Opensuse: Security Vulnerabilities
The bmp_read_rows function in pngxtern/pngxrbmp.c in OptiPNG before 0.7.6 allows remote attackers to cause a denial of service (invalid memory write and crash) via a series of delta escapes in a crafted BMP image.
CVSS Score
6.5
EPSS Score
0.028
Published
2016-04-13
The PCI backend driver in Xen, when running on an x86 system and using Linux 3.1.x through 4.3.x as the driver domain, allows local guest administrators to hit BUG conditions and cause a denial of service (NULL pointer dereference and host OS crash) by leveraging a system with access to a passed-through MSI or MSI-X capable physical PCI device and a crafted sequence of XEN_PCI_OP_* operations, aka "Linux pciback missing sanity checks."
CVSS Score
6.0
EPSS Score
0.001
Published
2016-04-13
Integer overflow in the getnum function in lua_struct.c in Redis 2.8.x before 2.8.24 and 3.0.x before 3.0.6 allows context-dependent attackers with permission to run Lua code in a Redis session to cause a denial of service (memory corruption and application crash) or possibly bypass intended sandbox restrictions via a large number, which triggers a stack-based buffer overflow.
CVSS Score
7.5
EPSS Score
0.027
Published
2016-04-13
The (1) git-remote-ext and (2) unspecified other remote helper programs in Git before 2.3.10, 2.4.x before 2.4.10, 2.5.x before 2.5.4, and 2.6.x before 2.6.1 do not properly restrict the allowed protocols, which might allow remote attackers to execute arbitrary code via a URL in a (a) .gitmodules file or (b) unknown other sources in a submodule.
CVSS Score
9.8
EPSS Score
0.347
Published
2016-04-13
Multiple unspecified vulnerabilities in the obs-service-extract_file package before 0.3-5.1 in openSUSE Leap 42.1 and before 0.3-3.1 in openSUSE 13.2 allow attackers to execute arbitrary commands via a service definition, related to executing unzip with "illegal options."
CVSS Score
9.8
EPSS Score
0.013
Published
2016-04-13
Salt 2015.8.x before 2015.8.4 does not properly handle clear messages on the minion, which allows man-in-the-middle attackers to execute arbitrary code by inserting packets into the minion-master data stream.
CVSS Score
8.1
EPSS Score
0.009
Published
2016-04-12
Multiple stack-based buffer overflows in the (1) conv_jistoeuc, (2) conv_euctojis, and (3) conv_sjistoeuc functions in codeconv.c in Claws Mail before 3.13.1 allow remote attackers to have unspecified impact via a crafted email, involving Japanese character set conversion.
CVSS Score
7.3
EPSS Score
0.014
Published
2016-04-11
Perl might allow context-dependent attackers to bypass the taint protection mechanism in a child process via duplicate environment variables in envp.
CVSS Score
7.5
EPSS Score
0.18
Published
2016-04-08
The mysql-systemd-helper script in the mysql-community-server package before 5.6.28-2.17.1 in openSUSE 13.2 and before 5.6.28-13.1 in openSUSE Leap 42.1 and the mariadb package before 10.0.22-2.21.2 in openSUSE 13.2 and before 10.0.22-3.1 in SUSE Linux Enterprise (SLE) 12.1 and openSUSE Leap 42.1 allows local users to discover database credentials by listing a process and its arguments.
CVSS Score
6.2
EPSS Score
0.001
Published
2016-04-08
Integer overflow in Git before 2.7.4 allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, which triggers a heap-based buffer overflow.
CVSS Score
9.8
EPSS Score
0.355
Published
2016-04-08