-1494 3 Fedoraproject, Opensuse, Python 4 Fedora, Leap, Opensuse and 1 more 2026-06-17 5.0 MEDIUM 5.3 MEDIUM
The verify function in the RSA package for Python (Python-RSA) before 3.3 allows attackers to spoof signatures with a small public exponent via crafted signature padding, aka a BERserk attack.
CVE-2016-1286 7 Canonical, Debian, Fedoraproject and 4 more 47 Ubuntu Linux, Debian Linux, Fedora and 44 more 2026-06-17 5.0 MEDIUM 8.6 HIGH
named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted signature record for a DNAME record, related to db.c and resolver.c.
CVE-2016-1285 7 Canonical, Debian, Fedoraproject and 4 more 47 Ubuntu Linux, Debian Linux, Fedora and 44 more 2026-06-17 4.3 MEDIUM 6.8 MEDIUM
named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 does not properly handle DNAME records when parsing fetch reply messages, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a malformed packet to the rndc (aka control channel) interface, related to alist.c and sexpr.c.
CVE-2016-1254 5 Debian, Fedoraproject, Opensuse and 2 more 6 Debian Linux, Fedora, Leap and 3 more 2026-06-17 5.0 MEDIUM 7.5 HIGH
Tor before 0.2.8.12 might allow remote attackers to cause a denial of service (client crash) via a crafted hidden service descriptor.
CVE-2016-1238 5 Apache, Debian, Fedoraproject and 2 more 5 Spamassassin, Debian Linux, Fedora and 2 more 2026-06-17 7.2 HIGH 7.8 HIGH
(1) cpan/Archive-Tar/bin/ptar, (2) cpan/Archive-Tar/bin/ptardiff, (3) cpan/Archive-Tar/bin/ptargrep, (4) cpan/CPAN/scripts/cpan, (5) cpan/Digest-SHA/shasum, (6) cpan/Encode/bin/enc2xs, (7) cpan/Encode/bin/encguess, (8) cpan/Encode/bin/piconv, (9) cpan/Encode/bin/ucmlint, (10) cpan/Encode/bin/unidump, (11) cpan/ExtUtils-MakeMaker/bin/instmodsh, (12) cpan/IO-Compress/bin/zipdetails, (13) cpan/JSON-PP/bin/json_pp, (14) cpan/Test-Harness/bin/prove, (15) dist/ExtUtils-ParseXS/lib/ExtUtils/xsubpp, (16) dist/Module-CoreList/corelist, (17) ext/Pod-Html/bin/pod2html, (18) utils/c2ph.PL, (19) utils/h2ph.PL, (20) utils/h2xs.PL, (21) utils/libnetcfg.PL, (22) utils/perlbug.PL, (23) utils/perldoc.PL, (24) utils/perlivp.PL, and (25) utils/splain.PL in Perl 5.x before 5.22.3-RC2 and 5.24 before 5.24.1-RC2 do not properly remove . (period) characters from the end of the includes directory array, which might allow local users to gain privileges via a Trojan horse module under the current working directory.
CVE-2016-1234 3 Fedoraproject, Gnu, Opensuse 4 Fedora, Glibc, Leap and 1 more 2026-06-17 5.0 MEDIUM 7.5 HIGH
Stack-based buffer overflow in the glob implementation in GNU C Library (aka glibc) before 2.24, when GLOB_ALTDIRFUNC is used, allows context-dependent attackers to cause a denial of service (crash) via a long name.
CVE-2016-10937 4 Debian, Fedoraproject, Imapfilter Project and 1 more 5 Debian Linux, Fedora, Imapfilter and 2 more 2026-06-17 5.0 MEDIUM 7.5 HIGH
IMAPFilter through 2.6.12 does not validate the hostname in an SSL certificate.
CVE-2016-10739 2 Gnu, Opensuse 2 Glibc, Leap 2026-06-17 4.6 MEDIUM 5.3 MEDIUM
In the GNU C Library (aka glibc or libc6) through 2.28, the getaddrinfo function would successfully parse a string that contained an IPv4 address followed by whitespace and arbitrary characters, which could lead applications to incorrectly assume that it had parsed a valid string, without the possibility of embedded HTTP headers or other potentially dangerous substrings.
CVE-2016-10207 2 Opensuse, Tigervnc 2 Leap, Tigervnc 2026-06-17 5.0 MEDIUM 7.5 HIGH
The Xvnc server in TigerVNC allows remote attackers to cause a denial of service (invalid memory access and crash) by terminating a TLS handshake early.
CVE-2016-10165 6 Canonical, Debian, Littlecms and 3 more 19 Ubuntu Linux, Debian Linux, Little Cms Color Engine and 16 more 2026-06-17 5.8 MEDIUM 7.1 HIGH
The Type_MLU_Read function in cmstypes.c in Little CMS (aka lcms2) allows remote attackers to obtain sensitive information or cause a denial of service via an image with a crafted ICC profile, which triggers an out-of-bounds heap read.
CVE-2016-10070 2 Imagemagick, Opensuse 2 Imagemagick, Leap 2026-06-17 4.3 MEDIUM 5.5 MEDIUM
Heap-based buffer overflow in the CalcMinMax function in coders/mat.c in ImageMagick before 6.9.4-0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted mat file.
CVE-2016-10068 3 Imagemagick, Opensuse, Opensuse Project 3 Imagemagick, Leap, Leap 2026-06-17 4.3 MEDIUM 5.5 MEDIUM
The MSL interpreter in ImageMagick before 6.9.6-4 allows remote attackers to cause a denial of service (segmentation fault and application crash) via a crafted XML file.
CVE-2016-10065 2 Imagemagick, Opensuse 2 Imagemagick, Leap 2026-06-17 6.8 MEDIUM 7.8 HIGH
The ReadVIFFImage function in coders/viff.c in ImageMagick before 7.0.1-0 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file.
CVE-2016-10064 2 Imagemagick, Opensuse 2 Imagemagick, Leap 2026-06-17 6.8 MEDIUM 7.8 HIGH
Buffer overflow in coders/tiff.c in ImageMagick before 6.9.5-1 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file.
CVE-2016-10051 2 Imagemagick, Opensuse 2 Imagemagick, Leap 2026-06-17 6.8 MEDIUM 7.8 HIGH
Use-after-free vulnerability in the ReadPWPImage function in coders/pwp.c in ImageMagick 6.9.5-5 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file.
CVE-2016-10050 2 Imagemagick, Opensuse 2 Imagemagick, Leap 2026-06-17 6.8 MEDIUM 7.8 HIGH
Heap-based buffer overflow in the ReadRLEImage function in coders/rle.c in ImageMagick 6.9.4-8 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted RLE file.