Opensuse

Opensuse

1454 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2016-5771

Exploit
  • EPSS 13.65%
  • Published 07.08.2016 10:59:19
  • Last modified 12.04.2025 10:46:40

spl_array.c in the SPL extension in PHP before 5.5.37 and 5.6.x before 5.6.23 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to execute arbitrary code or cause a denial of service (use-a...

9.8

CVE-2016-5770

Exploit
  • EPSS 10.05%
  • Published 07.08.2016 10:59:18
  • Last modified 12.04.2025 10:46:40

Integer overflow in the SplFileObject::fread function in spl_directory.c in the SPL extension in PHP before 5.5.37 and 5.6.x before 5.6.23 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large inte...

6.2

CVE-2016-3992

  • EPSS 0.06%
  • Published 26.07.2016 17:59:01
  • Last modified 12.04.2025 10:46:40

cronic before 3 allows local users to write to arbitrary files via a symlink attack on a (1) cronic.out.$$, (2) cronic.err.$$, or (3) cronic.trace.$$ file in /tmp.

8.8

CVE-2016-5131

  • EPSS 4.2%
  • Published 23.07.2016 19:59:13
  • Last modified 12.04.2025 10:46:40

Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function.

8.1

CVE-2016-5387

  • EPSS 77.5%
  • Published 19.07.2016 02:00:19
  • Last modified 12.04.2025 10:46:40

The Apache HTTP Server through 2.4.23 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an app...

8.4

CVE-2016-3100

  • EPSS 0.05%
  • Published 13.07.2016 15:59:02
  • Last modified 12.04.2025 10:46:40

kinit in KDE Frameworks before 5.23.0 uses weak permissions (644) for /tmp/xauth-xxx-_y, which allows local users to obtain X11 cookies of other users and consequently capture keystrokes and possibly gain privileges by reading the file.

6.1

CVE-2016-5099

  • EPSS 0.49%
  • Published 05.07.2016 01:59:07
  • Last modified 12.04.2025 10:46:40

Cross-site scripting (XSS) vulnerability in phpMyAdmin 4.4.x before 4.4.15.6 and 4.6.x before 4.6.2 allows remote attackers to inject arbitrary web script or HTML via special characters that are mishandled during double URL decoding.

5.3

CVE-2016-5098

  • EPSS 0.45%
  • Published 05.07.2016 01:59:06
  • Last modified 12.04.2025 10:46:40

Directory traversal vulnerability in libraries/error_report.lib.php in phpMyAdmin before 4.6.2-prerelease allows remote attackers to determine the existence of arbitrary files by triggering an error.

5.3

CVE-2016-5097

  • EPSS 0.55%
  • Published 05.07.2016 01:59:05
  • Last modified 12.04.2025 10:46:40

phpMyAdmin before 4.6.2 places tokens in query strings and does not arrange for them to be stripped before external navigation, which allows remote attackers to obtain sensitive information by reading (1) HTTP requests or (2) server logs.

7.5

CVE-2016-4957

  • EPSS 57.88%
  • Published 05.07.2016 01:59:04
  • Last modified 12.04.2025 10:46:40

ntpd in NTP before 4.2.8p8 allows remote attackers to cause a denial of service (daemon crash) via a crypto-NAK packet. NOTE: this vulnerability exists because of an incorrect fix for CVE-2016-1547.