SUSE CVE-2011-0536

Multiple untrusted search path vulnerabilities in elf/dl-object.c in certain modified versions of the GNU C Library aka glibc or libc6, including glibc-2.5-49.el55.6 and glibc-2.12-1.7.el60.3 in Red Hat Enterprise Linux, allow local users to gain privileges via a crafted dynamic shared object DSO...

SUSE CVE-2012-3524

libdbus 1.5.x and earlier, when used in setuid or other privileged programs in X.org and possibly other products, allows local users to gain privileges and execute arbitrary code via the DBUSSYSTEMBUSADDRESS environment variable. NOTE: libdbus maintainers state that this is a vulnerability in the...

SUSE CVE-2014-8169

automount 5.0.8, when a program map uses certain interpreted languages, uses the calling user's USER and HOME environment variable values instead of the values for the user used to run the mapped program, which allows local users to gain privileges via a Trojan horse program in the user home...

SUSE CVE-2015-3339

Race condition in the preparebinprm function in fs/exec.c in the Linux kernel before 3.19.6 allows local users to gain privileges by executing a setuid program at a time instant when a chown to root is in progress, and the ownership is changed but the setuid bit is not yet stripped...

SUSE CVE-2015-4819

Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier, and 5.6.25 and earlier, allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Client programs...

SUSE CVE-2017-3636

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Client programs. Supported versions that are affected are 5.5.56 and earlier and 5.6.36 and earlier. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server execut...

SUSE CVE-2017-10379

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Client programs. Supported versions that are affected are 5.5.57 and earlier, 5.6.37 and earlier and 5.7.19 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple...

SUSE CVE-2018-3174

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Client programs. Supported versions that are affected are 5.5.61 and prior, 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the...

SUSE CVE-2018-16084

The default selected dialog button in CustomHandlers in Google Chrome prior to 69.0.3497.81 allowed a remote attacker who convinced the user to perform certain operations to open external programs via a crafted HTML page...

SUSE CVE-2019-19126

On the x86-64 architecture, the GNU C Library aka glibc before 2.31 fails to ignore the LDPREFERMAP32BITEXEC environment variable during program execution after a security transition, allowing local attackers to restrict the possible mapping addresses for loaded libraries and thus bypass ASLR for...

SUSE CVE-2021-31440

This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel 5.11.15. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of...

SUSE CVE-2021-38300

arch/mips/net/bpfjit.c in the Linux kernel before 5.4.10 can generate undesirable machine code when transforming unprivileged cBPF programs, allowing execution of arbitrary code within the kernel context. This occurs because conditional branches can exceed the 128 KB limit of the MIPS architectur...

SUSE CVE-2021-41103

containerd is an open source container runtime with an emphasis on simplicity, robustness and portability. A bug was found in containerd where container root directories and some plugins had insufficiently restricted permissions, allowing otherwise unprivileged Linux users to traverse directory...

SUSE CVE-2022-4883

A flaw was found in libXpm. When processing files with .Z or .gz extensions, the library calls external programs to compress and uncompress files, relying on the PATH environment variable to find these programs, which could allow a malicious user to execute other programs by manipulating the PATH...

SUSE CVE-2022-31782

ftbench.c in FreeType Demo Programs through 2.12.1 has a heap-based buffer overflow...

SUSE CVE-2022-43516

A Firewall Rule which allows all incoming TCP connections to all programs from any source and to all ports is created in Windows Firewall after Zabbix agent installation MSI...

A flaw was found in libXpm. When processing files with .Z or .gz extensions the library calls external programs to compress and uncompress files relying on the PATH environment variable to find these programs which could allow a malicious user to execute other programs by manipulating the PATH environment variable.

...

DEBIAN-CVE-2022-4883

A flaw was found in libXpm. When processing files with .Z or .gz extensions, the library calls external programs to compress and uncompress files, relying on the PATH environment variable to find these programs, which could allow a malicious user to execute other programs by manipulating the PATH...

ALPINE-CVE-2022-4883

A flaw was found in libXpm. When processing files with .Z or .gz extensions, the library calls external programs to compress and uncompress files, relying on the PATH environment variable to find these programs, which could allow a malicious user to execute other programs by manipulating the PATH...

CVE-2022-4883

A flaw was found in libXpm. When processing files with .Z or .gz extensions, the library calls external programs to compress and uncompress files, relying on the PATH environment variable to find these programs, which could allow a malicious user to execute other programs by manipulating the PATH...