suse

Product: linux_enterprise_server

A Improper Access Control vulnerability in the kernel of SUSE SUSE Linux Enterprise Server 12 SP5 breaks nftables, causing firewall rules applied via nftables to not be effective.This issue affects SU...

Published: Mar 5, 2026

Product: linux_enterprise_desktop

Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option....

Published: Jun 30, 2025

Product: linux_enterprise_real_time

Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option....

Published: Jun 30, 2025

Product: linux_enterprise_server_for_sap

Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option....

Published: Jun 30, 2025

Product: suse_linux

A path traversal vulnerability exists in rsync. It stems from behavior enabled by the `--inc-recursive` option, a default-enabled option for many client options and can be enabled by the server even i...

Published: Jan 14, 2025

Product: suse_linux

A flaw was found in rsync. It could allow a server to enumerate the contents of an arbitrary file from the client's machine. This issue occurs when files are being copied from a client to a server. Du...

Published: Jan 14, 2025

Product: suse_linux

A flaw was found in rsync which could be triggered when rsync compares file checksums. This flaw allows an attacker to manipulate the checksum length (s2length) to cause a comparison between a checksu...

Published: Jan 14, 2025

Product: linux_enterprise_high_performance_computing

An issue was discovered in psi/zfile.c in Artifex Ghostscript before 10.04.0. Out-of-bounds data access in filenameforall can lead to arbitrary code execution....

Published: Nov 10, 2024

Product: linux_enterprise_server

An issue was discovered in psi/zfile.c in Artifex Ghostscript before 10.04.0. Out-of-bounds data access in filenameforall can lead to arbitrary code execution....

Published: Nov 10, 2024

Product: linux_enterprise_server_for_sap

An issue was discovered in psi/zfile.c in Artifex Ghostscript before 10.04.0. Out-of-bounds data access in filenameforall can lead to arbitrary code execution....

Published: Nov 10, 2024

Product: linux_enterprise_high_performance_computing

An issue was discovered in psi/zcolor.c in Artifex Ghostscript before 10.04.0. There is an out-of-bounds read when reading color in Indexed color space....

Published: Nov 10, 2024

Product: linux_enterprise_server

An issue was discovered in psi/zcolor.c in Artifex Ghostscript before 10.04.0. There is an out-of-bounds read when reading color in Indexed color space....

Published: Nov 10, 2024

Product: linux_enterprise_server_for_sap

An issue was discovered in psi/zcolor.c in Artifex Ghostscript before 10.04.0. There is an out-of-bounds read when reading color in Indexed color space....

Published: Nov 10, 2024

Product: linux_enterprise_high_performance_computing

An issue was discovered in base/gsdevice.c in Artifex Ghostscript before 10.04.0. An integer overflow when parsing the filename format string (for the output filename) results in path truncation, and ...

Published: Nov 10, 2024

Product: linux_enterprise_server

An issue was discovered in base/gsdevice.c in Artifex Ghostscript before 10.04.0. An integer overflow when parsing the filename format string (for the output filename) results in path truncation, and ...

Published: Nov 10, 2024

Product: linux_enterprise_server_for_sap

An issue was discovered in base/gsdevice.c in Artifex Ghostscript before 10.04.0. An integer overflow when parsing the filename format string (for the output filename) results in path truncation, and ...

Published: Nov 10, 2024

Product: linux_enterprise_high_performance_computing

An issue was discovered in psi/zcolor.c in Artifex Ghostscript before 10.04.0. An unchecked Implementation pointer in Pattern color space could lead to arbitrary code execution....

Published: Nov 10, 2024

Product: linux_enterprise_server

An issue was discovered in psi/zcolor.c in Artifex Ghostscript before 10.04.0. An unchecked Implementation pointer in Pattern color space could lead to arbitrary code execution....

Published: Nov 10, 2024

Product: linux_enterprise_server_for_sap

An issue was discovered in psi/zcolor.c in Artifex Ghostscript before 10.04.0. An unchecked Implementation pointer in Pattern color space could lead to arbitrary code execution....

Published: Nov 10, 2024

Product: rancher

A vulnerability has been identified which may lead to sensitive data being leaked into Rancher's audit logs. [Rancher Audit Logging](https://ranchermanager.docs.rancher.com/how-to-guides/advanced-user...

