Opensuse

opensuse

Vendor: Opensuse • 1,454 CVEs

CVEs (1,454)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2016-4956 6Novell NtpOpensuse+3 more 10Leap Linux Enterprise DesktopLinux Enterprise Server+7 more May 6, 2026 Jul 5, 2016 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (interleaved-mode transition and time change) via a spoofed broadcast packet. NOTE: this vulnerability exists because of an incomplete...Show more ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (interleaved-mode transition and time change) via a spoofed broadcast packet. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-1548.Show less
CVE-2016-4955 6Novell NtpOpensuse+3 more 10Leap Linux Enterprise DesktopLinux Enterprise Server+7 more May 6, 2026 Jul 5, 2016 N/A· v4 5.9 MEDIUM· v3 4.3 MEDIUM· v2 ntpd in NTP 4.x before 4.2.8p8, when autokey is enabled, allows remote attackers to cause a denial of service (peer-variable clearing and association outage) by sending (1) a spoofed crypto-NAK packet or (2) a packet wit...Show more ntpd in NTP 4.x before 4.2.8p8, when autokey is enabled, allows remote attackers to cause a denial of service (peer-variable clearing and association outage) by sending (1) a spoofed crypto-NAK packet or (2) a packet with an incorrect MAC value at a certain time.Show less
CVE-2016-4954 5Ntp OpensuseOracle+2 more 12Leap Linux Enterprise DesktopLinux Enterprise Server+9 more May 6, 2026 Jul 5, 2016 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 The process_packet function in ntp_proto.c in ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (peer-variable modification) by sending spoofed packets from many source IP addresses in a...Show more The process_packet function in ntp_proto.c in ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (peer-variable modification) by sending spoofed packets from many source IP addresses in a certain scenario, as demonstrated by triggering an incorrect leap indication.Show less
CVE-2016-4953 5Ntp OpensuseOracle+2 more 12Leap Linux Enterprise DesktopLinux Enterprise Server+9 more May 6, 2026 Jul 5, 2016 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (ephemeral-association demobilization) by sending a spoofed crypto-NAK packet with incorrect authentication data at a certain time.
CVE-2016-1704 5Canonical GoogleNovell+2 more 8Chrome Enterprise Linux DesktopEnterprise Linux Server+5 more May 6, 2026 Jul 3, 2016 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Multiple unspecified vulnerabilities in Google Chrome before 51.0.2704.103 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
CVE-2016-5739 2Opensuse Phpmyadmin 3Leap OpensusePhpmyadmin May 6, 2026 Jul 3, 2016 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 The Transformation implementation in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 does not use the no-referrer Content Security Policy (CSP) protection mechanism, which makes it easier...Show more The Transformation implementation in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 does not use the no-referrer Content Security Policy (CSP) protection mechanism, which makes it easier for remote attackers to conduct CSRF attacks by reading an authentication token in a Referer header, related to libraries/Header.php.Show less
CVE-2016-5733 2Opensuse Phpmyadmin 3Leap OpensusePhpmyadmin May 6, 2026 Jul 3, 2016 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allow remote attackers to inject arbitrary web script or HTML via vectors involving...Show more Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) a crafted table name that is mishandled during privilege checking in table_row.phtml, (2) a crafted mysqld log_bin directive that is mishandled in log_selector.phtml, (3) the Transformation implementation, (4) AJAX error handling in js/ajax.js, (5) the Designer implementation, (6) the charts implementation in js/tbl_chart.js, or (7) the zoom-search implementation in rows_zoom.phtml.Show less
CVE-2016-5731 2Opensuse Phpmyadmin 3Leap OpensusePhpmyadmin May 6, 2026 Jul 3, 2016 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 Cross-site scripting (XSS) vulnerability in examples/openid.php in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allows remote attackers to inject arbitrary web script or HTML via vecto...Show more Cross-site scripting (XSS) vulnerability in examples/openid.php in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allows remote attackers to inject arbitrary web script or HTML via vectors involving an OpenID error message.Show less
