59854 matches found
SUSE CVE-2024-26741
In the Linux kernel, the following vulnerability has been resolved: dccp/tcp: Unhash sk from ehash for tb2 alloc failure after checkestalblished. syzkaller reported a warning 0 in inetcskdestroysock with no repro. WARNONinetsksk-inetnum && !inetcsksk-icskbindhash; However, the syzkaller's log...
SUSE CVE-2023-45288
An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no...
SUSE CVE-2024-26660
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Implement bounds check for stream encoder creation in DCN301 'streamencregs' array is an array of dcn10streamencregisters structures. The array is initialized with four elements, corresponding to the four calls t...
SUSE CVE-2023-52621
In the Linux kernel, the following vulnerability has been resolved: bpf: Check rcureadlocktraceheld before calling bpf map helpers These three bpfmaplookup,update,deleteelem helpers are also available for sleepable bpf program, so add the corresponding lock assertion for sleepable bpf program,...
SUSE CVE-2024-2883
Use after free in ANGLE in Google Chrome prior to 123.0.6312.86 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Critical...
SUSE CVE-2021-47149
In the Linux kernel, the following vulnerability has been resolved: net: fujitsu: fix potential null-ptr-deref In fmvj18xgethwinfo, if ioremap fails there will be NULL pointer deref. To fix this, check the return value of ioremap and return -1 to the caller in case of failure...
SUSE CVE-2021-47150
In the Linux kernel, the following vulnerability has been resolved: net: fec: fix the potential memory leak in fecenetinit If the memory allocated for cbdbase is failed, it should free the memory allocated for the queues, otherwise it causes memory leak. And if the memory allocated for the queues...
SUSE CVE-2021-47113
In the Linux kernel, the following vulnerability has been resolved: btrfs: abort in renameexchange if we fail to insert the second ref Error injection stress uncovered a problem where we'd leave a dangling inode ref if we failed during a renameexchange. This happens because we insert the inode re...
SUSE CVE-2021-47114
In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix data corruption by fallocate When fallocate punches holes out of inode size, if original isize is in the middle of last cluster, then the part from isize to the end of the cluster will be zeroed with buffer write, at...
SUSE CVE-2021-47105
In the Linux kernel, the following vulnerability has been resolved: ice: xsk: return xsk buffers back to pool when cleaning the ring Currently we only NULL the xdpbuff pointer in the internal SW ring but we never give it back to the xsk buffer pool. This means that buffers can be leaked out of th...
SUSE CVE-2023-52503
In the Linux kernel, the following vulnerability has been resolved: tee: amdtee: fix use-after-free vulnerability in amdteeclosesession There is a potential race condition in amdteeclosesession that may cause use-after-free in amdteeopensession. For instance, if a session has refcount == 1, and o...
SUSE CVE-2021-47074
In the Linux kernel, the following vulnerability has been resolved: nvme-loop: fix memory leak in nvmeloopcreatectrl When creating loop ctrl in nvmeloopcreatectrl, if nvmeinitctrl fails, the loop ctrl should be freed before jumping to the "out" label...
SUSE CVE-2023-52501
In the Linux kernel, the following vulnerability has been resolved: ring-buffer: Do not attempt to read past "commit" When iterating over the ring buffer while the ring buffer is active, the writer can corrupt the reader. There's barriers to help detect this and handle it, but that code missed th...
SUSE CVE-2023-52580
In the Linux kernel, the following vulnerability has been resolved: net/core: Fix ETHP1588 flow dissector When a PTP ethernet raw frame with a size of more than 256 bytes followed by a 0xff pattern is sent to skbflowdissect, nhoff value calculation is wrong. For example: hdr-messagelength takes t...
SUSE CVE-2023-52478
In the Linux kernel, the following vulnerability has been resolved: HID: logitech-hidpp: Fix kernel crash on receiver USB disconnect hidppconnectevent has four time-of-check vs time-of-use TOCTOU races when it races with itself. hidppconnectevent primarily runs from a workqueue but it also runs o...
