Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Leap
(Opensuse)| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2016-04-13 | CVE-2016-3068 | Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a crafted git ext:: URL when cloning a subrepository. | Debian_linux, Fedora, Mercurial, Leap, Opensuse, Enterprise_linux_desktop, Enterprise_linux_hpc_node, Enterprise_linux_hpc_node_eus, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_workstation, Linux_enterprise_debuginfo, Linux_enterprise_software_development_kit | 8.8 | ||
| 2016-04-07 | CVE-2016-2851 | Integer overflow in proto.c in libotr before 4.1.1 on 64-bit platforms allows remote attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via a series of large OTR messages, which triggers a heap-based buffer overflow. | Libotr, Debian_linux, Leap, Opensuse | 9.8 | ||
| 2016-06-13 | CVE-2016-2833 | Mozilla Firefox before 47.0 ignores Content Security Policy (CSP) directives for cross-domain Java applets, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted applet. | Ubuntu_linux, Firefox, Leap, Opensuse | 6.1 | ||
| 2016-06-13 | CVE-2016-2832 | Mozilla Firefox before 47.0 allows remote attackers to discover the list of disabled plugins via a fingerprinting attack involving Cascading Style Sheets (CSS) pseudo-classes. | Ubuntu_linux, Firefox, Leap, Opensuse | 4.3 | ||
| 2016-06-13 | CVE-2016-2829 | Mozilla Firefox before 47.0 allows remote attackers to spoof permission notifications via a crafted web site that rapidly triggers permission requests, as demonstrated by the microphone permission or the geolocation permission. | Ubuntu_linux, Firefox, Leap, Opensuse | 6.5 | ||
| 2016-06-13 | CVE-2016-2825 | Mozilla Firefox before 47.0 allows remote attackers to bypass the Same Origin Policy and modify the location.host property via an invalid data: URL. | Ubuntu_linux, Firefox, Leap, Opensuse | 6.5 | ||
| 2016-04-30 | CVE-2016-2806 | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 46.0 and Firefox ESR 45.x before 45.1 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | Debian_linux, Firefox, Leap, Opensuse, Linux_enterprise | 8.8 | ||
| 2017-04-21 | CVE-2016-2347 | Integer underflow in the decode_level3_header function in lib/lha_file_header.c in Lhasa before 0.3.1 allows remote attackers to execute arbitrary code via a crafted archive. | Debian_linux, Lhasa, Leap, Opensuse | 7.8 | ||
| 2017-02-03 | CVE-2016-2318 | GraphicsMagick 1.3.23 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted SVG file, related to the (1) DrawImage function in magick/render.c, (2) SVGStartElement function in coders/svg.c, and (3) TraceArcPath function in magick/render.c. | Debian_linux, Graphicsmagick, Leap, Opensuse, Linux_enterprise_debuginfo, Linux_enterprise_software_development_kit, Studio_onsite | 5.5 | ||
| 2017-02-03 | CVE-2016-2317 | Multiple buffer overflows in GraphicsMagick 1.3.23 allow remote attackers to cause a denial of service (crash) via a crafted SVG file, related to the (1) TracePoint function in magick/render.c, (2) GetToken function in magick/utility.c, and (3) GetTransformTokens function in coders/svg.c. | Debian_linux, Graphicsmagick, Leap, Opensuse, Linux_enterprise_debuginfo, Linux_enterprise_software_development_kit, Studio_onsite | 5.5 |