Vulnerabilities (CVE)

Filtered by vendor Opensuse Subscribe
Filtered by product Leap
Total 1920 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2016-0503 4 Canonical, Opensuse, Oracle and 1 more 5 Ubuntu Linux, Leap, Opensuse and 2 more 2026-06-17 4.0 MEDIUM N/A
Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier and 5.7.9 allows remote authenticated users to affect availability via vectors related to DML, a different vulnerability than CVE-2016-0504.
CVE-2016-0502 3 Mariadb, Opensuse, Oracle 4 Mariadb, Leap, Opensuse and 1 more 2026-06-17 4.0 MEDIUM 6.5 MEDIUM
Unspecified vulnerability in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.
CVE-2015-8980 4 Fedoraproject, Opensuse, Php-gettext Project and 1 more 4 Fedora, Leap, Php-gettext and 1 more 2026-06-17 7.5 HIGH 9.8 CRITICAL
The plural form formula in ngettext family of calls in php-gettext before 1.0.12 allows remote attackers to execute arbitrary code.
CVE-2015-8948 3 Canonical, Gnu, Opensuse 4 Ubuntu Linux, Libidn, Leap and 1 more 2026-06-17 5.0 MEDIUM 7.5 HIGH
idn in GNU libidn before 1.33 might allow remote attackers to obtain sensitive memory information by reading a zero byte as input, which triggers an out-of-bounds read.
CVE-2015-8874 2 Opensuse, Php 2 Leap, Php 2026-06-17 5.0 MEDIUM 7.5 HIGH
Stack consumption vulnerability in GD in PHP before 5.6.12 allows remote attackers to cause a denial of service via a crafted imagefilltoborder call.
CVE-2015-8873 2 Opensuse, Php 2 Leap, Php 2026-06-17 5.0 MEDIUM 7.5 HIGH
Stack consumption vulnerability in Zend/zend_exceptions.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allows remote attackers to cause a denial of service (segmentation fault) via recursive method calls.
CVE-2015-8872 3 Canonical, Dosfstools Project, Opensuse 4 Ubuntu Linux, Dosfstools, Leap and 1 more 2026-06-17 2.1 LOW 6.2 MEDIUM
The set_fat function in fat.c in dosfstools before 4.0 might allow attackers to corrupt a FAT12 filesystem or cause a denial of service (invalid memory read and crash) by writing an odd number of clusters to the third to last entry on a FAT12 filesystem, which triggers an "off-by-two error."
CVE-2015-8866 4 Canonical, Opensuse, Php and 1 more 6 Ubuntu Linux, Leap, Opensuse and 3 more 2026-06-17 6.8 MEDIUM 9.6 CRITICAL
ext/libxml/libxml.c in PHP before 5.5.22 and 5.6.x before 5.6.6, when PHP-FPM is used, does not isolate each thread from libxml_disable_entity_loader changes in other threads, which allows remote attackers to conduct XML External Entity (XXE) and XML Entity Expansion (XEE) attacks via a crafted XML document, a related issue to CVE-2015-5161.
CVE-2015-8864 2 Opensuse, Roundcube 4 Leap, Opensuse, Roundcube Webmail and 1 more 2026-06-17 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 1.0.9 and 1.1.x before 1.1.5 allows remote attackers to inject arbitrary web script or HTML via a crafted SVG, a different vulnerability than CVE-2016-4068.
CVE-2015-8863 2 Jq Project, Opensuse 3 Jq, Leap, Opensuse 2026-06-17 10.0 HIGH 9.8 CRITICAL
Off-by-one error in the tokenadd function in jv_parse.c in jq allows remote attackers to cause a denial of service (crash) via a long JSON-encoded number, which triggers a heap-based buffer overflow.
CVE-2015-8805 3 Canonical, Nettle Project, Opensuse 4 Ubuntu Linux, Nettle, Leap and 1 more 2026-06-17 7.5 HIGH 9.8 CRITICAL
The ecc_256_modq function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors, a different vulnerability than CVE-2015-8803.
CVE-2015-8804 3 Canonical, Nettle Project, Opensuse 4 Ubuntu Linux, Nettle, Leap and 1 more 2026-06-17 7.5 HIGH 9.8 CRITICAL
x86_64/ecc-384-modp.asm in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-384 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors.
CVE-2015-8803 3 Canonical, Nettle Project, Opensuse 4 Ubuntu Linux, Nettle, Leap and 1 more 2026-06-17 7.5 HIGH 9.8 CRITICAL
The ecc_256_modp function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors, a different vulnerability than CVE-2015-8805.
CVE-2015-8792 2 Matroska, Opensuse 3 Libmatroska, Leap, Opensuse 2026-06-17 5.0 MEDIUM 5.3 MEDIUM
The KaxInternalBlock::ReadData function in libMatroska before 1.4.4 allows context-dependent attackers to obtain sensitive information from process heap memory via crafted EBML lacing, which triggers an invalid memory access.
CVE-2015-8631 5 Debian, Mit, Opensuse and 2 more 11 Debian Linux, Kerberos 5, Leap and 8 more 2026-06-17 4.0 MEDIUM 6.5 MEDIUM
Multiple memory leaks in kadmin/server/server_stubs.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 allow remote authenticated users to cause a denial of service (memory consumption) via a request specifying a NULL principal name.
CVE-2015-8629 5 Debian, Mit, Opensuse and 2 more 12 Debian Linux, Kerberos 5, Leap and 9 more 2026-06-17 2.1 LOW 5.3 MEDIUM
The xdr_nullstring function in lib/kadm5/kadm_rpc_xdr.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 does not verify whether '\0' characters exist as expected, which allows remote authenticated users to obtain sensitive information or cause a denial of service (out-of-bounds read) via a crafted string.
CVE-2015-8618 2 Golang, Opensuse 2 Go, Leap 2026-06-17 5.0 MEDIUM 7.5 HIGH
The Int.Exp Montgomery code in the math/big library in Go 1.5.x before 1.5.3 mishandles carry propagation and produces incorrect output, which makes it easier for attackers to obtain private RSA keys via unspecified vectors.
CVE-2015-8614 2 Claws-mail, Opensuse 3 Claws-mail, Leap, Opensuse 2026-06-17 7.5 HIGH 7.3 HIGH
Multiple stack-based buffer overflows in the (1) conv_jistoeuc, (2) conv_euctojis, and (3) conv_sjistoeuc functions in codeconv.c in Claws Mail before 3.13.1 allow remote attackers to have unspecified impact via a crafted email, involving Japanese character set conversion.
CVE-2015-8567 6 Canonical, Debian, Fedoraproject and 3 more 10 Ubuntu Linux, Debian Linux, Fedora and 7 more 2026-06-17 6.8 MEDIUM 7.7 HIGH
Memory leak in net/vmxnet3.c in QEMU allows remote attackers to cause a denial of service (memory consumption).
CVE-2015-8547 2 Opensuse, Quassel-irc 3 Leap, Opensuse, Quassel 2026-06-17 5.0 MEDIUM 7.5 HIGH
The CoreUserInputHandler::doMode function in core/coreuserinputhandler.cpp in Quassel 0.10.0 allows remote attackers to cause a denial of service (application crash) via the "/op *" command in a query.