Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Opensuse
(Opensuse)| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2017-02-06 | CVE-2016-7448 | The Utah RLE reader in GraphicsMagick before 1.3.25 allows remote attackers to cause a denial of service (CPU consumption or large memory allocations) via vectors involving the header information and the file size. | Debian_linux, Graphicsmagick, Leap, Opensuse | 7.5 | ||
| 2017-02-06 | CVE-2016-7447 | Heap-based buffer overflow in the EscapeParenthesis function in GraphicsMagick before 1.3.25 allows remote attackers to have unspecified impact via unknown vectors. | Debian_linux, Graphicsmagick, Leap, Opensuse | 9.8 | ||
| 2017-02-06 | CVE-2016-7446 | Buffer overflow in the MVG and SVG rendering code in GraphicsMagick 1.3.24 allows remote attackers to have unspecified impact via unknown vectors. Note: This vulnerability exists due to an incomplete patch for CVE-2016-2317. | Debian_linux, Graphicsmagick, Leap, Opensuse | 9.8 | ||
| 2016-10-03 | CVE-2016-6905 | The read_image_tga function in gd_tga.c in the GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA image. | Libgd, Leap, Opensuse | 6.5 | ||
| 2016-09-26 | CVE-2016-6172 | PowerDNS (aka pdns) Authoritative Server before 4.0.1 allows remote primary DNS servers to cause a denial of service (memory exhaustion and secondary DNS server crash) via a large (1) AXFR or (2) IXFR response. | Leap, Opensuse, Authoritative_server | 6.8 | ||
| 2016-07-02 | CVE-2016-5739 | The Transformation implementation in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 does not use the no-referrer Content Security Policy (CSP) protection mechanism, which makes it easier for remote attackers to conduct CSRF attacks by reading an authentication token in a Referer header, related to libraries/Header.php. | Leap, Opensuse, Phpmyadmin | 7.5 | ||
| 2016-07-02 | CVE-2016-5733 | Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) a crafted table name that is mishandled during privilege checking in table_row.phtml, (2) a crafted mysqld log_bin directive that is mishandled in log_selector.phtml, (3) the Transformation implementation, (4) AJAX error handling in js/ajax.js, (5) the Designer... | Leap, Opensuse, Phpmyadmin | 6.1 | ||
| 2016-07-02 | CVE-2016-5731 | Cross-site scripting (XSS) vulnerability in examples/openid.php in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allows remote attackers to inject arbitrary web script or HTML via vectors involving an OpenID error message. | Leap, Opensuse, Phpmyadmin | 6.1 | ||
| 2016-07-02 | CVE-2016-5730 | phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allows remote attackers to obtain sensitive information via vectors involving (1) an array value to FormDisplay.php, (2) incorrect data to validate.php, (3) unexpected data to Validator.php, (4) a missing config directory during setup, or (5) an incorrect OpenID identifier data type, which reveals the full path in an error message. | Leap, Opensuse, Phpmyadmin | 5.3 | ||
| 2016-07-02 | CVE-2016-5706 | js/get_scripts.js.php in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allows remote attackers to cause a denial of service via a large array in the scripts parameter. | Leap, Opensuse, Phpmyadmin | 7.5 |