Leap
by OpenSUSE
Source repositories
CVEs (482)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-5733 | Med | 0.33 | 6.1 | 0.02 | Jul 3, 2016 | Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) a crafted table name that is mishandled during… | ||
| CVE-2016-5731 | Med | 0.33 | 6.1 | 0.02 | Jul 3, 2016 | Cross-site scripting (XSS) vulnerability in examples/openid.php in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allows remote attackers to inject arbitrary web script or HTML via vectors involving an OpenID error message. | ||
| CVE-2016-5705 | Med | 0.33 | 6.1 | 0.01 | Jul 3, 2016 | Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.4.x before 4.4.15.7 and 4.6.x before 4.6.3 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) server-privileges certificate data fields on the user privileges page, (2) an… | ||
| CVE-2016-5701 | Med | 0.33 | 6.1 | 0.02 | Jul 3, 2016 | setup/frames/index.inc.php in phpMyAdmin 4.0.10.x before 4.0.10.16, 4.4.15.x before 4.4.15.7, and 4.6.x before 4.6.3 allows remote attackers to conduct BBCode injection attacks against HTTP sessions via a crafted URI. | ||
| CVE-2015-8872 | Med | 0.33 | 6.2 | 0.00 | Jun 3, 2016 | The set_fat function in fat.c in dosfstools before 4.0 might allow attackers to corrupt a FAT12 filesystem or cause a denial of service (invalid memory read and crash) by writing an odd number of clusters to the third to last entry on a FAT12 filesystem, which triggers an… | ||
| CVE-2016-0641 | Med | 0.33 | 5.1 | 0.01 | Apr 21, 2016 | Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect confidentiality and availability via vectors related to MyISAM. | ||
| CVE-2017-8932 | Med | 0.32 | 5.9 | 0.02 | Jul 6, 2017 | A bug in the standard library ScalarMult implementation of curve P-256 for amd64 architectures in Go before 1.7.6 and 1.8.x before 1.8.2 causes incorrect results to be generated for specific input points. An adaptive attack can be mounted to progressively extract the scalar… | ||
| CVE-2016-7787 | Med | 0.32 | 4.9 | 0.02 | Dec 23, 2016 | A maliciously crafted command line for kdesu can result in the user only seeing part of the commands that will actually get executed as super user. | ||
| CVE-2016-0655 | Med | 0.31 | 4.7 | 0.01 | Apr 21, 2016 | Unspecified vulnerability in Oracle MySQL 5.6.29 and earlier and 5.7.11 and earlier and MariaDB 10.0.x before 10.0.25 and 10.1.x before 10.1.14 allows local users to affect availability via vectors related to InnoDB. | ||
| CVE-2016-0642 | Med | 0.31 | 4.7 | 0.01 | Apr 21, 2016 | Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier allows local users to affect integrity and availability via vectors related to Federated. | ||
| CVE-2016-1947 | Med | 0.31 | 4.7 | 0.02 | Jan 31, 2016 | Mozilla Firefox 43.x mishandles attempts to connect to the Application Reputation service, which makes it easier for remote attackers to trigger an unintended download by leveraging the absence of reputation data. | ||
| CVE-2016-1943 | Med | 0.31 | 4.7 | 0.01 | Jan 31, 2016 | Mozilla Firefox before 44.0 on Android allows remote attackers to spoof the address bar via the scrollTo method. | ||
| CVE-2015-5221 | Med | 0.29 | 5.5 | 0.02 | Jul 25, 2017 | Use-after-free vulnerability in the mif_process_cmpt function in libjasper/mif/mif_cod.c in the JasPer JPEG-2000 library before 1.900.2 allows remote attackers to cause a denial of service (crash) via a crafted JPEG 2000 image file. | ||
| CVE-2016-10070 | Med | 0.29 | 5.5 | 0.02 | Mar 3, 2017 | Heap-based buffer overflow in the CalcMinMax function in coders/mat.c in ImageMagick before 6.9.4-0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted mat file. | ||
| CVE-2016-10069 | Med | 0.29 | 5.5 | 0.02 | Mar 2, 2017 | coders/mat.c in ImageMagick before 6.9.4-5 allows remote attackers to cause a denial of service (application crash) via a mat file with an invalid number of frames. | ||
| CVE-2016-10068 | Med | 0.29 | 5.5 | 0.02 | Mar 2, 2017 | The MSL interpreter in ImageMagick before 6.9.6-4 allows remote attackers to cause a denial of service (segmentation fault and application crash) via a crafted XML file. | ||
| CVE-2016-7170 | Med | 0.29 | 4.4 | 0.00 | Dec 10, 2016 | The vmsvga_fifo_run function in hw/display/vmware_vga.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) via vectors related to cursor.mask[] and cursor.image[] array sizes when processing… | ||
| CVE-2016-9104 | Med | 0.29 | 4.4 | 0.00 | Dec 9, 2016 | Multiple integer overflows in the (1) v9fs_xattr_read and (2) v9fs_xattr_write functions in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allow local guest OS administrators to cause a denial of service (QEMU process crash) via a crafted offset, which triggers an out-of-bounds… | ||
| CVE-2016-2383 | Med | 0.29 | 5.5 | 0.00 | Apr 27, 2016 | The adjust_branches function in kernel/bpf/verifier.c in the Linux kernel before 4.5 does not consider the delta in the backward-jump case, which allows local users to obtain sensitive information from kernel memory by creating a packet filter and then loading crafted BPF… | ||
| CVE-2019-13117 | Med | 0.28 | 5.3 | 0.06 | Jul 1, 2019 | In numbers.c in libxslt 1.1.33, an xsl:number with certain format strings could lead to a uninitialized read in xsltNumberFormatInsertNumbers. This could allow an attacker to discern whether a byte on the stack contains the characters A, a, I, i, or 0, or any other character. |
- risk 0.33cvss 6.1epss 0.02
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) a crafted table name that is mishandled during…
- risk 0.33cvss 6.1epss 0.02
Cross-site scripting (XSS) vulnerability in examples/openid.php in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allows remote attackers to inject arbitrary web script or HTML via vectors involving an OpenID error message.
