OpenSuse
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in OpenSuse.
By the Year
In 2025 there have been 0 vulnerabilities in OpenSuse. Opensuse did not have any published security vulnerabilities last year.
Year | Vulnerabilities | Average Score |
---|---|---|
2025 | 0 | 0.00 |
2024 | 0 | 0.00 |
2023 | 0 | 0.00 |
2022 | 0 | 0.00 |
2021 | 0 | 0.00 |
2020 | 2 | 6.65 |
2019 | 3 | 6.10 |
2018 | 1 | 8.80 |
It may take a day or so for new Opensuse vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent OpenSuse Security Vulnerabilities
The compile_branch function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code, cause a denial of service (out-of-bounds heap read and crash), or possibly have other unspecified impact via a regular expression with a group containing a forward reference repeated a large number of times within a repeated outer group
CVE-2015-2325
7.8 - High
- January 14, 2020
The compile_branch function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code, cause a denial of service (out-of-bounds heap read and crash), or possibly have other unspecified impact via a regular expression with a group containing a forward reference repeated a large number of times within a repeated outer group that has a zero minimum quantifier.
Out-of-bounds Read
The pcre_compile2 function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code
CVE-2015-2326
5.5 - Medium
- January 14, 2020
The pcre_compile2 function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code and cause a denial of service (out-of-bounds read) via regular expression with a group containing both a forward referencing subroutine call and a recursive back reference, as demonstrated by "((?+1)(\1))/".
Out-of-bounds Read
Docker Engine before 1.8.3 and CS Docker Engine before 1.6.2-CS7 does not properly validate and extract the manifest object from its JSON representation during a pull, which
CVE-2014-8179
7.5 - High
- December 17, 2019
Docker Engine before 1.8.3 and CS Docker Engine before 1.6.2-CS7 does not properly validate and extract the manifest object from its JSON representation during a pull, which allows attackers to inject new attributes in a JSON object and bypass pull-by-digest validation.
Improper Input Validation
Docker Engine before 1.8.3 and CS Docker Engine before 1.6.2-CS7 do not use a globally unique identifier to store image layers, which makes it easier for attackers to poison the image cache
CVE-2014-8178
5.5 - Medium
- December 17, 2019
Docker Engine before 1.8.3 and CS Docker Engine before 1.6.2-CS7 do not use a globally unique identifier to store image layers, which makes it easier for attackers to poison the image cache via a crafted image in pull or push commands.
Improper Input Validation
Horde Groupware Web mail 5.1.2 has CSRF with requests to change permissions
CVE-2013-6365
5.3 - Medium
- November 05, 2019
Horde Groupware Web mail 5.1.2 has CSRF with requests to change permissions
Session Riding
Heap-based buffer overflow in the JPEG2000 image tile decoder in OpenJPEG before 1.5.2
CVE-2014-0158
8.8 - High
- April 10, 2018
Heap-based buffer overflow in the JPEG2000 image tile decoder in OpenJPEG before 1.5.2 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file because of incorrect j2k_decode, j2k_read_eoc, and tcd_decode_tile interaction, a related issue to CVE-2013-6045. NOTE: this is not a duplicate of CVE-2013-1447, because the scope of CVE-2013-1447 was specifically defined in http://openwall.com/lists/oss-security/2013/12/04/6 as only "null pointer dereferences, division by zero, and anything that would just fit as DoS."
Buffer Overflow
Array index error in the scanstring function in the _json module in Python 2.7 through 3.5 and simplejson before 2.6.1
CVE-2014-4616
5.9 - Medium
- August 24, 2017
Array index error in the scanstring function in the _json module in Python 2.7 through 3.5 and simplejson before 2.6.1 allows context-dependent attackers to read arbitrary process memory via a negative index value in the idx argument to the raw_decode function.
out-of-bounds array index
The ".encfs6.xml" configuration file in encfs before 1.7.5
CVE-2014-3462
7.5 - High
- August 07, 2017
The ".encfs6.xml" configuration file in encfs before 1.7.5 allows remote attackers to access sensitive data by setting "blockMACBytes" to 0 and adding 8 to "blockMACRandBytes".
