VYPR

openSUSE

by OpenSUSE

Source repositories

CVEs (1,425)

  • CVE-2016-1957MedMar 13, 2016
    risk 0.28cvss 4.3epss 0.02

    Memory leak in libstagefright in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to cause a denial of service (memory consumption) via an MPEG-4 file that triggers a delete operation on an array.

  • CVE-2016-1955MedMar 13, 2016
    risk 0.28cvss 4.3epss 0.02

    Mozilla Firefox before 45.0 allows remote attackers to bypass the Same Origin Policy and obtain sensitive information by reading a Content Security Policy (CSP) violation report that contains path information associated with an IFRAME element.

  • CVE-2016-2043MedFeb 20, 2016
    risk 0.28cvss 5.4epss 0.01

    Cross-site scripting (XSS) vulnerability in the goToFinish1NF function in js/normalization.js in phpMyAdmin 4.4.x before 4.4.15.3 and 4.5.x before 4.5.4 allows remote authenticated users to inject arbitrary web script or HTML via a table name to the normalization page.

  • CVE-2016-2042MedFeb 20, 2016
    risk 0.28cvss 5.3epss 0.02

    phpMyAdmin 4.4.x before 4.4.15.3 and 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted request to (1) libraries/phpseclib/Crypt/AES.php or (2) libraries/phpseclib/Crypt/Rijndael.php, which reveals the full path in an error message.

  • CVE-2016-2040MedFeb 20, 2016
    risk 0.28cvss 5.4epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 allow remote authenticated users to inject arbitrary web script or HTML via a (1) table name, (2) SET value, (3) search query, or (4) hostname…

  • CVE-2016-2039MedFeb 20, 2016
    risk 0.28cvss 5.3epss 0.02

    libraries/session.inc.php in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 does not properly generate CSRF token values, which allows remote attackers to bypass intended access restrictions by predicting a value.

  • CVE-2016-2038MedFeb 20, 2016
    risk 0.28cvss 5.3epss 0.03

    phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted request, which reveals the full path in an error message.

  • CVE-2016-1626MedFeb 14, 2016
    risk 0.28cvss 4.3epss 0.01

    The opj_pi_update_decode_poc function in pi.c in OpenJPEG, as used in PDFium in Google Chrome before 48.0.2564.109, miscalculates a certain layer index value, which allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PDF document.

  • CVE-2016-1625MedFeb 14, 2016
    risk 0.28cvss 4.3epss 0.01

    The Chrome Instant feature in Google Chrome before 48.0.2564.109 does not ensure that a New Tab Page (NTP) navigation target is on the most-visited or suggestions list, which allows remote attackers to bypass intended restrictions via unspecified vectors, related to…

  • CVE-2015-8629MedFeb 13, 2016
    risk 0.28cvss 5.3epss 0.04

    The xdr_nullstring function in lib/kadm5/kadm_rpc_xdr.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 does not verify whether '\0' characters exist as expected, which allows remote authenticated users to obtain sensitive information or cause a…

  • CVE-2015-8792MedJan 29, 2016
    risk 0.28cvss 5.3epss 0.01

    The KaxInternalBlock::ReadData function in libMatroska before 1.4.4 allows context-dependent attackers to obtain sensitive information from process heap memory via crafted EBML lacing, which triggers an invalid memory access.

  • CVE-2016-1494MedJan 13, 2016
    risk 0.28cvss 5.3epss 0.07

    The verify function in the RSA package for Python (Python-RSA) before 3.3 allows attackers to spoof signatures with a small public exponent via crafted signature padding, aka a BERserk attack.

  • CVE-2016-0668MedApr 21, 2016
    risk 0.27cvss 4.1epss 0.01

    Unspecified vulnerability in Oracle MySQL 5.6.28 and earlier and 5.7.10 and earlier and MariaDB 10.0.x before 10.0.24 and 10.1.x before 10.1.12 allows local users to affect availability via vectors related to InnoDB.

  • CVE-2014-8134LowDec 12, 2014
    risk 0.22cvss 3.3epss 0.01

    The paravirt_ops_setup function in arch/x86/kernel/kvm.c in the Linux kernel through 3.18 uses an improper paravirt_enabled setting for KVM guest kernels, which makes it easier for guest OS users to bypass the ASLR protection mechanism via a crafted application that reads a…

  • CVE-2014-9770LowApr 20, 2016
    risk 0.21cvss 3.3epss 0.00

    tmpfiles.d/systemd.conf in systemd before 214 uses weak permissions for journal files under (1) /run/log/journal/%m and (2) /var/log/journal/%m, which allows local users to obtain sensitive information by reading these files.

  • CVE-2015-7758LowJan 8, 2016
    risk 0.21cvss 3.3epss 0.00

    Gummi 0.6.5 allows local users to write to arbitrary files via a symlink attack on a temporary dot file that uses the name of an existing file and a (1) .aux, (2) .log, (3) .out, (4) .pdf, or (5) .toc extension for the file name, as demonstrated by .thesis.tex.aux.

  • CVE-2015-8842LowApr 20, 2016
    risk 0.14cvss 3.3epss 0.00

    tmpfiles.d/systemd.conf in systemd before 229 uses weak permissions for /var/log/journal/%m/system.journal, which allows local users to obtain sensitive information by reading the file.

  • CVE-2014-0195Jun 5, 2014
    risk 0.11cvss epss 1.00

    The dtls1_reassemble_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly validate fragment lengths in DTLS ClientHello messages, which allows remote attackers to execute arbitrary code or cause a denial of…

  • CVE-2013-5211Jan 2, 2014
    risk 0.11cvss epss 0.98

    The monlist feature in ntp_request.c in ntpd in NTP before 4.2.7p26 allows remote attackers to cause a denial of service (traffic amplification) via forged (1) REQ_MON_GETLIST or (2) REQ_MON_GETLIST_1 requests, as exploited in the wild in December 2013.

  • CVE-2011-3192Aug 29, 2011
    risk 0.11cvss epss 0.99

    The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range header that expresses multiple overlapping ranges, as exploited in the wild in…

Page 24 of 72