Lucene search

K

OpenSUSE Security Vulnerabilities

cve
cve

CVE-2016-6265

Use-after-free vulnerability in the pdf_load_xref function in pdf/pdf-xref.c in MuPDF allows remote attackers to cause a denial of service (crash) via a crafted PDF...

5.5CVSS

5.2AI Score

0.011EPSS

2016-09-22 03:59 PM
30
4
cve
cve

CVE-2016-6262

idn in libidn before 1.33 might allow remote attackers to obtain sensitive memory information by reading a zero byte as input, which triggers an out-of-bounds read, a different vulnerability than...

7.5CVSS

7.2AI Score

0.003EPSS

2016-09-07 08:59 PM
98
4
cve
cve

CVE-2015-8948

idn in GNU libidn before 1.33 might allow remote attackers to obtain sensitive memory information by reading a zero byte as input, which triggers an out-of-bounds...

7.5CVSS

7.1AI Score

0.003EPSS

2016-09-07 08:59 PM
94
cve
cve

CVE-2016-6855

Eye of GNOME (aka eog) 3.16.5, 3.17.x, 3.18.x before 3.18.3, 3.19.x, and 3.20.x before 3.20.4, when used with glib before 2.44.1, allow remote attackers to cause a denial of service (out-of-bounds write and crash) via vectors involving passing invalid UTF-8 to...

7.5CVSS

7.1AI Score

0.022EPSS

2016-09-07 06:59 PM
66
4
cve
cve

CVE-2016-5421

Use-after-free vulnerability in libcurl before 7.50.1 allows attackers to control which connection is used or possibly have unspecified other impact via unknown...

8.1CVSS

7.4AI Score

0.007EPSS

2016-08-10 02:59 PM
117
cve
cve

CVE-2016-5772

Double free vulnerability in the php_wddx_process_data function in wddx.c in the WDDX extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted XML data that is...

9.8CVSS

8.4AI Score

0.02EPSS

2016-08-07 10:59 AM
123
2
cve
cve

CVE-2016-5771

spl_array.c in the SPL extension in PHP before 5.5.37 and 5.6.x before 5.6.23 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and application crash) via crafted...

9.8CVSS

8.2AI Score

0.014EPSS

2016-08-07 10:59 AM
160
4
cve
cve

CVE-2016-5770

Integer overflow in the SplFileObject::fread function in spl_directory.c in the SPL extension in PHP before 5.5.37 and 5.6.x before 5.6.23 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large integer argument, a related issue to...

9.8CVSS

8.3AI Score

0.06EPSS

2016-08-07 10:59 AM
166
4
cve
cve

CVE-2016-3992

cronic before 3 allows local users to write to arbitrary files via a symlink attack on a (1) cronic.out.$$, (2) cronic.err.$$, or (3) cronic.trace.$$ file in...

6.2CVSS

6.1AI Score

0.001EPSS

2016-07-26 05:59 PM
19
cve
cve

CVE-2016-5131

Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to...

8.8CVSS

7.8AI Score

0.106EPSS

2016-07-23 07:59 PM
247
4
cve
cve

CVE-2016-5387

The Apache HTTP Server through 2.4.23 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary....

8.1CVSS

8AI Score

0.2EPSS

2016-07-19 02:00 AM
1054
5
cve
cve

CVE-2016-3100

kinit in KDE Frameworks before 5.23.0 uses weak permissions (644) for /tmp/xauth-xxx-_y, which allows local users to obtain X11 cookies of other users and consequently capture keystrokes and possibly gain privileges by reading the...

8.4CVSS

8.1AI Score

0.001EPSS

2016-07-13 03:59 PM
18
cve
cve

CVE-2016-5099

Cross-site scripting (XSS) vulnerability in phpMyAdmin 4.4.x before 4.4.15.6 and 4.6.x before 4.6.2 allows remote attackers to inject arbitrary web script or HTML via special characters that are mishandled during double URL...

6.1CVSS

5.5AI Score

0.002EPSS

2016-07-05 01:59 AM
36
cve
cve

CVE-2016-5098

Directory traversal vulnerability in libraries/error_report.lib.php in phpMyAdmin before 4.6.2-prerelease allows remote attackers to determine the existence of arbitrary files by triggering an...

