Opensuse

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2016-6161 3Debian LibgdOpensuse 3Debian Linux LeapLibgd May 6, 2026 Aug 12, 2016 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 The output function in gd_gif_out.c in the GD Graphics Library (aka libgd) allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted image.
CVE-2016-6132 3Debian LibgdOpensuse 3Debian Linux LeapLibgd May 6, 2026 Aug 12, 2016 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 The gdImageCreateFromTgaCtx function in the GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA file.
CVE-2016-5421 5Canonical DebianFedoraproject+2 more 6Debian Linux FedoraLeap+3 more May 6, 2026 Aug 10, 2016 N/A· v4 8.1 HIGH· v3 6.8 MEDIUM· v2 Use-after-free vulnerability in libcurl before 7.50.1 allows attackers to control which connection is used or possibly have unspecified other impact via unknown vectors.
CVE-2016-5420 3Debian HaxxOpensuse 3Debian Linux LeapLibcurl May 6, 2026 Aug 10, 2016 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 curl and libcurl before 7.50.1 do not check the client certificate when choosing the TLS connection to reuse, which might allow remote attackers to hijack the authentication of the connection by leveraging a previously c...Show more curl and libcurl before 7.50.1 do not check the client certificate when choosing the TLS connection to reuse, which might allow remote attackers to hijack the authentication of the connection by leveraging a previously created connection with a different client certificate.Show less
CVE-2016-5419 3Debian HaxxOpensuse 3Debian Linux LeapLibcurl May 6, 2026 Aug 10, 2016 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 curl and libcurl before 7.50.1 do not prevent TLS session resumption when the client certificate has changed, which allows remote attackers to bypass intended restrictions by resuming a session.
CVE-2016-6128 4Canonical DebianLibgd+1 more 4Debian Linux LeapLibgd+1 more May 6, 2026 Aug 7, 2016 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 The gdImageCropThreshold function in gd_crop.c in the GD Graphics Library (aka libgd) before 2.2.3, as used in PHP before 7.0.9, allows remote attackers to cause a denial of service (application crash) via an invalid col...Show more The gdImageCropThreshold function in gd_crop.c in the GD Graphics Library (aka libgd) before 2.2.3, as used in PHP before 7.0.9, allows remote attackers to cause a denial of service (application crash) via an invalid color index.Show less
CVE-2016-5772 4Debian OpensusePhp+1 more 7Debian Linux LeapLinux Enterprise Debuginfo+4 more May 6, 2026 Aug 7, 2016 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Double free vulnerability in the php_wddx_process_data function in wddx.c in the WDDX extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allows remote attackers to cause a denial of service (applic...Show more Double free vulnerability in the php_wddx_process_data function in wddx.c in the WDDX extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted XML data that is mishandled in a wddx_deserialize call.Show less
CVE-2016-5771 3Debian OpensusePhp 4Debian Linux LeapOpensuse+1 more May 6, 2026 Aug 7, 2016 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 spl_array.c in the SPL extension in PHP before 5.5.37 and 5.6.x before 5.6.23 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to execute arbitrary code or ca...Show more spl_array.c in the SPL extension in PHP before 5.5.37 and 5.6.x before 5.6.23 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and application crash) via crafted serialized data.Show less
CVE-2016-5770 3Debian OpensusePhp 4Debian Linux LeapOpensuse+1 more May 6, 2026 Aug 7, 2016 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Integer overflow in the SplFileObject::fread function in spl_directory.c in the SPL extension in PHP before 5.5.37 and 5.6.x before 5.6.23 allows remote attackers to cause a denial of service or possibly have unspecified...Show more Integer overflow in the SplFileObject::fread function in spl_directory.c in the SPL extension in PHP before 5.5.37 and 5.6.x before 5.6.23 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large integer argument, a related issue to CVE-2016-5096.Show less
CVE-2016-5116 3Debian LibgdOpensuse 3Debian Linux LeapLibgd May 6, 2026 Aug 7, 2016 N/A· v4 9.1 CRITICAL· v3 6.4 MEDIUM· v2 gd_xbm.c in the GD Graphics Library (aka libgd) before 2.2.0, as used in certain custom PHP 5.5.x configurations, allows context-dependent attackers to obtain sensitive information from process memory or cause a denial o...Show more gd_xbm.c in the GD Graphics Library (aka libgd) before 2.2.0, as used in certain custom PHP 5.5.x configurations, allows context-dependent attackers to obtain sensitive information from process memory or cause a denial of service (stack-based buffer under-read and application crash) via a long name.Show less
CVE-2016-1238 5Apache DebianFedoraproject+2 more 5Debian Linux FedoraLeap+2 more May 6, 2026 Aug 2, 2016 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 (1) cpan/Archive-Tar/bin/ptar, (2) cpan/Archive-Tar/bin/ptardiff, (3) cpan/Archive-Tar/bin/ptargrep, (4) cpan/CPAN/scripts/cpan, (5) cpan/Digest-SHA/shasum, (6) cpan/Encode/bin/enc2xs, (7) cpan/Encode/bin/encguess, (8) c...Show more (1) cpan/Archive-Tar/bin/ptar, (2) cpan/Archive-Tar/bin/ptardiff, (3) cpan/Archive-Tar/bin/ptargrep, (4) cpan/CPAN/scripts/cpan, (5) cpan/Digest-SHA/shasum, (6) cpan/Encode/bin/enc2xs, (7) cpan/Encode/bin/encguess, (8) cpan/Encode/bin/piconv, (9) cpan/Encode/bin/ucmlint, (10) cpan/Encode/bin/unidump, (11) cpan/ExtUtils-MakeMaker/bin/instmodsh, (12) cpan/IO-Compress/bin/zipdetails, (13) cpan/JSON-PP/bin/json_pp, (14) cpan/Test-Harness/bin/prove, (15) dist/ExtUtils-ParseXS/lib/ExtUtils/xsubpp, (16) dist/Module-CoreList/corelist, (17) ext/Pod-Html/bin/pod2html, (18) utils/c2ph.PL, (19) utils/h2ph.PL, (20) utils/h2xs.PL, (21) utils/libnetcfg.PL, (22) utils/perlbug.PL, (23) utils/perldoc.PL, (24) utils/perlivp.PL, and (25) utils/splain.PL in Perl 5.x before 5.22.3-RC2 and 5.24 before 5.24.1-RC2 do not properly remove . (period) characters from the end of the includes directory array, which might allow local users to gain privileges via a Trojan horse module under the current working directory.Show less
CVE-2016-3992 3Cronic Project DebianOpensuse 4Cronic Debian LinuxLeap+1 more May 6, 2026 Jul 26, 2016 N/A· v4 6.2 MEDIUM· v3 4.9 MEDIUM· v2 cronic before 3 allows local users to write to arbitrary files via a symlink attack on a (1) cronic.out.$$, (2) cronic.err.$$, or (3) cronic.trace.$$ file in /tmp.
