Product:

Opensuse

(Opensuse)
Repositories https://github.com/phpmyadmin/phpmyadmin
https://github.com/madler/zlib
https://github.com/quassel/quassel
https://github.com/mdadams/jasper
https://github.com/dosfstools/dosfstools
https://github.com/atheme/atheme
https://github.com/roundcube/roundcubemail
https://github.com/git/git
https://github.com/libarchive/libarchive
https://github.com/puppetlabs/puppet
https://github.com/ImageMagick/ImageMagick
https://github.com/libgd/libgd
https://github.com/vadz/libtiff
https://github.com/libimobiledevice/libimobiledevice
https://github.com/torvalds/linux
https://github.com/esnet/iperf
https://github.com/opencontainers/runc
https://github.com/krb5/krb5
https://github.com/fragglet/lhasa
https://github.com/mysql/mysql-server
https://github.com/ocaml/ocaml
https://github.com/stedolan/jq
https://github.com/systemd/systemd
https://github.com/Matroska-Org/libmatroska
https://github.com/ipython/ipython
https://github.com/kerolasa/lelux-utiliteetit
https://github.com/weidai11/cryptopp
https://github.com/khaledhosny/ots
https://github.com/apache/httpd
https://github.com/jmacd/xdelta-devel
https://github.com/erikd/libsndfile
https://github.com/libguestfs/hivex
https://github.com/karelzak/util-linux
https://github.com/php/php-src
https://github.com/miniupnp/miniupnp
https://github.com/python-pillow/Pillow
https://github.com/django/django
https://github.com/drk1wi/portspoof
https://github.com/ibus/ibus-anthy
https://github.com/FreeRDP/FreeRDP
https://github.com/bagder/curl
https://github.com/audreyt/module-signature
https://github.com/mongodb/mongo-python-driver
https://github.com/LibRaw/LibRaw
https://github.com/OpenVPN/openvpn
https://github.com/phppgadmin/phppgadmin
#Vulnerabilities 920
Date ID Summary Products Score Patch
2015-07-26 CVE-2015-3227 The (1) jdom.rb and (2) rexml.rb components in Active Support in Ruby on Rails before 4.1.11 and 4.2.x before 4.2.2, when JDOM or REXML is enabled, allow remote attackers to cause a denial of service (SystemStackError) via a large XML document depth. Opensuse, Rails N/A
2014-11-18 CVE-2014-7829 Directory traversal vulnerability in actionpack/lib/action_dispatch/middleware/static.rb in Action Pack in Ruby on Rails 3.x before 3.2.21, 4.0.x before 4.0.12, 4.1.x before 4.1.8, and 4.2.x before 4.2.0.beta4, when serve_static_assets is enabled, allows remote attackers to determine the existence of files outside the application root via vectors involving a \ (backslash) character, a similar issue to CVE-2014-7818. Opensuse, Rails, Ruby_on_rails N/A
2014-11-08 CVE-2014-7818 Directory traversal vulnerability in actionpack/lib/action_dispatch/middleware/static.rb in Action Pack in Ruby on Rails 3.x before 3.2.20, 4.0.x before 4.0.11, 4.1.x before 4.1.7, and 4.2.x before 4.2.0.beta3, when serve_static_assets is enabled, allows remote attackers to determine the existence of files outside the application root via a /..%2F sequence. Opensuse, Rails, Ruby_on_rails N/A
2014-02-20 CVE-2014-0081 Multiple cross-site scripting (XSS) vulnerabilities in actionview/lib/action_view/helpers/number_helper.rb in Ruby on Rails before 3.2.17, 4.0.x before 4.0.3, and 4.1.x before 4.1.0.beta2 allow remote attackers to inject arbitrary web script or HTML via the (1) format, (2) negative_format, or (3) units parameter to the (a) number_to_currency, (b) number_to_percentage, or (c) number_to_human helper. Opensuse, Opensuse, Cloudforms, Enterprise_linux, Rails, Ruby_on_rails N/A
2018-06-08 CVE-2014-5220 The mdcheck script of the mdadm package for openSUSE 13.2 prior to version 3.3.1-5.14.1 does not properly sanitize device names, which allows local attackers to execute arbitrary commands as root. Mdadm, Opensuse 7.8
2014-10-31 CVE-2013-0334 Bundler before 1.7, when multiple top-level source lines are used, allows remote attackers to install arbitrary gems by creating a gem with the same name as another gem in a different source. Bundler, Fedora, Opensuse N/A
2012-08-06 CVE-2012-3867 lib/puppet/ssl/certificate_authority.rb in Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, does not properly restrict the characters in the Common Name field of a Certificate Signing Request (CSR), which makes it easier for user-assisted remote attackers to trick administrators into signing a crafted agent certificate via ANSI control sequences. Ubuntu_linux, Debian_linux, Opensuse, Puppet, Puppet_enterprise, Puppet, Linux_enterprise_desktop, Linux_enterprise_server N/A
2014-09-22 CVE-2014-3637 D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8 does not properly close connections for processes that have terminated, which allows local users to cause a denial of service via a D-bus message containing a D-Bus connection file descriptor. D\-Bus, Opensuse N/A
2016-04-19 CVE-2014-9761 Multiple stack-based buffer overflows in the GNU C Library (aka glibc or libc6) before 2.23 allow context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long argument to the (1) nan, (2) nanf, or (3) nanl function. Ubuntu_linux, Fedora, Glibc, Opensuse, Linux_enterprise_debuginfo, Linux_enterprise_desktop, Linux_enterprise_server, Linux_enterprise_software_development_kit, Suse_linux_enterprise_server 9.8
2015-02-24 CVE-2014-9402 The nss_dns implementation of getnetbyname in GNU C Library (aka glibc) before 2.21, when the DNS backend in the Name Service Switch configuration is enabled, allows remote attackers to cause a denial of service (infinite loop) by sending a positive answer while a network name is being process. Ubuntu_linux, Glibc, Opensuse N/A