suse_linux_enterprise_server

Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page....

Published: Mar 23, 2020

Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page....

Published: Mar 23, 2020

Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page....

Published: Mar 23, 2020

Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page....

Published: Mar 23, 2020

Inappropriate implementation in V8 in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page....

Published: Mar 23, 2020

Use after free in media in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page....

Published: Mar 23, 2020

Use after free in WebGL in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page....

Published: Mar 23, 2020

An authenticated server-side request forgery in Nextcloud server 16.0.1 allowed to detect local and remote services when adding a new subscription in the calendar application....

Published: Feb 4, 2020

Improper Input Validation in Nextcloud Server 15.0.7 allows group admins to create users with IDs of system folders....

Published: Feb 4, 2020

The process_tx_desc function in hw/net/e1000.c in QEMU before 2.4.0.1 does not properly process transmit descriptor data when sending a network packet, which allows attackers to cause a denial of serv...

Published: Jan 31, 2020

A Inclusion of Sensitive Information in Log Files vulnerability in yast2-rmt of SUSE Linux Enterprise Server 15; openSUSE Leap allows local attackers to learn the password if they can access the log f...

Published: Jan 27, 2020

In phpMyAdmin 4 before 4.9.4 and 5 before 5.0.1, SQL injection exists in the user accounts page. A malicious user could inject custom SQL in place of their own username when creating queries to this p...

Published: Jan 9, 2020

The /usr/sbin/pinger binary packaged with squid in SUSE Linux Enterprise Server 15 before and including version 4.8-5.8.1 and in SUSE Linux Enterprise Server 12 before and including 3.5.21-26.17.1 had...

Published: Oct 7, 2019

A stack-based buffer overflow in the find_green() function of dcraw through 9.28, as used in ufraw-batch and many other products, may allow a remote attacker to cause a control-flow hijack, denial-of-...

Published: Nov 29, 2018

Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Slowloris HTTP Denial of Service: An attacker can cause a Denial of Service (DoS) by sending headers very slowly keeping HTTP...

Published: Nov 28, 2018

Node.js: All versions prior to Node.js 6.15.0 and 8.14.0: HTTP request splitting: If Node.js can be convinced to use unsanitized user-provided Unicode data for the `path` option of an HTTP request, th...

Published: Nov 28, 2018

In libwpd 0.10.2, there is a NULL pointer dereference in the function WP6ContentListener::defineTable in WP6ContentListener.cpp that will lead to a denial of service attack. This is related to WPXTabl...

Published: Nov 12, 2018

An issue was discovered in mod_alias_physical_handler in mod_alias.c in lighttpd before 1.4.50. There is potential ../ path traversal of a single directory above an alias target, with a specific mod_a...

Published: Nov 7, 2018

lxc-user-nic when asked to delete a network interface will unconditionally open a user provided path. This code path may be used by an unprivileged user to check for the existence of a path which they...

Published: Aug 10, 2018

The kdump implementation is missing the host key verification in the kdump and mkdumprd OpenSSH integration of kdump prior to version 2012-01-20. This is similar to CVE-2011-3588, but different in tha...

Published: Jun 8, 2018

A race condition in the postgresql init script could be used by attackers able to access the postgresql account to escalate their privileges to root....

Published: Mar 1, 2018

Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis....

Published: Jan 4, 2018

The mkdumprd script called "dracut" in the current working directory "." allows local users to trick the administrator into executing code as root....

Published: Sep 8, 2017

ntp-keygen in ntp 4.2.8px before 4.2.8p2-RC2 and 4.3.x before 4.3.12 does not generate MD5 keys with sufficient entropy on big endian machines when the lowest order byte of the temp variable is betwee...

Published: Aug 9, 2017

The panic_gate check in NTP before 4.2.8p5 is only re-enabled after the first change to the system clock that was greater than 128 milliseconds by default, which allows remote attackers to set NTP to ...

