Leap

DATE	CVE	VULNERABILITY TITLE	RISK
2017-02-03	CVE-2016-2318	NULL Pointer Dereference vulnerability in multiple products GraphicsMagick 1.3.23 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted SVG file, related to the (1) DrawImage function in magick/render.c, (2) SVGStartElement function in coders/svg.c, and (3) TraceArcPath function in magick/render.c. local low complexity graphicsmagick debian suse opensuse CWE-476	5.5
2017-02-03	CVE-2016-2317	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Multiple buffer overflows in GraphicsMagick 1.3.23 allow remote attackers to cause a denial of service (crash) via a crafted SVG file, related to the (1) TracePoint function in magick/render.c, (2) GetToken function in magick/utility.c, and (3) GetTransformTokens function in coders/svg.c. local low complexity graphicsmagick debian suse opensuse CWE-119	5.5
2017-01-30	CVE-2015-7976	7PK - Security Features vulnerability in multiple products The ntpq saveconfig command in NTP 4.1.2, 4.2.x before 4.2.8p6, 4.3, 4.3.25, 4.3.70, and 4.3.77 does not properly filter special characters, which allows attackers to cause unspecified impact via a crafted filename. network low complexity ntp suse novell opensuse CWE-254	4.3
2017-01-20	CVE-2016-9436	Improper Input Validation vulnerability in multiple products parsetagx.c in w3m before 0.5.3+git20161009 does not properly initialize values, which allows remote attackers to crash the application via a crafted html file, related to a <i> tag. network low complexity opensuse-project opensuse tats CWE-20	6.5
2017-01-20	CVE-2016-9435	Improper Input Validation vulnerability in multiple products The HTMLtagproc1 function in file.c in w3m before 0.5.3+git20161009 does not properly initialize values, which allows remote attackers to crash the application via a crafted html file, related to <dd> tags. network low complexity opensuse-project opensuse tats CWE-20	6.5
2016-12-23	CVE-2016-7787	Code Injection vulnerability in multiple products A maliciously crafted command line for kdesu can result in the user only seeing part of the commands that will actually get executed as super user. network low complexity kde opensuse CWE-94	4.9
2016-12-23	CVE-2016-2312	7PK - Security Features vulnerability in multiple products Turning all screens off in Plasma-workspace and kscreenlocker while the lock screen is shown can result in the screen being unlocked when turning a screen on again. low complexity kde fedoraproject opensuse CWE-254	6.8
2016-12-12	CVE-2016-9427	Integer Overflow or Wraparound vulnerability in multiple products Integer overflow vulnerability in bdwgc before 2016-09-27 allows attackers to cause client of bdwgc denial of service (heap buffer overflow crash) and possibly execute arbitrary code via huge allocation. network low complexity bdwgc-project debian opensuse CWE-190 critical	9.8
2016-12-10	CVE-2016-7995	Missing Release of Resource after Effective Lifetime vulnerability in multiple products Memory leak in the ehci_process_itd function in hw/usb/hcd-ehci.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption) via a large number of crafted buffer page select (PG) indexes. local low complexity qemu opensuse CWE-772	6.0
2016-12-10	CVE-2016-7994	Missing Release of Resource after Effective Lifetime vulnerability in multiple products Memory leak in the virtio_gpu_resource_create_2d function in hw/display/virtio-gpu.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption) via a large number of VIRTIO_GPU_CMD_RESOURCE_CREATE_2D commands. local low complexity qemu opensuse CWE-772	6.0