Leap

leap

Vendor: Opensuse • 1,898 CVEs

CVEs (1,898)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2016-5706 2Opensuse Phpmyadmin 3Leap OpensusePhpmyadmin May 6, 2026 Jul 3, 2016 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 js/get_scripts.js.php in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allows remote attackers to cause a denial of service via a large array in the scripts parameter.
CVE-2016-5705 2Opensuse Phpmyadmin 3Leap OpensusePhpmyadmin May 6, 2026 Jul 3, 2016 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.4.x before 4.4.15.7 and 4.6.x before 4.6.3 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) server-privileges cer...Show more Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.4.x before 4.4.15.7 and 4.6.x before 4.6.3 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) server-privileges certificate data fields on the user privileges page, (2) an "invalid JSON" error message in the error console, (3) a database name in the central columns implementation, (4) a group name, or (5) a search name in the bookmarks implementation.Show less
CVE-2016-5703 2Opensuse Phpmyadmin 3Leap OpensusePhpmyadmin May 6, 2026 Jul 3, 2016 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 SQL injection vulnerability in libraries/central_columns.lib.php in phpMyAdmin 4.4.x before 4.4.15.7 and 4.6.x before 4.6.3 allows remote attackers to execute arbitrary SQL commands via a crafted database name that is mi...Show more SQL injection vulnerability in libraries/central_columns.lib.php in phpMyAdmin 4.4.x before 4.4.15.7 and 4.6.x before 4.6.3 allows remote attackers to execute arbitrary SQL commands via a crafted database name that is mishandled in a central column query.Show less
CVE-2016-5701 2Opensuse Phpmyadmin 3Leap OpensusePhpmyadmin May 6, 2026 Jul 3, 2016 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 setup/frames/index.inc.php in phpMyAdmin 4.0.10.x before 4.0.10.16, 4.4.15.x before 4.4.15.7, and 4.6.x before 4.6.3 allows remote attackers to conduct BBCode injection attacks against HTTP sessions via a crafted URI.
CVE-2016-5301 2Arvidn Opensuse 3Leap LibtorrentOpensuse May 6, 2026 Jun 30, 2016 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 The parse_chunk_header function in libtorrent before 1.1.1 allows remote attackers to cause a denial of service (crash) via a crafted (1) HTTP response or possibly a (2) UPnP broadcast.
CVE-2016-3062 4Debian FfmpegLibav+1 more 4Debian Linux FfmpegLeap+1 more May 6, 2026 Jun 16, 2016 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 The mov_read_dref function in libavformat/mov.c in Libav before 11.7 and FFmpeg before 0.11 allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via the entries value in a dr...Show more The mov_read_dref function in libavformat/mov.c in Libav before 11.7 and FFmpeg before 0.11 allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via the entries value in a dref box in an MP4 file.Show less
CVE-2016-4579 3Canonical GnupgOpensuse 3Leap LibksbaUbuntu Linux May 6, 2026 Jun 13, 2016 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Libksba before 1.3.4 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via unspecified vectors, related to the "returned length of the object from _ksba_ber_parse_tl."
CVE-2016-4574 3Canonical GnupgOpensuse 4Leap LibksbaOpensuse+1 more May 6, 2026 Jun 13, 2016 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Off-by-one error in the append_utf8_value function in the DN decoder (dn.c) in Libksba before 1.3.4 allows remote attackers to cause a denial of service (out-of-bounds read) via invalid utf-8 encoded data. NOTE: this vul...Show more Off-by-one error in the append_utf8_value function in the DN decoder (dn.c) in Libksba before 1.3.4 allows remote attackers to cause a denial of service (out-of-bounds read) via invalid utf-8 encoded data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-4356.Show less
CVE-2016-4478 3Atheme DebianOpensuse 4Atheme Debian LinuxLeap+1 more May 6, 2026 Jun 13, 2016 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Buffer overflow in the xmlrpc_char_encode function in modules/transport/xmlrpc/xmlrpclib.c in Atheme before 7.2.7 allows remote attackers to cause a denial of service via vectors related to XMLRPC response encoding.
CVE-2016-4414 3Fedoraproject OpensuseQuassel Irc 4Fedora LeapOpensuse+1 more May 6, 2026 Jun 13, 2016 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 The onReadyRead function in core/coreauthhandler.cpp in Quassel before 0.12.4 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via invalid handshake data.