Information Disclosure
LibTIFF 4.0.3 allows remote attackers to cause a denial of service (out-of-bounds read and crash)
CVE-2014-8127
6.5 - Medium
- June 26, 2017
LibTIFF 4.0.3 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted TIFF image to the (1) checkInkNamesString function in tif_dir.c in the thumbnail tool, (2) compresscontig function in tiff2bw.c in the tiff2bw tool, (3) putcontig8bitCIELab function in tif_getimage.c in the tiff2rgba tool, LZWPreDecode function in tif_lzw.c in the (4) tiff2ps or (5) tiffdither tool, (6) NeXTDecode function in tif_next.c in the tiffmedian tool, or (7) TIFFWriteDirectoryTagLongLong8Array function in tif_dirwrite.c in the tiffset tool.
Out-of-bounds Read
inftrees.c in zlib 1.2.8 might
CVE-2016-9840
8.8 - High
- May 23, 2017
inftrees.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.
inffast.c in zlib 1.2.8 might
CVE-2016-9841
9.8 - Critical
- May 23, 2017
inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.
The inflateMark function in inflate.c in zlib 1.2.8 might
CVE-2016-9842
8.8 - High
- May 23, 2017
The inflateMark function in inflate.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving left shifts of negative integers.
The crc32_big function in crc32.c in zlib 1.2.8 might
CVE-2016-9843
9.8 - Critical
- May 23, 2017
The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving big-endian CRC calculation.
Memory leak in net/vmxnet3.c in QEMU
CVE-2015-8567
7.7 - High
- April 13, 2017
Memory leak in net/vmxnet3.c in QEMU allows remote attackers to cause a denial of service (memory consumption).
Memory Leak
Blkid in util-linux before 2.26rc-1
CVE-2014-9114
7.8 - High
- March 31, 2017
Blkid in util-linux before 2.26rc-1 allows local users to execute arbitrary code.
Command Injection
Memory leak in ImageMagick
CVE-2014-9848
7.5 - High
- March 20, 2017
Memory leak in ImageMagick allows remote attackers to cause a denial of service (memory consumption).
Resource Management Errors
distribute-cache.c in ImageMagick re-uses objects after they have been destroyed, which
CVE-2014-9852
9.8 - Critical
- March 17, 2017
distribute-cache.c in ImageMagick re-uses objects after they have been destroyed, which allows remote attackers to have unspecified impact via unspecified vectors.
Improper Control of Dynamically-Managed Code Resources
Memory leak in coders/rle.c in ImageMagick
CVE-2014-9853
5.5 - Medium
- March 17, 2017
Memory leak in coders/rle.c in ImageMagick allows remote attackers to cause a denial of service (memory consumption) via a crafted rle file.
Resource Management Errors
coders/tiff.c in ImageMagick
CVE-2014-9854
7.5 - High
- March 17, 2017
coders/tiff.c in ImageMagick allows remote attackers to cause a denial of service (application crash) via vectors related to the "identification of image."
Resource Management Errors
The AcquireQuantumPixels function in MagickCore/quantum.c in ImageMagick before 7.0.3-1
CVE-2016-8677
8.8 - High
- February 15, 2017
The AcquireQuantumPixels function in MagickCore/quantum.c in ImageMagick before 7.0.3-1 allows remote attackers to have unspecified impact via a crafted image file, which triggers a memory allocation failure.
The AcquireMagickMemory function in MagickCore/memory.c in ImageMagick 7.0.3.3 before 7.0.3.8
CVE-2016-8866
8.8 - High
- February 15, 2017
The AcquireMagickMemory function in MagickCore/memory.c in ImageMagick 7.0.3.3 before 7.0.3.8 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation failure. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8862.
Buffer Overflow
Integer overflow vulnerability in bdwgc before 2016-09-27
CVE-2016-9427
9.8 - Critical
- December 12, 2016
Integer overflow vulnerability in bdwgc before 2016-09-27 allows attackers to cause client of bdwgc denial of service (heap buffer overflow crash) and possibly execute arbitrary code via huge allocation.
