SUSE CVE-2012-0786

The transformsave function in transform.c in Augeas before 1.0.0 allows local users to overwrite arbitrary files and obtain sensitive information via a symlink attack on a .augnew file...

SUSE CVE-2015-8034

The state.sls function in Salt before 2015.8.3 uses weak permissions on the cache data, which allows local users to obtain sensitive information by reading the file...

SUSE CVE-2016-8619

The function readdata in security.c in curl before version 7.51.0 is vulnerable to memory double free...

SUSE CVE-2017-10209

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization subcomponent: Core. The supported version that is affected is Prior to 5.1.24. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to...

SUSE CVE-2017-14058

In FFmpeg 2.4 and 3.3.3, the readdata function in libavformat/hls.c does not restrict reload attempts for an insufficient list, which allows remote attackers to cause a denial of service infinite loop...

SUSE CVE-2017-14503

libarchive 3.3.2 suffers from an out-of-bounds read within lhareaddatanone in archivereadsupportformatlha.c when extracting a specially crafted lha archive, related to lhacrc16...

SUSE CVE-2018-10923

It was found that the "mknod" call derived from mknod2 can create files pointing to devices on a glusterfs server node. An authenticated attacker could use this to create an arbitrary device and read data from any device attached to the glusterfs server node...

SUSE CVE-2019-2504

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization subcomponent: Core. Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox...

SUSE CVE-2019-2506

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization subcomponent: Core. Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox...

SUSE CVE-2019-2911

Vulnerability in the MySQL Server product of Oracle MySQL component: Information Schema. Supported versions that are affected are 5.6.45 and prior, 5.7.27 and prior and 8.0.17 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to...

SUSE CVE-2019-2996

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Deployment. The supported version that is affected is Java SE: 8u221; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to...

SUSE CVE-2020-2875

Vulnerability in the MySQL Connectors product of Oracle MySQL component: Connector/J. Supported versions that are affected are 8.0.14 and prior and 5.1.48 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL...

SUSE CVE-2021-23977

Firefox for Android suffered from a time-of-check-time-of-use vulnerability that allowed a malicious application to read sensitive data from application directories. Note: This issue is only affected Firefox for Android. Other operating systems are unaffected. This vulnerability affects Firefox 8...

SUSE CVE-2021-30470

A flaw was found in PoDoFo 0.9.7. An uncontrolled recursive call among PdfTokenizer::ReadArray, PdfTokenizer::GetNextVariant and PdfTokenizer::ReadDataType functions can lead to a stack overflow...

CVE-2023-23859

SAP NetWeaver AS for ABAP and ABAP Platform - versions 740, 750, 751, 752, 753, 754, 755, 756, 757, 789, 790, allows an unauthenticated attacker to craft a malicious link, which when clicked by an unsuspecting user, can be used to read or modify some sensitive information...

PT-2023-15956 · Sap · Sap Solution Manager

Name of the Vulnerable Software and Affected Versions: SAP Solution Manager BSP Application version 720 Description: The issue allows an authenticated attacker to craft a malicious link. When clicked by an unsuspecting user, this link can be used to read or modify some sensitive information or...

The vulnerability of the WebUI user interface of the Oracle Primavera Gateway integration platform allows a malicious individual to gain unauthorized access to read, modify, or delete data.

The vulnerability of the WebUI user interface of the Oracle Primavera Gateway data integration platform is related to insufficient validation of entered data. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to read, modify, or delete data usi...

The vulnerability of Zoom’s software for conducting video conferences on Android devices stems from incorrect path name restrictions for the restricted access catalog. This allows attackers to read and write data in the Zoom application’s catalog.

The vulnerability of Zoom video conferencing software is related to incorrect restrictions on the path name to the restricted access catalog. Exploiting this vulnerability could allow an attacker to read and write data in the Zoom application’s catalog...

CVE-2023-21831

Vulnerability in the PeopleSoft Enterprise CS Academic Advisement product of Oracle PeopleSoft component: Advising Notes. The supported version that is affected is 9.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterpris...

CVE-2023-0017

An unauthenticated attacker in SAP NetWeaver AS for Java - version 7.50, due to improper access control, can attach to an open interface and make use of an open naming and directory API to access services which can be used to perform unauthorized operations affecting users and data on the current...