# first-bug-seen-date,CVE,SUSE-CVSS3-base-score,NVD-CVSS3-base-score,first-bug-with-this-CVE,sourcepackage,URL,Description
20050929,CVE-2004-0558,-1,-1,59088,hplip,https://www.suse.com/security/cve/CVE-2004-0558,"The Internet Printing Protocol (IPP) implementation in CUPS before 1.1.21 allows remote attackers to cause a denial of service (service hang) via a certain UDP packet to the IPP port.",Released
20050929,CVE-2004-0801,-1,-1,59233,foomatic-filters,https://www.suse.com/security/cve/CVE-2004-0801,"Unknown vulnerability in foomatic-rip in Foomatic before 3.0.2 allows local users or remote attackers with access to CUPS to execute arbitrary commands.",Released
20050929,CVE-2004-0801,-1,-1,59233,hplip,https://www.suse.com/security/cve/CVE-2004-0801,"Unknown vulnerability in foomatic-rip in Foomatic before 3.0.2 allows local users or remote attackers with access to CUPS to execute arbitrary commands.",Released
20050929,CVE-2004-1333,-1,-1,64171,kernel-source,https://www.suse.com/security/cve/CVE-2004-1333,"Integer overflow in the vc_resize function in the Linux kernel 2.4 and 2.6 before 2.6.10 allows local users to cause a denial of service (kernel crash) via a short new screen value, which leads to a buffer overflow.",Analysis
20050929,CVE-2005-0916,-1,-1,100718,kernel-source,https://www.suse.com/security/cve/CVE-2005-0916,"AIO in the Linux kernel 2.6.11 on the PPC64 or IA64 architectures with CONFIG_HUGETLB_PAGE enabled allows local users to cause a denial of service (system panic) via a process that executes the io_queue_init function but exits without running io_queue_release, which causes exit_aio and is_hugepage_only_range to fail.",Analysis
20050929,CVE-2005-1762,-1,-1,73701,kernel-source,https://www.suse.com/security/cve/CVE-2005-1762,"The ptrace call in the Linux kernel 2.6.8.1 and 2.6.10 for the AMD64 platform allows local users to cause a denial of service (kernel crash) via a \"non-canonical\" address.",Ignore
20050929,CVE-2005-1765,-1,-1,85834,kernel-source,https://www.suse.com/security/cve/CVE-2005-1765,"syscall in the Linux kernel 2.6.8.1 and 2.6.10 for the AMD64 platform, when running in 32-bit compatibility mode, allows local users to cause a denial of service (kernel hang) via crafted arguments.",Analysis
20050929,CVE-2005-2457,-1,-1,100428,kernel-source,https://www.suse.com/security/cve/CVE-2005-2457,"The driver for compressed ISO file systems (zisofs) in the Linux kernel before 2.6.12.5 allows local users and remote attackers to cause a denial of service (kernel crash) via a crafted compressed ISO file system.",Analysis
20050929,CVE-2005-2459,-1,-1,100428,kernel-source,https://www.suse.com/security/cve/CVE-2005-2459,"The huft_build function in inflate.c in the zlib routines in the Linux kernel before 2.6.12.5 returns the wrong value, which allows remote attackers to cause a denial of service (kernel crash) via a certain compressed file that leads to a null pointer dereference, a different vulnerability than CVE-2005-2458.",Analysis
20051121,CVE-2005-2492,-1,-1,114365,kernel-source,https://www.suse.com/security/cve/CVE-2005-2492,"The raw_sendmsg function in the Linux kernel 2.6 before 2.6.13.1 allows local users to cause a denial of service (change hardware state) or read from arbitrary memory via crafted input.",Unsupported
20060110,CVE-2005-4618,-1,-1,142246,kernel-source,https://www.suse.com/security/cve/CVE-2005-4618,"Buffer overflow in sysctl in the Linux Kernel 2.6 before 2.6.15 allows local users to corrupt user memory and possibly cause a denial of service via a long string, which causes sysctl to write a zero byte outside the buffer.  NOTE: since the sysctl is called from a userland program that provides the argument, this might not be a vulnerability, unless a legitimate user-assisted or setuid scenario can be identified.",Analysis
20060110,CVE-2005-4635,-1,-1,138226,kernel-source,https://www.suse.com/security/cve/CVE-2005-4635,"The nl_fib_input function in fib_frontend.c in the Linux kernel before 2.6.15 does not check for valid lengths of the header and payload, which allows remote attackers to cause a denial of service (invalid memory reference) via malformed fib_lookup netlink messages.",Analysis
20060321,CVE-2006-0528,-1,-1,159675,firefox-cairo,https://www.suse.com/security/cve/CVE-2006-0528,"The cairo library (libcairo), as used in GNOME Evolution and possibly other products, allows remote attackers to cause a denial of service (persistent client crash) via an attached text file that contains \"Content-Disposition: inline\" in the header, and a very long line in the body, which causes the client to repeatedly crash until the e-mail message is manually removed, possibly due to a buffer overflow, as demonstrated using an XML attachment.",Affected
20060509,CVE-2006-1368,-1,-1,174069,kernel-source,https://www.suse.com/security/cve/CVE-2006-1368,"Buffer overflow in the USB Gadget RNDIS implementation in the Linux kernel before 2.6.16 allows remote attackers to cause a denial of service (kmalloc'd memory corruption) via a remote NDIS response to OID_GEN_SUPPORTED_LIST, which causes memory to be allocated for the reply data but not the reply structure.",Analysis
20060523,CVE-2006-2313,-1,-1,177931,postgresql94,https://www.suse.com/security/cve/CVE-2006-2313,"PostgreSQL 8.1.x before 8.1.4, 8.0.x before 8.0.8, 7.4.x before 7.4.13, 7.3.x before 7.3.15, and earlier versions allows context-dependent attackers to bypass SQL injection protection methods in applications via invalid encodings of multibyte characters, aka one variant of \"Encoding-Based SQL Injection.\"",Affected
20060523,CVE-2006-2314,-1,-1,177931,postgresql94,https://www.suse.com/security/cve/CVE-2006-2314,"PostgreSQL 8.1.x before 8.1.4, 8.0.x before 8.0.8, 7.4.x before 7.4.13, 7.3.x before 7.3.15, and earlier versions allows context-dependent attackers to bypass SQL injection protection methods in applications that use multibyte encodings that allow the \"\\" (backslash) byte 0x5c to be the trailing byte of a multibyte character, such as SJIS, BIG5, GBK, GB18030, and UHC, which cannot be handled correctly by a client that does not understand multibyte encodings, aka a second variant of \"Encoding-Based SQL Injection.\" NOTE: it could be argued that this is a class of issue related to interaction errors between the client and PostgreSQL, but a CVE has been assigned since PostgreSQL is treating this as a preventative measure against this class of problem.",Affected
20060712,CVE-2005-1080,-1,-1,191845,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2005-1080,"Directory traversal vulnerability in the Java Archive Tool (Jar) utility in J2SE SDK 1.4.2 and 1.5, and OpenJDK, allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in filenames in a .jar file.",Affected
20060725,CVE-2006-1168,-1,-1,194787,cups,https://www.suse.com/security/cve/CVE-2006-1168,"The decompress function in compress42.c in (1) ncompress 4.2.4 and (2) liblzw allows remote attackers to cause a denial of service (crash), and possibly execute arbitrary code, via crafted data that leads to a buffer underflow.",Released
20060725,CVE-2006-1168,-1,-1,194787,xorg-x11-libs,https://www.suse.com/security/cve/CVE-2006-1168,"The decompress function in compress42.c in (1) ncompress 4.2.4 and (2) liblzw allows remote attackers to cause a denial of service (crash), and possibly execute arbitrary code, via crafted data that leads to a buffer underflow.",Released
20060904,CVE-2006-4484,-1,-1,200181,gtk2,https://www.suse.com/security/cve/CVE-2006-4484,"Buffer overflow in the LWZReadByte_ function in ext/gd/libgd/gd_gif_in.c in the GD extension in PHP before 5.1.5 allows remote attackers to have an unknown impact via a GIF file with input_code_size greater than MAX_LWZ_BITS, which triggers an overflow when initializing the table array.",Released
20060905,CVE-2006-4339,-1,-1,202366,openssl,https://www.suse.com/security/cve/CVE-2006-4339,"OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8 before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents OpenSSL from correctly verifying X.509 and other certificates that use PKCS #1.",Released
20060915,CVE-2006-4343,-1,-1,202366,openssl,https://www.suse.com/security/cve/CVE-2006-4343,"The get_server_hello function in the SSLv2 client code in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows remote servers to cause a denial of service (client crash) via unknown vectors that trigger a null pointer dereference.",Already fixed
20060922,CVE-2006-2940,-1,-1,202366,openssl,https://www.suse.com/security/cve/CVE-2006-2940,"OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows attackers to cause a denial of service (CPU consumption) via parasitic public keys with large (1) \"public exponent\" or (2) \"public modulus\" values in X.509 certificates that require extra time to process when using RSA signature verification.",Released
20061018,CVE-2006-5331,-1,-1,213229,kernel-source,https://www.suse.com/security/cve/CVE-2006-5331,"The altivec_unavailable_exception function in arch/powerpc/kernel/traps.c in the Linux kernel before 2.6.19 on 64-bit systems mishandles the case where CONFIG_ALTIVEC is defined and the CPU actually supports Altivec, but the Altivec support was not detected by the kernel, which allows local users to cause a denial of service (panic) by triggering execution of an Altivec instruction.",Analysis
20061024,CVE-2006-4572,-1,-1,213693,kernel-source,https://www.suse.com/security/cve/CVE-2006-4572,"ip6_tables in netfilter in the Linux kernel before 2.6.16.31 allows remote attackers to (1) bypass a rule that disallows a protocol, via a packet with the protocol header not located immediately after the fragment header, aka \"ip6_tables protocol bypass bug;\" and (2) bypass a rule that looks for a certain extension header, via a packet with an extension header outside the first fragment, aka \"ip6_tables extension header bypass bug.\"",Already fixed
20070306,CVE-2007-0997,-1,-1,251686,kernel-source,https://www.suse.com/security/cve/CVE-2007-0997,"Race condition in the tee (sys_tee) system call in the Linux kernel 2.6.17 through 2.6.17.6 might allow local users to cause a denial of service (system crash), obtain sensitive information (kernel memory contents), or gain privileges via unspecified vectors related to a potentially dropped ipipe lock during a race between two pipe readers.",Analysis
20070328,CVE-2007-1351,-1,-1,247732,firefox-freetype2,https://www.suse.com/security/cve/CVE-2007-1351,"Integer overflow in the bdfReadCharacters function in bdfread.c in (1) X.Org libXfont before 20070403 and (2) freetype 2.3.2 and earlier allows remote authenticated users to execute arbitrary code via crafted BDF fonts, which result in a heap overflow.",Affected
20070406,CVE-2007-1357,-1,-1,251735,kernel-source,https://www.suse.com/security/cve/CVE-2007-1357,"The atalk_sum_skb function in AppleTalk for Linux kernel 2.6.x before 2.6.21, and possibly 2.4.x, allows remote attackers to cause a denial of service (crash) via an AppleTalk frame that is shorter than the specified length, which triggers a BUG_ON call when an attempt is made to perform a checksum.",Analysis
20070416,CVE-2007-1742,-1,-1,263789,apache2,https://www.suse.com/security/cve/CVE-2007-1742,"suexec in Apache HTTP Server (httpd) 2.2.3 uses a partial comparison for verifying whether the current directory is within the document root, which might allow local users to perform unauthorized operations on incorrect directories, as demonstrated using \"html_backup\" and \"htmleditor\" under an \"html\" directory. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because \"the attacks described rely on an insecure server configuration\" in which the user \"has write access to the document root.\"",Analysis
20070416,CVE-2007-1743,-1,-1,263789,apache2,https://www.suse.com/security/cve/CVE-2007-1743,"suexec in Apache HTTP Server (httpd) 2.2.3 does not verify combinations of user and group IDs on the command line, which might allow local users to leverage other vulnerabilities to create arbitrary UID/GID owned files if /proc is mounted. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because \"the attacks described rely on an insecure server configuration\" in which the user \"has write access to the document root.\" In addition, because this is dependent on other vulnerabilities, perhaps this is resultant and should not be included in CVE.",Analysis
20070525,CVE-2007-2451,-1,-1,278157,kernel-source,https://www.suse.com/security/cve/CVE-2007-2451,"Unspecified vulnerability in drivers/crypto/geode-aes.c in GEODE-AES in the Linux kernel before 2.6.21.3 allows attackers to obtain sensitive information via unspecified vectors.",Analysis
20070620,CVE-2007-2727,-1,-1,285893,php53,https://www.suse.com/security/cve/CVE-2007-2727,"The mcrypt_create_iv function in ext/mcrypt/mcrypt.c in PHP before 4.4.7, 5.2.1, and possibly 5.0.x and other PHP 5 versions, calls php_rand_r with an uninitialized seed variable and therefore always generates the same initialization vector (IV), which might allow context-dependent attackers to decrypt certain data more easily because of the guessable encryption keys.",Already fixed
20070622,CVE-2007-3105,-1,-1,286672,kernel-source,https://www.suse.com/security/cve/CVE-2007-3105,"Stack-based buffer overflow in the random number generator (RNG) implementation in the Linux kernel before 2.6.22 might allow local root users to cause a denial of service or gain privileges by setting the default wakeup threshold to a value greater than the output pool size, which triggers writing random numbers to the stack by the pool transfer function involving \"bound check ordering\". NOTE: this issue might only cross privilege boundaries in environments that have granular assignment of privileges for root.",Already fixed
20070622,CVE-2007-3294,-1,-1,286684,php53,https://www.suse.com/security/cve/CVE-2007-3294,"Multiple buffer overflows in libtidy, as used in the Tidy extension for PHP 5.2.3 and possibly other products, allow context-dependent attackers to execute arbitrary code via (1) a long second argument to the tidy_parse_string function or (2) an unspecified vector to the tidy_repair_string function.  NOTE: this might only be an issue in environments where vsnprintf is implemented as a wrapper for vsprintf.",Analysis
20070706,CVE-2006-6304,-1,-1,289890,kernel-source,https://www.suse.com/security/cve/CVE-2006-6304,"The do_coredump function in fs/exec.c in the Linux kernel 2.6.19 sets the flag variable to O_EXCL but does not use it, which allows context-dependent attackers to modify arbitrary files via a rewrite attack during a core dump.",Analysis
20070801,CVE-2007-3108,-1,-1,296511,openssl,https://www.suse.com/security/cve/CVE-2007-3108,"The BN_from_montgomery function in crypto/bn/bn_mont.c in OpenSSL 0.9.8e and earlier does not properly perform Montgomery multiplication, which might allow local users to conduct a side-channel attack and retrieve RSA private keys.",Released
20070831,CVE-2007-4601,-1,-1,306250,tcpd,https://www.suse.com/security/cve/CVE-2007-4601,"A regression error in tcp-wrappers 7.6.dbs-10 and 7.6.dbs-11 might allow remote attackers to bypass intended access restrictions when a service uses libwrap but does not specify server connection information.",Analysis
20070903,CVE-2007-4631,-1,-1,307089,qt3,https://www.suse.com/security/cve/CVE-2007-4631,"The DataLoader::doStart function in dataloader.cpp in QGit 1.5.6 and other versions up to 2pre1 allows local users to overwrite arbitrary files and execute arbitrary code via a symlink attack on temporary files with predictable filenames.",Analysis
20070907,CVE-2007-3847,-1,-1,308637,apache2,https://www.suse.com/security/cve/CVE-2007-3847,"The date handling code in modules/proxy/proxy_util.c (mod_proxy) in Apache 2.3.0, when using a threaded MPM, allows remote origin servers to cause a denial of service (caching forward proxy process crash) via crafted date headers that trigger a buffer over-read.",Analysis
20070917,CVE-2007-3740,-1,-1,325654,kernel-source,https://www.suse.com/security/cve/CVE-2007-3740,"The CIFS filesystem in the Linux kernel before 2.6.22, when Unix extension support is enabled, does not honor the umask of a process, which allows local users to gain privileges.",Analysis
20070921,CVE-2007-3379,-1,-1,327047,kernel-source,https://www.suse.com/security/cve/CVE-2007-3379,"Unspecified vulnerability in the kernel in Red Hat Enterprise Linux (RHEL) 4 on the x86_64 platform allows local users to cause a denial of service (OOPS) via unspecified vectors related to the get_gate_vma function and the fuser command.",Analysis
20070924,CVE-2007-4993,-1,-1,327688,xen,https://www.suse.com/security/cve/CVE-2007-4993,"pygrub (tools/pygrub/src/GrubConf.py) in Xen 3.0.3, when booting a guest domain, allows local users with elevated privileges in the guest domain to execute arbitrary commands in domain 0 via a crafted grub.conf file whose contents are used in exec statements.",Analysis
20070927,CVE-2007-3850,-1,-1,328904,kernel-source,https://www.suse.com/security/cve/CVE-2007-3850,"The eHCA driver in Linux kernel 2.6 before 2.6.22, when running on PowerPC, does not properly map userspace resources, which allows local users to read portions of physical address space.",Analysis
20070927,CVE-2007-4133,-1,-1,328899,kernel-source,https://www.suse.com/security/cve/CVE-2007-4133,"The (1) hugetlb_vmtruncate_list and (2) hugetlb_vmtruncate functions in fs/hugetlbfs/inode.c in the Linux kernel before 2.6.19-rc4 perform certain prio_tree calculations using HPAGE_SIZE instead of PAGE_SIZE units, which allows local users to cause a denial of service (panic) via unspecified vectors.",Unsupported
20070928,CVE-2007-5087,-1,-1,329212,kernel-source,https://www.suse.com/security/cve/CVE-2007-5087,"The ATM module in the Linux kernel before 2.4.35.3, when CLIP support is enabled, allows local users to cause a denial of service (kernel panic) by reading /proc/net/atm/arp before the CLIP module has been loaded.",Analysis
20070928,CVE-2007-5135,-1,-1,329208,openssl,https://www.suse.com/security/cve/CVE-2007-5135,"Off-by-one error in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 up to 0.9.7l, and 0.9.8 up to 0.9.8f, might allow remote attackers to execute arbitrary code via a crafted packet that triggers a one-byte buffer underflow.  NOTE: this issue was introduced as a result of a fix for CVE-2006-3738.  As of 20071012, it is unknown whether code execution is possible.",Released
20071001,CVE-2007-4997,-1,-1,307625,kernel-source,https://www.suse.com/security/cve/CVE-2007-4997,"Integer underflow in the ieee80211_rx function in net/ieee80211/ieee80211_rx.c in the Linux kernel 2.6.x before 2.6.23 allows remote attackers to cause a denial of service (crash) via a crafted SKB length value in a runt IEEE 802.11 frame when the IEEE80211_STYPE_QOS_DATA flag is set, aka an \"off-by-two error.\"",Analysis
20071004,CVE-2007-4772,-1,-1,329282,postgresql94,https://www.suse.com/security/cve/CVE-2007-4772,"The regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows context-dependent attackers to cause a denial of service (infinite loop) via a crafted regular expression.",Released
20071004,CVE-2007-4772,-1,-1,329282,postgresql94-libs,https://www.suse.com/security/cve/CVE-2007-4772,"The regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows context-dependent attackers to cause a denial of service (infinite loop) via a crafted regular expression.",Released
20071008,CVE-2007-4995,-1,-1,331726,openssl,https://www.suse.com/security/cve/CVE-2007-4995,"Off-by-one error in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8f allows remote attackers to execute arbitrary code via unspecified vectors.",Released
20071113,CVE-2007-5900,-1,-1,341275,php53,https://www.suse.com/security/cve/CVE-2007-5900,"PHP before 5.2.5 allows local users to bypass protection mechanisms configured through php_admin_value or php_admin_flag in httpd.conf by using ini_set to modify arbitrary configuration variables, a different issue than CVE-2006-4625.",Analysis
20071115,CVE-2007-5500,-1,-1,341548,kernel-source,https://www.suse.com/security/cve/CVE-2007-5500,"The wait_task_stopped function in the Linux kernel before 2.6.23.8 checks a TASK_TRACED bit instead of an exit_state value, which allows local users to cause a denial of service (machine crash) via unspecified vectors. NOTE: some of these details are obtained from third party information.",Analysis
20071115,CVE-2007-5934,-1,-1,341904,php53,https://www.suse.com/security/cve/CVE-2007-5934,"The LOB functionality in PEAR MDB2 before 2.5.0a1 interprets a request to store a URL string as a request to retrieve and store the contents of the URL, which might allow remote attackers to use MDB2 as an indirect proxy or obtain sensitive information via a URL into a form field in an MDB2 application, as demonstrated by a file:// URL or a URL for an intranet web site.",Analysis
20071119,CVE-2007-5494,-1,-1,342685,kernel-source,https://www.suse.com/security/cve/CVE-2007-5494,"Memory leak in the Red Hat Content Accelerator kernel patch in Red Hat Enterprise Linux (RHEL) 4 and 5 allows local users to cause a denial of service (memory consumption) via a large number of open requests involving O_ATOMICLOOKUP.",Analysis
20071119,CVE-2007-5502,-1,-1,342634,openssl,https://www.suse.com/security/cve/CVE-2007-5502,"The PRNG implementation for the OpenSSL FIPS Object Module 1.1.1 does not perform auto-seeding during the FIPS self-test, which generates random data that is more predictable than expected and makes it easier for attackers to bypass protection mechanisms that rely on the randomness.",Analysis
20071121,CVE-2007-6025,-1,-1,343284,wpa_supplicant,https://www.suse.com/security/cve/CVE-2007-6025,"Stack-based buffer overflow in driver_wext.c in wpa_supplicant 0.6.0 and earlier allows remote attackers to cause a denial of service (crash) via crafted TSF data.",Analysis
20071121,CVE-2007-6029,-1,-1,343277,clamav,https://www.suse.com/security/cve/CVE-2007-6029,"Unspecified vulnerability in ClamAV 0.91.1 and 0.91.2 allows remote attackers to execute arbitrary code via a crafted e-mail message. NOTE: this information is based upon a vague advisory by a vulnerability information sales organization that does not coordinate with vendors or release actionable advisories. A CVE has been assigned for tracking purposes, but duplicates with other CVEs are difficult to determine.",Analysis
20071128,CVE-2007-6039,-1,-1,341551,php53,https://www.suse.com/security/cve/CVE-2007-6039,"PHP 5.2.5 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a long string in (1) the domain parameter to the dgettext function, the message parameter to the (2) dcgettext or (3) gettext function, the msgid1 parameter to the (4) dngettext or (5) ngettext function, or (6) the classname parameter to the stream_wrapper_register function.  NOTE: this might not be a vulnerability in most web server environments that support multiple threads, unless this issue can be demonstrated for code execution.",Analysis
20071204,CVE-2007-6239,-1,-1,345829,squid,https://www.suse.com/security/cve/CVE-2007-6239,"The \"cache update reply processing\" functionality in Squid 2.x before 2.6.STABLE17 and Squid 3.0 allows remote attackers to cause a denial of service (crash) via unknown vectors related to HTTP headers and an Array memory leak during requests for cached objects.",Released
20071206,CVE-2007-6207,-1,-1,346452,xen,https://www.suse.com/security/cve/CVE-2007-6207,"Xen 3.x, possibly before 3.1.2, when running on IA64 systems, does not check the RID value for mov_to_rr, which allows a VTi domain to read memory of other domains.",Analysis
20071206,CVE-2007-6227,-1,-1,346455,kvm,https://www.suse.com/security/cve/CVE-2007-6227,"QEMU 0.9.0 allows local users of a Windows XP SP2 guest operating system to overwrite the TranslationBlock (code_gen_buffer) buffer, and probably have unspecified other impacts related to an \"overflow,\" via certain Windows executable programs, as demonstrated by qemu-dos.com.",Analysis
20071212,CVE-2007-4998,-1,-1,348106,kernel-bigmem,https://www.suse.com/security/cve/CVE-2007-4998,"cp, when running with an option to preserve symlinks on multiple OSes, allows local, user-assisted attackers to overwrite arbitrary files via a symlink attack using crafted directories containing multiple source files that are copied to the same destination.",Analysis
20071212,CVE-2007-4998,-1,-1,348106,kernel-default,https://www.suse.com/security/cve/CVE-2007-4998,"cp, when running with an option to preserve symlinks on multiple OSes, allows local, user-assisted attackers to overwrite arbitrary files via a symlink attack using crafted directories containing multiple source files that are copied to the same destination.",Analysis
20071212,CVE-2007-4998,-1,-1,348106,kernel-ec2,https://www.suse.com/security/cve/CVE-2007-4998,"cp, when running with an option to preserve symlinks on multiple OSes, allows local, user-assisted attackers to overwrite arbitrary files via a symlink attack using crafted directories containing multiple source files that are copied to the same destination.",Analysis
20071212,CVE-2007-4998,-1,-1,348106,kernel-pae,https://www.suse.com/security/cve/CVE-2007-4998,"cp, when running with an option to preserve symlinks on multiple OSes, allows local, user-assisted attackers to overwrite arbitrary files via a symlink attack using crafted directories containing multiple source files that are copied to the same destination.",Analysis
20071212,CVE-2007-4998,-1,-1,348106,kernel-ppc64,https://www.suse.com/security/cve/CVE-2007-4998,"cp, when running with an option to preserve symlinks on multiple OSes, allows local, user-assisted attackers to overwrite arbitrary files via a symlink attack using crafted directories containing multiple source files that are copied to the same destination.",Analysis
20071212,CVE-2007-4998,-1,-1,348106,kernel-source,https://www.suse.com/security/cve/CVE-2007-4998,"cp, when running with an option to preserve symlinks on multiple OSes, allows local, user-assisted attackers to overwrite arbitrary files via a symlink attack using crafted directories containing multiple source files that are copied to the same destination.",Analysis
20071212,CVE-2007-4998,-1,-1,348106,kernel-syms,https://www.suse.com/security/cve/CVE-2007-4998,"cp, when running with an option to preserve symlinks on multiple OSes, allows local, user-assisted attackers to overwrite arbitrary files via a symlink attack using crafted directories containing multiple source files that are copied to the same destination.",Analysis
20071212,CVE-2007-4998,-1,-1,348106,kernel-trace,https://www.suse.com/security/cve/CVE-2007-4998,"cp, when running with an option to preserve symlinks on multiple OSes, allows local, user-assisted attackers to overwrite arbitrary files via a symlink attack using crafted directories containing multiple source files that are copied to the same destination.",Analysis
20071212,CVE-2007-4998,-1,-1,348106,kernel-xen,https://www.suse.com/security/cve/CVE-2007-4998,"cp, when running with an option to preserve symlinks on multiple OSes, allows local, user-assisted attackers to overwrite arbitrary files via a symlink attack using crafted directories containing multiple source files that are copied to the same destination.",Analysis
20071214,CVE-2007-6337,-1,-1,343277,clamav,https://www.suse.com/security/cve/CVE-2007-6337,"Unspecified vulnerability in the bzip2 decompression algorithm in nsis/bzlib_private.h in ClamAV before 0.92 has unknown impact and remote attack vectors.",Analysis
20080109,CVE-2007-6279,-1,-1,342633,flac,https://www.suse.com/security/cve/CVE-2007-6279,"Multiple double free vulnerabilities in Free Lossless Audio Codec (FLAC) libFLAC before 1.2.1 allow user-assisted remote attackers to execute arbitrary code via malformed (1) Seektable values or (2) Seektable Data Offsets in a .FLAC file.",Analysis
20080114,CVE-2008-0001,-1,-1,353496,kernel-source,https://www.suse.com/security/cve/CVE-2008-0001,"VFS in the Linux kernel before 2.6.22.16, and 2.6.23.x before 2.6.23.14, performs tests of access mode by using the flag variable instead of the acc_mode variable, which might allow local users to bypass intended permissions and remove directories.",Unsupported
20080123,CVE-2007-4850,-1,-1,355542,php53,https://www.suse.com/security/cve/CVE-2007-4850,"curl/interface.c in the cURL library (aka libcurl) in PHP 5.2.4 and 5.2.5 allows context-dependent attackers to bypass safe_mode and open_basedir restrictions and read arbitrary files via a file:// request containing a \x00 sequence, a different vulnerability than CVE-2006-2563.",Already fixed
20080123,CVE-2007-6416,-1,-1,355642,kernel-source,https://www.suse.com/security/cve/CVE-2007-6416,"The copy_to_user function in the PAL emulation functionality for Xen 3.1.2 and earlier, when running on ia64 systems, allows HVM guest users to access arbitrary physical memory by triggering certain mapping operations.",Analysis
20080201,CVE-2007-6694,-1,-1,357902,kernel-source,https://www.suse.com/security/cve/CVE-2007-6694,"The chrp_show_cpuinfo function (chrp/setup.c) in Linux kernel 2.4.21 through 2.6.18-53, when running on PowerPC, might allow local users to cause a denial of service (crash) via unknown vectors that cause the of_get_property function to fail, which triggers a NULL pointer dereference.",Analysis
20080201,CVE-2008-0010,-1,-1,358006,kernel-source,https://www.suse.com/security/cve/CVE-2008-0010,"The copy_from_user_mmap_sem function in fs/splice.c in the Linux kernel 2.6.22 through 2.6.24 does not validate a certain userspace pointer before dereference, which allow local users to read from arbitrary kernel memory locations.",Analysis
20080204,CVE-2007-6697,-1,-1,355864,gtk2,https://www.suse.com/security/cve/CVE-2007-6697,"Buffer overflow in the LWZReadByte function in IMG_gif.c in SDL_image before 1.2.7 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted GIF file, a similar issue to CVE-2006-4484.  NOTE: some of these details are obtained from third party information.",Released
20080204,CVE-2008-0553,-1,-1,356187,gtk2,https://www.suse.com/security/cve/CVE-2008-0553,"Stack-based buffer overflow in the ReadImage function in tkImgGIF.c in Tk (Tcl/Tk) before 8.5.1 allows remote attackers to execute arbitrary code via a crafted GIF image, a similar issue to CVE-2006-4484.",Released
20080204,CVE-2008-0554,-1,-1,356280,gtk2,https://www.suse.com/security/cve/CVE-2008-0554,"Buffer overflow in the readImageData function in giftopnm.c in netpbm before 10.27 in netpbm before 10.27 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted GIF image, a similar issue to CVE-2006-4484.",Released
20080225,CVE-2008-0595,-1,-1,364532,dbus-1,https://www.suse.com/security/cve/CVE-2008-0595,"dbus-daemon in D-Bus before 1.0.3, and 1.1.x before 1.1.20, recognizes send_interface attributes in allow directives in the security policy only for fully qualified method calls, which allows local users to bypass intended access restrictions via a method call with a NULL interface.",Already fixed
20080320,CVE-2008-1373,-1,-1,372642,gtk2,https://www.suse.com/security/cve/CVE-2008-1373,"Buffer overflow in the gif_read_lzw function in CUPS 1.3.6 allows remote attackers to have an unknown impact via a GIF file with a large code_size value, a similar issue to CVE-2006-4484.",Released
20080325,CVE-2008-1483,8.2,,1069509,openssh-askpass-gnome,https://www.suse.com/security/cve/CVE-2008-1483,"OpenSSH 4.3p2, and probably other versions, allows local users to hijack forwarded X connections by causing ssh to set DISPLAY to :10, even when another process is listening on the associated port, as demonstrated by opening TCP port 6010 (IPv4) and sniffing a cookie sent by Emacs.",Released
20080325,CVE-2008-1483,8.2,,1069509,openssh,https://www.suse.com/security/cve/CVE-2008-1483,"OpenSSH 4.3p2, and probably other versions, allows local users to hijack forwarded X connections by causing ssh to set DISPLAY to :10, even when another process is listening on the associated port, as demonstrated by opening TCP port 6010 (IPv4) and sniffing a cookie sent by Emacs.",Released
20080402,CVE-2008-1612,-1,-1,376176,squid,https://www.suse.com/security/cve/CVE-2008-1612,"The arrayShrink function (lib/Array.c) in Squid 2.6.STABLE17 allows attackers to cause a denial of service (process exit) via unknown vectors that cause an array to shrink to 0 entries, which triggers an assert error. NOTE: this issue is due to an incorrect fix for CVE-2007-6239.",Released
20080505,CVE-2008-2051,-1,-1,386632,php53,https://www.suse.com/security/cve/CVE-2008-2051,"The escapeshellcmd API function in PHP before 5.2.6 has unknown impact and context-dependent attack vectors related to \"incomplete multibyte chars.\"",Already fixed
20080508,CVE-2008-1615,-1,-1,388123,kernel-source,https://www.suse.com/security/cve/CVE-2008-1615,"Linux kernel 2.6.18, and possibly other versions, when running on AMD64 architectures, allows local users to cause a denial of service (crash) via certain ptrace calls.",Analysis
20080512,CVE-2008-2136,-1,-1,389152,kernel-source,https://www.suse.com/security/cve/CVE-2008-2136,"Memory leak in the ipip6_rcv function in net/ipv6/sit.c in the Linux kernel 2.4 before 2.4.36.5 and 2.6 before 2.6.25.3 allows remote attackers to cause a denial of service (memory consumption) via network traffic to a Simple Internet Transition (SIT) tunnel interface, related to the pskb_may_pull and kfree_skb functions, and management of an skb reference count.",Analysis
20080521,CVE-2008-1948,-1,-1,392947,gnutls,https://www.suse.com/security/cve/CVE-2008-1948,"The _gnutls_server_name_recv_params function in lib/ext_server_name.c in libgnutls in gnutls-serv in GnuTLS before 2.2.4 does not properly calculate the number of Server Names in a TLS 1.0 Client Hello message during extension handling, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a zero value for the length of Server Names, which leads to a buffer overflow in session resumption data in the pack_security_parameters function, aka GNUTLS-SA-2008-1-1.",Released
20080526,CVE-2008-0891,-1,-1,394317,openssl,https://www.suse.com/security/cve/CVE-2008-0891,"Double free vulnerability in OpenSSL 0.9.8f and 0.9.8g, when the TLS server name extensions are enabled, allows remote attackers to cause a denial of service (crash) via a malformed Client Hello packet. NOTE: some of these details are obtained from third party information.",Released
20080604,CVE-2008-1947,-1,-1,396962,tomcat6,https://www.suse.com/security/cve/CVE-2008-1947,"Cross-site scripting (XSS) vulnerability in Apache Tomcat 5.5.9 through 5.5.26 and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via the name parameter (aka the hostname attribute) to host-manager/html/add.",Released
20080605,CVE-2008-1673,-1,-1,397347,kernel-source,https://www.suse.com/security/cve/CVE-2008-1673,"The asn1 implementation in (a) the Linux kernel 2.4 before 2.4.36.6 and 2.6 before 2.6.25.5, as used in the cifs and ip_nat_snmp_basic modules; and (b) the gxsnmp package; does not properly validate length values during decoding of ASN.1 BER data, which allows remote attackers to cause a denial of service (crash) or execute arbitrary code via (1) a length greater than the working buffer, which can lead to an unspecified overflow; (2) an oid length of zero, which can lead to an off-by-one error; or (3) an indefinite length for a primitive encoding.",Analysis
20080617,CVE-2008-2729,-1,-1,363921,kernel-source,https://www.suse.com/security/cve/CVE-2008-2729,"arch/x86_64/lib/copy_user.S in the Linux kernel before 2.6.19 on some AMD64 systems does not erase destination memory locations after an exception during kernel memory copy, which allows local users to obtain sensitive information.",Analysis
20080619,CVE-2008-1806,-1,-1,399169,firefox-freetype2,https://www.suse.com/security/cve/CVE-2008-1806,"Integer overflow in FreeType2 before 2.3.6 allows context-dependent attackers to execute arbitrary code via a crafted set of 16-bit length values within the Private dictionary table in a Printer Font Binary (PFB) file, which triggers a heap-based buffer overflow.",Affected
20080623,CVE-2008-2371,-1,-1,400013,firefox-glib2,https://www.suse.com/security/cve/CVE-2008-2371,"Heap-based buffer overflow in pcre_compile.c in the Perl-Compatible Regular Expression (PCRE) library 7.7 allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a regular expression that begins with an option and contains multiple branches.",Unsupported
20080703,CVE-2008-2315,-1,-1,406051,python-base,https://www.suse.com/security/cve/CVE-2008-2315,"Multiple integer overflows in Python 2.5.2 and earlier allow context-dependent attackers to have an unknown impact via vectors related to the (1) stringobject, (2) unicodeobject, (3) bufferobject, (4) longobject, (5) tupleobject, (6) stropmodule, (7) gcmodule, and (8) mmapmodule modules.  NOTE: The expandtabs integer overflows in stringobject and unicodeobject in 2.5.2 are covered by CVE-2008-5031.",Unsupported
20080703,CVE-2008-2315,-1,-1,406051,python,https://www.suse.com/security/cve/CVE-2008-2315,"Multiple integer overflows in Python 2.5.2 and earlier allow context-dependent attackers to have an unknown impact via vectors related to the (1) stringobject, (2) unicodeobject, (3) bufferobject, (4) longobject, (5) tupleobject, (6) stropmodule, (7) gcmodule, and (8) mmapmodule modules.  NOTE: The expandtabs integer overflows in stringobject and unicodeobject in 2.5.2 are covered by CVE-2008-5031.",Unsupported
20080731,CVE-2008-2476,-1,-1,412118,kernel-source,https://www.suse.com/security/cve/CVE-2008-2476,"The IPv6 Neighbor Discovery Protocol (NDP) implementation in (1) FreeBSD 6.3 through 7.1, (2) OpenBSD 4.2 and 4.3, (3) NetBSD, (4) Force10 FTOS before E7.7.1.1, (5) Juniper JUNOS, and (6) Wind River VxWorks 5.x through 6.4 does not validate the origin of Neighbor Discovery messages, which allows remote attackers to cause a denial of service (loss of connectivity) or read private network traffic via a spoofed message that modifies the Forward Information Base (FIB).",Analysis
20080811,CVE-2008-2420,-1,-1,416154,stunnel,https://www.suse.com/security/cve/CVE-2008-2420,"The OCSP functionality in stunnel before 4.24 does not properly search certificate revocation lists (CRL), which allows remote attackers to bypass intended access restrictions by using revoked certificates.",Analysis
20080815,CVE-2008-3687,-1,-1,417507,xen,https://www.suse.com/security/cve/CVE-2008-3687,"Heap-based buffer overflow in the flask_security_label function in Xen 3.3, when compiled with the XSM:FLASK module, allows unprivileged domain users (domU) to execute arbitrary code via the flask_op hypercall.",Analysis
20080818,CVE-2008-3522,-1,-1,1178702,jasper,https://www.suse.com/security/cve/CVE-2008-3522,"Buffer overflow in the jas_stream_printf function in libjasper/base/jas_stream.c in JasPer 1.900.1 might allow context-dependent attackers to have an unknown impact via vectors related to the mif_hdr_put function and use of vsprintf.",Released
20080820,CVE-2002-0389,-1,-1,418589,mailman,https://www.suse.com/security/cve/CVE-2002-0389,"Pipermail in Mailman stores private mail messages with predictable filenames in a world-executable directory, which allows local users to read private mailing list archives.",Released
20080821,CVE-2008-3686,-1,-1,419117,kernel-source,https://www.suse.com/security/cve/CVE-2008-3686,"The rt6_fill_node function in net/ipv6/route.c in Linux kernel 2.6.26-rc4, 2.6.26.2, and possibly other 2.6.26 versions, allows local users to cause a denial of service (kernel OOPS) via IPv6 requests when no IPv6 input device is in use, which triggers a NULL pointer dereference.",Analysis
20080903,CVE-2008-3529,-1,-1,422636,libxml2,https://www.suse.com/security/cve/CVE-2008-3529,"Heap-based buffer overflow in the xmlParseAttValueComplex function in parser.c in libxml2 before 2.7.0 allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via a long XML entity name.",Analysis
20080905,CVE-2008-3916,-1,-1,421849,ed,https://www.suse.com/security/cve/CVE-2008-3916,"Heap-based buffer overflow in the strip_escapes function in signal.c in GNU ed before 1.0 allows context-dependent or user-assisted attackers to execute arbitrary code via a long filename.  NOTE: since ed itself does not typically run with special privileges, this issue only crosses privilege boundaries when ed is invoked as a third-party component.",Released
20080916,CVE-2008-4100,-1,-1,426515,adns,https://www.suse.com/security/cve/CVE-2008-4100,"GNU adns 1.4 and earlier uses a fixed source port and sequential transaction IDs for DNS requests, which makes it easier for remote attackers to spoof DNS responses, a different vulnerability than CVE-2008-1447. NOTE: the vendor reports that this is intended behavior and is compatible with the product's intended role in a trusted environment.",Ignore
20081002,CVE-2008-3832,-1,-1,431484,kernel-source,https://www.suse.com/security/cve/CVE-2008-3832,"A certain Fedora patch for the utrace subsystem in the Linux kernel before 2.6.26.5-28 on Fedora 8, and before 2.6.26.5-45 on Fedora 9, allows local users to cause a denial of service (NULL pointer dereference and system crash or hang) via a call to the utrace_control function.",Ignore
20081006,CVE-2008-4422,-1,-1,432486,libxml2,https://www.suse.com/security/cve/CVE-2008-4422,"** REJECT **  DO NOT USE THIS CANDIDATE NUMBER.  ConsultIDs: CVE-2008-4409.  Reason: This candidate is a duplicate of CVE-2008-4409.  Notes: All CVE users should reference CVE-2008-4409 instead of this candidate.  All references and descriptions in this candidate have been removed to prevent accidental usage.",Affected
20081007,CVE-2008-3834,-1,-1,432901,dbus-1,https://www.suse.com/security/cve/CVE-2008-3834,"The dbus_signature_validate function in the D-bus library (libdbus) before 1.2.4 allows remote attackers to cause a denial of service (application abort) via a message containing a malformed signature, which triggers a failed assertion error.",Released
20081029,CVE-2008-4776,-1,-1,439770,kdenetwork4,https://www.suse.com/security/cve/CVE-2008-4776,"libgadu before 1.8.2 allows remote servers to cause a denial of service (crash) via a contact description with a large length, which triggers a buffer over-read.",Released
20081104,CVE-2008-4226,-1,-1,441368,libxml2,https://www.suse.com/security/cve/CVE-2008-4226,"Integer overflow in the xmlSAX2Characters function in libxml2 2.7.2 allows context-dependent attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a large XML document.",Unsupported
20081107,CVE-2008-4934,-1,-1,442595,kernel-source,https://www.suse.com/security/cve/CVE-2008-4934,"The hfsplus_block_allocate function in fs/hfsplus/bitmap.c in the Linux kernel before 2.6.28-rc1 does not check a certain return value from the read_mapping_page function before calling kmap, which allows attackers to cause a denial of service (system crash) via a crafted hfsplus filesystem image.",Analysis
20081110,CVE-2008-4989,,5.9,392947,gnutls,https://www.suse.com/security/cve/CVE-2008-4989,"The _gnutls_x509_verify_certificate function in lib/x509/verify.c in libgnutls in GnuTLS before 2.6.1 trusts certificate chains in which the last certificate is an arbitrary trusted, self-signed certificate, which allows man-in-the-middle attackers to insert a spoofed certificate for any Distinguished Name (DN).",Released
20081111,CVE-2008-5025,-1,-1,443640,kernel-source,https://www.suse.com/security/cve/CVE-2008-5025,"Stack-based buffer overflow in the hfs_cat_find_brec function in fs/hfs/catalog.c in the Linux kernel before 2.6.28-rc1 allows attackers to cause a denial of service (memory corruption or system crash) via an hfs filesystem image with an invalid catalog namelength field, a related issue to CVE-2008-4933.",Analysis
20081216,CVE-2008-5077,-1,-1,459468,openssl,https://www.suse.com/security/cve/CVE-2008-5077,"OpenSSL 0.9.8i and earlier does not properly check the return value from the EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys.",Unsupported
20081225,CVE-2008-5713,-1,-1,462501,kernel-source,https://www.suse.com/security/cve/CVE-2008-5713,"The __qdisc_run function in net/sched/sch_generic.c in the Linux kernel before 2.6.25 on SMP machines allows local users to cause a denial of service (soft lockup) by sending a large amount of network traffic, as demonstrated by multiple simultaneous invocations of the Netperf benchmark application in UDP_STREAM mode.",Analysis
20081230,CVE-2008-2383,-1,-1,462917,xterm,https://www.suse.com/security/cve/CVE-2008-2383,"CRLF injection vulnerability in xterm allows user-assisted attackers to execute arbitrary commands via LF (aka \n) characters surrounding a command name within a Device Control Request Status String (DECRQSS) escape sequence in a text file, a related issue to CVE-2003-0063 and CVE-2003-0071.",Already fixed
20090108,CVE-2009-0065,-1,-1,463522,kernel-source,https://www.suse.com/security/cve/CVE-2009-0065,"Buffer overflow in net/sctp/sm_statefuns.c in the Stream Control Transmission Protocol (sctp) implementation in the Linux kernel before 2.6.28-git8 allows remote attackers to have an unknown impact via an FWD-TSN (aka FORWARD-TSN) chunk with a large stream ID.",Already fixed
20090112,CVE-2008-5844,-1,-1,465286,php53,https://www.suse.com/security/cve/CVE-2008-5844,"PHP 5.2.7 contains an incorrect change to the FILTER_UNSAFE_RAW functionality, and unintentionally disables magic_quotes_gpc regardless of the actual magic_quotes_gpc setting, which might make it easier for context-dependent attackers to conduct SQL injection attacks and unspecified other attacks.",Analysis
20090114,CVE-2009-0028,-1,-1,465953,kernel-source,https://www.suse.com/security/cve/CVE-2009-0028,"The clone system call in the Linux kernel 2.6.28 and earlier allows local users to send arbitrary signals to a parent process from an unprivileged child process by launching an additional child process with the CLONE_PARENT flag, and then letting this new process exit.",Analysis
20090123,CVE-2008-5394,-1,-1,468742,login,https://www.suse.com/security/cve/CVE-2008-5394,"/bin/login in shadow 4.0.18.1 in Debian GNU/Linux, and probably other Linux distributions, allows local users in the utmp group to overwrite arbitrary files via a symlink attack on a temporary file referenced in a line (aka ut_line) field in a utmp entry.",Analysis
20090205,CVE-2009-0361,-1,-1,471420,pam_krb5,https://www.suse.com/security/cve/CVE-2009-0361,"Russ Allbery pam-krb5 before 3.13, as used by libpam-heimdal, su in Solaris 10, and other software, does not properly handle calls to pam_setcred when running setuid, which allows local users to overwrite and change the ownership of arbitrary files by setting the KRB5CCNAME environment variable, and then launching a setuid application that performs certain pam_setcred operations.",Analysis
20090212,CVE-2009-0539,-1,-1,471420,pam_krb5,https://www.suse.com/security/cve/CVE-2009-0539,"** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.",Analysis
20090213,CVE-2008-6123,-1,-1,475532,net-snmp,https://www.suse.com/security/cve/CVE-2008-6123,"The netsnmp_udp_fmtaddr function (snmplib/snmpUDPDomain.c) in net-snmp 5.0.9 through 5.4.2.1, when using TCP wrappers for client authorization, does not properly parse hosts.allow rules, which allows remote attackers to bypass intended access restrictions and execute SNMP queries, related to \"source/destination IP address confusion.\"",Affected
20090223,CVE-2009-0675,-1,-1,478003,kernel-source,https://www.suse.com/security/cve/CVE-2009-0675,"The skfp_ioctl function in drivers/net/skfp/skfddi.c in the Linux kernel before 2.6.28.6 permits SKFP_CLR_STATS requests only when the CAP_NET_ADMIN capability is absent, instead of when this capability is present, which allows local users to reset the driver statistics, related to an \"inverted logic\" issue.",Analysis
20090227,CVE-2009-0368,-1,-1,480262,opensc,https://www.suse.com/security/cve/CVE-2009-0368,"OpenSC before 0.11.7 allows physically proximate attackers to bypass intended PIN requirements and read private data objects via a (1) low level APDU command or (2) debugging tool, as demonstrated by reading the 4601 or 4701 file with the opensc-explorer or opensc-tool program.",Released
20090302,CVE-2009-0746,-1,-1,480860,kernel-source,https://www.suse.com/security/cve/CVE-2009-0746,"The make_indexed_dir function in fs/ext4/namei.c in the Linux kernel 2.6.27 before 2.6.27.19 and 2.6.28 before 2.6.28.7 does not validate a certain rec_len field, which allows local users to cause a denial of service (OOPS) by attempting to mount a crafted ext4 filesystem.",Analysis
20090302,CVE-2009-0747,-1,-1,480860,kernel-source,https://www.suse.com/security/cve/CVE-2009-0747,"The ext4_isize function in fs/ext4/ext4.h in the Linux kernel 2.6.27 before 2.6.27.19 and 2.6.28 before 2.6.28.7 uses the i_size_high structure member during operations on arbitrary types of files, which allows local users to cause a denial of service (CPU consumption and error-message flood) by attempting to mount a crafted ext4 filesystem.",Analysis
20090302,CVE-2009-0748,-1,-1,480860,kernel-source,https://www.suse.com/security/cve/CVE-2009-0748,"The ext4_fill_super function in fs/ext4/super.c in the Linux kernel 2.6.27 before 2.6.27.19 and 2.6.28 before 2.6.28.7 does not validate the superblock configuration, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) by attempting to mount a crafted ext4 filesystem.",Analysis
20090310,CVE-2009-0859,-1,-1,482720,kernel-source,https://www.suse.com/security/cve/CVE-2009-0859,"The shm_get_stat function in ipc/shm.c in the shm subsystem in the Linux kernel before 2.6.28.5, when CONFIG_SHMEM is disabled, misinterprets the data type of an inode, which allows local users to cause a denial of service (system hang) via an SHM_INFO shmctl call, as demonstrated by running the ipcs program.",Analysis
20090317,CVE-2009-0146,-1,-1,485892,cups,https://www.suse.com/security/cve/CVE-2009-0146,"Multiple buffer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allow remote attackers to cause a denial of service (crash) via a crafted PDF file, related to (1) JBIG2SymbolDict::setBitmap and (2) JBIG2Stream::readSymbolDictSeg.",Unsupported
20090317,CVE-2009-0147,-1,-1,485892,cups,https://www.suse.com/security/cve/CVE-2009-0147,"Multiple integer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allow remote attackers to cause a denial of service (crash) via a crafted PDF file, related to (1) JBIG2Stream::readSymbolDictSeg, (2) JBIG2Stream::readSymbolDictSeg, and (3) JBIG2Stream::readGenericBitmap.",Released
20090317,CVE-2009-0155,-1,-1,485894,krb5,https://www.suse.com/security/cve/CVE-2009-0155,"Integer underflow in CoreGraphics in Apple Mac OS X 10.5 before 10.5.7, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF file that triggers a heap-based buffer overflow.",Released
20090317,CVE-2009-0163,-1,-1,485895,cups,https://www.suse.com/security/cve/CVE-2009-0163,"Integer overflow in the TIFF image decoding routines in CUPS 1.3.9 and earlier allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via a crafted TIFF image, which is not properly handled by the (1) _cupsImageReadTIFF function in the imagetops filter and (2) imagetoraster filter, leading to a heap-based buffer overflow.",Released
20090317,CVE-2009-0165,-1,-1,485892,cups,https://www.suse.com/security/cve/CVE-2009-0165,"Integer overflow in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, as used in Poppler and other products, when running on Mac OS X, has unspecified impact, related to \"g*allocn.\"",Released
20090317,CVE-2009-0166,-1,-1,485892,cups,https://www.suse.com/security/cve/CVE-2009-0166,"The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allows remote attackers to cause a denial of service (crash) via a crafted PDF file that triggers a free of uninitialized memory.",Released
20090317,CVE-2009-0845,-1,-1,485894,krb5,https://www.suse.com/security/cve/CVE-2009-0845,"The spnego_gss_accept_sec_context function in lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) 1.5 through 1.6.3, when SPNEGO is used, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via invalid ContextFlags data in the reqFlags field in a negTokenInit token.",Released
20090319,CVE-2009-0844,-1,-1,486722,krb5,https://www.suse.com/security/cve/CVE-2009-0844,"The get_input_token function in the SPNEGO implementation in MIT Kerberos 5 (aka krb5) 1.5 through 1.6.3 allows remote attackers to cause a denial of service (daemon crash) and possibly obtain sensitive information via a crafted length value that triggers a buffer over-read.",Released
20090319,CVE-2009-0846,-1,-1,486723,krb5,https://www.suse.com/security/cve/CVE-2009-0846,"The asn1_decode_generaltime function in lib/krb5/asn.1/asn1_decode.c in the ASN.1 GeneralizedTime decoder in MIT Kerberos 5 (aka krb5) before 1.6.4 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via vectors involving an invalid DER encoding that triggers a free of an uninitialized pointer.",Released
20090326,CVE-2009-1142,,6.7,372070,open-vm-tools,https://www.suse.com/security/cve/CVE-2009-1142,"An issue was discovered in open-vm-tools 2009.03.18-154848. Local users can gain privileges via a symlink attack on /tmp files if vmware-user-suid-wrapper is setuid root and the ChmodChownDirectory function is enabled.",Already fixed
20090327,CVE-2009-0590,-1,-1,459468,openssl,https://www.suse.com/security/cve/CVE-2009-0590,"The ASN1_STRING_print_ex function in OpenSSL before 0.9.8k allows remote attackers to cause a denial of service (invalid memory access and application crash) via vectors that trigger printing of a (1) BMPString or (2) UniversalString with an invalid encoded length.",Released
20090327,CVE-2009-0591,-1,-1,489641,openssl,https://www.suse.com/security/cve/CVE-2009-0591,"The CMS_verify function in OpenSSL 0.9.8h through 0.9.8j, when CMS is enabled, does not properly handle errors associated with malformed signed attributes, which allows remote attackers to repudiate a signature that originally appeared to be valid but was actually invalid.",Released
20090327,CVE-2009-0789,-1,-1,459468,openssl,https://www.suse.com/security/cve/CVE-2009-0789,"OpenSSL before 0.9.8k on WIN64 and certain other platforms does not properly handle a malformed ASN.1 structure, which allows remote attackers to cause a denial of service (invalid memory access and application crash) by placing this structure in the public key of a certificate, as demonstrated by an RSA public key.",Released
20090402,CVE-2009-1210,-1,-1,491449,wireshark,https://www.suse.com/security/cve/CVE-2009-1210,"Format string vulnerability in the PROFINET/DCP (PN-DCP) dissector in Wireshark 1.0.6 and earlier allows remote attackers to execute arbitrary code via a PN-DCP packet with format string specifiers in the station name.  NOTE: some of these details are obtained from third party information.",Released
20090403,CVE-2009-0792,-1,-1,491897,ghostscript-library,https://www.suse.com/security/cve/CVE-2009-0792,"Multiple integer overflows in icc.c in the International Color Consortium (ICC) Format library (aka icclib), as used in Ghostscript 8.64 and earlier and Argyll Color Management System (CMS) 1.0.3 and earlier, allow context-dependent attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly execute arbitrary code by using a device file for a translation request that operates on a crafted image file and targets a certain \"native color space,\" related to an ICC profile in a (1) PostScript or (2) PDF file with embedded images. NOTE: this issue exists because of an incomplete fix for CVE-2009-0583.",Released
20090403,CVE-2009-1234,-1,-1,491876,scpm,https://www.suse.com/security/cve/CVE-2009-1234,"Opera 9.64 allows remote attackers to cause a denial of service (application crash) via an XML document containing a long series of start-tags with no corresponding end-tags.  NOTE: it was later reported that 9.52 is also affected.",Affected
20090409,CVE-2008-5519,-1,-1,493575,apache2-mod_jk,https://www.suse.com/security/cve/CVE-2008-5519,"The JK Connector (aka mod_jk) 1.2.0 through 1.2.26 in Apache Tomcat allows remote attackers to obtain sensitive information via an arbitrary request from an HTTP client, in opportunistic circumstances involving (1) a request from a different client that included a Content-Length header but no POST data or (2) a rapid series of requests, related to noncompliance with the AJP protocol's requirements for requests containing Content-Length headers.",Released
20090409,CVE-2009-1184,-1,-1,493587,kernel-source,https://www.suse.com/security/cve/CVE-2009-1184,"The selinux_ip_postroute_iptables_compat function in security/selinux/hooks.c in the SELinux subsystem in the Linux kernel before 2.6.27.22, and 2.6.28.x before 2.6.28.10, when compat_net is enabled, omits calls to avc_has_perm for the (1) node and (2) port, which allows local users to bypass intended restrictions on network traffic.  NOTE: this was incorrectly reported as an issue fixed in 2.6.27.21.",Analysis
20090409,CVE-2009-1266,-1,-1,493584,wireshark,https://www.suse.com/security/cve/CVE-2009-1266,"Unspecified vulnerability in Wireshark before 1.0.7 has unknown impact and attack vectors.",Released
20090409,CVE-2009-1267,-1,-1,493584,wireshark,https://www.suse.com/security/cve/CVE-2009-1267,"Unspecified vulnerability in the LDAP dissector in Wireshark 0.99.2 through 1.0.6, when running on Windows, allows remote attackers to cause a denial of service (crash) via unknown attack vectors.",Released
20090409,CVE-2009-1268,-1,-1,493584,wireshark,https://www.suse.com/security/cve/CVE-2009-1268,"The Check Point High-Availability Protocol (CPHAP) dissector in Wireshark 0.9.6 through 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted FWHA_MY_STATE packet.",Released
20090409,CVE-2009-1269,-1,-1,493584,wireshark,https://www.suse.com/security/cve/CVE-2009-1269,"Unspecified vulnerability in Wireshark 0.99.6 through 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted Tektronix .rf5 file.",Released
20090415,CVE-2009-0946,-1,-1,485889,firefox-freetype2,https://www.suse.com/security/cve/CVE-2009-0946,"Multiple integer overflows in FreeType 2.3.9 and earlier allow remote attackers to execute arbitrary code via vectors related to large values in certain inputs in (1) smooth/ftsmooth.c, (2) sfnt/ttcmap.c, and (3) cff/cffload.c.",Affected
20090415,CVE-2009-0946,-1,-1,485889,freetype2,https://www.suse.com/security/cve/CVE-2009-0946,"Multiple integer overflows in FreeType 2.3.9 and earlier allow remote attackers to execute arbitrary code via vectors related to large values in certain inputs in (1) smooth/ftsmooth.c, (2) sfnt/ttcmap.c, and (3) cff/cffload.c.",Released
20090417,CVE-2009-1189,-1,-1,495804,dbus-1,https://www.suse.com/security/cve/CVE-2009-1189,"The _dbus_validate_signature_with_reason function (dbus-marshal-validate.c) in D-Bus (aka DBus) before 1.2.14 uses incorrect logic to validate a basic type, which allows remote attackers to spoof a signature via a crafted key. NOTE: this is due to an incorrect fix for CVE-2008-3834.",Released
20090417,CVE-2009-1338,-1,-1,495430,kernel-source,https://www.suse.com/security/cve/CVE-2009-1338,"The kill_something_info function in kernel/signal.c in the Linux kernel before 2.6.28 does not consider PID namespaces when processing signals directed to PID -1, which allows local users to bypass the intended namespace isolation, and send arbitrary signals to all processes in all namespaces, via a kill command.",Analysis
20090423,CVE-2009-1193,-1,-1,495804,dbus-1,https://www.suse.com/security/cve/CVE-2009-1193,"** REJECT **  DO NOT USE THIS CANDIDATE NUMBER.  ConsultIDs: none.  Reason: This candidate was withdrawn by its CNA.  Further investigation showed that it was not a security issue.  Notes: none.",Released
20090429,CVE-2009-0799,-1,-1,487100,cups,https://www.suse.com/security/cve/CVE-2009-0799,"The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to cause a denial of service (crash) via a crafted PDF file that triggers an out-of-bounds read.",Released
20090429,CVE-2009-0800,-1,-1,487100,cups,https://www.suse.com/security/cve/CVE-2009-0800,"Multiple \"input validation flaws\" in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allow remote attackers to execute arbitrary code via a crafted PDF file.",Released
20090429,CVE-2009-1179,-1,-1,487100,cups,https://www.suse.com/security/cve/CVE-2009-1179,"Integer overflow in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to execute arbitrary code via a crafted PDF file.",Released
20090429,CVE-2009-1180,-1,-1,487100,cups,https://www.suse.com/security/cve/CVE-2009-1180,"The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to execute arbitrary code via a crafted PDF file that triggers a free of invalid data.",Released
20090429,CVE-2009-1181,-1,-1,487100,cups,https://www.suse.com/security/cve/CVE-2009-1181,"The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to cause a denial of service (crash) via a crafted PDF file that triggers a NULL pointer dereference.",Released
20090429,CVE-2009-1182,-1,-1,487100,cups,https://www.suse.com/security/cve/CVE-2009-1182,"Multiple buffer overflows in the JBIG2 MMR decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allow remote attackers to execute arbitrary code via a crafted PDF file.",Released
20090429,CVE-2009-1183,-1,-1,487100,cups,https://www.suse.com/security/cve/CVE-2009-1183,"The JBIG2 MMR decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to cause a denial of service (infinite loop and hang) via a crafted PDF file.",Released
20090508,CVE-2008-6800,-1,-1,502093,samba,https://www.suse.com/security/cve/CVE-2008-6800,"** REJECT **  DO NOT USE THIS CANDIDATE NUMBER.  ConsultIDs: None.  Reason: this candidate is not a security issue.  It was originally created based on one vendor's misinterpretation of an upstream changelog comment that referred to a race condition in the winbind daemon (aka winbindd) in Samba before 3.0.32.  The upstream vendor states: \"The Samba Team sees no way to exploit this race condition by a user of the system or an external attacker. In order to be able to trigger the race condition a privileged user (root) need to intentionally kill a winbind child process and carefully time the killing to trigger the race condition. Although, if the user is already privileged, it can more easily just kill the parent process directly.\"  CVE concurs with the dispute.  Notes: CVE users should not use this identifier.",Analysis
20090508,CVE-2009-1196,-1,-1,502051,cups,https://www.suse.com/security/cve/CVE-2009-1196,"The directory-services functionality in the scheduler in CUPS 1.1.17 and 1.1.22 allows remote attackers to cause a denial of service (cupsd daemon outage or crash) via manipulations of the timing of CUPS browse packets, related to a \"pointer use-after-delete flaw.\"",Unsupported
20090518,CVE-2009-1377,-1,-1,459468,openssl,https://www.suse.com/security/cve/CVE-2009-1377,"The dtls1_buffer_record function in ssl/d1_pkt.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allows remote attackers to cause a denial of service (memory consumption) via a large series of \"future epoch\" DTLS records that are buffered in a queue, aka \"DTLS record buffer limitation bug.\"",Released
20090518,CVE-2009-1378,-1,-1,459468,openssl,https://www.suse.com/security/cve/CVE-2009-1378,"Multiple memory leaks in the dtls1_process_out_of_seq_message function in ssl/d1_both.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allow remote attackers to cause a denial of service (memory consumption) via DTLS records that (1) are duplicates or (2) have sequence numbers much greater than current sequence numbers, aka \"DTLS fragment handling memory leak.\"",Released
20090519,CVE-2009-1379,-1,-1,459468,openssl,https://www.suse.com/security/cve/CVE-2009-1379,"Use-after-free vulnerability in the dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in OpenSSL 1.0.0 Beta 2 allows remote attackers to cause a denial of service (openssl s_client crash) and possibly have unspecified other impact via a DTLS packet, as demonstrated by a packet from a server that uses a crafted server certificate.",Released
20090602,CVE-2009-1386,-1,-1,459468,openssl,https://www.suse.com/security/cve/CVE-2009-1386,"ssl/s3_pkt.c in OpenSSL before 0.9.8i allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a DTLS ChangeCipherSpec packet that occurs before ClientHello.",Released
20090602,CVE-2009-1387,-1,-1,459468,openssl,https://www.suse.com/security/cve/CVE-2009-1387,"The dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in OpenSSL before 1.0.0 Beta 2 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence DTLS handshake message, related to a \"fragment bug.\"",Released
20090603,CVE-2009-1829,-1,-1,505914,wireshark,https://www.suse.com/security/cve/CVE-2009-1829,"Unspecified vulnerability in the PCNFSD dissector in Wireshark 0.8.20 through 1.0.7 allows remote attackers to cause a denial of service (crash) via crafted PCNFSD packets.",Released
20090604,CVE-2009-1882,-1,-1,507728,ImageMagick,https://www.suse.com/security/cve/CVE-2009-1882,"Integer overflow in the XMakeImage function in magick/xwindow.c in ImageMagick 6.5.2-8, and GraphicsMagick, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF file, which triggers a buffer overflow.  NOTE: some of these details are obtained from third party information.",Released
20090604,CVE-2009-1902,-1,-1,487751,apache2-mod_security2,https://www.suse.com/security/cve/CVE-2009-1902,"The multipart processor in ModSecurity before 2.5.9 allows remote attackers to cause a denial of service (crash) via a multipart form datapost request with a missing part header name, which triggers a NULL pointer dereference.",Released
20090604,CVE-2009-1903,-1,-1,487751,apache2-mod_security2,https://www.suse.com/security/cve/CVE-2009-1903,"The PDF XSS protection feature in ModSecurity before 2.5.8 allows remote attackers to cause a denial of service (Apache httpd crash) via a request for a PDF file that does not use the GET method.",Released
20090605,CVE-2009-0023,-1,-1,510301,libapr-util1,https://www.suse.com/security/cve/CVE-2009-0023,"The apr_strmatch_precompile function in strmatch/apr_strmatch.c in Apache APR-util before 1.3.5 allows remote attackers to cause a denial of service (daemon crash) via crafted input involving (1) a .htaccess file used with the Apache HTTP Server, (2) the SVNMasterURI directive in the mod_dav_svn module in the Apache HTTP Server, (3) the mod_apreq2 module for the Apache HTTP Server, or (4) an application that uses the libapreq2 library, which triggers a heap-based buffer underflow.",Released
20090608,CVE-2003-1564,,6.5,1159488,libapr-util1,https://www.suse.com/security/cve/CVE-2003-1564,"libxml2, possibly before 2.5.0, does not properly detect recursion during entity expansion, which allows context-dependent attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, aka the \"billion laughs attack.\"",Released
20090608,CVE-2009-1955,,7.5,509825,libapr-util1,https://www.suse.com/security/cve/CVE-2009-1955,"The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, as demonstrated by a PROPFIND request, a similar issue to CVE-2003-1564.",Released
