Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Opensuse
(Opensuse)Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2016-06-03 | CVE-2016-4804 | The read_boot function in boot.c in dosfstools before 4.0 allows attackers to cause a denial of service (crash) via a crafted filesystem, which triggers a heap-based buffer overflow in the (1) read_fat function or an out-of-bounds heap read in (2) get_fat function. | Ubuntu_linux, Dosfstools, Leap, Opensuse | 6.2 | ||
2016-06-03 | CVE-2015-8872 | The set_fat function in fat.c in dosfstools before 4.0 might allow attackers to corrupt a FAT12 filesystem or cause a denial of service (invalid memory read and crash) by writing an odd number of clusters to the third to last entry on a FAT12 filesystem, which triggers an "off-by-two error." | Ubuntu_linux, Dosfstools, Leap, Opensuse | 6.2 | ||
2014-12-03 | CVE-2014-8104 | OpenVPN 2.x before 2.0.11, 2.1.x, 2.2.x before 2.2.3, and 2.3.x before 2.3.6 allows remote authenticated users to cause a denial of service (server crash) via a small control channel packet. | Ubuntu_linux, Debian_linux, Mageia, Opensuse, Openvpn, Openvpn_access_server | N/A | ||
2013-11-18 | CVE-2013-2061 | The openvpn_decrypt function in crypto.c in OpenVPN 2.3.0 and earlier, when running in UDP mode, allows remote attackers to obtain sensitive information via a timing attack involving an HMAC comparison function that does not run in constant time and a padding oracle attack on the CBC mode cipher. | Opensuse, Openvpn, Openvpn_access_server | N/A | ||
2015-05-12 | CVE-2015-3451 | The _clone function in XML::LibXML before 2.0119 does not properly set the expand_entities option, which allows remote attackers to conduct XML external entity (XXE) attacks via crafted XML data to the (1) new or (2) load_xml function. | Ubuntu_linux, Debian_linux, Fedora, Opensuse, Xml\-Libxml | N/A | ||
2012-03-22 | CVE-2011-3056 | Google Chrome before 17.0.963.83 allows remote attackers to bypass the Same Origin Policy via vectors involving a "magic iframe." | Iphone_os, Safari, Chrome, Opensuse | N/A | ||
2012-03-22 | CVE-2011-3055 | The browser native UI in Google Chrome before 17.0.963.83 does not require user confirmation before an unpacked extension installation, which allows user-assisted remote attackers to have an unspecified impact via a crafted extension. | Chrome, Opensuse | N/A | ||
2012-03-22 | CVE-2011-3054 | The WebUI privilege implementation in Google Chrome before 17.0.963.83 does not properly perform isolation, which allows remote attackers to bypass intended access restrictions via unspecified vectors. | Chrome, Opensuse | N/A | ||
2012-03-22 | CVE-2011-3053 | Use-after-free vulnerability in Google Chrome before 17.0.963.83 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to block splitting. | Iphone_os, Itunes, Safari, Chrome, Opensuse | N/A | ||
2012-03-22 | CVE-2011-3052 | The WebGL implementation in Google Chrome before 17.0.963.83 does not properly handle CANVAS elements, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. | Chrome, Opensuse | N/A |