Vulnerabilities > Opensuse

DATE CVE VULNERABILITY TITLE RISK
2016-02-23 CVE-2015-8805 Cryptographic Issues vulnerability in multiple products
The ecc_256_modq function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors, a different vulnerability than CVE-2015-8803.
network
low complexity
nettle-project canonical opensuse CWE-310
critical
9.8
2016-02-23 CVE-2015-8804 7PK - Security Features vulnerability in multiple products
x86_64/ecc-384-modp.asm in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-384 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors.
network
low complexity
nettle-project canonical opensuse CWE-254
critical
9.8
2016-02-23 CVE-2015-8803 7PK - Security Features vulnerability in multiple products
The ecc_256_modp function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors, a different vulnerability than CVE-2015-8805.
network
low complexity
nettle-project canonical opensuse CWE-254
critical
9.8
2016-02-21 CVE-2016-1629 Permissions, Privileges, and Access Controls vulnerability in multiple products
Google Chrome before 48.0.2564.116 allows remote attackers to bypass the Blink Same Origin Policy and a sandbox protection mechanism via unspecified vectors.
network
low complexity
google novell opensuse debian CWE-264
critical
9.8
2016-02-20 CVE-2016-2043 Cross-site Scripting vulnerability in multiple products
Cross-site scripting (XSS) vulnerability in the goToFinish1NF function in js/normalization.js in phpMyAdmin 4.4.x before 4.4.15.3 and 4.5.x before 4.5.4 allows remote authenticated users to inject arbitrary web script or HTML via a table name to the normalization page.
network
low complexity
fedoraproject opensuse phpmyadmin CWE-79
5.4
2016-02-20 CVE-2016-2042 Information Exposure vulnerability in multiple products
phpMyAdmin 4.4.x before 4.4.15.3 and 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted request to (1) libraries/phpseclib/Crypt/AES.php or (2) libraries/phpseclib/Crypt/Rijndael.php, which reveals the full path in an error message.
network
low complexity
opensuse fedoraproject phpmyadmin CWE-200
5.3
2016-02-20 CVE-2016-2041 7PK - Security Features vulnerability in multiple products
libraries/common.inc.php in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 does not use a constant-time algorithm for comparing CSRF tokens, which makes it easier for remote attackers to bypass intended access restrictions by measuring time differences.
network
low complexity
fedoraproject phpmyadmin opensuse CWE-254
7.5
2016-02-20 CVE-2016-2040 Cross-site Scripting vulnerability in multiple products
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 allow remote authenticated users to inject arbitrary web script or HTML via a (1) table name, (2) SET value, (3) search query, or (4) hostname in a Location header.
network
low complexity
fedoraproject opensuse phpmyadmin CWE-79
5.4
2016-02-20 CVE-2016-2039 Information Exposure vulnerability in multiple products
libraries/session.inc.php in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 does not properly generate CSRF token values, which allows remote attackers to bypass intended access restrictions by predicting a value.
network
low complexity
opensuse phpmyadmin fedoraproject CWE-200
5.3
2016-02-20 CVE-2016-2038 Information Exposure vulnerability in multiple products
phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted request, which reveals the full path in an error message.
network
low complexity
phpmyadmin fedoraproject opensuse CWE-200
5.3