Vulnerabilities (CVE)

CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2016-1937 2 Mozilla, Opensuse 3 Firefox, Leap, Opensuse 2018-10-30 4.3 MEDIUM 6.1 MEDIUM
The protocol-handler dialog in Mozilla Firefox before 44.0 allows remote attackers to conduct clickjacking attacks via a crafted web site that triggers a single-click action in a situation where a double-click action was intended.
CVE-2016-1939 2 Mozilla, Opensuse 3 Firefox, Leap, Opensuse 2018-10-30 5.0 MEDIUM 5.3 MEDIUM
Mozilla Firefox before 44.0 stores cookies with names containing vertical tab characters, which allows remote attackers to obtain sensitive information by reading HTTP Cookie headers. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-7208.
CVE-2016-3445 1 Oracle 1 Weblogic Server 2018-10-30 5.0 MEDIUM 5.3 MEDIUM
Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0 and 12.1.3.0 allows remote attackers to affect availability via vectors related to Web Container, a different vulnerability than CVE-2016-5488.
CVE-2015-8010 3 Icinga, Opensuse, Opensuse Project 3 Icinga, Leap, Leap 2018-10-30 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting (XSS) vulnerability in the Classic-UI with the CSV export link and pagination feature in Icinga before 1.14 allows remote attackers to inject arbitrary web script or HTML via the query string to cgi-bin/status.cgi.
CVE-2016-1943 3 Google, Mozilla, Opensuse 4 Android, Firefox, Leap and 1 more 2018-10-30 4.3 MEDIUM 4.7 MEDIUM
Mozilla Firefox before 44.0 on Android allows remote attackers to spoof the address bar via the scrollTo method.
CVE-2018-0829 1 Microsoft 7 Windows 10, Windows 7, Windows 8.1 and 4 more 2018-10-30 1.9 LOW 4.7 MEDIUM
The Windows kernel in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to how objects in memory are handled, aka "Windows Information Disclosure Vulnerability". This CVE is unique from CVE-2018-0830 and CVE-2018-0832.
CVE-2017-6820 1 Roundcube 1 Webmail 2018-10-30 4.3 MEDIUM 6.1 MEDIUM
rcube_utils.php in Roundcube before 1.1.8 and 1.2.x before 1.2.4 is susceptible to a cross-site scripting vulnerability via a crafted Cascading Style Sheets (CSS) token sequence within an SVG element.
CVE-2018-0843 1 Microsoft 2 Windows 10, Windows Server 2016 2018-10-30 1.9 LOW 4.7 MEDIUM
The Windows kernel in Windows 10 version 1709 and Windows Server, version 1709 allows an information disclosure vulnerability due to how objects in memory are handled, aka "Windows Kernel Information Disclosure Vulnerability". This CVE is unique from CVE-2018-0742, CVE-2018-0756, CVE-2018-0809 and CVE-2018-0820.
CVE-2018-0830 1 Microsoft 7 Windows 10, Windows 7, Windows 8.1 and 4 more 2018-10-30 1.9 LOW 4.7 MEDIUM
The Windows kernel in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to how objects in memory are handled, aka "Windows Information Disclosure Vulnerability". This CVE is unique from CVE-2018-0829 and CVE-2018-0832.
CVE-2017-5938 4 Debian, Opensuse, Opensuse Project and 1 more 4 Debian Linux, Leap, Leap and 1 more 2018-10-30 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting (XSS) vulnerability in the nav_path function in lib/viewvc.py in ViewVC before 1.0.14 and 1.1.x before 1.1.26 allows remote attackers to inject arbitrary web script or HTML via the nav_data name.
CVE-2016-5317 3 Libtiff, Opensuse, Opensuse Project 3 Libtiff, Opensuse, Leap 2018-10-30 4.3 MEDIUM 6.5 MEDIUM
Buffer overflow in the PixarLogDecode function in libtiff.so in the PixarLogDecode function in libtiff 4.0.6 and earlier, as used in GNOME nautilus, allows attackers to cause a denial of service attack (crash) via a crafted TIFF file.