20090608,CVE-2009-1956,-1,-1,510301,libapr-util1,https://www.suse.com/security/cve/CVE-2009-1956,"Off-by-one error in the apr_brigade_vprintf function in Apache APR-util before 1.3.5 on big-endian platforms allows remote attackers to obtain sensitive information or cause a denial of service (application crash) via crafted input.",Released
20090612,CVE-2009-0945,-1,-1,512559,kdelibs3,https://www.suse.com/security/cve/CVE-2009-0945,"Array index error in the insertItemBefore method in WebKit, as used in Apple Safari before 3.2.3 and 4 Public Beta, iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Google Chrome Stable before 1.0.154.65, and possibly other products allows remote attackers to execute arbitrary code via a document with a SVGPathList data structure containing a negative index in the (1) SVGTransformList, (2) SVGStringList, (3) SVGNumberList, (4) SVGPathSegList, (5) SVGPointList, or (6) SVGLengthList SVGList object, which triggers memory corruption.",Released
20090612,CVE-2009-1687,-1,-1,512559,kdelibs3,https://www.suse.com/security/cve/CVE-2009-1687,"The JavaScript garbage collector in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle allocation failures, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document that triggers write access to an \"offset of a NULL pointer.\"",Released
20090612,CVE-2009-1690,-1,-1,512559,kdelibs3,https://www.suse.com/security/cve/CVE-2009-1690,"Use-after-free vulnerability in WebKit, as used in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Google Chrome 1.0.154.53, and possibly other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) by setting an unspecified property of an HTML tag that causes child elements to be freed and later accessed when an HTML error occurs, related to \"recursion in certain DOM event handlers.\"",Released
20090612,CVE-2009-1698,-1,-1,512559,kdelibs3,https://www.suse.com/security/cve/CVE-2009-1698,"WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not initialize a pointer during handling of a Cascading Style Sheets (CSS) attr function call with a large numerical argument, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document.",Released
20090617,CVE-2009-1709,-1,-1,512559,kdelibs3,https://www.suse.com/security/cve/CVE-2009-1709,"Use-after-free vulnerability in the garbage-collection implementation in WebCore in WebKit in Apple Safari before 4.0 allows remote attackers to execute arbitrary code or cause a denial of service (heap corruption and application crash) via an SVG animation element, related to SVG set objects, SVG marker elements, the targetElement attribute, and unspecified \"caches.\"",Released
20090618,CVE-2009-0217,-1,-1,514421,xerces-j2,https://www.suse.com/security/cve/CVE-2009-0217,"The design of the W3C XML Signature Syntax and Processing (XMLDsig) recommendation, as implemented in products including (1) the Oracle Security Developer Tools component in Oracle Application Server 10.1.2.3, 10.1.3.4, and 10.1.4.3IM; (2) the WebLogic Server component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, and 8.1 SP6; (3) Mono before 2.4.2.2; (4) XML Security Library before 1.2.12; (5) IBM WebSphere Application Server Versions 6.0 through 6.0.2.33, 6.1 through 6.1.0.23, and 7.0 through 7.0.0.1; (6) Sun JDK and JRE Update 14 and earlier; (7) Microsoft .NET Framework 3.0 through 3.0 SP2, 3.5, and 4.0; and other products uses a parameter that defines an HMAC truncation length (HMACOutputLength) but does not require a minimum for this length, which allows attackers to spoof HMAC-based signatures and bypass authentication by specifying a truncation length with a small number of bits.",Released
20090619,CVE-2009-2042,-1,-1,514727,libpng12-0,https://www.suse.com/security/cve/CVE-2009-2042,"libpng before 1.2.37 does not properly parse 1-bit interlaced images with width values that are not divisible by 8, which causes libpng to include uninitialized bits in certain rows of a PNG file and might allow remote attackers to read portions of sensitive memory via \"out-of-bounds pixels\" in the file.",Released
20090701,CVE-2009-2288,-1,-1,517311,nagios,https://www.suse.com/security/cve/CVE-2009-2288,"statuswml.cgi in Nagios before 3.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) ping or (2) Traceroute parameters.",Released
20090702,CVE-2009-1388,,5.5,518716,kernel-source,https://www.suse.com/security/cve/CVE-2009-1388,"The ptrace_start function in kernel/ptrace.c in the Linux kernel 2.6.18 does not properly handle simultaneous execution of the do_coredump function, which allows local users to cause a denial of service (deadlock) via vectors involving the ptrace system call and a coredumping thread.",Analysis
20090702,CVE-2009-2285,-1,-1,518698,tiff,https://www.suse.com/security/cve/CVE-2009-2285,"Buffer underflow in the LZWDecodeCompat function in libtiff 3.8.2 allows context-dependent attackers to cause a denial of service (crash) via a crafted TIFF image, a different vulnerability than CVE-2008-2327.",Released
20090708,CVE-2009-2347,-1,-1,519796,tiff,https://www.suse.com/security/cve/CVE-2009-2347,"Multiple integer overflows in inter-color spaces conversion tools in libtiff 3.8 through 3.8.2, 3.9, and 4.0 allow context-dependent attackers to execute arbitrary code via a TIFF image with large (1) width and (2) height values, which triggers a heap-based buffer overflow in the (a) cvt_whole_image function in tiff2rgba and (b) tiffcvt function in rgb2ycbcr.",Released
20090722,CVE-2009-2559,-1,-1,523718,wireshark,https://www.suse.com/security/cve/CVE-2009-2559,"Buffer overflow in the IPMI dissector in Wireshark 1.2.0 allows remote attackers to cause a denial of service (crash) via unspecified vectors related to an array index error.  NOTE: some of these details are obtained from third party information.",Released
20090722,CVE-2009-2560,-1,-1,523718,wireshark,https://www.suse.com/security/cve/CVE-2009-2560,"Multiple unspecified vulnerabilities in Wireshark 1.2.0 allow remote attackers to cause a denial of service (application crash) via a file that records a malformed packet trace and is processed by the (1) Bluetooth L2CAP, (2) RADIUS, or (3) MIOP dissector. NOTE: it was later reported that the RADIUS issue also affects 0.10.13 through 1.0.9.",Released
20090722,CVE-2009-2561,-1,-1,523718,wireshark,https://www.suse.com/security/cve/CVE-2009-2561,"Unspecified vulnerability in the sFlow dissector in Wireshark 1.2.0 allows remote attackers to cause a denial of service (CPU and memory consumption) via unspecified vectors.",Released
20090722,CVE-2009-2562,-1,-1,523718,wireshark,https://www.suse.com/security/cve/CVE-2009-2562,"Unspecified vulnerability in the AFS dissector in Wireshark 0.9.2 through 1.2.0 allows remote attackers to cause a denial of service (crash) via unknown vectors.",Released
20090722,CVE-2009-2563,-1,-1,523718,wireshark,https://www.suse.com/security/cve/CVE-2009-2563,"Unspecified vulnerability in the Infiniband dissector in Wireshark 1.0.6 through 1.2.0, when running on unspecified platforms, allows remote attackers to cause a denial of service (crash) via unknown vectors.",Released
20090729,CVE-2009-2621,-1,-1,525774,squid,https://www.suse.com/security/cve/CVE-2009-2621,"Squid 3.0 through 3.0.STABLE16 and 3.1 through 3.1.0.11 does not properly enforce \"buffer limits and related bound checks,\" which allows remote attackers to cause a denial of service via (1) an incomplete request or (2) a request with a large header size, related to (a) HttpMsg.cc and (b) client_side.cc.",Released
20090729,CVE-2009-2622,-1,-1,525774,squid,https://www.suse.com/security/cve/CVE-2009-2622,"Squid 3.0 through 3.0.STABLE16 and 3.1 through 3.1.0.11 allows remote attackers to cause a denial of service via malformed requests including (1) \"missing or mismatched protocol identifier,\" (2) missing or negative status value,\" (3) \"missing version,\" or (4) \"missing or invalid status number,\" related to (a) HttpMsg.cc and (b) HttpReply.cc.",Released
20090803,CVE-2009-1720,-1,-1,527538,OpenEXR,https://www.suse.com/security/cve/CVE-2009-1720,"Multiple integer overflows in OpenEXR 1.2.2 and 1.6.1 allow context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors that trigger heap-based buffer overflows, related to (1) the Imf::PreviewImage::PreviewImage function and (2) compressor constructors.  NOTE: some of these details are obtained from third party information.",Released
20090803,CVE-2009-1721,-1,-1,527538,OpenEXR,https://www.suse.com/security/cve/CVE-2009-1721,"The decompression implementation in the Imf::hufUncompress function in OpenEXR 1.2.2 and 1.6.1 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger a free of an uninitialized pointer.",Released
20090806,CVE-2009-2412,-1,-1,528714,libapr-util1,https://www.suse.com/security/cve/CVE-2009-2412,"Multiple integer overflows in the Apache Portable Runtime (APR) library and the Apache Portable Utility library (aka APR-util) 0.9.x and 1.3.x allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger crafted calls to the (1) allocator_alloc or (2) apr_palloc function in memory/unix/apr_pools.c in APR; or crafted calls to the (3) apr_rmm_malloc, (4) apr_rmm_calloc, or (5) apr_rmm_realloc function in misc/apr_rmm.c in APR-util; leading to buffer overflows. NOTE: some of these details are obtained from third party information.",Released
20090806,CVE-2009-2666,-1,-1,528746,fetchmail,https://www.suse.com/security/cve/CVE-2009-2666,"socket.c in fetchmail before 6.3.11 does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.",Released
20090813,CVE-2009-2625,-1,-1,525562,xerces-j2,https://www.suse.com/security/cve/CVE-2009-2625,"XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop and application hang) via malformed XML input, as demonstrated by the Codenomicon XML fuzzing framework.",Released
20090817,CVE-2009-2730,-1,-1,392947,gnutls,https://www.suse.com/security/cve/CVE-2009-2730,"libgnutls in GnuTLS before 2.8.2 does not properly handle a '\0' character in a domain name in the subject's (1) Common Name (CN) or (2) Subject Alternative Name (SAN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority.",Affected
20090819,CVE-2009-2855,-1,-1,525774,squid,https://www.suse.com/security/cve/CVE-2009-2855,"The strListGetItem function in src/HttpHeaderTools.c in Squid 2.7 allows remote attackers to cause a denial of service via a crafted auth header with certain comma delimiters that trigger an infinite loop of calls to the strcspn function.",Released
20090820,CVE-2009-2768,,7.8,530649,kernel-source,https://www.suse.com/security/cve/CVE-2009-2768,"The load_flat_shared_library function in fs/binfmt_flat.c in the flat subsystem in the Linux kernel before 2.6.31-rc6 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by executing a shared flat binary, which triggers an access of an \"uninitialized cred pointer.\"",Analysis
20090820,CVE-2009-2846,-1,-1,529559,kernel-source,https://www.suse.com/security/cve/CVE-2009-2846,"The eisa_eeprom_read function in the parisc isa-eeprom component (drivers/parisc/eisa_eeprom.c) in the Linux kernel before 2.6.31-rc6 allows local users to access restricted memory via a negative ppos argument, which bypasses a check that assumes that ppos is positive and causes an out-of-bounds read in the readb function.",Analysis
20090901,CVE-2009-3024,-1,-1,535554,perl-IO-Socket-SSL,https://www.suse.com/security/cve/CVE-2009-3024,"The verify_hostname_of_cert function in the certificate checking feature in IO-Socket-SSL (IO::Socket::SSL) 1.14 through 1.25 only matches the prefix of a hostname when no wildcard is used, which allows remote attackers to bypass the hostname check for a certificate.",Released
20090908,CVE-2009-2628,-1,-1,537128,cyrus-imapd,https://www.suse.com/security/cve/CVE-2009-2628,"The VMnc media codec in vmnc.dll in VMware Movie Decoder before 6.5.3 build 185404, VMware Workstation 6.5.x before 6.5.3 build 185404, VMware Player 2.5.x before 2.5.3 build 185404, and VMware ACE 2.5.x before 2.5.3 build 185404 on Windows does not properly handle certain small heights in video content, which might allow remote attackers to execute arbitrary code via a crafted AVI file that triggers heap memory corruption.",Released
20090908,CVE-2009-2632,-1,-1,537128,cyrus-imapd,https://www.suse.com/security/cve/CVE-2009-2632,"Buffer overflow in the SIEVE script component (sieve/script.c), as used in cyrus-imapd in Cyrus IMAP Server 2.2.13 and 2.3.14, and Dovecot 1.0 before 1.0.4 and 1.1 before 1.1.7, allows local users to execute arbitrary code and read or modify arbitrary messages via a crafted SIEVE script, related to the incorrect use of the sizeof operator for determining buffer length, combined with an integer signedness error.",Released
20090911,CVE-2009-3094,-1,-1,538322,apache2,https://www.suse.com/security/cve/CVE-2009-3094,"The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV command.",Released
20090911,CVE-2009-3095,-1,-1,538322,apache2,https://www.suse.com/security/cve/CVE-2009-3095,"The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pack Professional 8.11.",Released
20090917,CVE-2009-3235,-1,-1,539876,cyrus-imapd,https://www.suse.com/security/cve/CVE-2009-3235,"Multiple stack-based buffer overflows in the Sieve plugin in Dovecot 1.0 before 1.0.4 and 1.1 before 1.1.7, as derived from Cyrus libsieve, allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted SIEVE script, as demonstrated by forwarding an e-mail message to a large number of recipients, a different vulnerability than CVE-2009-2632.",Released
20090922,CVE-2009-3288,-1,-1,537139,kernel-source,https://www.suse.com/security/cve/CVE-2009-3288,"The sg_build_indirect function in drivers/scsi/sg.c in Linux kernel 2.6.28-rc1 through 2.6.31-rc8 uses an incorrect variable when accessing an array, which allows local users to cause a denial of service (kernel OOPS and NULL pointer dereference), as demonstrated by using xcdroast to duplicate a CD.  NOTE: this is only exploitable by users who can open the cdrom device.",Analysis
20090924,CVE-2009-1725,-1,-1,541632,kdelibs3,https://www.suse.com/security/cve/CVE-2009-1725,"WebKit in Apple Safari before 4.0.2, as used on iPhone OS before 3.1, iPhone OS before 3.1.1 for iPod touch, and other platforms; KHTML in kdelibs in KDE; QtWebKit (aka Qt toolkit); and possibly other products do not properly handle numeric character references, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document.",Released
20090924,CVE-2009-3234,-1,-1,541652,kernel-source,https://www.suse.com/security/cve/CVE-2009-3234,"Buffer overflow in the perf_copy_attr function in kernel/perf_counter.c in the Linux kernel 2.6.31-rc1 allows local users to cause a denial of service (crash) and execute arbitrary code via a \"big size data\" to the perf_counter_open system call.",Analysis
20091002,CVE-2009-3490,6.8,,528298,wget,https://www.suse.com/security/cve/CVE-2009-3490,"GNU Wget before 1.12 does not properly handle a '\0' character in a domain name in the Common Name field of an X.509 certificate, which allows man-in-the-middle remote attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.",Released
20091008,CVE-2009-2909,-1,-1,545236,kernel-source,https://www.suse.com/security/cve/CVE-2009-2909,"Integer signedness error in the ax25_setsockopt function in net/ax25/af_ax25.c in the ax25 subsystem in the Linux kernel before 2.6.31.2 allows local users to cause a denial of service (OOPS) via a crafted optlen value in an SO_BINDTODEVICE operation.",Analysis
20091020,CVE-2009-2820,-1,-1,548317,cups,https://www.suse.com/security/cve/CVE-2009-2820,"The web interface in CUPS before 1.4.2, as used on Apple Mac OS X before 10.6.2 and other platforms, does not properly handle (1) HTTP headers and (2) HTML templates, which allows remote attackers to conduct cross-site scripting (XSS) attacks and HTTP response splitting attacks via vectors related to (a) the product's web interface, (b) the configuration of the print system, and (c) the titles of printed jobs, as demonstrated by an XSS attack that uses the kerberos parameter to the admin program, and leverages attribute injection and HTTP Parameter Pollution (HPP) issues.",Released
20091026,CVE-2009-3627,-1,-1,550076,perl-HTML-Parser,https://www.suse.com/security/cve/CVE-2009-3627,"The decode_entities function in util.c in HTML-Parser before 3.63 allows context-dependent attackers to cause a denial of service (infinite loop) via an incomplete SGML numeric character reference, which triggers generation of an invalid UTF-8 character.",Released
20091027,CVE-2009-3549,-1,-1,550320,wireshark,https://www.suse.com/security/cve/CVE-2009-3549,"packet-paltalk.c in the Paltalk dissector in Wireshark 1.2.0 through 1.2.2, on SPARC and certain other platforms, allows remote attackers to cause a denial of service (application crash) via a file that records a malformed packet trace.",Released
20091027,CVE-2009-3550,-1,-1,550320,wireshark,https://www.suse.com/security/cve/CVE-2009-3550,"The DCERPC/NT dissector in Wireshark 0.10.10 through 1.0.9 and 1.2.0 through 1.2.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a file that records a malformed packet trace. NOTE: some of these details are obtained from third party information.",Released
20091027,CVE-2009-3551,-1,-1,550320,wireshark,https://www.suse.com/security/cve/CVE-2009-3551,"Off-by-one error in the dissect_negprot_response function in packet-smb.c in the SMB dissector in Wireshark 1.2.0 through 1.2.2 allows remote attackers to cause a denial of service (application crash) via a file that records a malformed packet trace. NOTE: some of these details are obtained from third party information.",Released
20091028,CVE-2009-3720,-1,-1,534721,expat,https://www.suse.com/security/cve/CVE-2009-3720,"The updatePosition function in lib/xmltok_impl.c in libexpat in Expat 2.0.1, as used in Python, PyXML, w3c-libwww, and other software, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with crafted UTF-8 sequences that trigger a buffer over-read, a different vulnerability than CVE-2009-2625.",Released
20091106,CVE-2009-3829,-1,-1,553215,wireshark,https://www.suse.com/security/cve/CVE-2009-3829,"Integer overflow in wiretap/erf.c in Wireshark before 1.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted erf file, related to an \"unsigned integer wrap vulnerability.\"",Released
20091108,CVE-2009-3555,-1,-1,1077582,apache2,https://www.suse.com/security/cve/CVE-2009-3555,"The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a \"plaintext injection\" attack, aka the \"Project Mogul\" issue.",Released
20091108,CVE-2009-3555,-1,-1,1077582,gnutls,https://www.suse.com/security/cve/CVE-2009-3555,"The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a \"plaintext injection\" attack, aka the \"Project Mogul\" issue.",Released
20091112,CVE-2009-3553,,7.5,554861,cups,https://www.suse.com/security/cve/CVE-2009-3553,"Use-after-free vulnerability in the abstract file-descriptor handling interface in the cupsdDoSelect function in scheduler/select.c in the scheduler in cupsd in CUPS 1.3.7 and 1.3.10 allows remote attackers to cause a denial of service (daemon crash or hang) via a client disconnection during listing of a large number of print jobs, related to improperly maintaining a reference count. NOTE: some of these details are obtained from third party information.",Released
20091116,CVE-2009-3888,-1,-1,553747,kernel-source,https://www.suse.com/security/cve/CVE-2009-3888,"The do_mmap_pgoff function in mm/nommu.c in the Linux kernel before 2.6.31.6, when the CPU lacks a memory management unit, allows local users to cause a denial of service (OOPS) via an application that attempts to allocate a large amount of memory.",Analysis
20091116,CVE-2009-3889,-1,-1,555173,kernel-source,https://www.suse.com/security/cve/CVE-2009-3889,"The dbg_lvl file for the megaraid_sas driver in the Linux kernel before 2.6.27 has world-writable permissions, which allows local users to change the (1) behavior and (2) logging level of the driver by modifying this file.",Already fixed
20091117,CVE-2009-3736,-1,-1,556122,libtool,https://www.suse.com/security/cve/CVE-2009-3736,"ltdl.c in libltdl in GNU Libtool 1.5.x, and 2.2.6 before 2.2.6b, as used in Ham Radio Control Libraries, Q, and possibly other products, attempts to open a .la file in the current working directory, which allows local users to gain privileges via a Trojan horse file.",Released
20091123,CVE-2009-3559,-1,-1,557157,curl,https://www.suse.com/security/cve/CVE-2009-3559,"** DISPUTED ** main/streams/plain_wrapper.c in PHP 5.3.x before 5.3.1 does not recognize the safe_mode_include_dir directive, which allows context-dependent attackers to have an unknown impact by triggering the failure of PHP scripts that perform include or require operations, as demonstrated by a script that attempts to perform a require_once on a file in a standard library directory. NOTE: a reliable third party reports that this is not a vulnerability, because it results in a more restrictive security policy.",Released
20091123,CVE-2009-3559,-1,-1,557157,freetype2,https://www.suse.com/security/cve/CVE-2009-3559,"** DISPUTED ** main/streams/plain_wrapper.c in PHP 5.3.x before 5.3.1 does not recognize the safe_mode_include_dir directive, which allows context-dependent attackers to have an unknown impact by triggering the failure of PHP scripts that perform include or require operations, as demonstrated by a script that attempts to perform a require_once on a file in a standard library directory. NOTE: a reliable third party reports that this is not a vulnerability, because it results in a more restrictive security policy.",Released
20091123,CVE-2009-3559,-1,-1,557157,ft2demos,https://www.suse.com/security/cve/CVE-2009-3559,"** DISPUTED ** main/streams/plain_wrapper.c in PHP 5.3.x before 5.3.1 does not recognize the safe_mode_include_dir directive, which allows context-dependent attackers to have an unknown impact by triggering the failure of PHP scripts that perform include or require operations, as demonstrated by a script that attempts to perform a require_once on a file in a standard library directory. NOTE: a reliable third party reports that this is not a vulnerability, because it results in a more restrictive security policy.",Released
20091123,CVE-2009-3559,-1,-1,557157,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2009-3559,"** DISPUTED ** main/streams/plain_wrapper.c in PHP 5.3.x before 5.3.1 does not recognize the safe_mode_include_dir directive, which allows context-dependent attackers to have an unknown impact by triggering the failure of PHP scripts that perform include or require operations, as demonstrated by a script that attempts to perform a require_once on a file in a standard library directory. NOTE: a reliable third party reports that this is not a vulnerability, because it results in a more restrictive security policy.",Released
20091123,CVE-2009-3559,-1,-1,557157,mozilla-nspr,https://www.suse.com/security/cve/CVE-2009-3559,"** DISPUTED ** main/streams/plain_wrapper.c in PHP 5.3.x before 5.3.1 does not recognize the safe_mode_include_dir directive, which allows context-dependent attackers to have an unknown impact by triggering the failure of PHP scripts that perform include or require operations, as demonstrated by a script that attempts to perform a require_once on a file in a standard library directory. NOTE: a reliable third party reports that this is not a vulnerability, because it results in a more restrictive security policy.",Released
20091123,CVE-2009-3559,-1,-1,557157,mozilla-nss,https://www.suse.com/security/cve/CVE-2009-3559,"** DISPUTED ** main/streams/plain_wrapper.c in PHP 5.3.x before 5.3.1 does not recognize the safe_mode_include_dir directive, which allows context-dependent attackers to have an unknown impact by triggering the failure of PHP scripts that perform include or require operations, as demonstrated by a script that attempts to perform a require_once on a file in a standard library directory. NOTE: a reliable third party reports that this is not a vulnerability, because it results in a more restrictive security policy.",Released
20091123,CVE-2009-3559,-1,-1,557157,openssl,https://www.suse.com/security/cve/CVE-2009-3559,"** DISPUTED ** main/streams/plain_wrapper.c in PHP 5.3.x before 5.3.1 does not recognize the safe_mode_include_dir directive, which allows context-dependent attackers to have an unknown impact by triggering the failure of PHP scripts that perform include or require operations, as demonstrated by a script that attempts to perform a require_once on a file in a standard library directory. NOTE: a reliable third party reports that this is not a vulnerability, because it results in a more restrictive security policy.",Released
20091123,CVE-2009-3559,-1,-1,557157,perl,https://www.suse.com/security/cve/CVE-2009-3559,"** DISPUTED ** main/streams/plain_wrapper.c in PHP 5.3.x before 5.3.1 does not recognize the safe_mode_include_dir directive, which allows context-dependent attackers to have an unknown impact by triggering the failure of PHP scripts that perform include or require operations, as demonstrated by a script that attempts to perform a require_once on a file in a standard library directory. NOTE: a reliable third party reports that this is not a vulnerability, because it results in a more restrictive security policy.",Released
20091123,CVE-2009-3559,-1,-1,557157,php53,https://www.suse.com/security/cve/CVE-2009-3559,"** DISPUTED ** main/streams/plain_wrapper.c in PHP 5.3.x before 5.3.1 does not recognize the safe_mode_include_dir directive, which allows context-dependent attackers to have an unknown impact by triggering the failure of PHP scripts that perform include or require operations, as demonstrated by a script that attempts to perform a require_once on a file in a standard library directory. NOTE: a reliable third party reports that this is not a vulnerability, because it results in a more restrictive security policy.",Released
20091123,CVE-2009-3559,-1,-1,557157,zlib,https://www.suse.com/security/cve/CVE-2009-3559,"** DISPUTED ** main/streams/plain_wrapper.c in PHP 5.3.x before 5.3.1 does not recognize the safe_mode_include_dir directive, which allows context-dependent attackers to have an unknown impact by triggering the failure of PHP scripts that perform include or require operations, as demonstrated by a script that attempts to perform a require_once on a file in a standard library directory. NOTE: a reliable third party reports that this is not a vulnerability, because it results in a more restrictive security policy.",Released
20091127,CVE-2009-3560,-1,-1,550666,expat,https://www.suse.com/security/cve/CVE-2009-3560,"The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, as used in the XML-Twig module for Perl, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with malformed UTF-8 sequences that trigger a buffer over-read, related to the doProlog function in lib/xmlparse.c, a different vulnerability than CVE-2009-2625 and CVE-2009-3720.",Released
20091202,CVE-2009-4029,-1,-1,559815,automake,https://www.suse.com/security/cve/CVE-2009-4029,"The (1) dist or (2) distcheck rules in GNU Automake 1.11.1, 1.10.3, and release branches branch-1-4 through branch-1-9, when producing a distribution tarball for a package that uses Automake, assign insecure permissions (777) to directories in the build tree, which introduces a race condition that allows local users to modify the contents of package files, introduce Trojan horse programs, or conduct other attacks before the build is complete.",Released
20091207,CVE-2009-3295,-1,-1,561347,krb5,https://www.suse.com/security/cve/CVE-2009-3295,"The prep_reprocess_req function in kdc/do_tgs_req.c in the cross-realm referral implementation in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7 before 1.7.1 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a ticket request.",Released
20091207,CVE-2009-4212,-1,-1,561351,krb5,https://www.suse.com/security/cve/CVE-2009-4212,"Multiple integer underflows in the (1) AES and (2) RC4 decryption functionality in the crypto library in MIT Kerberos 5 (aka krb5) 1.3 through 1.6.3, and 1.7 before 1.7.1, allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code by providing ciphertext with a length that is too short to be valid.",Released
20091214,CVE-2009-4135,-1,-1,564373,coreutils,https://www.suse.com/security/cve/CVE-2009-4135,"The distcheck rule in dist-check.mk in GNU coreutils 5.2.1 through 8.1 allows local users to gain privileges via a symlink attack on a file in a directory tree under /tmp.",Analysis
20091215,CVE-2009-4034,-1,-1,564710,postgresql94,https://www.suse.com/security/cve/CVE-2009-4034,"PostgreSQL 7.4.x before 7.4.27, 8.0.x before 8.0.23, 8.1.x before 8.1.19, 8.2.x before 8.2.15, 8.3.x before 8.3.9, and 8.4.x before 8.4.2 does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which (1) allows man-in-the-middle attackers to spoof arbitrary SSL-based PostgreSQL servers via a crafted server certificate issued by a legitimate Certification Authority, and (2) allows remote attackers to bypass intended client-hostname restrictions via a crafted client certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.",Affected
20091219,CVE-2009-4355,-1,-1,459468,openssl,https://www.suse.com/security/cve/CVE-2009-4355,"Memory leak in the zlib_stateful_finish function in crypto/comp/c_zlib.c in OpenSSL 0.9.8l and earlier and 1.0.0 Beta through Beta 4 allows remote attackers to cause a denial of service (memory consumption) via vectors that trigger incorrect calls to the CRYPTO_cleanup_all_ex_data function, as demonstrated by use of SSLv3 and PHP with the Apache HTTP Server, a related issue to CVE-2008-1678.",Unsupported
20091222,CVE-2009-4143,-1,-1,565924,php53,https://www.suse.com/security/cve/CVE-2009-4143,"PHP before 5.2.12 does not properly handle session data, which has unspecified impact and attack vectors related to (1) interrupt corruption of the SESSION superglobal array and (2) the session.save_path directive.",Already fixed
20091222,CVE-2009-4270,-1,-1,559122,ghostscript-library,https://www.suse.com/security/cve/CVE-2009-4270,"Stack-based buffer overflow in the errprintf function in base/gsmisc.c in ghostscript 8.64 through 8.70 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PDF file, as originally reported for debug logging code in gdevcups.c in the CUPS output driver.",Released
20091222,CVE-2009-4376,-1,-1,565902,wireshark,https://www.suse.com/security/cve/CVE-2009-4376,"Buffer overflow in the daintree_sna_read function in the Daintree SNA file parser in Wireshark 1.2.0 through 1.2.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted packet.",Released
20091222,CVE-2009-4377,-1,-1,565902,wireshark,https://www.suse.com/security/cve/CVE-2009-4377,"The (1) SMB and (2) SMB2 dissectors in Wireshark 0.9.0 through 1.2.4 allow remote attackers to cause a denial of service (crash) via a crafted packet that triggers a NULL pointer dereference, as demonstrated by fuzz-2009-12-07-11141.pcap.",Released
20100104,CVE-2009-4418,-1,-1,565924,php53,https://www.suse.com/security/cve/CVE-2009-4418,"The unserialize function in PHP 5.3.0 and earlier allows context-dependent attackers to cause a denial of service (resource consumption) via a deeply nested serialized variable, as demonstrated by a string beginning with a:1: followed by many {a:1: sequences.",Analysis
20100113,CVE-2009-2624,-1,-1,570331,gzip,https://www.suse.com/security/cve/CVE-2009-2624,"The huft_build function in inflate.c in gzip before 1.3.13 creates a hufts (aka huffman) table that is too small, which allows remote attackers to cause a denial of service (application crash or infinite loop) or possibly execute arbitrary code via a crafted archive.  NOTE: this issue is caused by a CVE-2006-4334 regression.",Released
20100113,CVE-2010-0001,-1,-1,570331,gzip,https://www.suse.com/security/cve/CVE-2010-0001,"Integer underflow in the unlzw function in unlzw.c in gzip before 1.4 on 64-bit platforms, as used in ncompress and probably others, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted archive that uses LZW compression, leading to an array index error.",Released
20100114,CVE-2009-4492,-1,-1,570616,ruby,https://www.suse.com/security/cve/CVE-2009-4492,"WEBrick 1.3.1 in Ruby 1.8.6 through patchlevel 383, 1.8.7 through patchlevel 248, 1.8.8dev, 1.9.1 through patchlevel 376, and 1.9.2dev writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator.",Released
20100120,CVE-2009-4272,,7.5,572190,kernel-source,https://www.suse.com/security/cve/CVE-2009-4272,"A certain Red Hat patch for net/ipv4/route.c in the Linux kernel 2.6.18 on Red Hat Enterprise Linux (RHEL) 5 allows remote attackers to cause a denial of service (deadlock) via crafted packets that force collisions in the IPv4 routing hash table, and trigger a routing \"emergency\" in which a hash chain is too long. NOTE: this is related to an issue in the Linux kernel before 2.6.31, when the kernel routing cache is disabled, involving an uninitialized pointer and a panic.",Analysis
20100127,CVE-2010-0393,-1,-1,574336,cups,https://www.suse.com/security/cve/CVE-2010-0393,"The _cupsGetlang function, as used by lppasswd.c in lppasswd in CUPS 1.2.2, 1.3.7, 1.3.9, and 1.4.1, relies on an environment variable to determine the file that provides localized message strings, which allows local users to gain privileges via a file that contains crafted localization data with format string specifiers.",Released
20100129,CVE-2009-2693,-1,-1,575083,tomcat6,https://www.suse.com/security/cve/CVE-2009-2693,"Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in an entry in a WAR file, as demonstrated by a ../../bin/catalina.bat entry.",Released
20100129,CVE-2009-2901,-1,-1,575083,tomcat6,https://www.suse.com/security/cve/CVE-2009-2901,"The autodeployment process in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20, when autoDeploy is enabled, deploys appBase files that remain from a failed undeploy, which might allow remote attackers to bypass intended authentication requirements via HTTP requests.",Released
20100129,CVE-2009-2902,-1,-1,575083,tomcat6,https://www.suse.com/security/cve/CVE-2009-2902,"Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to delete work-directory files via directory traversal sequences in a WAR filename, as demonstrated by the ...war filename.",Released
20100201,CVE-2010-0304,-1,-1,565902,wireshark,https://www.suse.com/security/cve/CVE-2010-0304,"Multiple buffer overflows in the LWRES dissector in Wireshark 0.9.15 through 1.0.10 and 1.2.0 through 1.2.5 allow remote attackers to cause a denial of service (crash) via a malformed packet, as demonstrated using a stack-based buffer overflow to the dissect_getaddrsbyname_request function.",Released
20100205,CVE-2010-0308,-1,-1,576087,squid,https://www.suse.com/security/cve/CVE-2010-0308,"lib/rfc1035.c in Squid 2.x, 3.0 through 3.0.STABLE22, and 3.1 through 3.1.0.15 allows remote attackers to cause a denial of service (assertion failure) via a crafted DNS packet that only contains a header.",Released
20100212,CVE-2010-0622,-1,-1,579439,kernel-source,https://www.suse.com/security/cve/CVE-2010-0622,"The wake_futex_pi function in kernel/futex.c in the Linux kernel before 2.6.33-rc7 does not properly handle certain unlock operations for a Priority Inheritance (PI) futex, which allows local users to cause a denial of service (OOPS) and possibly have unspecified other impact via vectors involving modification of the futex value from user space.",Ignore
20100212,CVE-2010-0624,-1,-1,579475,tar,https://www.suse.com/security/cve/CVE-2010-0624,"Heap-based buffer overflow in the rmt_read__ function in lib/rtapelib.c in the rmt client functionality in GNU tar before 1.23 and GNU cpio before 2.11 allows remote rmt servers to cause a denial of service (memory corruption) or possibly execute arbitrary code by sending more data than was requested, related to archive filenames that contain a : (colon) character.",Released
20100215,CVE-2009-4274,-1,-1,579903,netpbm,https://www.suse.com/security/cve/CVE-2009-4274,"Stack-based buffer overflow in converter/ppm/xpmtoppm.c in netpbm before 10.47.07 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an XPM image file that contains a crafted header field associated with a large color index value.",Released
20100305,CVE-2010-0436,-1,-1,584223,kdebase3,https://www.suse.com/security/cve/CVE-2010-0436,"Race condition in backend/ctrl.c in KDM in KDE Software Compilation (SC) 2.2.0 through 4.4.2 allows local users to change the permissions of arbitrary files, and consequently gain privileges, by blocking the removal of a certain directory that contains a control socket, related to improper interaction with ksm.",Released
20100309,CVE-2010-0408,-1,-1,586572,apache2,https://www.suse.com/security/cve/CVE-2010-0408,"The ap_proxy_ajp_request function in mod_proxy_ajp.c in mod_proxy_ajp in the Apache HTTP Server 2.2.x before 2.2.15 does not properly handle certain situations in which a client sends no request body, which allows remote attackers to cause a denial of service (backend server outage) via a crafted request, related to use of a 500 error code instead of the appropriate 400 error code.",Released
20100309,CVE-2010-0425,-1,-1,1078450,apache2,https://www.suse.com/security/cve/CVE-2010-0425,"modules/arch/win32/mod_isapi.c in mod_isapi in the Apache HTTP Server 2.0.37 through 2.0.63, 2.2.0 through 2.2.14, and 2.3.x before 2.3.7, when running on Windows, does not ensure that request processing is complete before calling isapi_unload for an ISAPI .dll module, which allows remote attackers to execute arbitrary code via unspecified vectors related to a crafted request, a reset packet, and \"orphaned callback pointers.\"",Released
20100309,CVE-2010-0434,-1,-1,586572,apache2,https://www.suse.com/security/cve/CVE-2010-0434,"The ap_read_request function in server/protocol.c in the Apache HTTP Server 2.2.x before 2.2.15, when a multithreaded MPM is used, does not properly handle headers in subrequests in certain circumstances involving a parent request that has a body, which might allow remote attackers to obtain sensitive information via a crafted request that triggers access to memory locations associated with an earlier request.",Already fixed
20100311,CVE-2009-3245,-1,-1,587379,openssl,https://www.suse.com/security/cve/CVE-2009-3245,"OpenSSL before 0.9.8m does not check for a NULL return value from bn_wexpand function calls in (1) crypto/bn/bn_div.c, (2) crypto/bn/bn_gf2m.c, (3) crypto/ec/ec2_smpl.c, and (4) engines/e_ubsec.c, which has unspecified impact and context-dependent attack vectors.",Affected
20100311,CVE-2010-0639,-1,-1,587375,squid3,https://www.suse.com/security/cve/CVE-2010-0639,"The htcpHandleTstRequest function in htcp.c in Squid 2.x before 2.6.STABLE24 and 2.7 before 2.7.STABLE8, and htcp.cc in 3.0 before 3.0.STABLE24, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via crafted packets to the HTCP port.",Released
20100318,CVE-2007-6733,-1,-1,589280,kernel-source,https://www.suse.com/security/cve/CVE-2007-6733,"The nfs_lock function in fs/nfs/file.c in the Linux kernel 2.6.9 does not properly remove POSIX locks on files that are setgid without group-execute permission, which allows local users to cause a denial of service (BUG and system crash) by locking a file on an NFS filesystem and then changing this file's permissions, a related issue to CVE-2010-0727.",Analysis
20100318,CVE-2010-0727,-1,-1,589280,kernel-source,https://www.suse.com/security/cve/CVE-2010-0727,"The gfs2_lock function in the Linux kernel before 2.6.34-rc1-next-20100312, and the gfs_lock function in the Linux kernel on Red Hat Enterprise Linux (RHEL) 5 and 6, does not properly remove POSIX locks on files that are setgid without group-execute permission, which allows local users to cause a denial of service (BUG and system crash) by locking a file on a (1) GFS or (2) GFS2 filesystem, and then changing this file's permissions.",Ignore
20100323,CVE-2004-0230,3.7,,1184394,kernel-source,https://www.suse.com/security/cve/CVE-2004-0230,"TCP, when using a large Window Size, makes it easier for remote attackers to guess sequence numbers and cause a denial of service (connection loss) to persistent TCP connections by repeatedly injecting a TCP RST packet, especially in protocols that use long-lived connections, such as BGP.",Released
20100324,CVE-2010-0740,-1,-1,590833,openssl,https://www.suse.com/security/cve/CVE-2010-0740,"The ssl3_get_record function in ssl/s3_pkt.c in OpenSSL 0.9.8f through 0.9.8m allows remote attackers to cause a denial of service (crash) via a malformed record in a TLS connection that triggers a NULL pointer dereference, related to the minor version number. NOTE: some of these details are obtained from third party information.",Released
20100325,CVE-2010-0629,,6.5,591049,krb5,https://www.suse.com/security/cve/CVE-2010-0629,"Use-after-free vulnerability in kadmin/server/server_stubs.c in kadmind in MIT Kerberos 5 (aka krb5) 1.5 through 1.6.3 allows remote authenticated users to cause a denial of service (daemon crash) via a request from a kadmin client that sends an invalid API version number.",Released
20100401,CVE-2010-1192,-1,-1,585393,libesmtp,https://www.suse.com/security/cve/CVE-2010-1192,"libESMTP, probably 1.0.4 and earlier, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.",Released
20100401,CVE-2010-1194,-1,-1,585393,libesmtp,https://www.suse.com/security/cve/CVE-2010-1194,"The match_component function in smtp-tls.c in libESMTP 1.0.3.r1, and possibly other versions including 1.0.4, treats two strings as equal if one is a substring of the other, which allows remote attackers to spoof trusted certificates via a crafted subjectAltName.",Released
20100415,CVE-2010-1321,-1,-1,596826,krb5,https://www.suse.com/security/cve/CVE-2010-1321,"The kg_accept_krb5 function in krb5/accept_sec_context.c in the GSS-API library in MIT Kerberos 5 (aka krb5) through 1.7.1 and 1.8 before 1.8.2, as used in kadmind and other applications, does not properly check for invalid GSS-API tokens, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via an AP-REQ message in which the authenticator's checksum field is missing.",Released
20100426,CVE-2010-1157,-1,-1,599554,tomcat6,https://www.suse.com/security/cve/CVE-2010-1157,"Apache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might allow remote attackers to discover the server's hostname or IP address by sending a request for a resource that requires (1) BASIC or (2) DIGEST authentication, and then reading the realm field in the WWW-Authenticate header in the reply.",Released
20100503,CVE-2010-0540,-1,-1,601830,cups,https://www.suse.com/security/cve/CVE-2010-0540,"Cross-site request forgery (CSRF) vulnerability in the web interface in CUPS before 1.4.4, as used on Apple Mac OS X 10.5.8, Mac OS X 10.6 before 10.6.4, and other platforms, allows remote attackers to hijack the authentication of administrators for requests that change settings.",Released
20100506,CVE-2009-4134,-1,-1,603255,python-base,https://www.suse.com/security/cve/CVE-2009-4134,"Buffer underflow in the rgbimg module in Python 2.5 allows remote attackers to cause a denial of service (application crash) via a large ZSIZE value in a black-and-white (aka B/W) RGB image that triggers an invalid pointer dereference.",Unsupported
20100506,CVE-2009-4134,-1,-1,603255,python,https://www.suse.com/security/cve/CVE-2009-4134,"Buffer underflow in the rgbimg module in Python 2.5 allows remote attackers to cause a denial of service (application crash) via a large ZSIZE value in a black-and-white (aka B/W) RGB image that triggers an invalid pointer dereference.",Released
20100506,CVE-2010-1449,-1,-1,603255,python-base,https://www.suse.com/security/cve/CVE-2010-1449,"Integer overflow in rgbimgmodule.c in the rgbimg module in Python 2.5 allows remote attackers to have an unspecified impact via a large image that triggers a buffer overflow. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-3143.12.",Unsupported
20100506,CVE-2010-1449,-1,-1,603255,python,https://www.suse.com/security/cve/CVE-2010-1449,"Integer overflow in rgbimgmodule.c in the rgbimg module in Python 2.5 allows remote attackers to have an unspecified impact via a large image that triggers a buffer overflow. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-3143.12.",Released
20100506,CVE-2010-1450,-1,-1,603255,python-base,https://www.suse.com/security/cve/CVE-2010-1450,"Multiple buffer overflows in the RLE decoder in the rgbimg module in Python 2.5 allow remote attackers to have an unspecified impact via an image file containing crafted data that triggers improper processing within the (1) longimagedata or (2) expandrow function.",Unsupported
20100506,CVE-2010-1450,-1,-1,603255,python,https://www.suse.com/security/cve/CVE-2010-1450,"Multiple buffer overflows in the RLE decoder in the rgbimg module in Python 2.5 allow remote attackers to have an unspecified impact via an image file containing crafted data that triggers improper processing within the (1) longimagedata or (2) expandrow function.",Released
20100510,CVE-2010-1455,-1,-1,603251,wireshark,https://www.suse.com/security/cve/CVE-2010-1455,"The DOCSIS dissector in Wireshark 0.9.6 through 1.0.12 and 1.2.0 through 1.2.7 allows user-assisted remote attackers to cause a denial of service (application crash) via a malformed packet trace file.",Affected
20100510,CVE-2010-1456,-1,-1,603251,wireshark,https://www.suse.com/security/cve/CVE-2010-1456,"** REJECT **  DO NOT USE THIS CANDIDATE NUMBER.  ConsultIDs: CVE-2010-1455.  Reason: This candidate is a duplicate of CVE-2010-1455.  Notes: All CVE users should reference CVE-2010-1455 instead of this candidate.  All references and descriptions in this candidate have been removed to prevent accidental usage.",Affected
20100510,CVE-2010-1748,-1,-1,601352,cups,https://www.suse.com/security/cve/CVE-2010-1748,"The cgi_initialize_string function in cgi-bin/var.c in the web interface in CUPS before 1.4.4, as used on Apple Mac OS X 10.5.8, Mac OS X 10.6 before 10.6.4, and other platforms, does not properly handle parameter values containing a % (percent) character without two subsequent hex characters, which allows context-dependent attackers to obtain sensitive information from cupsd process memory via a crafted request, as demonstrated by the (1) /admin?OP=redirect&URL=% and (2) /admin?URL=/admin/&OP=% URIs.",Released
20100510,CVE-2010-1861,-1,-1,604325,php53,https://www.suse.com/security/cve/CVE-2010-1861,"The sysvshm extension for PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allows context-dependent attackers to write to arbitrary memory addresses by using an object's __sleep function to interrupt an internal call to the shm_put_var function, which triggers access of a freed resource.",Analysis
20100511,CVE-2010-1000,-1,-1,604709,kdenetwork4,https://www.suse.com/security/cve/CVE-2010-1000,"Directory traversal vulnerability in KGet in KDE SC 4.0.0 through 4.4.3 allows remote attackers to create arbitrary files via directory traversal sequences in the name attribute of a file element in a metalink file.",Affected
20100512,CVE-2010-1869,-1,-1,605043,ghostscript-library,https://www.suse.com/security/cve/CVE-2010-1869,"Stack-based buffer overflow in the parser function in GhostScript 8.70 and 8.64 allows context-dependent attackers to execute arbitrary code via a crafted PostScript file.",Released
20100514,CVE-2010-1169,-1,-1,605926,postgresql94,https://www.suse.com/security/cve/CVE-2010-1169,"PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, 8.4 before 8.4.4, and 9.0 Beta before 9.0 Beta 2 does not properly restrict PL/perl procedures, which allows remote authenticated users, with database-creation privileges, to execute arbitrary Perl code via a crafted script, related to the Safe module (aka Safe.pm) for Perl. NOTE: some sources report that this issue is the same as CVE-2010-1447.",Unsupported
20100514,CVE-2010-1170,-1,-1,605845,postgresql94,https://www.suse.com/security/cve/CVE-2010-1170,"The PL/Tcl implementation in PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, 8.4 before 8.4.4, and 9.0 Beta before 9.0 Beta 2 loads Tcl code from the pltcl_modules table regardless of the table's ownership and permissions, which allows remote authenticated users, with database-creation privileges, to execute arbitrary Tcl code by creating this table and inserting a crafted Tcl script.",Unsupported
20100519,CVE-2010-0831,-1,-1,1188517,fastjar,https://www.suse.com/security/cve/CVE-2010-0831,"Directory traversal vulnerability in the extract_jar function in jartool.c in FastJar 0.98 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in a non-initial pathname component in a filename within a .jar archive, a related issue to CVE-2005-1080.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2006-3619.",Released
20100520,CVE-2010-1628,-1,-1,605043,ghostscript-library,https://www.suse.com/security/cve/CVE-2010-1628,"Ghostscript 8.64, 8.70, and possibly other versions allows context-dependent attackers to execute arbitrary code via a PostScript file containing unlimited recursive procedure invocations, which trigger memory corruption in the stack of the interpreter.",Released
20100526,CVE-2010-1639,-1,-1,608949,clamav,https://www.suse.com/security/cve/CVE-2010-1639,"The cli_pdf function in libclamav/pdf.c in ClamAV before 0.96.1 allows remote attackers to cause a denial of service (crash) via a malformed PDF file, related to an inconsistency in the calculated stream length and the real stream length.",Released
20100526,CVE-2010-2077,-1,-1,608949,clamav,https://www.suse.com/security/cve/CVE-2010-2077,"** REJECT **  DO NOT USE THIS CANDIDATE NUMBER.  ConsultIDs: CVE-2010-1640.  Reason: This candidate is a duplicate of CVE-2010-1640.  Notes: All CVE users should reference CVE-2010-1640 instead of this candidate.  All references and descriptions in this candidate have been removed to prevent accidental usage.",Released
20100527,CVE-2010-0407,-1,-1,609317,pcsc-lite,https://www.suse.com/security/cve/CVE-2010-0407,"Multiple buffer overflows in the MSGFunctionDemarshall function in winscard_svc.c in the PC/SC Smart Card daemon (aka PCSCD) in MUSCLE PCSC-Lite before 1.5.4 allow local users to gain privileges via crafted message data, which is improperly demarshalled.",Released
20100527,CVE-2010-1640,-1,-1,608188,clamav,https://www.suse.com/security/cve/CVE-2010-1640,"Off-by-one error in the parseicon function in libclamav/pe_icons.c in ClamAV 0.96 allows remote attackers to cause a denial of service (crash) via a crafted PE icon that triggers an out-of-bounds read, related to improper rounding during scaling.",Released
20100528,CVE-2010-1634,-1,-1,609759,python,https://www.suse.com/security/cve/CVE-2010-1634,"Multiple integer overflows in audioop.c in the audioop module in Python 2.6, 2.7, 3.1, and 3.2 allow context-dependent attackers to cause a denial of service (application crash) via a large fragment, as demonstrated by a call to audioop.lin2lin with a long string in the first argument, leading to a buffer overflow. NOTE: this vulnerability exists because of an incorrect fix for CVE-2008-3143.5.",Released
20100528,CVE-2010-2089,-1,-1,609761,python,https://www.suse.com/security/cve/CVE-2010-2089,"The audioop module in Python 2.7 and 3.2 does not verify the relationships between size arguments and byte string lengths, which allows context-dependent attackers to cause a denial of service (memory corruption and application crash) via crafted arguments, as demonstrated by a call to audioop.reverse with a one-byte string, a different vulnerability than CVE-2010-1634.",Released
20100601,CVE-2010-0742,-1,-1,610642,openssl,https://www.suse.com/security/cve/CVE-2010-0742,"The Cryptographic Message Syntax (CMS) implementation in crypto/cms/cms_asn1.c in OpenSSL before 0.9.8o and 1.x before 1.0.0a does not properly handle structures that contain OriginatorInfo, which allows context-dependent attackers to modify invalid memory locations or conduct double-free attacks, and possibly execute arbitrary code, via unspecified vectors.",Released
20100602,CVE-2010-2055,-1,-1,608071,ghostscript-library,https://www.suse.com/security/cve/CVE-2010-2055,"Ghostscript 8.71 and earlier reads initialization files from the current working directory, which allows local users to execute arbitrary PostScript commands via a Trojan horse file, related to improper support for the -P- option to the gs program, as demonstrated using gs_init.ps, a different vulnerability than CVE-2010-4820.",Released
20100608,CVE-2010-2059,-1,-1,610941,rpm,https://www.suse.com/security/cve/CVE-2010-2059,"lib/fsm.c in RPM 4.8.0 and unspecified 4.7.x and 4.6.x versions, and RPM before 4.4.3, does not properly reset the metadata of an executable file during replacement of the file in an RPM package upgrade, which might allow local users to gain privileges by creating a hard link to a vulnerable (1) setuid or (2) setgid file.",Released
20100609,CVE-2008-7256,-1,-1,,kernel-source,https://www.suse.com/security/cve/CVE-2008-7256,"mm/shmem.c in the Linux kernel before 2.6.28-rc8, when strict overcommit is enabled and CONFIG_SECURITY is disabled, does not properly handle the export of shmemfs objects by knfsd, which allows attackers to cause a denial of service (NULL pointer dereference and knfsd crash) or possibly have unspecified other impact via unknown vectors.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-1643.",Analysis
20100611,CVE-2010-2198,-1,-1,610941,rpm,https://www.suse.com/security/cve/CVE-2010-2198,"lib/fsm.c in RPM 4.8.0 and earlier does not properly reset the metadata of an executable file during replacement of the file in an RPM package upgrade or deletion of the file in an RPM package removal, which might allow local users to gain privileges or bypass intended access restrictions by creating a hard link to a vulnerable file that has (1) POSIX file capabilities or (2) SELinux context information, a related issue to CVE-2010-2059.",Released
20100614,CVE-2010-2071,-1,-1,614054,kernel-source,https://www.suse.com/security/cve/CVE-2010-2071,"The btrfs_xattr_set_acl function in fs/btrfs/acl.c in btrfs in the Linux kernel 2.6.34 and earlier does not check file ownership before setting an ACL, which allows local users to bypass file permissions by setting arbitrary ACLs, as demonstrated using setfacl.",Analysis
20100615,CVE-2010-2074,-1,-1,609451,w3m,https://www.suse.com/security/cve/CVE-2010-2074,"istream.c in w3m 0.5.2 and possibly other versions, when ssl_verify_server is enabled, does not properly handle a '\0' character in a domain name in the (1) subject's Common Name or (2) Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.",Released
20100615,CVE-2010-2283,-1,-1,613487,wireshark,https://www.suse.com/security/cve/CVE-2010-2283,"The SMB dissector in Wireshark 0.99.6 through 1.0.13, and 1.2.0 through 1.2.8 allows remote attackers to cause a denial of service (NULL pointer dereference) via unknown vectors.",Released
20100615,CVE-2010-2284,-1,-1,613487,wireshark,https://www.suse.com/security/cve/CVE-2010-2284,"Buffer overflow in the ASN.1 BER dissector in Wireshark 0.10.13 through 1.0.13 and 1.2.0 through 1.2.8 has unknown impact and remote attack vectors.",Released
20100615,CVE-2010-2285,-1,-1,613487,wireshark,https://www.suse.com/security/cve/CVE-2010-2285,"The SMB PIPE dissector in Wireshark 0.8.20 through 1.0.13 and 1.2.0 through 1.2.8 allows remote attackers to cause a denial of service (NULL pointer dereference) via unknown vectors.",Released
20100615,CVE-2010-2286,-1,-1,613487,wireshark,https://www.suse.com/security/cve/CVE-2010-2286,"The SigComp Universal Decompressor Virtual Machine dissector in Wireshark 0.10.7 through 1.0.13 and 1.2.0 through 1.2.8 allows remote attackers to cause a denial of service (infinite loop) via unknown vectors.",Released
20100615,CVE-2010-2287,-1,-1,613487,wireshark,https://www.suse.com/security/cve/CVE-2010-2287,"Buffer overflow in the SigComp Universal Decompressor Virtual Machine dissector in Wireshark 0.10.8 through 1.0.13 and 1.2.0 through 1.2.8 has unknown impact and remote attack vectors.",Released
20100622,CVE-2010-1488,-1,-1,596460,kernel-source,https://www.suse.com/security/cve/CVE-2010-1488,"The proc_oom_score function in fs/proc/base.c in the Linux kernel before 2.6.34-rc4 uses inappropriate data structures during selection of a candidate for the OOM killer, which might allow local users to cause a denial of service via unspecified patterns of task creation.",Ignore
20100628,CVE-2010-1205,,9.8,1188284,libpng12-0,https://www.suse.com/security/cve/CVE-2010-1205,"Buffer overflow in pngpread.c in libpng before 1.2.44 and 1.4.x before 1.4.3, as used in progressive applications, might allow remote attackers to execute arbitrary code via a PNG image that triggers an additional data row.",Released
20100629,CVE-2010-2249,,6.5,617866,libpng12-0,https://www.suse.com/security/cve/CVE-2010-2249,"Memory leak in pngrutil.c in libpng before 1.2.44, and 1.4.x before 1.4.3, allows remote attackers to cause a denial of service (memory consumption and application crash) via a PNG image containing malformed Physical Scale (aka sCAL) chunks.",Released
20100706,CVE-2010-2628,-1,-1,615915,strongswan,https://www.suse.com/security/cve/CVE-2010-2628,"The IKE daemon in strongSwan 4.3.x before 4.3.7 and 4.4.x before 4.4.1 does not properly check the return values of snprintf calls, which allows remote attackers to execute arbitrary code via crafted (1) certificate or (2) identity data that triggers buffer overflows.",Released
20100707,CVE-2009-2699,,7.5,1078450,apache2,https://www.suse.com/security/cve/CVE-2009-2699,"The Solaris pollset feature in the Event Port backend in poll/unix/port.c in the Apache Portable Runtime (APR) library before 1.3.9, as used in the Apache HTTP Server before 2.2.14 and other products, does not properly handle errors, which allows remote attackers to cause a denial of service (daemon hang) via unspecified HTTP requests, related to the prefork and event MPMs.",Released
20100709,CVE-2003-0070,-1,-1,621097,vte,https://www.suse.com/security/cve/CVE-2003-0070,"VTE, as used by default in gnome-terminal terminal emulator 2.2 and as an option in gnome-terminal 2.0, allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands.",Released
20100709,CVE-2010-2497,-1,-1,619562,firefox-freetype2,https://www.suse.com/security/cve/CVE-2010-2497,"Integer underflow in glyph handling in FreeType before 2.4.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file.",Affected
20100709,CVE-2010-2497,-1,-1,619562,freetype2,https://www.suse.com/security/cve/CVE-2010-2497,"Integer underflow in glyph handling in FreeType before 2.4.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file.",Released
20100709,CVE-2010-2498,-1,-1,619562,firefox-freetype2,https://www.suse.com/security/cve/CVE-2010-2498,"The psh_glyph_find_strong_points function in pshinter/pshalgo.c in FreeType before 2.4.0 does not properly implement hinting masks, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via a crafted font file that triggers an invalid free operation.",Unsupported
20100709,CVE-2010-2498,-1,-1,619562,freetype2,https://www.suse.com/security/cve/CVE-2010-2498,"The psh_glyph_find_strong_points function in pshinter/pshalgo.c in FreeType before 2.4.0 does not properly implement hinting masks, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via a crafted font file that triggers an invalid free operation.",Released
20100709,CVE-2010-2499,-1,-1,619562,firefox-freetype2,https://www.suse.com/security/cve/CVE-2010-2499,"Buffer overflow in the Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.4.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted LaserWriter PS font file with an embedded PFB fragment.",Unsupported
20100709,CVE-2010-2499,-1,-1,619562,freetype2,https://www.suse.com/security/cve/CVE-2010-2499,"Buffer overflow in the Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.4.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted LaserWriter PS font file with an embedded PFB fragment.",Released
20100709,CVE-2010-2500,-1,-1,619562,freetype2,https://www.suse.com/security/cve/CVE-2010-2500,"Integer overflow in the gray_render_span function in smooth/ftgrays.c in FreeType before 2.4.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file.",Released
20100709,CVE-2010-2519,-1,-1,619562,freetype2,https://www.suse.com/security/cve/CVE-2010-2519,"Heap-based buffer overflow in the Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.4.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted length value in a POST fragment header in a font file.",Released
20100709,CVE-2010-2520,-1,-1,619562,firefox-freetype2,https://www.suse.com/security/cve/CVE-2010-2520,"Heap-based buffer overflow in the Ins_IUP function in truetype/ttinterp.c in FreeType before 2.4.0, when TrueType bytecode support is enabled, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file.",Affected
20100709,CVE-2010-2520,-1,-1,619562,freetype2,https://www.suse.com/security/cve/CVE-2010-2520,"Heap-based buffer overflow in the Ins_IUP function in truetype/ttinterp.c in FreeType before 2.4.0, when TrueType bytecode support is enabled, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file.",Released
20100714,CVE-2010-2227,-1,-1,622188,tomcat6,https://www.suse.com/security/cve/CVE-2010-2227,"Apache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.27, and 7.0.0 beta does not properly handle an invalid Transfer-Encoding header, which allows remote attackers to cause a denial of service (application outage) or obtain sensitive information via a crafted header that interferes with \"recycling of a buffer.\"",Released
20100714,CVE-2010-2713,-1,-1,621097,vte,https://www.suse.com/security/cve/CVE-2010-2713,"The vte_sequence_handler_window_manipulation function in vteseq.c in libvte (aka libvte9) in VTE 0.25.1 and earlier, as used in gnome-terminal, does not properly handle escape sequences, which allows remote attackers to execute arbitrary commands or obtain potentially sensitive information via a (1) window title or (2) icon title sequence.  NOTE: this issue exists because of a CVE-2003-0070 regression.",Released
20100715,CVE-2010-2527,-1,-1,619562,firefox-freetype2,https://www.suse.com/security/cve/CVE-2010-2527,"Multiple buffer overflows in demo programs in FreeType before 2.4.0 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file.",Unsupported
20100715,CVE-2010-2527,-1,-1,619562,freetype2,https://www.suse.com/security/cve/CVE-2010-2527,"Multiple buffer overflows in demo programs in FreeType before 2.4.0 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file.",Released
20100716,CVE-2010-2529,-1,-1,620837,iputils,https://www.suse.com/security/cve/CVE-2010-2529,"Unspecified vulnerability in ping.c in iputils 20020927, 20070202, 20071127, and 20100214 on Mandriva Linux allows remote attackers to cause a denial of service (hang) via a crafted echo response.",Released
20100722,CVE-2009-4897,-1,-1,621824,ghostscript-library,https://www.suse.com/security/cve/CVE-2009-4897,"Buffer overflow in gs/psi/iscan.c in Ghostscript 8.64 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted PDF document containing a long name.",Released
20100723,CVE-2010-2541,-1,-1,619562,firefox-freetype2,https://www.suse.com/security/cve/CVE-2010-2541,"Buffer overflow in ftmulti.c in the ftmulti demo program in FreeType before 2.4.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file.",Unsupported
20100723,CVE-2010-2541,-1,-1,619562,freetype2,https://www.suse.com/security/cve/CVE-2010-2541,"Buffer overflow in ftmulti.c in the ftmulti demo program in FreeType before 2.4.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file.",Released
20100727,CVE-2010-2547,,8.1,625947,gpg2,https://www.suse.com/security/cve/CVE-2010-2547,"Use-after-free vulnerability in kbx/keybox-blob.c in GPGSM in GnuPG 2.x through 2.0.16 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a certificate with a large number of Subject Alternate Names, which is not properly handled in a realloc operation when importing the certificate or verifying its signature.",Released
20100730,CVE-2010-1452,-1,-1,627030,apache2,https://www.suse.com/security/cve/CVE-2010-1452,"The (1) mod_cache and (2) mod_dav modules in the Apache HTTP Server 2.2.x before 2.2.16 allow remote attackers to cause a denial of service (process crash) via a request that lacks a path.",Released
20100802,CVE-2010-2068,-1,-1,627030,apache2,https://www.suse.com/security/cve/CVE-2010-2068,"mod_proxy_http.c in mod_proxy_http in the Apache HTTP Server 2.2.9 through 2.2.15, 2.3.4-alpha, and 2.3.5-alpha on Windows, NetWare, and OS/2, in certain configurations involving proxy worker pools, does not properly detect timeouts, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request.",Released
20100803,CVE-2010-2799,-1,-1,627475,socat,https://www.suse.com/security/cve/CVE-2010-2799,"Stack-based buffer overflow in the nestlex function in nestlex.c in Socat 1.5.0.0 through 1.7.1.2 and 2.0.0-b1 through 2.0.0-b3, when bidirectional data relay is enabled, allows context-dependent attackers to execute arbitrary code via long command-line arguments.",Released
20100804,CVE-2010-1797,-1,-1,628213,firefox-freetype2,https://www.suse.com/security/cve/CVE-2010-1797,"Multiple stack-based buffer overflows in the cff_decoder_parse_charstrings function in the CFF Type2 CharStrings interpreter in cff/cffgload.c in FreeType before 2.4.2, as used in Apple iOS before 4.0.2 on the iPhone and iPod touch and before 3.2.2 on the iPad, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted CFF opcodes in embedded fonts in a PDF document, as demonstrated by JailbreakMe. NOTE: some of these details are obtained from third party information.",Unsupported
20100804,CVE-2010-1797,-1,-1,628213,freetype2,https://www.suse.com/security/cve/CVE-2010-1797,"Multiple stack-based buffer overflows in the cff_decoder_parse_charstrings function in the CFF Type2 CharStrings interpreter in cff/cffgload.c in FreeType before 2.4.2, as used in Apple iOS before 4.0.2 on the iPhone and iPod touch and before 3.2.2 on the iPad, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted CFF opcodes in embedded fonts in a PDF document, as demonstrated by JailbreakMe. NOTE: some of these details are obtained from third party information.",Released
20100805,CVE-2010-1172,-1,-1,628607,dbus-1-glib,https://www.suse.com/security/cve/CVE-2010-1172,"DBus-GLib 0.73 disregards the access flag of exported GObject properties, which allows local users to bypass intended access restrictions and possibly cause a denial of service by modifying properties, as demonstrated by properties of the (1) DeviceKit-Power, (2) NetworkManager, and (3) ModemManager services.",Released
20100805,CVE-2010-1172,-1,-1,628607,firefox-dbus-1-glib,https://www.suse.com/security/cve/CVE-2010-1172,"DBus-GLib 0.73 disregards the access flag of exported GObject properties, which allows local users to bypass intended access restrictions and possibly cause a denial of service by modifying properties, as demonstrated by properties of the (1) DeviceKit-Power, (2) NetworkManager, and (3) ModemManager services.",Affected
20100809,CVE-2010-1128,-1,-1,629443,php53,https://www.suse.com/security/cve/CVE-2010-1128,"The Linear Congruential Generator (LCG) in PHP before 5.2.13 does not provide the expected entropy, which makes it easier for context-dependent attackers to guess values that were intended to be unpredictable, as demonstrated by session cookies generated by using the uniqid function.",Already fixed