Published: Jul 21, 2017

glibc contains a vulnerability that allows specially crafted LD_LIBRARY_PATH values to manipulate the heap/stack, causing them to alias, potentially resulting in arbitrary code execution. Please note ...

Published: Jun 19, 2017

game-music-emu before 0.6.1 mishandles unspecified integer values....

Published: Jun 6, 2017

game-music-emu before 0.6.1 allows local users to cause a denial of service (divide by zero and process crash)....

Published: Jun 6, 2017

Xen PV guest before Xen 4.3 checked access permissions to MMIO ranges only after accessing them, allowing host PCI device space memory reads, leading to information disclosure. This is an error in the...

Published: May 3, 2017

game-music-emu before 0.6.1 allows remote attackers to generate out of bounds 8-bit values....

Published: Apr 12, 2017

game-music-emu before 0.6.1 allows remote attackers to write to arbitrary memory locations....

Published: Apr 12, 2017

Stack-based buffer overflow in game-music-emu before 0.6.1....

Published: Apr 12, 2017

A code injection in the supportconfig data collection tool in supportutils in SUSE Linux Enterprise Server 12 and 12-SP1 and SUSE Linux Enterprise Desktop 12 and 12-SP1 could be used by local attacker...

Published: Mar 23, 2017

ImageMagick 6.8.9.9 allows remote attackers to cause a denial of service (application crash)....

Published: Mar 20, 2017

Logic error in ImageMagick 6.8.9.9 allows remote attackers to cause a denial of service (resource consumption)....

Published: Mar 20, 2017

The png coder in ImageMagick allows remote attackers to cause a denial of service (crash)....

Published: Mar 20, 2017

Memory leak in ImageMagick allows remote attackers to cause a denial of service (memory consumption)....

Published: Mar 20, 2017

The jng decoder in ImageMagick 6.8.9.9 allows remote attackers to have an unspecified impact....

Published: Mar 20, 2017

Buffer overflow in the ReadRLEImage function in coders/rle.c in ImageMagick 6.8.9.9 allows remote attackers to have unspecified impact....

Published: Mar 20, 2017

The ReadDIBImage function in coders/dib.c in ImageMagick allows remote attackers to cause a denial of service (crash) via a corrupted dib file....

Published: Mar 20, 2017

The ReadRLEImage function in coders/rle.c in ImageMagick 6.8.9.9 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted image file....

Published: Mar 20, 2017

The DecodePSDPixels function in coders/psd.c in ImageMagick 6.8.9.9 allows remote attackers to have unspecified impact via unknown vectors....

Published: Mar 20, 2017

Memory leak in the ReadPSDLayers function in coders/psd.c in ImageMagick 6.8.9.9 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors....

Published: Mar 20, 2017

The ReadPSDLayers function in coders/psd.c in ImageMagick 6.8.9.9 allows remote attackers to have unspecified impact via unknown vectors, related to "throwing of exceptions."...

Published: Mar 20, 2017

coders/tiff.c in ImageMagick allows remote attackers to cause a denial of service (application crash) via vectors related to the "identification of image."...

Published: Mar 17, 2017

The ntpq saveconfig command in NTP 4.1.2, 4.2.x before 4.2.8p6, 4.3, 4.3.25, 4.3.70, and 4.3.77 does not properly filter special characters, which allows attackers to cause unspecified impact via a cr...

Published: Jan 30, 2017

The manager_dispatch_notify_fd function in systemd allows local users to cause a denial of service (system hang) via a zero-length message received over a notify socket, which causes an error to be re...

Published: Oct 13, 2016

The archive_read_format_tar_read_header function in archive_read_support_format_tar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted...

Published: Sep 20, 2016

The process_extra function in libarchive before 3.2.0 uses the size field and a signed number in an offset, which allows remote attackers to cause a denial of service (crash) via a crafted zip file....

Published: Sep 20, 2016

The read_CodersInfo function in archive_read_support_format_7zip.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted 7z...

Published: Sep 20, 2016