Published: Oct 16, 2024

Product: linux_enterprise_micro

A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote at...

Published: Jul 1, 2024

Product: linux_enterprise

Relax-and-Recover (aka ReaR) through 2.7 creates a world-readable initrd when using GRUB_RESCUE=y. This allows local attackers to gain access to system secrets otherwise only readable by root....

Published: Jan 12, 2024

Product: linux_enterprise_server

The Diffie-Hellman Key Agreement Protocol allows remote attackers (from the client side) to send arbitrary numbers that are actually not public keys, and trigger expensive server-side DHE modular-expo...

Published: Nov 11, 2021

Product: suse_linux_enterprise_desktop

Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page....

Published: Mar 23, 2020

Product: suse_linux_enterprise_server

Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page....

Published: Mar 23, 2020

Product: suse_linux_enterprise_desktop

Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page....

Published: Mar 23, 2020

Product: suse_linux_enterprise_server

Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page....

Published: Mar 23, 2020

Product: suse_linux_enterprise_desktop

Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page....

Published: Mar 23, 2020

Product: suse_linux_enterprise_server

Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page....

Published: Mar 23, 2020

Product: suse_linux_enterprise_desktop

Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page....

Published: Mar 23, 2020

Product: suse_linux_enterprise_server

Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page....

Published: Mar 23, 2020

Product: suse_linux_enterprise_desktop

Inappropriate implementation in V8 in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page....

Published: Mar 23, 2020

Product: suse_linux_enterprise_server

Inappropriate implementation in V8 in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page....

Published: Mar 23, 2020

Product: suse_linux_enterprise_desktop

Use after free in media in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page....

Published: Mar 23, 2020

Product: suse_linux_enterprise_server

Use after free in media in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page....

Published: Mar 23, 2020

Product: suse_linux_enterprise_desktop

Use after free in WebGL in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page....

Published: Mar 23, 2020

Product: suse_linux_enterprise_server

Use after free in WebGL in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page....

Published: Mar 23, 2020

Product: package_hub

In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability was discovered where malicious code could be used to trigger an XSS attack through retrieving and displaying results ...

Published: Mar 22, 2020

Product: package_hub

In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability has been discovered where certain parameters are not properly escaped when generating certain queries for search acti...

Published: Mar 22, 2020

Product: package_hub

In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability was found in retrieval of the current username (in libraries/classes/Server/Privileges.php and libraries/classes/User...

Published: Mar 22, 2020

Product: linux_enterprise_server

A UNIX Symbolic Link (Symlink) Following vulnerability in chkstat of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15, SUSE Linux Enterprise Server 11 set permissions intended for spec...

Published: Mar 2, 2020

Product: linux_enterprise_server

A Use After Free vulnerability in wicked of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15; openSUSE Leap 15.1, Factory allows remote attackers to cause DoS or potentially code execu...

Published: Mar 2, 2020

Product: linux_enterprise_server

A Use After Free vulnerability in wicked of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15; openSUSE Leap 15.1, Factory allows remote attackers to cause DoS or potentially code execu...

Published: Mar 2, 2020

Product: linux_enterprise_server

A UNIX Symbolic Link (Symlink) Following vulnerability in the mysql-systemd-helper of the mariadb packaging of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15 allows local attackers t...

Published: Mar 2, 2020

Product: linux_enterprise_server

A UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of salt of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15; openSUSE Factory allows local attackers to escalate...

Published: Mar 2, 2020

Product: linux_enterprise_desktop

Stack-based buffer overflow in the WritePSDImage function in coders/psd.c in ImageMagick 6.5.4 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary c...

Published: Feb 17, 2020

Product: linux_enterprise_server

Stack-based buffer overflow in the WritePSDImage function in coders/psd.c in ImageMagick 6.5.4 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary c...

Published: Feb 17, 2020

Product: linux_enterprise_software_development_kit

Stack-based buffer overflow in the WritePSDImage function in coders/psd.c in ImageMagick 6.5.4 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary c...

Published: Feb 17, 2020

Product: package_hub

Insufficient data validation in streams in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page....

Published: Feb 11, 2020

Product: package_hub

Inappropriate implementation in JavaScript in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page....

Published: Feb 11, 2020