Aggregates CVE and security vulnerability intelligence across all opensuse_project-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Historical issues mainly involve vendor risk input validation, vendor risk memory corruption, and vendor risk cross-site scripting and related problems; some flaws may lead to vendor impact memory corruption.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2014-9849 | The png coder in ImageMagick allows remote attackers to cause a denial of service (crash). | [email protected] | 7.5 | 3.62% | 2017-03-20 | 2026-06-16 |
| CVE-2014-9848 | Memory leak in ImageMagick allows remote attackers to cause a denial of service (memory consumption). | [email protected] | 7.5 | 3.66% | 2017-03-20 | 2026-06-16 |
| CVE-2014-9847 | The jng decoder in ImageMagick 6.8.9.9 allows remote attackers to have an unspecified impact. | [email protected] | 9.8 | 4.58% | 2017-03-20 | 2026-06-16 |
| CVE-2014-9846 | Buffer overflow in the ReadRLEImage function in coders/rle.c in ImageMagick 6.8.9.9 allows remote attackers to have unspecified impact. | [email protected] | 9.8 | 4.89% | 2017-03-20 | 2026-06-16 |
| CVE-2014-9845 | The ReadDIBImage function in coders/dib.c in ImageMagick allows remote attackers to cause a denial of service (crash) via a corrupted dib file. | [email protected] | 5.5 | 1.95% | 2017-03-20 | 2026-06-16 |
| CVE-2014-9844 | The ReadRLEImage function in coders/rle.c in ImageMagick 6.8.9.9 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted image file. | [email protected] | 5.5 | 2.06% | 2017-03-20 | 2026-06-16 |
| CVE-2014-9843 | The DecodePSDPixels function in coders/psd.c in ImageMagick 6.8.9.9 allows remote attackers to have unspecified impact via unknown vectors. | [email protected] | 9.8 | 3.86% | 2017-03-20 | 2026-06-16 |
| CVE-2014-9842 | Memory leak in the ReadPSDLayers function in coders/psd.c in ImageMagick 6.8.9.9 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors. | [email protected] | 7.5 | 3.62% | 2017-03-20 | 2026-06-16 |
| CVE-2014-9841 | The ReadPSDLayers function in coders/psd.c in ImageMagick 6.8.9.9 allows remote attackers to have unspecified impact via unknown vectors, related to "throwing of exceptions." | [email protected] | 9.8 | 3.86% | 2017-03-20 | 2026-06-16 |
| CVE-2014-9853 | Memory leak in coders/rle.c in ImageMagick allows remote attackers to cause a denial of service (memory consumption) via a crafted rle file. | [email protected] | 5.5 | 1.82% | 2017-03-17 | 2026-06-16 |
| CVE-2017-5938 | Cross-site scripting (XSS) vulnerability in the nav_path function in lib/viewvc.py in ViewVC before 1.0.14 and 1.1.x before 1.1.26 allows remote attackers to inject arbitrary web script or HTML via the nav_data name. | [email protected] | 6.1 | 1.32% | 2017-03-15 | 2026-06-16 |
| CVE-2016-10069 | coders/mat.c in ImageMagick before 6.9.4-5 allows remote attackers to cause a denial of service (application crash) via a mat file with an invalid number of frames. | [email protected] | 5.5 | 1.88% | 2017-03-02 | 2026-06-16 |
| CVE-2016-10068 | The MSL interpreter in ImageMagick before 6.9.6-4 allows remote attackers to cause a denial of service (segmentation fault and application crash) via a crafted XML file. | [email protected] | 5.5 | 1.89% | 2017-03-02 | 2026-06-16 |
| CVE-2016-9436 | parsetagx.c in w3m before 0.5.3+git20161009 does not properly initialize values, which allows remote attackers to crash the application via a crafted html file, related to a <i> tag. | [email protected] | 6.5 | 3.35% | 2017-01-20 | 2026-06-16 |
| CVE-2016-9435 | The HTMLtagproc1 function in file.c in w3m before 0.5.3+git20161009 does not properly initialize values, which allows remote attackers to crash the application via a crafted html file, related to <dd> tags. | [email protected] | 6.5 | 3.35% | 2017-01-20 | 2026-06-16 |
| CVE-2016-5317 | Buffer overflow in the PixarLogDecode function in libtiff.so in the PixarLogDecode function in libtiff 4.0.6 and earlier, as used in GNOME nautilus, allows attackers to cause a denial of service attack (crash) via a crafted TIFF file. | [email protected] | 6.5 | 1.96% | 2017-01-20 | 2026-06-16 |
| CVE-2016-5316 | Out-of-bounds read in the PixarLogCleanup function in tif_pixarlog.c in libtiff 4.0.6 and earlier allows remote attackers to crash the application by sending a crafted TIFF image to the rgb2ycbcr tool. | [email protected] | 6.5 | 2.18% | 2017-01-20 | 2026-06-16 |
| CVE-2015-5218 | Buffer overflow in text-utils/colcrt.c in colcrt in util-linux before 2.27 allows local users to cause a denial of service (crash) via a crafted file, related to the page global variable. | [email protected] | 2.1 | 0.61% | 2015-11-09 | 2026-06-16 |
| CVE-2014-0481 | The default configuration for the file upload handling system in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3 uses a sequential file name generation process when a file with a conflicting name is uploaded, which allows remote attackers to cause a denial of service (CPU consumption) by unloading a multiple files with the same name. | [email protected] | 4.3 | 2.45% | 2014-08-26 | 2026-06-16 |
| CVE-2014-4258 | Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier and 5.6.17 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to SRINFOSC. | [email protected] | 6.5 | 3.48% | 2014-07-17 | 2026-06-16 |