SUSE CVE-2006-0091

Cross-site scripting XSS vulnerability in webmail in Open-Xchange 0.8.1-6 and earlier, with "Inline HTML" enabled, allows remote attackers to inject arbitrary web script or HTML via e-mail attachments, which are rendered inline...

SUSE CVE-2006-0528

The cairo library libcairo, as used in GNOME Evolution and possibly other products, allows remote attackers to cause a denial of service persistent client crash via an attached text file that contains "Content-Disposition: inline" in the header, and a very long line in the body, which causes the...

SUSE CVE-2009-1597

Mozilla Firefox executes DOM calls in response to a javascript: URI in the target attribute of a submit element within a form contained in an inline PDF file, which might allow remote attackers to bypass intended Adobe Acrobat JavaScript restrictions on accessing the document object, as...

SUSE CVE-2010-1782

WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; allows remote attackers to execute arbitrary code or cause a denial of service memory corruption and application crash via vectors related to the rendering...

SUSE CVE-2010-1781

Double free vulnerability in WebKit in Apple iOS before 4.1 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service application crash via vectors related to the rendering of an inline element...

SUSE CVE-2010-3809

WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, does not properly perform a cast of an unspecified variable during processing of inline styling, which allows remote attackers to execute arbitrary code or cause a denial of service...

SUSE CVE-2010-3818

Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service application crash via vectors involving inline text boxes...

SUSE CVE-2012-1944

The Content Security Policy CSP implementation in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 does not block inline event handlers, which makes it easier for remote attackers to condu...

SUSE CVE-2012-3374

Buffer overflow in markup.c in the MXit protocol plugin in libpurple in Pidgin before 2.10.5 allows remote attackers to execute arbitrary code via a crafted inline image in a message...

SUSE CVE-2013-2909

Use-after-free vulnerability in Blink, as used in Google Chrome before 30.0.1599.66, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to inline-block rendering for bidirectional Unicode text in an element isolated from its siblings...

SUSE CVE-2015-8374

fs/btrfs/inode.c in the Linux kernel before 4.3.3 mishandles compressed inline extents, which allows local users to obtain sensitive pre-truncation information from a file via a clone action...

SUSE CVE-2016-1640

The Web Store inline-installer implementation in the Extensions UI in Google Chrome before 49.0.2623.75 does not block installations upon deletion of an installation frame, which makes it easier for remote attackers to trick a user into believing that an installation request originated from the...

SUSE CVE-2016-1708

The Chrome Web Store inline-installation implementation in the Extensions subsystem in Google Chrome before 52.0.2743.82 does not properly consider object lifetimes during progress observation, which allows remote attackers to cause a denial of service use-after-free or possibly have unspecified...

SUSE CVE-2016-9895

Event handlers on "marquee" elements were executed despite a strict Content Security Policy CSP that disallowed inline JavaScript. This vulnerability affects Firefox 50.1, Firefox ESR 45.6, and Thunderbird 45.6...

SUSE CVE-2017-5022

Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, failed to properly enforce unsafe-inline content security policy, which allowed a remote attacker to bypass content security policy via a crafted HTML page...

SUSE CVE-2017-5027

Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, failed to properly enforce unsafe-inline content security policy, which allowed a remote attacker to bypass content security policy via a crafted HTML page...

SUSE CVE-2017-12666

ImageMagick 7.0.6-2 has a memory leak vulnerability in WriteINLINEImage in coders/inline.c...

SUSE CVE-2018-6094

Inline metadata in GarbageCollection in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

SUSE CVE-2018-11412

In the Linux kernel 4.13 through 4.16.11, ext4readinlinedata in fs/ext4/inline.c performs a memcpy with an untrusted length value in certain circumstances involving a crafted filesystem that stores the system.data extended attribute value in a dedicated inode...

SUSE CVE-2018-13099

An issue was discovered in fs/f2fs/inline.c in the Linux kernel through 4.4. A denial of service out-of-bounds memory access and BUG can occur for a modified f2fs filesystem image in which an inline inode contains an invalid reserved blkaddr...