SUSE CVE-2012-2695

The Active Record component in Ruby on Rails before 3.0.14, 3.1.x before 3.1.6, and 3.2.x before 3.2.6 does not properly implement the passing of request data to a where method in an ActiveRecord class, which allows remote attackers to conduct certain SQL injection attacks via nested query...

SUSE CVE-2012-4600

Cross-site scripting XSS vulnerability in Open Ticket Request System OTRS Help Desk 2.4.x before 2.4.14, 3.0.x before 3.0.16, and 3.1.x before 3.1.10, when Firefox or Opera is used, allows remote attackers to inject arbitrary web script or HTML via an e-mail message body with nested HTML tags...

SUSE CVE-2012-5614

Oracle MySQL 5.1.67 and earlier and 5.5.29 and earlier, and MariaDB 5.5.28a and possibly other versions, allows remote authenticated users to cause a denial of service mysqld crash via a SELECT command with an UpdateXML command containing XML with a large number of unique, nested elements...

SUSE CVE-2013-0151

The dohvmop function in xen/arch/x86/hvm/hvm.c in Xen 4.2.x on the x8632 platform does not prevent HVMPARAMNESTEDHVM aka nested virtualization operations, which allows guest OS users to cause a denial of service long-duration page mappings and host OS crash by leveraging administrative access to ...

SUSE CVE-2013-0152

Memory leak in Xen 4.2 and unstable allows local HVM guests to cause a denial of service host memory consumption by performing nested virtualization in a way that triggers errors that are not properly handled...

SUSE CVE-2013-0175

multixml gem 0.5.2 for Ruby, as used in Grape before 0.2.6 and possibly other products, does not properly restrict casts of string values, which allows remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a denial of service memory and CPU consumption involvin...

SUSE CVE-2013-1813

util-linux/mdev.c in BusyBox before 1.21.0 uses 0777 permissions for parent directories when creating nested directories under /dev/, which allows local users to have unknown impact and attack vectors...

SUSE CVE-2013-4551

Xen 4.2.x and 4.3.x, when nested virtualization is disabled, does not properly check the emulation paths for 1 VMLAUNCH and 2 VMRESUME, which allows local HVM guest users to cause a denial of service host crash via unspecified vectors related to "guest VMX instruction execution."...

SUSE CVE-2013-7451

The validator module before 1.1.0 for Node.js allows remote attackers to bypass the XSS filter via a nested tag...

SUSE CVE-2013-7454

The validator module before 1.1.0 for Node.js allows remote attackers to bypass the cross-site scripting XSS filter via nested forbidden strings...

SUSE CVE-2014-3660

parser.c in libxml2 before 2.9.2 does not properly prevent entity expansion even when entity substitution has been disabled, which allows context-dependent attackers to cause a denial of service CPU consumption via a crafted XML document containing a large number of nested entity references, a...

SUSE CVE-2014-4330

The Dumper method in Data::Dumper before 2.154, as used in Perl 5.20.1 and earlier, allows context-dependent attackers to cause a denial of service stack consumption and crash via an Array-Reference with many nested Array-References, which triggers a large number of recursive calls to the DDdump...

SUSE CVE-2014-7187

Off-by-one error in the readtokenword function in parse.y in GNU Bash through 4.3 bash43-026 allows remote attackers to cause a denial of service out-of-bounds array access and application crash or possibly have unspecified other impact via deeply nested for loops, aka the "wordlineno" issue...

SUSE CVE-2014-9769

pcrejitcompile.c in PCRE 8.35 does not properly use table jumps to optimize nested alternatives, which allows remote attackers to cause a denial of service stack memory corruption or possibly have unspecified other impact via a crafted string, as demonstrated by packets encountered by Suricata...

SUSE CVE-2015-2931

Incomplete blacklist vulnerability in includes/upload/UploadBase.php in MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 allows remote attackers to inject arbitrary web script or HTML via an application/xml MIME type for a nested SVG with a data: URI...

SUSE CVE-2015-2942

MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2, when using HHVM, allows remote attackers to cause a denial of service CPU and memory consumption via a large number of nested entity references in an 1 SVG file or 2 XMP metadata in a PDF file, aka a "billion laughs attack," ...

SUSE CVE-2015-3291

arch/x86/entry/entry64.S in the Linux kernel before 4.1.6 on the x8664 platform does not properly determine when nested NMI processing is occurring, which allows local users to cause a denial of service skipped NMI by modifying the rsp register, issuing a syscall instruction, and triggering an NM...

SUSE CVE-2015-7577

activerecord/lib/activerecord/nestedattributes.rb in Active Record in Ruby on Rails 3.1.x and 3.2.x before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 does not properly implement a certain destroy option, which allows remote attackers to bypass...

SUSE CVE-2015-7686

Algorithmic complexity vulnerability in Address.pm in the Email-Address module 1.908 and earlier for Perl allows remote attackers to cause a denial of service CPU consumption via a crafted string containing a list of e-mail addresses in conjunction with parenthesis characters that can be associat...

SUSE CVE-2015-8789

Use-after-free vulnerability in the EbmlMaster::Read function in libEBML before 1.3.3 allows context-dependent attackers to have unspecified impact via a "deeply nested element with infinite size" followed by another element of an upper level in an EBML document...