bind: stack exhaustion in control channel code may lead to DoS

A flaw was found in the Bind package. The code that processes control channel messages sent to named calls certain functions recursively during packet parsing. Recursion depth is only limited by the maximum accepted packet size. Depending on the environment, this may cause the packet-parsing code...

bind: stack exhaustion in control channel code may lead to DoS

A flaw was found in the Bind package. The code that processes control channel messages sent to named calls certain functions recursively during packet parsing. Recursion depth is only limited by the maximum accepted packet size. Depending on the environment, this may cause the packet-parsing code...

SUSE CVE-2023-5176

Memory safety bugs present in Firefox 117, Firefox ESR 115.2, and Thunderbird 115.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox 118, Firefox ESR...

dotnet: Denial of Service with Client Certificates using .NET Kestrel

A vulnerability was found in dotnet. This issue can lead to a denial of service when processing X.509 certificates...

flac: Remote Code Execution (RCE) via the bitwriter_grow_ function, by supplying crafted input to the encoder

A flaw was found in the libeconf library. This issue occurs due to a buffer overflow vulnerability in the bitwritergrow function in FLAC that allows remote attackers to run arbitrary code via crafted input to the encoder...

Mozilla: Memory corruption in IPC FilePickerShownCallback

The Mozilla Foundation Security Advisory describes this flaw as: When creating a callback over IPC for showing the File Picker window, multiple of the same callbacks could have been created at a time and eventually all simultaneously destroyed as soon as one of the callbacks finished. This could...

SUSE CVE-2023-4428

Out of bounds memory access in CSS in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. Chromium security severity: High...

webkitgtk: arbitrary code execution

A vulnerability was found in webkitgtk. This issue occurs when processing web content, which may lead to arbitrary code execution...

[SECURITY] Fedora 37 Update: rust-ybaas-0.0.10-7.fc37

Don't you love when you accidentally tap your Yubikey when you have your IRC client in focus and you send 987947 into Libera? Want to be able to have that experience without having to reach all the way over to your laptop's USB port? Don't want the complexity of installing and using the yubibomb...

ntfs-3g: crafted NTFS image can cause heap exhaustion in ntfs_get_attribute_value

A vulnerability was found in NTFS-3G. Incorrect validation of NTFS metadata can result in a heap exhaustion when processing a crafted NTFS image file or partition...

snakeyaml: Uncaught exception in java.base/java.util.ArrayList.hashCode

A flaw was found in the snakeyaml package due to a stack-overflow in parsing YAML files. By persuading a victim to open a specially-crafted file, a remote attacker could cause the application to crash...

SUSE CVE-2007-0448

The fopen function in PHP 5.2.0 does not properly handle invalid URI handlers, which allows context-dependent attackers to bypass safemode restrictions and read arbitrary files via a file path specified with an invalid URI, as demonstrated via the srpath URI...

SUSE CVE-2007-0474

Smb4K before 0.8.0 allow local users, when present on the Smb4K sudoers list, to kill arbitrary processes, related to a "design issue with smb4kkill."...

SUSE CVE-2007-1420

MySQL 5.x before 5.0.36 allows local users to cause a denial of service database crash by performing informationschema table subselects and using ORDER BY to sort a single-row result, which prevents certain structure elements from being initialized and triggers a NULL dereference in the filesort...

SUSE CVE-2010-1917

Stack consumption vulnerability in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allows context-dependent attackers to cause a denial of service PHP crash via a crafted first argument to the fnmatch function, as demonstrated using a long string...

SUSE CVE-2012-6093

The QSslSocket::sslErrors function in Qt before 4.6.5, 4.7.x before 4.7.6, 4.8.x before 4.8.5, when using certain versions of openSSL, uses an "incompatible structure layout" that can read memory from the wrong location, which causes Qt to report an incorrect error when certificate validation fai...

SUSE CVE-2014-8119

The findifcfgpath function in netcf before 0.2.7 might allow attackers to cause a denial of service application crash via vectors involving augeas path expressions...

SUSE CVE-2014-8627

PolarSSL 1.3.8 does not properly negotiate the signature algorithm to use, which allows remote attackers to conduct downgrade attacks via unspecified vectors...

SUSE CVE-2014-9627

The MP4ReadBoxString function in modules/demux/mp4/libmp4.c in VideoLAN VLC media player before 2.1.6 performs an incorrect cast operation from a 64-bit integer to a 32-bit integer, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large bo...

SUSE CVE-2015-1463

ClamAV before 0.98.6 allows remote attackers to cause a denial of service crash via a crafted petite packer file, related to an "incorrect compiler optimization."...