This page lists publicly disclosed CVE vulnerabilities affecting opensuse_project leap (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2017-17806 | The HMAC implementation (crypto/hmac.c) in the Linux kernel before 4.14.8 does not validate that the underlying cryptographic hash algorithm is unkeyed, allowing a local attacker able to use the AF_ALG-based hash interface (CONFIG_CRYPTO_USER_API_HASH) and the SHA-3 hash algorithm (CONFIG_CRYPTO_SHA3) to cause a kernel stack buffer overflow by executing a crafted sequence of system calls that encounter a missing SHA-3 initialization. | [email protected] | 7.8 | 0.56% | 2017-12-20 | 2026-05-13 |
| CVE-2017-17805 | The Salsa20 encryption algorithm in the Linux kernel before 4.14.8 does not correctly handle zero-length inputs, allowing a local attacker able to use the AF_ALG-based skcipher interface (CONFIG_CRYPTO_USER_API_SKCIPHER) to cause a denial of service (uninitialized-memory free and kernel crash) or have unspecified other impact by executing a crafted sequence of system calls that use the blkcipher_walk API. Both the generic implementation (crypto/salsa20_generic.c) and x86 implementation (arch/x86 | [email protected] | 7.8 | 0.43% | 2017-12-20 | 2026-05-13 |
| CVE-2016-1254 | Tor before 0.2.8.12 might allow remote attackers to cause a denial of service (client crash) via a crafted hidden service descriptor. | [email protected] | 7.5 | 3.04% | 2017-12-05 | 2026-05-13 |
| CVE-2015-3138 | print-wb.c in tcpdump before 4.7.4 allows remote attackers to cause a denial of service (segmentation fault and process crash). | [email protected] | 7.5 | 2.28% | 2017-09-28 | 2026-05-13 |
| CVE-2015-5203 | Double free vulnerability in the jasper_image_stop_load function in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via a crafted JPEG 2000 image file. | [email protected] | 5.5 | 1.86% | 2017-08-02 | 2026-05-13 |
| CVE-2015-5221 | Use-after-free vulnerability in the mif_process_cmpt function in libjasper/mif/mif_cod.c in the JasPer JPEG-2000 library before 1.900.2 allows remote attackers to cause a denial of service (crash) via a crafted JPEG 2000 image file. | [email protected] | 5.5 | 2.20% | 2017-07-25 | 2026-05-13 |
| CVE-2016-9961 | game-music-emu before 0.6.1 mishandles unspecified integer values. | [email protected] | 9.8 | 4.36% | 2017-06-06 | 2026-05-13 |
| CVE-2016-9960 | game-music-emu before 0.6.1 allows local users to cause a denial of service (divide by zero and process crash). | [email protected] | 5.5 | 0.53% | 2017-06-06 | 2026-05-13 |
| CVE-2016-9959 | game-music-emu before 0.6.1 allows remote attackers to generate out of bounds 8-bit values. | [email protected] | 7.8 | 2.33% | 2017-04-12 | 2026-05-13 |
| CVE-2016-9958 | game-music-emu before 0.6.1 allows remote attackers to write to arbitrary memory locations. | [email protected] | 7.8 | 2.33% | 2017-04-12 | 2026-05-13 |
| CVE-2016-9957 | Stack-based buffer overflow in game-music-emu before 0.6.1. | [email protected] | 7.8 | 1.93% | 2017-04-12 | 2026-05-13 |
| CVE-2017-6542 | The ssh_agent_channel_data function in PuTTY before 0.68 allows remote attackers to have unspecified impact via a large length value in an agent protocol message and leveraging the ability to connect to the Unix-domain socket representing the forwarded agent connection, which trigger a buffer overflow. | [email protected] | 9.8 | 21.82% | 2017-03-27 | 2026-05-13 |
| CVE-2015-8010 | Cross-site scripting (XSS) vulnerability in the Classic-UI with the CSV export link and pagination feature in Icinga before 1.14 allows remote attackers to inject arbitrary web script or HTML via the query string to cgi-bin/status.cgi. | [email protected] | 6.1 | 1.49% | 2017-03-27 | 2026-05-13 |
| CVE-2016-7797 | Pacemaker before 1.1.15, when using pacemaker remote, might allow remote attackers to cause a denial of service (node disconnection) via an unauthenticated connection. | [email protected] | 7.5 | 3.25% | 2017-03-24 | 2026-05-13 |
| CVE-2016-9556 | The IsPixelGray function in MagickCore/pixel-accessor.h in ImageMagick 7.0.3-8 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted image file. | [email protected] | 5.5 | 2.28% | 2017-03-23 | 2026-05-13 |
| CVE-2016-10048 | Directory traversal vulnerability in magick/module.c in ImageMagick 6.9.4-7 allows remote attackers to load arbitrary modules via unspecified vectors. | [email protected] | 7.5 | 6.53% | 2017-03-23 | 2026-05-13 |
| CVE-2014-9851 | ImageMagick 6.8.9.9 allows remote attackers to cause a denial of service (application crash). | [email protected] | 7.5 | 3.63% | 2017-03-20 | 2026-05-13 |
| CVE-2014-9850 | Logic error in ImageMagick 6.8.9.9 allows remote attackers to cause a denial of service (resource consumption). | [email protected] | 7.5 | 3.55% | 2017-03-20 | 2026-05-13 |
| CVE-2014-9849 | The png coder in ImageMagick allows remote attackers to cause a denial of service (crash). | [email protected] | 7.5 | 3.55% | 2017-03-20 | 2026-05-13 |
| CVE-2014-9848 | Memory leak in ImageMagick allows remote attackers to cause a denial of service (memory consumption). | [email protected] | 7.5 | 3.66% | 2017-03-20 | 2026-05-13 |