5.3CVSS

5.5AI Score

0.004EPSS

2016-07-05 01:59 AM
20
cve
cve

CVE-2016-5097

phpMyAdmin before 4.6.2 places tokens in query strings and does not arrange for them to be stripped before external navigation, which allows remote attackers to obtain sensitive information by reading (1) HTTP requests or (2) server...

5.3CVSS

5.2AI Score

0.005EPSS

2016-07-05 01:59 AM
24
cve
cve

CVE-2016-4957

ntpd in NTP before 4.2.8p8 allows remote attackers to cause a denial of service (daemon crash) via a crypto-NAK packet. NOTE: this vulnerability exists because of an incorrect fix for...

7.5CVSS

6.2AI Score

0.923EPSS

2016-07-05 01:59 AM
45
cve
cve

CVE-2016-4956

ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (interleaved-mode transition and time change) via a spoofed broadcast packet. NOTE: this vulnerability exists because of an incomplete fix for...

5.3CVSS

6.4AI Score

0.023EPSS

2016-07-05 01:59 AM
91
11
cve
cve

CVE-2016-4955

ntpd in NTP 4.x before 4.2.8p8, when autokey is enabled, allows remote attackers to cause a denial of service (peer-variable clearing and association outage) by sending (1) a spoofed crypto-NAK packet or (2) a packet with an incorrect MAC value at a certain...

5.9CVSS

6.3AI Score

0.021EPSS

2016-07-05 01:59 AM
94
7
cve
cve

CVE-2016-4954

The process_packet function in ntp_proto.c in ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (peer-variable modification) by sending spoofed packets from many source IP addresses in a certain scenario, as demonstrated by triggering an incorrect leap...

7.5CVSS

6.9AI Score

0.026EPSS

2016-07-05 01:59 AM
84
6
cve
cve

CVE-2016-4953

ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (ephemeral-association demobilization) by sending a spoofed crypto-NAK packet with incorrect authentication data at a certain...

7.5CVSS

7.3AI Score

0.033EPSS

2016-07-05 01:59 AM
77
6
cve
cve

CVE-2016-1704

Multiple unspecified vulnerabilities in Google Chrome before 51.0.2704.103 allow attackers to cause a denial of service or possibly have other impact via unknown...

8.8CVSS

8.7AI Score

0.006EPSS

2016-07-03 09:59 PM
55
cve
cve

CVE-2016-5739

The Transformation implementation in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 does not use the no-referrer Content Security Policy (CSP) protection mechanism, which makes it easier for remote attackers to conduct CSRF attacks by reading an authentication...

7.5CVSS

8.4AI Score

0.005EPSS

2016-07-03 01:59 AM
32
cve
cve

CVE-2016-5733

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) a crafted table name that is mishandled during privilege checking in...

6.1CVSS

6.9AI Score

0.002EPSS

2016-07-03 01:59 AM
34
cve
cve

CVE-2016-5731

Cross-site scripting (XSS) vulnerability in examples/openid.php in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allows remote attackers to inject arbitrary web script or HTML via vectors involving an OpenID error...

6.1CVSS

6.7AI Score

0.002EPSS

2016-07-03 01:59 AM
31
cve
cve

CVE-2016-5730

phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allows remote attackers to obtain sensitive information via vectors involving (1) an array value to FormDisplay.php, (2) incorrect data to validate.php, (3) unexpected data to Validator.php, (4) a missing config...

5.3CVSS

6.6AI Score

0.005EPSS

2016-07-03 01:59 AM
28
cve
cve

CVE-2016-5706

js/get_scripts.js.php in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allows remote attackers to cause a denial of service via a large array in the scripts...

7.5CVSS

7.9AI Score

0.028EPSS

2016-07-03 01:59 AM
31
cve
cve

CVE-2016-5705

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.4.x before 4.4.15.7 and 4.6.x before 4.6.3 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) server-privileges certificate data fields on the user privileges page, (2) an "invalid JSON" error.....

6.1CVSS

7AI Score

0.003EPSS

2016-07-03 01:59 AM
39
cve
cve

CVE-2016-5703

SQL injection vulnerability in libraries/central_columns.lib.php in phpMyAdmin 4.4.x before 4.4.15.7 and 4.6.x before 4.6.3 allows remote attackers to execute arbitrary SQL commands via a crafted database name that is mishandled in a central column...

