SUSE CVE-2006-3548

Multiple cross-site scripting XSS vulnerabilities in Horde Application Framework 3.0.0 through 3.0.10 and 3.1.0 through 3.1.1 allow remote attackers to inject arbitrary web script or HTML via a 1 javascript URI or an external 2 http, 3 https, or 4 ftp URI in the url parameter in services/go.php a...

SUSE CVE-2009-3873

The JPEG Image Writer in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, and SDK and JRE 1.4.x before 1.4.224 allows remote attackers to gain privileges via a crafted image file, related to a "quantization problem," aka Bug Id 6862968...

SUSE CVE-2013-7345

The BEGIN regular expression in the awk script detector in magic/Magdir/commands in file before 5.15 uses multiple wildcards with unlimited repetitions, which allows context-dependent attackers to cause a denial of service CPU consumption via a crafted ASCII file that triggers a large amount of...

SUSE CVE-2018-12433

DISPUTED cryptlib through 3.4.4 allows a memory-cache side-channel attack on DSA and ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover a key, the attacker needs access to either the local machine or a different virtual machine on the same physical host. NOTE: the...

SUSE CVE-2018-12437

LibTomCrypt through 1.18.1 allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host...

SUSE CVE-2018-12907

In Rclone 1.42, use of "rclone sync" to migrate data between two Google Cloud Storage buckets might allow attackers to trigger the transmission of any URL's content to Google, because there is no validation of a URL field received from the Google Cloud Storage API server, aka a "RESTLESS" issue...

SUSE CVE-2019-9497

The implementations of EAP-PWD in hostapd EAP Server and wpasupplicant EAP Peer do not validate the scalar and element values in EAP-pwd-Commit. This vulnerability may allow an attacker to complete EAP-PWD authentication without knowing the password. However, unless the crypto library does not...

SUSE CVE-2021-26939

An information disclosure issue exists in henriquedornas 5.2.17 because an attacker can dump phpMyAdmin SQL content. NOTE: third parties report that this is a site-specific problem...

CVE-2023-24499 Butterfly Button plugin may leave traces of its use on user's device

Butterfly Button plugin may leave traces of its use on user's device. Since it is used for reporting domestic problems, this may lead to spouse knowing about its use...

CVE-2023-22245

CVE-2023-22245 is linked to Adobe Substance 3D Stager. The connected CNNVD entry reports a vulnerability in versions prior to 2.0.0 arising from an out-of-bounds write that can cause a memory leak. remediation noted by Adobe APSB23-16 involves a security update; updating to 2.0.0 or later is the ...

CVE-2021-0949

Android 12 release notes include CVE-2021-0949 in the System category. Details show: CVE-2021-0949, Android bug ID A-184658476, Type: Information Disclosure (ID), Severity: Moderate. The document lists it among the Android 12 vulnerability entries with no specific exploit details or remediation v...

CVE-2021-0890

CVE-2021-0890 is listed in the Android 12 security release notes under the System category with Type: ID (information disclosure) and Severity: Moderate, corresponding to Android bug ID A-190757775. The Connected document provides the vulnerability’s categorization and severity but does not inclu...

CVE-2021-0866

CVE-2021-0866 is listed under Android 12 Framework with type Information Disclosure (ID) and Moderate severity, referenced by Android bug ID A-184658476. The provided connected document does not include details on the root cause, affected subcomponent, impact scope, exploitability, or a fix. No r...

CVE-2021-0859

CVE-2021-0859 is listed in Android 12 security release notes under the System category with Type: ID and Severity: High. This entry confirms a vulnerability classified as Information Disclosure and indicates it is addressed as part of Android 12 updates. The Android notes state that patches will ...

CVE-2021-25279

CVE-2021-25279 is listed in Google's Pixel security bulletin under Pixel modem vulnerabilities as an Elevation of Privilege (EoP) affecting the Modem component. The entry is marked as Critical. The bulletin indicates the issue is addressed by updates at or after the 2022-03-05 security patch leve...

CVE-2021-0857

Android 12 Security Release Notes enumerate CVE-2021-0857 in the System category with Type: RCE and Severity: High? No, Moderate as per the note list. The documents do not specify the vulnerable component, root cause, or exploit details. The notes state patches for issues in Android 12 were relea...

CVE-2021-0856

CVE-2021-0856 is listed under Android 12 Framework vulnerabilities with type Elevation of Privilege (EoP) and High severity. The Android 12 security release notes include CVE-2021-0856 in the Framework section (reference A-146211400). No exploit details or root-cause description are provided in t...

CVE-2022-20139

Initial CVE-2022-20139 is reserved and no public technical details are provided in the connected documents. Technical specifics (affected products, root cause, impact, or fix) are not available here; monitor for updates as information becomes public.

CVE-2021-0854

Android 12 security release notes include CVE-2021-0854 in the System group, listed as A-154501976 with type ID and severity Moderate. No further technical details, affected products, exploit info, or fixes are provided in the referenced document.

CVE-2021-0853

CVE-2021-0853 is listed in the Android 12 security bulletin under the Framework component with Type: ID (Information disclosure) and Severity: Moderate . The provided document set does not include details on the root cause, affected subcomponents, specific versions, exploit vectors, or remediatio...