Security Bulletin: A vulnerability in Open Source Apache Tomcat affects IBM FlashSystem 840, (CVE-2014-0230)

Summary There is a vulnerability in Open Source Apache Tomcat that is used by IBM FlashSystem 840 which allows remote attackers to cause a denial of service under certain scenarios. Vulnerability Details CVE-ID: CVE-2014-0230 DESCRIPTION: Apache Tomcat is vulnerable to a denial of service, caused...

SUSE-SU-2023:0419-1 Security update for nodejs18

This update for nodejs18 fixes the following issues: This update ships nodejs18 jscPED-2097 Update to NodejJS 18.13.0 LTS: build: disable v8 snapshot compression by default crypto: update root certificates deps: update ICU to 72.1 doc: + add doc-only deprecation for headers/trailers setters + add...

SUSE CVE-2005-1768

Race condition in the ia32 compatibility code for the execve system call in Linux kernel 2.4 before 2.4.31 and 2.6 before 2.6.6 allows local users to cause a denial of service kernel panic and possibly execute arbitrary code via a concurrent thread that increments a pointer count after the nargs...

SUSE CVE-2006-7203

The compatsysmount function in fs/compat.c in Linux kernel 2.6.20 and earlier allows local users to cause a denial of service NULL pointer dereference and oops by mounting a smbfs file system in compatibility mode "mount -t smbfs"...

SUSE CVE-2010-3081

The compatallocuserspace functions in include/asm/compat.h files in the Linux kernel before 2.6.36-rc4-git2 on 64-bit platforms do not properly allocate the userspace memory required for the 32-bit compatibility layer, which allows local users to gain privileges by leveraging the ability of the...

SUSE CVE-2010-4073

The ipc subsystem in the Linux kernel before 2.6.37-rc1 does not initialize certain structures, which allows local users to obtain potentially sensitive information from kernel stack memory via vectors related to the 1 compatsyssemctl, 2 compatsysmsgctl, and 3 compatsysshmctl functions in...

SUSE CVE-2012-6093

The QSslSocket::sslErrors function in Qt before 4.6.5, 4.7.x before 4.7.6, 4.8.x before 4.8.5, when using certain versions of openSSL, uses an "incompatible structure layout" that can read memory from the wrong location, which causes Qt to report an incorrect error when certificate validation fai...

SUSE CVE-2015-3278

The cipherstring parsing code in nsscompatossl while in multi-keyword mode does not match the expected set of ciphers for a given cipher combination, which allows attackers to have unspecified impact via unknown vectors...

SUSE CVE-2015-8966

arch/arm/kernel/sysoabi-compat.c in the Linux kernel before 4.4 allows local users to gain privileges via a crafted 1 FOFDGETLK, 2 FOFDSETLK, or 3 FOFDSETLKW command in an fcntl64 system call...

SUSE CVE-2017-18205

In builtin.c in zsh before 5.4, when sh compatibility mode is used, there is a NULL pointer dereference during processing of the cd command with no argument if HOME is not set...

SUSE CVE-2019-6977

gdImageColorMatch in gdcolormatch.c in the GD Graphics Library aka LibGD 2.2.5, as used in the imagecolormatch function in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1, has a heap-based buffer overflow. This can be exploited by an attacker who is able to trigg...

SUSE CVE-2020-14370

An information disclosure vulnerability was found in containers/podman in versions before 2.0.5. When using the deprecated Varlink API or the Docker-compatible REST API, if multiple containers are created in a short duration, the environment variables from the first container will get leaked into...

SUSE CVE-2021-27807

A carefully crafted PDF file can trigger an infinite loop while loading the file. This issue affects Apache PDFBox version 2.0.22 and prior 2.0.x versions...

SUSE CVE-2022-29205

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, there is a potential for segfault / denial of service in TensorFlow by calling tf.compat.v1. ops which don't yet have support for quantized types, which was added after migration to...

CVE-2023-25741

When dragging and dropping an image cross-origin, the image's size could potentially be leaked. This behavior was shipped in 109 and caused web compatibility problems as well as this security concern, so the behavior was disabled until further review. This vulnerability affects Firefox 110...

UBUNTU-CVE-2023-25741

When dragging and dropping an image cross-origin, the image's size could potentially be leaked. This behavior was shipped in 109 and caused web compatibility problems as well as this security concern, so the behavior was disabled until further review. This vulnerability affects Firefox 110...

MGASA-2023-0049 Updated phpmyadmin packages fix security vulnerability

Security fix for an XSS vulnerability in the drag-and-drop upload functionality PMASA-2023-01 Additional bugfixes including - issue 17506 Fix error when configuring 2FA without XMLWriter or Imagick issue 17519 Fix Export pages not working in certain conditions issue 17121 Fix passwordhash functio...

Updated phpmyadmin packages fix security vulnerability

Security fix for an XSS vulnerability in the drag-and-drop upload functionality PMASA-2023-01 Additional bugfixes including - issue 17506 Fix error when configuring 2FA without XMLWriter or Imagick issue 17519 Fix Export pages not working in certain conditions issue 17121 Fix passwordhash functio...

SUSE-SU-2023:0408-1 Security update for nodejs18

This update for nodejs18 fixes the following issues: This update ships nodejs18 jscPED-2097 Update to NodejJS 18.13.0 LTS: build: disable v8 snapshot compression by default crypto: update root certificates deps: update ICU to 72.1 doc: + add doc-only deprecation for headers/trailers setters + add...

CVE-2023-25136

OpenSSH server sshd 9.1 introduced a double-free vulnerability during options.kexalgorithms handling. This is fixed in OpenSSH 9.2. The double free can be leveraged, by an unauthenticated remote attacker in the default configuration, to jump to any location in the sshd address space. One...