SUSE CVE-2021-46948
In the Linux kernel, the following vulnerability has been resolved: sfc: farch: fix TX queue lookup in TX event handling We're starting from a TXQ label, not a TXQ type, so efxchannelgettxqueue is inappropriate and could return NULL, leading to panics...
SUSE CVE-2021-46988
In the Linux kernel, the following vulnerability has been resolved: userfaultfd: release page in error path to avoid BUGON Consider the following sequence of events: 1. Userspace issues a UFFD ioctl, which ends up calling into shmemmfillatomicpte. We successfully account the blocks, we...
SUSE CVE-2021-47004
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid touching checkpointed data in getvictim In CP disabling mode, there are two issues when using LFS or SSR | ATSSR mode to select victim: 1. LFS is set to find source section during GC, the victim should have no...
SUSE CVE-2023-52475
In the Linux kernel, the following vulnerability has been resolved: Input: powermate - fix use-after-free in powermateconfigcomplete syzbot has found a use-after-free bug 1 in the powermate driver. This happens when the device is disconnected, which leads to a memory free from the powermatedevice...
SUSE CVE-2021-46939
In the Linux kernel, the following vulnerability has been resolved: tracing: Restructure traceclockglobal to never block It was reported that a fix to the ring buffer recursion detection would cause a hung machine when performing suspend / resume testing. The following backtrace was extracted fro...
SUSE CVE-2021-46944
In the Linux kernel, the following vulnerability has been resolved: media: staging/intel-ipu3: Fix memory leak in imufmt We are losing the reference to an allocated memory if try. Change the order of the check to avoid that...
SUSE CVE-2024-1151
A vulnerability was reported in the Open vSwitch sub-component in the Linux Kernel. The flaw occurs when a recursive operation of code push recursively calls into the code block. The OVS module does not validate the stack depth, pushing too many frames and causing a stack overflow. As a result,...
SUSE CVE-2024-25741
printerwrite in drivers/usb/gadget/function/fprinter.c in the Linux kernel through 6.7.4 does not properly call usbepqueue, which might allow attackers to cause a denial of service or have unspecified other impact...
SUSE CVE-2023-6346
Use after free in WebAudio in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...
SUSE CVE-2023-47627
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. The HTTP parser in AIOHTTP has numerous problems with header parsing, which could lead to request smuggling. This parser is only used when AIOHTTPNOEXTENSIONS is enabled or not using a prebuilt wheel. These bugs have...
SUSE CVE-2023-5856
Use after free in Side Panel in Google Chrome prior to 119.0.6045.105 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Medium...
SUSE CVE-2021-35623
Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Security: Roles. Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successf...
SUSE CVE-2023-5479
Inappropriate implementation in Extensions API in Google Chrome prior to 118.0.5993.70 allowed an attacker who convinced a user to install a malicious extension to bypass an enterprise policy via a crafted HTML page. Chromium security severity: Medium...
SUSE CVE-2023-4389
A flaw was found in btrfsgetrootref in fs/btrfs/disk-io.c in the btrfs filesystem in the Linux Kernel due to a double decrement of the reference count. This issue may allow a local attacker with user privilege to crash the system or may lead to leaked internal kernel information...
SUSE CVE-2023-37259
matrix-react-sdk is a react-based SDK for inserting a Matrix chat/voip client into a web page. The Export Chat feature includes certain attacker-controlled elements in the generated document without sufficient escaping, leading to stored Cross site scripting XSS. Since the Export Chat feature...
SUSE CVE-2023-3422
Use after free in Guest View in Google Chrome prior to 114.0.5735.198 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...
SUSE CVE-2023-3217
Use after free in WebXR in Google Chrome prior to 114.0.5735.133 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...
SUSE CVE-2023-2513
A use-after-free vulnerability was found in the Linux kernel's ext4 filesystem in the way it handled the extra inode size for extended attributes. This flaw could allow a privileged local user to cause a system crash or other undefined behaviors...
SUSE CVE-2023-2461
Use after free in OS Inputs in Google Chrome on ChromeOS prior to 113.0.5672.63 allowed a remote attacker who convinced a user to enage in specific UI interaction to potentially exploit heap corruption via crafted UI interaction. Chromium security severity: Medium...