20100809,CVE-2010-2805,-1,-1,629447,firefox-freetype2,https://www.suse.com/security/cve/CVE-2010-2805,"The FT_Stream_EnterFrame function in base/ftstream.c in FreeType before 2.4.2 does not properly validate certain position values, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file.",Affected
20100809,CVE-2010-2805,-1,-1,629447,freetype2,https://www.suse.com/security/cve/CVE-2010-2805,"The FT_Stream_EnterFrame function in base/ftstream.c in FreeType before 2.4.2 does not properly validate certain position values, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file.",Released
20100809,CVE-2010-2806,-1,-1,629447,freetype2,https://www.suse.com/security/cve/CVE-2010-2806,"Array index error in the t42_parse_sfnts function in type42/t42parse.c in FreeType before 2.4.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via negative size values for certain strings in FontType42 font files, leading to a heap-based buffer overflow.",Released
20100809,CVE-2010-2807,-1,-1,629447,firefox-freetype2,https://www.suse.com/security/cve/CVE-2010-2807,"FreeType before 2.4.2 uses incorrect integer data types during bounds checking, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file.",Affected
20100809,CVE-2010-2807,-1,-1,629447,freetype2,https://www.suse.com/security/cve/CVE-2010-2807,"FreeType before 2.4.2 uses incorrect integer data types during bounds checking, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file.",Released
20100809,CVE-2010-2808,-1,-1,629447,freetype2,https://www.suse.com/security/cve/CVE-2010-2808,"Buffer overflow in the Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.4.2 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted Adobe Type 1 Mac Font File (aka LWFN) font.",Released
20100812,CVE-2010-2992,-1,-1,630599,wireshark,https://www.suse.com/security/cve/CVE-2010-2992,"packet-gsm_a_rr.c in the GSM A RR dissector in Wireshark 1.2.2 through 1.2.9 allows remote attackers to cause a denial of service (crash) via unknown vectors that trigger a NULL pointer dereference.",Affected
20100812,CVE-2010-2993,-1,-1,630599,wireshark,https://www.suse.com/security/cve/CVE-2010-2993,"The IPMI dissector in Wireshark 1.2.0 through 1.2.9 allows remote attackers to cause a denial of service (infinite loop) via unknown vectors.",Affected
20100812,CVE-2010-2994,-1,-1,630599,wireshark,https://www.suse.com/security/cve/CVE-2010-2994,"Stack-based buffer overflow in the ASN.1 BER dissector in Wireshark 0.10.13 through 1.0.14 and 1.2.0 through 1.2.9 has unknown impact and remote attack vectors.  NOTE: this issue exists because of a CVE-2010-2284 regression.",Affected
20100812,CVE-2010-2995,-1,-1,630599,wireshark,https://www.suse.com/security/cve/CVE-2010-2995,"The SigComp Universal Decompressor Virtual Machine (UDVM) in Wireshark 0.10.8 through 1.0.14 and 1.2.0 through 1.2.9 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to sigcomp-udvm.c and an off-by-one error, which triggers a buffer overflow, different vulnerabilities than CVE-2010-2287.",Affected
20100813,CVE-2010-2939,-1,-1,489641,openssl,https://www.suse.com/security/cve/CVE-2010-2939,"Double free vulnerability in the ssl3_get_key_exchange function in the OpenSSL client (ssl/s3_clnt.c) in OpenSSL 1.0.0a, 0.9.8, 0.9.7, and possibly other versions, when using ECDH, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted private key with an invalid prime. NOTE: some sources refer to this as a use-after-free issue.",Released
20100816,CVE-2009-4835,-1,-1,631379,libsndfile,https://www.suse.com/security/cve/CVE-2009-4835,"The (1) htk_read_header, (2) alaw_init, (3) ulaw_init, (4) pcm_init, (5) float32_init, and (6) sds_read_header functions in libsndfile 1.0.20 allow context-dependent attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted audio file.",Released
20100817,CVE-2010-3015,-1,-1,631801,kernel-source,https://www.suse.com/security/cve/CVE-2010-3015,"Integer overflow in the ext4_ext_get_blocks function in fs/ext4/extents.c in the Linux kernel before 2.6.34 allows local users to cause a denial of service (BUG and system crash) via a write operation on the last block of a large file, followed by a sync operation.",Ignore
20100823,CVE-2010-2947,-1,-1,631582,libHX,https://www.suse.com/security/cve/CVE-2010-2947,"Heap-based buffer overflow in the HX_split function in string.c in libHX before 3.6 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a string that is inconsistent with the expected number of fields.",Released
20100823,CVE-2010-2959,-1,-1,633581,kernel-source,https://www.suse.com/security/cve/CVE-2010-2959,"Integer overflow in net/can/bcm.c in the Controller Area Network (CAN) implementation in the Linux kernel before 2.6.27.53, 2.6.32.x before 2.6.32.21, 2.6.34.x before 2.6.34.6, and 2.6.35.x before 2.6.35.4 allows attackers to execute arbitrary code or cause a denial of service (system crash) via crafted CAN traffic.",Ignore
20100824,CVE-2010-3053,-1,-1,633938,firefox-freetype2,https://www.suse.com/security/cve/CVE-2010-3053,"bdf/bdflib.c in FreeType before 2.4.2 allows remote attackers to cause a denial of service (application crash) via a crafted BDF font file, related to an attempted modification of a value in a static string.",Affected
20100824,CVE-2010-3053,-1,-1,633938,freetype2,https://www.suse.com/security/cve/CVE-2010-3053,"bdf/bdflib.c in FreeType before 2.4.2 allows remote attackers to cause a denial of service (application crash) via a crafted BDF font file, related to an attempted modification of a value in a static string.",Released
20100824,CVE-2010-3054,-1,-1,633943,firefox-freetype2,https://www.suse.com/security/cve/CVE-2010-3054,"Unspecified vulnerability in FreeType 2.3.9, and other versions before 2.4.2, allows remote attackers to cause a denial of service via vectors involving nested Standard Encoding Accented Character (aka seac) calls, related to psaux.h, cffgload.c, cffgload.h, and t1decode.c.",Affected
20100824,CVE-2010-3054,-1,-1,633943,freetype2,https://www.suse.com/security/cve/CVE-2010-3054,"Unspecified vulnerability in FreeType 2.3.9, and other versions before 2.4.2, allows remote attackers to cause a denial of service via vectors involving nested Standard Encoding Accented Character (aka seac) calls, related to psaux.h, cffgload.c, cffgload.h, and t1decode.c.",Released
20100826,CVE-2010-2575,-1,-1,634743,kdegraphics4,https://www.suse.com/security/cve/CVE-2010-2575,"Heap-based buffer overflow in the RLE decompression functionality in the TranscribePalmImageToJPEG function in generators/plucker/inplug/image.cpp in Okular in KDE SC 4.3.0 through 4.5.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted image in a PDB file.",Released
20100826,CVE-2010-2948,-1,-1,634300,quagga,https://www.suse.com/security/cve/CVE-2010-2948,"Stack-based buffer overflow in the bgp_route_refresh_receive function in bgp_packet.c in bgpd in Quagga before 0.99.17 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a malformed Outbound Route Filtering (ORF) record in a BGP ROUTE-REFRESH (RR) message.",Released
20100826,CVE-2010-2949,-1,-1,634300,quagga,https://www.suse.com/security/cve/CVE-2010-2949,"bgpd in Quagga before 0.99.17 does not properly parse AS paths, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an unknown AS type in an AS path attribute in a BGP UPDATE message.",Released
20100826,CVE-2010-2951,-1,-1,634613,squid,https://www.suse.com/security/cve/CVE-2010-2951,"dns_internal.cc in Squid 3.1.6, when IPv6 DNS resolution is not enabled, accesses an invalid socket during an IPv4 TCP DNS query, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via vectors that trigger an IPv4 DNS response with the TC bit set.",Analysis
20100827,CVE-2009-3743,-1,-1,635004,ghostscript-library,https://www.suse.com/security/cve/CVE-2009-3743,"Off-by-one error in the Ins_MINDEX function in the TrueType bytecode interpreter in Ghostscript before 8.71 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a malformed TrueType font in a document that trigger an integer overflow and a heap-based buffer overflow.",Released
20100903,CVE-2010-0405,-1,-1,636978,bzip2,https://www.suse.com/security/cve/CVE-2010-0405,"Integer overflow in the BZ2_decompress function in decompress.c in bzip2 and libbzip2 before 1.0.6 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted compressed file.",Released
20100914,CVE-2010-3089,-1,-1,637295,mailman,https://www.suse.com/security/cve/CVE-2010-3089,"Multiple cross-site scripting (XSS) vulnerabilities in GNU Mailman before 2.1.14rc1 allow remote authenticated users to inject arbitrary web script or HTML via vectors involving (1) the list information field or (2) the list description field.",Released
20100914,CVE-2010-3090,-1,-1,637295,mailman,https://www.suse.com/security/cve/CVE-2010-3090,"** REJECT **  DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2010-3089. Reason: This issue was MERGED into CVE-2010-3089 in accordance with CVE content decisions, because it is the same type of vulnerability and affects the same versions.  Notes: All CVE users should reference CVE-2010-3089 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.",Released
20100924,CVE-2010-3311,-1,-1,635692,firefox-freetype2,https://www.suse.com/security/cve/CVE-2010-3311,"Integer overflow in base/ftstream.c in libXft (aka the X FreeType library) in FreeType before 2.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Compact Font Format (CFF) font file that triggers a heap-based buffer overflow, related to an \"input stream position error\" issue, a different vulnerability than CVE-2010-1797.",Unsupported
20100924,CVE-2010-3311,-1,-1,635692,freetype2,https://www.suse.com/security/cve/CVE-2010-3311,"Integer overflow in base/ftstream.c in libXft (aka the X FreeType library) in FreeType before 2.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Compact Font Format (CFF) font file that triggers a heap-based buffer overflow, related to an \"input stream position error\" issue, a different vulnerability than CVE-2010-1797.",Released
20100928,CVE-2010-3434,-1,-1,640812,clamav,https://www.suse.com/security/cve/CVE-2010-3434,"Buffer overflow in the find_stream_bounds function in pdf.c in libclamav in ClamAV before 0.96.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF document.  NOTE: some of these details are obtained from third party information.",Affected
20100928,CVE-2010-3477,-1,-1,642324,kernel-source,https://www.suse.com/security/cve/CVE-2010-3477,"The tcf_act_police_dump function in net/sched/act_police.c in the actions implementation in the network queueing functionality in the Linux kernel before 2.6.36-rc4 does not properly initialize certain structure members, which allows local users to obtain potentially sensitive information from kernel memory via vectors involving a dump operation.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-2942.",Analysis
20100930,CVE-2010-3436,-1,-1,642733,php53,https://www.suse.com/security/cve/CVE-2010-3436,"fopen_wrappers.c in PHP 5.3.x through 5.3.3 might allow remote attackers to bypass open_basedir restrictions via vectors related to the length of a filename.",Already fixed
20101001,CVE-2010-3445,-1,-1,643078,wireshark,https://www.suse.com/security/cve/CVE-2010-3445,"Stack consumption vulnerability in the dissect_ber_unknown function in epan/dissectors/packet-ber.c in the BER dissector in Wireshark 1.4.x before 1.4.1 and 1.2.x before 1.2.12 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a long string in an unknown ASN.1/BER encoded packet, as demonstrated using SNMP.",Affected
20101004,CVE-2010-3697,-1,-1,643428,freeradius-server,https://www.suse.com/security/cve/CVE-2010-3697,"The wait_for_child_to_die function in main/event.c in FreeRADIUS 2.1.x before 2.1.10, in certain circumstances involving long-term database outages, does not properly handle long queue times for requests, which allows remote attackers to cause a denial of service (daemon crash) by sending many requests.",Analysis
20101005,CVE-2010-3433,-1,-1,643771,postgresql94,https://www.suse.com/security/cve/CVE-2010-3433,"The PL/perl and PL/Tcl implementations in PostgreSQL 7.4 before 7.4.30, 8.0 before 8.0.26, 8.1 before 8.1.22, 8.2 before 8.2.18, 8.3 before 8.3.12, 8.4 before 8.4.5, and 9.0 before 9.0.1 do not properly protect script execution by a different SQL user identity within the same session, which allows remote authenticated users to gain privileges via crafted script code in a SECURITY DEFINER function, as demonstrated by (1) redefining standard functions or (2) redefining operators, a different vulnerability than CVE-2010-1168, CVE-2010-1169, CVE-2010-1170, and CVE-2010-1447.",Affected
20101005,CVE-2010-3702,-1,-1,642785,cups,https://www.suse.com/security/cve/CVE-2010-3702,"The Gfx::getPos function in the PDF parser in xpdf before 3.02pl5, poppler 0.8.7 and possibly other versions up to 0.15.1, CUPS, kdegraphics, and possibly other products allows context-dependent attackers to cause a denial of service (crash) via unknown vectors that trigger an uninitialized pointer dereference.",Unsupported
20101005,CVE-2010-3702,-1,-1,642785,poppler,https://www.suse.com/security/cve/CVE-2010-3702,"The Gfx::getPos function in the PDF parser in xpdf before 3.02pl5, poppler 0.8.7 and possibly other versions up to 0.15.1, CUPS, kdegraphics, and possibly other products allows context-dependent attackers to cause a denial of service (crash) via unknown vectors that trigger an uninitialized pointer dereference.",Released
20101005,CVE-2010-3703,-1,-1,642785,cups,https://www.suse.com/security/cve/CVE-2010-3703,"The PostScriptFunction::PostScriptFunction function in poppler/Function.cc in the PDF parser in poppler 0.8.7 and possibly other versions up to 0.15.1, and possibly other products, allows context-dependent attackers to cause a denial of service (crash) via a PDF file that triggers an uninitialized pointer dereference.",Affected
20101005,CVE-2010-3703,-1,-1,642785,poppler,https://www.suse.com/security/cve/CVE-2010-3703,"The PostScriptFunction::PostScriptFunction function in poppler/Function.cc in the PDF parser in poppler 0.8.7 and possibly other versions up to 0.15.1, and possibly other products, allows context-dependent attackers to cause a denial of service (crash) via a PDF file that triggers an uninitialized pointer dereference.",Released
20101005,CVE-2010-3704,-1,-1,642785,poppler,https://www.suse.com/security/cve/CVE-2010-3704,"The FoFiType1::parse function in fofi/FoFiType1.cc in the PDF parser in xpdf before 3.02pl5, poppler 0.8.7 and possibly other versions up to 0.15.1, kdegraphics, and possibly other products allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a PDF file with a crafted PostScript Type1 font that contains a negative array index, which bypasses input validation and triggers memory corruption.",Released
20101008,CVE-2010-2632,-1,-1,644882,glibc,https://www.suse.com/security/cve/CVE-2010-2632,"Unspecified vulnerability in the FTP Server in Oracle Solaris 8, 9, 10, and 11 Express allows remote attackers to affect availability. NOTE: the previous information was obtained from the January 2011 CPU. Oracle has not commented on claims from a reliable researcher that this is an issue in the glob implementation in libc that allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames.",Analysis
20101008,CVE-2010-3762,-1,-1,644899,bind,https://www.suse.com/security/cve/CVE-2010-3762,"ISC BIND before 9.7.2-P2, when DNSSEC validation is enabled, does not properly handle certain bad signatures if multiple trust anchors exist for a single zone, which allows remote attackers to cause a denial of service (daemon crash) via a DNS query.",Analysis
20101011,CVE-2010-3609,-1,-1,642571,openslp,https://www.suse.com/security/cve/CVE-2010-3609,"The extension parser in slp_v2message.c in OpenSLP 1.2.1, and other versions before SVN revision 1647, as used in Service Location Protocol daemon (SLPD) in VMware ESX 4.0 and 4.1 and ESXi 4.0 and 4.1, allows remote attackers to cause a denial of service (infinite loop) via a packet with a \"next extension offset\" that references this extension or a previous extension.  NOTE: some of these details are obtained from third party information.",Released
20101013,CVE-2010-2963,-1,-1,646045,kernel-source,https://www.suse.com/security/cve/CVE-2010-2963,"drivers/media/video/v4l2-compat-ioctl32.c in the Video4Linux (V4L) implementation in the Linux kernel before 2.6.36 on 64-bit platforms does not validate the destination of a memory copy operation, which allows local users to write to arbitrary kernel memory locations, and consequently gain privileges, via a VIDIOCSTUNER ioctl call on a /dev/video device, followed by a VIDIOCSMICROCODE ioctl call on this device.",Ignore
20101013,CVE-2010-3574,-1,-1,646073,krb5,https://www.suse.com/security/cve/CVE-2010-3574,"Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.  NOTE: the previous information was obtained from the October 2010 CPU.  Oracle has not commented on claims from a reliable downstream vendor that HttpURLConnection does not properly check for the allowHttpTrace permission, which allows untrusted code to perform HTTP TRACE requests.",Released
20101020,CVE-2010-3492,-1,-1,638233,python,https://www.suse.com/security/cve/CVE-2010-3492,"The asyncore module in Python before 3.2 does not properly handle unsuccessful calls to the accept function, and does not have accompanying documentation describing how daemon applications should handle unsuccessful calls to the accept function, which makes it easier for remote attackers to conduct denial of service attacks that terminate these applications via network connections.",Released
20101020,CVE-2010-3493,-1,-1,638233,python,https://www.suse.com/security/cve/CVE-2010-3493,"Multiple race conditions in smtpd.py in the smtpd module in Python 2.6, 2.7, 3.1, and 3.2 alpha allow remote attackers to cause a denial of service (daemon outage) by establishing and then immediately closing a TCP connection, leading to the accept function having an unexpected return value of None, an unexpected value of None for the address, or an ECONNABORTED, EAGAIN, or EWOULDBLOCK error, or the getpeername function having an ENOTCONN error, a related issue to CVE-2010-3492.",Released
20101021,CVE-2010-3814,-1,-1,647375,firefox-freetype2,https://www.suse.com/security/cve/CVE-2010-3814,"Heap-based buffer overflow in the Ins_SHZ function in ttinterp.c in FreeType 2.4.3 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted SHZ bytecode instruction, related to TrueType opcodes, as demonstrated by a PDF document with a crafted embedded font.",Affected
20101021,CVE-2010-3814,-1,-1,647375,freetype2,https://www.suse.com/security/cve/CVE-2010-3814,"Heap-based buffer overflow in the Ins_SHZ function in ttinterp.c in FreeType 2.4.3 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted SHZ bytecode instruction, related to TrueType opcodes, as demonstrated by a PDF document with a crafted embedded font.",Released
20101021,CVE-2010-3855,-1,-1,647375,freetype2,https://www.suse.com/security/cve/CVE-2010-3855,"Buffer overflow in the ft_var_readpackedpoints function in truetype/ttgxvar.c in FreeType 2.4.3 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted TrueType GX font.",Released
20101022,CVE-2010-3859,-1,-1,648624,kernel-source,https://www.suse.com/security/cve/CVE-2010-3859,"Multiple integer signedness errors in the TIPC implementation in the Linux kernel before 2.6.36.2 allow local users to gain privileges via a crafted sendmsg call that triggers a heap-based buffer overflow, related to the tipc_msg_build function in net/tipc/msg.c and the verify_iovec function in net/core/iovec.c.",Analysis
20101026,CVE-2010-2941,,9.8,649256,cups,https://www.suse.com/security/cve/CVE-2010-2941,"ipp.c in cupsd in CUPS 1.4.4 and earlier does not properly allocate memory for attribute values with invalid string data types, which allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly execute arbitrary code via a crafted IPP request.",Released
20101026,CVE-2010-4054,-1,-1,649207,ghostscript-library,https://www.suse.com/security/cve/CVE-2010-4054,"The gs_type2_interpret function in Ghostscript allows remote attackers to cause a denial of service (incorrect pointer dereference and application crash) via crafted font data in a compressed data stream, aka bug 691043.",Released
20101026,CVE-2010-4072,-1,-1,642314,kernel-source,https://www.suse.com/security/cve/CVE-2010-4072,"The copy_shmid_to_user function in ipc/shm.c in the Linux kernel before 2.6.37-rc1 does not initialize a certain structure, which allows local users to obtain potentially sensitive information from kernel stack memory via vectors related to the shmctl system call and the \"old shm interface.\"",Ignore
20101026,CVE-2010-4073,-1,-1,642314,kernel-source,https://www.suse.com/security/cve/CVE-2010-4073,"The ipc subsystem in the Linux kernel before 2.6.37-rc1 does not initialize certain structures, which allows local users to obtain potentially sensitive information from kernel stack memory via vectors related to the (1) compat_sys_semctl, (2) compat_sys_msgctl, and (3) compat_sys_shmctl functions in ipc/compat.c; and the (4) compat_sys_mq_open and (5) compat_sys_mq_getsetattr functions in ipc/compat_mq.c.",Ignore
20101026,CVE-2010-4074,-1,-1,642309,kernel-source,https://www.suse.com/security/cve/CVE-2010-4074,"The USB subsystem in the Linux kernel before 2.6.36-rc5 does not properly initialize certain structure members, which allows local users to obtain potentially sensitive information from kernel stack memory via vectors related to TIOCGICOUNT ioctl calls, and the (1) mos7720_ioctl function in drivers/usb/serial/mos7720.c and (2) mos7840_ioctl function in drivers/usb/serial/mos7840.c.",Ignore
20101026,CVE-2010-4075,-1,-1,642309,kernel-source,https://www.suse.com/security/cve/CVE-2010-4075,"The uart_get_count function in drivers/serial/serial_core.c in the Linux kernel before 2.6.37-rc1 does not properly initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via a TIOCGICOUNT ioctl call.",Ignore
20101026,CVE-2010-4076,-1,-1,642309,kernel-source,https://www.suse.com/security/cve/CVE-2010-4076,"The rs_ioctl function in drivers/char/amiserial.c in the Linux kernel 2.6.36.1 and earlier does not properly initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via a TIOCGICOUNT ioctl call.",Ignore
20101026,CVE-2010-4077,-1,-1,642309,kernel-source,https://www.suse.com/security/cve/CVE-2010-4077,"The ntty_ioctl_tiocgicount function in drivers/char/nozomi.c in the Linux kernel 2.6.36.1 and earlier does not properly initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via a TIOCGICOUNT ioctl call.",Ignore
20101026,CVE-2010-4083,-1,-1,642314,kernel-source,https://www.suse.com/security/cve/CVE-2010-4083,"The copy_semid_to_user function in ipc/sem.c in the Linux kernel before 2.6.36 does not initialize a certain structure, which allows local users to obtain potentially sensitive information from kernel stack memory via a (1) IPC_INFO, (2) SEM_INFO, (3) IPC_STAT, or (4) SEM_STAT command in a semctl system call.",Ignore
20101028,CVE-2010-2891,-1,-1,649867,libsmi,https://www.suse.com/security/cve/CVE-2010-2891,"Buffer overflow in the smiGetNode function in lib/smi.c in libsmi 0.4.8 allows context-dependent attackers to execute arbitrary code via an Object Identifier (aka OID) represented as a numerical string containing many components separated by . (dot) characters.",Affected
20101101,CVE-2010-1623,-1,-1,650435,libapr1,https://www.suse.com/security/cve/CVE-2010-1623,"Memory leak in the apr_brigade_split_line function in buckets/apr_brigade.c in the Apache Portable Runtime Utility library (aka APR-util) before 1.3.10, as used in the mod_reqtimeout module in the Apache HTTP Server and other software, allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors related to the destruction of an APR bucket.",Released
20101102,CVE-2010-1323,,3.7,650650,krb5,https://www.suse.com/security/cve/CVE-2010-1323,"MIT Kerberos 5 (aka krb5) 1.3.x, 1.4.x, 1.5.x, 1.6.x, 1.7.x, and 1.8.x through 1.8.3 does not properly determine the acceptability of checksums, which might allow remote attackers to modify user-visible prompt text, modify a response to a Key Distribution Center (KDC), or forge a KRB-SAFE message via certain checksums that (1) are unkeyed or (2) use RC4 keys.",Released
20101102,CVE-2010-1324,,3.7,650650,krb5,https://www.suse.com/security/cve/CVE-2010-1324,"MIT Kerberos 5 (aka krb5) 1.7.x and 1.8.x through 1.8.3 does not properly determine the acceptability of checksums, which might allow remote attackers to forge GSS tokens, gain privileges, or have unspecified other impact via (1) an unkeyed checksum, (2) an unkeyed PAC checksum, or (3) a KrbFastArmoredReq checksum based on an RC4 key.",Released
20101102,CVE-2010-4020,,6.3,650650,krb5,https://www.suse.com/security/cve/CVE-2010-4020,"MIT Kerberos 5 (aka krb5) 1.8.x through 1.8.3 does not reject RC4 key-derivation checksums, which might allow remote authenticated users to forge a (1) AD-SIGNEDPATH or (2) AD-KDC-ISSUED signature, and possibly gain privileges, by leveraging the small key space that results from certain one-byte stream-cipher operations.",Released
20101102,CVE-2010-4021,-1,-1,650650,krb5,https://www.suse.com/security/cve/CVE-2010-4021,"The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7 does not properly restrict the use of TGT credentials for armoring TGS requests, which might allow remote authenticated users to impersonate a client by rewriting an inner request, aka a \"KrbFastReq forgery issue.\"",Released
20101103,CVE-2010-3864,-1,-1,629905,openssl,https://www.suse.com/security/cve/CVE-2010-3864,"Multiple race conditions in ssl/t1_lib.c in OpenSSL 0.9.8f through 0.9.8o, 1.0.0, and 1.0.0a, when multi-threading and internal caching are enabled on a TLS server, might allow remote attackers to execute arbitrary code via client data that triggers a heap-based buffer overflow, related to (1) the TLS server name extension and (2) elliptic curve cryptography.",Released
20101103,CVE-2010-4008,-1,-1,648277,libxml2,https://www.suse.com/security/cve/CVE-2010-4008,"libxml2 before 2.7.8, as used in Google Chrome before 7.0.517.44, Apple Safari 5.0.2 and earlier, and other products, reads from invalid memory locations during processing of malformed XPath expressions, which allows context-dependent attackers to cause a denial of service (application crash) via a crafted XML document.",Released
20101104,CVE-2010-3873,-1,-1,651219,kernel-source,https://www.suse.com/security/cve/CVE-2010-3873,"The X.25 implementation in the Linux kernel before 2.6.36.2 does not properly parse facilities, which allows remote attackers to cause a denial of service (heap memory corruption and panic) or possibly have unspecified other impact via malformed (1) X25_FAC_CALLING_AE or (2) X25_FAC_CALLED_AE data, related to net/x25/x25_facilities.c and net/x25/x25_in.c, a different vulnerability than CVE-2010-4164.",Already fixed
20101112,CVE-2010-4164,-1,-1,653260,kernel-source,https://www.suse.com/security/cve/CVE-2010-4164,"Multiple integer underflows in the x25_parse_facilities function in net/x25/x25_facilities.c in the Linux kernel before 2.6.36.2 allow remote attackers to cause a denial of service (system crash) via malformed X.25 (1) X25_FAC_CLASS_A, (2) X25_FAC_CLASS_B, (3) X25_FAC_CLASS_C, or (4) X25_FAC_CLASS_D facility data, a different vulnerability than CVE-2010-3873.",Ignore
20101118,CVE-2010-1674,-1,-1,654270,quagga,https://www.suse.com/security/cve/CVE-2010-1674,"The extended-community parser in bgpd in Quagga before 0.99.18 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a malformed Extended Communities attribute.",Released
20101118,CVE-2010-1675,-1,-1,654270,quagga,https://www.suse.com/security/cve/CVE-2010-1675,"bgpd in Quagga before 0.99.18 allows remote attackers to cause a denial of service (session reset) via a malformed AS_PATHLIMIT path attribute.",Released
20101119,CVE-2009-5016,-1,-1,654857,php53,https://www.suse.com/security/cve/CVE-2009-5016,"Integer overflow in the xml_utf8_decode function in ext/xml/xml.c in PHP before 5.2.11 makes it easier for remote attackers to bypass cross-site scripting (XSS) and SQL injection protection mechanisms via a crafted string that uses overlong UTF-8 encoding, a different vulnerability than CVE-2010-3870.",Analysis
20101123,CVE-2010-4172,-1,-1,655440,tomcat6,https://www.suse.com/security/cve/CVE-2010-4172,"Multiple cross-site scripting (XSS) vulnerabilities in the Manager application in Apache Tomcat 6.0.12 through 6.0.29 and 7.0.0 through 7.0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) orderBy or (2) sort parameter to sessionsList.jsp, or unspecified input to (3) sessionDetail.jsp or (4) java/org/apache/catalina/manager/JspHelper.java, related to use of untrusted web applications.",Released
20101123,CVE-2010-4300,-1,-1,655448,wireshark,https://www.suse.com/security/cve/CVE-2010-4300,"Heap-based buffer overflow in the dissect_ldss_transfer function (epan/dissectors/packet-ldss.c) in the LDSS dissector in Wireshark 1.2.0 through 1.2.12 and 1.4.0 through 1.4.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an LDSS packet with a long digest line that triggers memory corruption.",Affected
20101123,CVE-2010-4301,-1,-1,655448,wireshark,https://www.suse.com/security/cve/CVE-2010-4301,"epan/dissectors/packet-zbee-zcl.c in the ZigBee ZCL dissector in Wireshark 1.4.0 through 1.4.1 allows remote attackers to cause a denial of service (infinite loop) via a crafted ZCL packet, related to Discover Attributes.",Affected
20101206,CVE-2010-4180,-1,-1,657663,curl,https://www.suse.com/security/cve/CVE-2010-4180,"OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not properly prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the downgrade to an unintended cipher via vectors involving sniffing network traffic to discover a session identifier.",Released
20101206,CVE-2010-4260,-1,-1,656548,clamav,https://www.suse.com/security/cve/CVE-2010-4260,"Multiple unspecified vulnerabilities in pdf.c in libclamav in ClamAV before 0.96.5 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF document, aka (1) \"bb #2358\" and (2) \"bb #2396.\"",Released
20101206,CVE-2010-4261,-1,-1,656548,clamav,https://www.suse.com/security/cve/CVE-2010-4261,"Off-by-one error in the icon_cb function in pe_icons.c in libclamav in ClamAV before 0.96.5 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors. NOTE: some of these details are obtained from third party information.",Released
20101207,CVE-2010-4409,-1,-1,657910,icu,https://www.suse.com/security/cve/CVE-2010-4409,"Integer overflow in the NumberFormatter::getSymbol (aka numfmt_get_symbol) function in PHP 5.3.3 and earlier allows context-dependent attackers to cause a denial of service (application crash) via an invalid argument.",Affected
20101208,CVE-2010-4267,-1,-1,336658,hplip,https://www.suse.com/security/cve/CVE-2010-4267,"Stack-based buffer overflow in the hpmud_get_pml function in io/hpmud/pml.c in Hewlett-Packard Linux Imaging and Printing (HPLIP) 1.6.7, 3.9.8, 3.10.9, and probably other versions allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted SNMP response with a large length value.",Released
20101208,CVE-2010-4479,-1,-1,656548,clamav,https://www.suse.com/security/cve/CVE-2010-4479,"Unspecified vulnerability in pdf.c in libclamav in ClamAV before 0.96.5 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF document, aka \"bb #2380,\" a different vulnerability than CVE-2010-4260.",Released
20101214,CVE-2008-7270,-1,-1,608666,openssl,https://www.suse.com/security/cve/CVE-2008-7270,"OpenSSL before 0.9.8j, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the use of a disabled cipher via vectors involving sniffing network traffic to discover a session identifier, a different vulnerability than CVE-2010-4180.",Released
20101217,CVE-2010-4352,-1,-1,659934,dbus-1,https://www.suse.com/security/cve/CVE-2010-4352,"Stack consumption vulnerability in D-Bus (aka DBus) before 1.4.1 allows local users to cause a denial of service (daemon crash) via a message containing many nested variants.",Released
20101217,CVE-2010-4478,-1,-1,660128,openssh,https://www.suse.com/security/cve/CVE-2010-4478,"OpenSSH 5.6 and earlier, when J-PAKE is enabled, does not properly validate the public parameters in the J-PAKE protocol, which allows remote attackers to bypass the need for knowledge of the shared secret, and successfully authenticate, by sending crafted values in each round of the protocol, a related issue to CVE-2010-4252.",Analysis
20101220,CVE-2010-2640,-1,-1,660555,evince,https://www.suse.com/security/cve/CVE-2010-2640,"Array index error in the PK font parser in the dvi-backend component in Evince 2.32 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font in conjunction with a DVI file that is processed by the thumbnailer.",Released
20101220,CVE-2010-2641,-1,-1,660555,evince,https://www.suse.com/security/cve/CVE-2010-2641,"Array index error in the VF font parser in the dvi-backend component in Evince 2.32 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font in conjunction with a DVI file that is processed by the thumbnailer.",Released
20101220,CVE-2010-2643,-1,-1,660555,evince,https://www.suse.com/security/cve/CVE-2010-2643,"Integer overflow in the TFM font parser in the dvi-backend component in Evince 2.32 and earlier allows remote attackers to execute arbitrary code via a crafted font in conjunction with a DVI file that is processed by the thumbnailer.",Released
20101222,CVE-2010-4523,-1,-1,660109,opensc,https://www.suse.com/security/cve/CVE-2010-4523,"Multiple stack-based buffer overflows in libopensc in OpenSC 0.11.13 and earlier allow physically proximate attackers to execute arbitrary code via a long serial-number field on a smart card, related to (1) card-acos5.c, (2) card-atrust-acos.c, and (3) card-starcos.c.",Released
20101227,CVE-2010-4494,-1,-1,1123919,libxml2,https://www.suse.com/security/cve/CVE-2010-4494,"Double free vulnerability in libxml2 2.7.8 and other versions, as used in Google Chrome before 8.0.552.215 and other products, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to XPath handling.",Released
20110104,CVE-2010-4530,-1,-1,661000,pcsc-lite,https://www.suse.com/security/cve/CVE-2010-4530,"Signedness error in ccid_serial.c in libccid in the USB Chip/Smart Card Interface Devices (CCID) driver, as used in pcscd in PCSC-Lite 1.5.3 and possibly other products, allows physically proximate attackers to execute arbitrary code via a smart card with a crafted serial number that causes a negative value to be used in a memcpy operation, which triggers a buffer overflow. NOTE: some sources refer to this issue as an integer overflow.",Released
20110104,CVE-2010-4531,-1,-1,661000,pcsc-lite,https://www.suse.com/security/cve/CVE-2010-4531,"Stack-based buffer overflow in the ATRDecodeAtr function in the Answer-to-Reset (ATR) Handler (atrhandler.c) for pcscd in PCSC-Lite 1.5.3, and possibly other 1.5.x and 1.6.x versions, allows physically proximate attackers to cause a denial of service (crash) and possibly execute arbitrary code via a smart card with an ATR message containing a long attribute value.",Released
20110104,CVE-2010-4538,-1,-1,662029,wireshark,https://www.suse.com/security/cve/CVE-2010-4538,"Buffer overflow in the sect_enttec_dmx_da function in epan/dissectors/packet-enttec.c in Wireshark 1.4.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted ENTTEC DMX packet with Run Length Encoding (RLE) compression.",Released
20110104,CVE-2010-4668,-1,-1,652945,kernel-source,https://www.suse.com/security/cve/CVE-2010-4668,"The blk_rq_map_user_iov function in block/blk-map.c in the Linux kernel before 2.6.37-rc7 allows local users to cause a denial of service (panic) via a zero-length I/O request in a device ioctl to a SCSI device, related to an unaligned map.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-4163.",Ignore
20110106,CVE-2010-4022,-1,-1,662665,krb5,https://www.suse.com/security/cve/CVE-2010-4022,"The do_standalone function in the MIT krb5 KDC database propagation daemon (kpropd) in Kerberos 1.7, 1.8, and 1.9, when running in standalone mode, does not properly handle when a worker child process \"exits abnormally,\" which allows remote attackers to cause a denial of service (listening process termination, no new connections, and lack of updates in slave KVC) via unspecified vectors.",Released
20110107,CVE-2010-4651,-1,-1,1093615,patch,https://www.suse.com/security/cve/CVE-2010-4651,"Directory traversal vulnerability in util.c in GNU patch 2.6.1 and earlier allows user-assisted remote attackers to create or overwrite arbitrary files via a filename that is specified with a .. (dot dot) or full pathname, a related issue to CVE-2010-1679.",Released
20110110,CVE-2010-4051,-1,-1,663390,glibc,https://www.suse.com/security/cve/CVE-2010-4051,"The regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (application crash) via a regular expression containing adjacent bounded repetitions that bypass the intended RE_DUP_MAX limitation, as demonstrated by a {10,}{10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD, related to a \"RE_DUP_MAX overflow.\"",Ignore
20110110,CVE-2010-4052,-1,-1,663390,glibc,https://www.suse.com/security/cve/CVE-2010-4052,"Stack consumption vulnerability in the regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (resource exhaustion) via a regular expression containing adjacent repetition operators, as demonstrated by a {10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD.",Ignore
20110119,CVE-2011-0281,-1,-1,663619,krb5,https://www.suse.com/security/cve/CVE-2011-0281,"The unparse implementation in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.6.x through 1.9, when an LDAP backend is used, allows remote attackers to cause a denial of service (file descriptor exhaustion and daemon hang) via a principal name that triggers use of a backslash escape sequence, as demonstrated by a \n sequence.",Released
20110119,CVE-2011-0282,-1,-1,663619,krb5,https://www.suse.com/security/cve/CVE-2011-0282,"The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.6.x through 1.9, when an LDAP backend is used, allows remote attackers to cause a denial of service (NULL pointer dereference or buffer over-read, and daemon crash) via a crafted principal name.",Released
20110121,CVE-2011-0020,-1,-1,666101,pango,https://www.suse.com/security/cve/CVE-2011-0020,"Heap-based buffer overflow in the pango_ft2_font_render_box_glyph function in pango/pangoft2-render.c in libpango in Pango 1.28.3 and earlier, when the FreeType2 backend is enabled, allows user-assisted remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file, related to the glyph box for an FT_Bitmap object.",Released
20110125,CVE-2010-4655,,5.5,666842,kernel-source,https://www.suse.com/security/cve/CVE-2010-4655,"net/core/ethtool.c in the Linux kernel before 2.6.36 does not initialize certain data structures, which allows local users to obtain potentially sensitive information from kernel heap memory by leveraging the CAP_NET_ADMIN capability for an ethtool ioctl call.",Ignore
20110125,CVE-2010-4656,,7.8,666842,kernel-source,https://www.suse.com/security/cve/CVE-2010-4656,"The iowarrior_write function in drivers/usb/misc/iowarrior.c in the Linux kernel before 2.6.37 does not properly allocate memory, which might allow local users to trigger a heap-based buffer overflow, and consequently cause a denial of service or gain privileges, via a long report.",Ignore
20110126,CVE-2010-4238,-1,-1,667243,kernel-source,https://www.suse.com/security/cve/CVE-2010-4238,"The vbd_create function in Xen 3.1.2, when the Linux kernel 2.6.18 on Red Hat Enterprise Linux (RHEL) 5 is used, allows guest OS users to cause a denial of service (host OS panic) via an attempted access to a virtual CD-ROM device through the blkback driver. NOTE: some of these details are obtained from third party information.",Analysis
20110207,CVE-2010-3718,-1,-1,669897,tomcat6,https://www.suse.com/security/cve/CVE-2010-3718,"Apache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when running within a SecurityManager, does not make the ServletContext attribute read-only, which allows local web applications to read or write files outside of the intended working directory, as demonstrated using a directory traversal attack.",Released
20110207,CVE-2011-0013,-1,-1,669929,tomcat6,https://www.suse.com/security/cve/CVE-2011-0013,"Multiple cross-site scripting (XSS) vulnerabilities in the HTML Manager Interface in Apache Tomcat 5.5 before 5.5.32, 6.0 before 6.0.30, and 7.0 before 7.0.6 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the display-name tag.",Released
20110207,CVE-2011-0534,-1,-1,669930,tomcat6,https://www.suse.com/security/cve/CVE-2011-0534,"Apache Tomcat 7.0.0 through 7.0.6 and 6.0.0 through 6.0.30 does not enforce the maxHttpHeaderSize limit for requests involving the NIO HTTP connector, which allows remote attackers to cause a denial of service (OutOfMemoryError) via a crafted request.",Released
20110207,CVE-2011-0538,-1,-1,669908,wireshark,https://www.suse.com/security/cve/CVE-2011-0538,"Wireshark 1.2.0 through 1.2.14, 1.4.0 through 1.4.3, and 1.5.0 frees an uninitialized pointer during processing of a .pcap file in the pcap-ng format, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a malformed file.",Released
20110209,CVE-2011-0014,-1,-1,670526,openssl,https://www.suse.com/security/cve/CVE-2011-0014,"ssl/t1_lib.c in OpenSSL 0.9.8h through 0.9.8q and 1.0.0 through 1.0.0c allows remote attackers to cause a denial of service (crash), and possibly obtain sensitive information in applications that use OpenSSL, via a malformed ClientHello handshake message that triggers an out-of-bounds memory access, aka \"OCSP stapling vulnerability.\"",Released
20110216,CVE-2011-0191,-1,-1,672505,tiff,https://www.suse.com/security/cve/CVE-2011-0191,"Buffer overflow in LibTIFF 3.9.4 and possibly other versions, as used in ImageIO in Apple iTunes before 10.2 on Windows and other products, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF image with JPEG encoding.",Released
20110216,CVE-2011-0192,-1,-1,672510,tiff,https://www.suse.com/security/cve/CVE-2011-0192,"Buffer overflow in Fax4Decode in LibTIFF 3.9.4 and possibly other versions, as used in ImageIO in Apple iTunes before 10.2 on Windows and other products, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF Internet Fax image file that has been compressed using CCITT Group 4 encoding, related to the EXPAND2D macro in libtiff/tif_fax3.h.  NOTE: some of these details are obtained from third party information.",Released
20110217,CVE-2011-0713,-1,-1,672916,wireshark,https://www.suse.com/security/cve/CVE-2011-0713,"Heap-based buffer overflow in wiretap/dct3trace.c in Wireshark 1.2.0 through 1.2.14 and 1.4.0 through 1.4.3 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a long record in a Nokia DCT3 trace file.",Released
20110218,CVE-2011-0707,-1,-1,671745,mailman,https://www.suse.com/security/cve/CVE-2011-0707,"Multiple cross-site scripting (XSS) vulnerabilities in Cgi/confirm.py in GNU Mailman 2.1.14 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) full name or (2) username field in a confirmation message.",Released
20110221,CVE-2011-0433,-1,-1,671064,evince,https://www.suse.com/security/cve/CVE-2011-0433,"Heap-based buffer overflow in the linetoken function in afmparse.c in t1lib, as used in teTeX 3.0.x, GNOME evince, and possibly other products, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a DVI file containing a crafted Adobe Font Metrics (AFM) file, a different vulnerability than CVE-2010-2642.",Released
20110222,CVE-2011-1003,-1,-1,673753,clamav,https://www.suse.com/security/cve/CVE-2011-1003,"Double free vulnerability in the vba_read_project_strings function in vba_extract.c in libclamav in ClamAV before 0.97 might allow remote attackers to execute arbitrary code via crafted Visual Basic for Applications (VBA) data in a Microsoft Office document. NOTE: some of these details are obtained from third party information.",Released
20110222,CVE-2011-1004,-1,-1,673740,ruby,https://www.suse.com/security/cve/CVE-2011-1004,"The FileUtils.remove_entry_secure method in Ruby 1.8.6 through 1.8.6-420, 1.8.7 through 1.8.7-330, 1.8.8dev, 1.9.1 through 1.9.1-430, 1.9.2 through 1.9.2-136, and 1.9.3dev allows local users to delete arbitrary files via a symlink attack.",Released
20110222,CVE-2011-1005,-1,-1,673750,ruby,https://www.suse.com/security/cve/CVE-2011-1005,"The safe-level feature in Ruby 1.8.6 through 1.8.6-420, 1.8.7 through 1.8.7-330, and 1.8.8dev allows context-dependent attackers to modify strings via the Exception#to_s method, as demonstrated by changing an intended pathname.",Released
20110225,CVE-2011-1015,-1,-1,674646,python,https://www.suse.com/security/cve/CVE-2011-1015,"The is_cgi method in CGIHTTPServer.py in the CGIHTTPServer module in Python 2.5, 2.6, and 3.0 allows remote attackers to read script source code via an HTTP GET request that lacks a / (slash) character at the beginning of the URI.",Released
20110225,CVE-2011-1018,-1,-1,674984,logwatch,https://www.suse.com/security/cve/CVE-2011-1018,"logwatch.pl in Logwatch 7.3.6 allows remote attackers to execute arbitrary commands via shell metacharacters in a log file name, as demonstrated via a crafted username to a Samba server.",Released
20110302,CVE-2011-0762,-1,-1,676259,vsftpd,https://www.suse.com/security/cve/CVE-2011-0762,"The vsf_filename_passes_filter function in ls.c in vsftpd before 2.3.3 allows remote authenticated users to cause a denial of service (CPU consumption and process slot exhaustion) via crafted glob expressions in STAT commands in multiple FTP sessions, a different vulnerability than CVE-2010-2632.",Released
20110308,CVE-2011-0411,-1,-1,677792,inn,https://www.suse.com/security/cve/CVE-2011-0411,"The STARTTLS implementation in Postfix 2.4.x before 2.4.16, 2.5.x before 2.5.12, 2.6.x before 2.6.9, and 2.7.x before 2.7.3 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a \"plaintext command injection\" attack.",Released
20110308,CVE-2011-0411,-1,-1,677792,pure-ftpd,https://www.suse.com/security/cve/CVE-2011-0411,"The STARTTLS implementation in Postfix 2.4.x before 2.4.16, 2.5.x before 2.5.12, 2.6.x before 2.6.9, and 2.7.x before 2.7.3 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a \"plaintext command injection\" attack.",Released
20110308,CVE-2011-1089,-1,-1,676178,glibc,https://www.suse.com/security/cve/CVE-2011-1089,"The addmntent function in the GNU C Library (aka glibc or libc6) 2.13 and earlier does not report an error status for failed attempts to write to the /etc/mtab file, which makes it easier for local users to trigger corruption of this file, as demonstrated by writes from a process with a small RLIMIT_FSIZE value, a different vulnerability than CVE-2010-0296.",Unsupported
20110309,CVE-2011-1094,-1,-1,669222,kdelibs4,https://www.suse.com/security/cve/CVE-2011-1094,"kio/kio/tcpslavebase.cpp in KDE KSSL in kdelibs before 4.6.1 does not properly verify that the server hostname matches the domain name of the subject of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a certificate issued by a legitimate Certification Authority for an IP address, a different vulnerability than CVE-2009-2702.",Released
20110310,CVE-2011-1098,-1,-1,1007000,logrotate,https://www.suse.com/security/cve/CVE-2011-1098,"Race condition in the createOutputFile function in logrotate.c in logrotate 3.7.9 and earlier allows local users to read log data by opening a file before the intended permissions are in place.",Released
20110310,CVE-2011-1138,-1,-1,678567,wireshark,https://www.suse.com/security/cve/CVE-2011-1138,"Off-by-one error in the dissect_6lowpan_iphc function in packet-6lowpan.c in Wireshark 1.4.0 through 1.4.3 on 32-bit platforms allows remote attackers to cause a denial of service (application crash) via a malformed 6LoWPAN IPv6 packet.",Released
20110310,CVE-2011-1139,-1,-1,678568,wireshark,https://www.suse.com/security/cve/CVE-2011-1139,"wiretap/pcapng.c in Wireshark 1.2.0 through 1.2.14 and 1.4.0 through 1.4.3 allows remote attackers to cause a denial of service (application crash) via a pcap-ng file that contains a large packet-length field.",Released
20110310,CVE-2011-1140,-1,-1,678569,wireshark,https://www.suse.com/security/cve/CVE-2011-1140,"Multiple stack consumption vulnerabilities in the dissect_ms_compressed_string and dissect_mscldap_string functions in Wireshark 1.0.x, 1.2.0 through 1.2.14, and 1.4.0 through 1.4.3 allow remote attackers to cause a denial of service (infinite recursion) via a crafted (1) SMB or (2) Connection-less LDAP (CLDAP) packet.",Released
20110310,CVE-2011-1143,-1,-1,678571,wireshark,https://www.suse.com/security/cve/CVE-2011-1143,"epan/dissectors/packet-ntlmssp.c in the NTLMSSP dissector in Wireshark before 1.4.4 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted .pcap file.",Released
20110311,CVE-2011-1145,7.8,7.8,678796,unixODBC_23,https://www.suse.com/security/cve/CVE-2011-1145,"The SQLDriverConnect() function in unixODBC before 2.2.14p2 have a possible buffer overflow condition when specifying a large value for SAVEFILE parameter in the connection string.",Already fixed
20110311,CVE-2011-1145,7.8,7.8,678796,unixODBC-gui-qt,https://www.suse.com/security/cve/CVE-2011-1145,"The SQLDriverConnect() function in unixODBC before 2.2.14p2 have a possible buffer overflow condition when specifying a large value for SAVEFILE parameter in the connection string.",Unsupported
20110311,CVE-2011-1145,7.8,7.8,678796,unixODBC,https://www.suse.com/security/cve/CVE-2011-1145,"The SQLDriverConnect() function in unixODBC before 2.2.14p2 have a possible buffer overflow condition when specifying a large value for SAVEFILE parameter in the connection string.",Unsupported
20110314,CVE-2011-0988,-1,-1,675934,pure-ftpd,https://www.suse.com/security/cve/CVE-2011-0988,"pure-ftpd 1.0.22, as used in SUSE Linux Enterprise Server 10 SP3 and SP4, and Enterprise Desktop 10 SP3 and SP4, when running OES Netware extensions, creates a world-writeable directory, which allows local users to overwrite arbitrary files and gain privileges via unspecified vectors.",Affected
20110315,CVE-2011-1154,-1,-1,677335,logrotate,https://www.suse.com/security/cve/CVE-2011-1154,"The shred_file function in logrotate.c in logrotate 3.7.9 and earlier might allow context-dependent attackers to execute arbitrary commands via shell metacharacters in a log filename, as demonstrated by a filename that is automatically constructed on the basis of a hostname or virtual machine name.",Released
20110315,CVE-2011-1155,-1,-1,677335,logrotate,https://www.suse.com/security/cve/CVE-2011-1155,"The writeState function in logrotate.c in logrotate 3.7.9 and earlier might allow context-dependent attackers to cause a denial of service (rotation outage) via a (1) \n (newline) or (2) \ (backslash) character in a log filename, as demonstrated by a filename that is automatically constructed on the basis of a hostname or virtual machine name.",Released
20110316,CVE-2010-2431,-1,-1,601830,cups,https://www.suse.com/security/cve/CVE-2010-2431,"The cupsFileOpen function in CUPS before 1.4.4 allows local users, with lp group membership, to overwrite arbitrary files via a symlink attack on the (1) /var/cache/cups/remote.cache or (2) /var/cache/cups/job.cache file.",Released
20110316,CVE-2010-2432,-1,-1,601830,cups,https://www.suse.com/security/cve/CVE-2010-2432,"The cupsDoAuthentication function in auth.c in the client in CUPS before 1.4.4, when HAVE_GSSAPI is omitted, does not properly handle a demand for authorization, which allows remote CUPS servers to cause a denial of service (infinite loop) via HTTP_UNAUTHORIZED responses.",Released
20110316,CVE-2011-0997,-1,-1,675052,dhcpcd,https://www.suse.com/security/cve/CVE-2011-0997,"dhclient in ISC DHCP 3.0.x through 4.2.x before 4.2.1-P1, 3.1-ESV before 3.1-ESV-R1, and 4.1-ESV before 4.1-ESV-R2 allows remote attackers to execute arbitrary commands via shell metacharacters in a hostname obtained from a DHCP message, as demonstrated by a hostname that is provided to dhclient-script.",Released
20110316,CVE-2011-0997,-1,-1,675052,dhcpv6,https://www.suse.com/security/cve/CVE-2011-0997,"dhclient in ISC DHCP 3.0.x through 4.2.x before 4.2.1-P1, 3.1-ESV before 3.1-ESV-R1, and 4.1-ESV before 4.1-ESV-R2 allows remote attackers to execute arbitrary commands via shell metacharacters in a hostname obtained from a DHCP message, as demonstrated by a hostname that is provided to dhclient-script.",Released
20110321,CVE-2011-0421,-1,-1,681193,libzip1,https://www.suse.com/security/cve/CVE-2011-0421,"The _zip_name_locate function in zip_name_locate.c in the Zip extension in PHP before 5.3.6 does not properly handle a ZIPARCHIVE::FL_UNCHANGED argument, which might allow context-dependent attackers to cause a denial of service (NULL pointer dereference) via an empty ZIP archive that is processed with a (1) locateName or (2) statName operation.",Released
20110323,CVE-2011-1180,,,681497,kernel-source,https://www.suse.com/security/cve/CVE-2011-1180,"Multiple stack-based buffer overflows in the iriap_getvaluebyclass_indication function in net/irda/iriap.c in the Linux kernel before 2.6.39 allow remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging connectivity to an IrDA infrared network and sending a large integer value for a (1) name length or (2) attribute length.",Ignore
20110324,CVE-2011-0188,-1,-1,682287,ruby,https://www.suse.com/security/cve/CVE-2011-0188,"The VpMemAlloc function in bigdecimal.c in the BigDecimal class in Ruby 1.9.2-p136 and earlier, as used on Apple Mac OS X before 10.6.7 and other platforms, does not properly allocate memory, which allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving creation of a large BigDecimal value within a 64-bit process, related to an \"integer truncation issue.\"",Released
20110325,CVE-2011-1477,-1,-1,681999,kernel-source,https://www.suse.com/security/cve/CVE-2011-1477,"Multiple array index errors in sound/oss/opl3.c in the Linux kernel before 2.6.39 allow local users to cause a denial of service (heap memory corruption) or possibly gain privileges by leveraging write access to /dev/sequencer.",Ignore
20110329,CVE-2011-1167,-1,-1,683337,tiff,https://www.suse.com/security/cve/CVE-2011-1167,"Heap-based buffer overflow in the thunder (aka ThunderScan) decoder in tif_thunder.c in LibTIFF 3.9.4 and earlier allows remote attackers to execute arbitrary code via crafted THUNDER_2BITDELTAS data in a .tiff file that has an unexpected BitsPerSample value.",Released
20110329,CVE-2011-1521,-1,-1,682554,python,https://www.suse.com/security/cve/CVE-2011-1521,"The urllib and urllib2 modules in Python 2.x before 2.7.2 and 3.x before 3.2.1 process Location headers that specify redirection to file: URLs, which makes it easier for remote attackers to obtain sensitive information or cause a denial of service (resource consumption) via a crafted URL, as demonstrated by the file:///etc/passwd and file:///dev/zero URLs.",Released
20110329,CVE-2011-1523,-1,-1,682966,nagios,https://www.suse.com/security/cve/CVE-2011-1523,"Cross-site scripting (XSS) vulnerability in statusmap.c in statusmap.cgi in Nagios 3.2.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the layer parameter.",Released
20110404,CVE-2011-0764,-1,-1,662411,t1lib,https://www.suse.com/security/cve/CVE-2011-0764,"t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6, teTeX, and other products, uses an invalid pointer in conjunction with a dereference operation, which allows remote attackers to execute arbitrary code via a crafted Type 1 font in a PDF document, as demonstrated by testz.2184122398.pdf.",Released
20110404,CVE-2011-1552,-1,-1,684802,t1lib,https://www.suse.com/security/cve/CVE-2011-1552,"t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6, teTeX, and other products, reads from invalid memory locations, which allows remote attackers to cause a denial of service (application crash) via a crafted Type 1 font in a PDF document, a different vulnerability than CVE-2011-0764.",Released
20110404,CVE-2011-1553,-1,-1,684802,t1lib,https://www.suse.com/security/cve/CVE-2011-1553,"Use-after-free vulnerability in t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6, teTeX, and other products, allows remote attackers to cause a denial of service (application crash) via a PDF document containing a crafted Type 1 font that triggers an invalid memory write, a different vulnerability than CVE-2011-0764.",Released
20110404,CVE-2011-1554,-1,-1,684802,t1lib,https://www.suse.com/security/cve/CVE-2011-1554,"Off-by-one error in t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6, teTeX, and other products, allows remote attackers to cause a denial of service (application crash) via a PDF document containing a crafted Type 1 font that triggers an invalid memory read, integer overflow, and invalid pointer dereference, a different vulnerability than CVE-2011-0764.",Released
20110405,CVE-2011-1493,-1,-1,681175,kernel-source,https://www.suse.com/security/cve/CVE-2011-1493,"Array index error in the rose_parse_national function in net/rose/rose_subr.c in the Linux kernel before 2.6.39 allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact by composing FAC_NATIONAL_DIGIS data that specifies a large number of digipeaters, and then sending this data to a ROSE socket.",Already fixed
20110408,CVE-2010-4664,,8.8,686150,ConsoleKit,https://www.suse.com/security/cve/CVE-2010-4664,"In ConsoleKit before 0.4.2, an intended security policy restriction bypass was found. This flaw allows an authenticated system user to escalate their privileges by initiating a remote VNC session.",Released
20110411,CVE-2011-1168,-1,-1,686652,kdelibs4,https://www.suse.com/security/cve/CVE-2011-1168,"Cross-site scripting (XSS) vulnerability in the KHTMLPart::htmlError function in khtml/khtml_part.cpp in Konqueror in KDE SC 4.4.0 through 4.6.1 allows remote attackers to inject arbitrary web script or HTML via the URI in a URL corresponding to an unavailable web site.",Released
20110412,CVE-2011-1575,-1,-1,686590,pure-ftpd,https://www.suse.com/security/cve/CVE-2011-1575,"The STARTTLS implementation in ftp_parser.c in Pure-FTPd before 1.0.30 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted FTP sessions by sending a cleartext command that is processed after TLS is in place, related to a \"plaintext command injection\" attack, a similar issue to CVE-2011-0411.",Released
20110414,CVE-2009-5022,-1,-1,687441,tiff,https://www.suse.com/security/cve/CVE-2009-5022,"Heap-based buffer overflow in tif_ojpeg.c in the OJPEG decoder in LibTIFF before 3.9.5 allows remote attackers to execute arbitrary code via a crafted TIFF file.",Released
20110414,CVE-2010-4665,-1,-1,687442,tiff,https://www.suse.com/security/cve/CVE-2010-4665,"Integer overflow in the ReadDirectory function in tiffdump.c in tiffdump in LibTIFF before 3.9.5 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted TIFF file containing a directory data structure with many directory entries.",Released
20110419,CVE-2011-1590,-1,-1,688109,wireshark,https://www.suse.com/security/cve/CVE-2011-1590,"The X.509if dissector in Wireshark 1.2.x before 1.2.16 and 1.4.x before 1.4.5 does not properly initialize certain global variables, which allows remote attackers to cause a denial of service (application crash) via a crafted .pcap file.",Released
20110419,CVE-2011-1591,-1,-1,688109,wireshark,https://www.suse.com/security/cve/CVE-2011-1591,"Stack-based buffer overflow in the DECT dissector in epan/dissectors/packet-dect.c in Wireshark 1.4.x before 1.4.5 allows remote attackers to execute arbitrary code via a crafted .pcap file.",Released
20110419,CVE-2011-1592,-1,-1,688109,wireshark,https://www.suse.com/security/cve/CVE-2011-1592,"The NFS dissector in epan/dissectors/packet-nfs.c in Wireshark 1.4.x before 1.4.5 on Windows uses an incorrect integer data type during decoding of SETCLIENTID calls, which allows remote attackers to cause a denial of service (application crash) via a crafted .pcap file.",Released
20110421,CVE-2011-1598,-1,-1,688685,kernel-source,https://www.suse.com/security/cve/CVE-2011-1598,"The bcm_release function in net/can/bcm.c in the Linux kernel before 2.6.39-rc6 does not properly validate a socket data structure, which allows local users to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via a crafted release operation.",Already fixed
20110426,CVE-2011-1748,-1,-1,689041,kernel-source,https://www.suse.com/security/cve/CVE-2011-1748,"The raw_release function in net/can/raw.c in the Linux kernel before 2.6.39-rc6 does not properly validate a socket data structure, which allows local users to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via a crafted release operation.",Ignore
20110427,CVE-2011-0904,-1,-1,690238,vino,https://www.suse.com/security/cve/CVE-2011-0904,"The rfbSendFramebufferUpdate function in server/libvncserver/rfbserver.c in vino-server in Vino 2.x before 2.28.3, 2.32.x before 2.32.2, 3.0.x before 3.0.2, and 3.1.x before 3.1.1, when raw encoding is used, allows remote authenticated users to cause a denial of service (daemon crash) via a large (1) X position or (2) Y position value in a framebuffer update request that triggers an out-of-bounds memory access, related to the rfbTranslateNone and rfbSendRectEncodingRaw functions.",Released
20110427,CVE-2011-0905,-1,-1,690238,vino,https://www.suse.com/security/cve/CVE-2011-0905,"The rfbSendFramebufferUpdate function in server/libvncserver/rfbserver.c in vino-server in Vino 2.x before 2.28.3, 2.32.x before 2.32.2, 3.0.x before 3.0.2, and 3.1.x before 3.1.1, when tight encoding is used, allows remote authenticated users to cause a denial of service (daemon crash) via crafted dimensions in a framebuffer update request that triggers an out-of-bounds read operation.",Released
20110428,CVE-2011-1681,-1,-1,690491,open-vm-tools,https://www.suse.com/security/cve/CVE-2011-1681,"vmware-hgfsmounter in VMware Open Virtual Machine Tools (aka open-vm-tools) 8.4.2-261024 and earlier attempts to append to the /etc/mtab file without first checking whether resource limits would interfere, which allows local users to trigger corruption of this file via a process with a small RLIMIT_FSIZE value, a related issue to CVE-2011-1089.",Already fixed
20110503,CVE-2011-0418,-1,-1,691365,glibc,https://www.suse.com/security/cve/CVE-2011-0418,"The glob implementation in Pure-FTPd before 1.0.32, and in libc in NetBSD 5.1, does not properly expand expressions containing curly brackets, which allows remote authenticated users to cause a denial of service (memory consumption) via a crafted FTP STAT command.",Affected
20110503,CVE-2011-0418,-1,-1,691365,pure-ftpd,https://www.suse.com/security/cve/CVE-2011-0418,"The glob implementation in Pure-FTPd before 1.0.32, and in libc in NetBSD 5.1, does not properly expand expressions containing curly brackets, which allows remote authenticated users to cause a denial of service (memory consumption) via a crafted FTP STAT command.",Affected
20110506,CVE-2011-1768,-1,-1,692239,kernel-source,https://www.suse.com/security/cve/CVE-2011-1768,"The tunnels implementation in the Linux kernel before 2.6.34, when tunnel functionality is configured as a module, allows remote attackers to cause a denial of service (OOPS) by sending a packet during module loading.",Ignore
20110513,CVE-2011-0419,-1,-1,693778,libapr1,https://www.suse.com/security/cve/CVE-2011-0419,"Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac OS X 10.6, Oracle Solaris 10, and Android, allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via *? sequences in the first argument, as demonstrated by attacks against mod_autoindex in httpd.",Released
20110516,CVE-2011-0633,-1,-1,693999,perl-libwww-perl,https://www.suse.com/security/cve/CVE-2011-0633,"The Net::HTTPS module in libwww-perl (LWP) before 6.00, as used in WWW::Mechanize, LWP::UserAgent, and other products, when running in environments that do not set the If-SSL-Cert-Subject header, does not enable full validation of SSL certificates by default, which allows remote attackers to spoof servers via man-in-the-middle (MITM) attacks involving hostnames that are not properly validated.  NOTE: it could be argued that this is a design limitation of the Net::HTTPS API, and separate implementations should be independently assigned CVE identifiers for not working around this limitation. However, because this API was modified within LWP, a single CVE identifier has been assigned.",Released
20110517,CVE-2011-1430,-1,-1,694247,cyrus-imapd,https://www.suse.com/security/cve/CVE-2011-1430,"The STARTTLS implementation in the server in Ipswitch IMail 11.03 and earlier does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a \"plaintext command injection\" attack, a similar issue to CVE-2011-0411.",Released
20110517,CVE-2011-1431,-1,-1,694247,cyrus-imapd,https://www.suse.com/security/cve/CVE-2011-1431,"The STARTTLS implementation in qmail-smtpd.c in qmail-smtpd in the netqmail-1.06-tls patch for netqmail 1.06 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a \"plaintext command injection\" attack, a similar issue to CVE-2011-0411.",Released
20110517,CVE-2011-1432,-1,-1,694247,cyrus-imapd,https://www.suse.com/security/cve/CVE-2011-1432,"The STARTTLS implementation in SCO SCOoffice Server does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a \"plaintext command injection\" attack, a similar issue to CVE-2011-0411.",Released
20110518,CVE-2011-1926,-1,-1,694247,cyrus-imapd,https://www.suse.com/security/cve/CVE-2011-1926,"The STARTTLS implementation in Cyrus IMAP Server before 2.4.7 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted sessions by sending a cleartext command that is processed after TLS is in place, related to a \"plaintext command injection\" attack, a similar issue to CVE-2011-0411.",Released
20110523,CVE-2011-1928,-1,-1,693778,libapr1,https://www.suse.com/security/cve/CVE-2011-1928,"The fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library 1.4.3 and 1.4.4, and the Apache HTTP Server 2.2.18, allows remote attackers to cause a denial of service (infinite loop) via a URI that does not match unspecified types of wildcard patterns, as demonstrated by attacks against mod_autoindex in httpd when a /*/WEB-INF/ configuration pattern is used. NOTE: this issue exists because of an incorrect fix for CVE-2011-0419.",Released
20110601,CVE-2011-1944,-1,-1,1123919,libxml2,https://www.suse.com/security/cve/CVE-2011-1944,"Integer overflow in xpath.c in libxml2 2.6.x through 2.6.32 and 2.7.x through 2.7.8, and libxml 1.8.16 and earlier, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted XML file that triggers a heap-based buffer overflow when adding a new namespace node, related to handling of XPath expressions.",Released
20110601,CVE-2011-1946,-1,-1,695627,libgnomesu,https://www.suse.com/security/cve/CVE-2011-1946,"gnomesu-pam-backend in libgnomesu 1.0.0 prints an error message but proceeds with the non-error code path upon failure of the setgid or setuid function, which allows local users to gain privileges by leveraging access to two unprivileged user accounts, and running many processes under one of these accounts.",Released