Buffer Overflow
The parse_string function in cjson.c in the cJSON library mishandles UTF8/16 strings, which
CVE-2016-4303
9.8 - Critical
- September 26, 2016
The parse_string function in cjson.c in the cJSON library mishandles UTF8/16 strings, which allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a non-hex character in a JSON string, which triggers a heap-based buffer overflow.
Classic Buffer Overflow
idn in libidn before 1.33 might
CVE-2016-6262
7.5 - High
- September 07, 2016
idn in libidn before 1.33 might allow remote attackers to obtain sensitive memory information by reading a zero byte as input, which triggers an out-of-bounds read, a different vulnerability than CVE-2015-8948.
Out-of-bounds Read
idn in GNU libidn before 1.33 might
CVE-2015-8948
7.5 - High
- September 07, 2016
idn in GNU libidn before 1.33 might allow remote attackers to obtain sensitive memory information by reading a zero byte as input, which triggers an out-of-bounds read.
Out-of-bounds Read
Integer overflow in the SplFileObject::fread function in spl_directory.c in the SPL extension in PHP before 5.5.37 and 5.6.x before 5.6.23
CVE-2016-5770
9.8 - Critical
- August 07, 2016
Integer overflow in the SplFileObject::fread function in spl_directory.c in the SPL extension in PHP before 5.5.37 and 5.6.x before 5.6.23 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large integer argument, a related issue to CVE-2016-5096.
Integer Overflow or Wraparound
spl_array.c in the SPL extension in PHP before 5.5.37 and 5.6.x before 5.6.23 improperly interacts with the unserialize implementation and garbage collection, which
CVE-2016-5771
9.8 - Critical
- August 07, 2016
spl_array.c in the SPL extension in PHP before 5.5.37 and 5.6.x before 5.6.23 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and application crash) via crafted serialized data.
Dangling pointer
Double free vulnerability in the php_wddx_process_data function in wddx.c in the WDDX extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted XML data
CVE-2016-5772
9.8 - Critical
- August 07, 2016
Double free vulnerability in the php_wddx_process_data function in wddx.c in the WDDX extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted XML data that is mishandled in a wddx_deserialize call.
Double-free
The Apache HTTP Server through 2.4.23 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might
CVE-2016-5387
8.1 - High
- July 19, 2016
The Apache HTTP Server through 2.4.23 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue. NOTE: the vendor states "This mitigation has been assigned the identifier CVE-2016-5387"; in other words, this is not a CVE ID for a vulnerability.
ntpd in NTP 4.x before 4.2.8p8
CVE-2016-4953
7.5 - High
- July 05, 2016
ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (ephemeral-association demobilization) by sending a spoofed crypto-NAK packet with incorrect authentication data at a certain time.
authentification
The process_packet function in ntp_proto.c in ntpd in NTP 4.x before 4.2.8p8
CVE-2016-4954
7.5 - High
- July 05, 2016
The process_packet function in ntp_proto.c in ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (peer-variable modification) by sending spoofed packets from many source IP addresses in a certain scenario, as demonstrated by triggering an incorrect leap indication.
Race Condition
ntpd in NTP 4.x before 4.2.8p8, when autokey is enabled
CVE-2016-4955
5.9 - Medium
- July 05, 2016
ntpd in NTP 4.x before 4.2.8p8, when autokey is enabled, allows remote attackers to cause a denial of service (peer-variable clearing and association outage) by sending (1) a spoofed crypto-NAK packet or (2) a packet with an incorrect MAC value at a certain time.
Race Condition
ntpd in NTP 4.x before 4.2.8p8
CVE-2016-4956
5.3 - Medium
- July 05, 2016
ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (interleaved-mode transition and time change) via a spoofed broadcast packet. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-1548.
ntpd in NTP before 4.2.8p8 allows remote attackers to cause a denial of service (daemon crash) via a crypto-NAK packet
CVE-2016-4957
7.5 - High
- July 05, 2016
ntpd in NTP before 4.2.8p8 allows remote attackers to cause a denial of service (daemon crash) via a crypto-NAK packet. NOTE: this vulnerability exists because of an incorrect fix for CVE-2016-1547.
