CVE-2024-21203

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: FTS. Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromi...

wildfly: No timeout for EAP management interface may lead to Denial of Service (DoS)

A vulnerability was found in Wildfly’s management interface. Due to the lack of limitation of sockets for the management interface, it may be possible to cause a denial of service hitting the nofile limit as there is no possibility to configure or set a maximum number of connections...

dotnet: Denial of Service in System.Text.Json

A flaw was found in dotnet. In System.Text.Json, applications that deserialize input to a model with an ExtensionData property can be vulnerable to an algorithmic complexity attack, resulting in a denial of service...

dotnet: System.IO.Packaging - Multiple DoS vectors in use of SortedList

A flaw was found in dotnet. The System.IO.Packaging library may allow untrusted inputs to influence algorithmically complex operations, resulting in a denial of service...

SUSE CVE-2024-28168

Improper Restriction of XML External Entity Reference 'XXE' vulnerability in Apache XML Graphics FOP. This issue affects Apache XML Graphics FOP: 2.9. Users are recommended to upgrade to version 2.10, which fixes the issue...

SUSE CVE-2024-46292

A buffer overflow in modsecurity v3.0.12 allows attackers to cause a Denial of Service DoS via a crafted input inserted into the name parameter. NOTE: this is disputed by the Supplier because it cannot be reproduced. Also, the product's documentation indicates that it is not guaranteed to be usab...

firefox: thunderbird: Potential memory corruption may occur when cloning certain objects

A flaw was found in Mozilla. The Mozilla Foundation's Security Advisory describes the issue as follows: It is currently unknown if this issue is exploitable, but a condition may arise where the structured clone of certain objects could lead to memory corruption...

firefox: thunderbird: Compromised content process can bypass site isolation

The Mozilla Foundation's Security Advisory: A compromised content process could allow for the arbitrary loading of cross-origin pages...

encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion

A flaw was found in the encoding/gob package of the Golang standard library. Calling Decoder.Decoding, a message that contains deeply nested structures, can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635...

net-snmp: A malformed OID in a GET-NEXT to the nsVacmAccessTable can cause a NULL pointer dereference.

A flaw was found in net-snmp. A malformed OID in a GET-NEXT to the nsVacmAccessTable can cause a NULL pointer dereference issue...

pcp: pmpost symlink attack allows escalating pcp to root user

A vulnerability was found in Performance Co-Pilot PCP. This flaw can only be exploited if an attacker has access to a compromised PCP system account. The issue is related to the pmpost tool, which is used to log messages in the system. Under certain conditions, it runs with high-level privileges...

libexpat: Integer Overflow or Wraparound

An issue was found in libexpat’s internal dtdCopy function in xmlparse.c, It can have an integer overflow for nDefaultAtts on 32-bit platforms where UINTMAX equals SIZEMAX...

SUSE CVE-2024-45770

A vulnerability was found in Performance Co-Pilot PCP. This flaw can only be exploited if an attacker has access to a compromised PCP system account. The issue is related to the pmpost tool, which is used to log messages in the system. Under certain conditions, it runs with high-level privileges...

rexml: DoS vulnerability in REXML

A flaw was found in the REXML package. Reading an XML file that contains many entity expansions may lead to a denial of service due to resource starvation. An attacker can use this flaw to trick a user into processing an untrusted XML file...

CVE-2024-46692

In the Linux kernel, the following vulnerability has been resolved: firmware: qcom: scm: Mark getwqctx as atomic call Currently getwqctx is wrongly configured as a standard call. When two SMC calls are in sleep and one SMC wakes up, it calls getwqctx to resume the corresponding sleeping thread. B...

[SECURITY] Fedora 40 Update: python3.11-3.11.10-1.fc40

Python 3.11 is an accessible, high-level, dynamically typed, interpreted programming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries. The python3.11 package provides the "python3.11" executable:...

SUSE CVE-2024-8394

When aborting the verification of an OTR chat session, an attacker could have caused a use-after-free bug leading to a potentially exploitable crash. This vulnerability affects Thunderbird 128.2...

SUSE CVE-2021-21156

Heap buffer overflow in V8 in Google Chrome prior to 88.0.4324.182 allowed a remote attacker to potentially exploit heap corruption via a crafted script...

wget: Misinterpretation of input may lead to improper behavior

A flaw was found in wget. Incorrect handling of semicolons in the userinfo subcomponent of a URI allows it to be misinterpreted as part of the host subcomponent, potentially exposing user credentials...

SUSE CVE-2024-8382

Internal browser event interfaces were exposed to web content when privileged EventHandler listener callbacks ran for those events. Web content that tried to use those interfaces would not be able to use them with elevated privileges, but their presence would indicate certain browser features had...