9.8CVSS

9.6AI Score

0.003EPSS

2016-07-03 01:59 AM
29
cve
cve

CVE-2016-5701

setup/frames/index.inc.php in phpMyAdmin 4.0.10.x before 4.0.10.16, 4.4.15.x before 4.4.15.7, and 4.6.x before 4.6.3 allows remote attackers to conduct BBCode injection attacks against HTTP sessions via a crafted...

6.1CVSS

7.4AI Score

0.003EPSS

2016-07-03 01:59 AM
38
cve
cve

CVE-2016-5301

The parse_chunk_header function in libtorrent before 1.1.1 allows remote attackers to cause a denial of service (crash) via a crafted (1) HTTP response or possibly a (2) UPnP...

7.5CVSS

7.4AI Score

0.024EPSS

2016-06-30 05:59 PM
22
cve
cve

CVE-2016-5244

The rds_inc_info_copy function in net/rds/recv.c in the Linux kernel through 4.6.3 does not initialize a certain structure member, which allows remote attackers to obtain sensitive information from kernel stack memory by reading an RDS...

7.5CVSS

6.9AI Score

0.005EPSS

2016-06-27 10:59 AM
96
cve
cve

CVE-2016-4171

Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier allows remote attackers to execute arbitrary code via unknown vectors, as exploited in the wild in June...

9.8CVSS

9.6AI Score

0.156EPSS

2016-06-16 02:59 PM
847
In Wild
cve
cve

CVE-2016-4156

Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in...

8.8CVSS

8.9AI Score

0.013EPSS

2016-06-16 02:59 PM
47
cve
cve

CVE-2016-4155

Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in...

8.8CVSS

8.9AI Score

0.01EPSS

2016-06-16 02:59 PM
45
cve
cve

CVE-2016-4154

Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in...

8.8CVSS

8.9AI Score

0.01EPSS

2016-06-16 02:59 PM
48
cve
cve

CVE-2016-4153

Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in...

8.8CVSS

8.9AI Score

0.01EPSS

2016-06-16 02:59 PM
49
cve
cve

CVE-2016-4152

Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in...

8.8CVSS

8.9AI Score

0.01EPSS

2016-06-16 02:59 PM
50
cve
cve

CVE-2016-4151

Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in...

8.8CVSS

8.9AI Score

0.01EPSS

2016-06-16 02:59 PM
51
cve
cve

CVE-2016-4150

Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in...

8.8CVSS

8.9AI Score

0.01EPSS

2016-06-16 02:59 PM
51
cve
cve

CVE-2016-4149

Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in...

8.8CVSS

8.9AI Score

0.01EPSS

2016-06-16 02:59 PM
57
cve
cve

CVE-2016-4148

Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in...

8.8CVSS

8.9AI Score

0.013EPSS

2016-06-16 02:59 PM
48
cve
cve

CVE-2016-4147

Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in...

8.8CVSS

8.9AI Score

0.013EPSS

2016-06-16 02:59 PM
41
cve
cve

CVE-2016-4146

Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in...

8.8CVSS

8.9AI Score

0.013EPSS

2016-06-16 02:59 PM
49
cve
cve

CVE-2016-4145

Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in...

8.8CVSS

8.9AI Score

0.013EPSS

2016-06-16 02:59 PM
45
cve
cve

CVE-2016-4144

Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in...

8.8CVSS

8.9AI Score

0.013EPSS

2016-06-16 02:59 PM
43
cve
cve

CVE-2016-4143

Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in...

8.8CVSS

8.8AI Score

0.013EPSS

2016-06-16 02:59 PM
45
6
cve
cve

CVE-2016-4142

Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in...

8.8CVSS

8.9AI Score

0.013EPSS

2016-06-16 02:59 PM
46
cve
cve

CVE-2016-4141

Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in...

8.8CVSS

8.9AI Score

0.013EPSS

2016-06-16 02:59 PM
43
cve
cve

CVE-2016-4140

Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in...

8.8CVSS

8.9AI Score

0.013EPSS

2016-06-16 02:59 PM
46
cve
cve

CVE-2016-4139

Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in...

8.8CVSS

8.9AI Score

0.013EPSS

2016-06-16 02:59 PM
44
Total number of security vulnerabilities1478