opensuse project

Top products

The 15 most recently published vulnerabilities affecting opensuse project.

• CVE-2017-17806The HMAC implementation (crypto/hmac.c) in the Linux kernel before 4.14.8 does not validate that the underlying cryptographic hash algorithm is unkeyed, allowing a local attacker able to use the AF...7.8Dec 20, 2017
• CVE-2017-17805The Salsa20 encryption algorithm in the Linux kernel before 4.14.8 does not correctly handle zero-length inputs, allowing a local attacker able to use the AF_ALG-based skcipher interface (CONFIG_CR...7.8Dec 20, 2017
• CVE-2016-1254Tor before 0.2.8.12 might allow remote attackers to cause a denial of service (client crash) via a crafted hidden service descriptor.7.5Dec 5, 2017
• CVE-2015-3138print-wb.c in tcpdump before 4.7.4 allows remote attackers to cause a denial of service (segmentation fault and process crash).7.5Sep 27, 2017
• CVE-2014-4616Array index error in the scanstring function in the _json module in Python 2.7 through 3.5 and simplejson before 2.6.1 allows context-dependent attackers to read arbitrary process memory via a nega...5.9Aug 24, 2017
• CVE-2015-3405ntp-keygen in ntp 4.2.8px before 4.2.8p2-RC2 and 4.3.x before 4.3.12 does not generate MD5 keys with sufficient entropy on big endian machines when the lowest order byte of the temp variable is bet...7.5Aug 9, 2017
• CVE-2015-5203Double free vulnerability in the jasper_image_stop_load function in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via a crafted JPEG 2000 image file.5.5Aug 2, 2017
• CVE-2015-5221Use-after-free vulnerability in the mif_process_cmpt function in libjasper/mif/mif_cod.c in the JasPer JPEG-2000 library before 1.900.2 allows remote attackers to cause a denial of service (crash) ...5.5Jul 25, 2017
• CVE-2016-9961game-music-emu before 0.6.1 mishandles unspecified integer values.9.8Jun 6, 2017
• CVE-2016-9960game-music-emu before 0.6.1 allows local users to cause a denial of service (divide by zero and process crash).5.5Jun 6, 2017
• CVE-2016-9959game-music-emu before 0.6.1 allows remote attackers to generate out of bounds 8-bit values.7.8Apr 12, 2017
• CVE-2016-9958game-music-emu before 0.6.1 allows remote attackers to write to arbitrary memory locations.7.8Apr 12, 2017
• CVE-2016-9957Stack-based buffer overflow in game-music-emu before 0.6.1.7.8Apr 12, 2017
• CVE-2017-6542The ssh_agent_channel_data function in PuTTY before 0.68 allows remote attackers to have unspecified impact via a large length value in an agent protocol message and leveraging the ability to conne...9.8Mar 27, 2017
• CVE-2015-8010Cross-site scripting (XSS) vulnerability in the Classic-UI with the CSV export link and pagination feature in Icinga before 1.14 allows remote attackers to inject arbitrary web script or HTML via t...6.1Mar 27, 2017