Vulnerabilities > Opensuse

DATE CVE VULNERABILITY TITLE RISK
2016-05-22 CVE-2016-4343 Access of Uninitialized Pointer vulnerability in multiple products
The phar_make_dirstream function in ext/phar/dirstream.c in PHP before 5.6.18 and 7.x before 7.0.3 mishandles zero-size ././@LongLink files, which allows remote attackers to cause a denial of service (uninitialized pointer dereference) or possibly have unspecified other impact via a crafted TAR archive.
network
low complexity
php opensuse CWE-824
8.8
2016-05-22 CVE-2016-4342 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
ext/phar/phar_object.c in PHP before 5.5.32, 5.6.x before 5.6.18, and 7.x before 7.0.3 mishandles zero-length uncompressed data, which allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a crafted (1) TAR, (2) ZIP, or (3) PHAR archive.
network
low complexity
opensuse php CWE-119
8.8
2016-05-22 CVE-2015-8866 XXE vulnerability in multiple products
ext/libxml/libxml.c in PHP before 5.5.22 and 5.6.x before 5.6.6, when PHP-FPM is used, does not isolate each thread from libxml_disable_entity_loader changes in other threads, which allows remote attackers to conduct XML External Entity (XXE) and XML Entity Expansion (XEE) attacks via a crafted XML document, a related issue to CVE-2015-5161.
network
low complexity
php canonical suse opensuse CWE-611
critical
9.6
2016-05-20 CVE-2016-4348 Improper Input Validation vulnerability in multiple products
The _rsvg_css_normalize_font_size function in librsvg 2.40.2 allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via circular definitions in an SVG document.
network
low complexity
gnome debian opensuse CWE-20
7.5
2016-05-17 CVE-2016-3705 Improper Input Validation vulnerability in multiple products
The (1) xmlParserEntityCheck and (2) xmlParseAttValueComplex functions in parser.c in libxml2 2.9.3 do not properly keep track of the recursion depth, which allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via a crafted XML document containing a large number of nested entity references.
network
low complexity
canonical xmlsoft debian hp opensuse CWE-20
7.5
2016-05-17 CVE-2016-3627 Uncontrolled Recursion vulnerability in multiple products
The xmlStringGetNodeList function in tree.c in libxml2 2.9.3 and earlier, when used in recovery mode, allows context-dependent attackers to cause a denial of service (infinite recursion, stack consumption, and application crash) via a crafted XML document.
7.5
2016-05-16 CVE-2015-8874 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Stack consumption vulnerability in GD in PHP before 5.6.12 allows remote attackers to cause a denial of service via a crafted imagefilltoborder call.
network
low complexity
opensuse php CWE-119
7.5
2016-05-16 CVE-2015-8873 Improper Input Validation vulnerability in multiple products
Stack consumption vulnerability in Zend/zend_exceptions.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allows remote attackers to cause a denial of service (segmentation fault) via recursive method calls.
network
low complexity
php opensuse CWE-20
7.5
2016-05-16 CVE-2015-4116 Use-after-free vulnerability in the spl_ptr_heap_insert function in ext/spl/spl_heap.c in PHP before 5.5.27 and 5.6.x before 5.6.11 allows remote attackers to execute arbitrary code by triggering a failed SplMinHeap::compare operation.
network
low complexity
opensuse php
critical
9.8
2016-05-14 CVE-2016-1670 Race Condition vulnerability in multiple products
Race condition in the ResourceDispatcherHostImpl::BeginRequest function in content/browser/loader/resource_dispatcher_host_impl.cc in Google Chrome before 50.0.2661.102 allows remote attackers to make arbitrary HTTP requests by leveraging access to a renderer process and reusing a request ID.
network
high complexity
google opensuse debian CWE-362
5.3