20110601,CVE-2011-1947,-1,-1,697368,fetchmail,https://www.suse.com/security/cve/CVE-2011-1947,"fetchmail 5.9.9 through 6.3.19 does not properly limit the wait time after issuing a (1) STARTTLS or (2) STLS request, which allows remote servers to cause a denial of service (application hang) by acknowledging the request but not sending additional packets.",Released
20110602,CVE-2011-1957,-1,-1,697516,wireshark,https://www.suse.com/security/cve/CVE-2011-1957,"The dissect_dcm_main function in epan/dissectors/packet-dcm.c in the DICOM dissector in Wireshark 1.2.x before 1.2.17 and 1.4.x before 1.4.7 allows remote attackers to cause a denial of service (infinite loop) via an invalid PDU length.",Released
20110602,CVE-2011-1958,-1,-1,697516,wireshark,https://www.suse.com/security/cve/CVE-2011-1958,"Wireshark 1.2.x before 1.2.17 and 1.4.x before 1.4.7 allows user-assisted remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted Diameter dictionary file.",Released
20110602,CVE-2011-1959,-1,-1,697516,wireshark,https://www.suse.com/security/cve/CVE-2011-1959,"The snoop_read function in wiretap/snoop.c in Wireshark 1.2.x before 1.2.17 and 1.4.x before 1.4.7 does not properly handle certain virtualizable buffers, which allows remote attackers to cause a denial of service (application crash) via a large length value in a snoop file that triggers a stack-based buffer over-read.",Released
20110602,CVE-2011-2174,-1,-1,697516,wireshark,https://www.suse.com/security/cve/CVE-2011-2174,"Double free vulnerability in the tvb_uncompress function in epan/tvbuff.c in Wireshark 1.2.x before 1.2.17 and 1.4.x before 1.4.7 allows remote attackers to cause a denial of service (application crash) via a packet with malformed data that uses zlib compression.",Released
20110602,CVE-2011-2175,-1,-1,697516,wireshark,https://www.suse.com/security/cve/CVE-2011-2175,"Integer underflow in the visual_read function in wiretap/visual.c in Wireshark 1.2.x before 1.2.17 and 1.4.x before 1.4.7 allows remote attackers to cause a denial of service (application crash) via a malformed Visual Networks file that triggers a heap-based buffer over-read.",Released
20110603,CVE-2011-1956,-1,-1,697516,wireshark,https://www.suse.com/security/cve/CVE-2011-1956,"The bytes_repr_len function in Wireshark 1.4.5 uses an incorrect pointer argument, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via arbitrary TCP traffic.",Released
20110603,CVE-2011-2179,-1,-1,697895,nagios,https://www.suse.com/security/cve/CVE-2011-2179,"Multiple cross-site scripting (XSS) vulnerabilities in config.c in config.cgi in (1) Nagios 3.2.3 and (2) Icinga before 1.4.1 allow remote attackers to inject arbitrary web script or HTML via the expand parameter, as demonstrated by an (a) command action or a (b) hosts action.",Released
20110606,CVE-2011-1763,-1,-1,698254,kernel-source,https://www.suse.com/security/cve/CVE-2011-1763,"The get_free_port function in Xen allows local authenticated DomU users to cause a denial of service or possibly gain privileges via unspecified vectors involving a new event channel port.",Analysis
20110606,CVE-2011-1787,-1,-1,673267,open-vm-tools,https://www.suse.com/security/cve/CVE-2011-1787,"Race condition in mount.vmhgfs in the VMware Host Guest File System (HGFS) in VMware Workstation 7.1.x before 7.1.4, VMware Player 3.1.x before 3.1.4, VMware Fusion 3.1.x before 3.1.3, VMware ESXi 3.5 through 4.1, and VMware ESX 3.0.3 through 4.1 allows guest OS users to gain privileges on the guest OS by mounting a filesystem on top of an arbitrary directory.",Already fixed
20110606,CVE-2011-1945,-1,-1,693027,openssl,https://www.suse.com/security/cve/CVE-2011-1945,"The elliptic curve cryptography (ECC) subsystem in OpenSSL 1.0.0d and earlier, when the Elliptic Curve Digital Signature Algorithm (ECDSA) is used for the ECDHE_ECDSA cipher suite, does not properly implement curves over binary fields, which makes it easier for context-dependent attackers to determine private keys via a timing attack and a lattice calculation.",Released
20110606,CVE-2011-2145,-1,-1,673267,open-vm-tools,https://www.suse.com/security/cve/CVE-2011-2145,"mount.vmhgfs in the VMware Host Guest File System (HGFS) in VMware Workstation 7.1.x before 7.1.4, VMware Player 3.1.x before 3.1.4, VMware Fusion 3.1.x before 3.1.3, VMware ESXi 3.5 through 4.1, and VMware ESX 3.0.3 through 4.1, when a Solaris or FreeBSD guest OS is used, allows guest OS users to modify arbitrary guest OS files via unspecified vectors, related to a \"procedural error.\"",Already fixed
20110606,CVE-2011-2146,-1,-1,673267,open-vm-tools,https://www.suse.com/security/cve/CVE-2011-2146,"mount.vmhgfs in the VMware Host Guest File System (HGFS) in VMware Workstation 7.1.x before 7.1.4, VMware Player 3.1.x before 3.1.4, VMware Fusion 3.1.x before 3.1.3, VMware ESXi 3.5 through 4.1, and VMware ESX 3.0.3 through 4.1 allows guest OS users to determine the existence of host OS files and directories via unspecified vectors.",Already fixed
20110607,CVE-2011-1526,-1,-1,698471,krb5,https://www.suse.com/security/cve/CVE-2011-1526,"ftpd.c in the GSS-API FTP daemon in MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.1 and earlier does not check the krb5_setegid return value, which allows remote authenticated users to bypass intended group access restrictions, and create, overwrite, delete, or read files, via standard FTP commands, related to missing autoconf tests in a configure script.",Released
20110607,CVE-2011-1576,-1,-1,698450,kernel-source,https://www.suse.com/security/cve/CVE-2011-1576,"The Generic Receive Offload (GRO) implementation in the Linux kernel 2.6.18 on Red Hat Enterprise Linux 5 and 2.6.32 on Red Hat Enterprise Linux 6, as used in Red Hat Enterprise Virtualization (RHEV) Hypervisor and other products, allows remote attackers to cause a denial of service via crafted VLAN packets that are processed by the napi_reuse_skb function, leading to (1) a memory leak or (2) memory corruption, a different vulnerability than CVE-2011-1478.",Analysis
20110607,CVE-2011-2187,,7.8,698231,xscreensaver,https://www.suse.com/security/cve/CVE-2011-2187,"xscreensaver before 5.14 crashes during activation and leaves the screen unlocked when in Blank Only Mode and when DPMS is disabled, which allows local attackers to access resources without authentication.",Analysis
20110614,CVE-2011-2200,-1,-1,699712,dbus-1,https://www.suse.com/security/cve/CVE-2011-2200,"The _dbus_header_byteswap function in dbus-marshal-header.c in D-Bus (aka DBus) 1.2.x before 1.2.28, 1.4.x before 1.4.12, and 1.5.x before 1.5.4 does not properly handle a non-native byte order, which allows local users to cause a denial of service (connection loss), obtain potentially sensitive information, or conduct unspecified state-modification attacks via crafted messages.",Released
20110621,CVE-2011-2483,-1,-1,700876,libxcrypt,https://www.suse.com/security/cve/CVE-2011-2483,"crypt_blowfish before 1.1, as used in PHP before 5.3.7 on certain platforms, PostgreSQL before 8.4.9, and other products, does not properly handle 8-bit characters, which makes it easier for context-dependent attackers to determine a cleartext password by leveraging knowledge of a password hash.",Released
20110624,CVE-2011-2485,-1,-1,702028,firefox-gdk-pixbuf,https://www.suse.com/security/cve/CVE-2011-2485,"The gdk_pixbuf__gif_image_load function in gdk-pixbuf/io-gif.c in gdk-pixbuf before 2.23.5 does not properly handle certain return values, which allows remote attackers to cause a denial of service (memory consumption) via a crafted GIF image file.",Unsupported
20110624,CVE-2011-2485,-1,-1,702028,gtk2,https://www.suse.com/security/cve/CVE-2011-2485,"The gdk_pixbuf__gif_image_load function in gdk-pixbuf/io-gif.c in gdk-pixbuf before 2.23.5 does not properly handle certain return values, which allows remote attackers to cause a denial of service (memory consumption) via a crafted GIF image file.",Released
20110624,CVE-2011-2533,-1,-1,702036,dbus-1,https://www.suse.com/security/cve/CVE-2011-2533,"The configure script in D-Bus (aka DBus) 1.2.x before 1.2.28 allows local users to overwrite arbitrary files via a symlink attack on an unspecified file in /tmp/.",Analysis
20110627,CVE-2011-2489,-1,-1,698772,opie,https://www.suse.com/security/cve/CVE-2011-2489,"Multiple off-by-one errors in opiesu.c in opiesu in OPIE 2.4.1-test1 and earlier might allow local users to gain privileges via a crafted command line.",Released
20110627,CVE-2011-2490,-1,-1,698772,opie,https://www.suse.com/security/cve/CVE-2011-2490,"opielogin.c in opielogin in OPIE 2.4.1-test1 and earlier does not check the return value of the setuid system call, which allows local users to gain privileges by arranging for an account to already be running its maximum number of processes.",Released
20110629,CVE-2011-2204,-1,-1,702289,tomcat6,https://www.suse.com/security/cve/CVE-2011-2204,"Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.17, when the MemoryUserDatabase is used, creates log entries containing passwords upon encountering errors in JMX user creation, which allows local users to obtain sensitive information by reading a log file.",Released
20110630,CVE-2011-2495,-1,-1,703155,kernel-source,https://www.suse.com/security/cve/CVE-2011-2495,"fs/proc/base.c in the Linux kernel before 2.6.39.4 does not properly restrict access to /proc/#####/io files, which allows local users to obtain sensitive I/O statistics by polling a file, as demonstrated by discovering the length of another user's password.",Ignore
20110704,CVE-2004-1296,-1,-1,703665,groff,https://www.suse.com/security/cve/CVE-2004-1296,"The (1) eqn2graph and (2) pic2graph scripts in groff 1.18.1 allow local users to overwrite arbitrary files via a symlink attack on temporary files.",Already fixed
20110704,CVE-2009-5079,-1,-1,703664,groff,https://www.suse.com/security/cve/CVE-2009-5079,"The (1) gendef.sh, (2) doc/fixinfo.sh, and (3) contrib/gdiffmk/tests/runtests.in scripts in GNU troff (aka groff) 1.21 and earlier allow local users to overwrite arbitrary files via a symlink attack on a gro#####.tmp or /tmp/##### temporary file.",Analysis
20110704,CVE-2009-5082,-1,-1,703667,groff,https://www.suse.com/security/cve/CVE-2009-5082,"The (1) configure and (2) config.guess scripts in GNU troff (aka groff) 1.20.1 on Openwall GNU/*/Linux (aka Owl) improperly create temporary files upon a failure of the mktemp function, which makes it easier for local users to overwrite arbitrary files via a symlink attack on a temporary file.",Analysis
20110706,CVE-2011-2521,-1,-1,704050,kernel-source,https://www.suse.com/security/cve/CVE-2011-2521,"The x86_assign_hw_event function in arch/x86/kernel/cpu/perf_event.c in the Performance Events subsystem in the Linux kernel before 2.6.39 does not properly calculate counter values, which allows local users to cause a denial of service (panic) via the perf program.",Analysis
20110707,CVE-2011-1780,-1,-1,704379,xen,https://www.suse.com/security/cve/CVE-2011-1780,"The instruction emulation in Xen 3.0.3 allows local SMP guest users to cause a denial of service (host crash) by replacing the instruction that causes the VM to exit in one thread with a different instruction in a different thread.",Analysis
20110711,CVE-2011-1473,-1,-1,704832,apache2,https://www.suse.com/security/cve/CVE-2011-1473,"** DISPUTED ** OpenSSL before 0.9.8l, and 0.9.8m through 1.x, does not properly restrict client-initiated renegotiation within the SSL and TLS protocols, which might make it easier for remote attackers to cause a denial of service (CPU consumption) by performing many renegotiations within a single connection, a different vulnerability than CVE-2011-5094.  NOTE: it can also be argued that it is the responsibility of server deployments, not a security library, to prevent or limit renegotiation when it is inappropriate within a specific environment.",Released
20110711,CVE-2011-1473,-1,-1,704832,openssl,https://www.suse.com/security/cve/CVE-2011-1473,"** DISPUTED ** OpenSSL before 0.9.8l, and 0.9.8m through 1.x, does not properly restrict client-initiated renegotiation within the SSL and TLS protocols, which might make it easier for remote attackers to cause a denial of service (CPU consumption) by performing many renegotiations within a single connection, a different vulnerability than CVE-2011-5094.  NOTE: it can also be argued that it is the responsibility of server deployments, not a security library, to prevent or limit renegotiation when it is inappropriate within a specific environment.",Released
20110713,CVE-2011-2686,-1,-1,704409,ruby,https://www.suse.com/security/cve/CVE-2011-2686,"Ruby before 1.8.7-p352 does not reset the random seed upon forking, which makes it easier for context-dependent attackers to predict the values of random numbers by leveraging knowledge of the number sequence obtained in a different child process, a related issue to CVE-2003-0900. NOTE: this issue exists because of a regression during Ruby 1.8.6 development.",Released
20110718,CVE-2009-4067,,6.8,706375,ecryptfs-utils,https://www.suse.com/security/cve/CVE-2009-4067,"Buffer overflow in the auerswald_probe function in the Auerswald Linux USB driver for the Linux kernel before 2.6.27 allows physically proximate attackers to execute arbitrary code, cause a denial of service via a crafted USB device, or take full control of the system.",Released
20110718,CVE-2011-0226,-1,-1,704612,firefox-freetype2,https://www.suse.com/security/cve/CVE-2011-0226,"Integer signedness error in psaux/t1decode.c in FreeType before 2.4.6, as used in CoreGraphics in Apple iOS before 4.2.9 and 4.3.x before 4.3.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Type 1 font in a PDF document, as exploited in the wild in July 2011.",Affected
20110718,CVE-2011-0226,-1,-1,704612,freetype2,https://www.suse.com/security/cve/CVE-2011-0226,"Integer signedness error in psaux/t1decode.c in FreeType before 2.4.6, as used in CoreGraphics in Apple iOS before 4.2.9 and 4.3.x before 4.3.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Type 1 font in a PDF document, as exploited in the wild in July 2011.",Released
20110718,CVE-2011-1410,8.2,,706386,openssh-askpass-gnome,https://www.suse.com/security/cve/CVE-2011-1410,"** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.",Released
20110718,CVE-2011-1410,8.2,,706386,openssh,https://www.suse.com/security/cve/CVE-2011-1410,"** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.",Released
20110718,CVE-2011-2526,-1,-1,706382,tomcat6,https://www.suse.com/security/cve/CVE-2011-2526,"Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.19, when sendfile is enabled for the HTTP APR or HTTP NIO connector, does not validate certain request attributes, which allows local users to bypass intended file access restrictions or cause a denial of service (infinite loop or JVM crash) by leveraging an untrusted web application.",Released
20110718,CVE-2011-2696,-1,-1,705681,libsndfile,https://www.suse.com/security/cve/CVE-2011-2696,"Integer overflow in libsndfile before 1.0.25 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PARIS Audio Format (PAF) file that triggers a heap-based buffer overflow.",Released
20110718,CVE-2011-2697,-1,-1,59233,foomatic-filters,https://www.suse.com/security/cve/CVE-2011-2697,"foomatic-rip-hplip in HP Linux Imaging and Printing (HPLIP) 3.11.5 allows remote attackers to execute arbitrary code via a crafted *FoomaticRIPCommandLine field in a .ppd file.",Released
20110718,CVE-2011-2697,-1,-1,59233,hplip,https://www.suse.com/security/cve/CVE-2011-2697,"foomatic-rip-hplip in HP Linux Imaging and Printing (HPLIP) 3.11.5 allows remote attackers to execute arbitrary code via a crafted *FoomaticRIPCommandLine field in a .ppd file.",Released
20110720,CVE-2011-2597,-1,-1,706728,wireshark,https://www.suse.com/security/cve/CVE-2011-2597,"The Lucent/Ascend file parser in Wireshark 1.2.x before 1.2.18, 1.4.x through 1.4.7, and 1.6.0 allows remote attackers to cause a denial of service (infinite loop) via malformed packets.",Released
20110720,CVE-2011-2698,-1,-1,706728,wireshark,https://www.suse.com/security/cve/CVE-2011-2698,"Off-by-one error in the elem_cell_id_aux function in epan/dissectors/packet-ansi_a.c in the ANSI MAP dissector in Wireshark 1.4.x before 1.4.8 and 1.6.x before 1.6.1 allows remote attackers to cause a denial of service (infinite loop) via an invalid packet.",Released
20110727,CVE-2011-2721,-1,-1,708263,clamav,https://www.suse.com/security/cve/CVE-2011-2721,"Off-by-one error in the cli_hm_scan function in matcher-hash.c in libclamav in ClamAV before 0.97.2 allows remote attackers to cause a denial of service (daemon crash) via an e-mail message that is not properly handled during certain hash calculations.",Released
20110727,CVE-2011-2722,-1,-1,59233,hplip,https://www.suse.com/security/cve/CVE-2011-2722,"The send_data_to_stdout function in prnt/hpijs/hpcupsfax.cpp in HP Linux Imaging and Printing (HPLIP) 3.x before 3.11.10 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/hpcupsfax.out temporary file.",Released
20110802,CVE-2011-1831,-1,-1,709771,ecryptfs-utils,https://www.suse.com/security/cve/CVE-2011-1831,"utils/mount.ecryptfs_private.c in ecryptfs-utils before 90 does not properly check mountpoint permissions, which allows local users to effectively replace any directory with a new filesystem, and consequently gain privileges, via a mount system call.",Released
20110802,CVE-2011-1832,-1,-1,709771,ecryptfs-utils,https://www.suse.com/security/cve/CVE-2011-1832,"utils/mount.ecryptfs_private.c in ecryptfs-utils before 90 does not properly check mountpoint permissions, which allows local users to remove directories via a umount system call.",Released
20110802,CVE-2011-1833,-1,-1,709771,ecryptfs-utils,https://www.suse.com/security/cve/CVE-2011-1833,"Race condition in the ecryptfs_mount function in fs/ecryptfs/main.c in the eCryptfs subsystem in the Linux kernel before 3.1 allows local users to bypass intended file permissions via a mount.ecryptfs_private mount with a mismatched uid.",Released
20110802,CVE-2011-1834,-1,-1,709771,ecryptfs-utils,https://www.suse.com/security/cve/CVE-2011-1834,"utils/mount.ecryptfs_private.c in ecryptfs-utils before 90 does not properly maintain the mtab file during error conditions, which allows local users to cause a denial of service (table corruption) or bypass intended unmounting restrictions via a umount system call.",Released
20110802,CVE-2011-1835,-1,-1,709771,ecryptfs-utils,https://www.suse.com/security/cve/CVE-2011-1835,"The encrypted private-directory setup process in utils/ecryptfs-setup-private in ecryptfs-utils before 90 does not properly ensure that the passphrase file is created, which might allow local users to bypass intended access restrictions at a certain time in the new-user creation steps.",Released
20110802,CVE-2011-1836,-1,-1,709771,ecryptfs-utils,https://www.suse.com/security/cve/CVE-2011-1836,"utils/ecryptfs-recover-private in ecryptfs-utils before 90 does not establish a subdirectory with safe permissions, which might allow local users to bypass intended access restrictions via standard filesystem operations during the recovery process.",Released
20110802,CVE-2011-1837,-1,-1,709771,ecryptfs-utils,https://www.suse.com/security/cve/CVE-2011-1837,"The lock-counter implementation in utils/mount.ecryptfs_private.c in ecryptfs-utils before 90 allows local users to overwrite arbitrary files via unspecified vectors.",Released
20110802,CVE-2011-2724,3.6,,1160791,samba,https://www.suse.com/security/cve/CVE-2011-2724,"The check_mtab function in client/mount.cifs.c in mount.cifs in smbfs in Samba 3.5.10 and earlier does not properly verify that the (1) device name and (2) mountpoint strings are composed of valid characters, which allows local users to cause a denial of service (mtab corruption) via a crafted string. NOTE: this vulnerability exists because of an incorrect fix for CVE-2010-0547.",Already fixed
20110802,CVE-2011-2964,-1,-1,698451,foomatic-filters,https://www.suse.com/security/cve/CVE-2011-2964,"foomaticrip.c in foomatic-rip in foomatic-filters in Foomatic 4.0.6 allows remote attackers to execute arbitrary code via a crafted *FoomaticRIPCommandLine field in a .ppd file, a different vulnerability than CVE-2011-2697.",Released
20110804,CVE-2011-2897,,9.8,709852,gtk2,https://www.suse.com/security/cve/CVE-2011-2897,"gdk-pixbuf through 2.31.1 has GIF loader buffer overflow when initializing decompression tables due to an input validation flaw",Released
20110810,CVE-2011-2895,-1,-1,709851,freetype2,https://www.suse.com/security/cve/CVE-2011-2895,"The LZW decompressor in (1) the BufCompressedFill function in fontfile/decompress.c in X.Org libXfont before 1.4.4 and (2) compress/compress.c in 4.3BSD, as used in zopen.c in OpenBSD before 3.8, FreeBSD, NetBSD 4.0.x and 5.0.x before 5.0.3 and 5.1.x before 5.1.1, FreeType 2.1.9, and other products, does not properly handle code words that are absent from the decompression table when encountered, which allows context-dependent attackers to trigger an infinite loop or a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted compressed stream, a related issue to CVE-2006-1168 and CVE-2011-2896.",Released
20110810,CVE-2011-2895,-1,-1,709851,xorg-x11-libs,https://www.suse.com/security/cve/CVE-2011-2895,"The LZW decompressor in (1) the BufCompressedFill function in fontfile/decompress.c in X.Org libXfont before 1.4.4 and (2) compress/compress.c in 4.3BSD, as used in zopen.c in OpenBSD before 3.8, FreeBSD, NetBSD 4.0.x and 5.0.x before 5.0.3 and 5.1.x before 5.1.1, FreeType 2.1.9, and other products, does not properly handle code words that are absent from the decompression table when encountered, which allows context-dependent attackers to trigger an infinite loop or a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted compressed stream, a related issue to CVE-2006-1168 and CVE-2011-2896.",Released
20110810,CVE-2011-2896,-1,-1,601830,cups,https://www.suse.com/security/cve/CVE-2011-2896,"The LZW decompressor in the LWZReadByte function in giftoppm.c in the David Koblas GIF decoder in PBMPLUS, as used in the gif_read_lzw function in filter/image-gif.c in CUPS before 1.4.7, the LZWReadByte function in plug-ins/common/file-gif-load.c in GIMP 2.6.11 and earlier, the LZWReadByte function in img/gifread.c in XPCE in SWI-Prolog 5.10.4 and earlier, and other products, does not properly handle code words that are absent from the decompression table when encountered, which allows remote attackers to trigger an infinite loop or a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted compressed stream, a related issue to CVE-2006-1168 and CVE-2011-2895.",Released
20110812,CVE-2003-0900,-1,-1,704409,ruby,https://www.suse.com/security/cve/CVE-2003-0900,"Perl 5.8.1 on Fedora Core does not properly initialize the random number generator when forking, which makes it easier for attackers to predict random numbers.",Released
20110812,CVE-2011-2705,-1,-1,704409,ruby,https://www.suse.com/security/cve/CVE-2011-2705,"The SecureRandom.random_bytes function in lib/securerandom.rb in Ruby before 1.8.7-p352 and 1.9.x before 1.9.2-p290 relies on PID values for initialization, which makes it easier for context-dependent attackers to predict the result string by leveraging knowledge of random strings obtained in an earlier process with the same PID.",Released
20110812,CVE-2011-3009,-1,-1,704409,ruby,https://www.suse.com/security/cve/CVE-2011-3009,"Ruby before 1.8.6-p114 does not reset the random seed upon forking, which makes it easier for context-dependent attackers to predict the values of random numbers by leveraging knowledge of the number sequence obtained in a different child process, a related issue to CVE-2003-0900.",Released
20110822,CVE-2011-2940,-1,-1,715641,stunnel,https://www.suse.com/security/cve/CVE-2011-2940,"stunnel 4.40 and 4.41 might allow remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.",Analysis
20110823,CVE-2011-2923,,5.5,713717,foomatic-filters,https://www.suse.com/security/cve/CVE-2011-2923,"foomatic-rip filter, all versions, used insecurely creates temporary files for storage of PostScript data by rendering the data when the debug mode was enabled. This flaw may be exploited by a local attacker to conduct symlink attacks by overwriting arbitrary files accessible with the privileges of the user running the foomatic-rip universal print filter.",Affected
20110823,CVE-2011-2924,,5.5,713717,foomatic-filters,https://www.suse.com/security/cve/CVE-2011-2924,"foomatic-rip filter v4.0.12 and prior used insecurely creates temporary files for storage of PostScript data by rendering the data when the debug mode was enabled. This flaw may be exploited by a local attacker to conduct symlink attacks by overwriting arbitrary files accessible with the privileges of the user running the foomatic-rip universal print filter.",Affected
20110824,CVE-2003-1418,,,713970,apache2,https://www.suse.com/security/cve/CVE-2003-1418,"Apache HTTP Server 1.3.22 through 1.3.27 on OpenBSD allows remote attackers to obtain sensitive information via (1) the ETag header, which reveals the inode number, or (2) multipart MIME boundary, which reveals child process IDs (PID).",Released
20110824,CVE-2011-3191,,8.8,714001,kernel-source,https://www.suse.com/security/cve/CVE-2011-3191,"Integer signedness error in the CIFSFindNext function in fs/cifs/cifssmb.c in the Linux kernel before 3.1 allows remote CIFS servers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a large length value in a response to a read request for a directory.",Unsupported
20110824,CVE-2011-3192,-1,-1,713966,apache2,https://www.suse.com/security/cve/CVE-2011-3192,"The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a different vulnerability than CVE-2007-0086.",Released
20110830,CVE-2011-3146,-1,-1,714980,librsvg,https://www.suse.com/security/cve/CVE-2011-3146,"librsvg before 2.34.1 uses the node name to identify the type of node, which allows context-dependent attackers to cause a denial of service (NULL pointer dereference) and possibly execute arbitrary code via a SVG file with a node with the element name starting with \"fe,\" which is misidentified as a RsvgFilterPrimitive.",Released
20110830,CVE-2011-3171,-1,-1,703035,pure-ftpd,https://www.suse.com/security/cve/CVE-2011-3171,"Directory traversal vulnerability in pure-FTPd 1.0.22 and possibly other versions, when running on SUSE Linux Enterprise Server and possibly other operating systems, when the Netware OES remote server feature is enabled, allows local users to overwrite arbitrary files via unknown vectors.",Released
20110831,CVE-2011-3172,,9.8,1149683,pam-modules,https://www.suse.com/security/cve/CVE-2011-3172,"A vulnerability in pam_modules of SUSE Linux Enterprise allows attackers to log into accounts that should have been disabled. Affected releases are SUSE Linux Enterprise: versions prior to 12.",Released
20110831,CVE-2011-3205,-1,-1,715171,squid3,https://www.suse.com/security/cve/CVE-2011-3205,"Buffer overflow in the gopherToHTML function in gopher.cc in the Gopher reply parser in Squid 3.0 before 3.0.STABLE26, 3.1 before 3.1.15, and 3.2 before 3.2.0.11 allows remote Gopher servers to cause a denial of service (memory corruption and daemon restart) or possibly have unspecified other impact via a long line in a response. NOTE: This issue exists because of a CVE-2005-0094 regression.",Released
20110902,CVE-2011-3170,-1,-1,601830,cups,https://www.suse.com/security/cve/CVE-2011-3170,"The gif_read_lzw function in filter/image-gif.c in CUPS 1.4.8 and earlier does not properly handle the first code word in an LZW stream, which allows remote attackers to trigger a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted stream, a different vulnerability than CVE-2011-2896.",Released
20110902,CVE-2011-3208,-1,-1,715251,cyrus-imapd,https://www.suse.com/security/cve/CVE-2011-3208,"Stack-based buffer overflow in the split_wildmats function in nntpd.c in nntpd in Cyrus IMAP Server before 2.3.17 and 2.4.x before 2.4.11 allows remote attackers to execute arbitrary code via a crafted NNTP command.",Released
20110905,CVE-2011-3190,-1,-1,715991,tomcat6,https://www.suse.com/security/cve/CVE-2011-3190,"Certain AJP protocol connector implementations in Apache Tomcat 7.0.0 through 7.0.20, 6.0.0 through 6.0.33, 5.5.0 through 5.5.33, and possibly other versions allow remote attackers to spoof AJP requests, bypass authentication, and obtain sensitive information by causing the connector to interpret a request body as a new request.",Released
20110906,CVE-2011-3207,-1,-1,716143,openssl,https://www.suse.com/security/cve/CVE-2011-3207,"crypto/x509/x509_vfy.c in OpenSSL 1.0.x before 1.0.0e does not initialize certain structure members, which makes it easier for remote attackers to bypass CRL validation by using a nextUpdate value corresponding to a time in the past.",Released
20110906,CVE-2011-3210,-1,-1,716144,openssl,https://www.suse.com/security/cve/CVE-2011-3210,"The ephemeral ECDH ciphersuite functionality in OpenSSL 0.9.8 through 0.9.8r and 1.0.x before 1.0.0e does not ensure thread safety during processing of handshake messages from clients, which allows remote attackers to cause a denial of service (daemon crash) via out-of-order messages that violate the TLS protocol.",Released
20110912,CVE-2011-3351,,7.1,716367,openvas-scanner,https://www.suse.com/security/cve/CVE-2011-3351,"openvas-scanner before 2011-09-11 creates a temporary file insecurely when generating OVAL system characteristics document with the ovaldi integrated tool enabled. A local attacker could use this flaw to conduct symlink attacks to overwrite arbitrary files on the system.",Affected
20110915,CVE-2011-3266,-1,-1,718032,wireshark,https://www.suse.com/security/cve/CVE-2011-3266,"The proto_tree_add_item function in Wireshark 1.6.0 through 1.6.1 and 1.4.0 through 1.4.8, when the IKEv1 protocol dissector is used, allows user-assisted remote attackers to cause a denial of service (infinite loop) via vectors involving a malformed IKE packet and many items in a tree.",Released
20110915,CVE-2011-3323,-1,-1,718056,quagga,https://www.suse.com/security/cve/CVE-2011-3323,"The OSPFv3 implementation in ospf6d in Quagga before 0.99.19 allows remote attackers to cause a denial of service (out-of-bounds memory access and daemon crash) via a Link State Update message with an invalid IPv6 prefix length.",Released
20110915,CVE-2011-3324,-1,-1,718058,quagga,https://www.suse.com/security/cve/CVE-2011-3324,"The ospf6_lsa_is_changed function in ospf6_lsa.c in the OSPFv3 implementation in ospf6d in Quagga before 0.99.19 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via trailing zero values in the Link State Advertisement (LSA) header list of an IPv6 Database Description message.",Released
20110915,CVE-2011-3325,-1,-1,718059,quagga,https://www.suse.com/security/cve/CVE-2011-3325,"ospf_packet.c in ospfd in Quagga before 0.99.19 allows remote attackers to cause a denial of service (daemon crash) via (1) a 0x0a type field in an IPv4 packet header or (2) a truncated IPv4 Hello packet.",Released
20110915,CVE-2011-3326,-1,-1,718061,quagga,https://www.suse.com/security/cve/CVE-2011-3326,"The ospf_flood function in ospf_flood.c in ospfd in Quagga before 0.99.19 allows remote attackers to cause a denial of service (daemon crash) via an invalid Link State Advertisement (LSA) type in an IPv4 Link State Update message.",Released
20110915,CVE-2011-3327,-1,-1,718062,quagga,https://www.suse.com/security/cve/CVE-2011-3327,"Heap-based buffer overflow in the ecommunity_ecom2str function in bgp_ecommunity.c in bgpd in Quagga before 0.99.19 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code by sending a crafted BGP UPDATE message over IPv4.",Released
20110915,CVE-2011-3360,-1,-1,718032,wireshark,https://www.suse.com/security/cve/CVE-2011-3360,"Untrusted search path vulnerability in Wireshark 1.4.x before 1.4.9 and 1.6.x before 1.6.2 allows local users to gain privileges via a Trojan horse Lua script in an unspecified directory.",Released
20110915,CVE-2011-3482,-1,-1,718032,wireshark,https://www.suse.com/security/cve/CVE-2011-3482,"The csnStreamDissector function in epan/dissectors/packet-csn1.c in the CSN.1 dissector in Wireshark 1.6.x before 1.6.2 does not initialize a certain structure member, which allows remote attackers to cause a denial of service (application crash) via a malformed packet.",Released
20110915,CVE-2011-3483,-1,-1,718032,wireshark,https://www.suse.com/security/cve/CVE-2011-3483,"Wireshark 1.6.x before 1.6.2 allows remote attackers to cause a denial of service (application crash) via a malformed capture file that leads to an invalid root tvbuff, related to a \"buffer exception handling vulnerability.\"",Released
20110915,CVE-2011-3484,-1,-1,718032,wireshark,https://www.suse.com/security/cve/CVE-2011-3484,"The unxorFrame function in epan/dissectors/packet-opensafety.c in the OpenSafety dissector in Wireshark 1.6.x before 1.6.2 does not properly validate a certain frame size, which allows remote attackers to cause a denial of service (loop and application crash) via a malformed packet.",Released
20110916,CVE-2011-3481,-1,-1,718428,cyrus-imapd,https://www.suse.com/security/cve/CVE-2011-3481,"The index_get_ids function in index.c in imapd in Cyrus IMAP Server before 2.4.11, when server-side threading is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted References header in an e-mail message.",Released
20110920,CVE-2011-3348,-1,-1,719236,apache2,https://www.suse.com/security/cve/CVE-2011-3348,"The mod_proxy_ajp module in the Apache HTTP Server before 2.2.21, when used with mod_proxy_balancer in certain configurations, allows remote attackers to cause a denial of service (temporary \"error state\" in the backend server) via a malformed HTTP request.",Released
20110926,CVE-2011-3372,-1,-1,719998,cyrus-imapd,https://www.suse.com/security/cve/CVE-2011-3372,"imap/nntpd.c in the NNTP server (nntpd) for Cyrus IMAPd 2.4.x before 2.4.12 allows remote attackers to bypass authentication by sending an AUTHINFO USER command without sending an additional AUTHINFO PASS command.",Released
20110929,CVE-2011-3378,-1,-1,720824,rpm,https://www.suse.com/security/cve/CVE-2011-3378,"RPM 4.4.x through 4.9.x, probably before 4.9.1.2, allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via an rpm package with crafted headers and offsets that are not properly handled when a package is queried or installed, related to (1) the regionSwab function, (2) the headerLoad function, and (3) multiple functions in rpmio/rpmpgp.c.",Released
20110929,CVE-2011-3848,-1,-1,721139,puppet,https://www.suse.com/security/cve/CVE-2011-3848,"Directory traversal vulnerability in Puppet 2.6.x before 2.6.10 and 2.7.x before 2.7.4 allows remote attackers to write X.509 Certificate Signing Request (CSR) to arbitrary locations via (1) a double-encoded key parameter in the URI in 2.7.x, (2) the CN in the Subject of a CSR in 2.6 and 0.25.",Released
20111004,CVE-2011-3585,,4.7,1160791,samba,https://www.suse.com/security/cve/CVE-2011-3585,"Multiple race conditions in the (1) mount.cifs and (2) umount.cifs programs in Samba 3.6 allow local users to cause a denial of service (mounting outage) via a SIGKILL signal during a time window when the /etc/mtab~ file exists.",Already fixed
20111005,CVE-2011-3597,-1,-1,721975,perl,https://www.suse.com/security/cve/CVE-2011-3597,"Eval injection vulnerability in the Digest module before 1.17 for Perl allows context-dependent attackers to execute arbitrary commands via the new constructor.",Analysis
20111006,CVE-2011-3368,-1,-1,722545,apache2,https://www.suse.com/security/cve/CVE-2011-3368,"The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an initial @ (at sign) character.",Released
20111017,CVE-2011-3177,-1,-1,713661,yast2-core,https://www.suse.com/security/cve/CVE-2011-3177,"The YaST2 network created files with world readable permissions which could have allowed local users to read sensitive material out of network configuration files, like passwords for wireless networks.",Already fixed
20111018,CVE-2006-7246,,6.8,1047509,NetworkManager-gnome,https://www.suse.com/security/cve/CVE-2006-7246,"NetworkManager 0.9.x does not pin a certificate's subject to an ESSID when 802.11X authentication is used.",Already fixed
20111018,CVE-2006-7246,,6.8,1047509,NetworkManager-kde4,https://www.suse.com/security/cve/CVE-2006-7246,"NetworkManager 0.9.x does not pin a certificate's subject to an ESSID when 802.11X authentication is used.",Affected
20111019,CVE-2011-3627,-1,-1,724856,clamav,https://www.suse.com/security/cve/CVE-2011-3627,"The bytecode engine in ClamAV before 0.97.3 allows remote attackers to cause a denial of service (crash) via vectors related to \"recursion level\" and (1) libclamav/bytecode.c and (2) libclamav/bytecode_api.c.",Released
20111025,CVE-2011-3872,-1,-1,726372,puppet,https://www.suse.com/security/cve/CVE-2011-3872,"Puppet 2.6.x before 2.6.12 and 2.7.x before 2.7.6, and Puppet Enterprise (PE) Users 1.0, 1.1, and 1.2 before 1.2.4, when signing an agent certificate, adds the Puppet master's certdnsnames values to the X.509 Subject Alternative Name field of the certificate, which allows remote attackers to spoof a Puppet master via a man-in-the-middle (MITM) attack against an agent that uses an alternate DNS name for the master, aka \"AltNames Vulnerability.\"",Released
20111028,CVE-2011-3869,-1,-1,726372,puppet,https://www.suse.com/security/cve/CVE-2011-3869,"Puppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x allows local users to overwrite arbitrary files via a symlink attack on the .k5login file.",Released
20111028,CVE-2011-3870,-1,-1,726372,puppet,https://www.suse.com/security/cve/CVE-2011-3870,"Puppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x allows local users to modify the permissions of arbitrary files via a symlink attack on the SSH authorized_keys file.",Released
20111101,CVE-2011-3871,-1,-1,726372,puppet,https://www.suse.com/security/cve/CVE-2011-3871,"Puppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x, when running in --edit mode, uses a predictable file name, which allows local users to run arbitrary Puppet code or trick a user into editing arbitrary files.",Released
20111101,CVE-2011-4084,-1,-1,727540,tomcat6,https://www.suse.com/security/cve/CVE-2011-4084,"** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2011-4858. Reason: This candidate is a duplicate of CVE-2011-4858. Notes: All CVE users should reference CVE-2011-4858 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.",Already fixed
20111101,CVE-2011-4096,-1,-1,727492,squid3,https://www.suse.com/security/cve/CVE-2011-4096,"The idnsGrokReply function in Squid before 3.1.16 does not properly free memory, which allows remote attackers to cause a denial of service (daemon abort) via a DNS reply containing a CNAME record that references another CNAME record that contains an empty A record.",Released
20111102,CVE-2011-4099,-1,-1,727713,libcap,https://www.suse.com/security/cve/CVE-2011-4099,"The capsh program in libcap before 2.22 does not change the current working directory when the --chroot option is specified, which allows local users to bypass the chroot restrictions via unspecified vectors.",Released
20111102,CVE-2011-4100,-1,-1,727718,wireshark,https://www.suse.com/security/cve/CVE-2011-4100,"The csnStreamDissector function in epan/dissectors/packet-csn1.c in the CSN.1 dissector in Wireshark 1.6.x before 1.6.3 does not initialize a certain variable, which allows remote attackers to cause a denial of service (application crash) via a malformed packet.",Analysis
20111103,CVE-2011-3256,-1,-1,728044,firefox-freetype2,https://www.suse.com/security/cve/CVE-2011-3256,"FreeType 2 before 2.4.7, as used in CoreGraphics in Apple iOS before 5, Mandriva Enterprise Server 5, and possibly other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font, a different vulnerability than CVE-2011-0226.",Affected
20111103,CVE-2011-3256,-1,-1,728044,freetype2,https://www.suse.com/security/cve/CVE-2011-3256,"FreeType 2 before 2.4.7, as used in CoreGraphics in Apple iOS before 5, Mandriva Enterprise Server 5, and possibly other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font, a different vulnerability than CVE-2011-0226.",Released
20111108,CVE-2011-2725,-1,-1,708268,kdeutils4,https://www.suse.com/security/cve/CVE-2011-2725,"Directory traversal vulnerability in Ark 4.7.x and earlier allows remote attackers to delete and force the display of arbitrary files via .. (dot dot) sequences in a zip file.",Released
20111109,CVE-2011-3607,-1,-1,728876,apache2,https://www.suse.com/security/cve/CVE-2011-3607,"Integer overflow in the ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, allows local users to gain privileges via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, leading to a heap-based buffer overflow.",Released
20111109,CVE-2011-4415,-1,-1,729181,apache2,https://www.suse.com/security/cve/CVE-2011-4415,"The ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, does not restrict the size of values of environment variables, which allows local users to cause a denial of service (memory consumption or NULL pointer dereference) via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, related to (1) the \"len +=\" statement and (2) the apr_pcalloc function call, a different vulnerability than CVE-2011-3607.",Released
20111110,CVE-2011-4121,,9.8,729495,ruby,https://www.suse.com/security/cve/CVE-2011-4121,"The OpenSSL extension of Ruby (Git trunk) versions after 2011-09-01 up to 2011-11-03 always generated an exponent value of '1' to be used for private RSA key generation. A remote attacker could use this flaw to bypass or corrupt integrity of services, depending on strong private RSA keys generation mechanism.",Analysis
20111110,CVE-2011-4128,-1,-1,729486,gnutls,https://www.suse.com/security/cve/CVE-2011-4128,"Buffer overflow in the gnutls_session_get_data function in lib/gnutls_session.c in GnuTLS 2.12.x before 2.12.14 and 3.x before 3.0.7, when used on a client that performs nonstandard session resumption, allows remote TLS servers to cause a denial of service (application crash) via a large SessionTicket.",Unsupported
20111114,CVE-2011-3376,-1,-1,730122,tomcat6,https://www.suse.com/security/cve/CVE-2011-3376,"org/apache/catalina/core/DefaultInstanceManager.java in Apache Tomcat 7.x before 7.0.22 does not properly restrict ContainerServlets in the Manager application, which allows local users to gain privileges by using an untrusted web application to access the Manager application's functionality.",Analysis
20111114,CVE-2011-3439,-1,-1,730124,firefox-freetype2,https://www.suse.com/security/cve/CVE-2011-3439,"FreeType in CoreGraphics in Apple iOS before 5.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font in a document.",Affected
20111114,CVE-2011-3439,-1,-1,730124,freetype2,https://www.suse.com/security/cve/CVE-2011-3439,"FreeType in CoreGraphics in Apple iOS before 5.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font in a document.",Released
20111114,CVE-2011-4131,-1,-1,730117,kernel-source,https://www.suse.com/security/cve/CVE-2011-4131,"The NFSv4 implementation in the Linux kernel before 3.2.2 does not properly handle bitmap sizes in GETACL replies, which allows remote NFS servers to cause a denial of service (OOPS) by sending an excessive number of bitmap words.",Already fixed
20111121,CVE-2011-4112,,5.5,731649,kernel-source,https://www.suse.com/security/cve/CVE-2011-4112,"The net subsystem in the Linux kernel before 3.1 does not properly restrict use of the IFF_TX_SKB_SHARING flag, which allows local users to cause a denial of service (panic) by leveraging the CAP_NET_ADMIN capability to access /proc/net/pktgen/pgctrl, and then using the pktgen package in conjunction with a bridge device for a VLAN interface.",Ignore
20111121,CVE-2011-4327,-1,-1,691400,openssh,https://www.suse.com/security/cve/CVE-2011-4327,"ssh-keysign.c in ssh-keysign in OpenSSH before 5.8p2 on certain platforms executes ssh-rand-helper with unintended open file descriptors, which allows local users to obtain sensitive key information via the ptrace system call.",Analysis
20111124,CVE-2009-5028,-1,-1,732322,php53,https://www.suse.com/security/cve/CVE-2009-5028,"Stack-based buffer overflow in Namazu before 2.0.20 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted request containing an empty uri field.",Affected
20111124,CVE-2011-3639,-1,-1,722545,apache2,https://www.suse.com/security/cve/CVE-2011-3639,"The mod_proxy module in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x before 2.2.18, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers by using the HTTP/0.9 protocol with a malformed URI containing an initial @ (at sign) character. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368.",Released
20111124,CVE-2011-4317,-1,-1,722545,apache2,https://www.suse.com/security/cve/CVE-2011-4317,"The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an @ (at sign) character and a : (colon) character in invalid positions.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368.",Released
20111125,CVE-2011-2821,-1,-1,1123919,libxml2,https://www.suse.com/security/cve/CVE-2011-2821,"Double free vulnerability in libxml2, as used in Google Chrome before 13.0.782.215, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted XPath expression.",Released
20111125,CVE-2011-2834,-1,-1,732787,libxml2,https://www.suse.com/security/cve/CVE-2011-2834,"Double free vulnerability in libxml2, as used in Google Chrome before 14.0.835.163, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to XPath handling.",Released
20111125,CVE-2011-4347,-1,-1,732773,kernel-source,https://www.suse.com/security/cve/CVE-2011-4347,"The kvm_vm_ioctl_assign_device function in virt/kvm/assigned-dev.c in the KVM subsystem in the Linux kernel before 3.1.10 does not verify permission to access PCI configuration space and BAR resources, which allows host OS users to assign PCI devices and cause a denial of service (host OS crash) via a KVM_ASSIGN_PCI_DEVICE operation.",Analysis
20111129,CVE-2011-4354,-1,-1,733252,openssl,https://www.suse.com/security/cve/CVE-2011-4354,"crypto/bn/bn_nist.c in OpenSSL before 0.9.8h on 32-bit platforms, as used in stunnel and other products, in certain circumstances involving ECDH or ECDHE cipher suites, uses an incorrect modular reduction algorithm in its implementation of the P-256 and P-384 NIST elliptic curves, which allows remote attackers to obtain the private key of a TLS server via multiple handshake attempts.",Released
20111206,CVE-2011-4516,,,1006591,jasper,https://www.suse.com/security/cve/CVE-2011-4516,"Heap-based buffer overflow in the jpc_cox_getcompparms function in libjasper/jpc/jpc_cs.c in JasPer 1.900.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted numrlvls value in a coding style default (COD) marker segment in a JPEG2000 file.",Released
20111206,CVE-2011-4517,,,1006593,jasper,https://www.suse.com/security/cve/CVE-2011-4517,"The jpc_crg_getparms function in libjasper/jpc/jpc_cs.c in JasPer 1.900.1 uses an incorrect data type during a certain size calculation, which allows remote attackers to trigger a heap-based buffer overflow and execute arbitrary code, or cause a denial of service (heap memory corruption), via a crafted component registration (CRG) marker segment in a JPEG2000 file.",Released
20111207,CVE-2011-1184,-1,-1,735343,tomcat6,https://www.suse.com/security/cve/CVE-2011-1184,"The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not have the expected countermeasures against replay attacks, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, related to lack of checking of nonce (aka server nonce) and nc (aka nonce-count or client nonce count) values.",Released
20111207,CVE-2011-3145,,9.8,735342,ecryptfs-utils,https://www.suse.com/security/cve/CVE-2011-3145,"When mount.ecrpytfs_private before version 87-0ubuntu1.2 calls setreuid() it doesn't also set the effective group id. So when it creates the new version, mtab.tmp, it's created with the group id of the user running mount.ecryptfs_private.",Released
20111207,CVE-2011-4578,-1,-1,735282,acpid,https://www.suse.com/security/cve/CVE-2011-4578,"event.c in acpid (aka acpid2) before 2.0.11 does not have an appropriate umask setting during execution of event-handler scripts, which might allow local users to (1) perform write operations within directories created by a script, or (2) read files created by a script, via standard filesystem system calls.",Already fixed
20111208,CVE-2008-5374,-1,-1,735605,bash,https://www.suse.com/security/cve/CVE-2008-5374,"bash-doc 3.2 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/cb#####.? temporary file, related to the (1) aliasconv.sh, (2) aliasconv.bash, and (3) cshtobash scripts.",Analysis
20111208,CVE-2011-2519,-1,-1,735615,kernel-source,https://www.suse.com/security/cve/CVE-2011-2519,"Xen in the Linux kernel, when running a guest on a host without hardware assisted paging (HAP), allows guest users to cause a denial of service (invalid pointer dereference and hypervisor crash) via the SAHF instruction.",Analysis
20111209,CVE-2009-5029,-1,-1,735850,glibc,https://www.suse.com/security/cve/CVE-2009-5029,"Integer overflow in the __tzfile_read function in glibc before 2.15 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted timezone (TZ) file, as demonstrated using vsftpd.",Unsupported
20111212,CVE-2011-4599,-1,-1,736146,icu,https://www.suse.com/security/cve/CVE-2011-4599,"Stack-based buffer overflow in the _canonicalize function in common/uloc.c in International Components for Unicode (ICU) before 49.1 allows remote attackers to execute arbitrary code via a crafted locale ID that is not properly handled during variant canonicalization.",Released
20111212,CVE-2011-4604,-1,-1,736149,kernel-source,https://www.suse.com/security/cve/CVE-2011-4604,"The bat_socket_read function in net/batman-adv/icmp_socket.c in the Linux kernel before 3.3 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted batman-adv ICMP packet.",Already fixed
20111220,CVE-2005-4890,,7.8,697897,coreutils,https://www.suse.com/security/cve/CVE-2005-4890,"There is a possible tty hijacking in shadow 4.x before 4.1.5 and sudo 1.x before 1.7.4 via \"su - user -c program\". The user session can be escaped to the parent session by using the TIOCSTI ioctl to push characters into the input buffer to be read by the next process.",Released
20111222,CVE-2011-4622,-1,-1,738210,kernel-source,https://www.suse.com/security/cve/CVE-2011-4622,"The create_pit_timer function in arch/x86/kvm/i8254.c in KVM 83, and possibly other versions, does not properly handle when Programmable Interval Timer (PIT) interrupt requests (IRQs) when a virtual interrupt controller (irqchip) is not available, which allows local users to cause a denial of service (NULL pointer dereference) by starting a timer.",Already fixed
20111222,CVE-2011-4623,-1,-1,738259,rsyslog,https://www.suse.com/security/cve/CVE-2011-4623,"Integer overflow in the rsCStrExtendBuf function in runtime/stringbuf.c in the imfile module in rsyslog 4.x before 4.6.6, 5.x before 5.7.4, and 6.x before 6.1.4 allows local users to cause a denial of service (daemon hang) via a large file, which triggers a heap-based buffer overflow.",Analysis
20111227,CVE-2011-4862,-1,-1,738632,krb5,https://www.suse.com/security/cve/CVE-2011-4862,"Buffer overflow in libtelnet/encrypt.c in telnetd in FreeBSD 7.3 through 9.0, MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.2 and earlier, Heimdal 1.5.1 and earlier, GNU inetutils, and possibly other products allows remote attackers to execute arbitrary code via a long encryption key, as exploited in the wild in December 2011.",Released
20111228,CVE-2011-4915,,5.5,738749,kernel-source,https://www.suse.com/security/cve/CVE-2011-4915,"fs/proc/base.c in the Linux kernel through 3.1 allows local users to obtain sensitive keystroke information via access to /proc/interrupts.",Analysis
20111229,CVE-2007-6750,-1,-1,738855,apache2,https://www.suse.com/security/cve/CVE-2007-6750,"The Apache HTTP Server 1.x and 2.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris, related to the lack of the mod_reqtimeout module in versions before 2.2.15.",Released
20111229,CVE-2011-4913,-1,-1,681175,kernel-source,https://www.suse.com/security/cve/CVE-2011-4913,"The rose_parse_ccitt function in net/rose/rose_subr.c in the Linux kernel before 2.6.39 does not validate the FAC_CCITT_DEST_NSAP and FAC_CCITT_SRC_NSAP fields, which allows remote attackers to (1) cause a denial of service (integer underflow, heap memory corruption, and panic) via a small length value in data sent to a ROSE socket, or (2) conduct stack-based buffer overflow attacks via a large length value in data sent to a ROSE socket.",Analysis
20111229,CVE-2011-4914,-1,-1,681175,kernel-source,https://www.suse.com/security/cve/CVE-2011-4914,"The ROSE protocol implementation in the Linux kernel before 2.6.39 does not verify that certain data-length values are consistent with the amount of data sent, which might allow remote attackers to obtain sensitive information from kernel memory or cause a denial of service (out-of-bounds read) via crafted data to a ROSE socket.",Analysis
20120102,CVE-2011-3415,-1,-1,739130,mono-core,https://www.suse.com/security/cve/CVE-2011-3415,"Open redirect vulnerability in the Forms Authentication feature in the ASP.NET subsystem in Microsoft .NET Framework 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted return URL, aka \"Insecure Redirect in .NET Form Authentication Vulnerability.\"",Analysis
20120102,CVE-2011-3416,-1,-1,739130,mono-core,https://www.suse.com/security/cve/CVE-2011-3416,"The Forms Authentication feature in the ASP.NET subsystem in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 allows remote authenticated users to obtain access to arbitrary user accounts via a crafted username, aka \"ASP.Net Forms Authentication Bypass Vulnerability.\"",Analysis
20120102,CVE-2011-3417,-1,-1,739130,mono-core,https://www.suse.com/security/cve/CVE-2011-3417,"The Forms Authentication feature in the ASP.NET subsystem in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0, when sliding expiry is enabled, does not properly handle cached content, which allows remote attackers to obtain access to arbitrary user accounts via a crafted URL, aka \"ASP.NET Forms Authentication Ticket Caching Vulnerability.\"",Analysis
20120102,CVE-2011-4089,-1,-1,739136,bzip2,https://www.suse.com/security/cve/CVE-2011-4089,"The bzexe command in bzip2 1.0.5 and earlier generates compressed executables that do not properly handle temporary files during extraction, which allows local users to execute arbitrary code by precreating a temporary directory.",Analysis
20120102,CVE-2011-4815,-1,-1,739122,ruby,https://www.suse.com/security/cve/CVE-2011-4815,"Ruby (aka CRuby) before 1.8.7-p357 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.",Released
20120105,CVE-2010-4820,-1,-1,739737,ghostscript-library,https://www.suse.com/security/cve/CVE-2010-4820,"Untrusted search path vulnerability in Ghostscript 8.62 allows local users to execute arbitrary PostScript code via a Trojan horse Postscript library file in Encoding/ under the current working directory, a different vulnerability than CVE-2010-2055.",Released
20120105,CVE-2011-4108,-1,-1,739719,openssl,https://www.suse.com/security/cve/CVE-2011-4108,"The DTLS implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f performs a MAC check only if certain padding is valid, which makes it easier for remote attackers to recover plaintext via a padding oracle attack.",Released
20120105,CVE-2011-4109,-1,-1,739719,openssl,https://www.suse.com/security/cve/CVE-2011-4109,"Double free vulnerability in OpenSSL 0.9.8 before 0.9.8s, when X509_V_FLAG_POLICY_CHECK is enabled, allows remote attackers to have an unspecified impact by triggering failure of a policy check.",Released
20120105,CVE-2011-4576,-1,-1,739719,openssl,https://www.suse.com/security/cve/CVE-2011-4576,"The SSL 3.0 implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly initialize data structures for block cipher padding, which might allow remote attackers to obtain sensitive information by decrypting the padding data sent by an SSL peer.",Released
20120105,CVE-2011-4577,-1,-1,739719,openssl,https://www.suse.com/security/cve/CVE-2011-4577,"OpenSSL before 0.9.8s and 1.x before 1.0.0f, when RFC 3779 support is enabled, allows remote attackers to cause a denial of service (assertion failure) via an X.509 certificate containing certificate-extension data associated with (1) IP address blocks or (2) Autonomous System (AS) identifiers.",Released
20120105,CVE-2011-4619,-1,-1,739719,openssl,https://www.suse.com/security/cve/CVE-2011-4619,"The Server Gated Cryptography (SGC) implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly handle handshake restarts, which allows remote attackers to cause a denial of service (CPU consumption) via unspecified vectors.",Released
20120106,CVE-2011-3919,-1,-1,1123919,libxml2,https://www.suse.com/security/cve/CVE-2011-3919,"Heap-based buffer overflow in libxml2, as used in Google Chrome before 16.0.912.75, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.",Released
20120109,CVE-2011-4858,-1,-1,727543,tomcat6,https://www.suse.com/security/cve/CVE-2011-4858,"Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.",Already fixed
20120111,CVE-2011-3637,,5.5,740729,kernel-source,https://www.suse.com/security/cve/CVE-2011-3637,"The m_stop function in fs/proc/task_mmu.c in the Linux kernel before 2.6.39 allows local users to cause a denial of service (OOPS) via vectors that trigger an m_start error.",Analysis
20120111,CVE-2012-0027,-1,-1,739719,openssl,https://www.suse.com/security/cve/CVE-2012-0027,"The GOST ENGINE in OpenSSL before 1.0.0f does not properly handle invalid parameters for the GOST block cipher, which allows remote attackers to cause a denial of service (daemon crash) via crafted data from a TLS client.",Released
20120111,CVE-2012-0207,,7.5,740448,kernel-source,https://www.suse.com/security/cve/CVE-2012-0207,"The igmp_heard_query function in net/ipv4/igmp.c in the Linux kernel before 3.2.1 allows remote attackers to cause a denial of service (divide-by-zero error and panic) via IGMP packets.",Ignore
20120111,CVE-2012-0390,-1,-1,739898,gnutls,https://www.suse.com/security/cve/CVE-2012-0390,"The DTLS implementation in GnuTLS 3.0.10 and earlier executes certain error-handling code only if there is a specific relationship between a padding length and the ciphertext size, which makes it easier for remote attackers to recover partial plaintext via a timing side-channel attack, a related issue to CVE-2011-4108.",Released
20120112,CVE-2012-0044,,7.8,740745,kernel-source,https://www.suse.com/security/cve/CVE-2012-0044,"Integer overflow in the drm_mode_dirtyfb_ioctl function in drivers/gpu/drm/drm_crtc.c in the Direct Rendering Manager (DRM) subsystem in the Linux kernel before 3.1.5 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted ioctl call.",Ignore
20120113,CVE-2012-0031,-1,-1,741243,apache2,https://www.suse.com/security/cve/CVE-2012-0031,"scoreboard.c in the Apache HTTP Server 2.2.21 and earlier might allow local users to cause a denial of service (daemon crash during shutdown) or possibly have unspecified other impact by modifying a certain type field within a scoreboard shared memory segment, leading to an invalid call to the free function.",Released
20120113,CVE-2012-0037,,6.5,37195,raptor,https://www.suse.com/security/cve/CVE-2012-0037,"Redland Raptor (aka libraptor) before 2.0.7, as used by OpenOffice 3.3 and 3.4 Beta, LibreOffice before 3.4.6 and 3.5.x before 3.5.1, and other products, allows user-assisted remote attackers to read arbitrary files via a crafted XML external entity (XXE) declaration and reference in an RDF document.",Released
20120113,CVE-2012-0041,-1,-1,741187,wireshark,https://www.suse.com/security/cve/CVE-2012-0041,"The dissect_packet function in epan/packet.c in Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5 allows remote attackers to cause a denial of service (application crash) via a long packet in a capture file, as demonstrated by an airopeek file.",Released
20120113,CVE-2012-0042,-1,-1,741190,wireshark,https://www.suse.com/security/cve/CVE-2012-0042,"Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5 does not properly perform certain string conversions, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted packet, related to epan/to_str.c.",Released
20120113,CVE-2012-0043,-1,-1,741188,wireshark,https://www.suse.com/security/cve/CVE-2012-0043,"Buffer overflow in the reassemble_message function in epan/dissectors/packet-rlc.c in the RLC dissector in Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a series of fragmented RLC packets.",Released
20120116,CVE-2011-4609,-1,-1,1123874,glibc,https://www.suse.com/security/cve/CVE-2011-4609,"The svc_run function in the RPC implementation in glibc before 2.15 allows remote attackers to cause a denial of service (CPU consumption) via a large number of RPC connections.",Released
20120116,CVE-2011-5062,-1,-1,735343,tomcat6,https://www.suse.com/security/cve/CVE-2011-5062,"The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check qop values, which might allow remote attackers to bypass intended integrity-protection requirements via a qop=auth value, a different vulnerability than CVE-2011-1184.",Released
20120116,CVE-2011-5063,-1,-1,735343,tomcat6,https://www.suse.com/security/cve/CVE-2011-5063,"The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check realm values, which might allow remote attackers to bypass intended access restrictions by leveraging the availability of a protection space with weaker authentication or authorization requirements, a different vulnerability than CVE-2011-1184.",Released
20120116,CVE-2011-5064,-1,-1,735343,tomcat6,https://www.suse.com/security/cve/CVE-2011-5064,"DigestAuthenticator.java in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 uses Catalina as the hard-coded server secret (aka private key), which makes it easier for remote attackers to bypass cryptographic protection mechanisms by leveraging knowledge of this string, a different vulnerability than CVE-2011-1184.",Released
20120123,CVE-2012-0050,-1,-1,739719,openssl,https://www.suse.com/security/cve/CVE-2012-0050,"OpenSSL 0.9.8s and 1.0.0f does not properly support DTLS applications, which allows remote attackers to cause a denial of service (crash) via unspecified vectors related to an out-of-bounds read. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-4108.",Released
20120123,CVE-2012-0066,-1,-1,742815,wireshark,https://www.suse.com/security/cve/CVE-2012-0066,"Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5 allows remote attackers to cause a denial of service (application crash) via a long packet in a (1) Accellent 5Views (aka .5vw) file, (2) I4B trace file, or (3) NETMON 2 capture file.",Released
20120123,CVE-2012-0067,-1,-1,742815,wireshark,https://www.suse.com/security/cve/CVE-2012-0067,"wiretap/iptrace.c in Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5 allows remote attackers to cause a denial of service (application crash) via a long packet in an AIX iptrace file.",Released
20120123,CVE-2012-0068,-1,-1,742815,wireshark,https://www.suse.com/security/cve/CVE-2012-0068,"The lanalyzer_read function in wiretap/lanalyzer.c in Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5 allows remote attackers to cause a denial of service (application crash) via a Novell capture file containing a record that is too small.",Released
20120127,CVE-2012-0053,-1,-1,743743,apache2,https://www.suse.com/security/cve/CVE-2012-0053,"protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request (aka 400) error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors involving a (1) long or (2) malformed header in conjunction with crafted web script.",Released
20120129,CVE-2012-0021,-1,-1,1078450,apache2,https://www.suse.com/security/cve/CVE-2012-0021,"The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server 2.2.17 through 2.2.21, when a threaded MPM is used, does not properly handle a %{}C format string, which allows remote attackers to cause a denial of service (daemon crash) via a cookie that lacks both a name and a value.",Released
20120130,CVE-2012-0804,-1,-1,744059,cvs,https://www.suse.com/security/cve/CVE-2012-0804,"Heap-based buffer overflow in the proxy_connect function in src/client.c in CVS 1.11 and 1.12 allows remote HTTP proxy servers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted HTTP response.",Released
20120203,CVE-2011-3464,-1,-1,745029,libpng12-0,https://www.suse.com/security/cve/CVE-2011-3464,"Off-by-one error in the png_formatted_warning function in pngerror.c in libpng 1.5.4 through 1.5.7 might allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via unspecified vectors, which trigger a stack-based buffer overflow.",Already fixed
20120203,CVE-2012-0022,-1,-1,742477,tomcat6,https://www.suse.com/security/cve/CVE-2012-0022,"Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service (CPU consumption) via a request that contains many parameters and parameter values, a different vulnerability than CVE-2011-4858.",Released
20120206,CVE-2010-4563,-1,-1,745296,kernel-source,https://www.suse.com/security/cve/CVE-2010-4563,"The Linux kernel, when using IPv6, allows remote attackers to determine whether a host is sniffing the network by sending an ICMPv6 Echo Request to a multicast address and determining whether an Echo Reply is sent, as demonstrated by thcping.",Analysis
20120209,CVE-2011-3970,-1,-1,746039,libxslt,https://www.suse.com/security/cve/CVE-2011-3970,"libxslt, as used in Google Chrome before 17.0.963.46, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.",Released
20120214,CVE-2012-0247,,8.8,746880,ImageMagick,https://www.suse.com/security/cve/CVE-2012-0247,"ImageMagick 6.7.5-7 and earlier allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via crafted offset and count values in the ResolutionUnit tag in the EXIF IFD0 of an image.",Released
20120214,CVE-2012-0248,,5.5,746880,ImageMagick,https://www.suse.com/security/cve/CVE-2012-0248,"ImageMagick 6.7.5-7 and earlier allows remote attackers to cause a denial of service (infinite loop and hang) via a crafted image whose IFD contains IOP tags that all reference the beginning of the IDF.",Released
20120215,CVE-2012-0845,5.3,,747125,python-base,https://www.suse.com/security/cve/CVE-2012-0845,"SimpleXMLRPCServer.py in SimpleXMLRPCServer in Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via an XML-RPC POST request that contains a smaller amount of data than specified by the Content-Length header.",Already fixed
20120215,CVE-2012-0845,5.3,,747125,python,https://www.suse.com/security/cve/CVE-2012-0845,"SimpleXMLRPCServer.py in SimpleXMLRPCServer in Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via an XML-RPC POST request that contains a smaller amount of data than specified by the Content-Length header.",Released
20120217,CVE-2012-1053,-1,-1,747657,puppet,https://www.suse.com/security/cve/CVE-2012-1053,"The change_user method in the SUIDManager (lib/puppet/util/suidmanager.rb) in Puppet 2.6.x before 2.6.14 and 2.7.x before 2.7.11, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x before 2.0.3 does not properly manage group privileges, which allows local users to gain privileges via vectors related to (1) the change_user not dropping supplementary groups in certain conditions, (2) changes to the eguid without associated changes to the egid, or (3) the addition of the real gid to supplementary groups.",Released
