Vulnerabilities > Opensuse

DATE CVE VULNERABILITY TITLE RISK
2017-02-03 CVE-2016-10165 Out-of-bounds Read vulnerability in multiple products
The Type_MLU_Read function in cmstypes.c in Little CMS (aka lcms2) allows remote attackers to obtain sensitive information or cause a denial of service via an image with a crafted ICC profile, which triggers an out-of-bounds heap read. 		7.1
7.1
2017-02-03 CVE-2016-8569 NULL Pointer Dereference vulnerability in multiple products
The git_oid_nfmt function in commit.c in libgit2 before 0.24.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via a cat-file command with a crafted object file. 		5.5
5.5
2017-02-03 CVE-2016-8568 Out-of-bounds Read vulnerability in multiple products
The git_commit_message function in oid.c in libgit2 before 0.24.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a cat-file command with a crafted object file. 		5.5
5.5
2017-02-03 CVE-2016-5241 Numeric Errors vulnerability in multiple products
magick/render.c in GraphicsMagick before 1.3.24 allows remote attackers to cause a denial of service (arithmetic exception and application crash) via a crafted svg file.
local
low complexity
graphicsmagick debian opensuse CWE-189
5.5
5.5
2017-02-03 CVE-2016-2318 NULL Pointer Dereference vulnerability in multiple products
GraphicsMagick 1.3.23 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted SVG file, related to the (1) DrawImage function in magick/render.c, (2) SVGStartElement function in coders/svg.c, and (3) TraceArcPath function in magick/render.c.
local
low complexity
graphicsmagick debian suse opensuse CWE-476
5.5
5.5
2017-02-03 CVE-2016-2317 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Multiple buffer overflows in GraphicsMagick 1.3.23 allow remote attackers to cause a denial of service (crash) via a crafted SVG file, related to the (1) TracePoint function in magick/render.c, (2) GetToken function in magick/utility.c, and (3) GetTransformTokens function in coders/svg.c.
local
low complexity
graphicsmagick debian suse opensuse CWE-119
5.5
5.5
2017-01-30 CVE-2015-7976 7PK - Security Features vulnerability in multiple products
The ntpq saveconfig command in NTP 4.1.2, 4.2.x before 4.2.8p6, 4.3, 4.3.25, 4.3.70, and 4.3.77 does not properly filter special characters, which allows attackers to cause unspecified impact via a crafted filename.
network
low complexity
ntp suse novell opensuse CWE-254
4.3
4.3
2017-01-27 CVE-2016-9453 Out-of-bounds Write vulnerability in multiple products
The t2p_readwrite_pdf_image_tile function in LibTIFF allows remote attackers to cause a denial of service (out-of-bounds write and crash) or possibly execute arbitrary code via a JPEG file with a TIFFTAG_JPEGTABLES of length one.
local
low complexity
libtiff opensuse debian CWE-787
7.8
7.8
2017-01-27 CVE-2016-9448 NULL Pointer Dereference vulnerability in multiple products
The TIFFFetchNormalTag function in LibTiff 4.0.6 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) by setting the tags TIFF_SETGET_C16ASCII or TIFF_SETGET_C32_ASCII to values that access 0-byte arrays.
network
low complexity
libtiff opensuse CWE-476
7.5
7.5
2017-01-20 CVE-2016-9436 Improper Input Validation vulnerability in multiple products
parsetagx.c in w3m before 0.5.3+git20161009 does not properly initialize values, which allows remote attackers to crash the application via a crafted html file, related to a <i> tag.
network
low complexity
opensuse-project opensuse tats CWE-20
6.5
6.5