Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Leap
(Opensuse)| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2016-07-05 | CVE-2016-4956 | ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (interleaved-mode transition and time change) via a spoofed broadcast packet. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-1548. | Suse_manager, Ntp, Leap, Opensuse, Solaris, Simatic_net_cp_443\-1_opc_ua_firmware, Linux_enterprise_desktop, Linux_enterprise_server, Manager_proxy, Openstack_cloud | 5.3 | ||
| 2016-07-05 | CVE-2016-4954 | The process_packet function in ntp_proto.c in ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (peer-variable modification) by sending spoofed packets from many source IP addresses in a certain scenario, as demonstrated by triggering an incorrect leap indication. | Ntp, Leap, Opensuse, Solaris, Simatic_net_cp_443\-1_opc_ua_firmware, Tim_4r\-Ie_dnp3_firmware, Tim_4r\-Ie_firmware, Linux_enterprise_desktop, Linux_enterprise_server, Manager, Manager_proxy, Openstack_cloud | 7.5 | ||
| 2016-07-19 | CVE-2016-5387 | The Apache HTTP Server through 2.4.23 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue. NOTE: the vendor states "This mitigation has been assigned the identifier CVE-2016-5387"; in other words, this... | Http_server, Ubuntu_linux, Debian_linux, Fedora, System_management_homepage, Leap, Opensuse, Communications_user_data_repository, Enterprise_manager_ops_center, Linux, Solaris, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_tus, Enterprise_linux_workstation, Jboss_core_services, Jboss_enterprise_web_server, Jboss_web_server | 8.1 | ||
| 2015-07-23 | CVE-2015-1283 | Multiple integer overflows in the XML_GetBuffer function in Expat through 2.1.0, as used in Google Chrome before 44.0.2403.89 and other products, allow remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted XML data, a related issue to CVE-2015-2716. | Ubuntu_linux, Debian_linux, Chrome, Libexpat, Leap, Opensuse, Solaris, Python, Linux_enterprise_debuginfo, Linux_enterprise_desktop, Linux_enterprise_server, Linux_enterprise_software_development_kit, Studio_onsite | N/A | ||
| 2015-12-03 | CVE-2015-8077 | Integer overflow in the index_urlfetch function in imap/index.c in Cyrus IMAP 2.3.19, 2.4.18, and 2.5.6 allows remote attackers to have unspecified impact via vectors related to urlfetch range checks and the start_octet variable. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-8076. | Imap, Leap, Opensuse | N/A | ||
| 2015-12-03 | CVE-2015-8078 | Integer overflow in the index_urlfetch function in imap/index.c in Cyrus IMAP 2.3.19, 2.4.18, and 2.5.6 allows remote attackers to have unspecified impact via vectors related to urlfetch range checks and the section_offset variable. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-8076. | Imap, Leap, Opensuse | N/A | ||
| 2015-12-06 | CVE-2015-3195 | The ASN1_TFLG_COMBINE implementation in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zh, 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1q, and 1.0.2 before 1.0.2e mishandles errors caused by malformed X509_ATTRIBUTE data, which allows remote attackers to obtain sensitive information from process memory by triggering a decoding failure in a PKCS#7 or CMS application. | Mac_os_x, Ubuntu_linux, Debian_linux, Fedora, Openssl, Leap, Opensuse, Api_gateway, Communications_webrtc_session_controller, Exalogic_infrastructure, Http_server, Integrated_lights_out_manager_firmware, Life_sciences_data_hub, Linux, Solaris, Sun_ray_software, Transportation_management, Vm_server, Vm_virtualbox, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_tus, Enterprise_linux_workstation, Linux_enterprise_server | 5.3 | ||
| 2016-01-27 | CVE-2015-8618 | The Int.Exp Montgomery code in the math/big library in Go 1.5.x before 1.5.3 mishandles carry propagation and produces incorrect output, which makes it easier for attackers to obtain private RSA keys via unspecified vectors. | Go, Leap | 7.5 | ||
| 2016-02-12 | CVE-2016-2329 | libavcodec/tiff.c in FFmpeg before 2.8.6 does not properly validate RowsPerStrip values and YCbCr chrominance subsampling factors, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via a crafted TIFF file, related to the tiff_decode_tag and decode_frame functions. | Ffmpeg, Leap | 8.8 | ||
| 2016-02-21 | CVE-2016-1629 | Google Chrome before 48.0.2564.116 allows remote attackers to bypass the Blink Same Origin Policy and a sandbox protection mechanism via unspecified vectors. | Debian_linux, Chrome, Suse_package_hub_for_suse_linux_enterprise, Leap, Opensuse | 9.8 |