汇总 opensuse_project 相关全部产品的 CVE 与安全漏洞情报,包括 CVSS、EPSS、公开时间与漏洞情报数据。
已披露问题常与 输入验证问题、内存损坏与跨站脚本 相关,可能在 生产负载与软件部署 场景中带来 内存损坏与异常行为 等暴露风险。
相关漏洞数据主要来源于公开漏洞披露与安全公告,可用于评估历史漏洞暴露面与修复优先级。
| CVE | 摘要 | 来源 | 最高 CVSS | EPSS % | 公开时间 | 更新时间 |
|---|---|---|---|---|---|---|
| CVE-2017-17806 | The HMAC implementation (crypto/hmac.c) in the Linux kernel before 4.14.8 does not validate that the underlying cryptographic hash algorithm is unkeyed, allowing a local attacker able to use the AF_ALG-based hash interface (CONFIG_CRYPTO_USER_API_HASH) and the SHA-3 hash algorithm (CONFIG_CRYPTO_SHA3) to cause a kernel stack buffer overflow by executing a crafted sequence of system calls that encounter a missing SHA-3 initialization. | [email protected] | 7.8 | 0.04% | 2017-12-20 | 2026-05-13 |
| CVE-2017-17805 | The Salsa20 encryption algorithm in the Linux kernel before 4.14.8 does not correctly handle zero-length inputs, allowing a local attacker able to use the AF_ALG-based skcipher interface (CONFIG_CRYPTO_USER_API_SKCIPHER) to cause a denial of service (uninitialized-memory free and kernel crash) or have unspecified other impact by executing a crafted sequence of system calls that use the blkcipher_walk API. Both the generic implementation (crypto/salsa20_generic.c) and x86 implementation (arch/x86 | [email protected] | 7.8 | 0.02% | 2017-12-20 | 2026-05-13 |
| CVE-2016-1254 | Tor before 0.2.8.12 might allow remote attackers to cause a denial of service (client crash) via a crafted hidden service descriptor. | [email protected] | 7.5 | 3.04% | 2017-12-05 | 2026-05-13 |
| CVE-2015-3138 | print-wb.c in tcpdump before 4.7.4 allows remote attackers to cause a denial of service (segmentation fault and process crash). | [email protected] | 7.5 | 0.94% | 2017-09-28 | 2026-05-13 |
| CVE-2014-4616 | Array index error in the scanstring function in the _json module in Python 2.7 through 3.5 and simplejson before 2.6.1 allows context-dependent attackers to read arbitrary process memory via a negative index value in the idx argument to the raw_decode function. | [email protected] | 5.9 | 0.38% | 2017-08-24 | 2026-05-13 |
| CVE-2015-3405 | ntp-keygen in ntp 4.2.8px before 4.2.8p2-RC2 and 4.3.x before 4.3.12 does not generate MD5 keys with sufficient entropy on big endian machines when the lowest order byte of the temp variable is between 0x20 and 0x7f and not #, which might allow remote attackers to obtain the value of generated MD5 keys via a brute force attack with the 93 possible keys. | [email protected] | 7.5 | 16.56% | 2017-08-09 | 2026-05-13 |
| CVE-2015-5203 | Double free vulnerability in the jasper_image_stop_load function in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via a crafted JPEG 2000 image file. | [email protected] | 5.5 | 0.60% | 2017-08-02 | 2026-05-13 |
| CVE-2015-5221 | Use-after-free vulnerability in the mif_process_cmpt function in libjasper/mif/mif_cod.c in the JasPer JPEG-2000 library before 1.900.2 allows remote attackers to cause a denial of service (crash) via a crafted JPEG 2000 image file. | [email protected] | 5.5 | 0.23% | 2017-07-25 | 2026-05-13 |
| CVE-2016-9961 | game-music-emu before 0.6.1 mishandles unspecified integer values. | [email protected] | 9.8 | 2.85% | 2017-06-06 | 2026-05-13 |
| CVE-2016-9960 | game-music-emu before 0.6.1 allows local users to cause a denial of service (divide by zero and process crash). | [email protected] | 5.5 | 0.10% | 2017-06-06 | 2026-05-13 |
| CVE-2016-9959 | game-music-emu before 0.6.1 allows remote attackers to generate out of bounds 8-bit values. | [email protected] | 7.8 | 0.31% | 2017-04-12 | 2026-05-13 |
| CVE-2016-9958 | game-music-emu before 0.6.1 allows remote attackers to write to arbitrary memory locations. | [email protected] | 7.8 | 0.31% | 2017-04-12 | 2026-05-13 |
| CVE-2016-9957 | Stack-based buffer overflow in game-music-emu before 0.6.1. | [email protected] | 7.8 | 0.29% | 2017-04-12 | 2026-05-13 |
| CVE-2017-6542 | The ssh_agent_channel_data function in PuTTY before 0.68 allows remote attackers to have unspecified impact via a large length value in an agent protocol message and leveraging the ability to connect to the Unix-domain socket representing the forwarded agent connection, which trigger a buffer overflow. | [email protected] | 9.8 | 30.63% | 2017-03-27 | 2026-05-13 |
| CVE-2015-8010 | Cross-site scripting (XSS) vulnerability in the Classic-UI with the CSV export link and pagination feature in Icinga before 1.14 allows remote attackers to inject arbitrary web script or HTML via the query string to cgi-bin/status.cgi. | [email protected] | 6.1 | 0.35% | 2017-03-27 | 2026-05-13 |
| CVE-2016-7797 | Pacemaker before 1.1.15, when using pacemaker remote, might allow remote attackers to cause a denial of service (node disconnection) via an unauthenticated connection. | [email protected] | 7.5 | 2.42% | 2017-03-24 | 2026-05-13 |
| CVE-2016-9556 | The IsPixelGray function in MagickCore/pixel-accessor.h in ImageMagick 7.0.3-8 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted image file. | [email protected] | 5.5 | 0.30% | 2017-03-23 | 2026-05-13 |
| CVE-2016-10048 | Directory traversal vulnerability in magick/module.c in ImageMagick 6.9.4-7 allows remote attackers to load arbitrary modules via unspecified vectors. | [email protected] | 7.5 | 3.64% | 2017-03-23 | 2026-05-13 |
| CVE-2014-9851 | ImageMagick 6.8.9.9 allows remote attackers to cause a denial of service (application crash). | [email protected] | 7.5 | 1.94% | 2017-03-20 | 2026-05-13 |
| CVE-2014-9850 | Logic error in ImageMagick 6.8.9.9 allows remote attackers to cause a denial of service (resource consumption). | [email protected] | 7.5 | 2.41% | 2017-03-20 | 2026-05-13 |