CVE-2016-5730 2Opensuse Phpmyadmin 3Leap OpensusePhpmyadmin May 6, 2026 Jul 3, 2016 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allows remote attackers to obtain sensitive information via vectors involving (1) an array value to FormDisplay.php, (2) incorrect data to...Show more phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allows remote attackers to obtain sensitive information via vectors involving (1) an array value to FormDisplay.php, (2) incorrect data to validate.php, (3) unexpected data to Validator.php, (4) a missing config directory during setup, or (5) an incorrect OpenID identifier data type, which reveals the full path in an error message.Show less
CVE-2016-5706 2Opensuse Phpmyadmin 3Leap OpensusePhpmyadmin May 6, 2026 Jul 3, 2016 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 js/get_scripts.js.php in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allows remote attackers to cause a denial of service via a large array in the scripts parameter.
CVE-2016-5705 2Opensuse Phpmyadmin 3Leap OpensusePhpmyadmin May 6, 2026 Jul 3, 2016 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.4.x before 4.4.15.7 and 4.6.x before 4.6.3 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) server-privileges cer...Show more Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.4.x before 4.4.15.7 and 4.6.x before 4.6.3 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) server-privileges certificate data fields on the user privileges page, (2) an "invalid JSON" error message in the error console, (3) a database name in the central columns implementation, (4) a group name, or (5) a search name in the bookmarks implementation.Show less
CVE-2016-5703 2Opensuse Phpmyadmin 3Leap OpensusePhpmyadmin May 6, 2026 Jul 3, 2016 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 SQL injection vulnerability in libraries/central_columns.lib.php in phpMyAdmin 4.4.x before 4.4.15.7 and 4.6.x before 4.6.3 allows remote attackers to execute arbitrary SQL commands via a crafted database name that is mi...Show more SQL injection vulnerability in libraries/central_columns.lib.php in phpMyAdmin 4.4.x before 4.4.15.7 and 4.6.x before 4.6.3 allows remote attackers to execute arbitrary SQL commands via a crafted database name that is mishandled in a central column query.Show less
CVE-2016-5701 2Opensuse Phpmyadmin 3Leap OpensusePhpmyadmin May 6, 2026 Jul 3, 2016 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 setup/frames/index.inc.php in phpMyAdmin 4.0.10.x before 4.0.10.16, 4.4.15.x before 4.4.15.7, and 4.6.x before 4.6.3 allows remote attackers to conduct BBCode injection attacks against HTTP sessions via a crafted URI.
CVE-2016-5301 2Arvidn Opensuse 3Leap LibtorrentOpensuse May 6, 2026 Jun 30, 2016 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 The parse_chunk_header function in libtorrent before 1.1.1 allows remote attackers to cause a denial of service (crash) via a crafted (1) HTTP response or possibly a (2) UPnP broadcast.
CVE-2016-4171 4Adobe OpensuseRedhat+1 more 7Enterprise Linux Desktop Enterprise Linux ServerEnterprise Linux Workstation+4 more Apr 21, 2026 Jun 16, 2016 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier allows remote attackers to execute arbitrary code via unknown vectors, as exploited in the wild in June 2016.
CVE-2016-4156 4Adobe OpensuseRedhat+1 more 8Enterprise Linux Desktop Enterprise Linux ServerEnterprise Linux Workstation+5 more May 6, 2026 Jun 16, 2016 N/A· v4 8.8 HIGH· v3 9.3 HIGH· v2 Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different...Show more Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.Show less
CVE-2016-4155 4Adobe OpensuseRedhat+1 more 8Enterprise Linux Desktop Enterprise Linux ServerEnterprise Linux Workstation+5 more May 6, 2026 Jun 16, 2016 N/A· v4 8.8 HIGH· v3 9.3 HIGH· v2 Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different...Show more Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.Show less
CVE-2016-4154 4Adobe OpensuseRedhat+1 more 8Enterprise Linux Desktop Enterprise Linux ServerEnterprise Linux Workstation+5 more May 6, 2026 Jun 16, 2016 N/A· v4 8.8 HIGH· v3 9.3 HIGH· v2 Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different...Show more Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.Show less
CVE-2016-4153 4Adobe OpensuseRedhat+1 more 8Enterprise Linux Desktop Enterprise Linux ServerEnterprise Linux Workstation+5 more May 6, 2026 Jun 16, 2016 N/A· v4 8.8 HIGH· v3 9.3 HIGH· v2 Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different...Show more Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.Show less
CVE-2016-4152 4Adobe OpensuseRedhat+1 more 8Enterprise Linux Desktop Enterprise Linux ServerEnterprise Linux Workstation+5 more May 6, 2026 Jun 16, 2016 N/A· v4 8.8 HIGH· v3 9.3 HIGH· v2 Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different...Show more Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.Show less

Previous 1...678...73 Next