Vulnerabilities > Opensuse
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-07-05 | CVE-2016-5099 | Cross-site Scripting vulnerability in multiple products Cross-site scripting (XSS) vulnerability in phpMyAdmin 4.4.x before 4.4.15.6 and 4.6.x before 4.6.2 allows remote attackers to inject arbitrary web script or HTML via special characters that are mishandled during double URL decoding. | 6.1 |
| 2016-07-05 | CVE-2016-5098 | Path Traversal vulnerability in multiple products Directory traversal vulnerability in libraries/error_report.lib.php in phpMyAdmin before 4.6.2-prerelease allows remote attackers to determine the existence of arbitrary files by triggering an error. | 5.3 |
| 2016-07-05 | CVE-2016-5097 | Information Exposure vulnerability in multiple products phpMyAdmin before 4.6.2 places tokens in query strings and does not arrange for them to be stripped before external navigation, which allows remote attackers to obtain sensitive information by reading (1) HTTP requests or (2) server logs. | 5.3 |
| 2016-07-05 | CVE-2016-4957 | NULL Pointer Dereference vulnerability in multiple products ntpd in NTP before 4.2.8p8 allows remote attackers to cause a denial of service (daemon crash) via a crypto-NAK packet. | 7.5 |
| 2016-07-05 | CVE-2016-4956 | ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (interleaved-mode transition and time change) via a spoofed broadcast packet. | 5.3 |
| 2016-07-05 | CVE-2016-4955 | Race Condition vulnerability in multiple products ntpd in NTP 4.x before 4.2.8p8, when autokey is enabled, allows remote attackers to cause a denial of service (peer-variable clearing and association outage) by sending (1) a spoofed crypto-NAK packet or (2) a packet with an incorrect MAC value at a certain time. | 5.9 |
| 2016-07-05 | CVE-2016-4954 | Race Condition vulnerability in multiple products The process_packet function in ntp_proto.c in ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (peer-variable modification) by sending spoofed packets from many source IP addresses in a certain scenario, as demonstrated by triggering an incorrect leap indication. | 7.5 |
| 2016-07-05 | CVE-2016-4953 | Improper Authentication vulnerability in multiple products ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (ephemeral-association demobilization) by sending a spoofed crypto-NAK packet with incorrect authentication data at a certain time. | 7.5 |
| 2016-07-03 | CVE-2016-1704 | Multiple unspecified vulnerabilities in Google Chrome before 51.0.2704.103 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | 8.8 |
| 2016-07-03 | CVE-2016-5739 | Information Exposure vulnerability in multiple products The Transformation implementation in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 does not use the no-referrer Content Security Policy (CSP) protection mechanism, which makes it easier for remote attackers to conduct CSRF attacks by reading an authentication token in a Referer header, related to libraries/Header.php. | 7.5 |