SUSE CVE-2018-11739

An issue was discovered in libtskimg.a in The Sleuth Kit TSK from release 4.0.2 through to 4.6.1. An out-of-bounds read of a memory region was found in the function rawread in tsk/img/raw.c which could be leveraged by an attacker to disclose information or manipulated to read from unmapped memory...

SUSE CVE-2018-16866

An out of bounds read was discovered in systemd-journald in the way it parses log messages that terminate with a colon ':'. A local attacker can use this flaw to disclose process memory data. Versions from v221 to v239 are vulnerable...

SUSE CVE-2018-1000301

curl version curl 7.20.0 to and including curl 7.59.0 contains a CWE-126: Buffer Over-read vulnerability in denial of service that can result in curl can be tricked into reading data beyond the end of a heap based buffer used to store downloaded RTSP content.. This vulnerability appears to have...

SUSE CVE-2019-3829

A vulnerability was found in gnutls versions from 3.5.8 before 3.6.7. A memory corruption double free vulnerability in the certificate verification API. Any client or server application that verifies X.509 certificates with GnuTLS 3.5.8 or later is affected...

SUSE CVE-2019-6468

In BIND Supported Preview Edition, an error in the nxdomain-redirect feature can occur in versions which support EDNS Client Subnet ECS features. In those versions which have ECS support, enabling nxdomain-redirect is likely to lead to BIND exiting due to assertion failure. Versions affected: BIN...

SUSE CVE-2019-6472

A packet containing a malformed DUID can cause the Kea DHCPv6 server process kea-dhcp6 to exit due to an assertion failure. Versions affected: 1.4.0 to 1.5.0, 1.6.0-beta1, and 1.6.0-beta2...

SUSE CVE-2019-15738

An issue was discovered in GitLab Community and Enterprise Edition 12.0 through 12.2.1. Under certain conditions, merge request IDs were being disclosed via email...

SUSE CVE-2019-18451

An issue was discovered in GitLab Community and Enterprise Edition 10.7.4 through 12.4 in the InternalRedirect filtering feature. It has an Open Redirect...

SUSE CVE-2019-20202

An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxmlcharcontent tries to use realloc on a block that was not allocated, leading to an invalid free and segmentation fault...

SUSE CVE-2020-8516

The daemon in Tor through 0.4.1.8 and 0.4.2.x through 0.4.2.6 does not verify that a rendezvous node is known before attempting to connect to it, which might make it easier for remote attackers to discover circuit information. NOTE: The network team of Tor claims this is an intended behavior and...

SUSE CVE-2020-13846

Sylabs Singularity 3.5.0 through 3.5.3 fails to report an error in a Status Code...

SUSE CVE-2020-36327

Bundler 1.16.0 through 2.2.9 and 2.2.11 through 2.2.16 sometimes chooses a dependency source based on the highest gem version number, which means that a rogue gem found at a public source may be chosen, even if the intended choice was a private gem that is a dependency of another private gem that...

SUSE CVE-2021-22876

curl 7.1.1 to and including 7.75.0 is vulnerable to an "Exposure of Private Personal Information to an Unauthorized Actor" by leaking credentials in the HTTP Referer: header. libcurl does not strip off user credentials from the URL when automatically populating the Referer: HTTP request header...

SUSE CVE-2021-36756

CFEngine Enterprise 3.15.0 through 3.15.4 has Missing SSL Certificate Validation...

SUSE CVE-2021-39921

NULL pointer exception in the Modbus dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file...

SUSE CVE-2021-41039

In versions 1.6 to 2.0.11 of Eclipse Mosquitto, an MQTT v5 client connecting with a large number of user-property properties could cause excessive CPU usage, leading to a loss of performance and possible denial of service...

SUSE CVE-2021-45930

Qt SVG in Qt 5.0.0 through 5.15.2 and 6.0.0 through 6.2.1 has an out-of-bounds write in QtPrivate::QCommonArrayOps::growAppend called from QPainterPath::addPath and QPathClipper::intersect...

SUSE CVE-2022-24070

Subversion's moddavsvn is vulnerable to memory corruption. While looking up path-based authorization rules, moddavsvn servers may attempt to use memory which has already been freed. Affected Subversion moddavsvn servers 1.10.0 through 1.14.1 inclusive. Servers that do not use moddavsvn are not...

SUSE CVE-2022-29501

SchedMD Slurm 21.08.x through 20.11.x has Incorrect Access Control that leads to Escalation of Privileges and code execution...

SUSE CVE-2023-0413

Dissection engine bug in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file...