Vulnerabilities (CVE)

Filtered by vendor Opensuse Subscribe
Filtered by product Leap
Total 1920 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2016-5730 2 Opensuse, Phpmyadmin 3 Leap, Opensuse, Phpmyadmin 2026-06-17 5.0 MEDIUM 5.3 MEDIUM
phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allows remote attackers to obtain sensitive information via vectors involving (1) an array value to FormDisplay.php, (2) incorrect data to validate.php, (3) unexpected data to Validator.php, (4) a missing config directory during setup, or (5) an incorrect OpenID identifier data type, which reveals the full path in an error message.
CVE-2016-5706 2 Opensuse, Phpmyadmin 3 Leap, Opensuse, Phpmyadmin 2026-06-17 5.0 MEDIUM 7.5 HIGH
js/get_scripts.js.php in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allows remote attackers to cause a denial of service via a large array in the scripts parameter.
CVE-2016-5705 2 Opensuse, Phpmyadmin 3 Leap, Opensuse, Phpmyadmin 2026-06-17 4.3 MEDIUM 6.1 MEDIUM
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.4.x before 4.4.15.7 and 4.6.x before 4.6.3 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) server-privileges certificate data fields on the user privileges page, (2) an "invalid JSON" error message in the error console, (3) a database name in the central columns implementation, (4) a group name, or (5) a search name in the bookmarks implementation.
CVE-2016-5703 2 Opensuse, Phpmyadmin 3 Leap, Opensuse, Phpmyadmin 2026-06-17 7.5 HIGH 9.8 CRITICAL
SQL injection vulnerability in libraries/central_columns.lib.php in phpMyAdmin 4.4.x before 4.4.15.7 and 4.6.x before 4.6.3 allows remote attackers to execute arbitrary SQL commands via a crafted database name that is mishandled in a central column query.
CVE-2016-5701 2 Opensuse, Phpmyadmin 3 Leap, Opensuse, Phpmyadmin 2026-06-17 4.3 MEDIUM 6.1 MEDIUM
setup/frames/index.inc.php in phpMyAdmin 4.0.10.x before 4.0.10.16, 4.4.15.x before 4.4.15.7, and 4.6.x before 4.6.3 allows remote attackers to conduct BBCode injection attacks against HTTP sessions via a crafted URI.
CVE-2016-5421 5 Canonical, Debian, Fedoraproject and 2 more 6 Ubuntu Linux, Debian Linux, Fedora and 3 more 2026-06-17 6.8 MEDIUM 8.1 HIGH
Use-after-free vulnerability in libcurl before 7.50.1 allows attackers to control which connection is used or possibly have unspecified other impact via unknown vectors.
CVE-2016-5420 3 Debian, Haxx, Opensuse 3 Debian Linux, Libcurl, Leap 2026-06-17 5.0 MEDIUM 7.5 HIGH
curl and libcurl before 7.50.1 do not check the client certificate when choosing the TLS connection to reuse, which might allow remote attackers to hijack the authentication of the connection by leveraging a previously created connection with a different client certificate.
CVE-2016-5419 3 Debian, Haxx, Opensuse 3 Debian Linux, Libcurl, Leap 2026-06-17 5.0 MEDIUM 7.5 HIGH
curl and libcurl before 7.50.1 do not prevent TLS session resumption when the client certificate has changed, which allows remote attackers to bypass intended restrictions by resuming a session.
CVE-2016-5387 8 Apache, Canonical, Debian and 5 more 21 Http Server, Ubuntu Linux, Debian Linux and 18 more 2026-06-17 6.8 MEDIUM 8.1 HIGH
The Apache HTTP Server through 2.4.23 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue. NOTE: the vendor states "This mitigation has been assigned the identifier CVE-2016-5387"; in other words, this is not a CVE ID for a vulnerability.
