Leap

DATE	CVE	VULNERABILITY TITLE	RISK
2017-03-24	CVE-2017-5337	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Multiple heap-based buffer overflows in the read_attribute function in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allow remote attackers to have unspecified impact via a crafted OpenPGP certificate. network low complexity opensuse gnu CWE-119 critical	9.8
2017-03-24	CVE-2017-5336	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Stack-based buffer overflow in the cdk_pk_get_keyid function in lib/opencdk/pubkey.c in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allows remote attackers to have unspecified impact via a crafted OpenPGP certificate. network low complexity opensuse gnu CWE-119 critical	9.8
2017-03-24	CVE-2017-5335	Out-of-bounds Read vulnerability in multiple products The stream reading functions in lib/opencdk/read-packet.c in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allow remote attackers to cause a denial of service (out-of-memory error and crash) via a crafted OpenPGP certificate. network low complexity opensuse gnu CWE-125	7.5
2017-03-24	CVE-2017-5334	Double Free vulnerability in multiple products Double free vulnerability in the gnutls_x509_ext_import_proxy function in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allows remote attackers to have unspecified impact via crafted policy language information in an X.509 certificate with a Proxy Certificate Information extension. network low complexity opensuse gnu CWE-415 critical	9.8
2017-03-24	CVE-2016-7797	7PK - Security Features vulnerability in multiple products Pacemaker before 1.1.15, when using pacemaker remote, might allow remote attackers to cause a denial of service (node disconnection) via an unauthenticated connection. network low complexity clusterlabs suse opensuse-project opensuse redhat CWE-254	7.5
2017-03-23	CVE-2016-9399	Reachable Assertion vulnerability in multiple products The calcstepsizes function in jpc_dec.c in JasPer 1.900.22 allows remote attackers to cause a denial of service (assertion failure) via unspecified vectors. network low complexity jasper-project fedoraproject opensuse CWE-617	7.5
2017-03-23	CVE-2016-9398	Reachable Assertion vulnerability in multiple products The jpc_floorlog2 function in jpc_math.c in JasPer before 1.900.17 allows remote attackers to cause a denial of service (assertion failure) via unspecified vectors. network low complexity jasper-project fedoraproject suse opensuse CWE-617	7.5
2017-03-23	CVE-2016-10051	Use After Free vulnerability in multiple products Use-after-free vulnerability in the ReadPWPImage function in coders/pwp.c in ImageMagick 6.9.5-5 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file. local low complexity imagemagick opensuse CWE-416	7.8
2017-03-23	CVE-2016-10050	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Heap-based buffer overflow in the ReadRLEImage function in coders/rle.c in ImageMagick 6.9.4-8 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted RLE file. local low complexity imagemagick opensuse CWE-119	7.8
2017-03-23	CVE-2016-6225	Inadequate Encryption Strength vulnerability in multiple products xbcrypt in Percona XtraBackup before 2.3.6 and 2.4.x before 2.4.5 does not properly set the initialization vector (IV) for encryption, which makes it easier for context-dependent attackers to obtain sensitive information from encrypted backup files via a Chosen-Plaintext attack. network high complexity percona opensuse fedoraproject CWE-326	5.9