graalvm: Unauthorized Read Access

A vulnerability was found in GraalVM and Mandrel Community Edition. Successful attacks of this vulnerability can result in unauthorized read access...

firefox: thunderbird: Potential opening of private browsing tabs in normal browsing windows

A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: A race condition could have led to private browsing tabs being opened in normal browsing windows. This could have resulted in a potential privacy leak...

firefox: thunderbird: Use-after-free in Custom Highlight

A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: An attacker could have caused a use-after-free via the Custom Highlight API, leading to a potentially exploitable crash...

CVE-2020-6294

Xvfb of SAP Business Objects Business Intelligence Platform, versions - 4.2, 4.3, platform on Unix does not perform any authentication checks for functionalities that require user identity...

firefox: thunderbird: A bug in WebAssembly code generation could result in a crash

A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: A bug in WebAssembly code generation could lead to a crash. It may be possible for an attacker to leverage this to achieve code execution...

SUSE CVE-2025-1018

The fullscreen notification is prematurely hidden when fullscreen is re-requested quickly by the user. This could have been leveraged to perform a potential spoofing attack. This vulnerability was fixed in Firefox 135 and Thunderbird 135...

bzip2: bzip2: Data integrity error when decompressing (with data integrity tests fail).

A data integrity error was found in the bzip2 User-space package functionality when decompressing. This issue occurs when a user decompresses a particular kind of .bz2 files. A local user could get unexpected results or corrupted data as result of decompressing these files...

mysql: Client: mysqldump unspecified vulnerability (CPU Apr 2024)

A flaw was found in the MySQL Server product of Oracle MySQL component: Client: mysqldump. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can resul...

SUSE CVE-2025-0781

An attacker can bypass the sandboxing of Nasal scripts and arbitrarily write to any file path that the user has permission to modify at the operating-system level...

CVE-2025-20128

A vulnerability in the Object Linking and Embedding 2 OLE2 decryption routine of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to an integer underflow in a bounds check that allows for a heap buff...

CVE-2024-52948

CSRF on 2FA registration...

jinja2: Jinja has a sandbox breakout through malicious filenames

A flaw was found in the Jinja2 package. A bug in the Jinja compiler allows an attacker that controls both the content and filename of a template to execute arbitrary Python code, regardless of Jinja's sandbox being used. An attacker needs to be able to control both the filename and the contents o...

raptor: integer underflow when normalizing a URI with the turtle parser

A flaw was found in the Raptor RDF syntax library librdf. An integer underflow condition may be triggered when normalizing a URI with the turtle parser. This issue could cause memory corruption or an application crash, leading to a denial of service or other undefined behavior...

raptor: integer underflow when normalizing a URI with the turtle parser

A flaw was found in the Raptor RDF syntax library librdf. An integer underflow condition may be triggered when normalizing a URI with the turtle parser. This issue could cause memory corruption or an application crash, leading to a denial of service or other undefined behavior...

firefox: thunderbird: Use-after-free when breaking lines in text

A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: Assuming a controlled failed memory allocation, an attacker could have caused a use-after-free, leading to a potentially exploitable crash...

CVE-2021-27367 affecting package bolt 0.9.2-2

CVE-2021-27367 affecting package bolt 0.9.2-2. This CVE either no longer is or was never applicable...

WebKitGTK: Processing maliciously crafted web content may lead to an unexpected process crash

A flaw was found in webkitgtk. In affected versions of this package, processing maliciously crafted web content may lead to an unexpected process crash...

webkit: Processing maliciously crafted web content may lead to an unexpected process crash

A vulnerability was found in Webkit. Processing maliciously crafted web content may lead to an unexpected process crash...

firefox: Memory corruption when using JavaScript Text Segmentation

A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: When segmenting specially crafted text, segmentation would corrupt memory leading to a potentially exploitable crash...

firefox: Compartment mismatch when parsing JavaScript JSON module

A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: Parsing a JavaScript module as JSON could, under some circumstances, cause cross-compartment access, which may result in a use-after-free...