Leap

DATE	CVE	VULNERABILITY TITLE	RISK
2016-06-13	CVE-2016-2819	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Heap-based buffer overflow in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allows remote attackers to execute arbitrary code via foreign-context HTML5 fragments, as demonstrated by fragments within an SVG element. network low complexity opensuse mozilla debian canonical CWE-119	8.8
2016-06-13	CVE-2016-2818	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. network low complexity mozilla debian redhat novell opensuse canonical CWE-119	8.8
2016-06-13	CVE-2016-2815	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 47.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. network low complexity mozilla canonical novell opensuse CWE-119	8.8
2016-06-10	CVE-2016-5118	The OpenBlob function in blob.c in GraphicsMagick before 1.3.24 and ImageMagick allows remote attackers to execute arbitrary code via a \| (pipe) character at the start of a filename. network low complexity graphicsmagick suse oracle opensuse canonical debian imagemagick critical	9.8
2016-06-10	CVE-2016-4429	Out-of-bounds Write vulnerability in multiple products Stack-based buffer overflow in the clntudp_call function in sunrpc/clnt_udp.c in the GNU C Library (aka glibc or libc6) allows remote servers to cause a denial of service (crash) or possibly unspecified other impact via a flood of crafted ICMP and UDP packets. network high complexity opensuse gnu canonical CWE-787	5.9
2016-06-09	CVE-2016-2150	Improper Access Control vulnerability in multiple products SPICE allows local guest OS users to read from or write to arbitrary host memory locations via crafted primary surface parameters, a similar issue to CVE-2015-5261. local low complexity redhat opensuse debian spice-project CWE-284	7.1
2016-06-09	CVE-2016-0749	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The smartcard interaction in SPICE allows remote attackers to cause a denial of service (QEMU-KVM process crash) or possibly execute arbitrary code via vectors related to connecting to a guest VM, which triggers a heap-based buffer overflow. network low complexity opensuse debian redhat spice-project CWE-119 critical	9.8
2016-06-05	CVE-2016-1703	Multiple unspecified vulnerabilities in Google Chrome before 51.0.2704.79 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. network low complexity google debian canonical redhat suse opensuse	8.8
2016-06-05	CVE-2016-1702	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The SkRegion::readFromMemory function in core/SkRegion.cpp in Skia, as used in Google Chrome before 51.0.2704.79, does not validate the interval count, which allows remote attackers to cause a denial of service (out-of-bounds read) via crafted serialized data. network low complexity debian canonical redhat suse opensuse google CWE-119	6.5
2016-06-05	CVE-2016-1701	The Autofill implementation in Google Chrome before 51.0.2704.79 mishandles the interaction between field updates and JavaScript code that triggers a frame deletion, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted web site, a different vulnerability than CVE-2016-1690. network low complexity google debian redhat suse opensuse	8.8