Search Results (Refine Search)
- CPE Product Version: cpe:/o:opensuse:opensuse:13.1
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2016-1950 |
Heap-based buffer overflow in Mozilla Network Security Services (NSS) before 3.19.2.3 and 3.20.x and 3.21.x before 3.21.1, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to execute arbitrary code via crafted ASN.1 data in an X.509 certificate. Published: March 13, 2016; 2:59:00 PM -0400 |
V3.0: 8.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2016-1286 |
named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted signature record for a DNAME record, related to db.c and resolver.c. Published: March 09, 2016; 6:59:03 PM -0500 |
V3.1: 8.6 HIGH V2.0: 5.0 MEDIUM |
CVE-2016-1285 |
named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 does not properly handle DNAME records when parsing fetch reply messages, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a malformed packet to the rndc (aka control channel) interface, related to alist.c and sexpr.c. Published: March 09, 2016; 6:59:02 PM -0500 |
V3.1: 6.8 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2015-8805 |
The ecc_256_modq function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors, a different vulnerability than CVE-2015-8803. Published: February 23, 2016; 2:59:03 PM -0500 |
V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2015-8804 |
x86_64/ecc-384-modp.asm in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-384 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors. Published: February 23, 2016; 2:59:02 PM -0500 |
V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2015-8803 |
The ecc_256_modp function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors, a different vulnerability than CVE-2015-8805. Published: February 23, 2016; 2:59:01 PM -0500 |
V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2016-1629 |
Google Chrome before 48.0.2564.116 allows remote attackers to bypass the Blink Same Origin Policy and a sandbox protection mechanism via unspecified vectors. Published: February 21, 2016; 1:59:01 PM -0500 |
V3.0: 9.8 CRITICAL V2.0: 10.0 HIGH |
CVE-2016-2043 |
Cross-site scripting (XSS) vulnerability in the goToFinish1NF function in js/normalization.js in phpMyAdmin 4.4.x before 4.4.15.3 and 4.5.x before 4.5.4 allows remote authenticated users to inject arbitrary web script or HTML via a table name to the normalization page. Published: February 19, 2016; 8:59:06 PM -0500 |
V3.0: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2016-2042 |
phpMyAdmin 4.4.x before 4.4.15.3 and 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted request to (1) libraries/phpseclib/Crypt/AES.php or (2) libraries/phpseclib/Crypt/Rijndael.php, which reveals the full path in an error message. Published: February 19, 2016; 8:59:05 PM -0500 |
V3.0: 5.3 MEDIUM V2.0: 5.0 MEDIUM |
CVE-2016-2041 |
libraries/common.inc.php in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 does not use a constant-time algorithm for comparing CSRF tokens, which makes it easier for remote attackers to bypass intended access restrictions by measuring time differences. Published: February 19, 2016; 8:59:04 PM -0500 |
V3.0: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2016-2040 |
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 allow remote authenticated users to inject arbitrary web script or HTML via a (1) table name, (2) SET value, (3) search query, or (4) hostname in a Location header. Published: February 19, 2016; 8:59:03 PM -0500 |
V3.0: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2016-2039 |
libraries/session.inc.php in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 does not properly generate CSRF token values, which allows remote attackers to bypass intended access restrictions by predicting a value. Published: February 19, 2016; 8:59:02 PM -0500 |
V3.0: 5.3 MEDIUM V2.0: 5.0 MEDIUM |
CVE-2016-2038 |
phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted request, which reveals the full path in an error message. Published: February 19, 2016; 8:59:01 PM -0500 |
V3.0: 5.3 MEDIUM V2.0: 5.0 MEDIUM |
CVE-2016-1627 |
The Developer Tools (aka DevTools) subsystem in Google Chrome before 48.0.2564.109 does not validate URL schemes and ensure that the remoteBase parameter is associated with a chrome-devtools-frontend.appspot.com URL, which allows remote attackers to bypass intended access restrictions via a crafted URL, related to browser/devtools/devtools_ui_bindings.cc and WebKit/Source/devtools/front_end/Runtime.js. Published: February 13, 2016; 9:59:05 PM -0500 |
V3.0: 8.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2016-1626 |
The opj_pi_update_decode_poc function in pi.c in OpenJPEG, as used in PDFium in Google Chrome before 48.0.2564.109, miscalculates a certain layer index value, which allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PDF document. Published: February 13, 2016; 9:59:04 PM -0500 |
V3.0: 4.3 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2016-1625 |
The Chrome Instant feature in Google Chrome before 48.0.2564.109 does not ensure that a New Tab Page (NTP) navigation target is on the most-visited or suggestions list, which allows remote attackers to bypass intended restrictions via unspecified vectors, related to instant_service.cc and search_tab_helper.cc. Published: February 13, 2016; 9:59:03 PM -0500 |
V3.0: 4.3 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2016-1624 |
Integer underflow in the ProcessCommandsInternal function in dec/decode.c in Brotli, as used in Google Chrome before 48.0.2564.109, allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via crafted data with brotli compression. Published: February 13, 2016; 9:59:02 PM -0500 |
V3.0: 8.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2016-1623 |
The DOM implementation in Google Chrome before 48.0.2564.109 does not properly restrict frame-attach operations from occurring during or after frame-detach operations, which allows remote attackers to bypass the Same Origin Policy via a crafted web site, related to FrameLoader.cpp, HTMLFrameOwnerElement.h, LocalFrame.cpp, and WebLocalFrameImpl.cpp. Published: February 13, 2016; 9:59:01 PM -0500 |
V3.0: 8.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2016-1622 |
The Extensions subsystem in Google Chrome before 48.0.2564.109 does not prevent use of the Object.defineProperty method to override intended extension behavior, which allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code. Published: February 13, 2016; 9:59:00 PM -0500 |
V3.0: 8.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2016-1947 |
Mozilla Firefox 43.x mishandles attempts to connect to the Application Reputation service, which makes it easier for remote attackers to trigger an unintended download by leveraging the absence of reputation data. Published: January 31, 2016; 1:59:13 PM -0500 |
V3.0: 4.7 MEDIUM V2.0: 4.3 MEDIUM |