Vulnerabilities > Opensuse > Leap
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-11-04 | CVE-2016-8668 | Classic Buffer Overflow vulnerability in multiple products The rocker_io_writel function in hw/net/rocker/rocker.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (out-of-bounds read and QEMU process crash) by leveraging failure to limit DMA buffer size. | 6.0 |
| 2016-11-04 | CVE-2016-8667 | Divide By Zero vulnerability in multiple products The rc4030_write function in hw/dma/rc4030.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (divide-by-zero error and QEMU process crash) via a large interval timer reload value. | 6.0 |
| 2016-11-04 | CVE-2016-8578 | The v9fs_iov_vunmarshal function in fsdev/9p-iov-marshal.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (NULL pointer dereference and QEMU process crash) by sending an empty string parameter to a 9P operation. | 6.0 |
| 2016-11-04 | CVE-2016-8577 | Missing Release of Resource after Effective Lifetime vulnerability in multiple products Memory leak in the v9fs_read function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption) via vectors related to an I/O read operation. | 6.0 |
| 2016-11-04 | CVE-2016-8576 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products The xhci_ring_fetch function in hw/usb/hcd-xhci.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) by leveraging failure to limit the number of link Transfer Request Blocks (TRB) to process. | 6.0 |
| 2016-10-03 | CVE-2016-7141 | Improper Authentication vulnerability in multiple products curl and libcurl before 7.50.2, when built with NSS and the libnsspem.so library is available at runtime, allow remote attackers to hijack the authentication of a TLS connection by leveraging reuse of a previously loaded client certificate from file for a connection for which no certificate has been set, a different vulnerability than CVE-2016-5420. | 7.5 |
| 2016-10-03 | CVE-2016-6905 | Out-of-bounds Read vulnerability in multiple products The read_image_tga function in gd_tga.c in the GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA image. | 6.5 |
| 2016-10-03 | CVE-2013-4118 | NULL Pointer Dereference vulnerability in multiple products FreeRDP before 1.1.0-beta1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via unspecified vectors. | 7.5 |
| 2016-10-03 | CVE-2016-6352 | Out-of-bounds Write vulnerability in multiple products The OneLine32 function in io-ico.c in gdk-pixbuf before 2.35.3 allows remote attackers to cause a denial of service (out-of-bounds write and crash) via crafted dimensions in an ICO file. | 7.5 |
| 2016-10-03 | CVE-2016-7445 | NULL Pointer Dereference vulnerability in multiple products convert.c in OpenJPEG before 2.1.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors involving the variable s. | 7.5 |