SUSE CVE-2023-27954
The issue was addressed by removing origin information. This issue is fixed in macOS Ventura 13.3, Safari 16.4, iOS 16.4 and iPadOS 16.4, iOS 15.7.4 and iPadOS 15.7.4, tvOS 16.4, watchOS 9.4. A website may be able to track sensitive user information...
SUSE CVE-2018-1305
Security constraints defined by annotations of Servlets in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 were only applied once a Servlet had been loaded. Because security constraints defined in this way apply to the URL pattern and any URLs below that...
SUSE CVE-2023-1814
Insufficient validation of untrusted input in Safe Browsing in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to bypass download checking via a crafted HTML page. Chromium security severity: Medium...
SUSE CVE-2023-1821
Inappropriate implementation in WebShare in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to potentially hide the contents of the Omnibox URL bar via a crafted HTML page. Chromium security severity: Low...
SUSE CVE-2023-27579
TensorFlow is an end-to-end open source platform for machine learning. Constructing a tflite model with a paramater filterinputchannel of less than 1 gives a FPE. This issue has been patched in version 2.12. TensorFlow will also cherrypick the fix commit on TensorFlow 2.11.1...
SUSE CVE-2023-1095
In nftablesupdtable, if nftablestableenable returns an error, nfttransdestroy is called to free the transaction object. nfttransdestroy calls listdel, but the transaction was never placed on a list -- the list head is all zeroes, this results in a NULL pointer dereference...
SUSE CVE-2023-22998
In the Linux kernel before 6.0.3, drivers/gpu/drm/virtio/virtgpuobject.c misinterprets the drmgemshmemgetsgtable return value expects it to be NULL in the error case, whereas it is actually an error pointer...
SUSE CVE-2002-2437
The JavaScript implementation in Mozilla Firefox before 4.0, Thunderbird before 3.3, and SeaMonkey before 2.1 does not properly restrict the set of values contained in the object returned by the getComputedStyle method, which allows remote attackers to obtain sensitive information about visited w...
SUSE CVE-2003-0434
Various PDF viewers including 1 Adobe Acrobat 5.06 and 2 Xpdf 1.01 allow remote attackers to execute arbitrary commands via shell metacharacters in an embedded hyperlink...
SUSE CVE-2004-0686
Buffer overflow in Samba 2.2.x to 2.2.9, and 3.0.0 to 3.0.4, when the "mangling method = hash" option is enabled in smb.conf, has unknown impact and attack vectors...
SUSE CVE-2004-1237
Unknown vulnerability in the system call filtering code in the audit subsystem for Red Hat Enterprise Linux 3 allows local users to cause a denial of service system crash via unknown vectors...
SUSE CVE-2006-0200
Format string vulnerability in the error-reporting feature in the mysqli extension in PHP 5.1.0 and 5.1.1 might allow remote attackers to execute arbitrary code via format string specifiers in MySQL error messages...
SUSE CVE-2006-1260
Horde Application Framework 3.0.9 allows remote attackers to read arbitrary files via a null character in the url parameter in services/go.php, which bypasses a sanity check...
SUSE CVE-2006-3014
Microsoft Excel allows user-assisted attackers to execute arbitrary javascript and redirect users to arbitrary sites via an Excel spreadsheet with an embedded Shockwave Flash Player ActiveX Object, which is automatically executed when the user opens the spreadsheet...
SUSE CVE-2006-6737
Unspecified vulnerability in Sun Java Development Kit JDK and Java Runtime Environment JRE 5.0 Update 5 and earlier, Java System Development Kit SDK and JRE 1.4.210 and earlier 1.4.x versions, and SDK and JRE 1.3.118 and earlier allows attackers to use untrusted applets to "access data in other...
SUSE CVE-2007-2164
Konqueror 3.5.5 release 45.4 allows remote attackers to cause a denial of service browser crash or abort via JavaScript that matches a regular expression against a long string, as demonstrated using /./...