59854 matches found
SUSE CVE-2026-4224
When an Expat parser with a registered ElementDeclHandler parses an inline document type definition containing a deeply nested content model a C stack overflow occurs...
SUSE CVE-2026-27962
Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.9, a JWK Header Injection vulnerability in authlib's JWS implementation allows an unauthenticated attacker to forge arbitrary JWT tokens that pass signature verification. When key=None is passed to any...
SUSE CVE-2026-28490
Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.9, a cryptographic padding oracle vulnerability was identified in the Authlib Python library concerning the implementation of the JSON Web Encryption JWE RSA15 key management algorithm. Authlib registe...
SUSE CVE-2026-28498
Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.9, a library-level vulnerability was identified in the Authlib Python library concerning the validation of OpenID Connect OIDC ID Tokens. Specifically, the internal hash verification logic verifyhash...
SUSE CVE-2026-32627
cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.37.2, when a cpp-httplib client is configured with a proxy and setfollowlocationtrue, any HTTPS redirect it follows will have TLS certificate and hostname verification silently disabled on the new...
SUSE CVE-2026-32776
libexpat before 2.7.5 allows a NULL pointer dereference with empty external parameter entity content...
SUSE CVE-2026-32778
libexpat before 2.7.5 allows a NULL pointer dereference in the function setContext on retry after an earlier ouf-of-memory condition...
SUSE CVE-2025-58266
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Fumiki Takahashi Gianism gianism allows Stored XSS.This issue affects Gianism: from n/a through = 6.0.0...
SUSE CVE-2026-32777
libexpat before 2.7.5 allows an infinite loop while parsing DTD content...
SUSE CVE-2025-61154
Heap buffer overflow vulnerability in LibreDWG versions v0.13.3.7571 up to v0.13.3.7835 allows a crafted DWG file to cause a Denial of Service DoS via the function decompressR2004section at decode.c...
SUSE CVE-2026-23941
Inconsistent Interpretation of HTTP Requests 'HTTP Request Smuggling' vulnerability in Erlang OTP inets httpd module allows HTTP Request Smuggling. This vulnerability is associated with program files lib/inets/src/httpserver/httpdrequest.erl and program routines httpdrequest:parseheaders/7. The...
SUSE CVE-2026-23942
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Erlang OTP sshsftpd module allows Path Traversal. This vulnerability is associated with program files lib/ssh/src/sshsftpd.erl and program routines sshsftpd:iswithinroot/2. The SFTP server uses string...
SUSE CVE-2026-23943
Improper Handling of Highly Compressed Data Compression Bomb vulnerability in Erlang OTP ssh sshtransport modules allows Denial of Service via Resource Depletion. The SSH transport layer advertises legacy zlib compression by default and inflates attacker-controlled payloads pre-authentication...
SUSE CVE-2026-26127
unknown...
SUSE CVE-2026-26130
unknown...
SUSE CVE-2026-29774
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.24.0, a client-side heap buffer overflow occurs in the FreeRDP client's AVC420/AVC444 YUV-to-RGB conversion path due to missing horizontal bounds validation of H.264 metablock regionRects coordinates. In yuv.c, the clamp...
SUSE CVE-2026-29775
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.24.0, a client-side heap out-of-bounds read/write occurs in FreeRDP's bitmap cache subsystem due to an off-by-one boundary check in bitmapcacheput. A malicious server can send a CACHEBITMAPORDER Rev1 with cacheId equal to...
SUSE CVE-2026-29776
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.24.0, Integer Underflow in updatereadcachebitmaporder Function of FreeRDP's Core Library This vulnerability is fixed in 3.24.0...
SUSE CVE-2026-30853
calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Prior to 9.5.0, a path traversal vulnerability in the RocketBook .rb input plugin src/calibre/ebooks/rb/reader.py allows an attacker to write arbitrary files to any path writable by the calibre...
SUSE CVE-2026-31883
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.24.0, a sizet underflow in the IMA-ADPCM and MS-ADPCM audio decoders leads to heap-buffer-overflow write via the RDPSND audio channel. In libfreerdp/codec/dsp.c, the IMA-ADPCM and MS-ADPCM decoders subtract block header...
SUSE CVE-2026-31884
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.24.0, division by zero in MS-ADPCM and IMA-ADPCM decoders when nBlockAlign is 0, leading to a crash. In libfreerdp/codec/dsp.c, both ADPCM decoders use size % blocksize where blocksize = context-common.format.nBlockAlign...
SUSE CVE-2026-31885
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.24.0, there is an out-of-bounds read in MS-ADPCM and IMA-ADPCM decoders due to unchecked predictor and stepindex values from input data. This vulnerability is fixed in 3.24.0...
SUSE CVE-2026-31897
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.24.0, there is an out-of-bounds read in freerdpbitmapdecompressplanar when SrcSize is 0. The function dereferences srcp which points to pSrcData without first verifying that SrcSize = 1. When SrcSize is 0 and pSrcData is...