20120217,CVE-2012-1054,-1,-1,747657,puppet,https://www.suse.com/security/cve/CVE-2012-1054,"Puppet 2.6.x before 2.6.14 and 2.7.x before 2.7.11, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x before 2.0.3, when managing a user login file with the k5login resource type, allows local users to gain privileges via a symlink attack on .k5login.",Released
20120218,CVE-2012-0864,-1,-1,747768,glibc,https://www.suse.com/security/cve/CVE-2012-0864,"Integer overflow in the vfprintf function in stdio-common/vfprintf.c in glibc 2.14 and other versions allows context-dependent attackers to bypass the FORTIFY_SOURCE protection mechanism, conduct format string attacks, and write to arbitrary memory via a large number of arguments.",Already fixed
20120223,CVE-2012-0841,-1,-1,1123919,libxml2,https://www.suse.com/security/cve/CVE-2012-0841,"libxml2 before 2.8.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted XML data.",Released
20120223,CVE-2012-0875,-1,-1,748564,systemtap,https://www.suse.com/security/cve/CVE-2012-0875,"SystemTap 1.7, 1.6.7, and probably other versions, when unprivileged mode is enabled, allows local users to obtain sensitive information from kernel memory or cause a denial of service (kernel panic and crash) via vectors related to crafted DWARF data, which triggers a read of an invalid pointer.",Released
20120227,CVE-2012-0810,,5.5,749118,kernel-source,https://www.suse.com/security/cve/CVE-2012-0810,"The int3 handler in the Linux kernel before 3.3 relies on a per-CPU debug stack, which allows local users to cause a denial of service (stack corruption and panic) via a crafted application that triggers certain lock contention.",Already fixed
20120228,CVE-2006-7248,-1,-1,748738,openssl,https://www.suse.com/security/cve/CVE-2006-7248,"** REJECT **  DO NOT USE THIS CANDIDATE NUMBER.  ConsultIDs: CVE-2006-7250, CVE-2012-1410.  Reason: this candidate was intended for one issue, but CVE users may have associated it with multiple unrelated issues. Notes: All CVE users should consult CVE-2006-7250 for the OpenSSL candidate or CVE-2012-1410 for the Kadu candidate.  All references and descriptions in this candidate have been removed to prevent accidental usage.",Released
20120228,CVE-2012-0866,-1,-1,701489,postgresql94,https://www.suse.com/security/cve/CVE-2012-0866,"CREATE TRIGGER in PostgreSQL 8.3.x before 8.3.18, 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 does not properly check the execute permission for trigger functions marked SECURITY DEFINER, which allows remote authenticated users to execute otherwise restricted triggers on arbitrary data by installing the trigger on an attacker-owned table.",Affected
20120228,CVE-2012-0867,-1,-1,701489,postgresql94,https://www.suse.com/security/cve/CVE-2012-0867,"PostgreSQL 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 truncates the common name to only 32 characters when verifying SSL certificates, which allows remote attackers to spoof connections when the host name is exactly 32 characters.",Affected
20120228,CVE-2012-0868,-1,-1,701489,postgresql94,https://www.suse.com/security/cve/CVE-2012-0868,"CRLF injection vulnerability in pg_dump in PostgreSQL 8.3.x before 8.3.18, 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 allows user-assisted remote attackers to execute arbitrary SQL commands via a crafted file containing object names with newlines, which are inserted into an SQL script that is used when the database is restored.",Affected
20120228,CVE-2012-1088,-1,-1,749293,iproute2,https://www.suse.com/security/cve/CVE-2012-1088,"iproute2 before 3.3.0 allows local users to overwrite arbitrary files via a symlink attack on a temporary file used by (1) configure or (2) examples/dhcp-client-script.",Analysis
20120229,CVE-2006-7250,-1,-1,748738,openssl,https://www.suse.com/security/cve/CVE-2006-7250,"The mime_hdr_cmp function in crypto/asn1/asn_mime.c in OpenSSL 0.9.8t and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted S/MIME message.",Released
20120302,CVE-2012-1096,5.5,5.5,738073,NetworkManager,https://www.suse.com/security/cve/CVE-2012-1096,"NetworkManager 0.9 and earlier allows local users to use other users' certificates or private keys when making a connection via the file path when adding a new connection.",Affected
20120302,CVE-2012-1097,,7.8,750079,kernel-source,https://www.suse.com/security/cve/CVE-2012-1097,"The regset (aka register set) feature in the Linux kernel before 3.2.10 does not properly handle the absence of .get and .set methods, which allows local users to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via a (1) PTRACE_GETREGSET or (2) PTRACE_SETREGSET ptrace call.",Ignore
20120306,CVE-2012-1108,-1,-1,750689,taglib,https://www.suse.com/security/cve/CVE-2012-1108,"The parse function in ogg/xiphcomment.cpp in TagLib 1.7 and earlier allows remote attackers to cause a denial of service (crash) via a crafted vendorLength field in an ogg file.",Released
20120307,CVE-2012-0876,5.3,,750914,expat,https://www.suse.com/security/cve/CVE-2012-0876,"The XML parser (xmlparse.c) in expat before 2.1.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via an XML file with many identifiers with the same value.",Released
20120308,CVE-2012-1502,-1,-1,751005,python-pam,https://www.suse.com/security/cve/CVE-2012-1502,"Double free vulnerability in the PyPAM_conv in PAMmodule.c in PyPam 0.5.0 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a NULL byte in a password string.",Released
20120309,CVE-2012-1147,-1,-1,750914,expat,https://www.suse.com/security/cve/CVE-2012-1147,"readfilemap.c in expat before 2.1.0 allows context-dependent attackers to cause a denial of service (file descriptor consumption) via a large number of crafted XML files.",Released
20120309,CVE-2012-1148,,,750914,expat,https://www.suse.com/security/cve/CVE-2012-1148,"Memory leak in the poolGrow function in expat/lib/xmlparse.c in expat before 2.1.0 allows context-dependent attackers to cause a denial of service (memory consumption) via a large number of crafted XML files that cause improperly-handled reallocation failures when expanding entities.",Released
20120312,CVE-2012-1150,5.3,,751718,apache2-mod_python,https://www.suse.com/security/cve/CVE-2012-1150,"Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.",Released
20120312,CVE-2012-1150,5.3,,751718,python,https://www.suse.com/security/cve/CVE-2012-1150,"Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.",Released
20120313,CVE-2012-0884,-1,-1,749210,openssl,https://www.suse.com/security/cve/CVE-2012-0884,"The implementation of Cryptographic Message Syntax (CMS) and PKCS #7 in OpenSSL before 0.9.8u and 1.x before 1.0.0h does not properly restrict certain oracle behavior, which makes it easier for context-dependent attackers to decrypt data via a Million Message Attack (MMA) adaptive chosen ciphertext attack.",Released
20120313,CVE-2012-1165,-1,-1,749210,openssl,https://www.suse.com/security/cve/CVE-2012-1165,"The mime_param_cmp function in crypto/asn1/asn_mime.c in OpenSSL before 0.9.8u and 1.x before 1.0.0h allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted S/MIME message, a different vulnerability than CVE-2006-7250.",Released
20120314,CVE-2012-0249,-1,-1,752205,quagga,https://www.suse.com/security/cve/CVE-2012-0249,"Buffer overflow in the ospf_ls_upd_list_lsa function in ospf_packet.c in the OSPFv2 implementation in ospfd in Quagga before 0.99.20.1 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a Link State Update (aka LS Update) packet that is smaller than the length specified in its header.",Released
20120314,CVE-2012-0250,-1,-1,752206,quagga,https://www.suse.com/security/cve/CVE-2012-0250,"Buffer overflow in the OSPFv2 implementation in ospfd in Quagga before 0.99.20.1 allows remote attackers to cause a denial of service (daemon crash) via a Link State Update (aka LS Update) packet containing a network-LSA link-state advertisement for which the data-structure length is smaller than the value in the Length header field.",Released
20120315,CVE-2011-4940,-1,-1,752375,python,https://www.suse.com/security/cve/CVE-2011-4940,"The list_directory function in Lib/SimpleHTTPServer.py in SimpleHTTPServer in Python before 2.5.6c1, 2.6.x before 2.6.7 rc2, and 2.7.x before 2.7.2 does not place a charset parameter in the Content-Type HTTP header, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks against Internet Explorer 7 via UTF-7 encoding.",Released
20120316,CVE-2012-0255,-1,-1,752204,quagga,https://www.suse.com/security/cve/CVE-2012-0255,"The BGP implementation in bgpd in Quagga before 0.99.20.1 does not properly use message buffers for OPEN messages, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a message associated with a malformed Four-octet AS Number Capability (aka AS4 capability).",Already fixed
20120319,CVE-2012-1185,,7.8,752879,ImageMagick,https://www.suse.com/security/cve/CVE-2012-1185,"Multiple integer overflows in (1) magick/profile.c or (2) magick/property.c in ImageMagick 6.7.5 and earlier allow remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via crafted offset value in the ResolutionUnit tag in the EXIF IFD0 of an image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0247.",Released
20120319,CVE-2012-1186,,5.5,752879,ImageMagick,https://www.suse.com/security/cve/CVE-2012-1186,"Integer overflow in the SyncImageProfiles function in profile.c in ImageMagick 6.7.5-8 and earlier allows remote attackers to cause a denial of service (infinite loop) via crafted IOP tag offsets in the IFD in an image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0248.",Released
20120321,CVE-2012-1569,-1,-1,752193,gnutls,https://www.suse.com/security/cve/CVE-2012-1569,"The asn1_get_length_der function in decoding.c in GNU Libtasn1 before 2.12, as used in GnuTLS before 3.0.16 and other products, does not properly handle certain large length values, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly have unspecified other impact via a crafted ASN.1 structure.",Released
20120321,CVE-2012-1571,-1,-1,753303,php53,https://www.suse.com/security/cve/CVE-2012-1571,"file before 5.11 and libmagic allow remote attackers to cause a denial of service (crash) via a crafted Composite Document File (CDF) file that triggers (1) an out-of-bounds read or (2) an invalid pointer dereference.",Released
20120322,CVE-2012-1457,-1,-1,753611,clamav,https://www.suse.com/security/cve/CVE-2012-1457,"The TAR file parser in Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, avast! Antivirus 4.8.1351.0 and 5.0.677.0, AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Quick Heal (aka Cat QuickHeal) 11.00, ClamAV 0.96.4, Command Antivirus 5.2.11.5, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, F-Prot Antivirus 4.6.2.117, G Data AntiVirus 21, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, PC Tools AntiVirus 7.0.3.5, Rising Antivirus 22.83.00.03, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Trend Micro AntiVirus 9.120.0.1004, Trend Micro HouseCall 9.120.0.1004, VBA32 3.12.14.2, and VirusBuster 13.6.151.0 allows remote attackers to bypass malware detection via a TAR archive entry with a length field that exceeds the total TAR file size.  NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations.",Released
20120322,CVE-2012-1458,-1,-1,753613,clamav,https://www.suse.com/security/cve/CVE-2012-1458,"The Microsoft CHM file parser in ClamAV 0.96.4 and Sophos Anti-Virus 4.61.0 allows remote attackers to bypass malware detection via a crafted reset interval in the LZXC header of a CHM file.  NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different CHM parser implementations.",Released
20120322,CVE-2012-1459,-1,-1,753610,clamav,https://www.suse.com/security/cve/CVE-2012-1459,"The TAR file parser in AhnLab V3 Internet Security 2011.01.18.00, Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, avast! Antivirus 4.8.1351.0 and 5.0.677.0, AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Quick Heal (aka Cat QuickHeal) 11.00, ClamAV 0.96.4, Command Antivirus 5.2.11.5, Comodo Antivirus 7424, Emsisoft Anti-Malware 5.1.0.1, F-Prot Antivirus 4.6.2.117, F-Secure Anti-Virus 9.0.16160.0, Fortinet Antivirus 4.2.254.0, G Data AntiVirus 21, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, nProtect Anti-Virus 2011-01-17.01, Panda Antivirus 10.0.2.7, PC Tools AntiVirus 7.0.3.5, Rising Antivirus 22.83.00.03, Sophos Anti-Virus 4.61.0, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Trend Micro AntiVirus 9.120.0.1004, Trend Micro HouseCall 9.120.0.1004, VBA32 3.12.14.2, and VirusBuster 13.6.151.0 allows remote attackers to bypass malware detection via a TAR archive entry with a length field corresponding to that entire entry, plus part of the header of the next entry.  NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations.",Released
20120327,CVE-2012-0060,-1,-1,754284,rpm,https://www.suse.com/security/cve/CVE-2012-0060,"RPM before 4.9.1.3 does not properly validate region tags, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an invalid region tag in a package header to the (1) headerLoad, (2) rpmReadSignature, or (3) headerVerify function.",Released
20120327,CVE-2012-0061,-1,-1,754285,rpm,https://www.suse.com/security/cve/CVE-2012-0061,"The headerLoad function in lib/header.c in RPM before 4.9.1.3 does not properly validate region tags, which allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large region size in a package header.",Released
20120327,CVE-2012-0815,-1,-1,754281,rpm,https://www.suse.com/security/cve/CVE-2012-0815,"The headerVerifyInfo function in lib/header.c in RPM before 4.9.1.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a negative value in a region offset of a package header, which is not properly handled in a numeric range comparison.",Released
20120327,CVE-2012-1573,-1,-1,752193,gnutls,https://www.suse.com/security/cve/CVE-2012-1573,"gnutls_cipher.c in libgnutls in GnuTLS before 2.12.17 and 3.x before 3.0.15 does not properly handle data encrypted with a block cipher, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) via a crafted record, as demonstrated by a crafted GenericBlockCipher structure.",Released
20120327,CVE-2012-1584,-1,-1,750689,taglib,https://www.suse.com/security/cve/CVE-2012-1584,"Integer overflow in the mid function in toolkit/tbytevector.cpp in TagLib 1.7 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a crafted file header field in a media file, which triggers a large memory allocation.",Released
20120328,CVE-2011-4944,3.3,,754447,python-base,https://www.suse.com/security/cve/CVE-2011-4944,"Python 2.6 through 3.2 creates ~/.pypirc with world-readable permissions before changing them after data has been written, which introduces a race condition that allows local users to obtain a username and password by reading this file.",Unsupported
20120328,CVE-2011-4944,3.3,,754447,python,https://www.suse.com/security/cve/CVE-2011-4944,"Python 2.6 through 3.2 creates ~/.pypirc with world-readable permissions before changing them after data has been written, which introduces a race condition that allows local users to obtain a username and password by reading this file.",Already fixed
20120329,CVE-2012-0259,,6.5,754749,ImageMagick,https://www.suse.com/security/cve/CVE-2012-0259,"The GetEXIFProperty function in magick/property.c in ImageMagick before 6.7.6-3 allows remote attackers to cause a denial of service (crash) via a zero value in the component count of an EXIF XResolution tag in a JPEG file, which triggers an out-of-bounds read.",Released
20120329,CVE-2012-0260,,6.5,754749,ImageMagick,https://www.suse.com/security/cve/CVE-2012-0260,"The JPEGWarningHandler function in coders/jpeg.c in ImageMagick before 6.7.6-3 allows remote attackers to cause a denial of service (memory consumption) via a JPEG image with a crafted sequence of restart markers.",Released
20120329,CVE-2012-1593,-1,-1,754477,wireshark,https://www.suse.com/security/cve/CVE-2012-1593,"epan/dissectors/packet-ansi_a.c in the ANSI A dissector in Wireshark 1.4.x before 1.4.12 and 1.6.x before 1.6.6 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a malformed packet.",Released
20120329,CVE-2012-1594,-1,-1,754475,wireshark,https://www.suse.com/security/cve/CVE-2012-1594,"epan/dissectors/packet-ieee80211.c in the IEEE 802.11 dissector in Wireshark 1.6.x before 1.6.6 allows remote attackers to cause a denial of service (infinite loop) via a crafted packet.",Released
20120329,CVE-2012-1595,-1,-1,754476,wireshark,https://www.suse.com/security/cve/CVE-2012-1595,"The pcap_process_pseudo_header function in wiretap/pcap-common.c in Wireshark 1.4.x before 1.4.12 and 1.6.x before 1.6.6 allows remote attackers to cause a denial of service (application crash) via a WTAP_ENCAP_ERF file containing an Extension or Multi-Channel header with an invalid pseudoheader size, related to the pcap and pcap-ng file parsers.",Released
20120329,CVE-2012-1596,-1,-1,754474,wireshark,https://www.suse.com/security/cve/CVE-2012-1596,"The mp2t_process_fragmented_payload function in epan/dissectors/packet-mp2t.c in the MP2T dissector in Wireshark 1.4.x before 1.4.12 and 1.6.x before 1.6.6 allows remote attackers to cause a denial of service (application crash) via a packet containing an invalid pointer value that triggers an incorrect memory-allocation attempt.",Released
20120329,CVE-2012-1768,-1,-1,754749,ImageMagick,https://www.suse.com/security/cve/CVE-2012-1768,"Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters, a different vulnerability than CVE-2012-3109.",Released
20120330,CVE-2012-1601,-1,-1,754898,kernel-source,https://www.suse.com/security/cve/CVE-2012-1601,"The KVM implementation in the Linux kernel before 3.3.6 allows host OS users to cause a denial of service (NULL pointer dereference and host OS crash) by making a KVM_CREATE_IRQCHIP ioctl call after a virtual CPU already exists.",Already fixed
20120330,CVE-2012-1798,,6.5,754749,ImageMagick,https://www.suse.com/security/cve/CVE-2012-1798,"The TIFFGetEXIFProperties function in coders/tiff.c in ImageMagick before 6.7.6-3 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted EXIF IFD in a TIFF image.",Released
20120404,CVE-2012-1173,-1,-1,753362,tiff,https://www.suse.com/security/cve/CVE-2012-1173,"Multiple integer overflows in tiff_getimage.c in LibTIFF 3.9.4 allow remote attackers to execute arbitrary code via a crafted tile size in a TIFF file, which is not properly handled by the (1) gtTileSeparate or (2) gtStripSeparate function, leading to a heap-based buffer overflow.",Released
20120405,CVE-2012-1986,-1,-1,755872,puppet,https://www.suse.com/security/cve/CVE-2012-1986,"Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote authenticated users with an authorized SSL key and certain permissions on the puppet master to read arbitrary files via a symlink attack in conjunction with a crafted REST request for a file in a filebucket.",Released
20120405,CVE-2012-1987,-1,-1,755870,puppet,https://www.suse.com/security/cve/CVE-2012-1987,"Unspecified vulnerability in Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote authenticated users with agent SSL keys to (1) cause a denial of service (memory consumption) via a REST request to a stream that triggers a thread block, as demonstrated using CVE-2012-1986 and /dev/random; or (2) cause a denial of service (filesystem consumption) via crafted REST requests that use \"a marshaled form of a Puppet::FileBucket::File object\" to write to arbitrary file locations.",Released
20120405,CVE-2012-1988,-1,-1,755869,puppet,https://www.suse.com/security/cve/CVE-2012-1988,"Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote authenticated users with agent SSL keys and file-creation permissions on the puppet master to execute arbitrary commands by creating a file whose full pathname contains shell metacharacters, then performing a filebucket request.",Released
20120405,CVE-2012-1989,-1,-1,755871,puppet,https://www.suse.com/security/cve/CVE-2012-1989,"telnet.rb in Puppet 2.7.x before 2.7.13 and Puppet Enterprise (PE) 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows local users to overwrite arbitrary files via a symlink attack on the NET::Telnet connection log (/tmp/out.log).",Released
20120418,CVE-2012-0883,-1,-1,757710,apache2,https://www.suse.com/security/cve/CVE-2012-0883,"envvars (aka envvars-std) in the Apache HTTP Server before 2.4.2 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse DSO in the current working directory during execution of apachectl.",Released
20120419,CVE-2012-2110,-1,-1,758060,openssl,https://www.suse.com/security/cve/CVE-2012-2110,"The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in OpenSSL before 0.9.8v, 1.0.0 before 1.0.0i, and 1.0.1 before 1.0.1a does not properly interpret integer data, which allows remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption) or possibly have unspecified other impact, via crafted DER data, as demonstrated by an X.509 certificate or an RSA public key.",Released
20120420,CVE-2012-2119,-1,-1,758243,kernel-source,https://www.suse.com/security/cve/CVE-2012-2119,"Buffer overflow in the macvtap device driver in the Linux kernel before 3.4.5, when running in certain configurations, allows privileged KVM guest users to cause a denial of service (crash) via a long descriptor with a long vector length.",Already fixed
20120423,CVE-2012-1610,,7.5,754749,ImageMagick,https://www.suse.com/security/cve/CVE-2012-1610,"Integer overflow in the GetEXIFProperty function in magick/property.c in ImageMagick before 6.7.6-4 allows remote attackers to cause a denial of service (out-of-bounds read) via a large component count for certain EXIF tags in a JPEG image.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0259.",Released
20120424,CVE-2012-2131,-1,-1,758060,openssl,https://www.suse.com/security/cve/CVE-2012-2131,"Multiple integer signedness errors in crypto/buffer/buffer.c in OpenSSL 0.9.8v allow remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption) or possibly have unspecified other impact, via crafted DER data, as demonstrated by an X.509 certificate or an RSA public key.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-2110.",Released
20120425,CVE-2012-1820,-1,-1,759081,quagga,https://www.suse.com/security/cve/CVE-2012-1820,"The bgp_capability_orf function in bgpd in Quagga 0.99.20.1 and earlier allows remote attackers to cause a denial of service (assertion failure and daemon exit) by leveraging a BGP peering relationship and sending a malformed Outbound Route Filtering (ORF) capability TLV in an OPEN message.",Released
20120425,CVE-2012-2132,-1,-1,758431,libsoup,https://www.suse.com/security/cve/CVE-2012-2132,"libsoup 2.32.2 and earlier does not validate certificates or clear the trust flag when the ssl-ca-file does not exist, which allows remote attackers to bypass authentication by connecting with a SSL connection.",Released
20120503,CVE-2012-2152,-1,-1,760334,dhcpcd,https://www.suse.com/security/cve/CVE-2012-2152,"Stack-based buffer overflow in the get_packet method in socket.c in dhcpcd 3.2.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long packet.",Released
20120511,CVE-2012-2333,-1,-1,761838,openssl,https://www.suse.com/security/cve/CVE-2012-2333,"Integer underflow in OpenSSL before 0.9.8x, 1.0.0 before 1.0.0j, and 1.0.1 before 1.0.1c, when TLS 1.1, TLS 1.2, or DTLS is used with CBC encryption, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted TLS packet that is not properly handled during a certain explicit IV calculation.",Released
20120515,CVE-2012-0219,-1,-1,759859,socat,https://www.suse.com/security/cve/CVE-2012-0219,"Heap-based buffer overflow in the xioscan_readline function in xio-readline.c in socat 1.4.0.0 through 1.7.2.0 and 2.0.0-b1 through 2.0.0-b4 allows local users to execute arbitrary code via the READLINE address.",Released
20120515,CVE-2012-0862,-1,-1,762294,xinetd,https://www.suse.com/security/cve/CVE-2012-0862,"builtins.c in Xinetd before 2.3.15 does not check the service type when the tcpmux-server service is enabled, which exposes all enabled services and allows remote attackers to bypass intended access restrictions via a request to tcpmux port 1.",Released
20120516,CVE-2011-3102,-1,-1,1123919,libxml2,https://www.suse.com/security/cve/CVE-2011-3102,"Off-by-one error in libxml2, as used in Google Chrome before 19.0.1084.46 and other products, allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via unknown vectors.",Released
20120517,CVE-2012-2370,-1,-1,762735,gtk2,https://www.suse.com/security/cve/CVE-2012-2370,"Multiple integer overflows in the read_bitmap_file_data function in io-xbm.c in gdk-pixbuf before 2.26.1 allow remote attackers to cause a denial of service (application crash) via a negative (1) height or (2) width in an XBM file, which triggers a heap-based buffer overflow.",Released
20120523,CVE-2012-2388,-1,-1,1107874,strongswan,https://www.suse.com/security/cve/CVE-2012-2388,"The GMP Plugin in strongSwan 4.2.0 through 4.6.3 allows remote attackers to bypass authentication via a (1) empty or (2) zeroed RSA signature, aka \"RSA signature verification vulnerability.\"",Released
20120523,CVE-2012-2392,-1,-1,763634,wireshark,https://www.suse.com/security/cve/CVE-2012-2392,"Wireshark 1.4.x before 1.4.13 and 1.6.x before 1.6.8 allows remote attackers to cause a denial of service (infinite loop) via vectors related to the (1) ANSI MAP, (2) ASF, (3) IEEE 802.11, (4) IEEE 802.3, and (5) LTP dissectors.",Released
20120523,CVE-2012-2393,-1,-1,763634,wireshark,https://www.suse.com/security/cve/CVE-2012-2393,"epan/dissectors/packet-diameter.c in the DIAMETER dissector in Wireshark 1.4.x before 1.4.13 and 1.6.x before 1.6.8 does not properly construct certain array data structures, which allows remote attackers to cause a denial of service (application crash) via a crafted packet that triggers incorrect memory allocation.",Released
20120523,CVE-2012-2394,-1,-1,763634,wireshark,https://www.suse.com/security/cve/CVE-2012-2394,"Wireshark 1.4.x before 1.4.13 and 1.6.x before 1.6.8 on the SPARC and Itanium platforms does not properly perform data alignment for a certain structure member, which allows remote attackers to cause a denial of service (application crash) via a (1) ICMP or (2) ICMPv6 Echo Request packet.",Released
20120524,CVE-2012-2098,-1,-1,763820,ant,https://www.suse.com/security/cve/CVE-2012-2098,"Algorithmic complexity vulnerability in the sorting algorithms in bzip2 compressing stream (BZip2CompressorOutputStream) in Apache Commons Compress before 1.4.1 allows remote attackers to cause a denial of service (CPU consumption) via a file with many repeating inputs.",Already fixed
20120529,CVE-2012-2653,-1,-1,764521,arpwatch,https://www.suse.com/security/cve/CVE-2012-2653,"arpwatch 2.1a15, as used by Red Hat, Debian, Fedora, and possibly others, does not properly drop supplementary groups, which might allow attackers to gain root privileges by leveraging other vulnerabilities in the daemon.",Released
20120530,CVE-2012-2944,-1,-1,764699,nut,https://www.suse.com/security/cve/CVE-2012-2944,"Buffer overflow in the addchar function in common/parseconf.c in upsd in Network UPS Tools (NUT) before 2.6.4 allows remote attackers to execute arbitrary code or cause a denial of service (electric-power outage) via a long string containing non-printable characters.",Released
20120601,CVE-2012-2655,-1,-1,765069,postgresql94,https://www.suse.com/security/cve/CVE-2012-2655,"PostgreSQL 8.3.x before 8.3.19, 8.4.x before 8.4.12, 9.0.x before 9.0.8, and 9.1.x before 9.1.4 allows remote authenticated users to cause a denial of service (server crash) by adding the (1) SECURITY DEFINER or (2) SET attributes to a procedural language's call handler.",Unsupported
20120604,CVE-2012-1667,-1,-1,765315,bind,https://www.suse.com/security/cve/CVE-2012-1667,"ISC BIND 9.x before 9.7.6-P1, 9.8.x before 9.8.3-P1, 9.9.x before 9.9.1-P1, and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P1 does not properly handle resource records with a zero-length RDATA section, which allows remote DNS servers to cause a denial of service (daemon crash or data corruption) or obtain sensitive information from process memory via a crafted record.",Released
20120609,CVE-2011-2906,,5.5,766277,kernel-source,https://www.suse.com/security/cve/CVE-2011-2906,"** DISPUTED ** Integer signedness error in the pmcraid_ioctl_passthrough function in drivers/scsi/pmcraid.c in the Linux kernel before 3.1 might allow local users to cause a denial of service (memory consumption or memory corruption) via a negative size value in an ioctl call. NOTE: this may be a vulnerability only in unusual environments that provide a privileged program for obtaining the required file descriptor.",Analysis
20120613,CVE-2012-2143,-1,-1,766797,postgresql94,https://www.suse.com/security/cve/CVE-2012-2143,"The crypt_des (aka DES-based crypt) function in FreeBSD before 9.0-RELEASE-p2, as used in PHP, PostgreSQL, and other products, does not process the complete cleartext password if this password contains a 0x80 character, which makes it easier for context-dependent attackers to obtain access via an authentication attempt with an initial substring of the intended password, as demonstrated by a Unicode password.",Already fixed
20120619,CVE-2012-2137,-1,-1,767612,kernel-source,https://www.suse.com/security/cve/CVE-2012-2137,"Buffer overflow in virt/kvm/irq_comm.c in the KVM subsystem in the Linux kernel before 3.2.24 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to Message Signaled Interrupts (MSI), irq routing entries, and an incorrect check by the setup_routing_entry function before invoking the kvm_set_irq function.",Already fixed
20120619,CVE-2012-2372,-1,-1,767610,kernel-source,https://www.suse.com/security/cve/CVE-2012-2372,"The rds_ib_xmit function in net/rds/ib_send.c in the Reliable Datagram Sockets (RDS) protocol implementation in the Linux kernel 3.7.4 and earlier allows local users to cause a denial of service (BUG_ON and kernel panic) by establishing an RDS connection with the source IP address equal to the IPoIB interface's own IP address, as demonstrated by rds-ping.",Already fixed
20120620,CVE-2012-2088,-1,-1,767854,tiff,https://www.suse.com/security/cve/CVE-2012-2088,"Integer signedness error in the TIFFReadDirectory function in tif_dirread.c in libtiff 3.9.4 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a negative tile depth in a tiff image, which triggers an improper conversion between signed and unsigned types, leading to a heap-based buffer overflow.",Released
20120620,CVE-2012-2113,-1,-1,767852,tiff,https://www.suse.com/security/cve/CVE-2012-2113,"Multiple integer overflows in tiff2pdf in libtiff before 4.0.2 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted tiff image, which triggers a heap-based buffer overflow.",Released
20120621,CVE-2011-5095,-1,-1,768097,openssl,https://www.suse.com/security/cve/CVE-2011-5095,"The Diffie-Hellman key-exchange implementation in OpenSSL 0.9.8, when FIPS mode is enabled, does not properly validate a public parameter, which makes it easier for man-in-the-middle attackers to obtain the shared secret key by modifying network traffic, a related issue to CVE-2011-1923.",Released
20120621,CVE-2012-2328,-1,-1,768128,sblim-cim-client2,https://www.suse.com/security/cve/CVE-2012-2328,"internal/cimxml/sax/NodeFactory.java in Standards-Based Linux Instrumentation for Manageability (SBLIM) Common Information Model (CIM) Client (aka sblim-cim-client2) before 2.1.12 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted XML file.",Affected
20120622,CVE-2009-5031,-1,-1,768293,apache2-mod_security2,https://www.suse.com/security/cve/CVE-2009-5031,"ModSecurity before 2.5.11 treats request parameter values containing single quotes as files, which allows remote attackers to bypass filtering rules and perform other attacks such as cross-site scripting (XSS) attacks via a single quote in a request parameter in the Content-Disposition field of a request with a multipart/form-data Content-Type header.",Released
20120628,CVE-2012-2807,-1,-1,1123919,libxml2,https://www.suse.com/security/cve/CVE-2012-2807,"Multiple integer overflows in libxml2, as used in Google Chrome before 20.0.1132.43 and other products, on 64-bit Linux platforms allow remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.",Released
20120628,CVE-2012-2825,-1,-1,769181,libxslt,https://www.suse.com/security/cve/CVE-2012-2825,"The XSL implementation in Google Chrome before 20.0.1132.43 allows remote attackers to cause a denial of service (incorrect read operation) via unspecified vectors.",Released
20120706,CVE-2012-3378,-1,-1,770177,firefox-at-spi2-atk,https://www.suse.com/security/cve/CVE-2012-3378,"The register_application function in atk-adaptor/bridge.c in GNOME at-spi2-atk 2.5.2 does not seed the random number generator and generates predictable temporary file names, which makes it easier for local users to create or truncate files via a symlink attack on a temporary socket file in /tmp/at-spi2.",Affected
20120706,CVE-2012-3381,-1,-1,770234,sblim-sfcb,https://www.suse.com/security/cve/CVE-2012-3381,"sfcb in sblim-sfcb places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.",Released
20120707,CVE-2012-3382,-1,-1,769799,mono-core,https://www.suse.com/security/cve/CVE-2012-3382,"Cross-site scripting (XSS) vulnerability in the ProcessRequest function in mcs/class/System.Web/System.Web/HttpForbiddenHandler.cs in Mono 2.10.8 and earlier allows remote attackers to inject arbitrary web script or HTML via a file with a crafted name and a forbidden extension, which is not properly handled in an error message.",Released
20120710,CVE-2012-3386,-1,-1,770618,automake,https://www.suse.com/security/cve/CVE-2012-3386,"The \"make distcheck\" rule in GNU Automake before 1.11.6 and 1.12.x before 1.12.2 grants world-writable permissions to the extraction directory, which introduces a race condition that allows local users to execute arbitrary code via unspecified vectors.",Released
20120710,CVE-2012-3400,-1,-1,769784,kernel-source,https://www.suse.com/security/cve/CVE-2012-3400,"Heap-based buffer overflow in the udf_load_logicalvol function in fs/udf/super.c in the Linux kernel before 3.4.5 allows remote attackers to cause a denial of service (system crash) or possibly have unspecified other impact via a crafted UDF filesystem.",Ignore
20120711,CVE-2012-3401,-1,-1,770816,tiff,https://www.suse.com/security/cve/CVE-2012-3401,"The t2p_read_tiff_init function in tiff2pdf (tools/tiff2pdf.c) in LibTIFF 4.0.2 and earlier does not properly initialize the T2P context struct pointer in certain error conditions, which allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF image that triggers a heap-based buffer overflow.",Released
20120711,CVE-2012-3864,-1,-1,770828,puppet,https://www.suse.com/security/cve/CVE-2012-3864,"Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, allows remote authenticated users to read arbitrary files on the puppet master server by leveraging an arbitrary user's certificate and private key in a GET request.",Released
20120711,CVE-2012-3865,-1,-1,770829,puppet,https://www.suse.com/security/cve/CVE-2012-3865,"Directory traversal vulnerability in lib/puppet/reports/store.rb in Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, when Delete is enabled in auth.conf, allows remote authenticated users to delete arbitrary files on the puppet master server via a .. (dot dot) in a node name.",Released
20120711,CVE-2012-3866,-1,-1,770827,puppet,https://www.suse.com/security/cve/CVE-2012-3866,"lib/puppet/defaults.rb in Puppet 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, uses 0644 permissions for last_run_report.yaml, which allows local users to obtain sensitive configuration information by leveraging access to the puppet master server to read this file.",Released
20120711,CVE-2012-3867,-1,-1,770833,puppet,https://www.suse.com/security/cve/CVE-2012-3867,"lib/puppet/ssl/certificate_authority.rb in Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, does not properly restrict the characters in the Common Name field of a Certificate Signing Request (CSR), which makes it easier for user-assisted remote attackers to trick administrators into signing a crafted agent certificate via ANSI control sequences.",Released
20120712,CVE-2012-2812,-1,-1,771229,libexif,https://www.suse.com/security/cve/CVE-2012-2812,"The exif_entry_get_value function in exif-entry.c in the EXIF Tag Parsing Library (aka libexif) before 0.6.21 allows remote attackers to cause a denial of service (out-of-bounds read) or possibly obtain sensitive information from process memory via crafted EXIF tags in an image.",Released
20120712,CVE-2012-2813,-1,-1,771229,libexif,https://www.suse.com/security/cve/CVE-2012-2813,"The exif_convert_utf16_to_utf8 function in exif-entry.c in the EXIF Tag Parsing Library (aka libexif) before 0.6.21 allows remote attackers to cause a denial of service (out-of-bounds read) or possibly obtain sensitive information from process memory via crafted EXIF tags in an image.",Released
20120712,CVE-2012-2814,-1,-1,771229,libexif,https://www.suse.com/security/cve/CVE-2012-2814,"Buffer overflow in the exif_entry_format_value function in exif-entry.c in the EXIF Tag Parsing Library (aka libexif) 0.6.20 allows remote attackers to cause a denial of service or possibly execute arbitrary code via crafted EXIF tags in an image.",Released
20120712,CVE-2012-2836,-1,-1,771229,libexif,https://www.suse.com/security/cve/CVE-2012-2836,"The exif_data_load_data function in exif-data.c in the EXIF Tag Parsing Library (aka libexif) before 0.6.21 allows remote attackers to cause a denial of service (out-of-bounds read) or possibly obtain sensitive information from process memory via crafted EXIF tags in an image.",Released
20120712,CVE-2012-2837,-1,-1,771229,libexif,https://www.suse.com/security/cve/CVE-2012-2837,"The mnote_olympus_entry_get_value function in olympus/mnote-olympus-entry.c in the EXIF Tag Parsing Library (aka libexif) before 0.6.21 allows remote attackers to cause a denial of service (divide-by-zero error) via an image with crafted EXIF tags that are not properly handled during the formatting of EXIF maker note tags.",Released
20120712,CVE-2012-2840,-1,-1,771229,libexif,https://www.suse.com/security/cve/CVE-2012-2840,"Off-by-one error in the exif_convert_utf16_to_utf8 function in exif-entry.c in the EXIF Tag Parsing Library (aka libexif) before 0.6.21 allows remote attackers to cause a denial of service or possibly execute arbitrary code via crafted EXIF tags in an image.",Released
20120712,CVE-2012-2841,-1,-1,771229,libexif,https://www.suse.com/security/cve/CVE-2012-2841,"Integer underflow in the exif_entry_get_value function in exif-entry.c in the EXIF Tag Parsing Library (aka libexif) 0.6.20 might allow remote attackers to execute arbitrary code via vectors involving a crafted buffer-size parameter during the formatting of an EXIF tag, leading to a heap-based buffer overflow.",Released
20120712,CVE-2012-2845,-1,-1,771229,libexif,https://www.suse.com/security/cve/CVE-2012-2845,"Integer overflow in the jpeg_data_load_data function in jpeg-data.c in libjpeg in exif 0.6.20 allows remote attackers to cause a denial of service (buffer over-read and application crash) or obtain potentially sensitive information via a crafted JPEG file.",Released
20120712,CVE-2012-3404,-1,-1,770891,glibc,https://www.suse.com/security/cve/CVE-2012-3404,"The vfprintf function in stdio-common/vfprintf.c in libc in GNU C Library (aka glibc) 2.12 and other versions does not properly calculate a buffer length, which allows context-dependent attackers to bypass the FORTIFY_SOURCE format-string protection mechanism and cause a denial of service (stack corruption and crash) via a format string that uses positional parameters and many format specifiers.",Affected
20120712,CVE-2012-3405,-1,-1,770891,glibc,https://www.suse.com/security/cve/CVE-2012-3405,"The vfprintf function in stdio-common/vfprintf.c in libc in GNU C Library (aka glibc) 2.14 and other versions does not properly calculate a buffer length, which allows context-dependent attackers to bypass the FORTIFY_SOURCE format-string protection mechanism and cause a denial of service (segmentation fault and crash) via a format string with a large number of format specifiers that triggers \"desynchronization within the buffer size handling,\" a different vulnerability than CVE-2012-3404.",Affected
20120712,CVE-2012-3406,-1,-1,770891,glibc,https://www.suse.com/security/cve/CVE-2012-3406,"The vfprintf function in stdio-common/vfprintf.c in GNU C Library (aka glibc) 2.5, 2.12, and probably other versions does not \"properly restrict the use of\" the alloca function when allocating the SPECS array, which allows context-dependent attackers to bypass the FORTIFY_SOURCE format-string protection mechanism and cause a denial of service (crash) or possibly execute arbitrary code via a crafted format string using positional parameters and a large number of format specifiers, a different vulnerability than CVE-2012-3404 and CVE-2012-3405.",Affected
20120716,CVE-2012-3411,-1,-1,770435,dnsmasq,https://www.suse.com/security/cve/CVE-2012-3411,"Dnsmasq before 2.63test1, when used with certain libvirt configurations, replies to requests from prohibited interfaces, which allows remote attackers to cause a denial of service (traffic amplification) via a spoofed DNS query.",Analysis
20120717,CVE-2012-2806,-1,-1,771791,jpeg,https://www.suse.com/security/cve/CVE-2012-2806,"Heap-based buffer overflow in the get_sos function in jdmarker.c in libjpeg-turbo 1.2.0 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large component count in the header of a JPEG image.",Released
20120718,CVE-2012-3413,-1,-1,771586,kdepim4,https://www.suse.com/security/cve/CVE-2012-3413,"The HTMLQuoteColorer::process function in messageviewer/htmlquotecolorer.cpp in KDE PIM 4.6 through 4.8 does not disable JavaScript, Java, and Plugins, which allows remote attackers to inject arbitrary web script or HTML via a crafted email.",Analysis
20120723,CVE-2012-2688,-1,-1,772582,php53,https://www.suse.com/security/cve/CVE-2012-2688,"Unspecified vulnerability in the _php_stream_scandir function in the stream implementation in PHP before 5.3.15 and 5.4.x before 5.4.5 has unknown impact and remote attack vectors, related to an \"overflow.\"",Already fixed
20120724,CVE-2012-4048,-1,-1,772738,wireshark,https://www.suse.com/security/cve/CVE-2012-4048,"The PPP dissector in Wireshark 1.4.x before 1.4.14, 1.6.x before 1.6.9, and 1.8.x before 1.8.1 allows remote attackers to cause a denial of service (invalid pointer dereference and application crash) via a crafted packet, as demonstrated by a usbmon dump.",Released
20120724,CVE-2012-4049,-1,-1,772738,wireshark,https://www.suse.com/security/cve/CVE-2012-4049,"epan/dissectors/packet-nfs.c in the NFS dissector in Wireshark 1.4.x before 1.4.14, 1.6.x before 1.6.9, and 1.8.x before 1.8.1 allows remote attackers to cause a denial of service (loop and CPU consumption) via a crafted packet.",Released
20120725,CVE-2012-3817,-1,-1,772945,bind,https://www.suse.com/security/cve/CVE-2012-3817,"ISC BIND 9.4.x, 9.5.x, 9.6.x, and 9.7.x before 9.7.6-P2; 9.8.x before 9.8.3-P2; 9.9.x before 9.9.1-P2; and 9.6-ESV before 9.6-ESV-R7-P2, when DNSSEC validation is enabled, does not properly initialize the failing-query cache, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) by sending many queries.",Released
20120725,CVE-2012-3868,-1,-1,772946,bind,https://www.suse.com/security/cve/CVE-2012-3868,"Race condition in the ns_client structure management in ISC BIND 9.9.x before 9.9.1-P2 allows remote attackers to cause a denial of service (memory consumption or process exit) via a large volume of TCP queries.",Released
20120727,CVE-2012-3430,-1,-1,773383,kernel-source,https://www.suse.com/security/cve/CVE-2012-3430,"The rds_recvmsg function in net/rds/recv.c in the Linux kernel before 3.0.44 does not initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via a (1) recvfrom or (2) recvmsg system call on an RDS socket.",Released
20120815,CVE-2012-3482,-1,-1,775988,fetchmail,https://www.suse.com/security/cve/CVE-2012-3482,"Fetchmail 5.0.8 through 6.3.21, when using NTLM authentication in debug mode, allows remote NTLM servers to (1) cause a denial of service (crash and delayed delivery of inbound mail) via a crafted NTLM response that triggers an out-of-bounds read in the base64 decoder, or (2) obtain sensitive information from memory via an NTLM Type 2 message with a crafted Target Name structure, which triggers an out-of-bounds read.",Released
20120815,CVE-2012-4285,-1,-1,776083,wireshark,https://www.suse.com/security/cve/CVE-2012-4285,"The dissect_pft function in epan/dissectors/packet-dcp-etsi.c in the DCP ETSI dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a zero-length message.",Released
20120815,CVE-2012-4288,-1,-1,776083,wireshark,https://www.suse.com/security/cve/CVE-2012-4288,"Integer overflow in the dissect_xtp_ecntl function in epan/dissectors/packet-xtp.c in the XTP dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (loop or application crash) via a large value for a span length.",Released
20120815,CVE-2012-4289,-1,-1,776083,wireshark,https://www.suse.com/security/cve/CVE-2012-4289,"epan/dissectors/packet-afp.c in the AFP dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (loop and CPU consumption) via a large number of ACL entries.",Released
20120815,CVE-2012-4291,-1,-1,776083,wireshark,https://www.suse.com/security/cve/CVE-2012-4291,"The CIP dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (memory consumption) via a malformed packet.",Released
20120815,CVE-2012-4292,-1,-1,776083,wireshark,https://www.suse.com/security/cve/CVE-2012-4292,"The dissect_stun_message function in epan/dissectors/packet-stun.c in the STUN dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 does not properly interact with key-destruction behavior in a certain tree library, which allows remote attackers to cause a denial of service (application crash) via a malformed packet.",Released
20120815,CVE-2012-4293,-1,-1,776083,wireshark,https://www.suse.com/security/cve/CVE-2012-4293,"plugins/ethercat/packet-ecatmb.c in the EtherCAT Mailbox dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 does not properly handle certain integer fields, which allows remote attackers to cause a denial of service (application exit) via a malformed packet.",Released
20120815,CVE-2012-4296,-1,-1,776083,wireshark,https://www.suse.com/security/cve/CVE-2012-4296,"Buffer overflow in epan/dissectors/packet-rtps2.c in the RTPS2 dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (CPU consumption) via a malformed packet.",Released
20120819,CVE-2012-3488,-1,-1,776523,postgresql94,https://www.suse.com/security/cve/CVE-2012-3488,"The libxslt support in contrib/xml2 in PostgreSQL 8.3 before 8.3.20, 8.4 before 8.4.13, 9.0 before 9.0.9, and 9.1 before 9.1.5 does not properly restrict access to files and URLs, which allows remote authenticated users to modify data, obtain sensitive information, or trigger outbound traffic to arbitrary external hosts by leveraging (1) stylesheet commands that are permitted by the libxslt security options or (2) an xslt_process feature, related to an XML External Entity (aka XXE) issue.",Unsupported
20120819,CVE-2012-3489,,6.5,776524,postgresql94,https://www.suse.com/security/cve/CVE-2012-3489,"The xml_parse function in the libxml2 support in the core server component in PostgreSQL 8.3 before 8.3.20, 8.4 before 8.4.13, 9.0 before 9.0.9, and 9.1 before 9.1.5 allows remote authenticated users to determine the existence of arbitrary files or URLs, and possibly obtain file or URL content that triggers a parsing error, via an XML value that refers to (1) a DTD or (2) an entity, related to an XML External Entity (aka XXE) issue.",Unsupported
20120822,CVE-2012-3509,-1,-1,776968,binutils,https://www.suse.com/security/cve/CVE-2012-3509,"Multiple integer overflows in the (1) _objalloc_alloc function in objalloc.c and (2) objalloc_alloc macro in include/objalloc.h in GNU libiberty, as used by binutils 2.22, allow remote attackers to cause a denial of service (crash) via vectors related to the \"addition of CHUNK_HEADER_SIZE to the length,\" which triggers a heap-based buffer overflow.",Released
20120822,CVE-2012-3509,-1,-1,776968,gcc5,https://www.suse.com/security/cve/CVE-2012-3509,"Multiple integer overflows in the (1) _objalloc_alloc function in objalloc.c and (2) objalloc_alloc macro in include/objalloc.h in GNU libiberty, as used by binutils 2.22, allow remote attackers to cause a denial of service (crash) via vectors related to the \"addition of CHUNK_HEADER_SIZE to the length,\" which triggers a heap-based buffer overflow.",Released
20120822,CVE-2012-3509,-1,-1,776968,gdb,https://www.suse.com/security/cve/CVE-2012-3509,"Multiple integer overflows in the (1) _objalloc_alloc function in objalloc.c and (2) objalloc_alloc macro in include/objalloc.h in GNU libiberty, as used by binutils 2.22, allow remote attackers to cause a denial of service (crash) via vectors related to the \"addition of CHUNK_HEADER_SIZE to the length,\" which triggers a heap-based buffer overflow.",Released
20120822,CVE-2012-3509,-1,-1,776968,libffi-gcc5,https://www.suse.com/security/cve/CVE-2012-3509,"Multiple integer overflows in the (1) _objalloc_alloc function in objalloc.c and (2) objalloc_alloc macro in include/objalloc.h in GNU libiberty, as used by binutils 2.22, allow remote attackers to cause a denial of service (crash) via vectors related to the \"addition of CHUNK_HEADER_SIZE to the length,\" which triggers a heap-based buffer overflow.",Released
20120822,CVE-2012-3520,-1,-1,776925,kernel-source,https://www.suse.com/security/cve/CVE-2012-3520,"The Netlink implementation in the Linux kernel before 3.2.30 does not properly handle messages that lack SCM_CREDENTIALS data, which might allow local users to spoof Netlink communication via a crafted message, as demonstrated by a message to (1) Avahi or (2) NetworkManager.",Already fixed
20120822,CVE-2012-3523,-1,-1,776967,inn,https://www.suse.com/security/cve/CVE-2012-3523,"The STARTTLS implementation in nnrpd in INN before 2.5.3 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted sessions by sending a cleartext command that is processed after TLS is in place, related to a \"plaintext command injection\" attack, a similar issue to CVE-2011-0411.",Released
20120822,CVE-2012-3524,-1,-1,697105,dbus-1,https://www.suse.com/security/cve/CVE-2012-3524,"libdbus 1.5.x and earlier, when used in setuid or other privileged programs in X.org and possibly other products, allows local users to gain privileges and execute arbitrary code via the DBUS_SYSTEM_BUS_ADDRESS environment variable. NOTE: libdbus maintainers state that this is a vulnerability in the applications that do not cleanse environment variables, not in libdbus itself: \"we do not support use of libdbus in setuid binaries that do not sanitize their environment before their first call into libdbus.\"",Released
20120824,CVE-2012-2687,-1,-1,777260,apache2,https://www.suse.com/security/cve/CVE-2012-2687,"Multiple cross-site scripting (XSS) vulnerabilities in the make_variant_list function in mod_negotiation.c in the mod_negotiation module in the Apache HTTP Server 2.4.x before 2.4.3, when the MultiViews option is enabled, allow remote attackers to inject arbitrary web script or HTML via a crafted filename that is not properly handled during construction of a variant list.",Released
20120827,CVE-2012-3461,-1,-1,777468,libotr,https://www.suse.com/security/cve/CVE-2012-3461,"The (1) otrl_base64_otr_decode function in src/b64.c; (2) otrl_proto_data_read_flags and (3) otrl_proto_accept_data functions in src/proto.c; and (4) decode function in toolkit/parse.c in libotr before 3.2.1 allocates a zero-length buffer when decoding a base64 string, which allows remote attackers to cause a denial of service (application crash) via a message with the value \"?OTR:===.\", which triggers a heap-based buffer overflow.",Released
20120827,CVE-2012-3480,-1,-1,775690,glibc,https://www.suse.com/security/cve/CVE-2012-3480,"Multiple integer overflows in the (1) strtod, (2) strtof, (3) strtold, (4) strtod_l, and other unspecified \"related functions\" in stdlib in GNU C Library (aka glibc or libc6) 2.16 allow local users to cause a denial of service (application crash) and possibly execute arbitrary code via a long string, which triggers a stack-based buffer overflow.",Unsupported
20120829,CVE-2012-3543,,7.5,739119,mono-core,https://www.suse.com/security/cve/CVE-2012-3543,"mono 2.10.x ASP.NET Web Form Hash collision DoS",Released
20120906,CVE-2011-1153,-1,-1,778941,php53,https://www.suse.com/security/cve/CVE-2011-1153,"Multiple format string vulnerabilities in phar_object.c in the phar extension in PHP 5.3.5 and earlier allow context-dependent attackers to obtain sensitive information from process memory, cause a denial of service (memory corruption), or possibly execute arbitrary code via format string specifiers in an argument to a class method, leading to an incorrect zend_throw_exception_ex call.",Already fixed
20120907,CVE-2012-4412,-1,-1,779320,glibc,https://www.suse.com/security/cve/CVE-2012-4412,"Integer overflow in string/strcoll_l.c in the GNU C Library (aka glibc or libc6) 2.17 and earlier allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string, which triggers a heap-based buffer overflow.",Released
20120910,CVE-2012-4398,-1,-1,778463,kernel-source,https://www.suse.com/security/cve/CVE-2012-4398,"The __request_module function in kernel/kmod.c in the Linux kernel before 3.4 does not set a certain killable attribute, which allows local users to cause a denial of service (memory consumption) via a crafted application.",Already fixed
20120911,CVE-2012-4405,-1,-1,726092,ghostscript-library,https://www.suse.com/security/cve/CVE-2012-4405,"Multiple integer underflows in the icmLut_allocate function in International Color Consortium (ICC) Format library (icclib), as used in Ghostscript 9.06 and Argyll Color Management System, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted (1) PostScript or (2) PDF file with embedded images, which triggers a heap-based buffer overflow. NOTE: this issue is also described as an array index error.",Released
20120912,CVE-2012-0427,-1,-1,604730,inst-source-utils,https://www.suse.com/security/cve/CVE-2012-0427,"yast2-add-on-creator in SUSE inst-source-utils 2008.11.26 before 2008.11.26-0.9.1 and 2012.9.13 before 2012.9.13-0.8.1 allows local users to gain privileges via a crafted (1) file name or (2) directory name.",Released
20120913,CVE-2012-4244,-1,-1,780157,bind,https://www.suse.com/security/cve/CVE-2012-4244,"ISC BIND 9.x before 9.7.6-P3, 9.8.x before 9.8.3-P3, 9.9.x before 9.9.1-P3, and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P3 allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query for a long resource record.",Released
20120914,CVE-2012-4428,7.5,7.5,778508,openslp,https://www.suse.com/security/cve/CVE-2012-4428,"openslp: SLPIntersectStringList()' Function has a DoS vulnerability",Already fixed
20120926,CVE-2012-4447,-1,-1,781995,tiff,https://www.suse.com/security/cve/CVE-2012-4447,"Heap-based buffer overflow in tif_pixarlog.c in LibTIFF before 4.0.3 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted TIFF image using the PixarLog Compression format.",Released
20121004,CVE-2012-4466,-1,-1,783525,ruby,https://www.suse.com/security/cve/CVE-2012-4466,"Ruby 1.8.7 before patchlevel 371, 1.9.3 before patchlevel 286, and 2.0 before revision r37068 allows context-dependent attackers to bypass safe-level restrictions and modify untainted strings via the name_err_mesg_to_str API function, which marks the string as tainted, a different vulnerability than CVE-2011-1005.",Released
20121008,CVE-2012-4481,-1,-1,673750,ruby,https://www.suse.com/security/cve/CVE-2012-4481,"The safe-level feature in Ruby 1.8.7 allows context-dependent attackers to modify strings via the NameError#to_s method when operating on Ruby objects. NOTE: this issue is due to an incomplete fix for CVE-2011-1005.",Released
20121010,CVE-2012-4504,-1,-1,784523,libproxy,https://www.suse.com/security/cve/CVE-2012-4504,"Stack-based buffer overflow in the url::get_pac function in url.cpp in libproxy 0.4.x before 0.4.9 allows remote servers to have an unspecified impact via a large proxy.pac file.",Released
20121010,CVE-2012-4508,-1,-1,784192,kernel-source,https://www.suse.com/security/cve/CVE-2012-4508,"Race condition in fs/ext4/extents.c in the Linux kernel before 3.4.16 allows local users to obtain sensitive information from a deleted file by reading an extent that was not properly marked as uninitialized.",Already fixed
20121010,CVE-2012-4510,-1,-1,783488,system-config-printer,https://www.suse.com/security/cve/CVE-2012-4510,"cups-pk-helper before 0.2.3 does not properly wrap the (1) cupsGetFile and (2) cupsPutFile function calls, which allows user-assisted remote attackers to read or overwrite sensitive files using CUPS resources.",Already fixed
20121011,CVE-2012-5166,-1,-1,784602,bind,https://www.suse.com/security/cve/CVE-2012-5166,"ISC BIND 9.x before 9.7.6-P4, 9.8.x before 9.8.3-P4, 9.9.x before 9.9.1-P4, and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P4 allows remote attackers to cause a denial of service (named daemon hang) via unspecified combinations of resource records.",Released
20121015,CVE-2012-3438,-1,-1,773612,ImageMagick,https://www.suse.com/security/cve/CVE-2012-3438,"The Magick_png_malloc function in coders/png.c in GraphicsMagick 6.7.8-6 does not use the proper variable type for the allocation size, which might allow remote attackers to cause a denial of service (crash) via a crafted PNG file that triggers incorrect memory allocation.",Released
20121031,CVE-2012-4512,,8.8,787520,kdelibs4,https://www.suse.com/security/cve/CVE-2012-4512,"The CSS parser (khtml/css/cssparser.cpp) in Konqueror in KDE 4.7.3 allows remote attackers to cause a denial of service (crash) and possibly read memory via a crafted font face source, related to \"type confusion.\"",Released
20121031,CVE-2012-4513,-1,-1,787520,kdelibs4,https://www.suse.com/security/cve/CVE-2012-4513,"khtml/imload/scaledimageplane.h in Konqueror in KDE 4.7.3 allows remote attackers to cause a denial of service (crash) and possibly read memory via large canvas dimensions, which leads to an unexpected sign extension and a heap-based buffer over-read.",Released
20121031,CVE-2012-4514,-1,-1,787520,kdelibs4,https://www.suse.com/security/cve/CVE-2012-4514,"rendering/render_replaced.cpp in Konqueror in KDE before 4.9.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted web page, related to \"trying to reuse a frame with a null part.\"",Released
20121031,CVE-2012-4515,-1,-1,787520,kdelibs4,https://www.suse.com/security/cve/CVE-2012-4515,"Use-after-free vulnerability in khtml/rendering/render_replaced.cpp in Konqueror in KDE 4.7.3, when the context menu is shown, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by accessing an iframe when it is being updated.",Released
20121102,CVE-2012-4461,-1,-1,787821,kernel-source,https://www.suse.com/security/cve/CVE-2012-4461,"The KVM subsystem in the Linux kernel before 3.6.9, when running on hosts that use qemu userspace without XSAVE, allows local users to cause a denial of service (kernel OOPS) by using the KVM_SET_SREGS ioctl to set the X86_CR4_OSXSAVE bit in the guest cr4 register, then calling the KVM_RUN ioctl.",Already fixed
20121102,CVE-2012-4564,-1,-1,781995,tiff,https://www.suse.com/security/cve/CVE-2012-4564,"ppm2tiff does not check the return value of the TIFFScanlineSize function, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PPM image that triggers an integer overflow, a zero-memory allocation, and a heap-based buffer overflow.",Released
20121105,CVE-2012-4557,-1,-1,788121,apache2,https://www.suse.com/security/cve/CVE-2012-4557,"The mod_proxy_ajp module in the Apache HTTP Server 2.2.12 through 2.2.21 places a worker node into an error state upon detection of a long request-processing time, which allows remote attackers to cause a denial of service (worker consumption) via an expensive request.",Released
20121112,CVE-2012-5517,-1,-1,789235,kernel-source,https://www.suse.com/security/cve/CVE-2012-5517,"The online_pages function in mm/memory_hotplug.c in the Linux kernel before 3.6 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact in opportunistic circumstances by using memory that was hot-added by an administrator.",Already fixed
20121113,CVE-2012-4505,-1,-1,784523,libproxy,https://www.suse.com/security/cve/CVE-2012-4505,"Heap-based buffer overflow in the px_pac_reload function in lib/pac.c in libproxy 0.2.x and 0.3.x allows remote servers to have an unspecified impact via a crafted Content-Length size in an HTTP response header for a proxy.pac file request, a different vulnerability than CVE-2012-4504.",Released
20121113,CVE-2012-4528,-1,-1,789393,apache2-mod_security2,https://www.suse.com/security/cve/CVE-2012-4528,"The mod_security2 module before 2.7.0 for the Apache HTTP Server allows remote attackers to bypass rules, and deliver arbitrary POST data to a PHP application, via a multipart request in which an invalid part precedes the crafted data.",Released
20121114,CVE-2012-5519,-1,-1,1180148,cups,https://www.suse.com/security/cve/CVE-2012-5519,"CUPS 1.4.4, when running in certain Linux distributions such as Debian GNU/Linux, stores the web interface administrator key in /var/run/cups/certs/0 using certain permissions, which allows local users in the lpadmin group to read or write arbitrary files as root by leveraging the web interface.",Released
20121116,CVE-2012-5526,-1,-1,789994,perl,https://www.suse.com/security/cve/CVE-2012-5526,"CGI.pm module before 3.63 for Perl does not properly escape newlines in (1) Set-Cookie or (2) P3P headers, which might allow remote attackers to inject arbitrary headers into responses from applications that use CGI.pm.",Already fixed
20121123,CVE-2012-0698,-1,-1,791029,trousers,https://www.suse.com/security/cve/CVE-2012-0698,"tcsd in TrouSerS before 0.3.10 allows remote attackers to cause a denial of service (daemon crash) via a crafted type_offset value in a TCP packet to port 30003.",Already fixed
20121126,CVE-2012-5134,-1,-1,1123919,libxml2,https://www.suse.com/security/cve/CVE-2012-5134,"Heap-based buffer underflow in the xmlParseAttValueComplex function in parser.c in libxml2 2.9.0 and earlier, as used in Google Chrome before 23.0.1271.91 and other products, allows remote attackers to cause a denial of service or possibly execute arbitrary code via crafted entities in an XML document.",Released
20121128,CVE-2012-5581,-1,-1,791607,tiff,https://www.suse.com/security/cve/CVE-2012-5581,"Stack-based buffer overflow in tif_dir.c in LibTIFF before 4.0.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted DOTRANGE tag in a TIFF image.",Released
20121129,CVE-2012-5592,-1,-1,792005,wireshark,https://www.suse.com/security/cve/CVE-2012-5592,"** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-6052. Reason: This candidate is a reservation duplicate of CVE-2012-6052. Notes: All CVE users should reference CVE-2012-6052 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.",Released
20121129,CVE-2012-5593,-1,-1,792005,wireshark,https://www.suse.com/security/cve/CVE-2012-5593,"** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-6053. Reason: This candidate is a reservation duplicate of CVE-2012-6053. Notes: All CVE users should reference CVE-2012-6053 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.",Released
20121129,CVE-2012-5594,-1,-1,792005,wireshark,https://www.suse.com/security/cve/CVE-2012-5594,"** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-6054. Reason: This candidate is a reservation duplicate of CVE-2012-6054. Notes: All CVE users should reference CVE-2012-6054 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.",Released
20121129,CVE-2012-5595,-1,-1,792005,wireshark,https://www.suse.com/security/cve/CVE-2012-5595,"** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-6056. Reason: This candidate is a reservation duplicate of CVE-2012-6056. Notes: All CVE users should reference CVE-2012-6056 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.",Released
20121129,CVE-2012-5596,-1,-1,792005,wireshark,https://www.suse.com/security/cve/CVE-2012-5596,"** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-6057. Reason: This candidate is a reservation duplicate of CVE-2012-6057. Notes: All CVE users should reference CVE-2012-6057 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.",Released
20121129,CVE-2012-5597,-1,-1,792005,wireshark,https://www.suse.com/security/cve/CVE-2012-5597,"** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-6059. Reason: This candidate is a reservation duplicate of CVE-2012-6059. Notes: All CVE users should reference CVE-2012-6059 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.",Released
20121129,CVE-2012-5598,-1,-1,792005,wireshark,https://www.suse.com/security/cve/CVE-2012-5598,"** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-6060. Reason: This candidate is a reservation duplicate of CVE-2012-6060. Notes: All CVE users should reference CVE-2012-6060 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.",Released
20121129,CVE-2012-5599,-1,-1,792005,wireshark,https://www.suse.com/security/cve/CVE-2012-5599,"** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-6061. Reason: This candidate is a reservation duplicate of CVE-2012-6061. Notes: All CVE users should reference CVE-2012-6061 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.",Released
20121129,CVE-2012-5600,-1,-1,792005,wireshark,https://www.suse.com/security/cve/CVE-2012-5600,"** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-6062. Reason: This candidate is a reservation duplicate of CVE-2012-6062. Notes: All CVE users should reference CVE-2012-6062 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.",Released
20121129,CVE-2012-5601,-1,-1,792005,wireshark,https://www.suse.com/security/cve/CVE-2012-5601,"** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-6055. Reason: This candidate is a reservation duplicate of CVE-2012-6055. Notes: All CVE users should reference CVE-2012-6055 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.",Released
20121129,CVE-2012-5602,-1,-1,792005,wireshark,https://www.suse.com/security/cve/CVE-2012-5602,"** REJECT **  DO NOT USE THIS CANDIDATE NUMBER.  ConsultIDs: CVE-2012-6058.  Reason: This candidate is a reservation duplicate of CVE-2012-6058.  Notes: All CVE users should reference CVE-2012-6058 instead of this candidate.  All references and descriptions in this candidate have been removed to prevent accidental usage.",Released
20121214,CVE-2012-5195,-1,-1,794535,perl,https://www.suse.com/security/cve/CVE-2012-5195,"Heap-based buffer overflow in the Perl_repeatcpy function in util.c in Perl 5.12.x before 5.12.5, 5.14.x before 5.14.3, and 5.15.x before 15.15.5 allows context-dependent attackers to cause a denial of service (memory consumption and crash) or possibly execute arbitrary code via the 'x' string repeat operator.",Analysis