CVE-2016-2825 3 Canonical, Mozilla, Opensuse 4 Ubuntu Linux, Firefox, Leap and 1 more 2018-10-30 4.3 MEDIUM 6.5 MEDIUM
Mozilla Firefox before 47.0 allows remote attackers to bypass the Same Origin Policy and modify the location.host property via an invalid data: URL.
CVE-2016-2829 3 Canonical, Mozilla, Opensuse 4 Ubuntu Linux, Firefox, Leap and 1 more 2018-10-30 4.3 MEDIUM 6.5 MEDIUM
Mozilla Firefox before 47.0 allows remote attackers to spoof permission notifications via a crafted web site that rapidly triggers permission requests, as demonstrated by the microphone permission or the geolocation permission.
CVE-2016-2822 4 Canonical, Debian, Mozilla and 1 more 6 Ubuntu Linux, Debian Linux, Firefox and 3 more 2018-10-30 4.3 MEDIUM 6.5 MEDIUM
Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allow remote attackers to spoof the address bar via a SELECT element with a persistent menu.
CVE-2015-8792 2 Matroska, Opensuse 3 Libmatroska, Leap, Opensuse 2018-10-30 5.0 MEDIUM 5.3 MEDIUM
The KaxInternalBlock::ReadData function in libMatroska before 1.4.4 allows context-dependent attackers to obtain sensitive information from process heap memory via crafted EBML lacing, which triggers an invalid memory access.
CVE-2015-7976 4 Novell, Ntp, Opensuse and 1 more 10 Suse Openstack Cloud, Ntp, Leap and 7 more 2018-10-30 4.0 MEDIUM 4.3 MEDIUM
The ntpq saveconfig command in NTP 4.1.2, 4.2.x before 4.2.8p6, 4.3, 4.3.25, 4.3.70, and 4.3.77 does not properly filter special characters, which allows attackers to cause unspecified impact via a crafted filename.
CVE-2016-10068 3 Imagemagick, Opensuse, Opensuse Project 3 Imagemagick, Leap, Leap 2018-10-30 4.3 MEDIUM 5.5 MEDIUM
The MSL interpreter in ImageMagick before 6.9.6-4 allows remote attackers to cause a denial of service (segmentation fault and application crash) via a crafted XML file.
CVE-2016-5316 3 Libtiff, Opensuse, Opensuse Project 3 Libtiff, Opensuse, Leap 2018-10-30 4.3 MEDIUM 6.5 MEDIUM
Out-of-bounds read in the PixarLogCleanup function in tif_pixarlog.c in libtiff 4.0.6 and earlier allows remote attackers to crash the application by sending a crafted TIFF image to the rgb2ycbcr tool.
CVE-2016-0787 4 Debian, Fedoraproject, Libssh2 and 1 more 4 Debian Linux, Fedora, Libssh2 and 1 more 2018-10-30 4.3 MEDIUM 5.9 MEDIUM
The diffie_hellman_sha256 function in kex.c in libssh2 before 1.7.0 improperly truncates secrets to 128 or 256 bits, which makes it easier for man-in-the-middle attackers to decrypt or intercept SSH sessions via unspecified vectors, aka a "bits/bytes confusion bug."
CVE-2016-0700 1 Oracle 1 Weblogic Server 2018-10-30 4.3 MEDIUM 6.1 MEDIUM
Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6, 12.1.2, and 12.1.3 allows remote attackers to affect confidentiality and integrity via vectors related to Console, a different vulnerability than CVE-2016-0675.
CVE-2016-0696 1 Oracle 1 Weblogic Server 2018-10-30 6.4 MEDIUM 5.4 MEDIUM
Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6 allows remote attackers to affect confidentiality and integrity via vectors related to Console.
