Leap

DATE	CVE	VULNERABILITY TITLE	RISK
2016-04-07	CVE-2016-2851	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Integer overflow in proto.c in libotr before 4.1.1 on 64-bit platforms allows remote attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via a series of large OTR messages, which triggers a heap-based buffer overflow. network low complexity debian opensuse cypherpunks CWE-119 critical	9.8
2016-03-29	CVE-2016-1646	Out-of-bounds Read vulnerability in multiple products The Array.prototype.concat implementation in builtins.cc in Google V8, as used in Google Chrome before 49.0.2623.108, does not properly consider element data types, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via crafted JavaScript code. network low complexity debian canonical google opensuse suse redhat CWE-125	8.8
2016-03-26	CVE-2016-3119	The process_db_args function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the LDAP KDB module in kadmind in MIT Kerberos 5 (aka krb5) through 1.13.4 and 1.14.x through 1.14.1 mishandles the DB argument, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request to modify a principal. network high complexity opensuse mit	5.3
2016-03-13	CVE-2016-1645	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Multiple integer signedness errors in the opj_j2k_update_image_data function in j2k.c in OpenJPEG, as used in PDFium in Google Chrome before 49.0.2623.87, allow remote attackers to cause a denial of service (incorrect cast and out-of-bounds write) or possibly have unspecified other impact via crafted JPEG 2000 data. network low complexity google debian opensuse CWE-119	8.8
2016-03-13	CVE-2016-2802	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The graphite2::TtfUtil::CmapSubtable4NextCodepoint function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font. network low complexity mozilla suse opensuse sil oracle CWE-119	8.8
2016-03-13	CVE-2016-2801	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The graphite2::TtfUtil::CmapSubtable12Lookup function in TtfUtil.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font, a different vulnerability than CVE-2016-2797. network low complexity suse opensuse sil oracle mozilla CWE-119	8.8
2016-03-13	CVE-2016-2800	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The graphite2::Slot::getAttr function in Slot.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font, a different vulnerability than CVE-2016-2792. network low complexity mozilla suse opensuse oracle sil CWE-119	8.8
2016-03-13	CVE-2016-2799	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Heap-based buffer overflow in the graphite2::Slot::setAttr function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted Graphite smart font. network low complexity oracle suse opensuse mozilla sil CWE-119	8.8
2016-03-13	CVE-2016-2798	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The graphite2::GlyphCache::Loader::Loader function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font. network low complexity mozilla sil oracle suse opensuse CWE-119	8.8
2016-03-13	CVE-2016-2797	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The graphite2::TtfUtil::CmapSubtable12Lookup function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font, a different vulnerability than CVE-2016-2801. network low complexity oracle mozilla suse opensuse sil CWE-119	8.8