CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Opensuse » Opensuse : Security Vulnerabilities

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
201 CVE-2016-1666 DoS 2016-05-14 2018-10-30
7.5
None Remote Low Not required Partial Partial Partial
Multiple unspecified vulnerabilities in Google Chrome before 50.0.2661.94 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
202 CVE-2016-1665 20 +Info 2016-05-14 2018-10-30
4.3
None Remote Medium Not required Partial None None
The JSGenericLowering class in compiler/js-generic-lowering.cc in Google V8, as used in Google Chrome before 50.0.2661.94, mishandles comparison operators, which allows remote attackers to obtain sensitive information via crafted JavaScript code.
203 CVE-2016-1664 254 2016-05-14 2018-10-30
4.3
None Remote Medium Not required None Partial None
The HistoryController::UpdateForCommit function in content/renderer/history_controller.cc in Google Chrome before 50.0.2661.94 mishandles the interaction between subframe forward navigations and other forward navigations, which allows remote attackers to spoof the address bar via a crafted web site.
204 CVE-2016-1663 DoS 2016-05-14 2018-10-30
6.8
None Remote Medium Not required Partial Partial Partial
The SerializedScriptValue::transferArrayBuffers function in WebKit/Source/bindings/core/v8/SerializedScriptValue.cpp in the V8 bindings in Blink, as used in Google Chrome before 50.0.2661.94, mishandles certain array-buffer data structures, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted web site.
205 CVE-2016-1662 DoS 2016-05-14 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
extensions/renderer/gc_callback.cc in Google Chrome before 50.0.2661.94 does not prevent fallback execution once the Garbage Collection callback has started, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via unknown vectors.
206 CVE-2016-1661 20 DoS Mem. Corr. 2016-05-14 2018-10-30
8.3
None Remote Medium Not required Partial Partial Complete
Blink, as used in Google Chrome before 50.0.2661.94, does not ensure that frames satisfy a check for the same renderer process in addition to a Same Origin Policy check, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted web site, related to BindingSecurity.cpp and DOMWindow.cpp.
207 CVE-2016-1660 20 DoS 2016-05-14 2018-10-30
6.8
None Remote Medium Not required Partial Partial Partial
Blink, as used in Google Chrome before 50.0.2661.94, mishandles assertions in the WTF::BitArray and WTF::double_conversion::Vector classes, which allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via a crafted web site.
208 CVE-2016-1650 DoS 2016-03-29 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
The PageCaptureSaveAsMHTMLFunction::ReturnFailure function in browser/extensions/api/page_capture/page_capture_api.cc in Google Chrome before 49.0.2623.108 allows attackers to cause a denial of service or possibly have unspecified other impact by triggering an error in creating an MHTML document.
209 CVE-2016-1649 119 DoS Overflow 2016-03-29 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
The Program::getUniformInternal function in Program.cpp in libANGLE, as used in Google Chrome before 49.0.2623.108, does not properly handle a certain data-type mismatch, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via crafted shader stages.
210 CVE-2016-1648 DoS 2016-03-29 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
Use-after-free vulnerability in the GetLoadTimes function in renderer/loadtimes_extension_bindings.cc in the Extensions implementation in Google Chrome before 49.0.2623.108 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code.
211 CVE-2016-1647 DoS 2016-03-29 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
Use-after-free vulnerability in the RenderWidgetHostImpl::Destroy function in content/browser/renderer_host/render_widget_host_impl.cc in the Navigation implementation in Google Chrome before 49.0.2623.108 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
212 CVE-2016-1646 119 DoS Overflow 2016-03-29 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
The Array.prototype.concat implementation in builtins.cc in Google V8, as used in Google Chrome before 49.0.2623.108, does not properly consider element data types, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via crafted JavaScript code.
213 CVE-2016-1645 119 DoS Overflow 2016-03-13 2019-09-27
9.3
None Remote Medium Not required Complete Complete Complete
Multiple integer signedness errors in the opj_j2k_update_image_data function in j2k.c in OpenJPEG, as used in PDFium in Google Chrome before 49.0.2623.87, allow remote attackers to cause a denial of service (incorrect cast and out-of-bounds write) or possibly have unspecified other impact via crafted JPEG 2000 data.
214 CVE-2016-1629 264 Bypass 2016-02-21 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
Google Chrome before 48.0.2564.116 allows remote attackers to bypass the Blink Same Origin Policy and a sandbox protection mechanism via unspecified vectors.
215 CVE-2016-1627 264 Bypass 2016-02-13 2018-10-30
6.8
None Remote Medium Not required Partial Partial Partial
The Developer Tools (aka DevTools) subsystem in Google Chrome before 48.0.2564.109 does not validate URL schemes and ensure that the remoteBase parameter is associated with a chrome-devtools-frontend.appspot.com URL, which allows remote attackers to bypass intended access restrictions via a crafted URL, related to browser/devtools/devtools_ui_bindings.cc and WebKit/Source/devtools/front_end/Runtime.js.