20121218,CVE-2012-5643,-1,-1,794954,squid3,https://www.suse.com/security/cve/CVE-2012-5643,"Multiple memory leaks in tools/cachemgr.cc in cachemgr.cgi in Squid 2.x and 3.x before 3.1.22, 3.2.x before 3.2.4, and 3.3.x before 3.3.0.2 allow remote attackers to cause a denial of service (memory consumption) via (1) invalid Content-Length headers, (2) long POST requests, or (3) crafted authentication credentials.",Released
20121218,CVE-2012-5643,-1,-1,794954,squid,https://www.suse.com/security/cve/CVE-2012-5643,"Multiple memory leaks in tools/cachemgr.cc in cachemgr.cgi in Squid 2.x and 3.x before 3.1.22, 3.2.x before 3.2.4, and 3.3.x before 3.3.0.2 allow remote attackers to cause a denial of service (memory consumption) via (1) invalid Content-Length headers, (2) long POST requests, or (3) crafted authentication credentials.",Released
20121224,CVE-2012-5667,-1,-1,795804,grep,https://www.suse.com/security/cve/CVE-2012-5667,"Multiple integer overflows in GNU Grep before 2.11 might allow context-dependent attackers to execute arbitrary code via vectors involving a long input line that triggers a heap-based buffer overflow.",Already fixed
20121227,CVE-2011-2728,-1,-1,796014,perl,https://www.suse.com/security/cve/CVE-2011-2728,"The bsd_glob function in the File::Glob module for Perl before 5.14.2 allows context-dependent attackers to cause a denial of service (crash) via a glob expression with the GLOB_ALTDIRFUNC flag, which triggers an uninitialized pointer dereference.",Already fixed
20121227,CVE-2012-5668,-1,-1,795826,firefox-freetype2,https://www.suse.com/security/cve/CVE-2012-5668,"FreeType before 2.4.11 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to BDF fonts and the improper handling of an \"allocation error\" in the bdf_free_font function.",Affected
20121227,CVE-2012-5668,-1,-1,795826,freetype2,https://www.suse.com/security/cve/CVE-2012-5668,"FreeType before 2.4.11 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to BDF fonts and the improper handling of an \"allocation error\" in the bdf_free_font function.",Released
20121227,CVE-2012-5669,-1,-1,795826,firefox-freetype2,https://www.suse.com/security/cve/CVE-2012-5669,"The _bdf_parse_glyphs function in FreeType before 2.4.11 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to BDF fonts and an incorrect calculation that triggers an out-of-bounds read.",Affected
20121227,CVE-2012-5669,-1,-1,795826,freetype2,https://www.suse.com/security/cve/CVE-2012-5669,"The _bdf_parse_glyphs function in FreeType before 2.4.11 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to BDF fonts and an incorrect calculation that triggers an out-of-bounds read.",Released
20121227,CVE-2012-5670,-1,-1,795826,firefox-freetype2,https://www.suse.com/security/cve/CVE-2012-5670,"The _bdf_parse_glyphs function in FreeType before 2.4.11 allows context-dependent attackers to cause a denial of service (out-of-bounds write and crash) via vectors related to BDF fonts and an ENCODING field with a negative value.",Affected
20121227,CVE-2012-5670,-1,-1,795826,freetype2,https://www.suse.com/security/cve/CVE-2012-5670,"The _bdf_parse_glyphs function in FreeType before 2.4.11 allows context-dependent attackers to cause a denial of service (out-of-bounds write and crash) via vectors related to BDF fonts and an ENCODING field with a negative value.",Released
20130107,CVE-2012-6093,-1,-1,797006,libqt4,https://www.suse.com/security/cve/CVE-2012-6093,"The QSslSocket::sslErrors function in Qt before 4.6.5, 4.7.x before 4.7.6, 4.8.x before 4.8.5, when using certain versions of openSSL, uses an \"incompatible structure layout\" that can read memory from the wrong location, which causes Qt to report an incorrect error when certificate validation fails and might cause users to make unsafe security decisions to accept a certificate.",Already fixed
20130107,CVE-2012-6329,-1,-1,797060,perl,https://www.suse.com/security/cve/CVE-2012-6329,"The _compile function in Maketext.pm in the Locale::Maketext implementation in Perl before 5.17.7 does not properly handle backslashes and fully qualified method names during compilation of bracket notation, which allows context-dependent attackers to execute arbitrary commands via crafted input to an application that accepts translation strings from users, as demonstrated by the TWiki application before 5.1.3, and the Foswiki application 1.0.x through 1.0.10 and 1.1.x through 1.1.6.",Already fixed
20130108,CVE-2011-4966,-1,-1,797313,freeradius-server,https://www.suse.com/security/cve/CVE-2011-4966,"modules/rlm_unix/rlm_unix.c in FreeRADIUS before 2.2.0, when unix mode is enabled for user authentication, does not properly check the password expiration in /etc/shadow, which allows remote authenticated users to authenticate using an expired password.",Released
20130108,CVE-2013-0160,-1,-1,797175,kernel-source,https://www.suse.com/security/cve/CVE-2013-0160,"The Linux kernel through 3.7.9 allows local users to obtain sensitive information about keystroke timing by using the inotify API on the /dev/ptmx device.",Released
20130109,CVE-2012-6096,-1,-1,797237,nagios,https://www.suse.com/security/cve/CVE-2012-6096,"Multiple stack-based buffer overflows in the get_history function in history.cgi in Nagios Core before 3.4.4, and Icinga 1.6.x before 1.6.2, 1.7.x before 1.7.4, and 1.8.x before 1.8.4, might allow remote attackers to execute arbitrary code via a long (1) host_name variable (host parameter) or (2) svc_description variable.",Released
20130115,CVE-2012-6085,-1,-1,798465,gpg2,https://www.suse.com/security/cve/CVE-2012-6085,"The read_block function in g10/import.c in GnuPG 1.4.x before 1.4.13 and 2.0.x through 2.0.19, when importing a key, allows remote attackers to corrupt the public keyring database or cause a denial of service (application crash) via a crafted length field of an OpenPGP packet.",Released
20130116,CVE-2013-0188,-1,-1,794954,squid3,https://www.suse.com/security/cve/CVE-2013-0188,"** REJECT **  DO NOT USE THIS CANDIDATE NUMBER.  ConsultIDs: CVE-2013-0189, CVE-2013-0191.  Reason: this identifier was intended for one issue, but it was inadvertently associated with multiple issues.  Notes: All CVE users should consult CVE-2013-0189 and CVE-2013-0191 to determine which ID is appropriate.  All references and descriptions in this candidate have been removed to prevent accidental usage.",Released
20130116,CVE-2013-0188,-1,-1,794954,squid,https://www.suse.com/security/cve/CVE-2013-0188,"** REJECT **  DO NOT USE THIS CANDIDATE NUMBER.  ConsultIDs: CVE-2013-0189, CVE-2013-0191.  Reason: this identifier was intended for one issue, but it was inadvertently associated with multiple issues.  Notes: All CVE users should consult CVE-2013-0189 and CVE-2013-0191 to determine which ID is appropriate.  All references and descriptions in this candidate have been removed to prevent accidental usage.",Released
20130117,CVE-2013-0189,-1,-1,794954,squid,https://www.suse.com/security/cve/CVE-2013-0189,"cachemgr.cgi in Squid 3.1.x and 3.2.x, possibly 3.1.22, 3.2.4, and other versions, allows remote attackers to cause a denial of service (resource consumption) via a crafted request. NOTE: this issue is due to an incorrect fix for CVE-2012-5643, possibly involving an incorrect order of arguments or incorrect comparison.",Released
20130121,CVE-2013-0198,-1,-1,799564,dnsmasq,https://www.suse.com/security/cve/CVE-2013-0198,"Dnsmasq before 2.66test2, when used with certain libvirt configurations, replies to queries from prohibited interfaces, which allows remote attackers to cause a denial of service (traffic amplification) via spoofed TCP based DNS queries. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-3411.",Analysis
20130123,CVE-2013-0211,-1,-1,800024,bsdtar,https://www.suse.com/security/cve/CVE-2013-0211,"Integer signedness error in the archive_write_zip_data function in archive_write_set_format_zip.c in libarchive 3.1.2 and earlier, when running on 64-bit machines, allows context-dependent attackers to cause a denial of service (crash) via unspecified vectors, which triggers an improper conversion between unsigned and signed types, leading to a buffer overflow.",Affected
20130123,CVE-2013-0221,-1,-1,798538,coreutils,https://www.suse.com/security/cve/CVE-2013-0221,"The SUSE coreutils-i18n.patch for GNU coreutils allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a long string to the sort command, when using the (1) -d or (2) -M switch, which triggers a stack-based buffer overflow in the alloca function.",Released
20130123,CVE-2013-0222,-1,-1,796243,coreutils,https://www.suse.com/security/cve/CVE-2013-0222,"The SUSE coreutils-i18n.patch for GNU coreutils allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a long string to the uniq command, which triggers a stack-based buffer overflow in the alloca function.",Released
20130123,CVE-2013-0223,-1,-1,798538,coreutils,https://www.suse.com/security/cve/CVE-2013-0223,"The SUSE coreutils-i18n.patch for GNU coreutils allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a long string to the join command, when using the -i switch, which triggers a stack-based buffer overflow in the alloca function.",Released
20130124,CVE-2013-0216,-1,-1,800280,kernel-source,https://www.suse.com/security/cve/CVE-2013-0216,"The Xen netback functionality in the Linux kernel before 3.7.8 allows guest OS users to cause a denial of service (loop) by triggering ring pointer corruption.",Released
20130124,CVE-2013-0217,-1,-1,800280,kernel-source,https://www.suse.com/security/cve/CVE-2013-0217,"Memory leak in drivers/net/xen-netback/netback.c in the Xen netback functionality in the Linux kernel before 3.7.8 allows guest OS users to cause a denial of service (memory consumption) by triggering certain error conditions.",Released
20130130,CVE-2013-0219,-1,-1,801036,sssd,https://www.suse.com/security/cve/CVE-2013-0219,"System Security Services Daemon (SSSD) before 1.9.4, when (1) creating, (2) copying, or (3) removing a user home directory tree, allows local users to create, modify, or delete arbitrary files via a symlink attack on another user's files.",Already fixed
20130130,CVE-2013-0220,-1,-1,801036,sssd,https://www.suse.com/security/cve/CVE-2013-0220,"The (1) sss_autofs_cmd_getautomntent and (2) sss_autofs_cmd_getautomntbyname function in responder/autofs/autofssrv_cmd.c and the (3) ssh_cmd_parse_request function in responder/ssh/sshsrv_cmd.c in System Security Services Daemon (SSSD) before 1.9.4 allow remote attackers to cause a denial of service (out-of-bounds read, crash, and restart) via a crafted SSSD packet.",Already fixed
20130130,CVE-2013-0231,-1,-1,801178,kernel-source,https://www.suse.com/security/cve/CVE-2013-0231,"The pciback_enable_msi function in the PCI backend driver (drivers/xen/pciback/conf_space_capability_msi.c) in Xen for the Linux kernel 2.6.18 and 3.8 allows guest OS users with PCI device access to cause a denial of service via a large number of kernel log messages. NOTE: some of these details are obtained from third party information.",Released
20130131,CVE-2013-0242,-1,-1,801246,glibc,https://www.suse.com/security/cve/CVE-2013-0242,"Buffer overflow in the extend_buffers function in the regular expression matcher (posix/regexec.c) in glibc, possibly 2.17 and earlier, allows context-dependent attackers to cause a denial of service (memory corruption and crash) via crafted multibyte characters.",Released
20130205,CVE-2013-0169,,,1070148,openssl,https://www.suse.com/security/cve/CVE-2013-0169,"The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the \"Lucky Thirteen\" issue.",Released
20130207,CVE-2012-2686,-1,-1,802648,openssl,https://www.suse.com/security/cve/CVE-2012-2686,"crypto/evp/e_aes_cbc_hmac_sha1.c in the AES-NI functionality in the TLS 1.1 and 1.2 implementations in OpenSSL 1.0.1 before 1.0.1d allows remote attackers to cause a denial of service (application crash) via crafted CBC data.",Released
20130207,CVE-2013-0166,-1,-1,802648,openssl,https://www.suse.com/security/cve/CVE-2013-0166,"OpenSSL before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d does not properly perform signature verification for OCSP responses, which allows remote OCSP servers to cause a denial of service (NULL pointer dereference and application crash) via an invalid key.",Released
20130207,CVE-2013-0254,-1,-1,802634,libqt4,https://www.suse.com/security/cve/CVE-2013-0254,"The QSharedMemory class in Qt 5.0.0, 4.8.x before 4.8.5, 4.7.x before 4.7.6, and other versions including 4.4.0 uses weak permissions (world-readable and world-writable) for shared memory segments, which allows local users to read sensitive information or modify critical program data, as demonstrated by reading a pixmap being sent to an X server.",Already fixed
20130207,CVE-2013-0255,-1,-1,802679,postgresql94,https://www.suse.com/security/cve/CVE-2013-0255,"PostgreSQL 9.2.x before 9.2.3, 9.1.x before 9.1.8, 9.0.x before 9.0.12, 8.4.x before 8.4.16, and 8.3.x before 8.3.23 does not properly declare the enum_recv function in backend/utils/adt/enum.c, which causes it to be invoked with incorrect arguments and allows remote authenticated users to cause a denial of service (server crash) or read sensitive process memory via a crafted SQL command, which triggers an array index error and an out-of-bounds read.",Unsupported
20130207,CVE-2013-0268,-1,-1,802642,kernel-source,https://www.suse.com/security/cve/CVE-2013-0268,"The msr_open function in arch/x86/kernel/msr.c in the Linux kernel before 3.7.6 allows local users to bypass intended capability restrictions by executing a crafted application as root, as demonstrated by msr32.c.",Already fixed
20130207,CVE-2013-1619,-1,-1,802184,gnutls,https://www.suse.com/security/cve/CVE-2013-1619,"The TLS implementation in GnuTLS before 2.12.23, 3.0.x before 3.0.28, and 3.1.x before 3.1.7 does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169.",Released
20130207,CVE-2013-1620,-1,-1,802184,openssl,https://www.suse.com/security/cve/CVE-2013-1620,"The TLS implementation in Mozilla Network Security Services (NSS) does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169.",Released
20130207,CVE-2013-1622,-1,-1,802184,openssl,https://www.suse.com/security/cve/CVE-2013-1622,"** REJECT **  DO NOT USE THIS CANDIDATE NUMBER.  ConsultIDs: none.  Reason: This candidate is not a security issue.  Further investigation showed that, because of RFC noncompliance, no version or configuration of the product had the vulnerability previously associated with this ID. Notes: none.",Released
20130212,CVE-2012-5783,3.7,,1132354,jakarta-commons-httpclient3,https://www.suse.com/security/cve/CVE-2012-5783,"Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.",Released
20130216,CVE-2013-0871,-1,-1,804154,kernel-source,https://www.suse.com/security/cve/CVE-2013-0871,"Race condition in the ptrace functionality in the Linux kernel before 3.7.5 allows local users to gain privileges via a PTRACE_SETREGS ptrace system call in a crafted application, as demonstrated by ptrace_death.",Already fixed
20130219,CVE-2013-1667,-1,-1,804415,perl,https://www.suse.com/security/cve/CVE-2013-1667,"The rehash mechanism in Perl 5.8.2 through 5.16.x allows context-dependent attackers to cause a denial of service (memory consumption and crash) via a crafted hash key.",Already fixed
20130220,CVE-2012-5374,-1,-1,804738,kernel-source,https://www.suse.com/security/cve/CVE-2012-5374,"The CRC32C feature in the Btrfs implementation in the Linux kernel before 3.8-rc1 allows local users to cause a denial of service (extended runtime of kernel code) by creating many different files whose names are associated with the same CRC32C hash value.",Already fixed
20130220,CVE-2012-5375,-1,-1,804739,kernel-source,https://www.suse.com/security/cve/CVE-2012-5375,"The CRC32C feature in the Btrfs implementation in the Linux kernel before 3.8-rc1 allows local users to cause a denial of service (prevention of file creation) by leveraging the ability to write to a directory important to the victim, and creating a file with a crafted name that is associated with a specific CRC32C hash value.",Already fixed
20130220,CVE-2013-0311,-1,-1,804656,kernel-source,https://www.suse.com/security/cve/CVE-2013-0311,"The translate_desc function in drivers/vhost/vhost.c in the Linux kernel before 3.7 does not properly handle cross-region descriptors, which allows guest OS users to obtain host OS privileges by leveraging KVM guest OS privileges.",Already fixed
20130222,CVE-2013-0338,-1,-1,1123919,libxml2,https://www.suse.com/security/cve/CVE-2013-0338,"libxml2 2.9.0 and earlier allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via an XML file containing an entity declaration with long replacement text and many references to this entity, aka \"internal entity expansion\" with linear complexity.",Released
20130222,CVE-2013-0339,-1,-1,805233,libxml2,https://www.suse.com/security/cve/CVE-2013-0339,"libxml2 through 2.9.1 does not properly handle external entities expansion unless an application developer uses the xmlSAX2ResolveEntity or xmlSetExternalEntityLoader function, which allows remote attackers to cause a denial of service (resource consumption), send HTTP requests to intranet servers, or read arbitrary files via a crafted XML document, aka an XML External Entity (XXE) issue. NOTE: it could be argued that because libxml2 already provides the ability to disable external entity expansion, the responsibility for resolving this issue lies with application developers; according to this argument, this entry should be REJECTed and each affected application would need its own CVE.",Released
20130222,CVE-2013-0340,-1,-1,805236,expat,https://www.suse.com/security/cve/CVE-2013-0340,"expat 2.1.0 and earlier does not properly handle entities expansion unless an application developer uses the XML_SetEntityDeclHandler function, which allows remote attackers to cause a denial of service (resource consumption), send HTTP requests to intranet servers, or read arbitrary files via a crafted XML document, aka an XML External Entity (XXE) issue. NOTE: it could be argued that because expat already provides the ability to disable external entity expansion, the responsibility for resolving this issue lies with application developers; according to this argument, this entry should be REJECTed, and each affected application would need its own CVE.",Ignore
20130222,CVE-2013-0341,-1,-1,805236,expat,https://www.suse.com/security/cve/CVE-2013-0341,"** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.",Ignore
20130226,CVE-2013-1767,-1,-1,806138,kernel-source,https://www.suse.com/security/cve/CVE-2013-1767,"Use-after-free vulnerability in the shmem_remount_fs function in mm/shmem.c in the Linux kernel before 3.7.10 allows local users to gain privileges or cause a denial of service (system crash) by remounting a tmpfs filesystem without specifying a required mpol (aka mempolicy) mount option.",Already fixed
20130227,CVE-2012-3499,-1,-1,806458,apache2,https://www.suse.com/security/cve/CVE-2012-3499,"Multiple cross-site scripting (XSS) vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving hostnames and URIs in the (1) mod_imagemap, (2) mod_info, (3) mod_ldap, (4) mod_proxy_ftp, and (5) mod_status modules.",Released
20130227,CVE-2013-1772,-1,-1,806238,kernel-source,https://www.suse.com/security/cve/CVE-2013-1772,"The log_prefix function in kernel/printk.c in the Linux kernel 3.x before 3.4.33 does not properly remove a prefix string from a syslog header, which allows local users to cause a denial of service (buffer overflow and system crash) by leveraging /dev/kmsg write access and triggering a call_console_drivers function call.",Already fixed
20130228,CVE-2013-1415,-1,-1,806715,krb5,https://www.suse.com/security/cve/CVE-2013-1415,"The pkinit_check_kdc_pkid function in plugins/preauth/pkinit/pkinit_crypto_openssl.c in the PKINIT implementation in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.4 and 1.11.x before 1.11.1 does not properly handle errors during extraction of fields from an X.509 certificate, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a malformed KRB5_PADATA_PK_AS_REQ AS-REQ request.",Released
20130228,CVE-2013-1788,-1,-1,806793,poppler,https://www.suse.com/security/cve/CVE-2013-1788,"poppler before 0.22.1 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors that trigger an \"invalid memory access\" in (1) splash/Splash.cc, (2) poppler/Function.cc, and (3) poppler/Stream.cc.",Released
20130228,CVE-2013-1789,-1,-1,806793,poppler,https://www.suse.com/security/cve/CVE-2013-1789,"splash/Splash.cc in poppler before 0.22.1 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to the (1) Splash::arbitraryTransformMask, (2) Splash::blitMask, and (3) Splash::scaleMaskYuXu functions.",Released
20130228,CVE-2013-1790,-1,-1,806793,poppler,https://www.suse.com/security/cve/CVE-2013-1790,"poppler/Stream.cc in poppler before 0.22.1 allows context-dependent attackers to have an unspecified impact via vectors that trigger a read of uninitialized memory by the CCITTFaxStream::lookChar function.",Released
20130301,CVE-2013-1774,-1,-1,806976,kernel-source,https://www.suse.com/security/cve/CVE-2013-1774,"The chase_port function in drivers/usb/serial/io_ti.c in the Linux kernel before 3.7.4 allows local users to cause a denial of service (NULL pointer dereference and system crash) via an attempted /dev/ttyUSB read or write operation on a disconnected Edgeport USB serial converter.",Already fixed
20130301,CVE-2013-1775,-1,-1,806919,sudo,https://www.suse.com/security/cve/CVE-2013-1775,"sudo 1.6.0 through 1.7.10p6 and sudo 1.8.0 through 1.8.6p6 allows local users or physically proximate attackers to bypass intended time restrictions and retain privileges without re-authenticating by setting the system clock and sudo user timestamp to the epoch.",Released
20130301,CVE-2013-1776,-1,-1,806921,sudo,https://www.suse.com/security/cve/CVE-2013-1776,"sudo 1.3.5 through 1.7.10 and 1.8.0 through 1.8.5, when the tty_tickets option is enabled, does not properly validate the controlling terminal device, which allows local users with sudo permissions to hijack the authorization of another terminal via vectors related to connecting to the standard input, output, and error file descriptors of another terminal.  NOTE: this is one of three closely-related vulnerabilities that were originally assigned CVE-2013-1776, but they have been SPLIT because of different affected versions.",Released
20130301,CVE-2013-1796,-1,-1,806980,kernel-source,https://www.suse.com/security/cve/CVE-2013-1796,"The kvm_set_msr_common function in arch/x86/kvm/x86.c in the Linux kernel through 3.8.4 does not ensure a required time_page alignment during an MSR_KVM_SYSTEM_TIME operation, which allows guest OS users to cause a denial of service (buffer overflow and host OS memory corruption) or possibly have unspecified other impact via a crafted application.",Already fixed
20130301,CVE-2013-1797,-1,-1,806980,kernel-source,https://www.suse.com/security/cve/CVE-2013-1797,"Use-after-free vulnerability in arch/x86/kvm/x86.c in the Linux kernel through 3.8.4 allows guest OS users to cause a denial of service (host OS memory corruption) or possibly have unspecified other impact via a crafted application that triggers use of a guest physical address (GPA) in (1) movable or (2) removable memory during an MSR_KVM_SYSTEM_TIME kvm_set_msr_common operation.",Already fixed
20130301,CVE-2013-1798,-1,-1,806980,kernel-source,https://www.suse.com/security/cve/CVE-2013-1798,"The ioapic_read_indirect function in virt/kvm/ioapic.c in the Linux kernel through 3.8.4 does not properly handle a certain combination of invalid IOAPIC_REG_SELECT and IOAPIC_REG_WINDOW operations, which allows guest OS users to obtain sensitive information from host OS memory or cause a denial of service (host OS OOPS) via a crafted application.",Already fixed
20130302,CVE-2012-4558,-1,-1,806458,apache2,https://www.suse.com/security/cve/CVE-2012-4558,"Multiple cross-site scripting (XSS) vulnerabilities in the balancer_handler function in the manager interface in mod_proxy_balancer.c in the mod_proxy_balancer module in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via a crafted string.",Released
20130304,CVE-2013-1362,-1,-1,807241,nagios-nrpe,https://www.suse.com/security/cve/CVE-2013-1362,"Incomplete blacklist vulnerability in nrpc.c in Nagios Remote Plug-In Executor (NRPE) before 2.14 might allow remote attackers to execute arbitrary shell commands via \"$()\" shell metacharacters, which are processed by bash.",Released
20130305,CVE-2012-5662,-1,-1,807424,x3270,https://www.suse.com/security/cve/CVE-2012-5662,"x3270 before 3.3.12ga12 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.",Already fixed
20130305,CVE-2013-1762,-1,-1,807440,stunnel,https://www.suse.com/security/cve/CVE-2013-1762,"stunnel 4.21 through 4.54, when CONNECT protocol negotiation and NTLM authentication are enabled, does not correctly perform integer conversion, which allows remote proxy servers to execute arbitrary code via a crafted request that triggers a buffer overflow.",Already fixed
20130305,CVE-2013-1792,-1,-1,807428,kernel-source,https://www.suse.com/security/cve/CVE-2013-1792,"Race condition in the install_user_keyrings function in security/keys/process_keys.c in the Linux kernel before 3.8.3 allows local users to cause a denial of service (NULL pointer dereference and system crash) via crafted keyctl system calls that trigger keyring operations in simultaneous threads.",Already fixed
20130305,CVE-2013-1819,-1,-1,807471,kernel-source,https://www.suse.com/security/cve/CVE-2013-1819,"The _xfs_buf_find function in fs/xfs/xfs_buf.c in the Linux kernel before 3.7.6 does not validate block numbers, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by leveraging the ability to mount an XFS filesystem containing a metadata inode with an invalid extent map.",Already fixed
20130306,CVE-2013-1635,-1,-1,807707,php53,https://www.suse.com/security/cve/CVE-2013-1635,"ext/soap/soap.c in PHP before 5.3.22 and 5.4.x before 5.4.13 does not validate the relationship between the soap.wsdl_cache_dir directive and the open_basedir directive, which allows remote attackers to bypass intended access restrictions by triggering the creation of cached SOAP WSDL files in an arbitrary directory.",Already fixed
20130306,CVE-2013-1643,-1,-1,807707,php53,https://www.suse.com/security/cve/CVE-2013-1643,"The SOAP parser in PHP before 5.3.23 and 5.4.x before 5.4.13 allows remote attackers to read arbitrary files via a SOAP WSDL file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue in the soap_xmlParseFile and soap_xmlParseMemory functions.  NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-1824.",Already fixed
20130307,CVE-2013-1821,-1,-1,808137,ruby,https://www.suse.com/security/cve/CVE-2013-1821,"lib/rexml/text.rb in the REXML parser in Ruby before 1.9.3-p392 allows remote attackers to cause a denial of service (memory consumption and crash) via crafted text nodes in an XML document, aka an XML Entity Expansion (XEE) attack.",Released
20130307,CVE-2013-2475,-1,-1,807942,wireshark,https://www.suse.com/security/cve/CVE-2013-2475,"The TCP dissector in Wireshark 1.8.x before 1.8.6 allows remote attackers to cause a denial of service (application crash) via a malformed packet.",Released
20130307,CVE-2013-2476,-1,-1,807942,wireshark,https://www.suse.com/security/cve/CVE-2013-2476,"The dissect_hartip function in epan/dissectors/packet-hartip.c in the HART/IP dissector in Wireshark 1.8.x before 1.8.6 allows remote attackers to cause a denial of service (infinite loop) via a packet with a header that is too short.",Released
20130307,CVE-2013-2477,-1,-1,807942,wireshark,https://www.suse.com/security/cve/CVE-2013-2477,"The CSN.1 dissector in Wireshark 1.8.x before 1.8.6 does not properly manage function pointers, which allows remote attackers to cause a denial of service (application crash) via a malformed packet.",Released
20130307,CVE-2013-2478,-1,-1,807942,wireshark,https://www.suse.com/security/cve/CVE-2013-2478,"The dissect_server_info function in epan/dissectors/packet-ms-mms.c in the MS-MMS dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6 does not properly manage string lengths, which allows remote attackers to cause a denial of service (application crash) via a malformed packet that (1) triggers an integer overflow or (2) has embedded '\0' characters in a string.",Released
20130307,CVE-2013-2479,-1,-1,807942,wireshark,https://www.suse.com/security/cve/CVE-2013-2479,"The dissect_mpls_echo_tlv_dd_map function in epan/dissectors/packet-mpls-echo.c in the MPLS Echo dissector in Wireshark 1.8.x before 1.8.6 allows remote attackers to cause a denial of service (infinite loop) via invalid Sub-tlv data.",Released
20130307,CVE-2013-2480,-1,-1,807942,wireshark,https://www.suse.com/security/cve/CVE-2013-2480,"The RTPS and RTPS2 dissectors in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6 allow remote attackers to cause a denial of service (application crash) via a malformed packet.",Released
20130307,CVE-2013-2481,-1,-1,807942,wireshark,https://www.suse.com/security/cve/CVE-2013-2481,"Integer signedness error in the dissect_mount_dirpath_call function in epan/dissectors/packet-mount.c in the Mount dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6, when nfs_file_name_snooping is enabled, allows remote attackers to cause a denial of service (application crash) via a negative length value.",Released
20130307,CVE-2013-2482,-1,-1,807942,wireshark,https://www.suse.com/security/cve/CVE-2013-2482,"The AMPQ dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6 allows remote attackers to cause a denial of service (infinite loop) via a malformed packet.",Released
20130307,CVE-2013-2483,-1,-1,807942,wireshark,https://www.suse.com/security/cve/CVE-2013-2483,"The acn_add_dmp_data function in epan/dissectors/packet-acn.c in the ACN dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via an invalid count value in ACN_DMP_ADT_D_RE DMP data.",Released
20130307,CVE-2013-2484,-1,-1,807942,wireshark,https://www.suse.com/security/cve/CVE-2013-2484,"The CIMD dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6 allows remote attackers to cause a denial of service (application crash) via a malformed packet.",Released
20130307,CVE-2013-2485,-1,-1,807942,wireshark,https://www.suse.com/security/cve/CVE-2013-2485,"The FCSP dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6 allows remote attackers to cause a denial of service (infinite loop) via a malformed packet.",Released
20130307,CVE-2013-2486,-1,-1,807942,wireshark,https://www.suse.com/security/cve/CVE-2013-2486,"The dissect_diagnosticrequest function in epan/dissectors/packet-reload.c in the REsource LOcation And Discovery (aka RELOAD) dissector in Wireshark 1.8.x before 1.8.6 uses an incorrect integer data type, which allows remote attackers to cause a denial of service (infinite loop) via crafted integer values in a packet.",Released
20130307,CVE-2013-2487,-1,-1,807942,wireshark,https://www.suse.com/security/cve/CVE-2013-2487,"epan/dissectors/packet-reload.c in the REsource LOcation And Discovery (aka RELOAD) dissector in Wireshark 1.8.x before 1.8.6 uses incorrect integer data types, which allows remote attackers to cause a denial of service (infinite loop) via crafted integer values in a packet, related to the (1) dissect_icecandidates, (2) dissect_kinddata, (3) dissect_nodeid_list, (4) dissect_storeans, (5) dissect_storereq, (6) dissect_storeddataspecifier, (7) dissect_fetchreq, (8) dissect_findans, (9) dissect_diagnosticinfo, (10) dissect_diagnosticresponse, (11) dissect_reload_messagecontents, and (12) dissect_reload_message functions, a different vulnerability than CVE-2013-2486.",Released
20130307,CVE-2013-2488,-1,-1,807942,wireshark,https://www.suse.com/security/cve/CVE-2013-2488,"The DTLS dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6 does not validate the fragment offset before invoking the reassembly state machine, which allows remote attackers to cause a denial of service (application crash) via a large offset value that triggers write access to an invalid memory location.",Released
20130308,CVE-2013-0200,-1,-1,808355,hplip,https://www.suse.com/security/cve/CVE-2013-0200,"HP Linux Imaging and Printing (HPLIP) through 3.12.4 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/hpcupsfilterc_#.bmp, (2) /tmp/hpcupsfilterk_#.bmp, (3) /tmp/hpcups_job#.out, (4) /tmp/hpijs_#####.out, or (5) /tmp/hpps_job#.out temporary file, a different vulnerability than CVE-2011-2722.",Released
20130312,CVE-2013-0913,-1,-1,808829,kernel-source,https://www.suse.com/security/cve/CVE-2013-0913,"Integer overflow in drivers/gpu/drm/i915/i915_gem_execbuffer.c in the i915 driver in the Direct Rendering Manager (DRM) subsystem in the Linux kernel through 3.8.3, as used in Google Chrome OS before 25.0.1364.173 and other products, allows local users to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted application that triggers many relocation copies, and potentially leads to a race condition.",Already fixed
20130312,CVE-2013-0914,-1,-1,808827,kernel-source,https://www.suse.com/security/cve/CVE-2013-0914,"The flush_signal_handlers function in kernel/signal.c in the Linux kernel before 3.8.4 preserves the value of the sa_restorer field across an exec operation, which makes it easier for local users to bypass the ASLR protection mechanism via a crafted application containing a sigaction system call.",Already fixed
20130312,CVE-2013-1839,-1,-1,808911,squid,https://www.suse.com/security/cve/CVE-2013-1839,"The strHdrAcptLangGetItem function in errorpage.cc in Squid 3.2.x before 3.2.9 and 3.3.x before 3.3.3 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a \",\" character in an Accept-Language header.",Released
20130312,CVE-2013-1841,-1,-1,808830,perl-Net-Server,https://www.suse.com/security/cve/CVE-2013-1841,"Net-Server, when the reverse-lookups option is enabled, does not check if the hostname resolves to the source IP address, which might allow remote attackers to bypass ACL restrictions via the hostname parameter.",Affected
20130313,CVE-2013-0287,-1,-1,809153,sssd,https://www.suse.com/security/cve/CVE-2013-0287,"The Simple Access Provider in System Security Services Daemon (SSSD) 1.9.0 through 1.9.4, when the Active Directory provider is used, does not properly enforce the simple_deny_groups option, which allows remote authenticated users to bypass intended access restrictions.",Already fixed
20130313,CVE-2013-1848,-1,-1,809155,kernel-source,https://www.suse.com/security/cve/CVE-2013-1848,"fs/ext3/super.c in the Linux kernel before 3.8.4 uses incorrect arguments to functions in certain circumstances related to printk input, which allows local users to conduct format-string attacks and possibly gain privileges via a crafted application.",Already fixed
20130314,CVE-2013-1858,-1,-1,809296,kernel-source,https://www.suse.com/security/cve/CVE-2013-1858,"The clone system-call implementation in the Linux kernel before 3.8.3 does not properly handle a combination of the CLONE_NEWUSER and CLONE_FS flags, which allows local users to gain privileges by calling chroot and leveraging the sharing of the / directory between a parent process and a child process.",Analysis
20130317,CVE-2013-1640,-1,-1,809839,puppet,https://www.suse.com/security/cve/CVE-2013-1640,"The (1) template and (2) inline_template functions in the master server in Puppet before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before 3.1.1, and Puppet Enterprise before 1.2.7 and 2.7.x before 2.7.2 allows remote authenticated users to execute arbitrary code via a crafted catalog request.",Released
20130318,CVE-2012-6548,-1,-1,809902,kernel-source,https://www.suse.com/security/cve/CVE-2012-6548,"The udf_encode_fh function in fs/udf/namei.c in the Linux kernel before 3.6 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel heap memory via a crafted application.",Already fixed
20130318,CVE-2012-6549,-1,-1,809903,kernel-source,https://www.suse.com/security/cve/CVE-2012-6549,"The isofs_export_encode_fh function in fs/isofs/export.c in the Linux kernel before 3.6 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel heap memory via a crafted application.",Already fixed
20130318,CVE-2013-1398,-1,-1,809839,puppet,https://www.suse.com/security/cve/CVE-2013-1398,"The pe_mcollective module in Puppet Enterprise (PE) before 2.7.1 does not properly restrict access to a catalog of private SSL keys, which allows remote authenticated users to obtain sensitive information and gain privileges by leveraging root access to a node, related to the master role.",Released
20130318,CVE-2013-1399,-1,-1,809839,puppet,https://www.suse.com/security/cve/CVE-2013-1399,"Multiple cross-site request forgery (CSRF) vulnerabilities in the (1) node request management, (2) live management, and (3) user administration components in the console in Puppet Enterprise (PE) before 2.7.1 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors.",Released
20130318,CVE-2013-1652,-1,-1,809839,puppet,https://www.suse.com/security/cve/CVE-2013-1652,"Puppet before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before 3.1.1, and Puppet Enterprise before 1.2.7 and 2.7.x before 2.7.2 allows remote authenticated users with a valid certificate and private key to read arbitrary catalogs or poison the master's cache via unspecified vectors.",Released
20130318,CVE-2013-1653,-1,-1,809839,puppet,https://www.suse.com/security/cve/CVE-2013-1653,"Puppet before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before 3.1.1, and Puppet Enterprise before 1.2.7 and 2.7.x before 2.7.2, when listening for incoming connections is enabled and allowing access to the \"run\" REST endpoint is allowed, allows remote authenticated users to execute arbitrary code via a crafted HTTP request.",Released
20130318,CVE-2013-1654,-1,-1,809839,puppet,https://www.suse.com/security/cve/CVE-2013-1654,"Puppet 2.7.x before 2.7.21 and 3.1.x before 3.1.1, and Puppet Enterprise 2.7.x before 2.7.2, does not properly negotiate the SSL protocol between client and master, which allows remote attackers to conduct SSLv2 downgrade attacks against SSLv3 sessions via unspecified vectors.",Released
20130318,CVE-2013-1655,-1,-1,809839,puppet,https://www.suse.com/security/cve/CVE-2013-1655,"Puppet 2.7.x before 2.7.21 and 3.1.x before 3.1.1, when running Ruby 1.9.3 or later, allows remote attackers to execute arbitrary code via vectors related to \"serialized attributes.\"",Released
20130318,CVE-2013-2274,-1,-1,809839,puppet,https://www.suse.com/security/cve/CVE-2013-2274,"Puppet 2.6.x before 2.6.18 and Puppet Enterprise 1.2.x before 1.2.7 allows remote authenticated users to execute arbitrary code on the puppet master, or an agent with puppet kick enabled, via a crafted request for a report.",Released
20130318,CVE-2013-2275,-1,-1,809839,puppet,https://www.suse.com/security/cve/CVE-2013-2275,"The default configuration for puppet masters 0.25.0 and later in Puppet before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before 3.1.1, and Puppet Enterprise before 1.2.7 and 2.7.x before 2.7.2, allows remote authenticated nodes to submit reports for other nodes via unspecified vectors.",Released
20130318,CVE-2013-2546,-1,-1,809906,kernel-source,https://www.suse.com/security/cve/CVE-2013-2546,"The report API in the crypto user configuration API in the Linux kernel through 3.8.2 uses an incorrect C library function for copying strings, which allows local users to obtain sensitive information from kernel stack memory by leveraging the CAP_NET_ADMIN capability.",Analysis
20130318,CVE-2013-2547,-1,-1,1118428,kernel-source,https://www.suse.com/security/cve/CVE-2013-2547,"The crypto_report_one function in crypto/crypto_user.c in the report API in the crypto user configuration API in the Linux kernel through 3.8.2 does not initialize certain structure members, which allows local users to obtain sensitive information from kernel heap memory by leveraging the CAP_NET_ADMIN capability.",Analysis
20130318,CVE-2013-2548,-1,-1,809906,kernel-source,https://www.suse.com/security/cve/CVE-2013-2548,"The crypto_report_one function in crypto/crypto_user.c in the report API in the crypto user configuration API in the Linux kernel through 3.8.2 uses an incorrect length value during a copy operation, which allows local users to obtain sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability.",Analysis
20130320,CVE-2013-1873,-1,-1,810473,kernel-source,https://www.suse.com/security/cve/CVE-2013-1873,"** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2013-2634, CVE-2013-2635, CVE-2013-2636. Reason: This candidate is a duplicate of CVE-2013-2634, CVE-2013-2635, and CVE-2013-2636. Notes: All CVE users should reference one or more of CVE-2013-2634, CVE-2013-2635, and CVE-2013-2636 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.",Already fixed
20130323,CVE-2013-2634,-1,-1,810473,kernel-source,https://www.suse.com/security/cve/CVE-2013-2634,"net/dcb/dcbnl.c in the Linux kernel before 3.8.4 does not initialize certain structures, which allows local users to obtain sensitive information from kernel stack memory via a crafted application.",Already fixed
20130325,CVE-2013-1860,-1,-1,806431,kernel-source,https://www.suse.com/security/cve/CVE-2013-1860,"Heap-based buffer overflow in the wdm_in_callback function in drivers/usb/class/cdc-wdm.c in the Linux kernel before 3.8.4 allows physically proximate attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a crafted cdc-wdm USB device.",Already fixed
20130325,CVE-2013-2635,-1,-1,810473,kernel-source,https://www.suse.com/security/cve/CVE-2013-2635,"The rtnl_fill_ifinfo function in net/core/rtnetlink.c in the Linux kernel before 3.8.4 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel stack memory via a crafted application.",Already fixed
20130325,CVE-2013-2636,-1,-1,810473,kernel-source,https://www.suse.com/security/cve/CVE-2013-2636,"net/bridge/br_mdb.c in the Linux kernel before 3.8.4 does not initialize certain structures, which allows local users to obtain sensitive information from kernel memory via a crafted application.",Already fixed
20130326,CVE-2012-6139,-1,-1,811686,libxslt,https://www.suse.com/security/cve/CVE-2012-6139,"libxslt before 1.1.28 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an (1) empty match attribute in a XSL key to the xsltAddKey function in keys.c or (2) uninitialized variable to the xsltDocumentFunction function in functions.c.",Released
20130327,CVE-2013-2266,-1,-1,811876,dhcp,https://www.suse.com/security/cve/CVE-2013-2266,"libdns in ISC BIND 9.7.x and 9.8.x before 9.8.4-P2, 9.8.5 before 9.8.5b2, 9.9.x before 9.9.2-P2, and 9.9.3 before 9.9.3b2 on UNIX platforms allows remote attackers to cause a denial of service (memory consumption) via a crafted regular expression, as demonstrated by a memory-exhaustion attack against a machine running a named process.",Already fixed
20130402,CVE-2013-1899,-1,-1,812525,postgresql94,https://www.suse.com/security/cve/CVE-2013-1899,"Argument injection vulnerability in PostgreSQL 9.2.x before 9.2.4, 9.1.x before 9.1.9, and 9.0.x before 9.0.13 allows remote attackers to cause a denial of service (file corruption), and allows remote authenticated users to modify configuration settings and execute arbitrary code, via a connection request using a database name that begins with a \"-\" (hyphen).",Unsupported
20130402,CVE-2013-1900,-1,-1,812525,postgresql94,https://www.suse.com/security/cve/CVE-2013-1900,"PostgreSQL 9.2.x before 9.2.4, 9.1.x before 9.1.9, 9.0.x before 9.0.13, and 8.4.x before 8.4.17, when using OpenSSL, generates insufficiently random numbers, which might allow remote authenticated users to have an unspecified impact via vectors related to the \"contrib/pgcrypto functions.\"",Unsupported
20130402,CVE-2013-1901,-1,-1,812525,postgresql94,https://www.suse.com/security/cve/CVE-2013-1901,"PostgreSQL 9.2.x before 9.2.4 and 9.1.x before 9.1.9 does not properly check REPLICATION privileges, which allows remote authenticated users to bypass intended backup restrictions by calling the (1) pg_start_backup or (2) pg_stop_backup functions.",Unsupported
20130403,CVE-2013-1914,-1,-1,813121,glibc,https://www.suse.com/security/cve/CVE-2013-1914,"Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in GNU C Library (aka glibc or libc6) 2.17 and earlier allows remote attackers to cause a denial of service (crash) via a (1) hostname or (2) IP address that triggers a large number of domain conversion results.",Released
20130404,CVE-2013-1915,-1,-1,813190,apache2-mod_security2,https://www.suse.com/security/cve/CVE-2013-1915,"ModSecurity before 2.7.3 allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via an XML external entity declaration in conjunction with an entity reference, aka an XML External Entity (XXE) vulnerability.",Released
20130404,CVE-2013-1923,-1,-1,813464,nfs-utils,https://www.suse.com/security/cve/CVE-2013-1923,"rpc-gssd in nfs-utils before 1.2.8 performs reverse DNS resolution for server names during GSSAPI authentication, which might allow remote attackers to read otherwise-restricted files via DNS spoofing attacks.",Released
20130408,CVE-2013-1929,-1,-1,813733,kernel-source,https://www.suse.com/security/cve/CVE-2013-1929,"Heap-based buffer overflow in the tg3_read_vpd function in drivers/net/ethernet/broadcom/tg3.c in the Linux kernel before 3.8.6 allows physically proximate attackers to cause a denial of service (system crash) or possibly execute arbitrary code via crafted firmware that specifies a long string in the Vital Product Data (VPD) data structure.",Already fixed
20130410,CVE-2013-1940,-1,-1,814653,xorg-x11-server,https://www.suse.com/security/cve/CVE-2013-1940,"X.Org X server before 1.13.4 and 1.4.x before 1.14.1 does not properly restrict access to input events when adding a new hot-plug device, which might allow physically proximate attackers to obtain sensitive information, as demonstrated by reading passwords from a tty.",Already fixed
20130411,CVE-2012-6054,-1,-1,807942,wireshark,https://www.suse.com/security/cve/CVE-2012-6054,"The dissect_sflow_245_address_type function in epan/dissectors/packet-sflow.c in the sFlow dissector in Wireshark 1.8.x before 1.8.4 does not properly handle length calculations for an invalid IP address type, which allows remote attackers to cause a denial of service (infinite loop) via a packet that is neither IPv4 nor IPv6.",Released
20130411,CVE-2013-1944,-1,-1,814655,curl,https://www.suse.com/security/cve/CVE-2013-1944,"The tailMatch function in cookie.c in cURL and libcurl before 7.30.0 does not properly match the path domain when sending cookies, which allows remote attackers to steal cookies via a matching suffix in the domain of a URL.",Released
20130412,CVE-2013-1591,,9.8,815064,pixman,https://www.suse.com/security/cve/CVE-2013-1591,"Stack-based buffer overflow in libpixman, as used in Pale Moon before 15.4 and possibly other products, has unspecified impact and context-dependent attack vectors.  NOTE: this issue might be resultant from an integer overflow in the fast_composite_scaled_bilinear function in pixman-inlines.h, which triggers an infinite loop.",Released
20130415,CVE-2013-2944,-1,-1,815236,strongswan,https://www.suse.com/security/cve/CVE-2013-2944,"strongSwan 4.3.5 through 5.0.3, when using the OpenSSL plugin for ECDSA signature verification, allows remote attackers to authenticate as other users via an invalid signature.",Released
20130419,CVE-2013-1969,-1,-1,815665,libxml2,https://www.suse.com/security/cve/CVE-2013-1969,"Multiple use-after-free vulnerabilities in libxml2 2.9.0 and possibly other versions might allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to the (1) htmlParseChunk and (2) xmldecl_done functions, as demonstrated by a buffer overflow in the xmlBufGetInputBase function.",Analysis
20130423,CVE-2013-1569,-1,-1,816720,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2013-1569,"Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.  NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to \"checking of [a] glyph table\" in the International Components for Unicode (ICU) Layout Engine before 51.2.",Affected
20130423,CVE-2013-1950,-1,-1,816627,libtirpc,https://www.suse.com/security/cve/CVE-2013-1950,"The svc_dg_getargs function in libtirpc 0.2.3 and earlier allows remote attackers to cause a denial of service (rpcbind crash) via a Sun RPC request with crafted arguments that trigger a free of an invalid pointer.",Analysis
20130423,CVE-2013-1979,-1,-1,816708,kernel-source,https://www.suse.com/security/cve/CVE-2013-1979,"The scm_set_cred function in include/net/scm.h in the Linux kernel before 3.8.11 uses incorrect uid and gid values during credentials passing, which allows local users to gain privileges via a crafted application.",Released
20130423,CVE-2013-2426,-1,-1,816720,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2013-2426,"Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.  NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to incorrect invocation of the defaultReadObject method in the ConcurrentHashMap class, which allows remote attackers to bypass the Java sandbox.",Released
20130423,CVE-2013-3226,-1,-1,816668,kernel-source,https://www.suse.com/security/cve/CVE-2013-3226,"The sco_sock_recvmsg function in net/bluetooth/sco.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.",Unsupported
20130423,CVE-2013-3230,-1,-1,816668,kernel-source,https://www.suse.com/security/cve/CVE-2013-3230,"The l2tp_ip6_recvmsg function in net/l2tp/l2tp_ip6.c in the Linux kernel before 3.9-rc7 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.",Unsupported
20130423,CVE-2013-3233,-1,-1,816668,kernel-source,https://www.suse.com/security/cve/CVE-2013-3233,"The llcp_sock_recvmsg function in net/nfc/llcp/sock.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable and a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.",Already fixed
20130423,CVE-2013-3236,-1,-1,816668,kernel-source,https://www.suse.com/security/cve/CVE-2013-3236,"The vmci_transport_dgram_dequeue function in net/vmw_vsock/vmci_transport.c in the Linux kernel before 3.9-rc7 does not properly initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.",Unsupported
20130426,CVE-2013-1981,-1,-1,815451,Mesa,https://www.suse.com/security/cve/CVE-2013-1981,"Multiple integer overflows in X.org libX11 1.5.99.901 (1.6 RC1) and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XQueryFont, (2) _XF86BigfontQueryFont, (3) XListFontsWithInfo, (4) XGetMotionEvents, (5) XListHosts, (6) XGetModifierMapping, (7) XGetPointerMapping, (8) XGetKeyboardMapping, (9) XGetWindowProperty, (10) XGetImage, (11) LoadColornameDB, (12) XrmGetFileDatabase, (13) _XimParseStringFile, or (14) TransFileName functions.",Already fixed
20130426,CVE-2013-1981,-1,-1,815451,xorg-x11-libX11,https://www.suse.com/security/cve/CVE-2013-1981,"Multiple integer overflows in X.org libX11 1.5.99.901 (1.6 RC1) and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XQueryFont, (2) _XF86BigfontQueryFont, (3) XListFontsWithInfo, (4) XGetMotionEvents, (5) XListHosts, (6) XGetModifierMapping, (7) XGetPointerMapping, (8) XGetKeyboardMapping, (9) XGetWindowProperty, (10) XGetImage, (11) LoadColornameDB, (12) XrmGetFileDatabase, (13) _XimParseStringFile, or (14) TransFileName functions.",Released
20130426,CVE-2013-1993,-1,-1,815451,Mesa,https://www.suse.com/security/cve/CVE-2013-1993,"Multiple integer overflows in X.org libGLX in Mesa 9.1.1 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XF86DRIOpenConnection and (2) XF86DRIGetClientDriverName functions.",Already fixed
20130426,CVE-2013-1997,-1,-1,815451,Mesa,https://www.suse.com/security/cve/CVE-2013-1997,"Multiple buffer overflows in X.org libX11 1.5.99.901 (1.6 RC1) and earlier allow X servers to cause a denial of service (crash) and possibly execute arbitrary code via crafted length or index values to the (1) XAllocColorCells, (2) _XkbReadGetDeviceInfoReply, (3) _XkbReadGeomShapes, (4) _XkbReadGetGeometryReply, (5) _XkbReadKeySyms, (6) _XkbReadKeyActions, (7) _XkbReadKeyBehaviors, (8) _XkbReadModifierMap, (9) _XkbReadExplicitComponents, (10) _XkbReadVirtualModMap, (11) _XkbReadGetNamesReply, (12) _XkbReadGetMapReply, (13) _XimXGetReadData, (14) XListFonts, (15) XListExtensions, and (16) XGetFontPath functions.",Already fixed
20130426,CVE-2013-1997,-1,-1,815451,xorg-x11-libX11,https://www.suse.com/security/cve/CVE-2013-1997,"Multiple buffer overflows in X.org libX11 1.5.99.901 (1.6 RC1) and earlier allow X servers to cause a denial of service (crash) and possibly execute arbitrary code via crafted length or index values to the (1) XAllocColorCells, (2) _XkbReadGetDeviceInfoReply, (3) _XkbReadGeomShapes, (4) _XkbReadGetGeometryReply, (5) _XkbReadKeySyms, (6) _XkbReadKeyActions, (7) _XkbReadKeyBehaviors, (8) _XkbReadModifierMap, (9) _XkbReadExplicitComponents, (10) _XkbReadVirtualModMap, (11) _XkbReadGetNamesReply, (12) _XkbReadGetMapReply, (13) _XimXGetReadData, (14) XListFonts, (15) XListExtensions, and (16) XGetFontPath functions.",Released
20130426,CVE-2013-2776,-1,-1,806921,sudo,https://www.suse.com/security/cve/CVE-2013-2776,"sudo 1.3.5 through 1.7.10p5 and 1.8.0 through 1.8.6p6, when running on systems without /proc or the sysctl function with the tty_tickets option enabled, does not properly validate the controlling terminal device, which allows local users with sudo permissions to hijack the authorization of another terminal via vectors related to connecting to the standard input, output, and error file descriptors of another terminal.  NOTE: this is one of three closely-related vulnerabilities that were originally assigned CVE-2013-1776, but they have been SPLIT because of different affected versions.",Already fixed
20130426,CVE-2013-2777,-1,-1,806921,sudo,https://www.suse.com/security/cve/CVE-2013-2777,"sudo before 1.7.10p5 and 1.8.x before 1.8.6p6, when the tty_tickets option is enabled, does not properly validate the controlling terminal device, which allows local users with sudo permissions to hijack the authorization of another terminal via vectors related to a session without a controlling terminal device and connecting to the standard input, output, and error file descriptors of another terminal.  NOTE: this is one of three closely-related vulnerabilities that were originally assigned CVE-2013-1776, but they have been SPLIT because of different affected versions.",Already fixed
20130429,CVE-2013-1960,-1,-1,817573,tiff,https://www.suse.com/security/cve/CVE-2013-1960,"Heap-based buffer overflow in the t2p_process_jpeg_strip function in tiff2pdf in libtiff 4.0.3 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF image file.",Released
20130429,CVE-2013-1961,-1,-1,817573,tiff,https://www.suse.com/security/cve/CVE-2013-1961,"Stack-based buffer overflow in the t2p_write_pdf_page function in tiff2pdf in libtiff before 4.0.3 allows remote attackers to cause a denial of service (application crash) via a crafted image length and resolution in a TIFF image file.",Released
20130429,CVE-2013-3301,-1,-1,815256,kernel-source,https://www.suse.com/security/cve/CVE-2013-3301,"The ftrace implementation in the Linux kernel before 3.8.8 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by leveraging the CAP_SYS_ADMIN capability for write access to the (1) set_ftrace_pid or (2) set_graph_function file, and then making an lseek system call.",Already fixed
20130429,CVE-2013-3302,-1,-1,815266,kernel-source,https://www.suse.com/security/cve/CVE-2013-3302,"Race condition in the smb_send_rqst function in fs/cifs/transport.c in the Linux kernel before 3.7.2 allows local users to cause a denial of service (NULL pointer dereference and OOPS) or possibly have unspecified other impact via vectors involving a reconnection event.",Analysis
20130430,CVE-2013-1824,-1,-1,807707,php53,https://www.suse.com/security/cve/CVE-2013-1824,"The SOAP parser in PHP before 5.3.22 and 5.4.x before 5.4.12 allows remote attackers to read arbitrary files via a SOAP WSDL file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue in the soap_xmlParseFile and soap_xmlParseMemory functions.",Already fixed
20130430,CVE-2013-2015,-1,-1,817377,kernel-source,https://www.suse.com/security/cve/CVE-2013-2015,"The ext4_orphan_del function in fs/ext4/namei.c in the Linux kernel before 3.7.3 does not properly handle orphan-list entries for non-journal filesystems, which allows physically proximate attackers to cause a denial of service (system hang) via a crafted filesystem on removable media, as demonstrated by the e2fsprogs tests/f_orphan_extents_inode/image.gz test.",Already fixed
20130430,CVE-2013-2017,-1,-1,817643,kernel-source,https://www.suse.com/security/cve/CVE-2013-2017,"The veth (aka virtual Ethernet) driver in the Linux kernel before 2.6.34 does not properly manage skbs during congestion, which allows remote attackers to cause a denial of service (system crash) by leveraging lack of skb consumption in conjunction with a double-free error.",Analysis
20130430,CVE-2013-2020,-1,-1,816865,clamav,https://www.suse.com/security/cve/CVE-2013-2020,"Integer underflow in the cli_scanpe function in pe.c in ClamAV before 0.97.8 allows remote attackers to cause a denial of service (crash) via a skewed offset larger than the size of the PE section in a UPX packed executable, which triggers an out-of-bounds read.",Released
20130430,CVE-2013-2021,-1,-1,816865,clamav,https://www.suse.com/security/cve/CVE-2013-2021,"pdf.c in ClamAV 0.97.1 through 0.97.7 allows remote attackers to cause a denial of service (out-of-bounds-read) via a crafted length value in an encrypted PDF file.",Released
20130514,CVE-2013-2094,-1,-1,819789,kernel-source,https://www.suse.com/security/cve/CVE-2013-2094,"The perf_swevent_init function in kernel/events/core.c in the Linux kernel before 3.8.9 uses an incorrect integer data type, which allows local users to gain privileges via a crafted perf_event_open system call.",Already fixed
20130521,CVE-2013-3555,-1,-1,820566,wireshark,https://www.suse.com/security/cve/CVE-2013-3555,"epan/dissectors/packet-gtpv2.c in the GTPv2 dissector in Wireshark 1.8.x before 1.8.7 calls incorrect functions in certain contexts related to ciphers, which allows remote attackers to cause a denial of service (application crash) via a malformed packet.",Released
20130521,CVE-2013-3556,-1,-1,820566,wireshark,https://www.suse.com/security/cve/CVE-2013-3556,"The fragment_add_seq_common function in epan/reassemble.c in the ASN.1 BER dissector in Wireshark before r48943 has an incorrect pointer dereference during a comparison, which allows remote attackers to cause a denial of service (application crash) via a malformed packet.",Released
20130521,CVE-2013-3557,-1,-1,820566,wireshark,https://www.suse.com/security/cve/CVE-2013-3557,"The dissect_ber_choice function in epan/dissectors/packet-ber.c in the ASN.1 BER dissector in Wireshark 1.6.x before 1.6.15 and 1.8.x before 1.8.7 does not properly initialize a certain variable, which allows remote attackers to cause a denial of service (application crash) via a malformed packet.",Released
20130521,CVE-2013-3558,-1,-1,820566,wireshark,https://www.suse.com/security/cve/CVE-2013-3558,"The dissect_ccp_bsdcomp_opt function in epan/dissectors/packet-ppp.c in the PPP CCP dissector in Wireshark 1.8.x before 1.8.7 does not terminate a bit-field list, which allows remote attackers to cause a denial of service (application crash) via a malformed packet.",Released
20130521,CVE-2013-3559,-1,-1,820566,wireshark,https://www.suse.com/security/cve/CVE-2013-3559,"epan/dissectors/packet-dcp-etsi.c in the DCP ETSI dissector in Wireshark 1.8.x before 1.8.7 uses incorrect integer data types, which allows remote attackers to cause a denial of service (integer overflow, and heap memory corruption or NULL pointer dereference, and application crash) via a malformed packet.",Released
20130521,CVE-2013-3560,-1,-1,820566,wireshark,https://www.suse.com/security/cve/CVE-2013-3560,"The dissect_dsmcc_un_download function in epan/dissectors/packet-mpeg-dsmcc.c in the MPEG DSM-CC dissector in Wireshark 1.8.x before 1.8.7 uses an incorrect format string, which allows remote attackers to cause a denial of service (application crash) via a malformed packet.",Released
20130521,CVE-2013-3561,-1,-1,820566,wireshark,https://www.suse.com/security/cve/CVE-2013-3561,"Multiple integer overflows in Wireshark 1.8.x before 1.8.7 allow remote attackers to cause a denial of service (loop or application crash) via a malformed packet, related to a crash of the Websocket dissector, an infinite loop in the MySQL dissector, and a large loop in the ETCH dissector.",Released
20130521,CVE-2013-3562,-1,-1,820566,wireshark,https://www.suse.com/security/cve/CVE-2013-3562,"Multiple integer signedness errors in the tvb_unmasked function in epan/dissectors/packet-websocket.c in the Websocket dissector in Wireshark 1.8.x before 1.8.7 allow remote attackers to cause a denial of service (application crash) via a malformed packet.",Released
20130524,CVE-2013-2064,,,815451,xorg-x11-libxcb,https://www.suse.com/security/cve/CVE-2013-2064,"Integer overflow in X.org libxcb 1.9 and earlier allows X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the read_packet function.",Already fixed
20130524,CVE-2013-2850,-1,-1,821560,kernel-source,https://www.suse.com/security/cve/CVE-2013-2850,"Heap-based buffer overflow in the iscsi_add_notunderstood_response function in drivers/target/iscsi/iscsi_target_parameters.c in the iSCSI target subsystem in the Linux kernel through 3.9.4 allows remote attackers to cause a denial of service (memory corruption and OOPS) or possibly execute arbitrary code via a long key that is not properly handled during construction of an error-response packet.",Already fixed
20130527,CVE-2013-2074,2.8,,821833,kdelibs3,https://www.suse.com/security/cve/CVE-2013-2074,"kioslave/http/http.cpp in KIO in kdelibs 4.10.3 and earlier allows attackers to discover credentials via a crafted request that triggers an \"internal server error,\" which includes the username and password in an error message.",Ignore
20130527,CVE-2013-2074,2.8,,821833,kdelibs4,https://www.suse.com/security/cve/CVE-2013-2074,"kioslave/http/http.cpp in KIO in kdelibs 4.10.3 and earlier allows attackers to discover credentials via a crafted request that triggers an \"internal server error,\" which includes the username and password in an error message.",Affected
20130527,CVE-2013-2116,-1,-1,821818,gnutls,https://www.suse.com/security/cve/CVE-2013-2116,"The _gnutls_ciphertext2compressed function in lib/gnutls_cipher.c in GnuTLS 2.12.23 allows remote attackers to cause a denial of service (buffer over-read and crash) via a crafted padding length. NOTE: this might be due to an incorrect fix for CVE-2013-0169.",Released
20130528,CVE-2013-3571,-1,-1,821985,socat,https://www.suse.com/security/cve/CVE-2013-3571,"socat 1.2.0.0 before 1.7.2.2 and 2.0.0-b1 before 2.0.0-b6, when used for a listen type address and the fork option is enabled, allows remote attackers to cause a denial of service (file descriptor consumption) via multiple request that are refused based on the (1) sourceport, (2) lowport, (3) range, or (4) tcpwrap restrictions.",Released
20130529,CVE-2013-1976,-1,-1,822177,tomcat6,https://www.suse.com/security/cve/CVE-2013-1976,"The (1) tomcat5, (2) tomcat6, and (3) tomcat7 init scripts, as used in the RPM distribution of Tomcat for JBoss Enterprise Web Server 1.0.2 and 2.0.0, and Red Hat Enterprise Linux 5 and 6, allow local users to change the ownership of arbitrary files via a symlink attack on (a) tomcat5-initd.log, (b) tomcat6-initd.log, (c) catalina.out, or (d) tomcat7-initd.log.",Released
20130529,CVE-2013-2051,-1,-1,822177,tomcat6,https://www.suse.com/security/cve/CVE-2013-2051,"The Tomcat 6 DIGEST authentication functionality as used in Red Hat Enterprise Linux 6 allows remote attackers to bypass intended access restrictions by performing a replay attack after a nonce becomes stale. NOTE: this issue is due to an incomplete fix for CVE-2012-5887.",Released
20130531,CVE-2013-2120,,8.4,822595,plasma-addons,https://www.suse.com/security/cve/CVE-2013-2120,"The %{password(...)} macro in pastemacroexpander.cpp in the KDE Paste Applet before 4.10.5 in kdeplasma-addons does not properly generate passwords, which allows context-dependent attackers to bypass authentication via a brute-force attack.",Analysis
20130531,CVE-2013-2765,-1,-1,822664,apache2-mod_security2,https://www.suse.com/security/cve/CVE-2013-2765,"The ModSecurity module before 2.7.4 for the Apache HTTP Server allows remote attackers to cause a denial of service (NULL pointer dereference, process crash, and disk consumption) via a POST request with a large body and a crafted Content-Type header.",Released
20130531,CVE-2013-2851,-1,-1,822575,kernel-source,https://www.suse.com/security/cve/CVE-2013-2851,"Format string vulnerability in the register_disk function in block/genhd.c in the Linux kernel through 3.9.4 allows local users to gain privileges by leveraging root access and writing format string specifiers to /sys/module/md_mod/parameters/new_array in order to create a crafted /dev/md device name.",Already fixed
20130531,CVE-2013-2852,-1,-1,822579,kernel-source,https://www.suse.com/security/cve/CVE-2013-2852,"Format string vulnerability in the b43_request_firmware function in drivers/net/wireless/b43/main.c in the Broadcom B43 wireless driver in the Linux kernel through 3.9.4 allows local users to gain privileges by leveraging root access and including format string specifiers in an fwpostfix modprobe parameter, leading to improper construction of an error message.",Already fixed
20130603,CVE-2013-1959,-1,-1,822832,kernel-source,https://www.suse.com/security/cve/CVE-2013-1959,"kernel/user_namespace.c in the Linux kernel before 3.8.9 does not have appropriate capability requirements for the uid_map and gid_map files, which allows local users to gain privileges by opening a file within an unprivileged process and then modifying the file within a privileged process.",Analysis
20130604,CVE-2013-2067,,,822177,tomcat6,https://www.suse.com/security/cve/CVE-2013-2067,"java/org/apache/catalina/authenticator/FormAuthenticator.java in the form authentication feature in Apache Tomcat 6.0.21 through 6.0.36 and 7.x before 7.0.33 does not properly handle the relationships between authentication requirements and sessions, which allows remote attackers to inject a request into a session by sending this request during completion of the login form, a variant of a session fixation attack.",Released
20130606,CVE-2013-2147,-1,-1,823260,kernel-source,https://www.suse.com/security/cve/CVE-2013-2147,"The HP Smart Array controller disk-array driver and Compaq SMART2 controller disk-array driver in the Linux kernel through 3.9.4 do not initialize certain data structures, which allows local users to obtain sensitive information from kernel memory via (1) a crafted IDAGETPCIINFO command for a /dev/ida device, related to the ida_locked_ioctl function in drivers/block/cpqarray.c or (2) a crafted CCISS_PASSTHRU32 command for a /dev/cciss device, related to the cciss_ioctl32_passthru function in drivers/block/cciss.c.",Already fixed
20130606,CVE-2013-2148,-1,-1,823517,kernel-source,https://www.suse.com/security/cve/CVE-2013-2148,"The fill_event_metadata function in fs/notify/fanotify/fanotify_user.c in the Linux kernel through 3.9.4 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel memory via a read operation on the fanotify descriptor.",Already fixed
