Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Leap
(Opensuse)| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2015-12-03 | CVE-2015-8076 | The index_urlfetch function in index.c in Cyrus IMAP 2.3.x before 2.3.19, 2.4.x before 2.4.18, 2.5.x before 2.5.4 allows remote attackers to obtain sensitive information or possibly have unspecified other impact via vectors related to the urlfetch range, which triggers an out-of-bounds heap read. | Imap, Leap, Opensuse | N/A | ||
| 2017-03-27 | CVE-2015-8010 | Cross-site scripting (XSS) vulnerability in the Classic-UI with the CSV export link and pagination feature in Icinga before 1.14 allows remote attackers to inject arbitrary web script or HTML via the query string to cgi-bin/status.cgi. | Icinga, Leap, Leap | 6.1 | ||
| 2017-01-30 | CVE-2015-7976 | The ntpq saveconfig command in NTP 4.1.2, 4.2.x before 4.2.8p6, 4.3, 4.3.25, 4.3.70, and 4.3.77 does not properly filter special characters, which allows attackers to cause unspecified impact via a crafted filename. | Suse_openstack_cloud, Ntp, Leap, Opensuse, Linux_enterprise_debuginfo, Linux_enterprise_desktop, Linux_enterprise_server, Manager, Manager_proxy, Suse_linux_enterprise_server | 4.3 | ||
| 2015-11-09 | CVE-2015-7940 | The Bouncy Castle Java library before 1.51 does not validate a point is withing the elliptic curve, which makes it easier for remote attackers to obtain private keys via a series of crafted elliptic curve Diffie Hellman (ECDH) key exchanges, aka an "invalid curve attack." | Bouncy_castle_crypto_package, Leap, Opensuse, Application_testing_suite, Enterprise_manager_ops_center, Peoplesoft_enterprise_peopletools, Virtual_desktop_infrastructure | N/A | ||
| 2016-01-08 | CVE-2015-7758 | Gummi 0.6.5 allows local users to write to arbitrary files via a symlink attack on a temporary dot file that uses the name of an existing file and a (1) .aux, (2) .log, (3) .out, (4) .pdf, or (5) .toc extension for the file name, as demonstrated by .thesis.tex.aux. | Gummi, Leap, Opensuse | 3.3 | ||
| 2015-12-16 | CVE-2015-7223 | The WebExtension APIs in Mozilla Firefox before 43.0 allow remote attackers to gain privileges, and possibly obtain sensitive information or conduct cross-site scripting (XSS) attacks, via a crafted web site. | Fedora, Firefox, Leap, Opensuse | N/A | ||
| 2015-12-16 | CVE-2015-7221 | Buffer overflow in the nsDeque::GrowCapacity function in xpcom/glue/nsDeque.cpp in Mozilla Firefox before 43.0 might allow remote attackers to cause a denial of service or possibly have unspecified other impact by triggering a deque size change. | Fedora, Firefox, Leap, Opensuse | N/A | ||
| 2015-12-16 | CVE-2015-7220 | Buffer overflow in the XDRBuffer::grow function in js/src/vm/Xdr.cpp in Mozilla Firefox before 43.0 might allow remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code. | Fedora, Firefox, Leap, Opensuse | N/A | ||
| 2015-12-16 | CVE-2015-7219 | The HTTP/2 implementation in Mozilla Firefox before 43.0 allows remote attackers to cause a denial of service (integer underflow, assertion failure, and application exit) via a malformed PushPromise frame that triggers decompressed-buffer length miscalculation and incorrect memory allocation. | Fedora, Firefox, Leap, Opensuse | N/A | ||
| 2015-12-16 | CVE-2015-7218 | The HTTP/2 implementation in Mozilla Firefox before 43.0 allows remote attackers to cause a denial of service (integer underflow, assertion failure, and application exit) via a single-byte header frame that triggers incorrect memory allocation. | Fedora, Firefox, Leap, Opensuse | N/A |