Opensuse - Vulncode-DB

Note:

This project will be discontinued after December 13, 2021. [more]

Product:
Opensuse
(Opensuse)

Repositories

• https://github.com/phpmyadmin/phpmyadmin
• https://github.com/krb5/krb5
• https://github.com/torvalds/linux
• https://github.com/file/file
• https://github.com/madler/zlib

• https://github.com/php/php-src
• https://github.com/quassel/quassel
• https://github.com/libarchive/libarchive
• https://github.com/mdadams/jasper
• https://github.com/git/git
• https://github.com/libgd/libgd
• https://github.com/SpiderLabs/ModSecurity
• https://github.com/erikd/libsndfile
• https://github.com/dosfstools/dosfstools
• https://github.com/atheme/atheme
• https://github.com/roundcube/roundcubemail
• git://git.openssl.org/openssl.git
• https://github.com/apache/httpd
• https://github.com/systemd/systemd
• https://github.com/karelzak/util-linux
• https://github.com/mongodb/mongo-python-driver
• https://github.com/ibus/ibus-anthy
• https://github.com/phppgadmin/phppgadmin
• https://github.com/esnet/iperf
• https://github.com/ImageMagick/ImageMagick
• https://github.com/opencontainers/runc
• https://github.com/OpenVPN/openvpn
• https://github.com/FreeRDP/FreeRDP
• https://github.com/mysql/mysql-server
• https://github.com/puppetlabs/puppet
• https://github.com/vadz/libtiff
• https://github.com/libimobiledevice/libimobiledevice
• https://github.com/fragglet/lhasa
• https://github.com/ocaml/ocaml
• https://github.com/stedolan/jq
• https://github.com/Matroska-Org/libmatroska
• https://github.com/ipython/ipython
• https://github.com/kerolasa/lelux-utiliteetit
• https://github.com/weidai11/cryptopp
• https://github.com/khaledhosny/ots
• https://github.com/jmacd/xdelta-devel
• https://github.com/libguestfs/hivex
• https://github.com/miniupnp/miniupnp
• https://github.com/python-pillow/Pillow
• https://github.com/django/django
• https://github.com/drk1wi/portspoof
• https://github.com/bagder/curl
• https://github.com/audreyt/module-signature
• https://github.com/LibRaw/LibRaw

#Vulnerabilities

1420

Date	Id	Summary	Products	Score	Patch	Annotated
2019-11-04	CVE-2017-5331	Integer overflow in the check_offset function in b/wrestool/fileread.c in icoutils before 0.31.1 allows local users to cause a denial of service (process crash) and execute arbitrary code via a crafted executable.	Ubuntu_linux, Debian_linux, Icoutils, Leap, Opensuse	N/A
2019-11-01	CVE-2013-3718	evince is missing a check on number of pages which can lead to a segmentation fault	Debian_linux, Evince, Opensuse, Enterprise_linux	N/A
2013-08-18	CVE-2013-4238	The ssl.match_hostname function in the SSL module in Python 2.6 through 3.4 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.	Ubuntu_linux, Opensuse, Python	N/A
2015-07-26	CVE-2015-3227	The (1) jdom.rb and (2) rexml.rb components in Active Support in Ruby on Rails before 4.1.11 and 4.2.x before 4.2.2, when JDOM or REXML is enabled, allow remote attackers to cause a denial of service (SystemStackError) via a large XML document depth.	Opensuse, Rails	N/A
2014-11-18	CVE-2014-7829	Directory traversal vulnerability in actionpack/lib/action_dispatch/middleware/static.rb in Action Pack in Ruby on Rails 3.x before 3.2.21, 4.0.x before 4.0.12, 4.1.x before 4.1.8, and 4.2.x before 4.2.0.beta4, when serve_static_assets is enabled, allows remote attackers to determine the existence of files outside the application root via vectors involving a \ (backslash) character, a similar issue to CVE-2014-7818.	Opensuse, Rails, Ruby_on_rails	N/A
2014-11-08	CVE-2014-7818	Directory traversal vulnerability in actionpack/lib/action_dispatch/middleware/static.rb in Action Pack in Ruby on Rails 3.x before 3.2.20, 4.0.x before 4.0.11, 4.1.x before 4.1.7, and 4.2.x before 4.2.0.beta3, when serve_static_assets is enabled, allows remote attackers to determine the existence of files outside the application root via a /..%2F sequence.	Opensuse, Rails, Ruby_on_rails	N/A
2014-02-20	CVE-2014-0081	Multiple cross-site scripting (XSS) vulnerabilities in actionview/lib/action_view/helpers/number_helper.rb in Ruby on Rails before 3.2.17, 4.0.x before 4.0.3, and 4.1.x before 4.1.0.beta2 allow remote attackers to inject arbitrary web script or HTML via the (1) format, (2) negative_format, or (3) units parameter to the (a) number_to_currency, (b) number_to_percentage, or (c) number_to_human helper.	Opensuse, Opensuse, Cloudforms, Enterprise_linux, Rails, Ruby_on_rails	N/A
2014-10-31	CVE-2013-0334	Bundler before 1.7, when multiple top-level source lines are used, allows remote attackers to install arbitrary gems by creating a gem with the same name as another gem in a different source.	Bundler, Fedora, Opensuse	N/A
2012-08-06	CVE-2012-3867	lib/puppet/ssl/certificate_authority.rb in Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, does not properly restrict the characters in the Common Name field of a Certificate Signing Request (CSR), which makes it easier for user-assisted remote attackers to trick administrators into signing a crafted agent certificate via ANSI control sequences.	Ubuntu_linux, Debian_linux, Opensuse, Puppet, Puppet_enterprise, Puppet, Linux_enterprise_desktop, Linux_enterprise_server	N/A
2016-04-19	CVE-2014-9761	Multiple stack-based buffer overflows in the GNU C Library (aka glibc or libc6) before 2.23 allow context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long argument to the (1) nan, (2) nanf, or (3) nanl function.	Ubuntu_linux, Fedora, Glibc, Opensuse, Linux_enterprise_debuginfo, Linux_enterprise_desktop, Linux_enterprise_server, Linux_enterprise_software_development_kit, Suse_linux_enterprise_server	9.8