20130606,CVE-2013-3919,-1,-1,823664,bind,https://www.suse.com/security/cve/CVE-2013-3919,"resolver.c in ISC BIND 9.8.5 before 9.8.5-P1, 9.9.3 before 9.9.3-P1, and 9.6-ESV-R9 before 9.6-ESV-R9-P1, when a recursive resolver is configured, allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query for a record in a malformed zone.",Analysis
20130611,CVE-2013-2164,-1,-1,824295,kernel-source,https://www.suse.com/security/cve/CVE-2013-2164,"The mmc_ioctl_cdrom_read_data function in drivers/cdrom/cdrom.c in the Linux kernel through 3.10 allows local users to obtain sensitive information from kernel memory via a read operation on a malfunctioning CD-ROM drive.",Already fixed
20130613,CVE-2013-2174,-1,-1,824517,curl,https://www.suse.com/security/cve/CVE-2013-2174,"Heap-based buffer overflow in the curl_easy_unescape function in lib/escape.c in cURL and libcurl 7.7 through 7.30.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted string ending in a \"%\" (percent) character.",Released
20130614,CVE-2011-4098,-1,-1,824992,kernel-source,https://www.suse.com/security/cve/CVE-2011-4098,"The fallocate implementation in the GFS2 filesystem in the Linux kernel before 3.2 relies on the page cache, which might allow local users to cause a denial of service by preallocating blocks in certain situations involving insufficient memory.",Analysis
20130614,CVE-2013-1956,-1,-1,824997,kernel-source,https://www.suse.com/security/cve/CVE-2013-1956,"The create_user_ns function in kernel/user_namespace.c in the Linux kernel before 3.8.6 does not check whether a chroot directory exists that differs from the namespace root directory, which allows local users to bypass intended filesystem restrictions via a crafted clone system call.",Analysis
20130614,CVE-2013-1957,-1,-1,825001,kernel-source,https://www.suse.com/security/cve/CVE-2013-1957,"The clone_mnt function in fs/namespace.c in the Linux kernel before 3.8.6 does not properly restrict changes to the MNT_READONLY flag, which allows local users to bypass an intended read-only property of a filesystem by leveraging a separate mount namespace.",Analysis
20130614,CVE-2013-1958,-1,-1,825001,kernel-source,https://www.suse.com/security/cve/CVE-2013-1958,"The scm_check_creds function in net/core/scm.c in the Linux kernel before 3.8.6 does not properly enforce capability requirements for controlling the PID value associated with a UNIX domain socket, which allows local users to bypass intended access restrictions by leveraging the time interval during which a user namespace has been created but a PID namespace has not been created.",Analysis
20130614,CVE-2013-2146,-1,-1,825006,kernel-source,https://www.suse.com/security/cve/CVE-2013-2146,"arch/x86/kernel/cpu/perf_event_intel.c in the Linux kernel before 3.8.9, when the Performance Events Subsystem is enabled, specifies an incorrect bitmask, which allows local users to cause a denial of service (general protection fault and system crash) by attempting to set a reserved bit.",Already fixed
20130614,CVE-2013-4074,-1,-1,824900,wireshark,https://www.suse.com/security/cve/CVE-2013-4074,"The dissect_capwap_data function in epan/dissectors/packet-capwap.c in the CAPWAP dissector in Wireshark 1.6.x before 1.6.16 and 1.8.x before 1.8.8 incorrectly uses a -1 data value to represent an error condition, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.",Released
20130614,CVE-2013-4075,-1,-1,824900,wireshark,https://www.suse.com/security/cve/CVE-2013-4075,"epan/dissectors/packet-gmr1_bcch.c in the GMR-1 BCCH dissector in Wireshark 1.8.x before 1.8.8 does not properly initialize memory, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.",Released
20130614,CVE-2013-4076,-1,-1,824900,wireshark,https://www.suse.com/security/cve/CVE-2013-4076,"Buffer overflow in the dissect_iphc_crtp_fh function in epan/dissectors/packet-ppp.c in the PPP dissector in Wireshark 1.8.x before 1.8.8 allows remote attackers to cause a denial of service (application crash) via a crafted packet.",Released
20130614,CVE-2013-4077,-1,-1,824900,wireshark,https://www.suse.com/security/cve/CVE-2013-4077,"Array index error in the NBAP dissector in Wireshark 1.8.x before 1.8.8 allows remote attackers to cause a denial of service (application crash) via a crafted packet, related to nbap.cnf and packet-nbap.c.",Released
20130614,CVE-2013-4078,-1,-1,824900,wireshark,https://www.suse.com/security/cve/CVE-2013-4078,"epan/dissectors/packet-rdp.c in the RDP dissector in Wireshark 1.8.x before 1.8.8 does not validate return values during checks for data availability, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.",Released
20130614,CVE-2013-4079,-1,-1,824900,wireshark,https://www.suse.com/security/cve/CVE-2013-4079,"The dissect_schedule_message function in epan/dissectors/packet-gsm_cbch.c in the GSM CBCH dissector in Wireshark 1.8.x before 1.8.8 allows remote attackers to cause a denial of service (infinite loop and application hang) via a crafted packet.",Released
20130614,CVE-2013-4080,-1,-1,824900,wireshark,https://www.suse.com/security/cve/CVE-2013-4080,"The dissect_r3_upstreamcommand_queryconfig function in epan/dissectors/packet-assa_r3.c in the Assa Abloy R3 dissector in Wireshark 1.8.x before 1.8.8 does not properly handle a zero-length item, which allows remote attackers to cause a denial of service (infinite loop, and CPU and memory consumption) via a crafted packet.",Released
20130614,CVE-2013-4081,-1,-1,824900,wireshark,https://www.suse.com/security/cve/CVE-2013-4081,"The http_payload_subdissector function in epan/dissectors/packet-http.c in the HTTP dissector in Wireshark 1.6.x before 1.6.16 and 1.8.x before 1.8.8 does not properly determine when to use a recursive approach, which allows remote attackers to cause a denial of service (stack consumption) via a crafted packet.",Released
20130614,CVE-2013-4082,-1,-1,824900,wireshark,https://www.suse.com/security/cve/CVE-2013-4082,"The vwr_read function in wiretap/vwr.c in the Ixia IxVeriWave file parser in Wireshark 1.8.x before 1.8.8 does not validate the relationship between a record length and a trailer length, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) via a crafted packet.",Released
20130614,CVE-2013-4083,-1,-1,824900,wireshark,https://www.suse.com/security/cve/CVE-2013-4083,"The dissect_pft function in epan/dissectors/packet-dcp-etsi.c in the DCP ETSI dissector in Wireshark 1.6.x before 1.6.16, 1.8.x before 1.8.8, and 1.10.0 does not validate a certain fragment length value, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.",Released
20130619,CVE-2013-1500,-1,-1,825624,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2013-1500,"Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows local users to affect confidentiality and integrity via unknown vectors related to 2D.  NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to weak permissions for shared memory.",Released
20130620,CVE-2002-2443,-1,-1,825985,krb5,https://www.suse.com/security/cve/CVE-2002-2443,"schpw.c in the kpasswd service in kadmind in MIT Kerberos 5 (aka krb5) before 1.11.3 does not properly validate UDP packets before sending responses, which allows remote attackers to cause a denial of service (CPU and bandwidth consumption) via a forged packet that triggers a communication loop, as demonstrated by krb_pingpong.nasl, a related issue to CVE-1999-0103.",Released
20130620,CVE-2013-3567,-1,-1,1040151,puppet,https://www.suse.com/security/cve/CVE-2013-3567,"Puppet 2.7.x before 2.7.22 and 3.2.x before 3.2.2, and Puppet Enterprise before 2.8.2, deserializes untrusted YAML, which allows remote attackers to instantiate arbitrary Ruby classes and execute arbitrary code via a crafted REST API call.",Released
20130621,CVE-2013-2206,-1,-1,781018,kernel-source,https://www.suse.com/security/cve/CVE-2013-2206,"The sctp_sf_do_5_2_4_dupcook function in net/sctp/sm_statefuns.c in the SCTP implementation in the Linux kernel before 3.8.5 does not properly handle associations during the processing of a duplicate COOKIE ECHO chunk, which allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via crafted SCTP traffic.",Already fixed
20130624,CVE-2013-1059,-1,-1,826350,kernel-source,https://www.suse.com/security/cve/CVE-2013-1059,"net/ceph/auth_none.c in the Linux kernel through 3.10 allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via an auth_reply message that triggers an attempted build_request operation.",Already fixed
20130627,CVE-2013-2214,-1,-1,827020,nagios,https://www.suse.com/security/cve/CVE-2013-2214,"status.cgi in Nagios 4.0 before 4.0 beta4 and 3.x before 3.5.1 does not properly restrict access to certain users that are a contact for a service, which allows remote authenticated users to obtain sensitive information about hostnames via the servicegroup (1) overview, (2) summary, or (3) grid style in status.cgi. NOTE: this behavior is by design in most 3.x versions, but the upstream vendor \"decided to change it for Nagios 4\" and 3.5.1.",Already fixed
20130628,CVE-2013-4073,-1,-1,827265,ruby,https://www.suse.com/security/cve/CVE-2013-4073,"The OpenSSL::SSL.verify_certificate_identity function in lib/openssl/ssl.rb in Ruby 1.8 before 1.8.7-p374, 1.9 before 1.9.3-p448, and 2.0 before 2.0.0-p247 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.",Released
20130701,CVE-2013-2224,-1,-1,827565,kernel-source,https://www.suse.com/security/cve/CVE-2013-2224,"A certain Red Hat patch for the Linux kernel 2.6.32 on Red Hat Enterprise Linux (RHEL) 6 allows local users to cause a denial of service (invalid free operation and system crash) or possibly gain privileges via a sendmsg system call with the IP_RETOPTS option, as demonstrated by hemlock.c. NOTE: this vulnerability exists because of an incorrect fix for CVE-2012-3552.",Analysis
20130702,CVE-2013-2218,-1,-1,827741,libvirt,https://www.suse.com/security/cve/CVE-2013-2218,"Double free vulnerability in the virConnectListAllInterfaces method in interface/interface_backend_netcf.c in libvirt 1.0.6 allows remote attackers to cause a denial of service (libvirtd crash) via a filtering flag that causes an interface to be skipped, as demonstrated by the \"virsh iface-list --inactive\" command.",Analysis
20130703,CVE-2013-1872,-1,-1,828007,Mesa,https://www.suse.com/security/cve/CVE-2013-1872,"The Intel drivers in Mesa 8.0.x and 9.0.x allow context-dependent attackers to cause a denial of service (reachable assertion and crash) and possibly execute arbitrary code via vectors involving 3d graphics that trigger an out-of-bounds array access, related to the fs_visitor::remove_dead_constants function. NOTE: this issue might be related to CVE-2013-0796.",Released
20130703,CVE-2013-1935,-1,-1,828015,kernel-source,https://www.suse.com/security/cve/CVE-2013-1935,"A certain Red Hat patch to the KVM subsystem in the kernel package before 2.6.32-358.11.1.el6 on Red Hat Enterprise Linux (RHEL) 6 does not properly implement the PV EOI feature, which allows guest OS users to cause a denial of service (host OS crash) by leveraging a time window during which interrupts are disabled but copy_to_user function calls are possible.",Analysis
20130703,CVE-2013-2124,-1,-1,828006,libguestfs,https://www.suse.com/security/cve/CVE-2013-2124,"Double free vulnerability in inspect-fs.c in LibguestFS 1.20.x before 1.20.7, 1.21.x, 1.22.0, and 1.23.0 allows remote attackers to cause a denial of service (crash) via empty guest files.",Already fixed
20130703,CVE-2013-2131,-1,-1,828003,rrdtool,https://www.suse.com/security/cve/CVE-2013-2131,"Format string vulnerability in the rrdtool module 1.4.7 for Python, as used in Zenoss, allows context-dependent attackers to cause a denial of service (crash) via format string specifiers to the rrdtool.graph function.",Won't fix
20130703,CVE-2013-2230,-1,-1,827801,libvirt,https://www.suse.com/security/cve/CVE-2013-2230,"The qemu driver (qemu/qemu_driver.c) in libvirt before 1.1.1 allows remote authenticated users to cause a denial of service (daemon crash) via unspecified vectors involving \"multiple events registration.\"",Analysis
20130703,CVE-2013-2232,-1,-1,827750,kernel-source,https://www.suse.com/security/cve/CVE-2013-2232,"The ip6_sk_dst_check function in net/ipv6/ip6_output.c in the Linux kernel before 3.10 allows local users to cause a denial of service (system crash) by using an AF_INET6 socket for a connection to an IPv4 interface.",Already fixed
20130703,CVE-2013-2234,-1,-1,827749,kernel-source,https://www.suse.com/security/cve/CVE-2013-2234,"The (1) key_notify_sa_flush and (2) key_notify_policy_flush functions in net/key/af_key.c in the Linux kernel before 3.10 do not initialize certain structure members, which allows local users to obtain sensitive information from kernel heap memory by reading a broadcast message from the notify interface of an IPSec key_socket.",Already fixed
20130704,CVE-2013-2236,,,828117,quagga,https://www.suse.com/security/cve/CVE-2013-2236,"Stack-based buffer overflow in the new_msg_lsa_change_notify function in the OSPFD API (ospf_api.c) in Quagga before 0.99.22.2, when --enable-opaque-lsa and the -a command line option are used, allows remote attackers to cause a denial of service (crash) via a large LSA.",Released
20130704,CVE-2013-2237,-1,-1,828119,kernel-source,https://www.suse.com/security/cve/CVE-2013-2237,"The key_notify_policy_flush function in net/key/af_key.c in the Linux kernel before 3.9 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel heap memory by reading a broadcast message from the notify_policy interface of an IPSec key_socket.",Already fixed
20130704,CVE-2013-4758,-1,-1,828140,rsyslog,https://www.suse.com/security/cve/CVE-2013-4758,"Double free vulnerability in the writeDataError function in the ElasticSearch plugin (omelasticsearch) in rsyslog before 7.4.2 and before 7.5.2 devel, when errorfile is set to local logging, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted JSON response.",Analysis
20130710,CVE-2013-2869,-1,-1,828893,libxml2,https://www.suse.com/security/cve/CVE-2013-2869,"Google Chrome before 28.0.1500.71 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted JPEG2000 image.",Released
20130710,CVE-2013-2870,-1,-1,828893,libxml2,https://www.suse.com/security/cve/CVE-2013-2870,"Use-after-free vulnerability in Google Chrome before 28.0.1500.71 allows remote servers to execute arbitrary code via crafted response traffic after a URL request.",Released
20130710,CVE-2013-2871,-1,-1,828893,libxml2,https://www.suse.com/security/cve/CVE-2013-2871,"Use-after-free vulnerability in Google Chrome before 28.0.1500.71 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of input.",Released
20130710,CVE-2013-2872,-1,-1,828893,libxml2,https://www.suse.com/security/cve/CVE-2013-2872,"Google Chrome before 28.0.1500.71 on Mac OS X does not ensure a sufficient source of entropy for renderer processes, which might make it easier for remote attackers to defeat cryptographic protection mechanisms in third-party components via unspecified vectors.",Released
20130710,CVE-2013-2873,-1,-1,828893,libxml2,https://www.suse.com/security/cve/CVE-2013-2873,"Use-after-free vulnerability in Google Chrome before 28.0.1500.71 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving a 404 HTTP status code during the loading of resources.",Released
20130710,CVE-2013-2874,-1,-1,828893,libxml2,https://www.suse.com/security/cve/CVE-2013-2874,"Google Chrome before 28.0.1500.71 on Windows, when an Nvidia GPU is used, allows remote attackers to bypass intended restrictions on access to screen data via vectors involving IPC transmission of GL textures.",Released
20130710,CVE-2013-2875,-1,-1,828893,libxml2,https://www.suse.com/security/cve/CVE-2013-2875,"core/rendering/svg/SVGInlineTextBox.cpp in the SVG implementation in Blink, as used in Google Chrome before 28.0.1500.71, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.",Released
20130710,CVE-2013-2876,-1,-1,828893,libxml2,https://www.suse.com/security/cve/CVE-2013-2876,"browser/extensions/api/tabs/tabs_api.cc in Google Chrome before 28.0.1500.71 does not properly enforce restrictions on the capture of screenshots by extensions, which allows remote attackers to obtain sensitive information about the content of a previous page via vectors involving an interstitial page.",Released
20130710,CVE-2013-2877,-1,-1,1123919,libxml2,https://www.suse.com/security/cve/CVE-2013-2877,"parser.c in libxml2 before 2.9.0, as used in Google Chrome before 28.0.1500.71 and other products, allows remote attackers to cause a denial of service (out-of-bounds read) via a document that ends abruptly, related to the lack of certain checks for the XML_PARSER_EOF state.",Released
20130710,CVE-2013-2878,-1,-1,828893,libxml2,https://www.suse.com/security/cve/CVE-2013-2878,"Google Chrome before 28.0.1500.71 allows remote attackers to cause a denial of service (out-of-bounds read) via vectors related to the handling of text.",Released
20130710,CVE-2013-2879,-1,-1,828893,libxml2,https://www.suse.com/security/cve/CVE-2013-2879,"Google Chrome before 28.0.1500.71 does not properly determine the circumstances in which a renderer process can be considered a trusted process for sign-in and subsequent sync operations, which makes it easier for remote attackers to conduct phishing attacks via a crafted web site.",Released
20130710,CVE-2013-2880,-1,-1,828893,libxml2,https://www.suse.com/security/cve/CVE-2013-2880,"Multiple unspecified vulnerabilities in Google Chrome before 28.0.1500.71 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.",Released
20130711,CVE-2013-1862,-1,-1,829056,apache2,https://www.suse.com/security/cve/CVE-2013-1862,"mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator.",Released
20130711,CVE-2013-1896,-1,-1,829056,apache2,https://www.suse.com/security/cve/CVE-2013-1896,"mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service (segmentation fault) via a MERGE request in which the URI is configured for handling by the mod_dav_svn module, but a certain href attribute in XML data refers to a non-DAV URI.",Released
20130712,CVE-2013-4115,-1,-1,829084,squid3,https://www.suse.com/security/cve/CVE-2013-4115,"Buffer overflow in the idnsALookup function in dns_internal.cc in Squid 3.2 through 3.2.11 and 3.3 through 3.3.6 allows remote attackers to cause a denial of service (memory corruption and server termination) via a long name in a DNS lookup request.",Released
20130712,CVE-2013-4115,-1,-1,829084,squid,https://www.suse.com/security/cve/CVE-2013-4115,"Buffer overflow in the idnsALookup function in dns_internal.cc in Squid 3.2 through 3.2.11 and 3.3 through 3.3.6 allows remote attackers to cause a denial of service (memory corruption and server termination) via a long name in a DNS lookup request.",Released
20130715,CVE-2013-4122,-1,-1,1123874,cyrus-sasl,https://www.suse.com/security/cve/CVE-2013-4122,"Cyrus SASL 2.1.23, 2.1.26, and earlier does not properly handle when a NULL value is returned upon an error by the crypt function as implemented in glibc 2.17 and later, which allows remote attackers to cause a denial of service (thread crash and consumption) via (1) an invalid salt or, when FIPS-140 is enabled, a (2) DES or (3) MD5 encrypted password, which triggers a NULL pointer dereference.",Analysis
20130716,CVE-2013-4125,-1,-1,829446,kernel-source,https://www.suse.com/security/cve/CVE-2013-4125,"The fib6_add_rt2node function in net/ipv6/ip6_fib.c in the IPv6 stack in the Linux kernel through 3.10.1 does not properly handle Router Advertisement (RA) messages in certain circumstances involving three routes that initially qualified for membership in an ECMP route set until a change occurred for one of the first two routes, which allows remote attackers to cause a denial of service (system crash) via a crafted sequence of messages.",Analysis
20130716,CVE-2013-4127,-1,-1,829617,kernel-source,https://www.suse.com/security/cve/CVE-2013-4127,"Use-after-free vulnerability in the vhost_net_set_backend function in drivers/vhost/net.c in the Linux kernel through 3.10.3 allows local users to cause a denial of service (OOPS and system crash) via vectors involving powering on a virtual machine.",Analysis
20130716,CVE-2013-4129,-1,-1,829619,kernel-source,https://www.suse.com/security/cve/CVE-2013-4129,"The bridge multicast implementation in the Linux kernel through 3.10.3 does not check whether a certain timer is armed before modifying the timeout value of that timer, which allows local users to cause a denial of service (BUG and system crash) via vectors involving the shutdown of a KVM virtual machine, related to net/bridge/br_mdb.c and net/bridge/br_multicast.c.",Analysis
20130716,CVE-2013-4130,-1,-1,829627,spice,https://www.suse.com/security/cve/CVE-2013-4130,"The (1) red_channel_pipes_add_type and (2) red_channel_pipes_add_empty_msg functions in server/red_channel.c in SPICE before 0.12.4 do not properly perform ring loops, which might allow remote attackers to cause a denial of service (reachable assertion and server exit) by triggering a network error.",Analysis
20130717,CVE-2013-3006,-1,-1,829212,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2013-3006,"Unspecified vulnerability in the Java Runtime Environment (JRE) in IBM Java 7 before 7 SR5 allows remote attackers to affect confidentiality, availability, and integrity via unknown vectors, a different vulnerability than CVE-2013-3008.",Released
20130717,CVE-2013-3007,-1,-1,829212,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2013-3007,"Unspecified vulnerability in the Java Runtime Environment (JRE) in IBM Java 6.0.1 before 6.0.1 SR6 and 7 before 7 SR5 allows remote attackers to affect confidentiality, availability, and integrity via unknown vectors, a different vulnerability than CVE-2013-3006.",Released
20130717,CVE-2013-3008,-1,-1,829212,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2013-3008,"Unspecified vulnerability in the Java Runtime Environment (JRE) in IBM Java 7 before 7 SR5 allows remote attackers to affect confidentiality, availability, and integrity via unknown vectors, a different vulnerability than CVE-2013-3006.",Released
20130717,CVE-2013-3009,-1,-1,829212,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2013-3009,"The com.ibm.CORBA.iiop.ClientDelegate class in IBM Java 1.4.2 before 1.4.2 SR13-FP18, 5.0 before 5.0 SR16-FP3, 6 before 6 SR14, 6.0.1 before 6.0.1 SR6, and 7 before 7 SR5 improperly exposes the invoke method of the java.lang.reflect.Method class, which allows remote attackers to call setSecurityManager and bypass a sandbox protection mechanism via vectors related to the AccessController doPrivileged block.",Released
20130717,CVE-2013-3010,-1,-1,829212,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2013-3010,"Unspecified vulnerability in the Java Runtime Environment (JRE) in IBM Java 6.0.1 before 6.0.1 SR6 and 7 before 7 SR5 allows remote attackers to affect confidentiality, availability, and integrity via unknown vectors, a different vulnerability than CVE-2013-3007.",Released
20130717,CVE-2013-3011,-1,-1,829212,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2013-3011,"Unspecified vulnerability in the Java Runtime Environment (JRE) in IBM Java 1.4.2 before 1.4.2 SR13-FP18, 5.0 before 5.0 SR16-FP3, 6 before 6 SR14, 6.0.1 before 6.0.1 SR6, and 7 before 7 SR5 allows remote attackers to affect confidentiality, availability, and integrity via unknown vectors, a different vulnerability than CVE-2013-3009 and CVE-2013-3012.",Released
20130717,CVE-2013-3012,-1,-1,829212,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2013-3012,"Unspecified vulnerability in the Java Runtime Environment (JRE) in IBM Java 1.4.2 before 1.4.2 SR13-FP18, 5.0 before 5.0 SR16-FP3, 6 before 6 SR14, 6.0.1 before 6.0.1 SR6, and 7 before 7 SR5 allows remote attackers to affect confidentiality, availability, and integrity via unknown vectors, a different vulnerability than CVE-2013-3009 and CVE-2013-3011.",Released
20130717,CVE-2013-4002,-1,-1,829212,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2013-4002,"XMLscanner.java in Apache Xerces2 Java Parser before 2.12.0, as used in the Java Runtime Environment (JRE) in IBM Java 5.0 before 5.0 SR16-FP3, 6 before 6 SR14, 6.0.1 before 6.0.1 SR6, and 7 before 7 SR5 as well as Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, Java SE Embedded 7u40 and earlier, and possibly other products allows remote attackers to cause a denial of service via vectors related to XML attribute names.",Released
20130717,CVE-2013-4124,-1,-1,829969,samba,https://www.suse.com/security/cve/CVE-2013-4124,"Integer overflow in the read_nttrans_ea_list function in nttrans.c in smbd in Samba 3.x before 3.5.22, 3.6.x before 3.6.17, and 4.x before 4.0.8 allows remote attackers to cause a denial of service (memory consumption) via a malformed packet.",Released
20130717,CVE-2013-4132,-1,-1,829857,kdebase4-wallpapers,https://www.suse.com/security/cve/CVE-2013-4132,"KDE-Workspace 4.10.5 and earlier does not properly handle the return value of the glibc 2.17 crypt and pw_encrypt functions, which allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via (1) an invalid salt or a (2) DES or (3) MD5 encrypted password, when FIPS-140 is enable, to KDM or an (4) invalid password to KCheckPass.",Released
20130717,CVE-2013-4133,,7.5,829857,kdebase4-wallpapers,https://www.suse.com/security/cve/CVE-2013-4133,"kde-workspace before 4.10.5 has a memory leak in plasma desktop",Released
20130718,CVE-2013-3704,-1,-1,828672,libzypp,https://www.suse.com/security/cve/CVE-2013-3704,"The RPM GPG key import and handling feature in libzypp 12.15.0 and earlier reports a different key fingerprint than the one used to sign a repository when multiple key blobs are used, which might allow remote attackers to trick users into believing that the repository was signed by a more-trustworthy key.",Released
20130719,CVE-2013-2207,-1,-1,1123874,glibc,https://www.suse.com/security/cve/CVE-2013-2207,"pt_chown in GNU C Library (aka glibc or libc6) before 2.18 does not properly check permissions for tty files, which allows local users to change the permission on the files and obtain access to arbitrary pseudo-terminals by leveraging a FUSE file system.",Released
20130719,CVE-2013-4123,-1,-1,830319,squid,https://www.suse.com/security/cve/CVE-2013-4123,"client_side_request.cc in Squid 3.2.x before 3.2.13 and 3.3.x before 3.3.8 allows remote attackers to cause a denial of service via a crafted port number in a HTTP Host header.",Released
20130719,CVE-2013-4788,-1,-1,1123874,glibc,https://www.suse.com/security/cve/CVE-2013-4788,"The PTR_MANGLE implementation in the GNU C Library (aka glibc or libc6) 2.4, 2.17, and earlier, and Embedded GLIBC (EGLIBC) does not initialize the random value for the pointer guard, which makes it easier for context-dependent attackers to control execution flow by leveraging a buffer-overflow vulnerability in an application and using the known zero value pointer guard to calculate a pointer address.",Released
20130722,CVE-2013-4153,-1,-1,830497,libvirt,https://www.suse.com/security/cve/CVE-2013-4153,"Double free vulnerability in the qemuAgentGetVCPUs function in qemu/qemu_agent.c in libvirt 1.0.6 through 1.1.0 allows remote attackers to cause a denial of service (daemon crash) via a cpu count request, as demonstrated by the \"virsh vcpucount dom --guest\" command.",Analysis
20130722,CVE-2013-4154,-1,-1,830498,libvirt,https://www.suse.com/security/cve/CVE-2013-4154,"The qemuAgentCommand function in libvirt before 1.1.1, when a guest agent is not configured, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to \"agent based cpu (un)plug,\" as demonstrated by the \"virsh vcpucount foobar --guest\" command.",Analysis
20130724,CVE-2012-3544,-1,-1,822177,tomcat6,https://www.suse.com/security/cve/CVE-2012-3544,"Apache Tomcat 6.x before 6.0.37 and 7.x before 7.0.30 does not properly handle chunk extensions in chunked transfer coding, which allows remote attackers to cause a denial of service by streaming data.",Released
20130724,CVE-2013-4162,-1,-1,831058,kernel-source,https://www.suse.com/security/cve/CVE-2013-4162,"The udp_v6_push_pending_frames function in net/ipv6/udp.c in the IPv6 implementation in the Linux kernel through 3.10.3 makes an incorrect function call for pending data, which allows local users to cause a denial of service (BUG and system crash) via a crafted application that uses the UDP_CORK option in a setsockopt system call.",Already fixed
20130724,CVE-2013-4163,-1,-1,831055,kernel-source,https://www.suse.com/security/cve/CVE-2013-4163,"The ip6_append_data_mtu function in net/ipv6/ip6_output.c in the IPv6 implementation in the Linux kernel through 3.10.3 does not properly maintain information about whether the IPV6_MTU setsockopt option had been specified, which allows local users to cause a denial of service (BUG and system crash) via a crafted application that uses the UDP_CORK option in a setsockopt system call.",Already fixed
20130725,CVE-2013-4166,,7.5,830491,evolution-data-server,https://www.suse.com/security/cve/CVE-2013-4166,"The gpg_ctx_add_recipient function in camel/camel-gpg-context.c in GNOME Evolution 3.8.4 and earlier and Evolution Data Server 3.9.5 and earlier does not properly select the GPG key to use for email encryption, which might cause the email to be encrypted with the wrong key and allow remote attackers to obtain sensitive information.",Released
20130727,CVE-2013-4242,-1,-1,831359,libgcrypt,https://www.suse.com/security/cve/CVE-2013-4242,"GnuPG before 1.4.14, and Libgcrypt before 1.5.3 as used in GnuPG 2.0.x and possibly other products, allows local users to obtain private RSA keys via a cache side-channel attack involving the L3 cache, aka Flush+Reload.",Affected
20130727,CVE-2013-4920,-1,-1,831718,wireshark,https://www.suse.com/security/cve/CVE-2013-4920,"The P1 dissector in Wireshark 1.10.x before 1.10.1 does not properly initialize a global variable, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.",Released
20130727,CVE-2013-4921,-1,-1,831718,wireshark,https://www.suse.com/security/cve/CVE-2013-4921,"Off-by-one error in the dissect_radiotap function in epan/dissectors/packet-ieee80211-radiotap.c in the Radiotap dissector in Wireshark 1.10.x before 1.10.1 allows remote attackers to cause a denial of service (application crash) via a crafted packet.",Released
20130727,CVE-2013-4922,-1,-1,831718,wireshark,https://www.suse.com/security/cve/CVE-2013-4922,"Double free vulnerability in the dissect_dcom_ActivationProperties function in epan/dissectors/packet-dcom-sysact.c in the DCOM ISystemActivator dissector in Wireshark 1.10.x before 1.10.1 allows remote attackers to cause a denial of service (application crash) via a crafted packet.",Released
20130727,CVE-2013-4923,-1,-1,831718,wireshark,https://www.suse.com/security/cve/CVE-2013-4923,"Memory leak in the dissect_dcom_ActivationProperties function in epan/dissectors/packet-dcom-sysact.c in the DCOM ISystemActivator dissector in Wireshark 1.10.x before 1.10.1 allows remote attackers to cause a denial of service (memory consumption) via crafted packets.",Released
20130727,CVE-2013-4924,-1,-1,831718,wireshark,https://www.suse.com/security/cve/CVE-2013-4924,"epan/dissectors/packet-dcom-sysact.c in the DCOM ISystemActivator dissector in Wireshark 1.10.x before 1.10.1 does not properly validate certain index values, which allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted packet.",Released
20130727,CVE-2013-4925,-1,-1,831718,wireshark,https://www.suse.com/security/cve/CVE-2013-4925,"Integer signedness error in epan/dissectors/packet-dcom-sysact.c in the DCOM ISystemActivator dissector in Wireshark 1.10.x before 1.10.1 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted packet.",Released
20130727,CVE-2013-4926,-1,-1,831718,wireshark,https://www.suse.com/security/cve/CVE-2013-4926,"epan/dissectors/packet-dcom-sysact.c in the DCOM ISystemActivator dissector in Wireshark 1.10.x before 1.10.1 does not properly determine whether there is remaining packet data to process, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.",Released
20130727,CVE-2013-4928,-1,-1,831718,wireshark,https://www.suse.com/security/cve/CVE-2013-4928,"Integer signedness error in the dissect_headers function in epan/dissectors/packet-btobex.c in the Bluetooth OBEX dissector in Wireshark 1.10.x before 1.10.1 allows remote attackers to cause a denial of service (infinite loop) via a crafted packet.",Released
20130727,CVE-2013-4929,-1,-1,831718,wireshark,https://www.suse.com/security/cve/CVE-2013-4929,"The parseFields function in epan/dissectors/packet-dis-pdus.c in the DIS dissector in Wireshark 1.8.x before 1.8.9 and 1.10.x before 1.10.1 does not terminate packet-data processing after finding zero remaining bytes, which allows remote attackers to cause a denial of service (loop) via a crafted packet.",Released
20130727,CVE-2013-4930,-1,-1,831718,wireshark,https://www.suse.com/security/cve/CVE-2013-4930,"The dissect_dvbci_tpdu_hdr function in epan/dissectors/packet-dvbci.c in the DVB-CI dissector in Wireshark 1.8.x before 1.8.9 and 1.10.x before 1.10.1 does not validate a certain length value before decrementing it, which allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted packet.",Released
20130727,CVE-2013-4931,-1,-1,831718,wireshark,https://www.suse.com/security/cve/CVE-2013-4931,"epan/proto.c in Wireshark 1.8.x before 1.8.9 and 1.10.x before 1.10.1 allows remote attackers to cause a denial of service (loop) via a crafted packet that is not properly handled by the GSM RR dissector.",Released
20130727,CVE-2013-4932,-1,-1,831718,wireshark,https://www.suse.com/security/cve/CVE-2013-4932,"Multiple array index errors in epan/dissectors/packet-gsm_a_common.c in the GSM A Common dissector in Wireshark 1.8.x before 1.8.9 and 1.10.x before 1.10.1 allow remote attackers to cause a denial of service (application crash) via a crafted packet.",Released
20130727,CVE-2013-4933,-1,-1,831718,wireshark,https://www.suse.com/security/cve/CVE-2013-4933,"The netmon_open function in wiretap/netmon.c in the Netmon file parser in Wireshark 1.8.x before 1.8.9 and 1.10.x before 1.10.1 does not properly allocate memory, which allows remote attackers to cause a denial of service (application crash) via a crafted packet-trace file.",Released
20130727,CVE-2013-4934,-1,-1,831718,wireshark,https://www.suse.com/security/cve/CVE-2013-4934,"The netmon_open function in wiretap/netmon.c in the Netmon file parser in Wireshark 1.8.x before 1.8.9 and 1.10.x before 1.10.1 does not initialize certain structure members, which allows remote attackers to cause a denial of service (application crash) via a crafted packet-trace file.",Released
20130727,CVE-2013-4935,-1,-1,831718,wireshark,https://www.suse.com/security/cve/CVE-2013-4935,"The dissect_per_length_determinant function in epan/dissectors/packet-per.c in the ASN.1 PER dissector in Wireshark 1.8.x before 1.8.9 and 1.10.x before 1.10.1 does not initialize a length field in certain abnormal situations, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.",Released
20130727,CVE-2013-4936,-1,-1,831718,wireshark,https://www.suse.com/security/cve/CVE-2013-4936,"The IsDFP_Frame function in plugins/profinet/packet-pn-rt.c in the PROFINET Real-Time dissector in Wireshark 1.10.x before 1.10.1 does not validate MAC addresses, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted packet.",Released
20130729,CVE-2013-4854,-1,-1,831899,bind,https://www.suse.com/security/cve/CVE-2013-4854,"The RFC 5011 implementation in rdata.c in ISC BIND 9.7.x and 9.8.x before 9.8.5-P2, 9.8.6b1, 9.9.x before 9.9.3-P2, and 9.9.4b1, and DNSco BIND 9.9.3-S1 before 9.9.3-S1-P1 and 9.9.4-S1b1, allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query with a malformed RDATA section that is not properly handled during construction of a log message, as exploited in the wild in July 2013.",Released
20130730,CVE-2013-0149,-1,-1,822572,quagga,https://www.suse.com/security/cve/CVE-2013-0149,"The OSPF implementation in Cisco IOS 12.0 through 12.4 and 15.0 through 15.3, IOS-XE 2.x through 3.9.xS, ASA and PIX 7.x through 9.1, FWSM, NX-OS, and StarOS before 14.0.50488 does not properly validate Link State Advertisement (LSA) type 1 packets before performing operations on the LSA database, which allows remote attackers to cause a denial of service (routing disruption) or obtain sensitive packet information via a (1) unicast or (2) multicast packet, aka Bug IDs CSCug34485, CSCug34469, CSCug39762, CSCug63304, and CSCug39795.",Released
20130805,CVE-2013-5018,-1,-1,833278,strongswan,https://www.suse.com/security/cve/CVE-2013-5018,"The is_asn1 function in strongSwan 4.1.11 through 5.0.4 does not properly validate the return value of the asn1_length function, which allows remote attackers to cause a denial of service (segmentation fault) via a (1) XAuth username, (2) EAP identity, or (3) PEM encoded file that starts with a 0x04, 0x30, or 0x31 character followed by an ASN.1 length value that triggers an integer overflow.",Released
20130812,CVE-2012-2142,,7.8,1133493,evince,https://www.suse.com/security/cve/CVE-2012-2142,"The error function in Error.cc in poppler before 0.21.4 allows remote attackers to execute arbitrary commands via a PDF containing an escape sequence for a terminal emulator.",Unsupported
20130812,CVE-2012-2142,,7.8,1133493,poppler,https://www.suse.com/security/cve/CVE-2012-2142,"The error function in Error.cc in poppler before 0.21.4 allows remote attackers to execute arbitrary commands via a PDF containing an escape sequence for a terminal emulator.",Unsupported
20130812,CVE-2013-4205,-1,-1,834455,kernel-source,https://www.suse.com/security/cve/CVE-2013-4205,"Memory leak in the unshare_userns function in kernel/user_namespace.c in the Linux kernel before 3.10.6 allows local users to cause a denial of service (memory consumption) via an invalid CLONE_NEWUSER unshare call.",Analysis
20130812,CVE-2013-4231,-1,-1,834477,tiff,https://www.suse.com/security/cve/CVE-2013-4231,"Multiple buffer overflows in libtiff before 4.0.3 allow remote attackers to cause a denial of service (out-of-bounds write) via a crafted (1) extension block in a GIF image or (2) GIF raster image to tools/gif2tiff.c or (3) a long filename for a TIFF image to tools/rgb2ycbcr.c. NOTE: vectors 1 and 3 are disputed by Red Hat, which states that the input cannot exceed the allocated buffer size.",Released
20130812,CVE-2013-4232,-1,-1,834477,tiff,https://www.suse.com/security/cve/CVE-2013-4232,"Use-after-free vulnerability in the t2p_readwrite_pdf_image function in tools/tiff2pdf.c in libtiff 4.0.3 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted TIFF image.",Released
20130813,CVE-2013-4237,-1,-1,834594,glibc,https://www.suse.com/security/cve/CVE-2013-4237,"sysdeps/posix/readdir_r.c in the GNU C Library (aka glibc or libc6) 2.18 and earlier allows context-dependent attackers to cause a denial of service (out-of-bounds write and crash) or possibly execute arbitrary code via a crafted (1) NTFS or (2) CIFS image.",Released
20130813,CVE-2013-4238,5.3,,834601,python-base,https://www.suse.com/security/cve/CVE-2013-4238,"The ssl.match_hostname function in the SSL module in Python 2.6 through 3.4 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.",Ignore
20130813,CVE-2013-4238,5.3,,834601,python,https://www.suse.com/security/cve/CVE-2013-4238,"The ssl.match_hostname function in the SSL module in Python 2.6 through 3.4 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.",Released
20130813,CVE-2013-4239,-1,-1,834598,libvirt,https://www.suse.com/security/cve/CVE-2013-4239,"The xenDaemonListDefinedDomains function in xen/xend_internal.c in libvirt 1.1.1 allows remote authenticated users to cause a denial of service (memory corruption and crash) via vectors involving the virConnectListDefinedDomains API function.",Analysis
20130814,CVE-2013-4243,-1,-1,834779,tiff,https://www.suse.com/security/cve/CVE-2013-4243,"Heap-based buffer overflow in the readgifimage function in the gif2tiff tool in libtiff 4.0.3 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted height and width values in a GIF image.",Released
20130814,CVE-2013-4244,-1,-1,834788,tiff,https://www.suse.com/security/cve/CVE-2013-4244,"The LZW decompressor in the gif2tiff tool in libtiff 4.0.3 and earlier allows context-dependent attackers to cause a denial of service (out-of-bounds write and crash) or possibly execute arbitrary code via a crafted GIF image.",Released
20130816,CVE-2013-4761,-1,-1,835122,facter,https://www.suse.com/security/cve/CVE-2013-4761,"Unspecified vulnerability in Puppet 2.7.x before 2.7.23 and 3.2.x before 3.2.4, and Puppet Enterprise 2.8.x before 2.8.3 and 3.0.x before 3.0.1, allows remote attackers to execute arbitrary Ruby programs from the master via the resource_type service.  NOTE: this vulnerability can only be exploited utilizing unspecified \"local file system access\" to the Puppet Master.",Released
20130816,CVE-2013-4956,-1,-1,835122,facter,https://www.suse.com/security/cve/CVE-2013-4956,"Puppet Module Tool (PMT), as used in Puppet 2.7.x before 2.7.23 and 3.2.x before 3.2.4, and Puppet Enterprise 2.8.x before 2.8.3 and 3.0.x before 3.0.1, installs modules with weak permissions if those permissions were used when the modules were originally built, which might allow local users to read or modify those modules depending on the original permissions.",Released
20130821,CVE-2013-2888,-1,-1,835839,kernel-source,https://www.suse.com/security/cve/CVE-2013-2888,"Multiple array index errors in drivers/hid/hid-core.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11 allow physically proximate attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted device that provides an invalid Report ID.",Already fixed
20130821,CVE-2013-2889,-1,-1,835839,kernel-source,https://www.suse.com/security/cve/CVE-2013-2889,"drivers/hid/hid-zpff.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_ZEROPLUS is enabled, allows physically proximate attackers to cause a denial of service (heap-based out-of-bounds write) via a crafted device.",Already fixed
20130821,CVE-2013-2890,-1,-1,835839,kernel-source,https://www.suse.com/security/cve/CVE-2013-2890,"drivers/hid/hid-sony.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_SONY is enabled, allows physically proximate attackers to cause a denial of service (heap-based out-of-bounds write) via a crafted device.",Already fixed
20130821,CVE-2013-2891,-1,-1,835839,kernel-source,https://www.suse.com/security/cve/CVE-2013-2891,"drivers/hid/hid-steelseries.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_STEELSERIES is enabled, allows physically proximate attackers to cause a denial of service (heap-based out-of-bounds write) via a crafted device.",Already fixed
20130821,CVE-2013-2892,-1,-1,835839,kernel-source,https://www.suse.com/security/cve/CVE-2013-2892,"drivers/hid/hid-pl.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_PANTHERLORD is enabled, allows physically proximate attackers to cause a denial of service (heap-based out-of-bounds write) via a crafted device.",Already fixed
20130821,CVE-2013-2893,-1,-1,835839,kernel-source,https://www.suse.com/security/cve/CVE-2013-2893,"The Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_LOGITECH_FF, CONFIG_LOGIG940_FF, or CONFIG_LOGIWHEELS_FF is enabled, allows physically proximate attackers to cause a denial of service (heap-based out-of-bounds write) via a crafted device, related to (1) drivers/hid/hid-lgff.c, (2) drivers/hid/hid-lg3ff.c, and (3) drivers/hid/hid-lg4ff.c.",Already fixed
20130821,CVE-2013-2894,-1,-1,835839,kernel-source,https://www.suse.com/security/cve/CVE-2013-2894,"drivers/hid/hid-lenovo-tpkbd.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_LENOVO_TPKBD is enabled, allows physically proximate attackers to cause a denial of service (heap-based out-of-bounds write) via a crafted device.",Already fixed
20130821,CVE-2013-2895,-1,-1,835839,kernel-source,https://www.suse.com/security/cve/CVE-2013-2895,"drivers/hid/hid-logitech-dj.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_LOGITECH_DJ is enabled, allows physically proximate attackers to cause a denial of service (NULL pointer dereference and OOPS) or obtain sensitive information from kernel memory via a crafted device.",Already fixed
20130821,CVE-2013-2896,-1,-1,835839,kernel-source,https://www.suse.com/security/cve/CVE-2013-2896,"drivers/hid/hid-ntrig.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_NTRIG is enabled, allows physically proximate attackers to cause a denial of service (NULL pointer dereference and OOPS) via a crafted device.",Already fixed
20130821,CVE-2013-2897,-1,-1,835839,kernel-source,https://www.suse.com/security/cve/CVE-2013-2897,"Multiple array index errors in drivers/hid/hid-multitouch.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_MULTITOUCH is enabled, allow physically proximate attackers to cause a denial of service (heap memory corruption, or NULL pointer dereference and OOPS) via a crafted device.",Already fixed
20130821,CVE-2013-2898,-1,-1,835839,kernel-source,https://www.suse.com/security/cve/CVE-2013-2898,"drivers/hid/hid-sensor-hub.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_SENSOR_HUB is enabled, allows physically proximate attackers to obtain sensitive information from kernel memory via a crafted device.",Already fixed
20130821,CVE-2013-2899,-1,-1,835839,kernel-source,https://www.suse.com/security/cve/CVE-2013-2899,"drivers/hid/hid-picolcd_core.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_PICOLCD is enabled, allows physically proximate attackers to cause a denial of service (NULL pointer dereference and OOPS) via a crafted device.",Already fixed
20130822,CVE-2013-4247,-1,-1,835652,kernel-source,https://www.suse.com/security/cve/CVE-2013-4247,"Off-by-one error in the build_unc_path_to_root function in fs/cifs/connect.c in the Linux kernel before 3.9.6 allows remote attackers to cause a denial of service (memory corruption and system crash) via a DFS share mount operation that triggers use of an unexpected DFS referral name length.",Analysis
20130823,CVE-2012-3412,-1,-1,774523,kernel-source,https://www.suse.com/security/cve/CVE-2012-3412,"The sfc (aka Solarflare Solarstorm) driver in the Linux kernel before 3.2.30 allows remote attackers to cause a denial of service (DMA descriptor consumption and network-controller outage) via crafted TCP packets that trigger a small MSS value.",Released
20130827,CVE-2013-2058,-1,-1,818543,kernel-source,https://www.suse.com/security/cve/CVE-2013-2058,"The host_start function in drivers/usb/chipidea/host.c in the Linux kernel before 3.7.4 does not properly support a certain non-streaming option, which allows local users to cause a denial of service (system crash) by sending a large amount of network traffic through a USB/Ethernet adapter.",Analysis
20130827,CVE-2013-4220,-1,-1,837109,kernel-source,https://www.suse.com/security/cve/CVE-2013-4220,"The bad_mode function in arch/arm64/kernel/traps.c in the Linux kernel before 3.9.5 on the ARM64 platform allows local users to cause a denial of service (system crash) via vectors involving an attempted register access that triggers an unexpected value in the Exception Syndrome Register (ESR).",Analysis
20130827,CVE-2013-4254,-1,-1,837111,kernel-source,https://www.suse.com/security/cve/CVE-2013-4254,"The validate_event function in arch/arm/kernel/perf_event.c in the Linux kernel before 3.10.8 on the ARM platform allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) by adding a hardware event to an event group led by a software event.",Analysis
20130830,CVE-2013-1438,4,,837750,libraw1394,https://www.suse.com/security/cve/CVE-2013-1438,"Unspecified vulnerability in dcraw 0.8.x through 0.8.9, as used in libraw, ufraw, shotwell, and other products, allows context-dependent attackers to cause a denial of service via a crafted photo file that triggers a (1) divide-by-zero, (2) infinite loop, or (3) NULL pointer dereference.",Unsupported
20130830,CVE-2013-1438,4,,837750,libraw1394,https://www.suse.com/security/cve/CVE-2013-1438,"Unspecified vulnerability in dcraw 0.8.x through 0.8.9, as used in libraw, ufraw, shotwell, and other products, allows context-dependent attackers to cause a denial of service via a crafted photo file that triggers a (1) divide-by-zero, (2) infinite loop, or (3) NULL pointer dereference.",Unsupported
20130830,CVE-2013-1439,-1,-1,837750,libraw1394,https://www.suse.com/security/cve/CVE-2013-1439,"The \"faster LJPEG decoder\" in libraw 0.13.x, 0.14.x, and 0.15.x before 0.15.4 allows context-dependent attackers to cause a denial of service (NULL pointer dereference) via a crafted photo file.",Unsupported
20130830,CVE-2013-1439,-1,-1,837750,libraw1394,https://www.suse.com/security/cve/CVE-2013-1439,"The \"faster LJPEG decoder\" in libraw 0.13.x, 0.14.x, and 0.15.x before 0.15.4 allows context-dependent attackers to cause a denial of service (NULL pointer dereference) via a crafted photo file.",Unsupported
20130905,CVE-2013-4297,-1,-1,838642,libvirt,https://www.suse.com/security/cve/CVE-2013-4297,"The virFileNBDDeviceAssociate function in util/virfile.c in libvirt 1.1.2 and earlier allows remote authenticated users to cause a denial of service (uninitialized pointer dereference and crash) via unspecified vectors.",Analysis
20130905,CVE-2013-4300,-1,-1,838676,kernel-source,https://www.suse.com/security/cve/CVE-2013-4300,"The scm_check_creds function in net/core/scm.c in the Linux kernel before 3.11 performs a capability check in an incorrect namespace, which allows local users to gain privileges via PID spoofing.",Analysis
20130906,CVE-2013-4169,-1,-1,838837,gdm,https://www.suse.com/security/cve/CVE-2013-4169,"GNOME Display Manager (gdm) before 2.21.1 allows local users to change permissions of arbitrary directories via a symlink attack on /tmp/.X11-unix/.",Analysis
20130909,CVE-2013-4312,,6.2,1020452,kernel-source,https://www.suse.com/security/cve/CVE-2013-4312,"The Linux kernel before 4.4.1 allows local users to bypass file-descriptor limits and cause a denial of service (memory consumption) by sending each descriptor over a UNIX socket before closing it, related to net/unix/af_unix.c and net/unix/garbage.c.",Released
20130911,CVE-2013-4325,-1,-1,808355,hplip,https://www.suse.com/security/cve/CVE-2013-4325,"The check_permission_v1 function in base/pkit.py in HP Linux Imaging and Printing (HPLIP) through 3.13.9 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process.",Released
20130911,CVE-2013-5718,-1,-1,839607,wireshark,https://www.suse.com/security/cve/CVE-2013-5718,"The dissect_nbap_T_dCH_ID function in epan/dissectors/packet-nbap.c in the NBAP dissector in Wireshark 1.8.x before 1.8.10 and 1.10.x before 1.10.2 does not restrict the dch_id value, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.",Released
20130911,CVE-2013-5719,-1,-1,839607,wireshark,https://www.suse.com/security/cve/CVE-2013-5719,"epan/dissectors/packet-assa_r3.c in the ASSA R3 dissector in Wireshark 1.8.x before 1.8.10 and 1.10.x before 1.10.2 allows remote attackers to cause a denial of service (infinite loop) via a crafted packet.",Released
20130911,CVE-2013-5720,-1,-1,839607,wireshark,https://www.suse.com/security/cve/CVE-2013-5720,"Buffer overflow in the RTPS dissector in Wireshark 1.8.x before 1.8.10 and 1.10.x before 1.10.2 allows remote attackers to cause a denial of service (application crash) via a crafted packet.",Released
20130911,CVE-2013-5721,-1,-1,839607,wireshark,https://www.suse.com/security/cve/CVE-2013-5721,"The dissect_mq_rr function in epan/dissectors/packet-mq.c in the MQ dissector in Wireshark 1.8.x before 1.8.10 and 1.10.x before 1.10.2 does not properly determine when to enter a certain loop, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.",Released
20130911,CVE-2013-5722,-1,-1,839607,wireshark,https://www.suse.com/security/cve/CVE-2013-5722,"Unspecified vulnerability in the LDAP dissector in Wireshark 1.8.x before 1.8.10 and 1.10.x before 1.10.2 allows remote attackers to cause a denial of service (application crash) via a crafted packet.",Released
20130912,CVE-2013-4332,-1,-1,1123874,glibc,https://www.suse.com/security/cve/CVE-2013-4332,"Multiple integer overflows in malloc/malloc.c in the GNU C Library (aka glibc or libc6) 2.18 and earlier allow context-dependent attackers to cause a denial of service (heap corruption) via a large value to the (1) pvalloc, (2) valloc, (3) posix_memalign, (4) memalign, or (5) aligned_alloc functions.",Released
20130912,CVE-2013-4343,-1,-1,1135603,kernel-source,https://www.suse.com/security/cve/CVE-2013-4343,"Use-after-free vulnerability in drivers/net/tun.c in the Linux kernel through 3.11.1 allows local users to gain privileges by leveraging the CAP_NET_ADMIN capability and providing an invalid tuntap interface name in a TUNSETIFF ioctl call.",Analysis
20130913,CVE-2013-4345,-1,-1,840226,kernel-source,https://www.suse.com/security/cve/CVE-2013-4345,"Off-by-one error in the get_prng_bytes function in crypto/ansi_cprng.c in the Linux kernel through 3.11.4 makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via multiple requests for small amounts of data, leading to improper management of the state of the consumed data.",Already fixed
20130917,CVE-2013-1881,-1,-1,840753,librsvg,https://www.suse.com/security/cve/CVE-2013-1881,"GNOME libsvg before 2.39.0 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.",Released
20130927,CVE-2013-4356,-1,-1,840593,xen,https://www.suse.com/security/cve/CVE-2013-4356,"Xen 4.3.x writes hypervisor mappings to certain shadow pagetables when live migration is performed on hosts with more than 5TB of RAM, which allows local 64-bit PV guests to read or write to invalid memory and cause a denial of service (crash).",Analysis
20130930,CVE-2013-5745,-1,-1,843174,vino,https://www.suse.com/security/cve/CVE-2013-5745,"The vino_server_client_data_pending function in vino-server.c in GNOME Vino 2.26.1, 2.32.1, 3.7.3, and earlier, and 3.8 when encryption is disabled, does not properly clear client data when an error causes the connection to close during authentication, which allows remote attackers to cause a denial of service (infinite loop, CPU and disk consumption) via multiple crafted requests during authentication.",Released
20131001,CVE-2013-2061,-1,-1,843509,openvpn,https://www.suse.com/security/cve/CVE-2013-2061,"The openvpn_decrypt function in crypto.c in OpenVPN 2.3.0 and earlier, when running in UDP mode, allows remote attackers to obtain sensitive information via a timing attack involving an HMAC comparison function that does not run in constant time and a padding oracle attack on the CBC mode cipher.",Released
20131002,CVE-2013-4276,-1,-1,843716,lcms,https://www.suse.com/security/cve/CVE-2013-4276,"Multiple stack-based buffer overflows in LittleCMS (aka lcms or liblcms) 1.19 and earlier allow remote attackers to cause a denial of service (crash) via a crafted (1) ICC color profile to the icctrans utility or (2) TIFF image to the tiffdiff utility.",Released
20131002,CVE-2013-4396,-1,-1,843652,xorg-x11-server,https://www.suse.com/security/cve/CVE-2013-4396,"Use-after-free vulnerability in the doImageText function in dix/dixfonts.c in the xorg-server module before 1.14.4 in X.Org X11 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted ImageText request that triggers memory-allocation failure.",Released
20131004,CVE-2013-2140,-1,-1,844107,kernel-source,https://www.suse.com/security/cve/CVE-2013-2140,"The dispatch_discard_io function in drivers/block/xen-blkback/blkback.c in the Xen blkback implementation in the Linux kernel before 3.10.5 allows guest OS users to cause a denial of service (data loss) via filesystem write operations on a read-only disk that supports the (1) BLKIF_OP_DISCARD (aka discard or TRIM) or (2) SCSI UNMAP feature.",Analysis
20131004,CVE-2013-4399,-1,-1,842300,libvirt,https://www.suse.com/security/cve/CVE-2013-4399,"The remoteClientFreeFunc function in daemon/remote.c in libvirt before 1.1.3, when ACLs are used, does not set an identity, which causes event handler removal to be denied and remote attackers to cause a denial of service (use-after-free and crash) by registering an event handler and then closing the connection.",Analysis
20131004,CVE-2013-4400,-1,-1,837609,libvirt,https://www.suse.com/security/cve/CVE-2013-4400,"virt-login-shell in libvirt 1.1.2 through 1.1.3 allows local users to overwrite arbitrary files and possibly gain privileges via unspecified environment variables or command-line arguments.",Analysis
20131007,CVE-2013-4342,-1,-1,844230,xinetd,https://www.suse.com/security/cve/CVE-2013-4342,"xinetd does not enforce the user and group configuration directives for TCPMUX services, which causes these services to be run as root and makes it easier for remote attackers to gain privileges by leveraging another vulnerability in a service.",Released
20131007,CVE-2013-4357,,7.5,844309,glibc,https://www.suse.com/security/cve/CVE-2013-4357,"The eglibc package before 2.14 incorrectly handled the getaddrinfo() function. An attacker could use this issue to cause a denial of service.",Released
20131007,CVE-2013-5740,-1,-1,844228,intel-SINIT,https://www.suse.com/security/cve/CVE-2013-5740,"Unspecified vulnerability in the Intel Trusted Execution Technology (TXT) SINIT Authenticated Code Modules (ACM) before 1.2, as used by the Intel QM77, QS77, Q77 Express, C216, Q67 Express, C202, C204, and C206 chipsets and Mobile Intel QM67 and QS67 chipsets, when the measured launch environment (MLE) is invoked, allows local users to bypass the Trusted Execution Technology protection mechanism and perform other unspecified SINIT ACM functions via unspecified vectors.",Affected
20131009,CVE-2013-4885,-1,-1,844953,nmap,https://www.suse.com/security/cve/CVE-2013-4885,"The http-domino-enum-passwords.nse script in NMap before 6.40, when domino-enum-passwords.idpath is set, allows remote servers to upload \"arbitrarily named\" files via a crafted FullName parameter in a response, as demonstrated using directory traversal sequences.",Analysis
20131011,CVE-2013-4214,-1,-1,845536,nagios,https://www.suse.com/security/cve/CVE-2013-4214,"rss-newsfeed.php in Nagios Core 3.4.4, 3.5.1, and earlier, when MAGPIE_CACHE_ON is set to 1, allows local users to overwrite arbitrary files via a symlink attack on /tmp/magpie_cache.",Analysis
20131011,CVE-2013-4214,-1,-1,845536,nagios-plugins,https://www.suse.com/security/cve/CVE-2013-4214,"rss-newsfeed.php in Nagios Core 3.4.4, 3.5.1, and earlier, when MAGPIE_CACHE_ON is set to 1, allows local users to overwrite arbitrary files via a symlink attack on /tmp/magpie_cache.",Analysis
20131011,CVE-2013-4215,-1,-1,845536,nagios,https://www.suse.com/security/cve/CVE-2013-4215,"The IPXPING_COMMAND in contrib/check_ipxping.c in Nagios Plugins 1.4.16 allows local users to gain privileges via a symlink attack on /tmp/ipxping/ipxping.",Analysis
20131011,CVE-2013-4215,-1,-1,845536,nagios-plugins,https://www.suse.com/security/cve/CVE-2013-4215,"The IPXPING_COMMAND in contrib/check_ipxping.c in Nagios Plugins 1.4.16 allows local users to gain privileges via a symlink attack on /tmp/ipxping/ipxping.",Analysis
20131014,CVE-2013-4401,-1,-1,845704,libvirt,https://www.suse.com/security/cve/CVE-2013-4401,"The virConnectDomainXMLToNative API function in libvirt 1.1.0 through 1.1.3 checks for the connect:read permission instead of the connect:write permission, which allows attackers to gain domain:write privileges and execute Qemu binaries via crafted XML. NOTE: some of these details are obtained from third party information.",Analysis
20131014,CVE-2013-4419,-1,-1,845720,libguestfs,https://www.suse.com/security/cve/CVE-2013-4419,"The guestfish command in libguestfs 1.20.12, 1.22.7, and earlier, when using the --remote or --listen option, does not properly check the ownership of /tmp/.guestfish-$UID/ when creating a temporary socket file in this directory, which allows local users to write to the socket and execute arbitrary commands by creating /tmp/.guestfish-$UID/ in advance.",Already fixed
20131016,CVE-2013-2186,-1,-1,846174,jakarta-commons-fileupload,https://www.suse.com/security/cve/CVE-2013-2186,"The DiskFileItem class in Apache Commons FileUpload, as used in Red Hat JBoss BRMS 5.3.1; JBoss Portal 4.3 CP07, 5.2.2, and 6.0.0; and Red Hat JBoss Web Server 1.0.2 allows remote attackers to write to arbitrary files via a NULL byte in a file name in a serialized instance.",Released
20131017,CVE-2013-4299,-1,-1,846404,kernel-source,https://www.suse.com/security/cve/CVE-2013-4299,"Interpretation conflict in drivers/md/dm-snap-persistent.c in the Linux kernel through 3.11.6 allows remote authenticated users to obtain sensitive information or modify data via a crafted mapping to a snapshot block device.",Already fixed
20131018,CVE-2007-3149,-1,-1,846601,sudo,https://www.suse.com/security/cve/CVE-2007-3149,"sudo, when linked with MIT Kerberos 5 (krb5), does not properly check whether a user can currently authenticate to Kerberos, which allows local users to gain privileges, in a manner unintended by the sudo security model, via certain KRB5_ environment variable settings.  NOTE: another researcher disputes this vulnerability, stating that the attacker must be \"a user, who can already log into your system, and can already use sudo.\"",Analysis
20131023,CVE-2013-4458,-1,-1,1123874,glibc,https://www.suse.com/security/cve/CVE-2013-4458,"Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in GNU C Library (aka glibc or libc6) 2.18 and earlier allows remote attackers to cause a denial of service (crash) via a (1) hostname or (2) IP address that triggers a large number of AF_INET6 address results. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-1914.",Released
20131024,CVE-2013-6075,-1,-1,847506,strongswan,https://www.suse.com/security/cve/CVE-2013-6075,"The compare_dn function in utils/identification.c in strongSwan 4.3.3 through 5.1.1 allows (1) remote attackers to cause a denial of service (out-of-bounds read, NULL pointer dereference, and daemon crash) or (2) remote authenticated users to impersonate arbitrary users and bypass access restrictions via a crafted ID_DER_ASN1_DN ID, related to an \"insufficient length check\" during identity comparison.",Released
20131025,CVE-2013-2929,-1,-1,824295,kernel-source,https://www.suse.com/security/cve/CVE-2013-2929,"The Linux kernel before 3.12.2 does not properly use the get_dumpable function, which allows local users to bypass intended ptrace restrictions or obtain sensitive information from IA64 scratch registers via a crafted application, related to kernel/ptrace.c and arch/ia64/include/asm/processor.h.",Already fixed
20131025,CVE-2013-4466,-1,-1,847484,gnutls,https://www.suse.com/security/cve/CVE-2013-4466,"Buffer overflow in the dane_query_tlsa function in the DANE library (libdane) in GnuTLS 3.1.x before 3.1.15 and 3.2.x before 3.2.5 allows remote servers to cause a denial of service (memory corruption) via a response with more than four DANE entries.",Analysis
20131029,CVE-2013-1067,-1,-1,847835,apport-crashdb-sle,https://www.suse.com/security/cve/CVE-2013-1067,"Apport 2.12.5 and earlier uses weak permissions for core dump files created by setuid binaries, which allows local users to obtain sensitive information by reading the file.",Analysis
20131029,CVE-2013-1067,-1,-1,847835,apport,https://www.suse.com/security/cve/CVE-2013-1067,"Apport 2.12.5 and earlier uses weak permissions for core dump files created by setuid binaries, which allows local users to obtain sensitive information by reading the file.",Analysis
20131029,CVE-2013-4348,-1,-1,848079,kernel-source,https://www.suse.com/security/cve/CVE-2013-4348,"The skb_flow_dissect function in net/core/flow_dissector.c in the Linux kernel through 3.12 allows remote attackers to cause a denial of service (infinite loop) via a small value in the IHL field of a packet with IPIP encapsulation.",Analysis
20131029,CVE-2013-4470,-1,-1,847672,kernel-source,https://www.suse.com/security/cve/CVE-2013-4470,"The Linux kernel before 3.12, when UDP Fragmentation Offload (UFO) is enabled, does not properly initialize certain data structures, which allows local users to cause a denial of service (memory corruption and system crash) or possibly gain privileges via a crafted application that uses the UDP_CORK option in a setsockopt system call and sends both short and long packets, related to the ip_ufo_append_data function in net/ipv4/ip_output.c and the ip6_ufo_append_data function in net/ipv6/ip6_output.c.",Already fixed
20131029,CVE-2013-4472,-1,-1,847907,poppler,https://www.suse.com/security/cve/CVE-2013-4472,"The openTempFile function in goo/gfile.cc in Xpdf and Poppler 0.24.3 and earlier, when running on a system other than Unix, allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names.",Analysis
20131029,CVE-2013-4473,-1,-1,847907,poppler,https://www.suse.com/security/cve/CVE-2013-4473,"Stack-based buffer overflow in the extractPages function in utils/pdfseparate.cc in poppler before 0.24.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a source filename.",Analysis
20131029,CVE-2013-4474,-1,-1,847907,poppler,https://www.suse.com/security/cve/CVE-2013-4474,"Format string vulnerability in the extractPages function in utils/pdfseparate.cc in poppler before 0.24.3 allows remote attackers to cause a denial of service (crash) via format string specifiers in a destination filename.",Analysis
20131029,CVE-2013-4475,-1,-1,848101,samba,https://www.suse.com/security/cve/CVE-2013-4475,"Samba 3.2.x through 3.6.x before 3.6.20, 4.0.x before 4.0.11, and 4.1.x before 4.1.1, when vfs_streams_depot or vfs_streams_xattr is enabled, allows remote attackers to bypass intended file restrictions by leveraging ACL differences between a file and an associated alternate data stream (ADS).",Released
20131029,CVE-2013-4476,-1,-1,848103,samba,https://www.suse.com/security/cve/CVE-2013-4476,"Samba 4.0.x before 4.0.11 and 4.1.x before 4.1.1, when LDAP or HTTP is provided over SSL, uses world-readable permissions for a private key, which allows local users to obtain sensitive information by reading the key file, as demonstrated by access to the local filesystem on an AD domain controller.",Analysis
20131101,CVE-2013-4483,-1,-1,848321,kernel-source,https://www.suse.com/security/cve/CVE-2013-4483,"The ipc_rcu_putref function in ipc/util.c in the Linux kernel before 3.10 does not properly manage a reference count, which allows local users to cause a denial of service (memory consumption or system crash) via a crafted application.",Already fixed
20131101,CVE-2013-4487,-1,-1,848510,gnutls,https://www.suse.com/security/cve/CVE-2013-4487,"Off-by-one error in the dane_raw_tlsa in the DANE library (libdane) in GnuTLS 3.1.x before 3.1.16 and 3.2.x before 3.2.6 allows remote servers to cause a denial of service (memory corruption) via a response with more than four DANE entries.  NOTE: this issue is due to an incomplete fix for CVE-2013-4466.",Analysis
20131105,CVE-2013-4511,-1,-1,849021,kernel-source,https://www.suse.com/security/cve/CVE-2013-4511,"Multiple integer overflows in Alchemy LCD frame-buffer drivers in the Linux kernel before 3.12 allow local users to create a read-write memory mapping for the entirety of kernel memory, and consequently gain privileges, via crafted mmap operations, related to the (1) au1100fb_fb_mmap function in drivers/video/au1100fb.c and the (2) au1200fb_fb_mmap function in drivers/video/au1200fb.c.",Already fixed
