SUSE CVE-2025-2361

A vulnerability was found in Mercurial SCM 4.5.3/71.19.145.211. It has been declared as problematic. This vulnerability affects unknown code of the component Web Interface. The manipulation of the argument cmd leads to cross site scripting. The attack can be initiated remotely. The exploit has be...

SUSE CVE-2025-1736

In PHP from 8.1. before 8.1.32, from 8.2. before 8.2.28, from 8.3. before 8.3.19, from 8.4. before 8.4.5, when user-supplied headers are sent, the insufficient validation of the end-of-line characters may prevent certain headers from being sent or lead to certain headers be misinterpreted...

SUSE CVE-2025-2137

Out of bounds read in V8 in Google Chrome prior to 134.0.6998.88 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. Chromium security severity: Medium...

io.netty:netty-handler: SslHandler doesn't correctly validate packets which can lead to native crash when using native SSLEngine

A flaw was found in Netty's SslHandler. This vulnerability allows a native crash via a specially crafted packet that bypasses proper validation...

SUSE CVE-2023-52968

MariaDB Server 10.4 before 10.4.33, 10.5 before 10.5.24, 10.6 before 10.6.17, 10.7 through 10.11 before 10.11.7, 11.0 before 11.0.5, and 11.1 before 11.1.4 calls fixfieldsifneeded under mysqlderivedprepare when derived is not yet prepared, leading to a findfieldintable crash...

firefox: Clickjacking the registerProtocolHandler info-bar Reporter

A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: A web page could trick a user into setting that site as the default handler for a custom URL protocol...

firefox: Unexpected GC during RegExp bailout processing

A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: It was possible to interrupt the processing of a RegExp bailout and run additional JavaScript, potentially triggering garbage collection when the engine was not expecting it...

firefox: Inconsistent comparator in XSLT sorting led to out-of-bounds access

A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: An inconsistent comparator in xslt/txNodeSorter could have resulted in potentially exploitable out-of-bounds access...

CVE-2025-1935

A web page could trick a user into setting that site as the default handler for a custom URL protocol. This vulnerability affects Firefox 136, Firefox ESR 128.8, Thunderbird 136, and Thunderbird 128.8...

webkitgtk: Processing maliciously crafted web content may lead to memory corruption

A flaw was found in WebKitGTK. Processing malicious web content can cause memory corruption due to improper memory handling...

GHSA-R6J2-4R52-MPG7 vulnerabilities

Vulnerabilities for packages: openjdk...

mina-sshd: Java unsafe deserialization vulnerability

A flaw was found in Apache MINA SSHD, when using Java deserialization to load a serialized java.security.PrivateKey. An attacker could benefit from unsafe deserialization by inserting unsecured data that may affect the application or server...

bind: bind9: Many records in the additional section cause CPU exhaustion

A flaw was found in the bind package where a crafted DNS zone may generate numerous records in the 'Additional' section of the response. This flaw allows an attacker to send a large amount of such queries, which may lead either the authoritative server or an independent resolver to run into an...

mysql: FTS unspecified vulnerability (CPU Oct 2024)

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: FTS. Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromi...

mysql: MySQL Server: Denial of Service vulnerability

A flaw was found in MySQL Server. This vulnerability allows an unauthenticated attacker to cause a hang or frequently repeatable crash via logon to the infrastructure where MySQL Server executes...

CVE-2025-1414

Memory safety bugs present in Firefox 135. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox 135.0.1...

SUSE CVE-2023-49582

Lax permissions set by the Apache Portable Runtime library on Unix platforms would allow local users read access to named shared memory segments, potentially revealing sensitive application data. This issue does not affect non-Unix platforms, or builds with APRUSESHMEMSHMGET=1 apr.h Users are...

firefox: thunderbird: Use-after-free during concurrent delazification

A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: A race during concurrent delazification could have led to a use-after-free...

firefox: thunderbird: A bug in WebAssembly code generation could result in a crash

A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: A bug in WebAssembly code generation could lead to a crash. It may be possible for an attacker to leverage this to achieve code execution...

CVE-2025-21685

In the Linux kernel, the following vulnerability has been resolved: platform/x86: lenovo-yoga-tab2-pro-1380-fastcharger: fix serdev race The yt21380fcserdevprobe function calls devmserdevdeviceopen before setting the client ops via serdevdevicesetclientops. This ordering can trigger a NULL pointe...