Leap

DATE	CVE	VULNERABILITY TITLE	RISK
2016-07-03	CVE-2016-5703	SQL Injection vulnerability in multiple products SQL injection vulnerability in libraries/central_columns.lib.php in phpMyAdmin 4.4.x before 4.4.15.7 and 4.6.x before 4.6.3 allows remote attackers to execute arbitrary SQL commands via a crafted database name that is mishandled in a central column query. network low complexity opensuse phpmyadmin CWE-89 critical	9.8
2016-07-03	CVE-2016-5701	Injection vulnerability in multiple products setup/frames/index.inc.php in phpMyAdmin 4.0.10.x before 4.0.10.16, 4.4.15.x before 4.4.15.7, and 4.6.x before 4.6.3 allows remote attackers to conduct BBCode injection attacks against HTTP sessions via a crafted URI. network low complexity phpmyadmin opensuse CWE-74	6.1
2016-06-30	CVE-2016-5301	Improper Input Validation vulnerability in multiple products The parse_chunk_header function in libtorrent before 1.1.1 allows remote attackers to cause a denial of service (crash) via a crafted (1) HTTP response or possibly a (2) UPnP broadcast. network low complexity opensuse arvidn CWE-20	7.5
2016-06-16	CVE-2016-3062	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The mov_read_dref function in libavformat/mov.c in Libav before 11.7 and FFmpeg before 0.11 allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via the entries value in a dref box in an MP4 file. network low complexity libav ffmpeg debian opensuse CWE-119	8.8
2016-06-13	CVE-2016-4579	Improper Input Validation vulnerability in multiple products Libksba before 1.3.4 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via unspecified vectors, related to the "returned length of the object from _ksba_ber_parse_tl." network low complexity gnupg opensuse canonical CWE-20	7.5
2016-06-13	CVE-2016-4574	Numeric Errors vulnerability in multiple products Off-by-one error in the append_utf8_value function in the DN decoder (dn.c) in Libksba before 1.3.4 allows remote attackers to cause a denial of service (out-of-bounds read) via invalid utf-8 encoded data. network low complexity gnupg canonical opensuse CWE-189	7.5
2016-06-13	CVE-2016-4478	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Buffer overflow in the xmlrpc_char_encode function in modules/transport/xmlrpc/xmlrpclib.c in Atheme before 7.2.7 allows remote attackers to cause a denial of service via vectors related to XMLRPC response encoding. network low complexity opensuse atheme debian CWE-119	7.5
2016-06-13	CVE-2016-4414	The onReadyRead function in core/coreauthhandler.cpp in Quassel before 0.12.4 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via invalid handshake data. network low complexity opensuse quassel-irc fedoraproject	7.5
2016-06-13	CVE-2014-9773	Improper Access Control vulnerability in multiple products modules/chanserv/flags.c in Atheme before 7.2.7 allows remote attackers to modify the Anope FLAGS behavior by registering and dropping the (1) LIST, (2) CLEAR, or (3) MODIFY keyword nicks. network low complexity opensuse atheme CWE-284	7.5
2016-06-13	CVE-2016-5104	Improper Access Control vulnerability in multiple products The socket_create function in common/socket.c in libimobiledevice and libusbmuxd allows remote attackers to bypass intended access restrictions and communicate with services on iOS devices by connecting to an IPv4 TCP socket. network low complexity libimobiledevice canonical opensuse CWE-284	5.3