216 CVE-2016-1626 119 DoS Overflow 2016-02-13 2018-10-30
4.3
None Remote Medium Not required Partial None None
The opj_pi_update_decode_poc function in pi.c in OpenJPEG, as used in PDFium in Google Chrome before 48.0.2564.109, miscalculates a certain layer index value, which allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PDF document.
217 CVE-2016-1625 264 Bypass 2016-02-13 2018-10-30
4.3
None Remote Medium Not required Partial None None
The Chrome Instant feature in Google Chrome before 48.0.2564.109 does not ensure that a New Tab Page (NTP) navigation target is on the most-visited or suggestions list, which allows remote attackers to bypass intended restrictions via unspecified vectors, related to instant_service.cc and search_tab_helper.cc.
218 CVE-2016-1624 119 DoS Overflow 2016-02-13 2018-10-30
6.8
None Remote Medium Not required Partial Partial Partial
Integer underflow in the ProcessCommandsInternal function in dec/decode.c in Brotli, as used in Google Chrome before 48.0.2564.109, allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via crafted data with brotli compression.
219 CVE-2016-1623 264 Bypass 2016-02-13 2018-10-30
6.8
None Remote Medium Not required Partial Partial Partial
The DOM implementation in Google Chrome before 48.0.2564.109 does not properly restrict frame-attach operations from occurring during or after frame-detach operations, which allows remote attackers to bypass the Same Origin Policy via a crafted web site, related to FrameLoader.cpp, HTMLFrameOwnerElement.h, LocalFrame.cpp, and WebLocalFrameImpl.cpp.
220 CVE-2016-1622 264 Bypass 2016-02-13 2018-10-30
6.8
None Remote Medium Not required Partial Partial Partial
The Extensions subsystem in Google Chrome before 48.0.2564.109 does not prevent use of the Object.defineProperty method to override intended extension behavior, which allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code.
221 CVE-2016-1572 264 +Priv 2016-01-22 2018-10-30
4.6
None Local Low Not required Partial Partial Partial
mount.ecryptfs_private.c in eCryptfs-utils does not validate mount destination filesystem types, which allows local users to gain privileges by mounting over a nonstandard filesystem, as demonstrated by /proc/$pid.
222 CVE-2016-1494 20 2016-01-13 2019-05-31
5.0
None Remote Low Not required None Partial None
The verify function in the RSA package for Python (Python-RSA) before 3.3 allows attackers to spoof signatures with a small public exponent via crafted signature padding, aka a BERserk attack.
223 CVE-2016-1254 119 DoS Overflow 2017-12-05 2018-10-30
5.0
None Remote Low Not required None None Partial
Tor before 0.2.8.12 might allow remote attackers to cause a denial of service (client crash) via a crafted hidden service descriptor.
224 CVE-2016-1234 119 DoS Overflow 2016-06-01 2019-05-31
5.0
None Remote Low Not required None None Partial
Stack-based buffer overflow in the glob implementation in GNU C Library (aka glibc) before 2.24, when GLOB_ALTDIRFUNC is used, allows context-dependent attackers to cause a denial of service (crash) via a long name.
225 CVE-2016-0787 200 +Info 2016-04-13 2018-10-30
4.3
None Remote Medium Not required Partial None None
The diffie_hellman_sha256 function in kex.c in libssh2 before 1.7.0 improperly truncates secrets to 128 or 256 bits, which makes it easier for man-in-the-middle attackers to decrypt or intercept SSH sessions via unspecified vectors, aka a "bits/bytes confusion bug."
226 CVE-2016-0749 119 DoS Exec Code Overflow 2016-06-09 2019-04-22
10.0
None Remote Low Not required Complete Complete Complete
The smartcard interaction in SPICE allows remote attackers to cause a denial of service (QEMU-KVM process crash) or possibly execute arbitrary code via vectors related to connecting to a guest VM, which triggers a heap-based buffer overflow.
227 CVE-2016-0718 119 DoS Exec Code Overflow 2016-05-26 2018-11-16
7.5
None Remote Low Not required Partial Partial Partial
Expat allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a malformed input document, which triggers a buffer overflow.
228 CVE-2016-0611 284 2016-01-20 2019-05-01
4.0
None Remote Low Single system None None Partial
Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier and 5.7.9 allows remote authenticated users to affect availability via unknown vectors related to Optimizer.
