Product:

Opensuse

(Opensuse)
Repositories https://github.com/phpmyadmin/phpmyadmin
https://github.com/madler/zlib
https://github.com/quassel/quassel
https://github.com/mdadams/jasper
https://github.com/dosfstools/dosfstools
https://github.com/atheme/atheme
https://github.com/roundcube/roundcubemail
https://github.com/git/git
https://github.com/libarchive/libarchive
https://github.com/puppetlabs/puppet
https://github.com/ImageMagick/ImageMagick
https://github.com/libgd/libgd
https://github.com/vadz/libtiff
https://github.com/libimobiledevice/libimobiledevice
https://github.com/torvalds/linux
https://github.com/esnet/iperf
https://github.com/opencontainers/runc
https://github.com/krb5/krb5
https://github.com/fragglet/lhasa
https://github.com/mysql/mysql-server
https://github.com/ocaml/ocaml
https://github.com/stedolan/jq
https://github.com/systemd/systemd
https://github.com/Matroska-Org/libmatroska
https://github.com/ipython/ipython
https://github.com/kerolasa/lelux-utiliteetit
https://github.com/weidai11/cryptopp
https://github.com/khaledhosny/ots
https://github.com/apache/httpd
https://github.com/jmacd/xdelta-devel
https://github.com/erikd/libsndfile
https://github.com/libguestfs/hivex
https://github.com/karelzak/util-linux
https://github.com/php/php-src
https://github.com/miniupnp/miniupnp
https://github.com/python-pillow/Pillow
https://github.com/django/django
https://github.com/drk1wi/portspoof
https://github.com/ibus/ibus-anthy
https://github.com/FreeRDP/FreeRDP
https://github.com/bagder/curl
https://github.com/audreyt/module-signature
https://github.com/mongodb/mongo-python-driver
https://github.com/LibRaw/LibRaw
https://github.com/OpenVPN/openvpn
https://github.com/phppgadmin/phppgadmin
#Vulnerabilities 921
Date ID Summary Products Score Patch
2015-03-30 CVE-2015-2301 Use-after-free vulnerability in the phar_rename_archive function in phar_object.c in PHP before 5.5.22 and 5.6.x before 5.6.6 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an attempted renaming of a Phar archive to the name of an existing file. Mac_os_x, Ubuntu_linux, Debian_linux, Opensuse, Php, Enterprise_linux_desktop, Enterprise_linux_hpc_node, Enterprise_linux_hpc_node_eus, Enterprise_linux_server, Enterprise_linux_server_eus, Enterprise_linux_workstation N/A
2015-03-30 CVE-2014-9709 The GetCode_ function in gd_gif_in.c in GD 2.1.1 and earlier, as used in PHP before 5.5.21 and 5.6.x before 5.6.5, allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted GIF image that is improperly handled by the gdImageCreateFromGif function. Ubuntu_linux, Debian_linux, Libgd, Opensuse, Php N/A
2014-10-15 CVE-2014-3566 The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue. Mac_os_x, Debian_linux, Fedora, Aix, Vios, Mageia, Netbsd, Suse_linux_enterprise_desktop, Suse_linux_enterprise_server, Suse_linux_enterprise_software_development_kit, Openssl, Opensuse, Database, Enterprise_linux, Enterprise_linux_desktop, Enterprise_linux_desktop_supplementary, Enterprise_linux_server, Enterprise_linux_server_supplementary, Enterprise_linux_workstation, Enterprise_linux_workstation_supplementary N/A
2014-06-05 CVE-2014-0224 OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the "CCS Injection" vulnerability. Fedora, Openssl, Opensuse, Enterprise_linux, Jboss_enterprise_application_platform, Jboss_enterprise_web_platform, Jboss_enterprise_web_server, Storage N/A
2016-03-13 CVE-2016-1645 Multiple integer signedness errors in the opj_j2k_update_image_data function in j2k.c in OpenJPEG, as used in PDFium in Google Chrome before 49.0.2623.87, allow remote attackers to cause a denial of service (incorrect cast and out-of-bounds write) or possibly have unspecified other impact via crafted JPEG 2000 data. Debian_linux, Chrome, Leap, Opensuse, Suse_linux_enterprise_server N/A
2015-07-26 CVE-2015-3227 The (1) jdom.rb and (2) rexml.rb components in Active Support in Ruby on Rails before 4.1.11 and 4.2.x before 4.2.2, when JDOM or REXML is enabled, allow remote attackers to cause a denial of service (SystemStackError) via a large XML document depth. Opensuse, Rails N/A
2014-11-18 CVE-2014-7829 Directory traversal vulnerability in actionpack/lib/action_dispatch/middleware/static.rb in Action Pack in Ruby on Rails 3.x before 3.2.21, 4.0.x before 4.0.12, 4.1.x before 4.1.8, and 4.2.x before 4.2.0.beta4, when serve_static_assets is enabled, allows remote attackers to determine the existence of files outside the application root via vectors involving a \ (backslash) character, a similar issue to CVE-2014-7818. Opensuse, Rails, Ruby_on_rails N/A
2014-11-08 CVE-2014-7818 Directory traversal vulnerability in actionpack/lib/action_dispatch/middleware/static.rb in Action Pack in Ruby on Rails 3.x before 3.2.20, 4.0.x before 4.0.11, 4.1.x before 4.1.7, and 4.2.x before 4.2.0.beta3, when serve_static_assets is enabled, allows remote attackers to determine the existence of files outside the application root via a /..%2F sequence. Opensuse, Rails, Ruby_on_rails N/A
2014-02-20 CVE-2014-0081 Multiple cross-site scripting (XSS) vulnerabilities in actionview/lib/action_view/helpers/number_helper.rb in Ruby on Rails before 3.2.17, 4.0.x before 4.0.3, and 4.1.x before 4.1.0.beta2 allow remote attackers to inject arbitrary web script or HTML via the (1) format, (2) negative_format, or (3) units parameter to the (a) number_to_currency, (b) number_to_percentage, or (c) number_to_human helper. Opensuse, Opensuse, Cloudforms, Enterprise_linux, Rails, Ruby_on_rails N/A
2018-06-08 CVE-2014-5220 The mdcheck script of the mdadm package for openSUSE 13.2 prior to version 3.3.1-5.14.1 does not properly sanitize device names, which allows local attackers to execute arbitrary commands as root. Mdadm, Opensuse 7.8