SUSE CVE-2019-17024

Mozilla developers reported memory safety bugs present in Firefox 71 and Firefox ESR 68.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR 68.4 and...

SUSE CVE-2020-0543

Incomplete cleanup from specific special register read operations in some IntelR Processors may allow an authenticated user to potentially enable information disclosure via local access...

SUSE CVE-2020-6609

GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in readpagesmap in decoder2007.c...

SUSE CVE-2020-8631

cloud-init through 19.4 relies on Mersenne Twister for a random password, which makes it easier for attackers to predict passwords, because randstr in cloudinit/util.py calls the random.choice function...

SUSE CVE-2020-14155

libpcre in PCRE before 8.44 allows an integer overflow via a large number after a ?C substring...

SUSE CVE-2020-35524

A heap-based buffer overflow flaw was found in libtiff in the handling of TIFF images in libtiff's TIFF2PDF tool. A specially crafted TIFF file can lead to arbitrary code execution. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability...

SUSE CVE-2020-35678

Autobahn|Python before 20.12.3 allows redirect header injection...

SUSE CVE-2021-42700

Inkscape 0.91 is vulnerable to an out-of-bounds read, which may allow an attacker to have access to unauthorized information...

SUSE CVE-2021-43818

lxml is a library for processing XML and HTML in the Python language. Prior to version 4.6.5, the HTML Cleaner in lxml.html lets certain crafted script content pass through, as well as script content in SVG files embedded using data URIs. Users that employ the HTML cleaner in a security relevant...

SUSE CVE-2021-44571

DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-3200 Reason: This candidate is a duplicate of CVE-2021-3200. Notes: All CVE users should reference CVE-2021-3200 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage...

SUSE CVE-2022-0110

Incorrect security UI in Autofill in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to spoof the contents of the Omnibox URL bar via a crafted HTML page...

SUSE CVE-2022-2980

NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0259...

SUSE CVE-2022-3134

Use After Free in GitHub repository vim/vim prior to 9.0.0389...

SUSE CVE-2022-3341

A null pointer dereference issue was discovered in 'FFmpeg' in decodemainheader function of libavformat/nutdec.c file. The flaw occurs because the function lacks check of the return value of avformatnewstream and triggers the null pointer dereference error, causing an application to crash...

SUSE CVE-2022-3491

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0742...

SUSE CVE-2022-3756

DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none...

SUSE CVE-2022-4223

The pgAdmin server includes an HTTP API that is intended to be used to validate the path a user selects to external PostgreSQL utilities such as pgdump and pgrestore. The utility is executed by the server to determine what PostgreSQL version it is from. Versions of pgAdmin prior to 6.17 failed to...

SUSE CVE-2022-4262

Type confusion in V8 in Google Chrome prior to 108.0.5359.94 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

SUSE CVE-2022-42930

If two Workers were simultaneously initializing their CacheStorage, a data race could have occurred in the ThirdPartyUtil component. This vulnerability affects Firefox 106...

SUSE CVE-2023-0049

Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.1143...