SUSE CVE-2018-12363

A use-after-free vulnerability can occur when script uses mutation events to move DOM nodes between documents, resulting in the old document that held the node being freed but the node still having a pointer referencing it. This results in a potentially exploitable crash. This vulnerability affec...

SUSE CVE-2018-12558

The parse method in the Email::Address module through 1.909 for Perl is vulnerable to Algorithmic complexity on specially prepared input, leading to Denial of Service. Prepared special input that caused this problem contained 30 form-field characters "\f"...

SUSE CVE-2018-13874

An issue was discovered in the HDF HDF5 1.8.20 library. There is a stack-based buffer overflow in the function H5FDsec2read in H5FDsec2.c, related to HDmemset...

SUSE CVE-2018-14056

ZNC before 1.7.1-rc1 is prone to a path traversal flaw via ../ in a web skin name to access files outside of the intended skins directories...

SUSE CVE-2018-14436

ImageMagick 7.0.8-4 has a memory leak in ReadMIFFImage in coders/miff.c...

SUSE CVE-2018-15746

qemu-seccomp.c in QEMU might allow local OS guest users to cause a denial of service guest crash by leveraging mishandling of the seccomp policy for threads other than the main thread...

SUSE CVE-2018-16087

Lack of proper state tracking in Permissions in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page...

SUSE CVE-2018-16866

An out of bounds read was discovered in systemd-journald in the way it parses log messages that terminate with a colon ':'. A local attacker can use this flaw to disclose process memory data. Versions from v221 to v239 are vulnerable...

SUSE CVE-2018-17462

Incorrect refcounting in AppCache in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to perform a sandbox escape via a crafted HTML page...

SUSE CVE-2018-17470

A heap buffer overflow in GPU in Google Chrome prior to 70.0.3538.67 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page...

SUSE CVE-2018-17479

Incorrect object lifetime calculations in GPU code in Google Chrome prior to 70.0.3538.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

SUSE CVE-2018-18088

OpenJPEG 2.3.0 has a NULL pointer dereference for "red" in the imagetopnm function of jp2/convert.c...

SUSE CVE-2018-19143

Open Ticket Request System OTRS 4.0.x before 4.0.33, 5.0.x before 5.0.31, and 6.0.x before 6.0.13 allows an authenticated user to delete files via a modified submission form because upload caching is mishandled...

SUSE CVE-2018-19644

Reflected cross site script issue in Micro Focus Solutions Business Manager SBM formerly Serena Business Manager SBM versions prior to 11.5...

SUSE CVE-2018-19777

In Artifex MuPDF 1.14.0, there is an infinite loop in the function svgdevendtile in fitz/svg-device.c, as demonstrated by mutool...

SUSE CVE-2018-19802

aubio v0.4.0 to v0.4.8 has a newaubioonset NULL pointer dereference...

SUSE CVE-2018-19871

An issue was discovered in Qt before 5.11.3. There is QTgaFile Uncontrolled Resource Consumption...

SUSE CVE-2018-25008

In the standard library in Rust before 1.29.0, there is weak synchronization in the Arc::getmut method. This synchronization issue can be lead to memory safety issues through race conditions...

SUSE CVE-2018-25013

A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in ShiftBytes...

SUSE CVE-2018-1999002

A arbitrary file read vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in the Stapler web framework's org/kohsuke/stapler/Stapler.java that allows attackers to send crafted HTTP requests returning the contents of any file on the Jenkins master file system that the Jenkins...