Product:

Opensuse

(Opensuse)
Repositories https://github.com/phpmyadmin/phpmyadmin
https://github.com/krb5/krb5
https://github.com/torvalds/linux
https://github.com/file/file
https://github.com/madler/zlib
https://github.com/php/php-src
https://github.com/quassel/quassel
https://github.com/libarchive/libarchive
https://github.com/mdadams/jasper
https://github.com/git/git
https://github.com/libgd/libgd
https://github.com/SpiderLabs/ModSecurity
https://github.com/erikd/libsndfile
https://github.com/dosfstools/dosfstools
https://github.com/atheme/atheme
https://github.com/roundcube/roundcubemail
• git://git.openssl.org/openssl.git
https://github.com/apache/httpd
https://github.com/systemd/systemd
https://github.com/karelzak/util-linux
https://github.com/mongodb/mongo-python-driver
https://github.com/ibus/ibus-anthy
https://github.com/phppgadmin/phppgadmin
https://github.com/esnet/iperf
https://github.com/ImageMagick/ImageMagick
https://github.com/opencontainers/runc
https://github.com/OpenVPN/openvpn
https://github.com/FreeRDP/FreeRDP
https://github.com/mysql/mysql-server
https://github.com/puppetlabs/puppet
https://github.com/vadz/libtiff
https://github.com/libimobiledevice/libimobiledevice
https://github.com/fragglet/lhasa
https://github.com/ocaml/ocaml
https://github.com/stedolan/jq
https://github.com/Matroska-Org/libmatroska
https://github.com/ipython/ipython
https://github.com/kerolasa/lelux-utiliteetit
https://github.com/weidai11/cryptopp
https://github.com/khaledhosny/ots
https://github.com/jmacd/xdelta-devel
https://github.com/libguestfs/hivex
https://github.com/miniupnp/miniupnp
https://github.com/python-pillow/Pillow
https://github.com/django/django
https://github.com/drk1wi/portspoof
https://github.com/bagder/curl
https://github.com/audreyt/module-signature
https://github.com/LibRaw/LibRaw
#Vulnerabilities 1418
Date Id Summary Products Score Patch Annotated
2014-03-14 CVE-2014-2323 SQL injection vulnerability in mod_mysql_vhost.c in lighttpd before 1.4.35 allows remote attackers to execute arbitrary SQL commands via the host name, related to request_check_hostname. Debian_linux, Lighttpd, Opensuse, Linux_enterprise_high_availability_extension, Linux_enterprise_software_development_kit 9.8
2013-11-20 CVE-2013-4559 lighttpd before 1.4.33 does not check the return value of the (1) setuid, (2) setgid, or (3) setgroups functions, which might cause lighttpd to run as root if it is restarted and allows remote attackers to gain privileges, as demonstrated by multiple calls to the clone function that cause setuid to fail when the user process limit is reached. Debian_linux, Lighttpd, Opensuse N/A
2013-11-08 CVE-2013-4508 lighttpd before 1.4.34, when SNI is enabled, configures weak SSL ciphers, which makes it easier for remote attackers to hijack sessions by inserting packets into the client-server data stream or obtain sensitive information by sniffing the network. Debian_linux, Lighttpd, Opensuse 7.5
2014-03-14 CVE-2014-2324 Multiple directory traversal vulnerabilities in (1) mod_evhost and (2) mod_simple_vhost in lighttpd before 1.4.35 allow remote attackers to read arbitrary files via a .. (dot dot) in the host name, related to request_check_hostname. Sv\-Cpt\-Mc310_firmware, Debian_linux, Lighttpd, Opensuse, Linux_enterprise_high_availability_extension, Linux_enterprise_software_development_kit N/A
2013-04-25 CVE-2013-1915 ModSecurity before 2.7.3 allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via an XML external entity declaration in conjunction with an entity reference, aka an XML External Entity (XXE) vulnerability. Debian_linux, Fedora, Opensuse, Modsecurity N/A
2012-12-28 CVE-2012-4528 The mod_security2 module before 2.7.0 for the Apache HTTP Server allows remote attackers to bypass rules, and deliver arbitrary POST data to a PHP application, via a multipart request in which an invalid part precedes the crafted data. Fedora, Opensuse, Modsecurity N/A
2012-07-22 CVE-2009-5031 ModSecurity before 2.5.11 treats request parameter values containing single quotes as files, which allows remote attackers to bypass filtering rules and perform other attacks such as cross-site scripting (XSS) attacks via a single quote in a request parameter in the Content-Disposition field of a request with a multipart/form-data Content-Type header. Opensuse, Modsecurity N/A
2011-12-25 CVE-2011-4862 Buffer overflow in libtelnet/encrypt.c in telnetd in FreeBSD 7.3 through 9.0, MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.2 and earlier, Heimdal 1.5.1 and earlier, GNU inetutils, and possibly other products allows remote attackers to execute arbitrary code via a long encryption key, as exploited in the wild in December 2011. Debian_linux, Fedora, Freebsd, Inetutils, Heimdal, Krb5\-Appl, Opensuse, Linux_enterprise_desktop, Linux_enterprise_server, Linux_enterprise_software_development_kit N/A
2016-02-13 CVE-2015-8631 Multiple memory leaks in kadmin/server/server_stubs.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 allow remote authenticated users to cause a denial of service (memory consumption) via a request specifying a NULL principal name. Debian_linux, Kerberos_5, Leap, Opensuse, Linux, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_tus, Enterprise_linux_workstation 6.5
2016-02-13 CVE-2015-8629 The xdr_nullstring function in lib/kadm5/kadm_rpc_xdr.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 does not verify whether '\0' characters exist as expected, which allows remote authenticated users to obtain sensitive information or cause a denial of service (out-of-bounds read) via a crafted string. Debian_linux, Kerberos_5, Leap, Opensuse, Linux, Solaris, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_tus, Enterprise_linux_workstation 5.3