SUSE CVE-2026-20911

A heap-based buffer overflow vulnerability exists in the HuffTable::initval functionality of LibRaw Commit 0b56545 and Commit d20315b. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability...

SUSE CVE-2024-36463

The implementation of atob in "Zabbix JS" allows to create a string with arbitrary content and use it to access internal properties of objects...

SUSE CVE-2023-39929

Uncontrolled search path in some Libva software maintained by IntelR before version 2.20.0 may allow an authenticated user to potentially enable escalation of privilege via local access...

SUSE CVE-2023-32681

Requests is a HTTP library. Since Requests 2.3.0, Requests has been leaking Proxy-Authorization headers to destination servers when redirected to an HTTPS endpoint. This is a product of how we use rebuildproxies to reattach the Proxy-Authorization header to requests. For HTTP connections sent...

SUSE CVE-2004-0760

Mozilla allows remote attackers to cause Mozilla to open a URI as a different MIME type than expected via a null character %00 in an FTP URI...

SUSE CVE-2012-0486

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0117, CVE-2012-0487, CVE-2012-0488, CVE-2012-0489, CVE-2012-0491, CVE-2012-0493, and CVE-2012-0495...

SUSE CVE-2013-3628

Zabbix 2.0.9 has an Arbitrary Command Execution Vulnerability...

SUSE CVE-2015-1205

Multiple unspecified vulnerabilities in Google Chrome before 40.0.2214.91 allow attackers to cause a denial of service or possibly have other impact via unknown vectors...

SUSE CVE-2015-7852

ntpq in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service crash via crafted mode 6 response packets...

SUSE CVE-2016-1241

Tryton 3.x before 3.2.17, 3.4.x before 3.4.14, 3.6.x before 3.6.12, 3.8.x before 3.8.8, and 4.x before 4.0.4 allow remote authenticated users to discover user password hashes via unspecified vectors...

SUSE CVE-2017-14228

In Netwide Assembler NASM 2.14rc0, there is an illegal address access in the function pastetokens in preproc.c, aka a NULL pointer dereference. It will lead to remote denial of service...

SUSE CVE-2017-17846

An issue was discovered in Enigmail before 1.9.9. Regular expressions are exploitable for Denial of Service, because of attempts to match arbitrarily long strings, aka TBE-01-003...

SUSE CVE-2018-5072

Online Ticket Booking has XSS via the admin/sitesettings.php keyword parameter...

SUSE CVE-2018-19325

DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-14466. Reason: This candidate is a duplicate of CVE-2018-14466. Notes: All CVE users should reference CVE-2018-14466 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage...

SUSE CVE-2019-18900

: Incorrect Default Permissions vulnerability in libzypp of SUSE CaaS Platform 3.0, SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15 allowed local attackers to read a cookie store used by libzypp, exposing private cookies. This issue affects: SUSE CaaS Platform 3.0 libzypp version...

SUSE CVE-2021-3500

A flaw was found in djvulibre-3.5.28 and earlier. A Stack overflow in function DJVU::DjVuDocument::getdjvufile via crafted djvu file may lead to application crash and other consequences...

SUSE CVE-2022-1498

Inappropriate implementation in HTML Parser in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to leak cross-origin data via a crafted HTML page...

SUSE: Security Advisory (SUSE-SU-2019:1830-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Micro Focus SUSE CaaS Platform Access Control Error Vulnerability

An Access Control Error vulnerability exists in SUSE CaaS Platform that arises from a network system or product not properly restricting access to resources from unauthorized roles...

Security update for xen (important)

This update for xen fixes several issues. These security issues were fixed: - CVE-2017-10912: Page transfer might have allowed PV guest to elevate privilege XSA-217, bsc1042882 - CVE-2017-10913 CVE-2017-10914: Races in the grant table unmap code allowed for informations leaks and potentially...