Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Opensuse
(Opensuse)| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2014-06-07 | CVE-2014-3153 | The futex_requeue function in kernel/futex.c in the Linux kernel through 3.14.5 does not ensure that calls have two different futex addresses, which allows local users to gain privileges via a crafted FUTEX_REQUEUE command that facilitates unsafe waiter modification. | Ubuntu_linux, Linux_kernel, Opensuse, Linux, Enterprise_linux_server_aus, Linux_enterprise_desktop, Linux_enterprise_high_availability_extension, Linux_enterprise_real_time_extension, Linux_enterprise_server | 7.8 | ||
| 2015-08-08 | CVE-2015-4495 | The PDF reader in Mozilla Firefox before 39.0.3, Firefox ESR 38.x before 38.1.1, and Firefox OS before 2.2 allows remote attackers to bypass the Same Origin Policy, and read arbitrary files or gain privileges, via vectors involving crafted JavaScript code and a native setter, as exploited in the wild in August 2015. | Ubuntu_linux, Firefox, Firefox_os, Opensuse, Solaris, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_tus, Enterprise_linux_workstation, Linux_enterprise_debuginfo, Linux_enterprise_desktop, Linux_enterprise_server, Linux_enterprise_software_development_kit | 8.8 | ||
| 2016-02-16 | CVE-2016-0752 | Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 allows remote attackers to read arbitrary files by leveraging an application's unrestricted use of the render method and providing a .. (dot dot) in a pathname. | Debian_linux, Leap, Opensuse, Software_collections, Rails, Linux_enterprise_module_for_containers | 7.5 | ||
| 2016-05-05 | CVE-2016-3715 | The EPHEMERAL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to delete arbitrary files via a crafted image. | Ubuntu_linux, Imagemagick, Leap, Opensuse, Linux, Solaris, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_for_ibm_z_systems, Enterprise_linux_for_ibm_z_systems_eus, Enterprise_linux_for_power_big_endian, Enterprise_linux_for_power_big_endian_eus, Enterprise_linux_for_power_little_endian, Enterprise_linux_for_power_little_endian_eus, Enterprise_linux_hpc_node, Enterprise_linux_hpc_node_eus, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_from_rhui, Enterprise_linux_server_supplementary_eus, Enterprise_linux_server_tus, Enterprise_linux_workstation, Linux_enterprise_debuginfo, Linux_enterprise_desktop, Linux_enterprise_server, Linux_enterprise_software_development_kit, Linux_enterprise_workstation_extension, Manager, Manager_proxy, Openstack_cloud | 5.5 | ||
| 2016-05-05 | CVE-2016-3718 | The (1) HTTP and (2) FTP coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted image. | Ubuntu_linux, Imagemagick, Leap, Opensuse, Linux, Solaris, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_for_ibm_z_systems, Enterprise_linux_for_ibm_z_systems_eus, Enterprise_linux_for_power_big_endian, Enterprise_linux_for_power_big_endian_eus, Enterprise_linux_for_power_little_endian, Enterprise_linux_for_power_little_endian_eus, Enterprise_linux_hpc_node, Enterprise_linux_hpc_node_eus, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_from_rhui, Enterprise_linux_server_supplementary_eus, Enterprise_linux_server_tus, Enterprise_linux_workstation, Linux_enterprise_debuginfo, Linux_enterprise_desktop, Linux_enterprise_server, Linux_enterprise_software_development_kit, Linux_enterprise_workstation_extension, Manager, Manager_proxy, Openstack_cloud | 5.5 | ||
| 2016-05-05 | CVE-2016-3714 | The (1) EPHEMERAL, (2) HTTPS, (3) MVG, (4) MSL, (5) TEXT, (6) SHOW, (7) WIN, and (8) PLT coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to execute arbitrary code via shell metacharacters in a crafted image, aka "ImageTragick." | Ubuntu_linux, Debian_linux, Imagemagick, Leap, Opensuse, Suse_linux_enterprise_server | 8.4 | ||
| 2014-07-03 | CVE-2014-4608 | Multiple integer overflows in the lzo1x_decompress_safe function in lib/lzo/lzo1x_decompress_safe.c in the LZO decompressor in the Linux kernel before 3.15.2 allow context-dependent attackers to cause a denial of service (memory corruption) via a crafted Literal Run. NOTE: the author of the LZO algorithms says "the Linux kernel is *not* affected; media hype. | Ubuntu_linux, Linux_kernel, Opensuse, Linux_enterprise_real_time_extension, Linux_enterprise_server | N/A | ||
| 2016-04-21 | CVE-2016-3427 | Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX. | Cassandra, Ubuntu_linux, Debian_linux, E\-Series_santricity_management_plug\-Ins, E\-Series_santricity_storage_manager, E\-Series_santricity_web_services, Oncommand_balance, Oncommand_cloud_manager, Oncommand_insight, Oncommand_performance_manager, Oncommand_report, Oncommand_shift, Oncommand_unified_manager, Oncommand_workflow_automation, Storagegrid, Vasa_provider_for_clustered_data_ontap, Virtual_storage_console, Leap, Opensuse, Jdk, Jre, Jrockit, Linux, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_tus, Enterprise_linux_workstation, Satellite, Linux_enterprise_desktop, Linux_enterprise_module_for_legacy, Linux_enterprise_server, Linux_enterprise_software_development_kit, Manager, Manager_proxy, Openstack_cloud | 9.8 | ||
| 2009-08-11 | CVE-2009-2416 | Multiple use-after-free vulnerabilities in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allow context-dependent attackers to cause a denial of service (application crash) via crafted (1) Notation or (2) Enumeration attribute types in an XML file, as demonstrated by the Codenomicon XML fuzzing framework. | Iphone_os, Mac_os_x, Mac_os_x_server, Safari, Ubuntu_linux, Debian_linux, Fedora, Chrome, Opensuse, Enterprise_linux, Openoffice\.org, Linux_enterprise, Linux_enterprise_server, Esx, Esxi, Vcenter_server, Vma, Libxml, Libxml2 | 6.5 | ||
| 2016-09-26 | CVE-2016-4303 | The parse_string function in cjson.c in the cJSON library mishandles UTF8/16 strings, which allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a non-hex character in a JSON string, which triggers a heap-based buffer overflow. | Debian_linux, Iperf3, Suse_package_hub_for_suse_linux_enterprise, Leap, Opensuse | 9.8 |