Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Opensuse
(Opensuse)Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2019-11-04 | CVE-2017-5333 | Integer overflow in the extract_group_icon_cursor_resource function in b/wrestool/extract.c in icoutils before 0.31.1 allows local users to cause a denial of service (process crash) or execute arbitrary code via a crafted executable file. | Ubuntu_linux, Debian_linux, Icoutils, Leap, Opensuse, Enterprise_linux, Enterprise_linux_desktop, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_tus, Enterprise_linux_workstation | N/A | ||
2019-11-05 | CVE-2016-4983 | A postinstall script in the dovecot rpm allows local users to read the contents of newly created SSL/TLS key files. | Dovecot, Leap, Opensuse, Enterprise_linux | N/A | ||
2019-11-04 | CVE-2017-5332 | The extract_group_icon_cursor_resource in wrestool/extract.c in icoutils before 0.31.1 can access unallocated memory, which allows local users to cause a denial of service (process crash) and execute arbitrary code via a crafted executable. | Ubuntu_linux, Debian_linux, Icoutils, Leap, Opensuse, Enterprise_linux, Enterprise_linux_desktop, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_tus, Enterprise_linux_workstation | N/A | ||
2019-11-04 | CVE-2017-5331 | Integer overflow in the check_offset function in b/wrestool/fileread.c in icoutils before 0.31.1 allows local users to cause a denial of service (process crash) and execute arbitrary code via a crafted executable. | Ubuntu_linux, Debian_linux, Icoutils, Leap, Opensuse | N/A | ||
2019-11-01 | CVE-2013-3718 | evince is missing a check on number of pages which can lead to a segmentation fault | Debian_linux, Evince, Opensuse, Enterprise_linux | N/A | ||
2013-08-18 | CVE-2013-4238 | The ssl.match_hostname function in the SSL module in Python 2.6 through 3.4 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. | Ubuntu_linux, Opensuse, Python | N/A | ||
2015-07-26 | CVE-2015-3227 | The (1) jdom.rb and (2) rexml.rb components in Active Support in Ruby on Rails before 4.1.11 and 4.2.x before 4.2.2, when JDOM or REXML is enabled, allow remote attackers to cause a denial of service (SystemStackError) via a large XML document depth. | Opensuse, Rails | N/A | ||
2014-11-18 | CVE-2014-7829 | Directory traversal vulnerability in actionpack/lib/action_dispatch/middleware/static.rb in Action Pack in Ruby on Rails 3.x before 3.2.21, 4.0.x before 4.0.12, 4.1.x before 4.1.8, and 4.2.x before 4.2.0.beta4, when serve_static_assets is enabled, allows remote attackers to determine the existence of files outside the application root via vectors involving a \ (backslash) character, a similar issue to CVE-2014-7818. | Opensuse, Rails, Ruby_on_rails | N/A | ||
2014-11-08 | CVE-2014-7818 | Directory traversal vulnerability in actionpack/lib/action_dispatch/middleware/static.rb in Action Pack in Ruby on Rails 3.x before 3.2.20, 4.0.x before 4.0.11, 4.1.x before 4.1.7, and 4.2.x before 4.2.0.beta3, when serve_static_assets is enabled, allows remote attackers to determine the existence of files outside the application root via a /..%2F sequence. | Opensuse, Rails, Ruby_on_rails | N/A | ||
2014-02-20 | CVE-2014-0081 | Multiple cross-site scripting (XSS) vulnerabilities in actionview/lib/action_view/helpers/number_helper.rb in Ruby on Rails before 3.2.17, 4.0.x before 4.0.3, and 4.1.x before 4.1.0.beta2 allow remote attackers to inject arbitrary web script or HTML via the (1) format, (2) negative_format, or (3) units parameter to the (a) number_to_currency, (b) number_to_percentage, or (c) number_to_human helper. | Opensuse, Opensuse, Cloudforms, Enterprise_linux, Rails, Ruby_on_rails | N/A |