CVE-2016-0675 1 Oracle 1 Weblogic Server 2018-10-30 4.3 MEDIUM 6.1 MEDIUM
Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6, 12.1.2, and 12.1.3 allows remote attackers to affect confidentiality and integrity via vectors related to Console, a different vulnerability than CVE-2016-0700.
CVE-2016-5321 2 Libtiff, Opensuse 2 Libtiff, Opensuse 2018-10-30 4.3 MEDIUM 6.5 MEDIUM
The DumpModeDecode function in libtiff 4.0.6 and earlier allows attackers to cause a denial of service (invalid read and crash) via a crafted tiff image.
CVE-2015-8704 1 Isc 1 Bind 2018-10-30 6.8 MEDIUM 6.5 MEDIUM
apl_42.c in ISC BIND 9.x before 9.9.8-P3, 9.9.x, and 9.10.x before 9.10.3-P3 allows remote authenticated users to cause a denial of service (INSIST assertion failure and daemon exit) via a malformed Address Prefix List (APL) record.
CVE-2015-5231 2 Criu, Opensuse 2 Checkpoint\/restore In Userspace, Opensuse 2018-10-30 2.1 LOW 5.5 MEDIUM
The service daemon in CRIU does not properly restrict access to non-dumpable processes, which allows local users to obtain sensitive information via (1) process dumps or (2) ptrace access.
CVE-2016-2040 3 Fedoraproject, Opensuse, Phpmyadmin 4 Fedora, Leap, Opensuse and 1 more 2018-10-30 3.5 LOW 5.4 MEDIUM
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 allow remote authenticated users to inject arbitrary web script or HTML via a (1) table name, (2) SET value, (3) search query, or (4) hostname in a Location header.
CVE-2016-2039 3 Fedoraproject, Opensuse, Phpmyadmin 4 Fedora, Leap, Opensuse and 1 more 2018-10-30 5.0 MEDIUM 5.3 MEDIUM
libraries/session.inc.php in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 does not properly generate CSRF token values, which allows remote attackers to bypass intended access restrictions by predicting a value.
CVE-2016-2038 3 Fedoraproject, Opensuse, Phpmyadmin 4 Fedora, Leap, Opensuse and 1 more 2018-10-30 5.0 MEDIUM 5.3 MEDIUM
phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted request, which reveals the full path in an error message.
CVE-2016-1956 4 Linux, Mozilla, Novell and 1 more 5 Linux Kernel, Firefox, Suse Package Hub For Suse Linux Enterprise and 2 more 2018-10-30 7.1 HIGH 6.5 MEDIUM
Mozilla Firefox before 45.0 on Linux, when an Intel video driver is used, allows remote attackers to cause a denial of service (memory consumption or stack memory corruption) by triggering use of a WebGL shader.
CVE-2016-3977 2 Giflib Project, Opensuse 2 Giflib, Opensuse 2018-10-30 4.3 MEDIUM 5.5 MEDIUM
Heap-based buffer overflow in util/gif2rgb.c in gif2rgb in giflib 5.1.2 allows remote attackers to cause a denial of service (application crash) via the background color index in a GIF file.
CVE-2016-3992 3 Cronic Project, Debian, Opensuse 4 Cronic, Debian Linux, Leap and 1 more 2018-10-30 4.9 MEDIUM 6.2 MEDIUM
cronic before 3 allows local users to write to arbitrary files via a symlink attack on a (1) cronic.out.$$, (2) cronic.err.$$, or (3) cronic.trace.$$ file in /tmp.
CVE-2016-1955 3 Mozilla, Novell, Opensuse 4 Firefox, Suse Package Hub For Suse Linux Enterprise, Leap and 1 more 2018-10-30 4.3 MEDIUM 4.3 MEDIUM
Mozilla Firefox before 45.0 allows remote attackers to bypass the Same Origin Policy and obtain sensitive information by reading a Content Security Policy (CSP) violation report that contains path information associated with an IFRAME element.
