Vulnerabilities > Opensuse > Leap > 42.1

DATE CVE VULNERABILITY TITLE RISK
2016-02-20 CVE-2016-2041 7PK - Security Features vulnerability in multiple products
libraries/common.inc.php in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 does not use a constant-time algorithm for comparing CSRF tokens, which makes it easier for remote attackers to bypass intended access restrictions by measuring time differences.
network
low complexity
fedoraproject phpmyadmin opensuse CWE-254
7.5
2016-02-20 CVE-2016-2040 Cross-site Scripting vulnerability in multiple products
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 allow remote authenticated users to inject arbitrary web script or HTML via a (1) table name, (2) SET value, (3) search query, or (4) hostname in a Location header.
network
low complexity
fedoraproject opensuse phpmyadmin CWE-79
5.4
2016-02-20 CVE-2016-2039 Information Exposure vulnerability in multiple products
libraries/session.inc.php in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 does not properly generate CSRF token values, which allows remote attackers to bypass intended access restrictions by predicting a value.
network
low complexity
opensuse phpmyadmin fedoraproject CWE-200
5.3
2016-02-20 CVE-2016-2038 Information Exposure vulnerability in multiple products
phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted request, which reveals the full path in an error message.
network
low complexity
phpmyadmin fedoraproject opensuse CWE-200
5.3
2016-02-16 CVE-2016-0753 Active Model in Ruby on Rails 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 supports the use of instance-level writers for class accessors, which allows remote attackers to bypass intended validation steps via crafted parameters.
network
low complexity
rubyonrails debian fedoraproject opensuse
5.3
2016-02-16 CVE-2016-0752 Path Traversal vulnerability in multiple products
Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 allows remote attackers to read arbitrary files by leveraging an application's unrestricted use of the render method and providing a ..
network
low complexity
rubyonrails opensuse suse debian redhat CWE-22
7.5
2016-02-15 CVE-2016-0747 Resource Exhaustion vulnerability in multiple products
The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 does not properly limit CNAME resolution, which allows remote attackers to cause a denial of service (worker process resource consumption) via vectors related to arbitrary name resolution.
network
low complexity
f5 canonical debian opensuse apple CWE-400
5.3
2016-02-15 CVE-2016-0746 Use After Free vulnerability in multiple products
Use-after-free vulnerability in the resolver in nginx 0.6.18 through 1.8.0 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service (worker process crash) or possibly have unspecified other impact via a crafted DNS response related to CNAME response processing.
network
low complexity
f5 canonical debian opensuse apple CWE-416
critical
9.8
2016-02-15 CVE-2016-0742 NULL Pointer Dereference vulnerability in multiple products
The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service (invalid pointer dereference and worker process crash) via a crafted UDP DNS response.
network
low complexity
f5 canonical debian opensuse apple redhat CWE-476
7.5
2016-02-13 CVE-2015-8631 Missing Release of Resource after Effective Lifetime vulnerability in multiple products
Multiple memory leaks in kadmin/server/server_stubs.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 allow remote authenticated users to cause a denial of service (memory consumption) via a request specifying a NULL principal name.
network
low complexity
mit opensuse debian redhat oracle CWE-772
6.5