SUSE CVE-2019-8905

docorenote in readelf.c in libmagic.a in file 5.35 has a stack-based buffer over-read, related to fileprintable, a different vulnerability than CVE-2018-10360...

SUSE CVE-2019-9639

An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exifprocessIFDinMAKERNOTE because of mishandling the datalen variable...

SUSE CVE-2019-9638

An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exifprocessIFDinMAKERNOTE because of mishandling the makernote-offset relationship to valuelen...

SUSE CVE-2019-14284

In the Linux kernel before 5.2.3, drivers/block/floppy.c allows a denial of service by setupformatparams division-by-zero. Two consecutive ioctls can trigger the bug: the first one should set the drive geometry with .sect and .rate values that make FSECTPERTRACK be zero. Next, the floppy format...

SUSE CVE-2019-19065

A memory leak in the sdmainit function in drivers/infiniband/hw/hfi1/sdma.c in the Linux kernel before 5.3.9 allows attackers to cause a denial of service memory consumption by triggering rhashtableinit failures, aka CID-34b3be18a04e. NOTE: This has been disputed as not a vulnerability because...

SUSE CVE-2019-1010223

DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-19800. Reason: This candidate is a reservation duplicate of CVE-2018-19800. Notes: All CVE users should reference CVE-2018-19800 instead of this candidate. All references and descriptions in this candidate have been removed to prevent...

SUSE CVE-2020-18771

Exiv2 0.27.99.0 has a global buffer over-read in Exiv2::Internal::Nikon1MakerNote::print0x0088 in nikonmnint.cpp which can result in an information leak...

SUSE CVE-2021-3892

DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2019-18198. Reason: This candidate is a reservation duplicate of CVE-2019-18198. Notes: All CVE users should reference CVE-2019-18198 instead of this candidate. All references and descriptions in this candidate have been removed to prevent...

SUSE CVE-2021-28276

A Denial of Service vulnerability exists in jhead 3.04 and 3.05 via a wild address read in the ProcessCanonMakerNoteDir function in makernote.c...

SUSE CVE-2021-45957

Dnsmasq 2.86 has a heap-based buffer overflow in answerrequest called from FuzzAnswerTheRequest and fuzzrfc1035.c. NOTE: the vendor's position is that CVE-2021-45951 through CVE-2021-45957 "do not represent real vulnerabilities, to the best of our knowledge...

SUSE CVE-2022-30067

GIMP 2.10.30 and 2.99.10 are vulnerable to Buffer Overflow. Through a crafted XCF file, the program will allocate for a huge amount of memory, resulting in insufficient memory or program crash...

New ESXiArgs encryption routine outmaneuvers recovery methods

In what seems to be a typical arms race where one side responds to counter the progress the other side has made, the ransomware group behind the massive attack on ESXi Virtual Machines VMs has come up with a new variant that can no longer be decrypted with the recovery script released by the...

CVE-2022-47414

If an attacker has access to the console for OpenKM and is authenticated, a stored XSS vulnerability is reachable in the document "note" functionality...

CVE-2022-47414

OpenKM CVE-2022-47414: a stored XSS in the Note functionality is possible when an attacker with authenticated console access submits crafted content. CVSS 3.1: base score 5.4 (Medium); vectors: AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N. Impacts are confined to confidentiality and integrity (Low); avail...

soybase.org Cross Site Scripting vulnerability OBB-3177433

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Print Invoice & Delivery Notes for WooCommerce < 4.7.2 - Reflected XSS

The plugin is vulnerable to reflected XSS by echoing a GET value in an admin note within the WooCommerce orders page. This means that this vulnerability can be exploited for users with the editothersshoporders capability. WooCommerce must be installed and active. This vulnerability is caused by a...

编号撤回

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. This CVE number has been withdrawn...

CVE-2023-22340

On BIG-IP versions 16.1.x before 16.1.3.3, 15.1.x before 15.1.8, 14.1.x before 14.1.5.3, and all versions of 13.1.x, when a SIP profile is configured on a Message Routing type virtual server, undisclosed traffic can cause TMM to terminate. Note: Software versions which have reached End of Technic...

java-17-openjdk security and bug fix update

1:17.0.6.0.10-3 - Add missing release note for JDK-8295687 - Resolves: rhbz2160111 1:17.0.6.0.10-3 - Update FIPS support to bring in latest changes - OJ1357: Fix issue on FIPS with a SecurityManager in place - Related: rhbz2147473 1:17.0.6.0.10-3 - Fix flatpak builds by disabling TestTranslations...

Oracle Critical Patch Update Advisory - January 2023

A Critical Patch Update is a collection of patches for multiple security vulnerabilities. These patches address vulnerabilities in Oracle code and in third-party components included in Oracle products. These patches are usually cumulative, but each advisory describes only the security patches add...