SUSE CVE-2026-31899
CairoSVG is an SVG converter based on Cairo, a 2D graphics library. Prior to Kozea/CairoSVG has exponential denial of service via recursive element amplification in cairosvg/defs.py. This causes CPU exhaustion from a small input...
SUSE CVE-2026-32640
SimpleEval is a library for adding evaluatable expressions into python projects. Prior to 1.0.5, objects including modules can leak dangerous modules through to direct access inside the sandbox. If the objects you've passed in as names to SimpleEval have modules or other disallowed / dangerous...
SUSE CVE-2026-32746
telnetd in GNU inetutils through 2.7 allows an out-of-bounds write in the LINEMODE SLC Set Local Characters suboption handler because addslc does not check whether the buffer is full...
SUSE CVE-1999-0512
A mail server is explicitly configured to allow SMTP mail relay, which allows abuse by spammers...
SUSE CVE-2009-1350
Unspecified vulnerability in xtagent.exe in Novell NetIdentity Client before 1.2.4 allows remote attackers to execute arbitrary code by establishing an IPC$ connection to the XTIERRPCPIPE named pipe, and sending RPC messages that trigger a dereference of an arbitrary pointer...
SUSE CVE-2010-4326
Multiple buffer overflows in gwwww1.dll in GroupWise Internet Agent GWIA in Novell GroupWise before 8.02HP allow remote attackers to execute arbitrary code via variables in a VCALENDAR message, as demonstrated by a long 1 REQUEST-STATUS, 2 TZNAME, 3 COMMENT, or 4 RRULE variable in this message...
SUSE CVE-2010-5323
Directory traversal vulnerability in UploadServlet in the Remote Management component in Novell ZENworks Configuration Management ZCM 10 before 10.3 allows remote attackers to execute arbitrary code via a crafted WAR pathname in the filename parameter in conjunction with WAR content in the POST...
SUSE CVE-2013-1085
Stack-based buffer overflow in the nim: protocol handler in Novell GroupWise Messenger 2.04 and earlier, and Novell Messenger 2.1.x and 2.2.x before 2.2.2, allows remote attackers to execute arbitrary code via an import command containing a long string in the filename parameter...
SUSE CVE-2017-18873
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It allows attackers to cause a denial of service channel invisibility via a misformatted post...
SUSE CVE-2017-18903
An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2. CSRF can occur if CORS is enabled...
SUSE CVE-2017-18906
An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2, when Single Sign-On OAuth2 is used. An attacker could claim somebody else's account...
SUSE CVE-2017-18907
An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2. XSS could occur via a channel header...
SUSE CVE-2017-18908
An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2. A password-reset request was sometime sent to an attacker-provided e-mail address...
SUSE CVE-2017-18909
An issue was discovered in Mattermost Server before 3.9.0 when SAML is used. Encryption and signature verification are not mandatory...
SUSE CVE-2017-18911
An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. The X.509 certificate validation can be skipped for a TLS-based e-mail server...
SUSE CVE-2017-18912
An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. It allows an attacker to specify a full pathname of a log file...
SUSE CVE-2017-18915
An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. After a restart of a server, an attacker might suddenly gain API Endpoint access...
SUSE CVE-2017-18916
An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. API endpoint access control does not honor an integration permission restriction...
SUSE CVE-2017-18917
An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. Weak hashing was used for e-mail invitations, OAuth, and e-mail verification tokens...
SUSE CVE-2017-18918
An issue was discovered in Mattermost Server before 3.7.3 and 3.6.5. A System Administrator can place a SAML certificate at an arbitrary pathname...
SUSE CVE-2018-17967
ImageMagick 7.0.7-28 has a memory leak vulnerability in ReadBGRImage in coders/bgr.c...
SUSE CVE-2025-15558
Docker CLI for Windows searches for plugin binaries in C:\ProgramData\Docker\cli-plugins, a directory that does not exist by default. A low-privileged attacker can create this directory and place malicious CLI plugin binaries docker-compose.exe, docker-buildx.exe, etc. that are executed when a...
SUSE CVE-2026-2673
Issue summary: An OpenSSL TLS 1.3 server may fail to negotiate the expected preferred key exchange group when its key exchange group configuration includes the default by using the 'DEFAULT' keyword. Impact summary: A less preferred key exchange may be used even when a more preferred group is...
SUSE CVE-2026-31806
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.24.0, the gdisurfacebits function processes SURFACEBITSCOMMAND messages sent by the RDP server. When the command is handled using NSCodec, the bmp.width and bmp.height values provided by the server are not properly...
SUSE CVE-2026-3497
Vulnerability in the OpenSSH GSSAPI delta included in various Linux distributions. This vulnerability affects the GSSAPI patches added by various Linux distributions and does not affect the OpenSSH upstream project itself. The usage of sshpktdisconnect on an error, which does not terminate the...
SUSE CVE-2026-3909
Out of bounds write in Skia in Google Chrome prior to 146.0.7680.75 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. Chromium security severity: High...
SUSE CVE-2026-3910
Inappropriate implementation in V8 in Google Chrome prior to 146.0.7680.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...