Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Leap
(Opensuse)Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2016-09-11 | CVE-2016-5166 | The download implementation in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not properly restrict saving a file:// URL that is referenced by an http:// URL, which makes it easier for user-assisted remote attackers to discover NetNTLM hashes and conduct SMB relay attacks via a crafted web page that is accessed with the "Save page as" menu choice. | Chrome, Leap | 3.1 | ||
2016-09-11 | CVE-2016-5167 | Multiple unspecified vulnerabilities in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | Chrome, Leap | 8.8 | ||
2016-09-22 | CVE-2016-6265 | Use-after-free vulnerability in the pdf_load_xref function in pdf/pdf-xref.c in MuPDF allows remote attackers to cause a denial of service (crash) via a crafted PDF file. | Mupdf, Leap, Opensuse | 5.5 | ||
2016-09-26 | CVE-2016-5746 | libstorage, libstorage-ng, and yast-storage improperly store passphrases for encrypted storage devices in a temporary file on disk, which might allow local users to obtain sensitive information by reading the file, as demonstrated by /tmp/libstorage-XXXXXX/pwdf. | Leap, Libstorage, Libstorage\-Ng, Yast\-Storage | 5.1 | ||
2016-09-26 | CVE-2016-6153 | os_unix.c in SQLite before 3.13.0 improperly implements the temporary directory search algorithm, which might allow local users to obtain sensitive information, cause a denial of service (application crash), or have unspecified other impact by leveraging use of the current working directory for temporary files. | Fedora, Leap, Sqlite | 5.9 | ||
2017-02-03 | CVE-2016-8568 | The git_commit_message function in oid.c in libgit2 before 0.24.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a cat-file command with a crafted object file. | Fedora, Libgit2, Leap, Opensuse, Linux_enterprise | 5.5 | ||
2017-02-03 | CVE-2016-8569 | The git_oid_nfmt function in commit.c in libgit2 before 0.24.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via a cat-file command with a crafted object file. | Fedora, Libgit2, Leap, Opensuse, Linux_enterprise | 5.5 | ||
2017-03-03 | CVE-2016-7969 | The wrap_lines_smart function in ass_render.c in libass before 0.13.4 allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors, related to "0/3 line wrapping equalization." | Fedora, Libass, Leap, Opensuse | 7.5 | ||
2017-03-03 | CVE-2016-7972 | The check_allocations function in libass/ass_shaper.c in libass before 0.13.4 allows remote attackers to cause a denial of service (memory allocation failure) via unspecified vectors. | Fedora, Libass, Leap, Opensuse | 7.5 | ||
2017-03-23 | CVE-2016-6225 | xbcrypt in Percona XtraBackup before 2.3.6 and 2.4.x before 2.4.5 does not properly set the initialization vector (IV) for encryption, which makes it easier for context-dependent attackers to obtain sensitive information from encrypted backup files via a Chosen-Plaintext attack. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-6394. | Fedora, Leap, Xtrabackup | 5.9 |