Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Opensuse
(Opensuse)Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2017-02-06 | CVE-2016-7800 | Integer underflow in the parse8BIM function in coders/meta.c in GraphicsMagick 1.3.25 and earlier allows remote attackers to cause a denial of service (application crash) via a crafted 8BIM chunk, which triggers a heap-based buffer overflow. | Debian_linux, Graphicsmagick, Leap, Opensuse | 7.5 | ||
2016-12-23 | CVE-2016-7787 | A maliciously crafted command line for kdesu can result in the user only seeing part of the commands that will actually get executed as super user. | Kde\-Cli\-Tools, Leap, Opensuse | 4.9 | ||
2017-02-06 | CVE-2016-7449 | The TIFFGetField function in coders/tiff.c in GraphicsMagick 1.3.24 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a file containing an "unterminated" string. | Debian_linux, Graphicsmagick, Leap, Opensuse | 7.5 | ||
2017-02-06 | CVE-2016-7448 | The Utah RLE reader in GraphicsMagick before 1.3.25 allows remote attackers to cause a denial of service (CPU consumption or large memory allocations) via vectors involving the header information and the file size. | Debian_linux, Graphicsmagick, Leap, Opensuse | 7.5 | ||
2017-02-06 | CVE-2016-7447 | Heap-based buffer overflow in the EscapeParenthesis function in GraphicsMagick before 1.3.25 allows remote attackers to have unspecified impact via unknown vectors. | Debian_linux, Graphicsmagick, Leap, Opensuse | 9.8 | ||
2017-02-06 | CVE-2016-7446 | Buffer overflow in the MVG and SVG rendering code in GraphicsMagick 1.3.24 allows remote attackers to have unspecified impact via unknown vectors. Note: This vulnerability exists due to an incomplete patch for CVE-2016-2317. | Debian_linux, Graphicsmagick, Leap, Opensuse | 9.8 | ||
2016-10-03 | CVE-2016-6905 | The read_image_tga function in gd_tga.c in the GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA image. | Libgd, Leap, Opensuse | 6.5 | ||
2016-09-26 | CVE-2016-6172 | PowerDNS (aka pdns) Authoritative Server before 4.0.1 allows remote primary DNS servers to cause a denial of service (memory exhaustion and secondary DNS server crash) via a large (1) AXFR or (2) IXFR response. | Leap, Opensuse, Authoritative_server | 6.8 | ||
2016-07-02 | CVE-2016-5739 | The Transformation implementation in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 does not use the no-referrer Content Security Policy (CSP) protection mechanism, which makes it easier for remote attackers to conduct CSRF attacks by reading an authentication token in a Referer header, related to libraries/Header.php. | Leap, Opensuse, Phpmyadmin | 7.5 | ||
2016-07-02 | CVE-2016-5733 | Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) a crafted table name that is mishandled during privilege checking in table_row.phtml, (2) a crafted mysqld log_bin directive that is mishandled in log_selector.phtml, (3) the Transformation implementation, (4) AJAX error handling in js/ajax.js, (5) the Designer... | Leap, Opensuse, Phpmyadmin | 6.1 |