NULL Pointer Dereference
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier
CVE-2016-4156
8.8 - High
- June 16, 2016
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier
CVE-2016-4148
8.8 - High
- June 16, 2016
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier
CVE-2016-4147
8.8 - High
- June 16, 2016
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier
CVE-2016-4146
8.8 - High
- June 16, 2016
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier
CVE-2016-4145
8.8 - High
- June 16, 2016
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier
CVE-2016-4144
8.8 - High
- June 16, 2016
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier
CVE-2016-4143
8.8 - High
- June 16, 2016
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier
CVE-2016-4142
8.8 - High
- June 16, 2016
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier
CVE-2016-4141
8.8 - High
- June 16, 2016
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier
CVE-2016-4140
8.8 - High
- June 16, 2016
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier
CVE-2016-4139
8.8 - High
- June 16, 2016
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier
CVE-2016-4138
9.8 - Critical
- June 16, 2016
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier
CVE-2016-4137
8.8 - High
- June 16, 2016
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier
CVE-2016-4122
8.8 - High
- June 16, 2016
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.
Memory Corruption
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier
CVE-2016-4151
8.8 - High
- June 16, 2016
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.
Memory Corruption
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier
CVE-2016-4136
8.8 - High
- June 16, 2016
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier
CVE-2016-4135
8.8 - High
- June 16, 2016
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier
CVE-2016-4134
8.8 - High
- June 16, 2016
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier
CVE-2016-4133
8.8 - High
- June 16, 2016
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier
CVE-2016-4132
8.8 - High
- June 16, 2016
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier
CVE-2016-4131
8.8 - High
- June 16, 2016
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier
CVE-2016-4155
8.8 - High
- June 16, 2016
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.
Memory Corruption
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier
CVE-2016-4154
8.8 - High
- June 16, 2016
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.
Memory Corruption
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier
CVE-2016-4153
8.8 - High
- June 16, 2016
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.
Memory Corruption
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier
CVE-2016-4152
8.8 - High
- June 16, 2016
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.
Memory Corruption
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier
CVE-2016-4150
8.8 - High
- June 16, 2016
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.
Memory Corruption
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier
CVE-2016-4149
8.8 - High
- June 16, 2016
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.
Object Type Confusion
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier
CVE-2016-4129
8.8 - High
- June 16, 2016
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.
Memory Corruption
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier
CVE-2016-4128
8.8 - High
- June 16, 2016
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.
Memory Corruption
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier
CVE-2016-4124
8.8 - High
- June 16, 2016
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.
Memory Corruption
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier
CVE-2016-4125
8.8 - High
- June 16, 2016
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.
Memory Corruption
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier
CVE-2016-4127
8.8 - High
- June 16, 2016
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.
Memory Corruption
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier
CVE-2016-4130
8.8 - High
- June 16, 2016
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.
Memory Corruption
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier
CVE-2016-4171
9.8 - Critical
- June 16, 2016
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier allows remote attackers to execute arbitrary code via unknown vectors, as exploited in the wild in June 2016.
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier
CVE-2016-4123
8.8 - High
- June 16, 2016
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.
Memory Corruption
Off-by-one error in the append_utf8_value function in the DN decoder (dn.c) in Libksba before 1.3.4
CVE-2016-4574
7.5 - High
- June 13, 2016
Off-by-one error in the append_utf8_value function in the DN decoder (dn.c) in Libksba before 1.3.4 allows remote attackers to cause a denial of service (out-of-bounds read) via invalid utf-8 encoded data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-4356.
Numeric Errors
Heap-based buffer overflow in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2
CVE-2016-2819
8.8 - High
- June 13, 2016
Heap-based buffer overflow in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allows remote attackers to execute arbitrary code via foreign-context HTML5 fragments, as demonstrated by fragments within an SVG element.
Buffer Overflow
Use-after-free vulnerability in the mozilla::dom::Element class in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2, when contenteditable mode is enabled, allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) by triggering deletion of DOM elements
CVE-2016-2821
7.5 - High
- June 13, 2016
Use-after-free vulnerability in the mozilla::dom::Element class in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2, when contenteditable mode is enabled, allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) by triggering deletion of DOM elements that were created in the editor.
Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2
CVE-2016-2822
6.5 - Medium
- June 13, 2016
Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allow remote attackers to spoof the address bar via a SELECT element with a persistent menu.
Authorization
The TSymbolTableLevel class in ANGLE, as used in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 on Windows, allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact by triggering use of a WebGL shader
CVE-2016-2824
8.8 - High
- June 13, 2016
The TSymbolTableLevel class in ANGLE, as used in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 on Windows, allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact by triggering use of a WebGL shader that writes to an array.
Buffer Overflow
Use-after-free vulnerability in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allows remote attackers to execute arbitrary code via WebGL content
CVE-2016-2828
8.8 - High
- June 13, 2016
Use-after-free vulnerability in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allows remote attackers to execute arbitrary code via WebGL content that triggers texture access after destruction of the texture's recycle pool.
Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 do not ensure
CVE-2016-2831
8.8 - High
- June 13, 2016
Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 do not ensure that the user approves the fullscreen and pointerlock settings, which allows remote attackers to cause a denial of service (UI outage), or conduct clickjacking or spoofing attacks, via a crafted web site.
7PK - Security Features
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 47.0
CVE-2016-2815
8.8 - High
- June 13, 2016
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 47.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
Buffer Overflow
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2
CVE-2016-2818
8.8 - High
- June 13, 2016
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
Buffer Overflow
Mozilla Network Security Services (NSS) before 3.23, as used in Mozilla Firefox before 47.0
CVE-2016-2834
8.8 - High
- June 13, 2016
Mozilla Network Security Services (NSS) before 3.23, as used in Mozilla Firefox before 47.0, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors.
Stack-based buffer overflow in the clntudp_call function in sunrpc/clnt_udp.c in the GNU C Library (aka glibc or libc6)
CVE-2016-4429
5.9 - Medium
- June 10, 2016
Stack-based buffer overflow in the clntudp_call function in sunrpc/clnt_udp.c in the GNU C Library (aka glibc or libc6) allows remote servers to cause a denial of service (crash) or possibly unspecified other impact via a flood of crafted ICMP and UDP packets.
Memory Corruption
The OpenBlob function in blob.c in GraphicsMagick before 1.3.24 and ImageMagick
CVE-2016-5118
9.8 - Critical
- June 10, 2016
The OpenBlob function in blob.c in GraphicsMagick before 1.3.24 and ImageMagick allows remote attackers to execute arbitrary code via a | (pipe) character at the start of a filename.
Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in the GNU C Library (aka glibc or libc6)
CVE-2016-3706
7.5 - High
- June 10, 2016
Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in the GNU C Library (aka glibc or libc6) allows remote attackers to cause a denial of service (crash) via vectors involving hostent conversion. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4458.
Improper Input Validation
The smartcard interaction in SPICE
CVE-2016-0749
9.8 - Critical
- June 09, 2016
The smartcard interaction in SPICE allows remote attackers to cause a denial of service (QEMU-KVM process crash) or possibly execute arbitrary code via vectors related to connecting to a guest VM, which triggers a heap-based buffer overflow.
Buffer Overflow
The read_boot function in boot.c in dosfstools before 4.0
CVE-2016-4804
6.2 - Medium
- June 03, 2016
The read_boot function in boot.c in dosfstools before 4.0 allows attackers to cause a denial of service (crash) via a crafted filesystem, which triggers a heap-based buffer overflow in the (1) read_fat function or an out-of-bounds heap read in (2) get_fat function.
Buffer Overflow
The set_fat function in fat.c in dosfstools before 4.0 might
CVE-2015-8872
6.2 - Medium
- June 03, 2016
The set_fat function in fat.c in dosfstools before 4.0 might allow attackers to corrupt a FAT12 filesystem or cause a denial of service (invalid memory read and crash) by writing an odd number of clusters to the third to last entry on a FAT12 filesystem, which triggers an "off-by-two error."
