Opensuse

Opensuse

1454 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2016-5771

Exploit
  • EPSS 13.65%
  • Veröffentlicht 07.08.2016 10:59:19
  • Zuletzt bearbeitet 12.04.2025 10:46:40

spl_array.c in the SPL extension in PHP before 5.5.37 and 5.6.x before 5.6.23 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to execute arbitrary code or cause a denial of service (use-a...

9.8

CVE-2016-5770

Exploit
  • EPSS 10.05%
  • Veröffentlicht 07.08.2016 10:59:18
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Integer overflow in the SplFileObject::fread function in spl_directory.c in the SPL extension in PHP before 5.5.37 and 5.6.x before 5.6.23 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large inte...

6.2

CVE-2016-3992

  • EPSS 0.06%
  • Veröffentlicht 26.07.2016 17:59:01
  • Zuletzt bearbeitet 12.04.2025 10:46:40

cronic before 3 allows local users to write to arbitrary files via a symlink attack on a (1) cronic.out.$$, (2) cronic.err.$$, or (3) cronic.trace.$$ file in /tmp.

8.8

CVE-2016-5131

  • EPSS 4.2%
  • Veröffentlicht 23.07.2016 19:59:13
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function.

8.1

CVE-2016-5387

  • EPSS 77.5%
  • Veröffentlicht 19.07.2016 02:00:19
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The Apache HTTP Server through 2.4.23 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an app...

8.4

CVE-2016-3100

  • EPSS 0.05%
  • Veröffentlicht 13.07.2016 15:59:02
  • Zuletzt bearbeitet 12.04.2025 10:46:40

kinit in KDE Frameworks before 5.23.0 uses weak permissions (644) for /tmp/xauth-xxx-_y, which allows local users to obtain X11 cookies of other users and consequently capture keystrokes and possibly gain privileges by reading the file.

6.1

CVE-2016-5099

  • EPSS 0.49%
  • Veröffentlicht 05.07.2016 01:59:07
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Cross-site scripting (XSS) vulnerability in phpMyAdmin 4.4.x before 4.4.15.6 and 4.6.x before 4.6.2 allows remote attackers to inject arbitrary web script or HTML via special characters that are mishandled during double URL decoding.

5.3

CVE-2016-5098

  • EPSS 0.45%
  • Veröffentlicht 05.07.2016 01:59:06
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Directory traversal vulnerability in libraries/error_report.lib.php in phpMyAdmin before 4.6.2-prerelease allows remote attackers to determine the existence of arbitrary files by triggering an error.

5.3

CVE-2016-5097

  • EPSS 0.55%
  • Veröffentlicht 05.07.2016 01:59:05
  • Zuletzt bearbeitet 12.04.2025 10:46:40

phpMyAdmin before 4.6.2 places tokens in query strings and does not arrange for them to be stripped before external navigation, which allows remote attackers to obtain sensitive information by reading (1) HTTP requests or (2) server logs.

7.5

CVE-2016-4957

  • EPSS 57.88%
  • Veröffentlicht 05.07.2016 01:59:04
  • Zuletzt bearbeitet 12.04.2025 10:46:40

ntpd in NTP before 4.2.8p8 allows remote attackers to cause a denial of service (daemon crash) via a crypto-NAK packet. NOTE: this vulnerability exists because of an incorrect fix for CVE-2016-1547.