VYPR

openSUSE

by OpenSUSE

Source repositories

CVEs (1,425)

  • CVE-2015-8864MedApr 13, 2017
    risk 0.33cvss 6.1epss 0.03

    Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 1.0.9 and 1.1.x before 1.1.5 allows remote attackers to inject arbitrary web script or HTML via a crafted SVG, a different vulnerability than CVE-2016-4068.

  • CVE-2016-5733MedJul 3, 2016
    risk 0.33cvss 6.1epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) a crafted table name that is mishandled during…

  • CVE-2016-5731MedJul 3, 2016
    risk 0.33cvss 6.1epss 0.02

    Cross-site scripting (XSS) vulnerability in examples/openid.php in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allows remote attackers to inject arbitrary web script or HTML via vectors involving an OpenID error message.

  • CVE-2016-5705MedJul 3, 2016
    risk 0.33cvss 6.1epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.4.x before 4.4.15.7 and 4.6.x before 4.6.3 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) server-privileges certificate data fields on the user privileges page, (2) an…

  • CVE-2016-5701MedJul 3, 2016
    risk 0.33cvss 6.1epss 0.02

    setup/frames/index.inc.php in phpMyAdmin 4.0.10.x before 4.0.10.16, 4.4.15.x before 4.4.15.7, and 4.6.x before 4.6.3 allows remote attackers to conduct BBCode injection attacks against HTTP sessions via a crafted URI.

  • CVE-2015-8872MedJun 3, 2016
    risk 0.33cvss 6.2epss 0.00

    The set_fat function in fat.c in dosfstools before 4.0 might allow attackers to corrupt a FAT12 filesystem or cause a denial of service (invalid memory read and crash) by writing an odd number of clusters to the third to last entry on a FAT12 filesystem, which triggers an…

  • CVE-2014-3566LowOct 15, 2014
    risk 0.33cvss 3.4epss 1.00

    The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue.

  • CVE-2016-7787MedDec 23, 2016
    risk 0.32cvss 4.9epss 0.02

    A maliciously crafted command line for kdesu can result in the user only seeing part of the commands that will actually get executed as super user.

  • CVE-2016-0642MedApr 21, 2016
    risk 0.31cvss 4.7epss 0.01

    Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier allows local users to affect integrity and availability via vectors related to Federated.

  • CVE-2016-1947MedJan 31, 2016
    risk 0.31cvss 4.7epss 0.02

    Mozilla Firefox 43.x mishandles attempts to connect to the Application Reputation service, which makes it easier for remote attackers to trigger an unintended download by leveraging the absence of reputation data.

  • CVE-2016-1943MedJan 31, 2016
    risk 0.31cvss 4.7epss 0.01

    Mozilla Firefox before 44.0 on Android allows remote attackers to spoof the address bar via the scrollTo method.

  • CVE-2015-2808LowApr 1, 2015
    risk 0.30cvss 3.7epss 0.74

    The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing…

  • CVE-2015-5221MedJul 25, 2017
    risk 0.29cvss 5.5epss 0.02

    Use-after-free vulnerability in the mif_process_cmpt function in libjasper/mif/mif_cod.c in the JasPer JPEG-2000 library before 1.900.2 allows remote attackers to cause a denial of service (crash) via a crafted JPEG 2000 image file.

  • CVE-2014-8559MedNov 10, 2014
    risk 0.29cvss 5.5epss 0.01

    The d_walk function in fs/dcache.c in the Linux kernel through 3.17.2 does not properly maintain the semantics of rename_lock, which allows local users to cause a denial of service (deadlock and system hang) via a crafted application.

  • CVE-2015-7976MedJan 30, 2017
    risk 0.28cvss 4.3epss 0.03

    The ntpq saveconfig command in NTP 4.1.2, 4.2.x before 4.2.8p6, 4.3, 4.3.25, 4.3.70, and 4.3.77 does not properly filter special characters, which allows attackers to cause unspecified impact via a crafted filename.

  • CVE-2016-5730MedJul 3, 2016
    risk 0.28cvss 5.3epss 0.03

    phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allows remote attackers to obtain sensitive information via vectors involving (1) an array value to FormDisplay.php, (2) incorrect data to validate.php, (3) unexpected data to Validator.php, (4) a…

  • CVE-2016-2832MedJun 13, 2016
    risk 0.28cvss 4.3epss 0.01

    Mozilla Firefox before 47.0 allows remote attackers to discover the list of disabled plugins via a fingerprinting attack involving Cascading Style Sheets (CSS) pseudo-classes.

  • CVE-2016-1664MedMay 14, 2016
    risk 0.28cvss 4.3epss 0.01

    The HistoryController::UpdateForCommit function in content/renderer/history_controller.cc in Google Chrome before 50.0.2661.94 mishandles the interaction between subframe forward navigations and other forward navigations, which allows remote attackers to spoof the address bar…

  • CVE-2016-1965MedMar 13, 2016
    risk 0.28cvss 4.3epss 0.02

    Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 mishandle a navigation sequence that returns to the original page, which allows remote attackers to spoof the address bar via vectors involving the history.back method and the location.protocol property.

  • CVE-2016-1958MedMar 13, 2016
    risk 0.28cvss 4.3epss 0.02

    browser/base/content/browser.js in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to spoof the address bar via a javascript: URL.

Page 23 of 72