Product:

Opensuse

(Opensuse)
Repositories https://github.com/phpmyadmin/phpmyadmin
https://github.com/krb5/krb5
https://github.com/torvalds/linux
https://github.com/madler/zlib
https://github.com/quassel/quassel
https://github.com/SpiderLabs/ModSecurity
https://github.com/erikd/libsndfile
https://github.com/dosfstools/dosfstools
https://github.com/mdadams/jasper
https://github.com/atheme/atheme
https://github.com/roundcube/roundcubemail
https://github.com/git/git
https://github.com/libarchive/libarchive
https://github.com/karelzak/util-linux
https://github.com/apache/httpd
https://github.com/ImageMagick/ImageMagick
https://github.com/opencontainers/runc
• git://git.openssl.org/openssl.git
https://github.com/OpenVPN/openvpn
https://github.com/FreeRDP/FreeRDP
https://github.com/esnet/iperf
https://github.com/mysql/mysql-server
https://github.com/puppetlabs/puppet
https://github.com/libgd/libgd
https://github.com/vadz/libtiff
https://github.com/libimobiledevice/libimobiledevice
https://github.com/fragglet/lhasa
https://github.com/ocaml/ocaml
https://github.com/stedolan/jq
https://github.com/systemd/systemd
https://github.com/Matroska-Org/libmatroska
https://github.com/ipython/ipython
https://github.com/kerolasa/lelux-utiliteetit
https://github.com/weidai11/cryptopp
https://github.com/khaledhosny/ots
https://github.com/jmacd/xdelta-devel
https://github.com/libguestfs/hivex
https://github.com/php/php-src
https://github.com/miniupnp/miniupnp
https://github.com/python-pillow/Pillow
https://github.com/django/django
https://github.com/drk1wi/portspoof
https://github.com/ibus/ibus-anthy
https://github.com/bagder/curl
https://github.com/audreyt/module-signature
https://github.com/mongodb/mongo-python-driver
https://github.com/LibRaw/LibRaw
https://github.com/phppgadmin/phppgadmin
#Vulnerabilities 1267
Date Id Summary Products Score Patch Annotated
2014-10-15 CVE-2014-3566 The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue. Mac_os_x, Debian_linux, Fedora, Aix, Vios, Mageia, Netbsd, Suse_linux_enterprise_desktop, Suse_linux_enterprise_server, Suse_linux_enterprise_software_development_kit, Openssl, Opensuse, Database, Enterprise_linux, Enterprise_linux_desktop, Enterprise_linux_desktop_supplementary, Enterprise_linux_server, Enterprise_linux_server_supplementary, Enterprise_linux_workstation, Enterprise_linux_workstation_supplementary 3.4
2013-02-24 CVE-2012-6093 The QSslSocket::sslErrors function in Qt before 4.6.5, 4.7.x before 4.7.6, 4.8.x before 4.8.5, when using certain versions of openSSL, uses an "incompatible structure layout" that can read memory from the wrong location, which causes Qt to report an incorrect error when certificate validation fails and might cause users to make unsafe security decisions to accept a certificate. Ubuntu_linux, Opensuse, Qt N/A
2014-05-08 CVE-2014-0190 The GIF decoder in QtGui in Qt before 5.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via invalid width and height values in a GIF image. Ubuntu_linux, Fedora, Opensuse, Qt N/A
2008-08-06 CVE-2008-2939 Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary web script or HTML via a wildcard in the last directory component in the pathname in an FTP URI. Http_server, Mac_os_x, Ubuntu_linux, Opensuse N/A
2009-09-08 CVE-2009-3095 The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pack Professional 8.11. Http_server, Mac_os_x, Debian_linux, Fedora, Opensuse, Linux_enterprise_desktop, Linux_enterprise_server N/A
2015-03-08 CVE-2015-0228 The lua_websocket_read function in lua_request.c in the mod_lua module in the Apache HTTP Server through 2.4.12 allows remote attackers to cause a denial of service (child-process crash) by sending a crafted WebSocket Ping frame after a Lua script has called the wsupgrade function. Http_server, Mac_os_x, Mac_os_x_server, Ubuntu_linux, Opensuse N/A
2013-11-23 CVE-2013-0221 The SUSE coreutils-i18n.patch for GNU coreutils allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a long string to the sort command, when using the (1) -d or (2) -M switch, which triggers a stack-based buffer overflow in the alloca function. Opensuse, Enterprise_linux N/A
2013-11-23 CVE-2013-0222 The SUSE coreutils-i18n.patch for GNU coreutils allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a long string to the uniq command, which triggers a stack-based buffer overflow in the alloca function. Opensuse, Enterprise_linux N/A
2013-11-23 CVE-2013-0223 The SUSE coreutils-i18n.patch for GNU coreutils allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a long string to the join command, when using the -i switch, which triggers a stack-based buffer overflow in the alloca function. Opensuse, Enterprise_linux N/A
2017-02-15 CVE-2016-8866 The AcquireMagickMemory function in MagickCore/memory.c in ImageMagick 7.0.3.3 before 7.0.3.8 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation failure. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8862. Imagemagick, Leap, Opensuse 8.8