4064 matches found
SUSE CVE-2017-12644
ImageMagick 7.0.6-1 has a memory leak vulnerability in ReadDCMImage in coders\dcm.c...
SUSE CVE-2017-12664
ImageMagick 7.0.6-2 has a memory leak vulnerability in WritePALMImage in coders/palm.c...
SUSE CVE-2017-12978
lib/html.php in Cacti before 1.1.18 has XSS via the title field of an external link added by an authenticated user...
SUSE CVE-2017-13648
In GraphicsMagick 1.3.26, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c...
SUSE CVE-2017-14339
The DNS packet parser in YADIFA before 2.2.6 does not check for the presence of infinite pointer loops, and thus it is possible to force it to enter an infinite loop. This can cause high CPU usage and makes the server unresponsive...
SUSE CVE-2017-14449
A double-Free vulnerability exists in the XCF image rendering functionality of SDL2image-2.0.2. A specially crafted XCF image can cause a Double-Free situation to occur. An attacker can display a specially crafted image to trigger this vulnerability...
SUSE CVE-2017-14934
processdebuginfo in dwarf.c in the Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service infinite loop via a crafted ELF file that contains a negative size value in a CU structure...
SUSE CVE-2017-15185
plugins/ogg.c in Libmp3splt 0.9.2 calls the libvorbis vorbisblockclear function with uninitialized data upon detection of invalid input, which allows remote attackers to cause a denial of service application crash via a crafted file...
SUSE CVE-2017-15218
ImageMagick 7.0.7-2 has a memory leak in ReadOneJNGImage in coders/png.c...
SUSE CVE-2017-15587
An integer overflow was discovered in pdfreadnewxrefsection in pdf/pdf-xref.c in Artifex MuPDF 1.11...
SUSE CVE-2017-15751
IrfanView 4.50 - 64bit with BabaCAD4Image plugin version 1.3 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dwg file, related to a "Read Access Violation starting at BabaCAD4Image!ShowPlugInOptions+0x0000000000009f39."...
SUSE CVE-2017-1000107
Script Security Plugin did not apply sandboxing restrictions to constructor invocations via positional arguments list, super constructor invocations, method references, and type coercion expressions. This could be used to invoke arbitrary constructors and methods, bypassing sandbox protection...
SUSE CVE-2017-1000381
The c-ares function aresparsenaptrreply, which is used for parsing NAPTR responses, could be triggered to read memory outside of the given input buffer if the passed in DNS response packet was crafted in a particular way...
SUSE CVE-2017-1002201
In haml versions prior to version 5.0.0.beta.2, when using user input to perform tasks on the server, characters like " ' must be escaped properly. In this case, the ' character was missed. An attacker can manipulate the input to introduce additional attributes, potentially executing code...
SUSE CVE-2018-3827
A sensitive data disclosure flaw was found in the Elasticsearch repository-azure formerly elasticsearch-cloud-azure plugin. When the repository-azure plugin is set to log at TRACE level Azure credentials can be inadvertently logged...
SUSE CVE-2018-3839
An exploitable code execution vulnerability exists in the XCF image rendering functionality of Simple DirectMedia Layer SDL2image-2.0.2. A specially crafted XCF image can cause an out-of-bounds write on the heap, resulting in code execution. An attacker can display a specially crafted image to...
SUSE CVE-2018-4022
A use-after-free vulnerability exists in the way MKVToolNix MKVINFO v25.0.0 handles the MKV matroska file format. A specially crafted MKV file can cause arbitrary code execution in the context of the current user...
SUSE CVE-2018-5125
Memory safety bugs were reported in Firefox 58 and Firefox ESR 52.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird 52.7, Firefox ESR 52.7, and Firef...
SUSE CVE-2018-5148
A use-after-free vulnerability can occur in the compositor during certain graphics operations when a raw pointer is used instead of a reference counted one. This results in a potentially exploitable crash. This vulnerability affects Firefox ESR 52.7.3 and Firefox 59.0.2...
SUSE CVE-2018-5161
Crafted message headers can cause a Thunderbird process to hang on receiving the message. This vulnerability affects Thunderbird ESR 52.8 and Thunderbird 52.8...