Vulnerabilities > Opensuse
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2016-02-23 | CVE-2015-8805 | Cryptographic Issues vulnerability in multiple products The ecc_256_modq function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors, a different vulnerability than CVE-2015-8803. | 9.8 |
2016-02-23 | CVE-2015-8804 | 7PK - Security Features vulnerability in multiple products x86_64/ecc-384-modp.asm in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-384 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors. | 9.8 |
2016-02-23 | CVE-2015-8803 | 7PK - Security Features vulnerability in multiple products The ecc_256_modp function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors, a different vulnerability than CVE-2015-8805. | 9.8 |
2016-02-21 | CVE-2016-1629 | Permissions, Privileges, and Access Controls vulnerability in multiple products Google Chrome before 48.0.2564.116 allows remote attackers to bypass the Blink Same Origin Policy and a sandbox protection mechanism via unspecified vectors. | 9.8 |
2016-02-20 | CVE-2016-2043 | Cross-site Scripting vulnerability in multiple products Cross-site scripting (XSS) vulnerability in the goToFinish1NF function in js/normalization.js in phpMyAdmin 4.4.x before 4.4.15.3 and 4.5.x before 4.5.4 allows remote authenticated users to inject arbitrary web script or HTML via a table name to the normalization page. | 5.4 |
2016-02-20 | CVE-2016-2042 | Information Exposure vulnerability in multiple products phpMyAdmin 4.4.x before 4.4.15.3 and 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted request to (1) libraries/phpseclib/Crypt/AES.php or (2) libraries/phpseclib/Crypt/Rijndael.php, which reveals the full path in an error message. | 5.3 |
2016-02-20 | CVE-2016-2041 | 7PK - Security Features vulnerability in multiple products libraries/common.inc.php in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 does not use a constant-time algorithm for comparing CSRF tokens, which makes it easier for remote attackers to bypass intended access restrictions by measuring time differences. | 7.5 |
2016-02-20 | CVE-2016-2040 | Cross-site Scripting vulnerability in multiple products Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 allow remote authenticated users to inject arbitrary web script or HTML via a (1) table name, (2) SET value, (3) search query, or (4) hostname in a Location header. | 5.4 |
2016-02-20 | CVE-2016-2039 | Information Exposure vulnerability in multiple products libraries/session.inc.php in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 does not properly generate CSRF token values, which allows remote attackers to bypass intended access restrictions by predicting a value. | 5.3 |
2016-02-20 | CVE-2016-2038 | Information Exposure vulnerability in multiple products phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted request, which reveals the full path in an error message. | 5.3 |