CVE-2014-9773 2Atheme Opensuse 3Atheme LeapOpensuse May 6, 2026 Jun 13, 2016 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 modules/chanserv/flags.c in Atheme before 7.2.7 allows remote attackers to modify the Anope FLAGS behavior by registering and dropping the (1) LIST, (2) CLEAR, or (3) MODIFY keyword nicks.
CVE-2016-5104 3Canonical LibimobiledeviceOpensuse 5Leap LibimobiledeviceLibusbmuxd+2 more May 6, 2026 Jun 13, 2016 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 The socket_create function in common/socket.c in libimobiledevice and libusbmuxd allows remote attackers to bypass intended access restrictions and communicate with services on iOS devices by connecting to an IPv4 TCP so...Show more The socket_create function in common/socket.c in libimobiledevice and libusbmuxd allows remote attackers to bypass intended access restrictions and communicate with services on iOS devices by connecting to an IPv4 TCP socket.Show less
CVE-2016-2834 4Canonical MozillaNovell+1 more 8Firefox LeapNetwork Security Services+5 more May 6, 2026 Jun 13, 2016 N/A· v4 8.8 HIGH· v3 9.3 HIGH· v2 Mozilla Network Security Services (NSS) before 3.23, as used in Mozilla Firefox before 47.0, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified oth...Show more Mozilla Network Security Services (NSS) before 3.23, as used in Mozilla Firefox before 47.0, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors.Show less
CVE-2016-2833 3Canonical MozillaOpensuse 4Firefox LeapOpensuse+1 more May 6, 2026 Jun 13, 2016 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 Mozilla Firefox before 47.0 ignores Content Security Policy (CSP) directives for cross-domain Java applets, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted applet.
CVE-2016-2832 3Canonical MozillaOpensuse 4Firefox LeapOpensuse+1 more May 6, 2026 Jun 13, 2016 N/A· v4 4.3 MEDIUM· v3 4.3 MEDIUM· v2 Mozilla Firefox before 47.0 allows remote attackers to discover the list of disabled plugins via a fingerprinting attack involving Cascading Style Sheets (CSS) pseudo-classes.
CVE-2016-2831 4Canonical DebianMozilla+1 more 5Debian Linux FirefoxLeap+2 more May 6, 2026 Jun 13, 2016 N/A· v4 8.8 HIGH· v3 5.8 MEDIUM· v2 Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 do not ensure that the user approves the fullscreen and pointerlock settings, which allows remote attackers to cause a denial of service (UI outage), or conduc...Show more Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 do not ensure that the user approves the fullscreen and pointerlock settings, which allows remote attackers to cause a denial of service (UI outage), or conduct clickjacking or spoofing attacks, via a crafted web site.Show less
CVE-2016-2829 3Canonical MozillaOpensuse 4Firefox LeapOpensuse+1 more May 6, 2026 Jun 13, 2016 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 Mozilla Firefox before 47.0 allows remote attackers to spoof permission notifications via a crafted web site that rapidly triggers permission requests, as demonstrated by the microphone permission or the geolocation perm...Show more Mozilla Firefox before 47.0 allows remote attackers to spoof permission notifications via a crafted web site that rapidly triggers permission requests, as demonstrated by the microphone permission or the geolocation permission.Show less
CVE-2016-2828 4Canonical DebianMozilla+1 more 5Debian Linux FirefoxLeap+2 more May 6, 2026 Jun 13, 2016 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Use-after-free vulnerability in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allows remote attackers to execute arbitrary code via WebGL content that triggers texture access after destruction of the textu...Show more Use-after-free vulnerability in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allows remote attackers to execute arbitrary code via WebGL content that triggers texture access after destruction of the texture's recycle pool.Show less
CVE-2016-2825 3Canonical MozillaOpensuse 4Firefox LeapOpensuse+1 more May 6, 2026 Jun 13, 2016 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 Mozilla Firefox before 47.0 allows remote attackers to bypass the Same Origin Policy and modify the location.host property via an invalid data: URL.
CVE-2016-2824 2Mozilla Opensuse 3Firefox LeapOpensuse May 6, 2026 Jun 13, 2016 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 The TSymbolTableLevel class in ANGLE, as used in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 on Windows, allows remote attackers to cause a denial of service (out-of-bounds write and application crash) o...Show more The TSymbolTableLevel class in ANGLE, as used in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 on Windows, allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact by triggering use of a WebGL shader that writes to an array.Show less

Previous 1...818283...95 Next