Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Leap
(Opensuse)| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2016-02-20 | CVE-2016-2043 | Cross-site scripting (XSS) vulnerability in the goToFinish1NF function in js/normalization.js in phpMyAdmin 4.4.x before 4.4.15.3 and 4.5.x before 4.5.4 allows remote authenticated users to inject arbitrary web script or HTML via a table name to the normalization page. | Fedora, Leap, Opensuse, Phpmyadmin | 5.4 | ||
| 2016-02-20 | CVE-2016-2042 | phpMyAdmin 4.4.x before 4.4.15.3 and 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted request to (1) libraries/phpseclib/Crypt/AES.php or (2) libraries/phpseclib/Crypt/Rijndael.php, which reveals the full path in an error message. | Fedora, Leap, Opensuse, Phpmyadmin | 5.3 | ||
| 2016-02-20 | CVE-2016-2041 | libraries/common.inc.php in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 does not use a constant-time algorithm for comparing CSRF tokens, which makes it easier for remote attackers to bypass intended access restrictions by measuring time differences. | Fedora, Leap, Opensuse, Phpmyadmin | 7.5 | ||
| 2016-02-20 | CVE-2016-2040 | Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 allow remote authenticated users to inject arbitrary web script or HTML via a (1) table name, (2) SET value, (3) search query, or (4) hostname in a Location header. | Fedora, Leap, Opensuse, Phpmyadmin | 5.4 | ||
| 2016-02-20 | CVE-2016-2039 | libraries/session.inc.php in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 does not properly generate CSRF token values, which allows remote attackers to bypass intended access restrictions by predicting a value. | Fedora, Leap, Opensuse, Phpmyadmin | 5.3 | ||
| 2016-02-20 | CVE-2016-2038 | phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted request, which reveals the full path in an error message. | Fedora, Leap, Opensuse, Phpmyadmin | 5.3 | ||
| 2016-03-13 | CVE-2016-1956 | Mozilla Firefox before 45.0 on Linux, when an Intel video driver is used, allows remote attackers to cause a denial of service (memory consumption or stack memory corruption) by triggering use of a WebGL shader. | Firefox, Suse_package_hub_for_suse_linux_enterprise, Leap, Opensuse | 6.5 | ||
| 2016-03-13 | CVE-2016-1955 | Mozilla Firefox before 45.0 allows remote attackers to bypass the Same Origin Policy and obtain sensitive information by reading a Content Security Policy (CSP) violation report that contains path information associated with an IFRAME element. | Firefox, Suse_package_hub_for_suse_linux_enterprise, Leap, Opensuse | 4.3 | ||
| 2016-01-31 | CVE-2016-1947 | Mozilla Firefox 43.x mishandles attempts to connect to the Application Reputation service, which makes it easier for remote attackers to trigger an unintended download by leveraging the absence of reputation data. | Ubuntu_linux, Firefox, Leap, Opensuse | 4.7 | ||
| 2016-01-31 | CVE-2016-1946 | The MoofParser::Metadata function in binding/MoofParser.cpp in libstagefright in Mozilla Firefox before 44.0 does not limit the size of read operations, which might allow remote attackers to cause a denial of service (integer overflow and buffer overflow) or possibly have unspecified other impact via crafted metadata. | Firefox, Leap, Opensuse | 9.8 |