SUSE CVE-2021-43826

Envoy is an open source edge and service proxy, designed for cloud-native applications. In affected versions of Envoy a crash occurs when configured for :ref:upstream tunneling and the downstream connection disconnects while the the upstream connection or http/2 stream is still being established...

SUSE CVE-2022-3533

A vulnerability was found in Linux Kernel. It has been rated as problematic. This issue affects the function parseusdtarg of the file tools/lib/bpf/usdt.c of the component BPF. The manipulation of the argument regname leads to memory leak. It is recommended to apply a patch to fix this issue. The...

SUSE CVE-2022-3567

A vulnerability has been found in Linux Kernel and classified as problematic. This vulnerability affects the function inet6streamops/inet6dgramops of the component IPv6 Handler. The manipulation leads to race condition. It is recommended to apply a patch to fix this issue. VDB-211090 is the...

SUSE CVE-2022-3623

A vulnerability was found in Linux Kernel. It has been declared as problematic. Affected by this vulnerability is the function followpagepte of the file mm/gup.c of the component BPF. The manipulation leads to race condition. The attack can be launched remotely. It is recommended to apply a patch...

SUSE CVE-2022-3629

A vulnerability was found in Linux Kernel. It has been declared as problematic. This vulnerability affects the function vsockconnect of the file net/vmwvsock/afvsock.c. The manipulation leads to memory leak. The complexity of an attack is rather high. The exploitation appears to be difficult. It ...

SUSE CVE-2022-3640

A vulnerability, which was classified as critical, was found in Linux Kernel. Affected is the function l2capconndel of the file net/bluetooth/l2capcore.c of the component Bluetooth. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier of...

SUSE CVE-2022-3649

A vulnerability was found in Linux Kernel. It has been classified as problematic. Affected is the function nilfsnewinode of the file fs/nilfs2/inode.c of the component BPF. The manipulation leads to use after free. It is possible to launch the attack remotely. It is recommended to apply a patch t...

SUSE CVE-2022-21699

IPython Interactive Python is a command shell for interactive computing in multiple programming languages, originally developed for the Python programming language. Affected versions are subject to an arbitrary code execution vulnerability achieved by not properly managing cross user temporary...

SUSE CVE-2022-23469

Traefik is an open source HTTP reverse proxy and load balancer. Versions prior to 2.9.6 are subject to a potential vulnerability in Traefik displaying the Authorization header in its debug logs. In certain cases, if the log level is set to DEBUG, credentials provided using the Authorization heade...

SUSE CVE-2022-23479

xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol RDP. xrdp v0.9.21 contain a buffer over flow in xrdpmmchandatain function. There are no known workarounds for this issue. Users are advised to upgrade...

SUSE CVE-2022-23478

xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol RDP. xrdp v0.9.21 contain a Out of Bound Write in xrdpmmtransprocessdrdynvcchannelopen function. There are no known workarounds for this issue. Users are advised to upgrade...

SUSE CVE-2022-23482

xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol RDP. xrdp v0.9.21 contain a Out of Bound Read in xrdpsecprocessmcsdataCSCORE function. There are no known workarounds for this issue. Users are advised to upgrade...

SUSE CVE-2022-24710

Weblate is a copyleft software web-based continuous localization system. Versions prior to 4.11 do not properly neutralize user input used in user name and language fields. Due to this improper neutralization it is possible to perform cross-site scripting via these fields. The issues were fixed i...

SUSE CVE-2022-35929

cosign is a container signing and verification utility. In versions prior to 1.10.1 cosign can report a false positive if any attestation exists. cosign verify-attestation used with the --type flag will report a false positive verification when there is at least one attestation with a valid...

SUSE CVE-2022-39347

FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP are missing path canonicalization and base path check for drive channel. A malicious server can trick a FreeRDP based client to read files outside the shared directory. This issue has been addressed in...

SA44516 - 2020-07: Security Bulletin: Multiple Vulnerabilities Resolved in Pulse Connect Secure / Pulse Policy Secure 9.1R8

Problem This advisory provides information about multiple vulnerabilities resolved in Pulse Connect Secure 9.1R8 and Pulse Policy Secure 9.1R8. Refer to KB43892 - What releases will Pulse Secure apply fixes to resolve security vulnerabilities? per our End of Engineering EOE and End of Life EOL...

PT-2023-14154 · B&R · B&R Automation Runtime

Name of the Vulnerable Software and Affected Versions: B&R Automation Runtime versions 3.00 through C4.93 Description: A reflected cross-site scripting issue exists in the System Diagnostics Manager, allowing a remote attacker to execute arbitrary JavaScript in the context of the user's browser...

PT-2023-34968 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.1.10 Description: The issue is related to an incorrect offset calculation in the erofs/zmap.c file. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux Kernel versio...

PT-2023-35168 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions v5.15.86 through v5.15.89 Description: A potential security issue has been identified, although its actual impact and attack plausibility have not yet been proven. The issue was introduced in version v5.15.86 and fixed i...

PT-2023-20160

Name of the Vulnerable Software and Affected Versions DataHub versions prior to 0.8.45 Description The issue concerns authentication checks using the AuthUtils.hasValidSessionCookie method, which could be bypassed by using a cookie from a logged out session. This is because session cookies are on...