|
2017-04-12
|
CVE-2016-9957
|
Stack-based buffer overflow in game-music-emu before 0.6.1.
|
Game\-Music\-Emu, Leap, Opensuse, Leap, Linux_enterprise, Linux_enterprise_desktop, Linux_enterprise_software_development_kit, Linux_enterprise_workstation_extension, Suse_linux_enterprise_server
|
7.8
|
|
|
|
2017-04-12
|
CVE-2016-9958
|
game-music-emu before 0.6.1 allows remote attackers to write to arbitrary memory locations.
|
Game\-Music\-Emu, Leap, Opensuse, Leap, Linux_enterprise, Linux_enterprise_desktop, Linux_enterprise_software_development_kit, Linux_enterprise_workstation_extension, Suse_linux_enterprise_server
|
7.8
|
|
|
|
2017-04-12
|
CVE-2016-9959
|
game-music-emu before 0.6.1 allows remote attackers to generate out of bounds 8-bit values.
|
Game\-Music\-Emu, Leap, Opensuse, Leap, Linux_enterprise, Linux_enterprise_desktop, Linux_enterprise_software_development_kit, Linux_enterprise_workstation_extension, Suse_linux_enterprise_server
|
7.8
|
|
|
|
2018-03-01
|
CVE-2017-14804
|
The build package before 20171128 did not check directory names during extraction of build results that allowed untrusted builds to write outside of the target system,allowing escape out of buildroots.
|
Leap, Linux_enterprise_software_development_kit
|
5.3
|
|
|
|
2019-06-19
|
CVE-2019-11038
|
When using the gdImageCreateFromXbm() function in the GD Graphics Library (aka LibGD) 2.2.5, as used in the PHP GD extension in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6, it is possible to supply data that will cause the function to use the value of uninitialized variable. This may lead to disclosing contents of the stack that has been left there by previous code.
|
Ubuntu_linux, Debian_linux, Fedora, Libgd, Leap, Php, Enterprise_linux, Software_collections, Linux_enterprise_debuginfo, Linux_enterprise_desktop, Linux_enterprise_server, Linux_enterprise_software_development_kit, Linux_enterprise_workstation_extension
|
5.3
|
|
|
|
2015-04-01
|
CVE-2015-2808
|
The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic that occasionally relies on keys affected by the Invariance Weakness, and then using a brute-force approach involving LSB values, aka the "Bar Mitzvah" issue.
|
Ubuntu_linux, Debian_linux, Sparc_enterprise_m3000_firmware, Sparc_enterprise_m4000_firmware, Sparc_enterprise_m5000_firmware, Sparc_enterprise_m8000_firmware, Sparc_enterprise_m9000_firmware, 9700_firmware, E6000_firmware, E9000_firmware, Oceanstor_18500_firmware, Oceanstor_18800_firmware, Oceanstor_18800f_firmware, Oceanstor_9000_firmware, Oceanstor_cse_firmware, Oceanstor_hvs85t_firmware, Oceanstor_replicationdirector, Oceanstor_s2600t_firmware, Oceanstor_s5500t_firmware, Oceanstor_s5600t_firmware, Oceanstor_s5800t_firmware, Oceanstor_s6800t_firmware, Oceanstor_vis6600t_firmware, Policy_center, Quidway_s9300_firmware, S12700_firmware, S2700_firmware, S2750_firmware, S3700_firmware, S5700ei_firmware, S5700hi_firmware, S5700li_firmware, S5700s\-Li_firmware, S5700si_firmware, S5710ei_firmware, S5710hi_firmware, S5720ei_firmware, S5720hi_firmware, S6700_firmware, S7700_firmware, Smc2\.0, Te60_firmware, Ultravr, Cognos_metrics_manager, Opensuse, Communications_application_session_controller, Communications_policy_management, Http_server, Integrated_lights_out_manager_firmware, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_tus, Enterprise_linux_workstation, Satellite, Linux_enterprise_debuginfo, Linux_enterprise_desktop, Linux_enterprise_server, Linux_enterprise_software_development_kit, Manager
|
N/A
|
|
|
|
2016-06-10
|
CVE-2016-5118
|
The OpenBlob function in blob.c in GraphicsMagick before 1.3.24 and ImageMagick allows remote attackers to execute arbitrary code via a | (pipe) character at the start of a filename.
|
Ubuntu_linux, Debian_linux, Graphicsmagick, Imagemagick, Leap, Opensuse, Linux, Solaris, Linux_enterprise_debuginfo, Linux_enterprise_desktop, Linux_enterprise_server, Linux_enterprise_software_development_kit, Linux_enterprise_workstation_extension, Studio_onsite
|
9.8
|
|
|
|
2016-04-08
|
CVE-2016-2315
|
revision.c in git before 2.7.4 uses an incorrect integer data type, which allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, leading to a heap-based buffer overflow.
|
Git, Leap, Opensuse, Linux_enterprise_debuginfo, Linux_enterprise_server, Linux_enterprise_software_development_kit, Openstack_cloud, Suse_linux_enterprise_server
|
9.8
|
|
|
|
2016-04-08
|
CVE-2016-2324
|
Integer overflow in Git before 2.7.4 allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, which triggers a heap-based buffer overflow.
|
Git, Leap, Opensuse, Linux_enterprise_debuginfo, Linux_enterprise_server, Linux_enterprise_software_development_kit, Openstack_cloud, Suse_linux_enterprise_server
|
9.8
|
|
|
|
2016-04-13
|
CVE-2016-3630
|
The binary delta decoder in Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a (1) clone, (2) push, or (3) pull command, related to (a) a list sizing rounding error and (b) short records.
|
Debian_linux, Fedora, Mercurial, Leap, Opensuse, Linux_enterprise_debuginfo, Linux_enterprise_software_development_kit
|
8.8
|
|
|