SUSE CVE-2024-8386

If a site had been granted the permission to open popup windows, it could cause Select elements to appear on top of another site to perform a spoofing attack. This vulnerability affects Firefox 130, Firefox ESR 128.2, and Thunderbird 128.2...

SUSE CVE-2024-8418

A flaw was found in Aardvark-dns, which is vulnerable to a Denial of Service attack due to the serial processing of TCP DNS queries. An attacker can exploit this flaw by keeping a TCP connection open indefinitely, causing the server to become unresponsive and resulting in other DNS queries timing...

orc: Stack-based buffer overflow vulnerability in ORC

Stack-based buffer overflow vulnerability exists in orcparse.c of ORC. If a developer is tricked to process a specially crafted file with the affected ORC compiler, an arbitrary code may be executed on the developer's build environment. This may lead to compromise of developer machines or CI buil...

DEBIAN-CVE-2023-49582

Lax permissions set by the Apache Portable Runtime library on Unix platforms would allow local users read access to named shared memory segments, potentially revealing sensitive application data. This issue does not affect non-Unix platforms, or builds with APRUSESHMEMSHMGET=1 apr.h Users are...

AZL-48216 CVE-2023-49582 affecting package apr for versions less than 1.7.5-1

Lax permissions set by the Apache Portable Runtime library on Unix platforms would allow local users read access to named shared memory segments, potentially revealing sensitive application data. This issue does not affect non-Unix platforms, or builds with APRUSESHMEMSHMGET=1 apr.h Users are...

SUSE CVE-2024-7968

Use after free in Autofill in Google Chrome prior to 128.0.6613.84 allowed a remote attacker who had convinced the user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

bind: bind9: Assertion failure when serving both stale cache data and authoritative zone content

A flaw was found in the bind9 package, where a client query triggers stale data and also requires local lookups may trigger a assertion failure. This issue results in a denial of service of the bind server...

SUSE CVE-2024-7521

Incomplete WebAssembly exception handing could have led to a use-after-free. This vulnerability affects Firefox 129, Firefox ESR 115.14, Firefox ESR 128.1, Thunderbird 128.1, and Thunderbird 115.14...

SUSE CVE-2024-7526

ANGLE failed to initialize parameters which lead to reading from uninitialized memory. This could be leveraged to leak sensitive data from memory. This vulnerability affects Firefox 129, Firefox ESR 115.14, Firefox ESR 128.1, Thunderbird 128.1, and Thunderbird 115.14...

CVE-2024-41990

An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The urlize and urlizetrunc template filters are subject to a potential denial-of-service attack via very large inputs with a specific sequence of characters...

CVE-2024-7008

Unsanitized user-input in Calibre = 7.15.0 allow attackers to perform reflected cross-site scripting...

edk2: Temporary DoS vulnerability

A divide-by-zero vulnerability was found in edk2. A successful exploit of this vulnerability may lead to a loss of availability...

SUSE CVE-2024-26020

An arbitrary script execution vulnerability exists in the MPV functionality of Ankitects Anki 24.04. A specially crafted flashcard can lead to a arbitrary code execution. An attacker can send malicious flashcard to trigger this vulnerability...

SUSE CVE-2024-32152

A blocklist bypass vulnerability exists in the LaTeX functionality of Ankitects Anki 24.04. A specially crafted malicious flashcard can lead to an arbitrary file creation at a fixed path. An attacker can share a malicious flashcard to trigger this vulnerability...

Mozilla: Memory corruption in NSS

The Mozilla Foundation Security Advisory describes this flaw as: A mismatch between allocator and deallocator could have lead to memory corruption...

ghostscript: OPVP device arbitrary code execution via custom Driver library

A flaw was found in Ghostscript. The "Driver" parameter for the "opvp"/"oprp" device specifies the name of a dynamic library and allows any library to be loaded. This flaw allows a malicious user to send a specially crafted document that, when processed by Ghostscript, could potentially lead to...

SUSE CVE-2024-6603

In an out-of-memory scenario an allocation could fail but free would have been called on the pointer afterwards leading to memory corruption. This vulnerability affects Firefox 128, Firefox ESR 115.13, Thunderbird 115.13, and Thunderbird 128...

dotnet: DoS when parsing X.509 Content and ObjectIdentifiers

A vulnerability was found in dotNET when Parsing X.509 Content and ObjectIdentifiers. This issue can lead to a denial of service attack...

less: OS command injection

An OS command injection flaw was found in Less. Since quoting is mishandled in filename.c, opening files with attacker-controlled file names can lead to OS command execution. Exploitation requires the LESSOPEN environment variable, which is set by default in many common cases...

less: OS command injection

An OS command injection flaw was found in Less. Since quoting is mishandled in filename.c, opening files with attacker-controlled file names can lead to OS command execution. Exploitation requires the LESSOPEN environment variable, which is set by default in many common cases...