- risk 0.33cvss 6.1epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.4.x before 4.4.15.7 and 4.6.x before 4.6.3 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) server-privileges certificate data fields on the user privileges page, (2) an…
- risk 0.33cvss 6.1epss 0.02
setup/frames/index.inc.php in phpMyAdmin 4.0.10.x before 4.0.10.16, 4.4.15.x before 4.4.15.7, and 4.6.x before 4.6.3 allows remote attackers to conduct BBCode injection attacks against HTTP sessions via a crafted URI.
- risk 0.33cvss 6.2epss 0.00
The set_fat function in fat.c in dosfstools before 4.0 might allow attackers to corrupt a FAT12 filesystem or cause a denial of service (invalid memory read and crash) by writing an odd number of clusters to the third to last entry on a FAT12 filesystem, which triggers an…
- risk 0.33cvss 5.1epss 0.01
Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect confidentiality and availability via vectors related to MyISAM.
- risk 0.32cvss 5.9epss 0.02
A bug in the standard library ScalarMult implementation of curve P-256 for amd64 architectures in Go before 1.7.6 and 1.8.x before 1.8.2 causes incorrect results to be generated for specific input points. An adaptive attack can be mounted to progressively extract the scalar…
- risk 0.32cvss 4.9epss 0.02
A maliciously crafted command line for kdesu can result in the user only seeing part of the commands that will actually get executed as super user.
- risk 0.31cvss 4.7epss 0.01
Unspecified vulnerability in Oracle MySQL 5.6.29 and earlier and 5.7.11 and earlier and MariaDB 10.0.x before 10.0.25 and 10.1.x before 10.1.14 allows local users to affect availability via vectors related to InnoDB.
- risk 0.31cvss 4.7epss 0.01
Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier allows local users to affect integrity and availability via vectors related to Federated.
- risk 0.31cvss 4.7epss 0.02
Mozilla Firefox 43.x mishandles attempts to connect to the Application Reputation service, which makes it easier for remote attackers to trigger an unintended download by leveraging the absence of reputation data.
- risk 0.31cvss 4.7epss 0.01
Mozilla Firefox before 44.0 on Android allows remote attackers to spoof the address bar via the scrollTo method.
- risk 0.29cvss 5.5epss 0.02
Use-after-free vulnerability in the mif_process_cmpt function in libjasper/mif/mif_cod.c in the JasPer JPEG-2000 library before 1.900.2 allows remote attackers to cause a denial of service (crash) via a crafted JPEG 2000 image file.
- risk 0.29cvss 5.5epss 0.02
Heap-based buffer overflow in the CalcMinMax function in coders/mat.c in ImageMagick before 6.9.4-0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted mat file.
- risk 0.29cvss 5.5epss 0.02
coders/mat.c in ImageMagick before 6.9.4-5 allows remote attackers to cause a denial of service (application crash) via a mat file with an invalid number of frames.
- risk 0.29cvss 5.5epss 0.02
The MSL interpreter in ImageMagick before 6.9.6-4 allows remote attackers to cause a denial of service (segmentation fault and application crash) via a crafted XML file.
- risk 0.29cvss 4.4epss 0.00
The vmsvga_fifo_run function in hw/display/vmware_vga.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) via vectors related to cursor.mask[] and cursor.image[] array sizes when processing…
- risk 0.29cvss 4.4epss 0.00
Multiple integer overflows in the (1) v9fs_xattr_read and (2) v9fs_xattr_write functions in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allow local guest OS administrators to cause a denial of service (QEMU process crash) via a crafted offset, which triggers an out-of-bounds…
- risk 0.29cvss 5.5epss 0.00
The adjust_branches function in kernel/bpf/verifier.c in the Linux kernel before 4.5 does not consider the delta in the backward-jump case, which allows local users to obtain sensitive information from kernel memory by creating a packet filter and then loading crafted BPF…
- risk 0.28cvss 5.3epss 0.06
In numbers.c in libxslt 1.1.33, an xsl:number with certain format strings could lead to a uninitialized read in xsltNumberFormatInsertNumbers. This could allow an attacker to discern whether a byte on the stack contains the characters A, a, I, i, or 0, or any other character.
Page 19 of 25