SUSE CVE-2017-3608

Vulnerability in the Data Store component of Oracle Berkeley DB. The supported version that is affected is Prior to 6.2.32. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Data Store executes to compromise Data Store. Successful attacks...

SUSE CVE-2017-5045

XSS Auditor in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed detection of a blocked iframe load, which allowed a remote attacker to brute force JavaScript variables via a crafted HTML page...

SUSE CVE-2017-5207

Firejail before 0.9.44.4, when running a bandwidth command, allows local users to gain root privileges via the --shell argument...

SUSE CVE-2017-5341

The OTV parser in tcpdump before 4.9.0 has a buffer overflow in print-otv.c:otvprint...

SUSE CVE-2017-5399

Memory safety bugs were reported in Firefox 51. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox 52 and Thunderbird 52...

SUSE CVE-2017-6500

An issue was discovered in ImageMagick 6.9.7. A specially crafted sun file triggers a heap-based buffer over-read...

SUSE CVE-2017-6841

The GraphicsStack::TGraphicsStackElement::TGraphicsStackElement function in graphicsstack.h in PoDoFo 0.9.5 allows remote attackers to cause a denial of service NULL pointer dereference via a crafted file...

SUSE CVE-2017-7207

The memgetbitsrectangle function in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service NULL pointer dereference via a crafted PostScript document...

SUSE CVE-2017-7506

spice versions though 0.13 are vulnerable to out-of-bounds memory access when processing specially crafted messages from authenticated attacker to the spice server resulting into crash and/or server memory leak...

SUSE CVE-2017-7592

The putagreytile function in tifgetimage.c in LibTIFF 4.0.7 has a left-shift undefined behavior issue, which might allow remote attackers to cause a denial of service application crash or possibly have unspecified other impact via a crafted image...

SUSE CVE-2017-7808

A content security policy CSP "frame-ancestors" directive containing origins with paths allows for comparisons against those paths instead of the origin. This results in a cross-origin information leak of this path information. This vulnerability affects Firefox 55...

SUSE CVE-2017-7815

On pages containing an iframe, the "data:" protocol can be used to create a modal dialog through Javascript that will have an arbitrary domains as the dialog's location, spoofing of the origin of the modal dialog from the user view. Note: This attack only affects installations with e10 multiproce...

SUSE CVE-2017-8765

The function named ReadICONImage in coders\icon.c in ImageMagick 7.0.5-5 has a memory leak vulnerability which can cause memory exhaustion via a crafted ICON file...

SUSE CVE-2017-9174

libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a denial of service invalid read and SEGV, related to the GETCOLOR function in color.c:21:23...

SUSE CVE-2017-9216

libjbig2dec.a in Artifex jbig2dec 0.13, as used in MuPDF and Ghostscript, has a NULL pointer dereference in the jbig2huffmanget function in jbig2huffman.c. For example, the jbig2dec utility will crash segmentation fault when parsing an invalid file...

SUSE CVE-2017-10872

H2O version 2.2.3 and earlier allows remote attackers to cause a denial of service in the server via unspecified vectors...

SUSE CVE-2017-11549

The playmidi function in playmidi.c in TiMidity++ 2.14.0 allows remote attackers to cause a denial of service large loop and CPU consumption via a crafted mid file. NOTE: CPU consumption might be relevant when using the --background option...

SUSE CVE-2017-11591

There is a Floating point exception in the Exiv2::ValueType function in Exiv2 0.26 that will lead to a remote denial of service attack via crafted input...

SUSE CVE-2017-12194

A flaw was found in the way spice-client processed certain messages sent from the server. An attacker, having control of malicious spice-server, could use this flaw to crash the client or execute arbitrary code with permissions of the user running the client. spice-gtk versions through 0.34 are...

SUSE CVE-2017-12451

The bfdxcoffreadarhdr function in bfd/coff-rs6000.c and bfd/coff64-rs6000.c in the Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds stack read via a crafted COFF image file...