Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Opensuse
(Opensuse)| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2015-07-26 | CVE-2015-3227 | The (1) jdom.rb and (2) rexml.rb components in Active Support in Ruby on Rails before 4.1.11 and 4.2.x before 4.2.2, when JDOM or REXML is enabled, allow remote attackers to cause a denial of service (SystemStackError) via a large XML document depth. | Opensuse, Rails | N/A | ||
| 2014-11-18 | CVE-2014-7829 | Directory traversal vulnerability in actionpack/lib/action_dispatch/middleware/static.rb in Action Pack in Ruby on Rails 3.x before 3.2.21, 4.0.x before 4.0.12, 4.1.x before 4.1.8, and 4.2.x before 4.2.0.beta4, when serve_static_assets is enabled, allows remote attackers to determine the existence of files outside the application root via vectors involving a \ (backslash) character, a similar issue to CVE-2014-7818. | Opensuse, Rails, Ruby_on_rails | N/A | ||
| 2014-11-08 | CVE-2014-7818 | Directory traversal vulnerability in actionpack/lib/action_dispatch/middleware/static.rb in Action Pack in Ruby on Rails 3.x before 3.2.20, 4.0.x before 4.0.11, 4.1.x before 4.1.7, and 4.2.x before 4.2.0.beta3, when serve_static_assets is enabled, allows remote attackers to determine the existence of files outside the application root via a /..%2F sequence. | Opensuse, Rails, Ruby_on_rails | N/A | ||
| 2014-02-20 | CVE-2014-0081 | Multiple cross-site scripting (XSS) vulnerabilities in actionview/lib/action_view/helpers/number_helper.rb in Ruby on Rails before 3.2.17, 4.0.x before 4.0.3, and 4.1.x before 4.1.0.beta2 allow remote attackers to inject arbitrary web script or HTML via the (1) format, (2) negative_format, or (3) units parameter to the (a) number_to_currency, (b) number_to_percentage, or (c) number_to_human helper. | Opensuse, Opensuse, Cloudforms, Enterprise_linux, Rails, Ruby_on_rails | N/A | ||
| 2014-10-31 | CVE-2013-0334 | Bundler before 1.7, when multiple top-level source lines are used, allows remote attackers to install arbitrary gems by creating a gem with the same name as another gem in a different source. | Bundler, Fedora, Opensuse | N/A | ||
| 2012-08-06 | CVE-2012-3867 | lib/puppet/ssl/certificate_authority.rb in Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, does not properly restrict the characters in the Common Name field of a Certificate Signing Request (CSR), which makes it easier for user-assisted remote attackers to trick administrators into signing a crafted agent certificate via ANSI control sequences. | Ubuntu_linux, Debian_linux, Opensuse, Puppet, Puppet_enterprise, Puppet, Linux_enterprise_desktop, Linux_enterprise_server | N/A | ||
| 2016-04-19 | CVE-2014-9761 | Multiple stack-based buffer overflows in the GNU C Library (aka glibc or libc6) before 2.23 allow context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long argument to the (1) nan, (2) nanf, or (3) nanl function. | Ubuntu_linux, Fedora, Glibc, Opensuse, Linux_enterprise_debuginfo, Linux_enterprise_desktop, Linux_enterprise_server, Linux_enterprise_software_development_kit, Suse_linux_enterprise_server | 9.8 | ||
| 2016-01-13 | CVE-2016-1494 | The verify function in the RSA package for Python (Python-RSA) before 3.3 allows attackers to spoof signatures with a small public exponent via crafted signature padding, aka a BERserk attack. | Fedora, Leap, Opensuse, Rsa | 5.3 | ||
| 2016-01-21 | CVE-2016-0611 | Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier and 5.7.9 allows remote authenticated users to affect availability via unknown vectors related to Optimizer. | Ubuntu_linux, Leap, Opensuse, Mysql, Enterprise_linux | N/A | ||
| 2017-03-01 | CVE-2016-9830 | The MagickRealloc function in memory.c in Graphicsmagick 1.3.25 allows remote attackers to cause a denial of service (crash) via large dimensions in a jpeg image. | Debian_linux, Graphicsmagick, Leap, Opensuse | 5.5 |