CVE-2016-5385 8 Debian, Drupal, Fedoraproject and 5 more 14 Debian Linux, Drupal, Fedora and 11 more 2026-06-17 5.1 MEDIUM 8.1 HIGH
PHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, as demonstrated by (1) an application that makes a getenv('HTTP_PROXY') call or (2) a CGI configuration of PHP, aka an "httpoxy" issue.
CVE-2016-5314 4 Debian, Libtiff, Opensuse and 1 more 5 Debian Linux, Libtiff, Leap and 2 more 2026-06-17 6.8 MEDIUM 8.8 HIGH
Buffer overflow in the PixarLogDecode function in tif_pixarlog.c in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted TIFF image, as demonstrated by overwriting the vgetparent function pointer with rgb2ycbcr.
CVE-2016-5301 2 Arvidn, Opensuse 3 Libtorrent, Leap, Opensuse 2026-06-17 5.0 MEDIUM 7.5 HIGH
The parse_chunk_header function in libtorrent before 1.1.1 allows remote attackers to cause a denial of service (crash) via a crafted (1) HTTP response or possibly a (2) UPnP broadcast.
CVE-2016-5241 3 Debian, Graphicsmagick, Opensuse 4 Debian Linux, Graphicsmagick, Leap and 1 more 2026-06-17 4.3 MEDIUM 5.5 MEDIUM
magick/render.c in GraphicsMagick before 1.3.24 allows remote attackers to cause a denial of service (arithmetic exception and application crash) via a crafted svg file.
CVE-2016-5178 5 Debian, Fedoraproject, Google and 2 more 7 Debian Linux, Fedora, Chrome and 4 more 2026-06-17 7.5 HIGH 9.8 CRITICAL
Multiple unspecified vulnerabilities in Google Chrome before 53.0.2785.143 allow remote attackers to cause a denial of service or possibly have other impact via unknown vectors.
CVE-2016-5177 5 Debian, Fedoraproject, Google and 2 more 7 Debian Linux, Fedora, Chrome and 4 more 2026-06-17 6.8 MEDIUM 8.8 HIGH
Use-after-free vulnerability in V8 in Google Chrome before 53.0.2785.143 allows remote attackers to cause a denial of service (crash) or possibly have unspecified other impact via unknown vectors.
CVE-2016-5167 2 Google, Opensuse 2 Chrome, Leap 2026-06-17 7.5 HIGH 8.8 HIGH
Multiple unspecified vulnerabilities in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
CVE-2016-5166 2 Google, Opensuse 2 Chrome, Leap 2026-06-17 2.6 LOW 3.1 LOW
The download implementation in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not properly restrict saving a file:// URL that is referenced by an http:// URL, which makes it easier for user-assisted remote attackers to discover NetNTLM hashes and conduct SMB relay attacks via a crafted web page that is accessed with the "Save page as" menu choice.
CVE-2016-5165 2 Google, Opensuse 2 Chrome, Leap 2026-06-17 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting (XSS) vulnerability in the Developer Tools (aka DevTools) subsystem in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux allows remote attackers to inject arbitrary web script or HTML via the settings parameter in a chrome-devtools-frontend.appspot.com URL's query string.
CVE-2016-5164 2 Google, Opensuse 2 Chrome, Leap 2026-06-17 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting (XSS) vulnerability in WebKit/Source/platform/v8_inspector/V8Debugger.cpp in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allows remote attackers to inject arbitrary web script or HTML into the Developer Tools (aka DevTools) subsystem via a crafted web site, aka "Universal XSS (UXSS)."
CVE-2016-5163 2 Google, Opensuse 2 Chrome, Leap 2026-06-17 4.3 MEDIUM 4.3 MEDIUM
The bidirectional-text implementation in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not ensure left-to-right (LTR) rendering of URLs, which allows remote attackers to spoof the address bar via crafted right-to-left (RTL) Unicode text, related to omnibox/SuggestionView.java and omnibox/UrlBar.java in Chrome for Android.