SUSE CVE-2017-5651

In Apache Tomcat 9.0.0.M1 to 9.0.0.M18 and 8.5.0 to 8.5.12, the refactoring of the HTTP connectors introduced a regression in the send file processing. If the send file processing completed quickly, it was possible for the Processor to be added to the processor cache twice. This could result in t...

SUSE CVE-2017-13775

GraphicsMagick 1.3.26 has a denial of service issue in ReadJNXImage in coders/jnx.c whereby large amounts of CPU and memory resources may be consumed although the file itself does not support the requests...

SUSE CVE-2017-14171

In libavformat/nsvdec.c in FFmpeg 2.4 and 3.3.3, a DoS in nsvparseNSVfheader due to lack of an EOF End of File check might cause huge CPU consumption. When a crafted NSV file, which claims a large "tableentriesused" field in the header but does not contain sufficient backing data, is provided, th...

SUSE CVE-2018-0360

ClamAV before 0.100.1 has an HWP integer overflow with a resultant infinite loop via a crafted Hangul Word Processor file. This is in parsehwp3paragraph in libclamav/hwp.c...

SUSE CVE-2018-5407

Simultaneous Multi-threading SMT in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'...

SUSE CVE-2018-6196

w3m through 0.5.3 is prone to an infinite recursion flaw in HTMLlineproc0 because the feedtableblocktag function in table.c does not prevent a negative indent value...

SUSE CVE-2018-8931

The AMD Ryzen, Ryzen Pro, and Ryzen Mobile processor chips have insufficient access control for the Secure Processor, aka RYZENFALL-1...

SUSE CVE-2018-8932

The AMD Ryzen and Ryzen Pro processor chips have insufficient access control for the Secure Processor, aka RYZENFALL-2, RYZENFALL-3, and RYZENFALL-4...

SUSE CVE-2018-8936

The AMD EPYC Server, Ryzen, Ryzen Pro, and Ryzen Mobile processor chips allow Platform Security Processor PSP privilege escalation...

SUSE CVE-2018-12891

An issue was discovered in Xen through 4.10.x. Certain PV MMU operations may take a long time to process. For that reason Xen explicitly checks for the need to preempt the current vCPU at certain points. A few rarely taken code paths did bypass such checks. By suitably enforcing the conditions...

SUSE CVE-2018-14648

A flaw was found in 389 Directory Server. A specially crafted search query could lead to excessive CPU consumption in the dosearch function. An unauthenticated attacker could use this flaw to provoke a denial of service...

SUSE CVE-2018-20030

An error when processing the EXIFIFDINTEROPERABILITY and EXIFIFDEXIF tags within libexif version 0.6.21 can be exploited to exhaust available CPU resources...

SUSE CVE-2018-20843

In libexpat in Expat before 2.2.7, XML input including XML names that contain a large number of colons could make the XML parser consume a high amount of RAM and CPU resources while processing enough to be usable for denial-of-service attacks...

SUSE CVE-2019-0174

Logic condition in specific microprocessors may allow an authenticated user to potentially enable partial physical address information disclosure via local access...

SUSE CVE-2019-0169

Heap overflow in subsystem in IntelR CSME before versions 11.8.70, 11.11.70, 11.22.70, 12.0.45; IntelR TXE before versions 3.1.70 and 4.0.20 may allow an unauthenticated user to potentially enable escalation of privileges, information disclosure or denial of service via adjacent access...

SUSE CVE-2019-9836

Secure Encrypted Virtualization SEV on Advanced Micro Devices AMD Platform Security Processor PSP; aka AMD Secure Processor or AMD-SP 0.17 build 11 and earlier has an insecure cryptographic implementation...

SUSE CVE-2019-19577

An issue was discovered in Xen through 4.12.x allowing x86 AMD HVM guest OS users to cause a denial of service or possibly gain privileges by triggering data-structure access during pagetable-height updates. When running on AMD systems with an IOMMU, Xen attempted to dynamically adapt the number ...

SUSE CVE-2020-5968

NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin, in which the software does not restrict or incorrectly restricts operations within the boundaries of a resource that is accessed by using an index or pointer, such as memory or files, which may lead to code execution, denial ...

SUSE CVE-2020-6851

OpenJPEG through 2.3.1 has a heap-based buffer overflow in opjt1clbldecodeprocessor in openjp2/t1.c because of lack of opjj2kupdateimagedimensions validation...

SUSE CVE-2020-8112

opjt1clbldecodeprocessor in openjp2/t1.c in OpenJPEG 2.3.1 through 2020-01-28 has a heap-based buffer overflow in the qmfbid==1 case, a different issue than CVE-2020-6851...