Numeric Errors
Stack-based buffer overflow in the glob implementation in GNU C Library (aka glibc) before 2.24, when GLOB_ALTDIRFUNC is used
CVE-2016-1234
7.5 - High
- June 01, 2016
Stack-based buffer overflow in the glob implementation in GNU C Library (aka glibc) before 2.24, when GLOB_ALTDIRFUNC is used, allows context-dependent attackers to cause a denial of service (crash) via a long name.
Buffer Overflow
libcontainer/user/user.go in runC before 0.1.0, as used in Docker before 1.11.2, improperly treats a numeric UID as a potential username, which
CVE-2016-3697
7.8 - High
- June 01, 2016
libcontainer/user/user.go in runC before 0.1.0, as used in Docker before 1.11.2, improperly treats a numeric UID as a potential username, which allows local users to gain privileges via a numeric username in the password file in a container.
Permissions, Privileges, and Access Controls
Expat allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code
CVE-2016-0718
9.8 - Critical
- May 26, 2016
Expat allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a malformed input document, which triggers a buffer overflow.
Buffer Overflow
ext/libxml/libxml.c in PHP before 5.5.22 and 5.6.x before 5.6.6, when PHP-FPM is used, does not isolate each thread from libxml_disable_entity_loader changes in other threads, which
CVE-2015-8866
9.6 - Critical
- May 22, 2016
ext/libxml/libxml.c in PHP before 5.5.22 and 5.6.x before 5.6.6, when PHP-FPM is used, does not isolate each thread from libxml_disable_entity_loader changes in other threads, which allows remote attackers to conduct XML External Entity (XXE) and XML Entity Expansion (XEE) attacks via a crafted XML document, a related issue to CVE-2015-5161.
XXE
The exif_process_TIFF_in_JPEG function in ext/exif/exif.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 does not validate TIFF start data, which
CVE-2016-4544
9.8 - Critical
- May 22, 2016
The exif_process_TIFF_in_JPEG function in ext/exif/exif.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 does not validate TIFF start data, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via crafted header data.
Buffer Overflow
Integer overflow in the str_pad function in ext/standard/string.c in PHP before 7.0.4
CVE-2016-4346
9.8 - Critical
- May 22, 2016
Integer overflow in the str_pad function in ext/standard/string.c in PHP before 7.0.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a long string, leading to a heap-based buffer overflow.
Integer Overflow or Wraparound
The phar_make_dirstream function in ext/phar/dirstream.c in PHP before 5.6.18 and 7.x before 7.0.3 mishandles zero-size
CVE-2016-4343
8.8 - High
- May 22, 2016
The phar_make_dirstream function in ext/phar/dirstream.c in PHP before 5.6.18 and 7.x before 7.0.3 mishandles zero-size ././@LongLink files, which allows remote attackers to cause a denial of service (uninitialized pointer dereference) or possibly have unspecified other impact via a crafted TAR archive.
Access of Uninitialized Pointer
The Zone::New function in zone.cc in Google V8 before 5.0.71.47, as used in Google Chrome before 50.0.2661.102, does not properly determine when to expand certain memory allocations, which
CVE-2016-1669
8.8 - High
- May 14, 2016
The Zone::New function in zone.cc in Google V8 before 5.0.71.47, as used in Google Chrome before 50.0.2661.102, does not properly determine when to expand certain memory allocations, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via crafted JavaScript code.
Buffer Overflow
Adobe Flash Player 21.0.0.226 and earlier
CVE-2016-4117
9.8 - Critical
- May 11, 2016
Adobe Flash Player 21.0.0.226 and earlier allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in May 2016.
The (1) HTTP and (2) FTP coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1
CVE-2016-3718
5.5 - Medium
- May 05, 2016
The (1) HTTP and (2) FTP coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted image.
SSRF
The (1) EPHEMERAL, (2) HTTPS, (3) MVG, (4) MSL, (5) TEXT, (6) SHOW, (7) WIN, and (8) PLT coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1
CVE-2016-3714
8.4 - High
- May 05, 2016
The (1) EPHEMERAL, (2) HTTPS, (3) MVG, (4) MSL, (5) TEXT, (6) SHOW, (7) WIN, and (8) PLT coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to execute arbitrary code via shell metacharacters in a crafted image, aka "ImageTragick."
Improper Input Validation