CVE-2016-1670 3 Debian, Google, Opensuse 3 Debian Linux, Chrome, Opensuse 2018-10-30 2.6 LOW 5.3 MEDIUM
Race condition in the ResourceDispatcherHostImpl::BeginRequest function in content/browser/loader/resource_dispatcher_host_impl.cc in Google Chrome before 50.0.2661.102 allows remote attackers to make arbitrary HTTP requests by leveraging access to a renderer process and reusing a request ID.
CVE-2016-1665 3 Google, Opensuse, Redhat 6 Chrome, Opensuse, Enterprise Linux Desktop Supplementary and 3 more 2018-10-30 4.3 MEDIUM 6.5 MEDIUM
The JSGenericLowering class in compiler/js-generic-lowering.cc in Google V8, as used in Google Chrome before 50.0.2661.94, mishandles comparison operators, which allows remote attackers to obtain sensitive information via crafted JavaScript code.
CVE-2016-1626 3 Debian, Google, Opensuse 3 Debian Linux, Chrome, Opensuse 2018-10-30 4.3 MEDIUM 4.3 MEDIUM
The opj_pi_update_decode_poc function in pi.c in OpenJPEG, as used in PDFium in Google Chrome before 48.0.2564.109, miscalculates a certain layer index value, which allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PDF document.
CVE-2016-1625 3 Debian, Google, Opensuse 3 Debian Linux, Chrome, Opensuse 2018-10-30 4.3 MEDIUM 4.3 MEDIUM
The Chrome Instant feature in Google Chrome before 48.0.2564.109 does not ensure that a New Tab Page (NTP) navigation target is on the most-visited or suggestions list, which allows remote attackers to bypass intended restrictions via unspecified vectors, related to instant_service.cc and search_tab_helper.cc.
CVE-2016-6265 2 Artifex, Opensuse 3 Mupdf, Leap, Opensuse 2018-10-30 4.3 MEDIUM 5.5 MEDIUM
Use-after-free vulnerability in the pdf_load_xref function in pdf/pdf-xref.c in MuPDF allows remote attackers to cause a denial of service (crash) via a crafted PDF file.
CVE-2017-0299 1 Microsoft 6 Windows 10, Windows 7, Windows 8.1 and 3 more 2018-10-30 1.9 LOW 5.0 MEDIUM
The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka "Windows Kernel Information Disclosure Vulnerability," a different vulnerability than CVE-2017-8491, CVE-2017-8490, CVE-2017-8489, CVE-2017-8488, CVE-2017-8485, CVE-2017-8483, CVE-2017-8482, CVE-2017-8481, CVE-2017-8480, CVE-2017-8478, CVE-2017-8479, CVE-2017-8476, CVE-2017-8474, CVE-2017-8469, CVE-2017-8462, CVE-2017-0300, and CVE-2017-0297.
CVE-2014-9844 5 Canonical, Imagemagick, Opensuse and 2 more 10 Ubuntu Linux, Imagemagick, Opensuse and 7 more 2018-10-30 4.3 MEDIUM 5.5 MEDIUM
The ReadRLEImage function in coders/rle.c in ImageMagick 6.8.9.9 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted image file.
CVE-2015-5969 2 Opensuse, Suse 6 Leap, Opensuse, Linux Enterprise Desktop and 3 more 2018-10-30 2.1 LOW 6.2 MEDIUM
The mysql-systemd-helper script in the mysql-community-server package before 5.6.28-2.17.1 in openSUSE 13.2 and before 5.6.28-13.1 in openSUSE Leap 42.1 and the mariadb package before 10.0.22-2.21.2 in openSUSE 13.2 and before 10.0.22-3.1 in SUSE Linux Enterprise (SLE) 12.1 and openSUSE Leap 42.1 allows local users to discover database credentials by listing a process and its arguments.
