Vulnerabilities > Opensuse > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-04-13 | CVE-2015-8864 | Cross-site Scripting vulnerability in multiple products Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 1.0.9 and 1.1.x before 1.1.5 allows remote attackers to inject arbitrary web script or HTML via a crafted SVG, a different vulnerability than CVE-2016-4068. | 6.1 |
| 2017-03-27 | CVE-2015-8010 | Cross-site Scripting vulnerability in multiple products Cross-site scripting (XSS) vulnerability in the Classic-UI with the CSV export link and pagination feature in Icinga before 1.14 allows remote attackers to inject arbitrary web script or HTML via the query string to cgi-bin/status.cgi. | 6.1 |
| 2017-03-23 | CVE-2016-6225 | Inadequate Encryption Strength vulnerability in multiple products xbcrypt in Percona XtraBackup before 2.3.6 and 2.4.x before 2.4.5 does not properly set the initialization vector (IV) for encryption, which makes it easier for context-dependent attackers to obtain sensitive information from encrypted backup files via a Chosen-Plaintext attack. | 5.9 |
| 2017-03-20 | CVE-2014-9845 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The ReadDIBImage function in coders/dib.c in ImageMagick allows remote attackers to cause a denial of service (crash) via a corrupted dib file. | 5.5 |
| 2017-03-20 | CVE-2014-9844 | Out-of-bounds Read vulnerability in multiple products The ReadRLEImage function in coders/rle.c in ImageMagick 6.8.9.9 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted image file. | 5.5 |
| 2017-03-17 | CVE-2014-9853 | Resource Management Errors vulnerability in multiple products Memory leak in coders/rle.c in ImageMagick allows remote attackers to cause a denial of service (memory consumption) via a crafted rle file. | 5.5 |
| 2017-03-15 | CVE-2017-5938 | Cross-site Scripting vulnerability in multiple products Cross-site scripting (XSS) vulnerability in the nav_path function in lib/viewvc.py in ViewVC before 1.0.14 and 1.1.x before 1.1.26 allows remote attackers to inject arbitrary web script or HTML via the nav_data name. | 6.1 |
| 2017-03-03 | CVE-2016-10070 | Out-of-bounds Read vulnerability in multiple products Heap-based buffer overflow in the CalcMinMax function in coders/mat.c in ImageMagick before 6.9.4-0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted mat file. | 5.5 |
| 2017-03-02 | CVE-2016-10068 | Improper Input Validation vulnerability in multiple products The MSL interpreter in ImageMagick before 6.9.6-4 allows remote attackers to cause a denial of service (segmentation fault and application crash) via a crafted XML file. | 5.5 |
| 2017-03-01 | CVE-2016-9830 | Improper Input Validation vulnerability in multiple products The MagickRealloc function in memory.c in Graphicsmagick 1.3.25 allows remote attackers to cause a denial of service (crash) via large dimensions in a jpeg image. | 5.5 |