Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Leap
(Opensuse)Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2016-04-18 | CVE-2016-1655 | Google Chrome before 50.0.2661.75 does not properly consider that frame removal may occur during callback execution, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted extension. | Ubuntu_linux, Debian_linux, Chrome, Leap, Linux_enterprise | 8.8 | ||
2016-04-18 | CVE-2016-1656 | The download implementation in Google Chrome before 50.0.2661.75 on Android allows remote attackers to bypass intended pathname restrictions via unspecified vectors. | Chrome, Leap, Linux_enterprise | 7.5 | ||
2016-04-18 | CVE-2016-1657 | The WebContentsImpl::FocusLocationBarByDefault function in content/browser/web_contents/web_contents_impl.cc in Google Chrome before 50.0.2661.75 mishandles focus for certain about:blank pages, which allows remote attackers to spoof the address bar via a crafted URL. | Debian_linux, Chrome, Suse_package_hub_for_suse_linux_enterprise, Leap | 4.3 | ||
2016-04-18 | CVE-2016-1658 | The Extensions subsystem in Google Chrome before 50.0.2661.75 incorrectly relies on GetOrigin method calls for origin comparisons, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted extension. | Debian_linux, Chrome, Suse_package_hub_for_suse_linux_enterprise, Leap | 4.3 | ||
2016-04-18 | CVE-2016-1659 | Multiple unspecified vulnerabilities in Google Chrome before 50.0.2661.75 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | Ubuntu_linux, Debian_linux, Chrome, Leap, Linux_enterprise | 9.8 | ||
2016-04-19 | CVE-2015-5479 | The ff_h263_decode_mba function in libavcodec/ituh263dec.c in Libav before 11.5 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a file with crafted dimensions. | Libav, Leap, Ubuntu | 6.5 | ||
2016-05-05 | CVE-2016-2105 | Integer overflow in the EVP_EncodeUpdate function in crypto/evp/encode.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of binary data. | Mac_os_x, Ubuntu_linux, Debian_linux, Node\.js, Openssl, Leap, Opensuse, Mysql, Enterprise_linux_desktop, Enterprise_linux_hpc_node, Enterprise_linux_hpc_node_eus, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_workstation | 7.5 | ||
2016-05-16 | CVE-2015-4116 | Use-after-free vulnerability in the spl_ptr_heap_insert function in ext/spl/spl_heap.c in PHP before 5.5.27 and 5.6.x before 5.6.11 allows remote attackers to execute arbitrary code by triggering a failed SplMinHeap::compare operation. | Leap, Php | 9.8 | ||
2016-05-16 | CVE-2015-8873 | Stack consumption vulnerability in Zend/zend_exceptions.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allows remote attackers to cause a denial of service (segmentation fault) via recursive method calls. | Leap, Php | 7.5 | ||
2016-05-22 | CVE-2015-8866 | ext/libxml/libxml.c in PHP before 5.5.22 and 5.6.x before 5.6.6, when PHP-FPM is used, does not isolate each thread from libxml_disable_entity_loader changes in other threads, which allows remote attackers to conduct XML External Entity (XXE) and XML Entity Expansion (XEE) attacks via a crafted XML document, a related issue to CVE-2015-5161. | Ubuntu_linux, Leap, Opensuse, Php, Linux_enterprise_module_for_web_scripting, Linux_enterprise_software_development_kit | 9.6 |