CVE-2016-5731 2 Opensuse, Phpmyadmin 3 Leap, Opensuse, Phpmyadmin 2018-10-30 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting (XSS) vulnerability in examples/openid.php in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allows remote attackers to inject arbitrary web script or HTML via vectors involving an OpenID error message.
CVE-2016-5730 2 Opensuse, Phpmyadmin 3 Leap, Opensuse, Phpmyadmin 2018-10-30 5.0 MEDIUM 5.3 MEDIUM
phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allows remote attackers to obtain sensitive information via vectors involving (1) an array value to FormDisplay.php, (2) incorrect data to validate.php, (3) unexpected data to Validator.php, (4) a missing config directory during setup, or (5) an incorrect OpenID identifier data type, which reveals the full path in an error message.
CVE-2016-5733 2 Opensuse, Phpmyadmin 3 Leap, Opensuse, Phpmyadmin 2018-10-30 4.3 MEDIUM 6.1 MEDIUM
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) a crafted table name that is mishandled during privilege checking in table_row.phtml, (2) a crafted mysqld log_bin directive that is mishandled in log_selector.phtml, (3) the Transformation implementation, (4) AJAX error handling in js/ajax.js, (5) the Designer implementation, (6) the charts implementation in js/tbl_chart.js, or (7) the zoom-search implementation in rows_zoom.phtml.
CVE-2014-9845 5 Canonical, Imagemagick, Opensuse and 2 more 11 Ubuntu Linux, Imagemagick, Leap and 8 more 2018-10-30 4.3 MEDIUM 5.5 MEDIUM
The ReadDIBImage function in coders/dib.c in ImageMagick allows remote attackers to cause a denial of service (crash) via a corrupted dib file.
CVE-2014-9853 6 Canonical, Imagemagick, Novell and 3 more 11 Ubuntu Linux, Imagemagick, Leap and 8 more 2018-10-30 4.3 MEDIUM 5.5 MEDIUM
Memory leak in coders/rle.c in ImageMagick allows remote attackers to cause a denial of service (memory consumption) via a crafted rle file.
CVE-2016-6207 3 Debian, Libgd, Opensuse 3 Debian Linux, Libgd, Leap 2018-10-30 4.3 MEDIUM 6.5 MEDIUM
Integer overflow in the _gdContributionsAlloc function in gd_interpolation.c in GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds memory write or memory consumption) via unspecified vectors.
CVE-2016-1688 6 Canonical, Debian, Google and 3 more 10 Ubuntu Linux, Debian Linux, Chrome and 7 more 2018-10-30 4.3 MEDIUM 6.5 MEDIUM
The regexp (aka regular expression) implementation in Google V8 before 5.0.71.40, as used in Google Chrome before 51.0.2704.63, mishandles external string sizes, which allows remote attackers to cause a denial of service (out-of-bounds read) via crafted JavaScript code.
CVE-2016-6214 3 Debian, Libgd, Opensuse 3 Debian Linux, Libgd, Leap 2018-10-30 4.3 MEDIUM 6.5 MEDIUM
gd_tga.c in the GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA file.
CVE-2016-6225 3 Fedoraproject, Opensuse, Percona 3 Fedora, Leap, Xtrabackup 2018-10-30 4.3 MEDIUM 5.9 MEDIUM
xbcrypt in Percona XtraBackup before 2.3.6 and 2.4.x before 2.4.5 does not properly set the initialization vector (IV) for encryption, which makes it easier for context-dependent attackers to obtain sensitive information from encrypted backup files via a Chosen-Plaintext attack. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-6394.
CVE-2016-5098 2 Opensuse, Phpmyadmin 2 Opensuse, Phpmyadmin 2018-10-30 5.0 MEDIUM 5.3 MEDIUM
Directory traversal vulnerability in libraries/error_report.lib.php in phpMyAdmin before 4.6.2-prerelease allows remote attackers to determine the existence of arbitrary files by triggering an error.