Vulnerabilities > Opensuse > Leap > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-07-13 | CVE-2016-3100 | Information Exposure vulnerability in multiple products kinit in KDE Frameworks before 5.23.0 uses weak permissions (644) for /tmp/xauth-xxx-_y, which allows local users to obtain X11 cookies of other users and consequently capture keystrokes and possibly gain privileges by reading the file. | 8.4 |
| 2016-07-05 | CVE-2016-4957 | NULL Pointer Dereference vulnerability in multiple products ntpd in NTP before 4.2.8p8 allows remote attackers to cause a denial of service (daemon crash) via a crypto-NAK packet. | 7.5 |
| 2016-07-05 | CVE-2016-4954 | Race Condition vulnerability in multiple products The process_packet function in ntp_proto.c in ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (peer-variable modification) by sending spoofed packets from many source IP addresses in a certain scenario, as demonstrated by triggering an incorrect leap indication. | 7.5 |
| 2016-07-05 | CVE-2016-4953 | Improper Authentication vulnerability in multiple products ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (ephemeral-association demobilization) by sending a spoofed crypto-NAK packet with incorrect authentication data at a certain time. | 7.5 |
| 2016-07-03 | CVE-2016-1704 | Multiple unspecified vulnerabilities in Google Chrome before 51.0.2704.103 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | 8.8 |
| 2016-07-03 | CVE-2016-5739 | Information Exposure vulnerability in multiple products The Transformation implementation in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 does not use the no-referrer Content Security Policy (CSP) protection mechanism, which makes it easier for remote attackers to conduct CSRF attacks by reading an authentication token in a Referer header, related to libraries/Header.php. | 7.5 |
| 2016-07-03 | CVE-2016-5706 | Resource Management Errors vulnerability in multiple products js/get_scripts.js.php in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allows remote attackers to cause a denial of service via a large array in the scripts parameter. | 7.5 |
| 2016-06-30 | CVE-2016-5301 | Improper Input Validation vulnerability in multiple products The parse_chunk_header function in libtorrent before 1.1.1 allows remote attackers to cause a denial of service (crash) via a crafted (1) HTTP response or possibly a (2) UPnP broadcast. | 7.5 |
| 2016-06-16 | CVE-2016-3062 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The mov_read_dref function in libavformat/mov.c in Libav before 11.7 and FFmpeg before 0.11 allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via the entries value in a dref box in an MP4 file. | 8.8 |
| 2016-06-13 | CVE-2016-4579 | Improper Input Validation vulnerability in multiple products Libksba before 1.3.4 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via unspecified vectors, related to the "returned length of the object from _ksba_ber_parse_tl." | 7.5 |