VYPR

openSUSE

by OpenSUSE

Source repositories

CVEs (1,425)

  • CVE-2012-1186MedJun 5, 2012
    risk 0.36cvss 5.5epss 0.02

    Integer overflow in the SyncImageProfiles function in profile.c in ImageMagick 6.7.5-8 and earlier allows remote attackers to cause a denial of service (infinite loop) via crafted IOP tag offsets in the IFD in an image. NOTE: this vulnerability exists because of an incomplete…

  • CVE-2010-3078MedSep 21, 2010
    risk 0.36cvss 5.5epss 0.00

    The xfs_ioc_fsgetxattr function in fs/xfs/linux-2.6/xfs_ioctl.c in the Linux kernel before 2.6.36-rc4 does not initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via an ioctl call.

  • CVE-2010-2942MedSep 21, 2010
    risk 0.36cvss 5.5epss 0.00

    The actions implementation in the network queueing functionality in the Linux kernel before 2.6.36-rc2 does not properly initialize certain structure members when performing dump operations, which allows local users to obtain potentially sensitive information from kernel memory…

  • CVE-2009-3238MedSep 18, 2009
    risk 0.36cvss 5.5epss 0.02

    The get_random_int function in drivers/char/random.c in the Linux kernel before 2.6.30 produces insufficiently random numbers, which allows attackers to predict the return value, and possibly defeat protection mechanisms based on randomization, via vectors that leverage the…

  • CVE-2007-6716MedSep 4, 2008
    risk 0.36cvss 5.5epss 0.01

    fs/direct-io.c in the dio subsystem in the Linux kernel before 2.6.23 does not properly zero out the dio struct, which allows local users to cause a denial of service (OOPS), as demonstrated by a certain fio test.

  • CVE-2008-1567MedMar 31, 2008
    risk 0.36cvss 5.5epss 0.00

    phpMyAdmin before 2.11.5.1 stores the MySQL (1) username and (2) password, and the (3) Blowfish secret key, in cleartext in a Session file under /tmp, which allows local users to obtain sensitive information.

  • CVE-2017-13088MedOct 17, 2017
    risk 0.35cvss 5.3epss 0.02

    Wi-Fi Protected Access (WPA and WPA2) that support 802.11v allows reinstallation of the Integrity Group Temporal Key (IGTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame, allowing an attacker within radio range to replay frames from access points…

  • CVE-2017-13087MedOct 17, 2017
    risk 0.35cvss 5.3epss 0.02

    Wi-Fi Protected Access (WPA and WPA2) that support 802.11v allows reinstallation of the Group Temporal Key (GTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame, allowing an attacker within radio range to replay frames from access points to clients.

  • CVE-2017-13081MedOct 17, 2017
    risk 0.35cvss 5.3epss 0.02

    Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the Integrity Group Temporal Key (IGTK) during the group key handshake, allowing an attacker within radio range to spoof frames from access points to clients.

  • CVE-2017-13080MedOct 17, 2017
    risk 0.35cvss 5.3epss 0.02

    Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during the group key handshake, allowing an attacker within radio range to replay frames from access points to clients.

  • CVE-2017-13078MedOct 17, 2017
    risk 0.35cvss 5.3epss 0.02

    Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during the four-way handshake, allowing an attacker within radio range to replay frames from access points to clients.

  • CVE-2016-5098MedJul 5, 2016
    risk 0.35cvss 5.3epss 0.02

    Directory traversal vulnerability in libraries/error_report.lib.php in phpMyAdmin before 4.6.2-prerelease allows remote attackers to determine the existence of arbitrary files by triggering an error.

  • CVE-2016-5097MedJul 5, 2016
    risk 0.35cvss 5.3epss 0.01

    phpMyAdmin before 4.6.2 places tokens in query strings and does not arrange for them to be stripped before external navigation, which allows remote attackers to obtain sensitive information by reading (1) HTTP requests or (2) server logs.

  • CVE-2016-5104MedJun 13, 2016
    risk 0.35cvss 5.3epss 0.03

    The socket_create function in common/socket.c in libimobiledevice and libusbmuxd allows remote attackers to bypass intended access restrictions and communicate with services on iOS devices by connecting to an IPv4 TCP socket.

  • CVE-2016-1694MedJun 5, 2016
    risk 0.35cvss 5.3epss 0.01

    browser/browsing_data/browsing_data_remover.cc in Google Chrome before 51.0.2704.63 deletes HPKP pins during cache clearing, which makes it easier for remote attackers to spoof web sites via a valid certificate from an arbitrary recognized Certification Authority.

  • CVE-2016-1693MedJun 5, 2016
    risk 0.35cvss 5.3epss 0.01

    browser/safe_browsing/srt_field_trial_win.cc in Google Chrome before 51.0.2704.63 does not use the HTTPS service on dl.google.com to obtain the Software Removal Tool, which allows remote attackers to spoof the chrome_cleanup_tool.exe (aka CCT) file via a man-in-the-middle attack…

  • CVE-2016-1692MedJun 5, 2016
    risk 0.35cvss 5.3epss 0.01

    WebKit/Source/core/css/StyleSheetContents.cpp in Blink, as used in Google Chrome before 51.0.2704.63, permits cross-origin loading of CSS stylesheets by a ServiceWorker even when the stylesheet download has an incorrect MIME type, which allows remote attackers to bypass the Same…

  • CVE-2016-1670MedMay 14, 2016
    risk 0.35cvss 5.3epss 0.01

    Race condition in the ResourceDispatcherHostImpl::BeginRequest function in content/browser/loader/resource_dispatcher_host_impl.cc in Google Chrome before 50.0.2661.102 allows remote attackers to make arbitrary HTTP requests by leveraging access to a renderer process and reusing…

  • CVE-2016-1939MedJan 31, 2016
    risk 0.35cvss 5.3epss 0.02

    Mozilla Firefox before 44.0 stores cookies with names containing vertical tab characters, which allows remote attackers to obtain sensitive information by reading HTTP Cookie headers. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-7208.

  • CVE-2009-1961MedJun 8, 2009
    risk 0.34cvss 4.7epss 0.01

    The inode double locking code in fs/ocfs2/file.c in the Linux kernel 2.6.30 before 2.6.30-rc3, 2.6.27 before 2.6.27.24, 2.6.29 before 2.6.29.4, and possibly other versions down to 2.6.19 allows local users to cause a denial of service (prevention of file creation and removal)…

Page 22 of 72