VYPR

Leap

by OpenSUSE

Source repositories

CVEs (482)

  • CVE-2016-5733MedJul 3, 2016
    risk 0.33cvss 6.1epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) a crafted table name that is mishandled during…

  • CVE-2016-5731MedJul 3, 2016
    risk 0.33cvss 6.1epss 0.02

    Cross-site scripting (XSS) vulnerability in examples/openid.php in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allows remote attackers to inject arbitrary web script or HTML via vectors involving an OpenID error message.

  • CVE-2016-5705MedJul 3, 2016
    risk 0.33cvss 6.1epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.4.x before 4.4.15.7 and 4.6.x before 4.6.3 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) server-privileges certificate data fields on the user privileges page, (2) an…

  • CVE-2016-5701MedJul 3, 2016
    risk 0.33cvss 6.1epss 0.02

    setup/frames/index.inc.php in phpMyAdmin 4.0.10.x before 4.0.10.16, 4.4.15.x before 4.4.15.7, and 4.6.x before 4.6.3 allows remote attackers to conduct BBCode injection attacks against HTTP sessions via a crafted URI.

  • CVE-2015-8872MedJun 3, 2016
    risk 0.33cvss 6.2epss 0.00

    The set_fat function in fat.c in dosfstools before 4.0 might allow attackers to corrupt a FAT12 filesystem or cause a denial of service (invalid memory read and crash) by writing an odd number of clusters to the third to last entry on a FAT12 filesystem, which triggers an…

  • CVE-2016-0641MedApr 21, 2016
    risk 0.33cvss 5.1epss 0.01

    Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect confidentiality and availability via vectors related to MyISAM.

  • CVE-2017-8932MedJul 6, 2017
    risk 0.32cvss 5.9epss 0.02

    A bug in the standard library ScalarMult implementation of curve P-256 for amd64 architectures in Go before 1.7.6 and 1.8.x before 1.8.2 causes incorrect results to be generated for specific input points. An adaptive attack can be mounted to progressively extract the scalar…

  • CVE-2016-7787MedDec 23, 2016
    risk 0.32cvss 4.9epss 0.02

    A maliciously crafted command line for kdesu can result in the user only seeing part of the commands that will actually get executed as super user.

  • CVE-2016-0655MedApr 21, 2016
    risk 0.31cvss 4.7epss 0.01

    Unspecified vulnerability in Oracle MySQL 5.6.29 and earlier and 5.7.11 and earlier and MariaDB 10.0.x before 10.0.25 and 10.1.x before 10.1.14 allows local users to affect availability via vectors related to InnoDB.

  • CVE-2016-0642MedApr 21, 2016
    risk 0.31cvss 4.7epss 0.01

    Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier allows local users to affect integrity and availability via vectors related to Federated.

  • CVE-2016-1947MedJan 31, 2016
    risk 0.31cvss 4.7epss 0.02

    Mozilla Firefox 43.x mishandles attempts to connect to the Application Reputation service, which makes it easier for remote attackers to trigger an unintended download by leveraging the absence of reputation data.

  • CVE-2016-1943MedJan 31, 2016
    risk 0.31cvss 4.7epss 0.01

    Mozilla Firefox before 44.0 on Android allows remote attackers to spoof the address bar via the scrollTo method.

  • CVE-2015-5221MedJul 25, 2017
    risk 0.29cvss 5.5epss 0.02

    Use-after-free vulnerability in the mif_process_cmpt function in libjasper/mif/mif_cod.c in the JasPer JPEG-2000 library before 1.900.2 allows remote attackers to cause a denial of service (crash) via a crafted JPEG 2000 image file.

  • CVE-2016-10070MedMar 3, 2017
    risk 0.29cvss 5.5epss 0.02

    Heap-based buffer overflow in the CalcMinMax function in coders/mat.c in ImageMagick before 6.9.4-0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted mat file.

  • CVE-2016-10069MedMar 2, 2017
    risk 0.29cvss 5.5epss 0.02

    coders/mat.c in ImageMagick before 6.9.4-5 allows remote attackers to cause a denial of service (application crash) via a mat file with an invalid number of frames.

  • CVE-2016-10068MedMar 2, 2017
    risk 0.29cvss 5.5epss 0.02

    The MSL interpreter in ImageMagick before 6.9.6-4 allows remote attackers to cause a denial of service (segmentation fault and application crash) via a crafted XML file.

  • CVE-2016-7170MedDec 10, 2016
    risk 0.29cvss 4.4epss 0.00

    The vmsvga_fifo_run function in hw/display/vmware_vga.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) via vectors related to cursor.mask[] and cursor.image[] array sizes when processing…

  • CVE-2016-9104MedDec 9, 2016
    risk 0.29cvss 4.4epss 0.00

    Multiple integer overflows in the (1) v9fs_xattr_read and (2) v9fs_xattr_write functions in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allow local guest OS administrators to cause a denial of service (QEMU process crash) via a crafted offset, which triggers an out-of-bounds…

  • CVE-2016-2383MedApr 27, 2016
    risk 0.29cvss 5.5epss 0.00

    The adjust_branches function in kernel/bpf/verifier.c in the Linux kernel before 4.5 does not consider the delta in the backward-jump case, which allows local users to obtain sensitive information from kernel memory by creating a packet filter and then loading crafted BPF…

  • CVE-2019-13117MedJul 1, 2019
    risk 0.28cvss 5.3epss 0.06

    In numbers.c in libxslt 1.1.33, an xsl:number with certain format strings could lead to a uninitialized read in xsltNumberFormatInsertNumbers. This could allow an attacker to discern whether a byte on the stack contains the characters A, a, I, i, or 0, or any other character.

Page 19 of 25