4065 matches found
SUSE CVE-2023-25733
The return value from gfx::SourceSurfaceSkia::Map wasn't being verified which could have potentially lead to a null pointer dereference. This vulnerability affects Firefox 110...
jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS
A flaw was found in FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion when the UNWRAPSINGLEVALUEARRAYS feature is enabled due to unchecked primitive value deserializers to avoid deep wrapper array nesting...
snakeyaml: Uncaught exception in java.base/java.util.regex.Pattern$Ques.match
A flaw was found in the snakeyaml package due to a stack-overflow in parsing YAML files. By persuading a victim to open a specially-crafted file, a remote attacker could cause the application to crash...
SUSE CVE-2022-2121
OFFIS DCMTK's All versions prior to 3.6.7 has a NULL pointer dereference vulnerability while processing DICOM files, which may result in a denial-of-service condition...
SUSE CVE-2023-23918
A privilege escalation vulnerability exists in Node.js 19.6.1, 18.14.1, 16.19.1 and 14.21.3 that made it possible to bypass the experimental Permissions https://nodejs.org/api/permissions.html feature in Node.js and access non authorized modules by using process.mainModule.require. This only...
SUSE CVE-2023-23919
A cryptographic vulnerability exists in Node.js 19.2.0, 18.14.1, 16.19.1, 14.21.3 that in some cases did does not clear the OpenSSL error stack after operations that may set it. This may lead to false positive errors during subsequent cryptographic operations that happen to be on the same thread...
GHSA-VVPX-J8F3-3W6H vulnerabilities
Vulnerabilities for packages: wireguard-go, k3d, kubeflow, dynamic-localpv-provisioner, go, restic, terraform-provider-sendgrid, hey, gke-gcloud-auth-plugin, grpcurl, falco...
SUSE CVE-2003-0508
Buffer overflow in the WWWLaunchNetscape function of Adobe Acrobat Reader acroread 5.0.7 and earlier allows remote attackers to execute arbitrary code via a .pdf file with a long mailto link...
SUSE CVE-2004-0081
OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service infinite loop, as demonstrated using the Codenomicon TLS Test Tool...
SUSE CVE-2004-0234
Multiple stack-based buffer overflows in the getheader function in header.c for LHA 1.14, as used in products such as Barracuda Spam Firewall, allow remote attackers or local users to execute arbitrary code via long directory or file names in an LHA archive, which triggers the overflow when testi...
SUSE CVE-2004-0527
KDE Konqueror 2.1.1 and 2.2.2 allows remote attackers to spoof a legitimate URL in the status bar via A HREF tags with modified "alt" values that point to the legitimate site, combined with an image map whose href points to the malicious site, which facilitates a "phishing" attack...
SUSE CVE-2004-0753
The BMP image processor for 1 gdk-pixbuf before 0.22 and 2 gtk2 before 2.2.4 allows remote attackers to cause a denial of service infinite loop via a crafted BMP file...
SUSE CVE-2004-0807
Samba 3.0.6 and earlier allows remote attackers to cause a denial of service infinite loop and memory exhaustion via certain malformed requests that cause new processes to be spawned and enter an infinite loop...
SUSE CVE-2004-0955
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2004-0599. Reason: This candidate is a reservation duplicate of CVE-2004-0599 the first item listed in that candidate. Notes: All CVE users should reference CVE-2004-0599 instead of this candidate. All references and descriptions have been removed...
SUSE CVE-2004-1380
Firefox before 1.0 and Mozilla before 1.7.5 allows inactive background tabs to launch dialog boxes, which can allow remote attackers to spoof the dialog boxes from web sites in other windows and facilitate phishing attacks, aka the "Dialog Box Spoofing Vulnerability."...
SUSE CVE-2004-2320
The default configuration of BEA WebLogic Server and Express 8.1 SP2 and earlier, 7.0 SP4 and earlier, 6.1 through SP6, and 5.1 through SP13 responds to the HTTP TRACE request, which can allow remote attackers to steal information using cross-site tracing XST attacks in applications that are...
SUSE CVE-2004-2589
Gaim before 0.82 allows remote servers to cause a denial of service application crash via a long HTTP Content-Length header, which causes Gaim to abort when attempting to allocate memory...
SUSE CVE-2005-0009
Unknown vulnerability in the Gnutella dissector in Ethereal 0.10.6 through 0.10.8 allows remote attackers to cause a denial of service application crash...
SUSE CVE-2005-0094
Buffer overflow in the gopherToHTML function in the Gopher reply parser for Squid 2.5.STABLE7 and earlier allows remote malicious Gopher servers to cause a denial of service crash via crafted responses...
SUSE CVE-2005-0141
Firefox before 1.0 and Mozilla before 1.7.5 allow remote attackers to load local files via links "with a custom getter and toString method" that are middle-clicked by the user to be opened in a new tab...