SUSE CVE-2015-4890

Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Replication...

SUSE CVE-2016-0772

The smtplib library in CPython aka Python before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 does not return an error when StartTLS fails, which might allow man-in-the-middle attackers to bypass the TLS protections by leveraging a network position between the client and the registry to block...

SUSE CVE-2016-2216

The HTTP header parsing code in Node.js 0.10.x before 0.10.42, 0.11.6 through 0.11.16, 0.12.x before 0.12.10, 4.x before 4.3.0, and 5.x before 5.6.0 allows remote attackers to bypass an HTTP response-splitting protection mechanism via UTF-8 encoded Unicode characters in the HTTP header, as...

SUSE CVE-2016-2377

A buffer overflow vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent by the server could potentially result in an out-of-bounds write of one byte. A malicious server can send a negative content-length in response to a HTTP request triggering the...

SUSE CVE-2017-9210

libqpdf.a in QPDF 6.0.0 allows remote attackers to cause a denial of service infinite recursion and stack consumption via a crafted PDF document, related to unparse functions, aka qpdf-infiniteloop3...

SUSE CVE-2018-10860

perl-archive-zip is vulnerable to a directory traversal in Archive::Zip. It was found that the Archive::Zip module did not properly sanitize paths while extracting zip files. An attacker able to provide a specially crafted archive for processing could use this flaw to write or overwrite arbitrary...

SUSE CVE-2018-1000033

An out-of-bounds read exists in Info-Zip UnZip version 6.10c22 that allows an attacker to perform a denial of service and read sensitive memory...

SUSE CVE-2019-2420

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Optimizer. Supported versions that are affected are 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise...

SUSE CVE-2019-15523

An issue was discovered in LINBIT csync2 through 2.0. It does not correctly check for the return value GNUTLSEWARNINGALERTRECEIVED of the gnutlshandshake function. It neglects to call this function again, as required by the design of the API...

SUSE CVE-2019-18447

An issue was discovered in GitLab Community and Enterprise Edition before 12.4. It has Insecure Permissions...

SUSE CVE-2019-20379

ganglia-web aka Ganglia Web Frontend through 3.7.5 allows XSS via the header.php cs parameter...

SUSE CVE-2020-15667

When processing a MAR update file, after the signature has been validated, an invalid name length could result in a heap overflow, leading to memory corruption and potentially arbitrary code execution. Within Firefox as released by Mozilla, this issue is only exploitable with the Mozilla-controll...

SUSE CVE-2020-18971

Stack-based Buffer Overflow in PoDoFo v0.9.6 allows attackers to cause a denial of service via the component 'src/base/PdfDictionary.cpp:65'...

SUSE CVE-2020-35573

srs2.c in PostSRSd before 1.10 allows remote attackers to cause a denial of service CPU consumption via a long timestamp tag in an SRS address...

SUSE CVE-2021-26350

A TOCTOU race condition in SMU may allow for the caller to obtain and manipulate the address of a message port register which may result in a potential denial of service...

SUSE CVE-2021-43310

A vulnerability in Keylime before 6.3.0 allows an attacker to craft a request to the agent that resets the U and V keys as if the agent were being re-added to a verifier. This could lead to a remote code execution...

SUSE CVE-2022-0361

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2...

QEMU: QXL: qxl_phys2virt unsafe address translation can lead to out-of-bounds read

An out-of-bounds read flaw was found in the QXL display device emulation in QEMU. The qxlphys2virt function does not check the size of the structure pointed to by the guest's physical address, potentially reading past the end of the bar space into adjacent pages. This could allow a malicious gues...

Mozilla: Drag and Dropped Filenames could have been truncated to malicious extensions

The Mozilla Foundation Security Advisory describes this flaw as: A file with a long filename could have had its filename truncated to remove the valid extension, leaving a malicious extension in its place. This could potentially led to user confusion and the execution of malicious code...

golang: net/http/httputil: ReverseProxy forwards connection headers if first one is empty

A flaw was found in Go, acting as an unintended proxy or intermediary, where ReverseProxy forwards connection headers if the first one was empty. This flaw allows an attacker to drop arbitrary headers. The highest threat from this vulnerability is to integrity...