Search Results (1931 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2016-5746 2 Opensuse, Yast 4 Leap, Libstorage, Libstorage-ng and 1 more 2025-04-12 N/A
libstorage, libstorage-ng, and yast-storage improperly store passphrases for encrypted storage devices in a temporary file on disk, which might allow local users to obtain sensitive information by reading the file, as demonstrated by /tmp/libstorage-XXXXXX/pwdf.
CVE-2015-5828 2 Apple, Opensuse 2 Safari, Leap 2025-04-12 N/A
The API in the WebKit Plug-ins component in Apple Safari before 9 does not provide notification of an HTTP Redirection (aka 3xx) status code to a plugin, which allows remote attackers to bypass intended request restrictions via a crafted web site.
CVE-2016-0605 3 Opensuse, Oracle, Redhat 5 Leap, Opensuse, Mysql and 2 more 2025-04-12 N/A
Unspecified vulnerability in Oracle MySQL 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors.
CVE-2016-4303 4 Debian, Es, Novell and 1 more 5 Debian Linux, Iperf3, Suse Package Hub For Suse Linux Enterprise and 2 more 2025-04-12 9.8 Critical
The parse_string function in cjson.c in the cJSON library mishandles UTF8/16 strings, which allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a non-hex character in a JSON string, which triggers a heap-based buffer overflow.
CVE-2016-4955 6 Novell, Ntp, Opensuse and 3 more 11 Suse Manager, Ntp, Leap and 8 more 2025-04-12 5.9 Medium
ntpd in NTP 4.x before 4.2.8p8, when autokey is enabled, allows remote attackers to cause a denial of service (peer-variable clearing and association outage) by sending (1) a spoofed crypto-NAK packet or (2) a packet with an incorrect MAC value at a certain time.
CVE-2016-1685 5 Debian, Google, Opensuse and 2 more 9 Debian Linux, Chrome, Leap and 6 more 2025-04-12 N/A
core/fxge/ge/fx_ge_text.cpp in PDFium, as used in Google Chrome before 51.0.2704.63, miscalculates certain index values, which allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PDF document.
CVE-2016-0655 5 Debian, Mariadb, Opensuse and 2 more 6 Debian Linux, Mariadb, Leap and 3 more 2025-04-12 N/A
Unspecified vulnerability in Oracle MySQL 5.6.29 and earlier and 5.7.11 and earlier and MariaDB 10.0.x before 10.0.25 and 10.1.x before 10.1.14 allows local users to affect availability via vectors related to InnoDB.
CVE-2015-5309 2 Opensuse, Simon Tatham 3 Leap, Opensuse, Putty 2025-04-12 N/A
Integer overflow in the terminal emulator in PuTTY before 0.66 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via an ECH (erase characters) escape sequence with a large parameter value, which triggers a buffer underflow.
CVE-2016-0666 6 Debian, Ibm, Mariadb and 3 more 8 Debian Linux, Powerkvm, Mariadb and 5 more 2025-04-12 N/A
Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows local users to affect availability via vectors related to Security: Privileges.
CVE-2016-1957 5 Mozilla, Novell, Opensuse and 2 more 7 Firefox, Thunderbird, Suse Package Hub For Suse Linux Enterprise and 4 more 2025-04-12 N/A
Memory leak in libstagefright in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to cause a denial of service (memory consumption) via an MPEG-4 file that triggers a delete operation on an array.
CVE-2016-5116 4 Debian, Libgd, Opensuse and 1 more 4 Debian Linux, Libgd, Leap and 1 more 2025-04-12 N/A
gd_xbm.c in the GD Graphics Library (aka libgd) before 2.2.0, as used in certain custom PHP 5.5.x configurations, allows context-dependent attackers to obtain sensitive information from process memory or cause a denial of service (stack-based buffer under-read and application crash) via a long name.
CVE-2016-1933 2 Mozilla, Opensuse 3 Firefox, Leap, Opensuse 2025-04-12 N/A
Integer overflow in the image-deinterlacing functionality in Mozilla Firefox before 44.0 allows remote attackers to cause a denial of service (memory consumption or application crash) via a crafted GIF image.
CVE-2016-5705 2 Opensuse, Phpmyadmin 3 Leap, Opensuse, Phpmyadmin 2025-04-12 N/A
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.4.x before 4.4.15.7 and 4.6.x before 4.6.3 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) server-privileges certificate data fields on the user privileges page, (2) an "invalid JSON" error message in the error console, (3) a database name in the central columns implementation, (4) a group name, or (5) a search name in the bookmarks implementation.
CVE-2016-2105 8 Apple, Canonical, Debian and 5 more 20 Mac Os X, Ubuntu Linux, Debian Linux and 17 more 2025-04-12 7.5 High
Integer overflow in the EVP_EncodeUpdate function in crypto/evp/encode.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of binary data.
CVE-2016-1935 4 Mozilla, Opensuse, Oracle and 1 more 5 Firefox, Leap, Opensuse and 2 more 2025-04-12 N/A
Buffer overflow in the BufferSubData function in Mozilla Firefox before 44.0 and Firefox ESR 38.x before 38.6 allows remote attackers to execute arbitrary code via crafted WebGL content.
CVE-2015-5218 3 Kernel, Opensuse, Opensuse Project 3 Util-linux, Opensuse, Leap 2025-04-12 N/A
Buffer overflow in text-utils/colcrt.c in colcrt in util-linux before 2.27 allows local users to cause a denial of service (crash) via a crafted file, related to the page global variable.
CVE-2016-2821 5 Canonical, Debian, Mozilla and 2 more 6 Ubuntu Linux, Debian Linux, Firefox and 3 more 2025-04-12 N/A
Use-after-free vulnerability in the mozilla::dom::Element class in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2, when contenteditable mode is enabled, allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) by triggering deletion of DOM elements that were created in the editor.
CVE-2015-7203 3 Fedoraproject, Mozilla, Opensuse 4 Fedora, Firefox, Leap and 1 more 2025-04-12 N/A
Buffer overflow in the DirectWriteFontInfo::LoadFontFamilyData function in gfx/thebes/gfxDWriteFontList.cpp in Mozilla Firefox before 43.0 might allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted font-family name.
CVE-2016-2831 5 Canonical, Debian, Mozilla and 2 more 6 Ubuntu Linux, Debian Linux, Firefox and 3 more 2025-04-12 N/A
Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 do not ensure that the user approves the fullscreen and pointerlock settings, which allows remote attackers to cause a denial of service (UI outage), or conduct clickjacking or spoofing attacks, via a crafted web site.
CVE-2016-5701 2 Opensuse, Phpmyadmin 3 Leap, Opensuse, Phpmyadmin 2025-04-12 N/A
setup/frames/index.inc.php in phpMyAdmin 4.0.10.x before 4.0.10.16, 4.4.15.x before 4.4.15.7, and 4.6.x before 4.6.3 allows remote attackers to conduct BBCode injection attacks against HTTP sessions via a crafted URI.