229 CVE-2016-0610 2016-01-20 2019-04-22
3.5
None Remote Medium Single system None None Partial
Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier and MariaDB before 10.0.22 and 10.1.x before 10.1.9 allows remote authenticated users to affect availability via unknown vectors related to InnoDB.
230 CVE-2016-0609 2016-01-20 2019-04-22
1.7
None Remote High Multiple systems None None Partial
Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to privileges.
231 CVE-2016-0608 2016-01-20 2019-04-22
3.5
None Remote Medium Single system None None Partial
Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via vectors related to UDF.
232 CVE-2016-0607 2016-01-20 2019-04-22
2.8
None Remote Medium Multiple systems None None Partial
Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier and 5.7.9 allows remote authenticated users to affect availability via unknown vectors related to replication.
233 CVE-2016-0606 2016-01-20 2018-10-30
3.5
None Remote Medium Single system None Partial None
Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect integrity via unknown vectors related to encryption.
234 CVE-2016-0605 2016-01-20 2018-10-30
2.1
None Remote High Single system None None Partial
Unspecified vulnerability in Oracle MySQL 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors.
235 CVE-2016-0600 2016-01-20 2018-10-30
3.5
None Remote Medium Single system None None Partial
Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to InnoDB.
236 CVE-2016-0598 2016-01-20 2018-10-30
3.5
None Remote Medium Single system None None Partial
Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via vectors related to DML.
237 CVE-2016-0597 2016-01-20 2018-10-30
4.0
None Remote Low Single system None None Partial
Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to Optimizer.
238 CVE-2016-0596 2016-01-20 2018-10-30
4.0
None Remote Low Single system None None Partial
Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier and 5.6.27 and earlier and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via vectors related to DML.
239 CVE-2016-0595 2016-01-20 2018-10-30
4.0
None Remote Low Single system None None Partial
Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier allows remote authenticated users to affect availability via vectors related to DML.
240 CVE-2016-0594 2016-01-20 2018-10-30
4.3
None Remote Medium Not required None None Partial
Unspecified vulnerability in Oracle MySQL 5.6.21 and earlier allows remote authenticated users to affect availability via vectors related to DML.
241 CVE-2016-0546 Overflow 2016-01-20 2018-10-30
7.2
None Local Low Not required Complete Complete Complete
Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Client. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that these are multiple buffer overflows in the mysqlshow tool that allow remote database servers to have unspecified impact via a long table or database name.
242 CVE-2016-0505 2016-01-20 2018-10-30
6.8
None Remote Low Single system None None Complete
Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to Options.
243 CVE-2016-0504 2016-01-20 2018-10-30
6.8
None Remote Low Single system None None Complete
Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier and 5.7.9 allows remote authenticated users to affect availability via vectors related to DML, a different vulnerability than CVE-2016-0503.
244 CVE-2016-0503 2016-01-20 2018-10-30
4.0
None Remote Low Single system None None Partial
Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier and 5.7.9 allows remote authenticated users to affect availability via vectors related to DML, a different vulnerability than CVE-2016-0504.
245 CVE-2016-0502 2016-01-20 2018-10-30
4.0
None Remote Low Single system None None Partial
Unspecified vulnerability in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.
246 CVE-2015-8948 125 +Info 2016-09-07 2018-10-30
5.0
None Remote Low Not required Partial None None
idn in GNU libidn before 1.33 might allow remote attackers to obtain sensitive memory information by reading a zero byte as input, which triggers an out-of-bounds read.
247 CVE-2015-8872 189 DoS 2016-06-03 2018-10-30
2.1
None Local Low Not required None None Partial
The set_fat function in fat.c in dosfstools before 4.0 might allow attackers to corrupt a FAT12 filesystem or cause a denial of service (invalid memory read and crash) by writing an odd number of clusters to the third to last entry on a FAT12 filesystem, which triggers an "off-by-two error."
248 CVE-2015-8869 119 Overflow +Info 2016-06-13 2018-10-30
6.4
None Remote Low Not required Partial None Partial
OCaml before 4.03.0 does not properly handle sign extensions, which allows remote attackers to conduct buffer overflow attacks or obtain sensitive information as demonstrated by a long string to the String.copy function.
249 CVE-2015-8864 79 XSS 2017-04-13 2018-10-30
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 1.0.9 and 1.1.x before 1.1.5 allows remote attackers to inject arbitrary web script or HTML via a crafted SVG, a different vulnerability than CVE-2016-4068.
250 CVE-2015-8863 119 DoS Overflow 2016-05-06 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
Off-by-one error in the tokenadd function in jv_parse.c in jq allows remote attackers to cause a denial of service (crash) via a long JSON-encoded number, which triggers a heap-based buffer overflow.
Total number of vulnerabilities : 918   Page : 1 2 3 4 5 (This Page)6 7 8 9 10 11 12 13 14 15 16 17 18 19
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.