CVE-2016-5131 8Apple CanonicalDebian+5 more 14Chrome Debian LinuxEnterprise Linux Desktop+11 more May 6, 2026 Jul 23, 2016 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to t...Show more Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function.Show less
CVE-2016-5387 8Apache CanonicalDebian+5 more 20Communications User Data Repository Debian LinuxEnterprise Linux Desktop+17 more May 6, 2026 Jul 19, 2016 N/A· v4 8.1 HIGH· v3 6.8 MEDIUM· v2 The Apache HTTP Server through 2.4.23 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remot...Show more The Apache HTTP Server through 2.4.23 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue. NOTE: the vendor states "This mitigation has been assigned the identifier CVE-2016-5387"; in other words, this is not a CVE ID for a vulnerability.Show less
CVE-2016-5385 8Debian DrupalFedoraproject+5 more 13Communications User Data Repository Debian LinuxDrupal+10 more May 6, 2026 Jul 19, 2016 N/A· v4 8.1 HIGH· v3 5.1 MEDIUM· v2 PHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, whi...Show more PHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, as demonstrated by (1) an application that makes a getenv('HTTP_PROXY') call or (2) a CGI configuration of PHP, aka an "httpoxy" issue.Show less
CVE-2016-3100 2Kde Opensuse 3Kde Frameworks LeapOpensuse May 6, 2026 Jul 13, 2016 N/A· v4 8.4 HIGH· v3 2.1 LOW· v2 kinit in KDE Frameworks before 5.23.0 uses weak permissions (644) for /tmp/xauth-xxx-_y, which allows local users to obtain X11 cookies of other users and consequently capture keystrokes and possibly gain privileges by r...Show more kinit in KDE Frameworks before 5.23.0 uses weak permissions (644) for /tmp/xauth-xxx-_y, which allows local users to obtain X11 cookies of other users and consequently capture keystrokes and possibly gain privileges by reading the file.Show less
CVE-2016-5099 2Opensuse Phpmyadmin 2Opensuse Phpmyadmin May 6, 2026 Jul 5, 2016 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 Cross-site scripting (XSS) vulnerability in phpMyAdmin 4.4.x before 4.4.15.6 and 4.6.x before 4.6.2 allows remote attackers to inject arbitrary web script or HTML via special characters that are mishandled during double...Show more Cross-site scripting (XSS) vulnerability in phpMyAdmin 4.4.x before 4.4.15.6 and 4.6.x before 4.6.2 allows remote attackers to inject arbitrary web script or HTML via special characters that are mishandled during double URL decoding.Show less
CVE-2016-5098 2Opensuse Phpmyadmin 2Opensuse Phpmyadmin May 6, 2026 Jul 5, 2016 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 Directory traversal vulnerability in libraries/error_report.lib.php in phpMyAdmin before 4.6.2-prerelease allows remote attackers to determine the existence of arbitrary files by triggering an error.
CVE-2016-5097 2Opensuse Phpmyadmin 2Opensuse Phpmyadmin May 6, 2026 Jul 5, 2016 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 phpMyAdmin before 4.6.2 places tokens in query strings and does not arrange for them to be stripped before external navigation, which allows remote attackers to obtain sensitive information by reading (1) HTTP requests o...Show more phpMyAdmin before 4.6.2 places tokens in query strings and does not arrange for them to be stripped before external navigation, which allows remote attackers to obtain sensitive information by reading (1) HTTP requests or (2) server logs.Show less
CVE-2016-4957 5Novell NtpOpensuse+2 more 9Leap Linux Enterprise DesktopLinux Enterprise Server+6 more May 6, 2026 Jul 5, 2016 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 ntpd in NTP before 4.2.8p8 allows remote attackers to cause a denial of service (daemon crash) via a crypto-NAK packet. NOTE: this vulnerability exists because of an incorrect fix for CVE-2016-1547.

Previous 1...929394...164 Next