VYPR

Leap

by OpenSUSE

Source repositories

CVEs (482)

  • CVE-2019-12098HigMay 15, 2019
    risk 0.41cvss 7.4epss 0.02

    In the client side of Heimdal before 7.6.0, failure to verify anonymous PKINIT PA-PKINIT-KX key exchange permits a man-in-the-middle attack. This issue is in krb5_init_creds_step in lib/krb5/init_creds_pw.c.

  • CVE-2016-4068MedApr 13, 2017
    risk 0.40cvss 6.1epss 0.02

    Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 1.0.9 and 1.1.x before 1.1.5 allows remote attackers to inject arbitrary web script or HTML via a crafted SVG, a different vulnerability than CVE-2015-8864.

  • CVE-2015-8010MedMar 27, 2017
    risk 0.40cvss 6.1epss 0.01

    Cross-site scripting (XSS) vulnerability in the Classic-UI with the CSV export link and pagination feature in Icinga before 1.14 allows remote attackers to inject arbitrary web script or HTML via the query string to cgi-bin/status.cgi.

  • CVE-2017-5938MedMar 15, 2017
    risk 0.40cvss 6.1epss 0.01

    Cross-site scripting (XSS) vulnerability in the nav_path function in lib/viewvc.py in ViewVC before 1.0.14 and 1.1.x before 1.1.26 allows remote attackers to inject arbitrary web script or HTML via the nav_data name.

  • CVE-2016-5165MedSep 11, 2016
    risk 0.40cvss 6.1epss 0.01

    Cross-site scripting (XSS) vulnerability in the Developer Tools (aka DevTools) subsystem in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux allows remote attackers to inject arbitrary web script or HTML via the settings parameter in a…

  • CVE-2016-5164MedSep 11, 2016
    risk 0.40cvss 6.1epss 0.01

    Cross-site scripting (XSS) vulnerability in WebKit/Source/platform/v8_inspector/V8Debugger.cpp in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allows remote attackers to inject arbitrary web script or HTML into the…

  • CVE-2016-3992MedJul 26, 2016
    risk 0.40cvss 6.2epss 0.00

    cronic before 3 allows local users to write to arbitrary files via a symlink attack on a (1) cronic.out.$$, (2) cronic.err.$$, or (3) cronic.trace.$$ file in /tmp.

  • CVE-2016-2833MedJun 13, 2016
    risk 0.40cvss 6.1epss 0.01

    Mozilla Firefox before 47.0 ignores Content Security Policy (CSP) directives for cross-domain Java applets, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted applet.

  • CVE-2016-1682MedJun 5, 2016
    risk 0.40cvss 6.1epss 0.01

    The ServiceWorkerContainer::registerServiceWorkerImpl function in WebKit/Source/modules/serviceworkers/ServiceWorkerContainer.cpp in Blink, as used in Google Chrome before 51.0.2704.63, allows remote attackers to bypass the Content Security Policy (CSP) protection mechanism via…

  • CVE-2016-4804MedJun 3, 2016
    risk 0.40cvss 6.2epss 0.00

    The read_boot function in boot.c in dosfstools before 4.0 allows attackers to cause a denial of service (crash) via a crafted filesystem, which triggers a heap-based buffer overflow in the (1) read_fat function or an out-of-bounds heap read in (2) get_fat function.

  • CVE-2016-0640MedApr 21, 2016
    risk 0.40cvss 6.1epss 0.01

    Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect integrity and availability via vectors related to DML.

  • CVE-2016-1652MedApr 18, 2016
    risk 0.40cvss 6.1epss 0.01

    Cross-site scripting (XSS) vulnerability in the ModuleSystem::RequireForJsInner function in extensions/renderer/module_system.cc in the Extensions subsystem in Google Chrome before 50.0.2661.75 allows remote attackers to inject arbitrary web script or HTML via a crafted web…

  • CVE-2015-5969MedApr 8, 2016
    risk 0.40cvss 6.2epss 0.00

    The mysql-systemd-helper script in the mysql-community-server package before 5.6.28-2.17.1 in openSUSE 13.2 and before 5.6.28-13.1 in openSUSE Leap 42.1 and the mariadb package before 10.0.22-2.21.2 in openSUSE 13.2 and before 10.0.22-3.1 in SUSE Linux Enterprise (SLE) 12.1 and…

  • CVE-2016-1937MedJan 31, 2016
    risk 0.40cvss 6.1epss 0.01

    The protocol-handler dialog in Mozilla Firefox before 44.0 allows remote attackers to conduct clickjacking attacks via a crafted web site that triggers a single-click action in a situation where a double-click action was intended.

  • CVE-2016-10165HigFeb 3, 2017
    risk 0.39cvss 7.1epss 0.03

    The Type_MLU_Read function in cmstypes.c in Little CMS (aka lcms2) allows remote attackers to obtain sensitive information or cause a denial of service via an image with a crafted ICC profile, which triggers an out-of-bounds heap read.

  • CVE-2016-7995MedDec 10, 2016
    risk 0.39cvss 6.0epss 0.00

    Memory leak in the ehci_process_itd function in hw/usb/hcd-ehci.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption) via a large number of crafted buffer page select (PG) indexes.

  • CVE-2016-7994MedDec 10, 2016
    risk 0.39cvss 6.0epss 0.00

    Memory leak in the virtio_gpu_resource_create_2d function in hw/display/virtio-gpu.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption) via a large number of VIRTIO_GPU_CMD_RESOURCE_CREATE_2D commands.

  • CVE-2016-7466MedDec 10, 2016
    risk 0.39cvss 6.0epss 0.00

    Memory leak in the usb_xhci_exit function in hw/usb/hcd-xhci.c in QEMU (aka Quick Emulator), when the xhci uses msix, allows local guest OS administrators to cause a denial of service (memory consumption and possibly QEMU process crash) by repeatedly unplugging a USB device.

  • CVE-2016-7422MedDec 10, 2016
    risk 0.39cvss 6.0epss 0.00

    The virtqueue_map_desc function in hw/virtio/virtio.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (NULL pointer dereference and QEMU process crash) via a large I/O descriptor buffer length value.

  • CVE-2016-9106MedDec 9, 2016
    risk 0.39cvss 6.0epss 0.00

    Memory leak in the v9fs_write function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption) by leveraging failure to free an IO vector.

Page 15 of 25