20131105,CVE-2013-4512,-1,-1,849023,kernel-source,https://www.suse.com/security/cve/CVE-2013-4512,"Buffer overflow in the exitcode_proc_write function in arch/um/kernel/exitcode.c in the Linux kernel before 3.12 allows local users to cause a denial of service or possibly have unspecified other impact by leveraging root privileges for a write operation.",Analysis
20131105,CVE-2013-4513,-1,-1,849023,kernel-source,https://www.suse.com/security/cve/CVE-2013-4513,"Buffer overflow in the oz_cdev_write function in drivers/staging/ozwpan/ozcdev.c in the Linux kernel before 3.12 allows local users to cause a denial of service or possibly have unspecified other impact via a crafted write operation.",Analysis
20131105,CVE-2013-4514,-1,-1,849029,kernel-source,https://www.suse.com/security/cve/CVE-2013-4514,"Multiple buffer overflows in drivers/staging/wlags49_h2/wl_priv.c in the Linux kernel before 3.12 allow local users to cause a denial of service or possibly have unspecified other impact by leveraging the CAP_NET_ADMIN capability and providing a long station-name string, related to the (1) wvlan_uil_put_info and (2) wvlan_set_station_nickname functions.",Already fixed
20131105,CVE-2013-4515,-1,-1,849034,kernel-source,https://www.suse.com/security/cve/CVE-2013-4515,"The bcm_char_ioctl function in drivers/staging/bcm/Bcmchar.c in the Linux kernel before 3.12 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory via an IOCTL_BCM_GET_DEVICE_DRIVER_INFO ioctl call.",Already fixed
20131105,CVE-2013-4516,-1,-1,849036,kernel-source,https://www.suse.com/security/cve/CVE-2013-4516,"The mp_get_count function in drivers/staging/sb105x/sb_pci_mp.c in the Linux kernel before 3.12 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a TIOCGICOUNT ioctl call.",Already fixed
20131106,CVE-2013-1418,-1,-1,849240,krb5,https://www.suse.com/security/cve/CVE-2013-1418,"The setup_server_realm function in main.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.7, when multiple realms are configured, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request.",Released
20131106,CVE-2013-4496,-1,-1,849224,samba,https://www.suse.com/security/cve/CVE-2013-4496,"Samba 3.x before 3.6.23, 4.0.x before 4.0.16, and 4.1.x before 4.1.6 does not enforce the password-guessing protection mechanism for all interfaces, which makes it easier for remote attackers to obtain access via brute-force ChangePasswordUser2 (1) SAMR or (2) RAP attempts.",Released
20131106,CVE-2013-4520,-1,-1,849019,libxslt,https://www.suse.com/security/cve/CVE-2013-4520,"xslt.c in libxslt before 1.1.25 allows context-dependent attackers to cause a denial of service (crash) via a stylesheet that embeds a DTD, which causes a structure to be accessed as a different type.  NOTE: this issue is due to an incomplete fix for CVE-2012-2825.",Released
20131107,CVE-2013-2930,-1,-1,849362,kernel-source,https://www.suse.com/security/cve/CVE-2013-2930,"The perf_trace_event_perm function in kernel/trace/trace_event_perf.c in the Linux kernel before 3.12.2 does not properly restrict access to the perf subsystem, which allows local users to enable function tracing via a crafted application.",Already fixed
20131107,CVE-2013-5456,-1,-1,849212,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2013-5456,"The com.ibm.rmi.io.SunSerializableFactory class in IBM Java SDK 7.0.0 before SR6 allows remote attackers to bypass a sandbox protection mechanism and execute arbitrary code via vectors related to deserialization inside the AccessController doPrivileged block.",Released
20131108,CVE-2013-4545,-1,-1,849596,curl,https://www.suse.com/security/cve/CVE-2013-4545,"cURL and libcurl 7.18.0 through 7.32.0, when built with OpenSSL, disables the certificate CN and SAN name field verification (CURLOPT_SSL_VERIFYHOST) when the digital signature verification (CURLOPT_SSL_VERIFYPEER) is disabled, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.",Released
20131108,CVE-2013-4548,-1,-1,849536,openssh,https://www.suse.com/security/cve/CVE-2013-4548,"The mm_newkeys_from_blob function in monitor_wrap.c in sshd in OpenSSH 6.2 and 6.3, when an AES-GCM cipher is used, does not properly initialize memory for a MAC context data structure, which allows remote authenticated users to bypass intended ForceCommand and login-shell restrictions via packet data that provides a crafted callback address.",Analysis
20131112,CVE-2013-5605,-1,-1,850148,mozilla-nspr,https://www.suse.com/security/cve/CVE-2013-5605,"Mozilla Network Security Services (NSS) 3.14 before 3.14.5 and 3.15 before 3.15.3 allows remote attackers to cause a denial of service or possibly have unspecified other impact via invalid handshake packets.",Released
20131112,CVE-2013-5605,-1,-1,850148,mozilla-nss,https://www.suse.com/security/cve/CVE-2013-5605,"Mozilla Network Security Services (NSS) 3.14 before 3.14.5 and 3.15 before 3.15.3 allows remote attackers to cause a denial of service or possibly have unspecified other impact via invalid handshake packets.",Released
20131113,CVE-2013-6763,-1,-1,850263,kernel-source,https://www.suse.com/security/cve/CVE-2013-6763,"The uio_mmap_physical function in drivers/uio/uio.c in the Linux kernel before 3.12 does not validate the size of a memory block, which allows local users to cause a denial of service (memory corruption) or possibly gain privileges via crafted mmap operations, a different vulnerability than CVE-2013-4511.",Already fixed
20131114,CVE-2013-4563,-1,-1,848042,kernel-source,https://www.suse.com/security/cve/CVE-2013-4563,"The udp6_ufo_fragment function in net/ipv6/udp_offload.c in the Linux kernel through 3.12, when UDP Fragmentation Offload (UFO) is enabled, does not properly perform a certain size comparison before inserting a fragment header, which allows remote attackers to cause a denial of service (panic) via a large IPv6 UDP packet, as demonstrated by use of the Token Bucket Filter (TBF) queueing discipline.",Analysis
20131115,CVE-2013-1417,-1,-1,850660,krb5,https://www.suse.com/security/cve/CVE-2013-1417,"do_tgs_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.11 before 1.11.4, when a single-component realm name is used, allows remote authenticated users to cause a denial of service (daemon crash) via a TGS-REQ request that triggers an attempted cross-realm referral for a host-based service principal.",Analysis
20131117,CVE-2013-1741,-1,-1,850148,mozilla-nspr,https://www.suse.com/security/cve/CVE-2013-1741,"Integer overflow in Mozilla Network Security Services (NSS) 3.15 before 3.15.3 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large size value.",Released
20131117,CVE-2013-1741,-1,-1,850148,mozilla-nss,https://www.suse.com/security/cve/CVE-2013-1741,"Integer overflow in Mozilla Network Security Services (NSS) 3.15 before 3.15.3 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large size value.",Released
20131117,CVE-2013-5606,-1,-1,850148,mozilla-nspr,https://www.suse.com/security/cve/CVE-2013-5606,"The CERT_VerifyCert function in lib/certhigh/certvfy.c in Mozilla Network Security Services (NSS) 3.15 before 3.15.3 provides an unexpected return value for an incompatible key-usage certificate when the CERTVerifyLog argument is valid, which might allow remote attackers to bypass intended access restrictions via a crafted certificate.",Released
20131117,CVE-2013-5606,-1,-1,850148,mozilla-nss,https://www.suse.com/security/cve/CVE-2013-5606,"The CERT_VerifyCert function in lib/certhigh/certvfy.c in Mozilla Network Security Services (NSS) 3.15 before 3.15.3 provides an unexpected return value for an incompatible key-usage certificate when the CERTVerifyLog argument is valid, which might allow remote attackers to bypass intended access restrictions via a crafted certificate.",Released
20131118,CVE-2013-6282,-1,-1,850934,kernel-source,https://www.suse.com/security/cve/CVE-2013-6282,"The (1) get_user and (2) put_user API functions in the Linux kernel before 3.5.5 on the v6k and v7 ARM platforms do not validate certain addresses, which allows attackers to read or modify the contents of arbitrary kernel memory locations via a crafted application, as exploited in the wild against Android devices in October and November 2013.",Analysis
20131119,CVE-2013-4589,-1,-1,851064,ImageMagick,https://www.suse.com/security/cve/CVE-2013-4589,"The ExportAlphaQuantumType function in export.c in GraphicsMagick before 1.3.18 might allow remote attackers to cause a denial of service (crash) via vectors related to exporting the alpha of an 8-bit RGBA image.",Affected
20131119,CVE-2013-4592,-1,-1,851101,kernel-source,https://www.suse.com/security/cve/CVE-2013-4592,"Memory leak in the __kvm_set_memory_region function in virt/kvm/kvm_main.c in the Linux kernel before 3.9 allows local users to cause a denial of service (memory consumption) by leveraging certain device access to trigger movement of memory slots.",Already fixed
20131120,CVE-2013-4579,-1,-1,851426,kernel-source,https://www.suse.com/security/cve/CVE-2013-4579,"The ath9k_htc_set_bssid_mask function in drivers/net/wireless/ath/ath9k/htc_drv_main.c in the Linux kernel through 3.12 uses a BSSID masking approach to determine the set of MAC addresses on which a Wi-Fi device is listening, which allows remote attackers to discover the original MAC address after spoofing by sending a series of packets to MAC addresses with certain bit manipulations.",Already fixed
20131121,CVE-2013-4449,-1,-1,846389,openldap2,https://www.suse.com/security/cve/CVE-2013-4449,"The rwm overlay in OpenLDAP 2.4.23, 2.4.36, and earlier does not properly count references, which allows remote attackers to cause a denial of service (slapd crash) by unbinding immediately after a search request, which triggers rwm_conn_destroy to free the session context while it is being used by rwm_op_search.",Already fixed
20131122,CVE-2013-4164,-1,-1,851803,ruby,https://www.suse.com/security/cve/CVE-2013-4164,"Heap-based buffer overflow in Ruby 1.8, 1.9 before 1.9.3-p484, 2.0 before 2.0.0-p353, 2.1 before 2.1.0 preview2, and trunk before revision 43780 allows context-dependent attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a string that is converted to a floating point value, as demonstrated using (1) the to_f method or (2) JSON.parse.",Released
20131124,CVE-2013-6337,-1,-1,848738,wireshark,https://www.suse.com/security/cve/CVE-2013-6337,"Unspecified vulnerability in the NBAP dissector in Wireshark 1.8.x before 1.8.11 and 1.10.x before 1.10.3 allows remote attackers to cause a denial of service (application crash) via a crafted packet.",Released
20131126,CVE-2013-6380,-1,-1,852373,kernel-source,https://www.suse.com/security/cve/CVE-2013-6380,"The aac_send_raw_srb function in drivers/scsi/aacraid/commctrl.c in the Linux kernel through 3.12.1 does not properly validate a certain size value, which allows local users to cause a denial of service (invalid pointer dereference) or possibly have unspecified other impact via an FSACTL_SEND_RAW_SRB ioctl call that triggers a crafted SRB command.",Already fixed
20131127,CVE-2013-6378,-1,-1,852559,kernel-source,https://www.suse.com/security/cve/CVE-2013-6378,"The lbs_debugfs_write function in drivers/net/wireless/libertas/debugfs.c in the Linux kernel through 3.12.1 allows local users to cause a denial of service (OOPS) by leveraging root privileges for a zero-length write operation.",Already fixed
20131127,CVE-2013-6379,-1,-1,852556,kernel-source,https://www.suse.com/security/cve/CVE-2013-6379,"** REJECT **  DO NOT USE THIS CANDIDATE NUMBER.  ConsultIDs: CVE-2013-4513.  Reason: This candidate is a duplicate of CVE-2013-4513.  Notes: All CVE users should reference CVE-2013-4513 instead of this candidate.  All references and descriptions in this candidate have been removed to prevent accidental usage.",Analysis
20131127,CVE-2013-6382,-1,-1,852553,kernel-source,https://www.suse.com/security/cve/CVE-2013-6382,"Multiple buffer underflows in the XFS implementation in the Linux kernel through 3.12.1 allow local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging the CAP_SYS_ADMIN capability for a (1) XFS_IOC_ATTRLIST_BY_HANDLE or (2) XFS_IOC_ATTRLIST_BY_HANDLE_32 ioctl call with a crafted length value, related to the xfs_attrlist_by_handle function in fs/xfs/xfs_ioctl.c and the xfs_compat_attrlist_by_handle function in fs/xfs/xfs_ioctl32.c.",Already fixed
20131127,CVE-2013-6383,-1,-1,852558,kernel-source,https://www.suse.com/security/cve/CVE-2013-6383,"The aac_compat_ioctl function in drivers/scsi/aacraid/linit.c in the Linux kernel before 3.11.8 does not require the CAP_SYS_RAWIO capability, which allows local users to bypass intended access restrictions via a crafted ioctl call.",Already fixed
20131128,CVE-2013-6402,-1,-1,852368,hplip,https://www.suse.com/security/cve/CVE-2013-6402,"base/pkit.py in HP Linux Imaging and Printing (HPLIP) through 3.13.11 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/hp-pkservice.log temporary file.",Released
20131129,CVE-2013-6885,-1,-1,849668,kernel-source,https://www.suse.com/security/cve/CVE-2013-6885,"The microcode on AMD 16h 00h through 0Fh processors does not properly handle the interaction between locked instructions and write-combined memory types, which allows local users to cause a denial of service (system hang) via a crafted application, aka the errata 793 issue.",Already fixed
20131130,CVE-2012-0786,-1,-1,853044,augeas,https://www.suse.com/security/cve/CVE-2012-0786,"The transform_save function in transform.c in Augeas before 1.0.0 allows local users to overwrite arbitrary files and obtain sensitive information via a symlink attack on a .augnew file.",Released
20131130,CVE-2013-4566,-1,-1,853039,apache2-mod_nss,https://www.suse.com/security/cve/CVE-2013-4566,"mod_nss 1.0.8 and earlier, when NSSVerifyClient is set to none for the server/vhost context, does not enforce the NSSVerifyClient setting in the directory context, which allows remote attackers to bypass intended access restrictions.",Released
20131130,CVE-2013-4587,-1,-1,853050,kernel-source,https://www.suse.com/security/cve/CVE-2013-4587,"Array index error in the kvm_vm_ioctl_create_vcpu function in virt/kvm/kvm_main.c in the KVM subsystem in the Linux kernel through 3.12.5 allows local users to gain privileges via a large id value.",Already fixed
20131130,CVE-2013-6367,-1,-1,853051,kernel-source,https://www.suse.com/security/cve/CVE-2013-6367,"The apic_get_tmcct function in arch/x86/kvm/lapic.c in the KVM subsystem in the Linux kernel through 3.12.5 allows guest OS users to cause a denial of service (divide-by-zero error and host OS crash) via crafted modifications of the TMICT value.",Already fixed
20131130,CVE-2013-6368,-1,-1,853052,kernel-source,https://www.suse.com/security/cve/CVE-2013-6368,"The KVM subsystem in the Linux kernel through 3.12.5 allows local users to gain privileges or cause a denial of service (system crash) via a VAPIC synchronization operation involving a page-end address.",Released
20131130,CVE-2013-6376,-1,-1,853053,kernel-source,https://www.suse.com/security/cve/CVE-2013-6376,"The recalculate_apic_map function in arch/x86/kvm/lapic.c in the KVM subsystem in the Linux kernel through 3.12.5 allows guest OS users to cause a denial of service (host OS crash) via a crafted ICR write operation in x2apic mode.",Already fixed
20131130,CVE-2013-6405,-1,-1,853040,kernel-source,https://www.suse.com/security/cve/CVE-2013-6405,"** REJECT **  DO NOT USE THIS CANDIDATE NUMBER.  ConsultIDs: CVE-2013-7263, CVE-2013-7264, CVE-2013-7265, CVE-2013-7281.  Reason: This candidate is a duplicate of CVE-2013-7263, CVE-2013-7264, CVE-2013-7265, and CVE-2013-7281.  Notes: All CVE users should reference CVE-2013-7263, CVE-2013-7264, CVE-2013-7265, and/or CVE-2013-7281 instead of this candidate.  All references and descriptions in this candidate have been removed to prevent accidental usage.",Already fixed
20131130,CVE-2013-6412,-1,-1,853044,augeas,https://www.suse.com/security/cve/CVE-2013-6412,"The transform_save function in transform.c in Augeas 1.0.0 through 1.1.0 does not properly calculate the permission values when the umask contains a \"7,\" which causes world-writable permissions to be used for new files and allows local users to modify the files via unspecified vectors.",Released
20131203,CVE-2012-6150,-1,-1,844720,samba,https://www.suse.com/security/cve/CVE-2012-6150,"The winbind_name_list_to_sid_string_list function in nsswitch/pam_winbind.c in Samba through 4.1.2 handles invalid require_membership_of group names by accepting authentication by any user, which allows remote authenticated users to bypass intended access restrictions in opportunistic circumstances by leveraging an administrator's pam_winbind configuration-file mistake.",Released
20131205,CVE-2013-6424,-1,-1,853846,xorg-x11-server,https://www.suse.com/security/cve/CVE-2013-6424,"Integer underflow in the xTrapezoidValid macro in render/picture.h in X.Org allows context-dependent attackers to cause a denial of service (crash) via a negative bottom value.",Released
20131205,CVE-2013-6425,-1,-1,853824,pixman,https://www.suse.com/security/cve/CVE-2013-6425,"Integer underflow in the pixman_trapezoid_valid macro in pixman.h in Pixman before 0.32.0, as used in X.Org server and cairo, allows context-dependent attackers to cause a denial of service (crash) via a negative bottom value.",Released
20131205,CVE-2013-6427,-1,-1,852368,hplip,https://www.suse.com/security/cve/CVE-2013-6427,"upgrade.py in the hp-upgrade service in HP Linux Imaging and Printing (HPLIP) 3.x through 3.13.11 launches a program from an http URL, which allows man-in-the-middle attackers to execute arbitrary code by gaining control over the client-server data stream.",Analysis
20131206,CVE-2013-5661,,5.9,854109,bind,https://www.suse.com/security/cve/CVE-2013-5661,"Cache Poisoning issue exists in DNS Response Rate Limiting.",Analysis
20131209,CVE-2013-6639,-1,-1,854473,firefox-atk,https://www.suse.com/security/cve/CVE-2013-6639,"The DehoistArrayIndex function in hydrogen-dehoist.cc (aka hydrogen.cc) in Google V8 before 3.22.24.7, as used in Google Chrome before 31.0.1650.63, allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via JavaScript code that sets the value of an array element with a crafted index.",Released
20131209,CVE-2013-6639,-1,-1,854473,firefox-cairo,https://www.suse.com/security/cve/CVE-2013-6639,"The DehoistArrayIndex function in hydrogen-dehoist.cc (aka hydrogen.cc) in Google V8 before 3.22.24.7, as used in Google Chrome before 31.0.1650.63, allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via JavaScript code that sets the value of an array element with a crafted index.",Released
20131209,CVE-2013-6639,-1,-1,854473,firefox-gcc8,https://www.suse.com/security/cve/CVE-2013-6639,"The DehoistArrayIndex function in hydrogen-dehoist.cc (aka hydrogen.cc) in Google V8 before 3.22.24.7, as used in Google Chrome before 31.0.1650.63, allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via JavaScript code that sets the value of an array element with a crafted index.",Released
20131209,CVE-2013-6639,-1,-1,854473,firefox-gdk-pixbuf,https://www.suse.com/security/cve/CVE-2013-6639,"The DehoistArrayIndex function in hydrogen-dehoist.cc (aka hydrogen.cc) in Google V8 before 3.22.24.7, as used in Google Chrome before 31.0.1650.63, allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via JavaScript code that sets the value of an array element with a crafted index.",Released
20131209,CVE-2013-6639,-1,-1,854473,firefox-glib2,https://www.suse.com/security/cve/CVE-2013-6639,"The DehoistArrayIndex function in hydrogen-dehoist.cc (aka hydrogen.cc) in Google V8 before 3.22.24.7, as used in Google Chrome before 31.0.1650.63, allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via JavaScript code that sets the value of an array element with a crafted index.",Released
20131209,CVE-2013-6639,-1,-1,854473,firefox-gtk3,https://www.suse.com/security/cve/CVE-2013-6639,"The DehoistArrayIndex function in hydrogen-dehoist.cc (aka hydrogen.cc) in Google V8 before 3.22.24.7, as used in Google Chrome before 31.0.1650.63, allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via JavaScript code that sets the value of an array element with a crafted index.",Released
20131209,CVE-2013-6639,-1,-1,854473,firefox-harfbuzz,https://www.suse.com/security/cve/CVE-2013-6639,"The DehoistArrayIndex function in hydrogen-dehoist.cc (aka hydrogen.cc) in Google V8 before 3.22.24.7, as used in Google Chrome before 31.0.1650.63, allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via JavaScript code that sets the value of an array element with a crafted index.",Released
20131209,CVE-2013-6639,-1,-1,854473,firefox-libffi-gcc5,https://www.suse.com/security/cve/CVE-2013-6639,"The DehoistArrayIndex function in hydrogen-dehoist.cc (aka hydrogen.cc) in Google V8 before 3.22.24.7, as used in Google Chrome before 31.0.1650.63, allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via JavaScript code that sets the value of an array element with a crafted index.",Released
20131209,CVE-2013-6639,-1,-1,854473,firefox-libffi,https://www.suse.com/security/cve/CVE-2013-6639,"The DehoistArrayIndex function in hydrogen-dehoist.cc (aka hydrogen.cc) in Google V8 before 3.22.24.7, as used in Google Chrome before 31.0.1650.63, allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via JavaScript code that sets the value of an array element with a crafted index.",Released
20131209,CVE-2013-6639,-1,-1,854473,firefox-pango,https://www.suse.com/security/cve/CVE-2013-6639,"The DehoistArrayIndex function in hydrogen-dehoist.cc (aka hydrogen.cc) in Google V8 before 3.22.24.7, as used in Google Chrome before 31.0.1650.63, allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via JavaScript code that sets the value of an array element with a crafted index.",Released
20131209,CVE-2013-6640,-1,-1,854473,firefox-atk,https://www.suse.com/security/cve/CVE-2013-6640,"The DehoistArrayIndex function in hydrogen-dehoist.cc (aka hydrogen.cc) in Google V8 before 3.22.24.7, as used in Google Chrome before 31.0.1650.63, allows remote attackers to cause a denial of service (out-of-bounds read) via JavaScript code that sets a variable to the value of an array element with a crafted index.",Released
20131209,CVE-2013-6640,-1,-1,854473,firefox-cairo,https://www.suse.com/security/cve/CVE-2013-6640,"The DehoistArrayIndex function in hydrogen-dehoist.cc (aka hydrogen.cc) in Google V8 before 3.22.24.7, as used in Google Chrome before 31.0.1650.63, allows remote attackers to cause a denial of service (out-of-bounds read) via JavaScript code that sets a variable to the value of an array element with a crafted index.",Released
20131209,CVE-2013-6640,-1,-1,854473,firefox-gcc8,https://www.suse.com/security/cve/CVE-2013-6640,"The DehoistArrayIndex function in hydrogen-dehoist.cc (aka hydrogen.cc) in Google V8 before 3.22.24.7, as used in Google Chrome before 31.0.1650.63, allows remote attackers to cause a denial of service (out-of-bounds read) via JavaScript code that sets a variable to the value of an array element with a crafted index.",Released
20131209,CVE-2013-6640,-1,-1,854473,firefox-gdk-pixbuf,https://www.suse.com/security/cve/CVE-2013-6640,"The DehoistArrayIndex function in hydrogen-dehoist.cc (aka hydrogen.cc) in Google V8 before 3.22.24.7, as used in Google Chrome before 31.0.1650.63, allows remote attackers to cause a denial of service (out-of-bounds read) via JavaScript code that sets a variable to the value of an array element with a crafted index.",Released
20131209,CVE-2013-6640,-1,-1,854473,firefox-glib2,https://www.suse.com/security/cve/CVE-2013-6640,"The DehoistArrayIndex function in hydrogen-dehoist.cc (aka hydrogen.cc) in Google V8 before 3.22.24.7, as used in Google Chrome before 31.0.1650.63, allows remote attackers to cause a denial of service (out-of-bounds read) via JavaScript code that sets a variable to the value of an array element with a crafted index.",Released
20131209,CVE-2013-6640,-1,-1,854473,firefox-gtk3,https://www.suse.com/security/cve/CVE-2013-6640,"The DehoistArrayIndex function in hydrogen-dehoist.cc (aka hydrogen.cc) in Google V8 before 3.22.24.7, as used in Google Chrome before 31.0.1650.63, allows remote attackers to cause a denial of service (out-of-bounds read) via JavaScript code that sets a variable to the value of an array element with a crafted index.",Released
20131209,CVE-2013-6640,-1,-1,854473,firefox-harfbuzz,https://www.suse.com/security/cve/CVE-2013-6640,"The DehoistArrayIndex function in hydrogen-dehoist.cc (aka hydrogen.cc) in Google V8 before 3.22.24.7, as used in Google Chrome before 31.0.1650.63, allows remote attackers to cause a denial of service (out-of-bounds read) via JavaScript code that sets a variable to the value of an array element with a crafted index.",Released
20131209,CVE-2013-6640,-1,-1,854473,firefox-libffi-gcc5,https://www.suse.com/security/cve/CVE-2013-6640,"The DehoistArrayIndex function in hydrogen-dehoist.cc (aka hydrogen.cc) in Google V8 before 3.22.24.7, as used in Google Chrome before 31.0.1650.63, allows remote attackers to cause a denial of service (out-of-bounds read) via JavaScript code that sets a variable to the value of an array element with a crafted index.",Released
20131209,CVE-2013-6640,-1,-1,854473,firefox-libffi,https://www.suse.com/security/cve/CVE-2013-6640,"The DehoistArrayIndex function in hydrogen-dehoist.cc (aka hydrogen.cc) in Google V8 before 3.22.24.7, as used in Google Chrome before 31.0.1650.63, allows remote attackers to cause a denial of service (out-of-bounds read) via JavaScript code that sets a variable to the value of an array element with a crafted index.",Released
20131209,CVE-2013-6640,-1,-1,854473,firefox-pango,https://www.suse.com/security/cve/CVE-2013-6640,"The DehoistArrayIndex function in hydrogen-dehoist.cc (aka hydrogen.cc) in Google V8 before 3.22.24.7, as used in Google Chrome before 31.0.1650.63, allows remote attackers to cause a denial of service (out-of-bounds read) via JavaScript code that sets a variable to the value of an array element with a crafted index.",Released
20131210,CVE-2013-6431,-1,-1,854173,kernel-source,https://www.suse.com/security/cve/CVE-2013-6431,"The fib6_add function in net/ipv6/ip6_fib.c in the Linux kernel before 3.11.5 does not properly implement error-code encoding, which allows local users to cause a denial of service (NULL pointer dereference and system crash) by leveraging the CAP_NET_ADMIN capability for an IPv6 SIOCADDRT ioctl call.",Analysis
20131210,CVE-2013-6432,-1,-1,854175,kernel-source,https://www.suse.com/security/cve/CVE-2013-6432,"The ping_recvmsg function in net/ipv4/ping.c in the Linux kernel before 3.12.4 does not properly interact with read system calls on ping sockets, which allows local users to cause a denial of service (NULL pointer dereference and system crash) by leveraging unspecified privileges to execute a crafted application.",Analysis
20131210,CVE-2013-7026,-1,-1,854633,kernel-source,https://www.suse.com/security/cve/CVE-2013-7026,"Multiple race conditions in ipc/shm.c in the Linux kernel before 3.12.2 allow local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other impact via a crafted application that uses shmctl IPC_RMID operations in conjunction with other shm system calls.",Analysis
20131210,CVE-2013-7027,-1,-1,854634,kernel-source,https://www.suse.com/security/cve/CVE-2013-7027,"The ieee80211_radiotap_iterator_init function in net/wireless/radiotap.c in the Linux kernel before 3.11.7 does not check whether a frame contains any data outside of the header, which might allow attackers to cause a denial of service (buffer over-read) via a crafted header.",Already fixed
20131210,CVE-2013-7040,-1,-1,854477,python,https://www.suse.com/security/cve/CVE-2013-7040,"Python 2.7 before 3.4 only uses the last eight bits of the prefix to randomize hash values, which causes it to compute hash values without restricting the ability to trigger hash collisions predictably and makes it easier for context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1150.",Affected
20131210,CVE-2013-7041,-1,-1,1123794,pam,https://www.suse.com/security/cve/CVE-2013-7041,"The pam_userdb module for Pam uses a case-insensitive method to compare hashed passwords, which makes it easier for attackers to guess the password via a brute force attack.",Released
20131213,CVE-2013-7087,,9.8,855323,clamav,https://www.suse.com/security/cve/CVE-2013-7087,"ClamAV before 0.97.7 has WWPack corrupt heap memory",Analysis
20131213,CVE-2013-7088,,9.8,855323,clamav,https://www.suse.com/security/cve/CVE-2013-7088,"ClamAV before 0.97.7 has buffer overflow in the libclamav component",Analysis
20131213,CVE-2013-7089,,7.5,855323,clamav,https://www.suse.com/security/cve/CVE-2013-7089,"ClamAV before 0.97.7: dbg_printhex possible information leak",Analysis
20131216,CVE-2013-6051,-1,-1,855581,quagga,https://www.suse.com/security/cve/CVE-2013-6051,"The bgp_attr_unknown function in bgp_attr.c in Quagga 0.99.21 does not properly initialize the total variable, which allows remote attackers to cause a denial of service (bgpd crash) via a crafted BGP update.",Analysis
20131217,CVE-2013-3713,-1,-1,843230,aaa_base,https://www.suse.com/security/cve/CVE-2013-3713,"The image creation configuration in aaa_base before 16.26.1 for openSUSE 13.1 KDE adds the root user to the \"users\" group when installing from a live image, which allows local users to obtain sensitive information and possibly have other unspecified impacts, as demonstrated by reading /etc/shadow.",Analysis
20131217,CVE-2013-6441,-1,-1,855809,lxc,https://www.suse.com/security/cve/CVE-2013-6441,"The lxc-sshd template (templates/lxc-sshd.in) in LXC before 1.0.0.beta2 uses read-write permissions when mounting /sbin/init, which allows local users to gain privileges by modifying the init file.",Unsupported
20131218,CVE-2013-6422,-1,-1,856069,curl,https://www.suse.com/security/cve/CVE-2013-6422,"The GnuTLS backend in libcurl 7.21.4 through 7.33.0, when disabling digital signature verification (CURLOPT_SSL_VERIFYPEER), also disables the CURLOPT_SSL_VERIFYHOST check for CN or SAN host name fields, which makes it easier for remote attackers to spoof servers and conduct man-in-the-middle (MITM) attacks.",Analysis
20131218,CVE-2013-6442,-1,-1,855866,samba,https://www.suse.com/security/cve/CVE-2013-6442,"The owner_set function in smbcacls.c in smbcacls in Samba 4.0.x before 4.0.16 and 4.1.x before 4.1.6 removes an ACL during use of a --chown or --chgrp option, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging an unintended administrative change.",Analysis
20131219,CVE-2013-6418,-1,-1,856323,python-pywbem,https://www.suse.com/security/cve/CVE-2013-6418,"PyWBEM 0.7 and earlier uses a separate connection to validate X.509 certificates, which allows man-in-the-middle attackers to spoof a peer via an arbitrary certificate.",Released
20131219,CVE-2013-6444,-1,-1,856274,python-pywbem,https://www.suse.com/security/cve/CVE-2013-6444,"PyWBEM 0.7 and earlier does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.",Released
20131220,CVE-2013-7112,-1,-1,856498,wireshark,https://www.suse.com/security/cve/CVE-2013-7112,"The dissect_sip_common function in epan/dissectors/packet-sip.c in the SIP dissector in Wireshark 1.8.x before 1.8.12 and 1.10.x before 1.10.4 does not check for empty lines, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet.",Released
20131220,CVE-2013-7113,-1,-1,856495,wireshark,https://www.suse.com/security/cve/CVE-2013-7113,"epan/dissectors/packet-bssgp.c in the BSSGP dissector in Wireshark 1.10.x before 1.10.4 incorrectly relies on a global variable, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.",Released
20131220,CVE-2013-7114,-1,-1,856496,wireshark,https://www.suse.com/security/cve/CVE-2013-7114,"Multiple buffer overflows in the create_ntlmssp_v2_key function in epan/dissectors/packet-ntlmssp.c in the NTLMSSP v2 dissector in Wireshark 1.8.x before 1.8.12 and 1.10.x before 1.10.4 allow remote attackers to cause a denial of service (application crash) via a long domain name in a packet.",Released
20131223,CVE-2013-6449,-1,-1,856687,openssl,https://www.suse.com/security/cve/CVE-2013-6449,"The ssl_get_algorithm2 function in ssl/s3_lib.c in OpenSSL before 1.0.2 obtains a certain version number from an incorrect data structure, which allows remote attackers to cause a denial of service (daemon crash) via crafted traffic from a TLS 1.2 client.",Affected
20131227,CVE-2013-4549,-1,-1,1039291,libqt4,https://www.suse.com/security/cve/CVE-2013-4549,"QXmlSimpleReader in Qt before 5.2 allows context-dependent attackers to cause a denial of service (memory consumption) via an XML Entity Expansion (XEE) attack.",Released
20131227,CVE-2013-4969,-1,-1,856843,puppet,https://www.suse.com/security/cve/CVE-2013-4969,"Puppet before 3.3.3 and 3.4 before 3.4.1 and Puppet Enterprise (PE) before 2.8.4 and 3.1 before 3.1.1 allows local users to overwrite arbitrary files via a symlink attack on unspecified files.",Released
20131227,CVE-2013-7108,-1,-1,856837,nagios,https://www.suse.com/security/cve/CVE-2013-7108,"Multiple off-by-one errors in Nagios Core 3.5.1, 4.0.2, and earlier, and Icinga before 1.8.5, 1.9 before 1.9.4, and 1.10 before 1.10.2 allow remote authenticated users to obtain sensitive information from process memory or cause a denial of service (crash) via a long string in the last key value in the variable list to the process_cgivars function in (1) avail.c, (2) cmd.c, (3) config.c, (4) extinfo.c, (5) histogram.c, (6) notifications.c, (7) outages.c, (8) status.c, (9) statusmap.c, (10) summary.c, and (11) trends.c in cgi/, which triggers a heap-based buffer over-read.",Released
20131227,CVE-2013-7205,-1,-1,856837,nagios,https://www.suse.com/security/cve/CVE-2013-7205,"Off-by-one error in the process_cgivars function in contrib/daemonchk.c in Nagios Core 3.5.1, 4.0.2, and earlier allows remote authenticated users to obtain sensitive information from process memory or cause a denial of service (crash) via a long string in the last key value in the variable list, which triggers a heap-based buffer over-read.",Released
20140102,CVE-2013-6450,-1,-1,857203,openssl,https://www.suse.com/security/cve/CVE-2013-6450,"The DTLS retransmission implementation in OpenSSL 1.0.0 before 1.0.0l and 1.0.1 before 1.0.1f does not properly maintain data structures for digest and encryption contexts, which might allow man-in-the-middle attackers to trigger the use of a different context and cause a denial of service (application crash) by interfering with packet delivery, related to ssl/d1_both.c and ssl/t1_enc.c.",Affected
20140102,CVE-2013-6463,-1,-1,854722,kernel-source,https://www.suse.com/security/cve/CVE-2013-6463,"** REJECT **  DO NOT USE THIS CANDIDATE NUMBER.  ConsultIDs: CVE-2013-7266, CVE-2013-7267, CVE-2013-7268, CVE-2013-7269, CVE-2013-7270, CVE-2013-7271.  Reason: This candidate is a duplicate of CVE-2013-7266, CVE-2013-7267, CVE-2013-7268, CVE-2013-7269, CVE-2013-7270, and CVE-2013-7271.  Notes: All CVE users should reference CVE-2013-7266, CVE-2013-7267, CVE-2013-7268, CVE-2013-7269, CVE-2013-7270, and/or CVE-2013-7271 instead of this candidate.  All references and descriptions in this candidate have been removed to prevent accidental usage.",Already fixed
20140107,CVE-2013-7106,-1,-1,856837,nagios,https://www.suse.com/security/cve/CVE-2013-7106,"Multiple stack-based buffer overflows in Icinga before 1.8.5, 1.9 before 1.9.4, and 1.10 before 1.10.2 allow remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a long string to the (1) display_nav_table, (2) page_limit_selector, (3) print_export_link, or (4) page_num_selector function in cgi/cgiutils.c; (5) status_page_num_selector function in cgi/status.c; or (6) display_command_expansion function in cgi/config.c.  NOTE: this can be exploited without authentication by leveraging CVE-2013-7107.",Released
20140107,CVE-2013-7263,-1,-1,853040,kernel-source,https://www.suse.com/security/cve/CVE-2013-7263,"The Linux kernel before 3.12.4 updates certain length values before ensuring that associated data structures have been initialized, which allows local users to obtain sensitive information from kernel stack memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call, related to net/ipv4/ping.c, net/ipv4/raw.c, net/ipv4/udp.c, net/ipv6/raw.c, and net/ipv6/udp.c.",Already fixed
20140107,CVE-2013-7264,-1,-1,853040,kernel-source,https://www.suse.com/security/cve/CVE-2013-7264,"The l2tp_ip_recvmsg function in net/l2tp/l2tp_ip.c in the Linux kernel before 3.12.4 updates a certain length value before ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel stack memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call.",Already fixed
20140107,CVE-2013-7265,-1,-1,853040,kernel-source,https://www.suse.com/security/cve/CVE-2013-7265,"The pn_recvmsg function in net/phonet/datagram.c in the Linux kernel before 3.12.4 updates a certain length value before ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel stack memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call.",Already fixed
20140110,CVE-2013-7284,-1,-1,858243,perl-PlRPC,https://www.suse.com/security/cve/CVE-2013-7284,"The PlRPC module, possibly 0.2020 and earlier, for Perl uses the Storable module, which allows remote attackers to execute arbitrary code via a crafted request, which is not properly handled when it is deserialized.",Released
20140110,CVE-2014-1235,-1,-1,857854,graphviz,https://www.suse.com/security/cve/CVE-2014-1235,"Stack-based buffer overflow in the \"yyerror\" function in Graphviz 2.34.0 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted file.  NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-0978.",Analysis
20140113,CVE-2013-6891,-1,-1,858462,cups,https://www.suse.com/security/cve/CVE-2013-6891,"lppasswd in CUPS before 1.7.1, when running with setuid privileges, allows local users to read portions of arbitrary files via a modified HOME environment variable and a symlink attack involving .cups/client.conf.",Analysis
20140113,CVE-2013-7281,-1,-1,853040,kernel-source,https://www.suse.com/security/cve/CVE-2013-7281,"The dgram_recvmsg function in net/ieee802154/dgram.c in the Linux kernel before 3.12.4 updates a certain length value without ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel stack memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call.",Analysis
20140113,CVE-2014-1402,-1,-1,858239,e2fsprogs,https://www.suse.com/security/cve/CVE-2014-1402,"The default configuration for bccache.FileSystemBytecodeCache in Jinja2 before 2.7.2 does not properly create temporary files, which allows local users to gain privileges via a crafted .cache file with a name starting with __jinja2_ in /tmp.",Released
20140114,CVE-2014-0015,-1,-1,858673,curl,https://www.suse.com/security/cve/CVE-2014-0015,"cURL and libcurl 7.10.6 through 7.34.0, when more than one authentication method is enabled, re-uses NTLM connections, which might allow context-dependent attackers to authenticate as other users via a request.",Released
20140114,CVE-2014-0591,-1,-1,858639,bind,https://www.suse.com/security/cve/CVE-2014-0591,"The query_findclosestnsec3 function in query.c in named in ISC BIND 9.6, 9.7, and 9.8 before 9.8.6-P2 and 9.9 before 9.9.4-P2, and 9.6-ESV before 9.6-ESV-R10-P2, allows remote attackers to cause a denial of service (INSIST assertion failure and daemon exit) via a crafted DNS query to an authoritative nameserver that uses the NSEC3 signing feature.",Released
20140114,CVE-2014-1438,-1,-1,858638,kernel-source,https://www.suse.com/security/cve/CVE-2014-1438,"The restore_fpu_checking function in arch/x86/include/asm/fpu-internal.h in the Linux kernel before 3.12.8 on the AMD K7 and K8 platforms does not clear pending exceptions before proceeding to an EMMS instruction, which allows local users to cause a denial of service (task kill) or possibly gain privileges via a crafted application.",Analysis
20140115,CVE-2014-1444,-1,-1,858869,kernel-source,https://www.suse.com/security/cve/CVE-2014-1444,"The fst_get_iface function in drivers/net/wan/farsync.c in the Linux kernel before 3.11.7 does not properly initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability for an SIOCWANDEV ioctl call.",Already fixed
20140115,CVE-2014-1445,-1,-1,858870,kernel-source,https://www.suse.com/security/cve/CVE-2014-1445,"The wanxl_ioctl function in drivers/net/wan/wanxl.c in the Linux kernel before 3.11.7 does not properly initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory via an ioctl call.",Already fixed
20140115,CVE-2014-1446,-1,-1,858872,kernel-source,https://www.suse.com/security/cve/CVE-2014-1446,"The yam_ioctl function in drivers/net/hamradio/yam.c in the Linux kernel before 3.12.8 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability for an SIOCYAMGCFG ioctl call.",Already fixed
20140120,CVE-2013-7296,-1,-1,859427,poppler,https://www.suse.com/security/cve/CVE-2013-7296,"The JBIG2Stream::readSegments method in JBIG2Stream.cc in Poppler before 0.24.5 does not use the correct specifier within a format string, which allows context-dependent attackers to cause a denial of service (segmentation fault and application crash) via a crafted PDF file.",Analysis
20140124,CVE-2014-0022,-1,-1,860255,yum,https://www.suse.com/security/cve/CVE-2014-0022,"The installUpdates function in yum-cron/yum-cron.py in yum 3.4.3 and earlier does not properly check the return value of the sigCheckPkg function, which allows remote attackers to bypass the RMP package signing restriction via an unsigned package.",Analysis
20140124,CVE-2014-0022,-1,-1,860255,yum,https://www.suse.com/security/cve/CVE-2014-0022,"The installUpdates function in yum-cron/yum-cron.py in yum 3.4.3 and earlier does not properly check the return value of the sigCheckPkg function, which allows remote attackers to bypass the RMP package signing restriction via an unsigned package.",Analysis
20140129,CVE-2014-0019,-1,-1,860991,socat,https://www.suse.com/security/cve/CVE-2014-0019,"Stack-based buffer overflow in socat 1.3.0.0 through 1.7.2.2 and 2.0.0-b1 through 2.0.0-b6 allows local users to cause a denial of service (segmentation fault) via a long server name in the PROXY-CONNECT address in the command line.",Released
20140129,CVE-2014-1690,-1,-1,860835,kernel-source,https://www.suse.com/security/cve/CVE-2014-1690,"The help function in net/netfilter/nf_nat_irc.c in the Linux kernel before 3.12.8 allows remote attackers to obtain sensitive information from kernel memory by establishing an IRC DCC session in which incorrect packet data is transmitted during use of the NAT mangle feature.",Analysis
20140131,CVE-2014-1692,-1,-1,861566,openssh,https://www.suse.com/security/cve/CVE-2014-1692,"The hash_buffer function in schnorr.c in OpenSSH through 6.4, when Makefile.inc is modified to enable the J-PAKE protocol, does not initialize certain data structures, which might allow remote attackers to cause a denial of service (memory corruption) or have unspecified other impact via vectors that trigger an error condition.",Analysis
20140205,CVE-2001-1593,-1,-1,861780,a2ps,https://www.suse.com/security/cve/CVE-2001-1593,"The tempname_ensure function in lib/routines.h in a2ps 4.14 and earlier, as used by the spy_user function and possibly other functions, allows local users to modify arbitrary files via a symlink attack on a temporary file.",Unsupported
20140205,CVE-2013-4738,-1,-1,861828,kernel-source,https://www.suse.com/security/cve/CVE-2013-4738,"Multiple stack-based buffer overflows in the MSM camera driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allow attackers to gain privileges via (1) a crafted VIDIOC_MSM_VPE_DEQUEUE_STREAM_BUFF_INFO ioctl call, related to drivers/media/platform/msm/camera_v2/pproc/vpe/msm_vpe.c, or (2) a crafted VIDIOC_MSM_CPP_DEQUEUE_STREAM_BUFF_INFO ioctl call, related to drivers/media/platform/msm/camera_v2/pproc/cpp/msm_cpp.c.",Analysis
20140207,CVE-2014-0050,,,862781,jakarta-commons-fileupload,https://www.suse.com/security/cve/CVE-2014-0050,"MultipartStream.java in Apache Commons FileUpload before 1.3.1, as used in Apache Tomcat, JBoss Web, and other products, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted Content-Type header that bypasses a loop's intended exit conditions.",Released
20140210,CVE-2013-6674,-1,-1,863095,mozilla-nss,https://www.suse.com/security/cve/CVE-2013-6674,"Cross-site scripting (XSS) vulnerability in Mozilla Thunderbird 17.x through 17.0.8, Thunderbird ESR 17.x through 17.0.10, and SeaMonkey before 2.20 allows user-assisted remote attackers to inject arbitrary web script or HTML via an e-mail message containing a data: URL in an IFRAME element, a related issue to CVE-2014-2018.",Released
20140211,CVE-2014-1874,-1,-1,863335,kernel-source,https://www.suse.com/security/cve/CVE-2014-1874,"The security_context_to_sid_core function in security/selinux/ss/services.c in the Linux kernel before 3.13.4 allows local users to cause a denial of service (system crash) by leveraging the CAP_MAC_ADMIN capability to set a zero-length security context.",Already fixed
20140212,CVE-2014-1932,-1,-1,863541,python-imaging,https://www.suse.com/security/cve/CVE-2014-1932,"The (1) load_djpeg function in JpegImagePlugin.py, (2) Ghostscript function in EpsImagePlugin.py, (3) load function in IptcImagePlugin.py, and (4) _copy function in Image.py in Python Image Library (PIL) 1.1.7 and earlier and Pillow before 2.3.1 do not properly create temporary files, which allow local users to overwrite arbitrary files and obtain sensitive information via a symlink attack on the temporary file.",Released
20140213,CVE-2014-1912,,,1049392,python,https://www.suse.com/security/cve/CVE-2014-1912,"Buffer overflow in the socket.recvfrom_into function in Modules/socketmodule.c in Python 2.5 before 2.7.7, 3.x before 3.3.4, and 3.4.x before 3.4rc1 allows remote attackers to execute arbitrary code via a crafted string.",Released
20140213,CVE-2014-1947,,7.8,863838,ImageMagick,https://www.suse.com/security/cve/CVE-2014-1947,"Stack-based buffer overflow in the WritePSDImage function in coders/psd.c in ImageMagick 6.5.4 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large number of layers in a PSD image, involving the L%02ld string, a different vulnerability than CVE-2014-2030.",Released
20140214,CVE-2014-0069,-1,-1,864025,kernel-source,https://www.suse.com/security/cve/CVE-2014-0069,"The cifs_iovec_write function in fs/cifs/file.c in the Linux kernel through 3.13.5 does not properly handle uncached write operations that copy fewer than the requested number of bytes, which allows local users to obtain sensitive information from kernel memory, cause a denial of service (memory corruption and system crash), or possibly gain privileges via a writev system call with a crafted pointer.",Already fixed
20140214,CVE-2014-1959,-1,-1,863989,gnutls,https://www.suse.com/security/cve/CVE-2014-1959,"lib/x509/verify.c in GnuTLS before 3.1.21 and 3.2.x before 3.2.11 treats version 1 X.509 certificates as intermediate CAs, which allows remote attackers to bypass intended restrictions by leveraging a X.509 V1 certificate from a trusted CA to issue new certificates.",Analysis
20140218,CVE-2013-4537,-1,-1,864391,kvm,https://www.suse.com/security/cve/CVE-2013-4537,"The ssi_sd_transfer function in hw/sd/ssi-sd.c in QEMU before 1.7.2 allows remote attackers to execute arbitrary code via a crafted arglen value in a savevm image.",Already fixed
20140218,CVE-2013-4537,-1,-1,864391,xen,https://www.suse.com/security/cve/CVE-2013-4537,"The ssi_sd_transfer function in hw/sd/ssi-sd.c in QEMU before 1.7.2 allows remote attackers to execute arbitrary code via a crafted arglen value in a savevm image.",Released
20140218,CVE-2014-1943,-1,-1,864343,file,https://www.suse.com/security/cve/CVE-2014-1943,"Fine Free file before 5.17 allows context-dependent attackers to cause a denial of service (infinite recursion, CPU consumption, and crash) via a crafted indirect offset value in the magic of a file.",Released
20140218,CVE-2014-1958,,8.8,863838,ImageMagick,https://www.suse.com/security/cve/CVE-2014-1958,"Buffer overflow in the DecodePSDPixels function in coders/psd.c in ImageMagick before 6.8.8-5 might allow remote attackers to execute arbitrary code via a crafted PSD image, involving the L%06ld string, a different vulnerability than CVE-2014-2030.",Released
20140219,CVE-2013-4149,-1,-1,864649,kvm,https://www.suse.com/security/cve/CVE-2013-4149,"Buffer overflow in virtio_net_load function in net/virtio-net.c in QEMU 1.3.0 through 1.7.x before 1.7.2 might allow remote attackers to execute arbitrary code via a large MAC table.",Already fixed
20140219,CVE-2013-4151,-1,-1,864653,kvm,https://www.suse.com/security/cve/CVE-2013-4151,"The virtio_load function in virtio/virtio.c in QEMU 1.x before 1.7.2 allows remote attackers to execute arbitrary code via a crafted savevm image, which triggers an out-of-bounds write.",Already fixed
20140219,CVE-2013-4527,-1,-1,864673,xen,https://www.suse.com/security/cve/CVE-2013-4527,"Buffer overflow in hw/timer/hpet.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via vectors related to the number of timers.",Already fixed
20140219,CVE-2013-4529,-1,-1,864678,xen,https://www.suse.com/security/cve/CVE-2013-4529,"Buffer overflow in hw/pci/pcie_aer.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a large log_num value in a savevm image.",Already fixed
20140219,CVE-2013-4530,-1,-1,1072198,xen,https://www.suse.com/security/cve/CVE-2013-4530,"Buffer overflow in hw/ssi/pl022.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service or possibly execute arbitrary code via crafted tx_fifo_head and rx_fifo_head values in a savevm image.",Released
20140219,CVE-2013-4533,-1,-1,1072223,kvm,https://www.suse.com/security/cve/CVE-2013-4533,"Buffer overflow in the pxa2xx_ssp_load function in hw/arm/pxa2xx.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted s->rx_level value in a savevm image.",Already fixed
20140219,CVE-2013-4533,-1,-1,1072223,xen,https://www.suse.com/security/cve/CVE-2013-4533,"Buffer overflow in the pxa2xx_ssp_load function in hw/arm/pxa2xx.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted s->rx_level value in a savevm image.",Released
20140219,CVE-2013-4535,,8.8,864665,kvm,https://www.suse.com/security/cve/CVE-2013-4535,"The virtqueue_map_sg function in hw/virtio/virtio.c in QEMU before 1.7.2 allows remote attackers to execute arbitrary files via a crafted savevm image, related to virtio-block or virtio-serial read.",Already fixed
20140219,CVE-2013-4535,,8.8,864665,xen,https://www.suse.com/security/cve/CVE-2013-4535,"The virtqueue_map_sg function in hw/virtio/virtio.c in QEMU before 1.7.2 allows remote attackers to execute arbitrary files via a crafted savevm image, related to virtio-block or virtio-serial read.",Already fixed
20140219,CVE-2013-4536,,7.8,864665,kvm,https://www.suse.com/security/cve/CVE-2013-4536,"An user able to alter the savevm data (either on the disk or over the wire during migration) could use this flaw to to corrupt QEMU process memory on the (destination) host, which could potentially result in arbitrary code execution on the host with the privileges of the QEMU process.",Already fixed
20140219,CVE-2013-4536,,7.8,864665,xen,https://www.suse.com/security/cve/CVE-2013-4536,"An user able to alter the savevm data (either on the disk or over the wire during migration) could use this flaw to to corrupt QEMU process memory on the (destination) host, which could potentially result in arbitrary code execution on the host with the privileges of the QEMU process.",Already fixed
20140219,CVE-2013-4577,-1,-1,864544,grub2,https://www.suse.com/security/cve/CVE-2013-4577,"A certain Debian patch for GNU GRUB uses world-readable permissions for grub.cfg, which allows local users to obtain password hashes, as demonstrated by reading the password_pbkdf2 directive in the file.",Analysis
20140220,CVE-2012-6638,-1,-1,765102,kernel-source,https://www.suse.com/security/cve/CVE-2012-6638,"The tcp_rcv_state_process function in net/ipv4/tcp_input.c in the Linux kernel before 3.2.24 allows remote attackers to cause a denial of service (kernel resource consumption) via a flood of SYN+FIN TCP packets, a different vulnerability than CVE-2012-2663.",Analysis
20140220,CVE-2013-4148,-1,-1,864812,kvm,https://www.suse.com/security/cve/CVE-2013-4148,"Integer signedness error in the virtio_net_load function in hw/net/virtio-net.c in QEMU 1.x before 1.7.2 allows remote attackers to execute arbitrary code via a crafted savevm image, which triggers a buffer overflow.",Already fixed
20140220,CVE-2013-4148,-1,-1,864812,xen,https://www.suse.com/security/cve/CVE-2013-4148,"Integer signedness error in the virtio_net_load function in hw/net/virtio-net.c in QEMU 1.x before 1.7.2 allows remote attackers to execute arbitrary code via a crafted savevm image, which triggers a buffer overflow.",Already fixed
20140220,CVE-2013-4532,,7.8,864797,kvm,https://www.suse.com/security/cve/CVE-2013-4532,"Qemu 1.1.2+dfsg to 2.1+dfsg suffers from a buffer overrun which could potentially result in arbitrary code execution on the host with the privileges of the QEMU process.",Ignore
20140220,CVE-2013-4534,-1,-1,864811,kvm,https://www.suse.com/security/cve/CVE-2013-4534,"Buffer overflow in hw/intc/openpic.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service or possibly execute arbitrary code via vectors related to IRQDest elements.",Already fixed
20140220,CVE-2013-4534,-1,-1,864811,xen,https://www.suse.com/security/cve/CVE-2013-4534,"Buffer overflow in hw/intc/openpic.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service or possibly execute arbitrary code via vectors related to IRQDest elements.",Released
20140220,CVE-2013-4538,-1,-1,1072223,xen,https://www.suse.com/security/cve/CVE-2013-4538,"Multiple buffer overflows in the ssd0323_load function in hw/display/ssd0323.c in QEMU before 1.7.2 allow remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via crafted (1) cmd_len, (2) row, or (3) col values; (4) row_start and row_end values; or (5) col_star and col_end values in a savevm image.",Released
20140220,CVE-2013-4539,-1,-1,1072223,kvm,https://www.suse.com/security/cve/CVE-2013-4539,"Multiple buffer overflows in the tsc210x_load function in hw/input/tsc210x.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via a crafted (1) precision, (2) nextprecision, (3) function, or (4) nextfunction value in a savevm image.",Already fixed
20140220,CVE-2013-4539,-1,-1,1072223,xen,https://www.suse.com/security/cve/CVE-2013-4539,"Multiple buffer overflows in the tsc210x_load function in hw/input/tsc210x.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via a crafted (1) precision, (2) nextprecision, (3) function, or (4) nextfunction value in a savevm image.",Released
20140220,CVE-2013-4540,-1,-1,864801,kvm,https://www.suse.com/security/cve/CVE-2013-4540,"Buffer overflow in scoop_gpio_handler_update in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via a large (1) prev_level, (2) gpio_level, or (3) gpio_dir value in a savevm image.",Already fixed
20140220,CVE-2013-4542,-1,-1,864804,kvm,https://www.suse.com/security/cve/CVE-2013-4542,"The virtio_scsi_load_request function in hw/scsi/scsi-bus.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via a crafted savevm image, which triggers an out-of-bounds array access.",Already fixed
20140220,CVE-2013-6399,-1,-1,864814,kvm,https://www.suse.com/security/cve/CVE-2013-6399,"Array index error in the virtio_load function in hw/virtio/virtio.c in QEMU before 1.7.2 allows remote attackers to execute arbitrary code via a crafted savevm image.",Already fixed
20140220,CVE-2014-0060,-1,-1,864845,postgresql94,https://www.suse.com/security/cve/CVE-2014-0060,"PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 does not properly enforce the ADMIN OPTION restriction, which allows remote authenticated members of a role to add or remove arbitrary users to that role by calling the SET ROLE command before the associated GRANT command.",Unsupported
20140220,CVE-2014-0061,-1,-1,864846,postgresql94,https://www.suse.com/security/cve/CVE-2014-0061,"The validator functions for the procedural languages (PLs) in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to gain privileges via a function that is (1) defined in another language or (2) not allowed to be directly called by the user due to permissions.",Unsupported
20140220,CVE-2014-0062,,,864847,postgresql94,https://www.suse.com/security/cve/CVE-2014-0062,"Race condition in the (1) CREATE INDEX and (2) unspecified ALTER TABLE commands in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allows remote authenticated users to create an unauthorized index or read portions of unauthorized tables by creating or deleting a table with the same name during the timing window.",Released
20140220,CVE-2014-0065,-1,-1,864852,postgresql94,https://www.suse.com/security/cve/CVE-2014-0065,"Multiple buffer overflows in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to have unspecified impact and attack vectors, a different vulnerability than CVE-2014-0063.",Unsupported
20140220,CVE-2014-0066,-1,-1,864853,postgresql94,https://www.suse.com/security/cve/CVE-2014-0066,"The chkpass extension in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 does not properly check the return value of the crypt library function, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via unspecified vectors.",Released
20140220,CVE-2014-0067,-1,-1,864856,postgresql94,https://www.suse.com/security/cve/CVE-2014-0067,"The \"make check\" command for the test suites in PostgreSQL 9.3.3 and earlier does not properly invoke initdb to specify the authentication requirements for a database cluster to be used for the tests, which allows local users to gain privileges by leveraging access to this cluster.",Affected
20140220,CVE-2014-1878,-1,-1,864843,nagios,https://www.suse.com/security/cve/CVE-2014-1878,"Stack-based buffer overflow in the cmd_submitf function in cgi/cmd.c in Nagios Core, possibly 4.0.3rc1 and earlier, and Icinga before 1.8.6, 1.9 before 1.9.5, and 1.10 before 1.10.3 allows remote attackers to cause a denial of service (segmentation fault) via a long message to cmd.cgi.",Released
20140220,CVE-2014-2015,-1,-1,864576,freeradius-server,https://www.suse.com/security/cve/CVE-2014-2015,"Stack-based buffer overflow in the normify function in the rlm_pap module (modules/rlm_pap/rlm_pap.c) in FreeRADIUS 2.x, possibly 2.2.3 and earlier, and 3.x, possibly 3.0.1 and earlier, might allow attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long password hash, as demonstrated by an SSHA hash.",Released
20140221,CVE-2014-2038,-1,-1,865075,kernel-source,https://www.suse.com/security/cve/CVE-2014-2038,"The nfs_can_extend_write function in fs/nfs/write.c in the Linux kernel before 3.13.3 relies on a write delegation to extend a write operation without a certain up-to-date verification, which allows local users to obtain sensitive information from kernel memory in opportunistic circumstances by writing to a file in an NFS filesystem and then reading the same file.",Analysis
20140224,CVE-2014-2039,-1,-1,862796,kernel-source,https://www.suse.com/security/cve/CVE-2014-2039,"arch/s390/kernel/head64.S in the Linux kernel before 3.13.5 on the s390 platform does not properly handle attempted use of the linkage stack, which allows local users to cause a denial of service (system crash) by executing a crafted instruction.",Already fixed
20140226,CVE-2013-4322,,,865746,libtcnative-1-0,https://www.suse.com/security/cve/CVE-2013-4322,"Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-RC10 processes chunked transfer coding without properly handling (1) a large total amount of chunked data or (2) whitespace characters in an HTTP header value within a trailer field, which allows remote attackers to cause a denial of service by streaming data.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-3544.",Released
20140226,CVE-2014-0092,-1,-1,865804,gnutls,https://www.suse.com/security/cve/CVE-2014-0092,"lib/x509/verify.c in GnuTLS before 3.1.22 and 3.2.x before 3.2.12 does not properly handle unspecified errors when verifying X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers via a crafted certificate.",Released
20140227,CVE-2009-5138,-1,-1,865993,gnutls,https://www.suse.com/security/cve/CVE-2009-5138,"GnuTLS before 2.7.6, when the GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT flag is not enabled, treats version 1 X.509 certificates as intermediate CAs, which allows remote attackers to bypass intended restrictions by leveraging a X.509 V1 certificate from a trusted CA to issue new certificates, a different vulnerability than CVE-2014-1959.",Released
20140227,CVE-2013-6800,-1,-1,866059,krb5,https://www.suse.com/security/cve/CVE-2013-6800,"An unspecified third-party database module for the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.10.x allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request, a different vulnerability than CVE-2013-1418.",Released
20140228,CVE-2014-0016,-1,-1,866278,stunnel,https://www.suse.com/security/cve/CVE-2014-0016,"stunnel before 5.00, when using fork threading, does not properly update the state of the OpenSSL pseudo-random number generator (PRNG), which causes subsequent children with the same process ID to use the same entropy pool and allows remote attackers to obtain private keys for EC (ECDSA) or DSA certificates.",Already fixed
20140228,CVE-2014-0049,-1,-1,866288,kernel-source,https://www.suse.com/security/cve/CVE-2014-0049,"Buffer overflow in the complete_emulated_mmio function in arch/x86/kvm/x86.c in the Linux kernel before 3.13.6 allows guest OS users to execute arbitrary code on the host OS by leveraging a loop that triggers an invalid memory copy affecting certain cancel_work_item data.",Analysis
20140228,CVE-2014-0101,-1,-1,1115893,kernel-source,https://www.suse.com/security/cve/CVE-2014-0101,"The sctp_sf_do_5_1D_ce function in net/sctp/sm_statefuns.c in the Linux kernel through 3.13.6 does not validate certain auth_enable and auth_capable fields before making an sctp_sf_authenticate call, which allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) via an SCTP handshake with a modified INIT chunk and a crafted AUTH chunk before a COOKIE_ECHO chunk.",Already fixed
20140303,CVE-2014-0106,-1,-1,866503,sudo,https://www.suse.com/security/cve/CVE-2014-0106,"Sudo 1.6.9 before 1.8.5, when env_reset is disabled, does not properly check environment variables for the env_delete restriction, which allows local users with sudo permissions to bypass intended command restrictions via a crafted environment variable.",Released
20140304,CVE-2014-2030,,8.8,863838,ImageMagick,https://www.suse.com/security/cve/CVE-2014-2030,"Stack-based buffer overflow in the WritePSDImage function in coders/psd.c in ImageMagick, possibly 6.8.8-5, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PSD image, involving the L%06ld string, a different vulnerability than CVE-2014-1947.",Released
20140305,CVE-2014-0102,-1,-1,1066001,kernel-source,https://www.suse.com/security/cve/CVE-2014-0102,"The keyring_detect_cycle_iterator function in security/keys/keyring.c in the Linux kernel through 3.13.6 does not properly determine whether keyrings are identical, which allows local users to cause a denial of service (OOPS) via crafted keyctl commands.",Analysis
20140305,CVE-2014-2270,-1,-1,866750,file,https://www.suse.com/security/cve/CVE-2014-2270,"softmagic.c in file before 5.17 and libmagic allows context-dependent attackers to cause a denial of service (out-of-bounds memory access and crash) via crafted offsets in the softmagic of a PE executable.",Released
20140306,CVE-2014-2284,-1,-1,866942,net-snmp,https://www.suse.com/security/cve/CVE-2014-2284,"The Linux implementation of the ICMP-MIB in Net-SNMP 5.5 before 5.5.2.1, 5.6.x before 5.6.2.1, and 5.7.x before 5.7.2.1 does not properly validate input, which allows remote attackers to cause a denial of service via unspecified vectors.",Released
20140306,CVE-2014-2285,-1,-1,866942,net-snmp,https://www.suse.com/security/cve/CVE-2014-2285,"The perl_trapd_handler function in perl/TrapReceiver/TrapReceiver.xs in Net-SNMP 5.7.3.pre3 and earlier, when using certain Perl versions, allows remote attackers to cause a denial of service (snmptrapd crash) via an empty community string in an SNMP trap, which triggers a NULL pointer dereference within the newSVpv function in Perl.",Released
20140310,CVE-2014-0033,-1,-1,867570,tomcat6,https://www.suse.com/security/cve/CVE-2014-0033,"org/apache/catalina/connector/CoyoteAdapter.java in Apache Tomcat 6.0.33 through 6.0.37 does not consider the disableURLRewriting setting when handling a session ID in a URL, which allows remote attackers to conduct session fixation attacks via a crafted URL.",Analysis
20140310,CVE-2014-0128,-1,-1,867533,squid3,https://www.suse.com/security/cve/CVE-2014-0128,"Squid 3.1 before 3.3.12 and 3.4 before 3.4.4, when SSL-Bump is enabled, allows remote attackers to cause a denial of service (assertion failure) via a crafted range request, related to state management.",Released
20140310,CVE-2014-2240,-1,-1,867620,firefox-freetype2,https://www.suse.com/security/cve/CVE-2014-2240,"Stack-based buffer overflow in the cf2_hintmap_build function in cff/cf2hints.c in FreeType before 2.5.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large number of stem hints in a font file.",Affected
20140310,CVE-2014-2241,-1,-1,867620,firefox-freetype2,https://www.suse.com/security/cve/CVE-2014-2241,"The (1) cf2_initLocalRegionBuffer and (2) cf2_initGlobalRegionBuffer functions in cff/cf2ft.c in FreeType before 2.5.3 do not properly check if a subroutine exists, which allows remote attackers to cause a denial of service (assertion failure), as demonstrated by a crafted ttf file.",Affected
20140310,CVE-2014-2309,-1,-1,824295,kernel-source,https://www.suse.com/security/cve/CVE-2014-2309,"The ip6_route_add function in net/ipv6/route.c in the Linux kernel through 3.13.6 does not properly count the addition of routes, which allows remote attackers to cause a denial of service (memory consumption) via a flood of ICMPv6 Router Advertisement packets.",Already fixed
20140310,CVE-2014-2310,-1,-1,867349,net-snmp,https://www.suse.com/security/cve/CVE-2014-2310,"The AgentX subagent in Net-SNMP before 5.4.4 allows remote attackers to cause a denial of service (hang) by sending a multi-object request with an Object ID (OID) containing more subids than previous requests, a different vulnerability than CVE-2012-6151.",Released
20140311,CVE-2014-0131,-1,-1,824295,kernel-source,https://www.suse.com/security/cve/CVE-2014-0131,"Use-after-free vulnerability in the skb_segment function in net/core/skbuff.c in the Linux kernel through 3.13.6 allows attackers to obtain sensitive information from kernel memory by leveraging the absence of a certain orphaning operation.",Already fixed
20140313,CVE-2014-0467,-1,-1,868115,mutt,https://www.suse.com/security/cve/CVE-2014-0467,"Buffer overflow in copy.c in Mutt before 1.5.23 allows remote attackers to cause a denial of service (crash) via a crafted RFC2047 header line, related to address expansion.",Released
20140313,CVE-2014-2281,-1,-1,867485,wireshark,https://www.suse.com/security/cve/CVE-2014-2281,"The nfs_name_snoop_add_name function in epan/dissectors/packet-nfs.c in the NFS dissector in Wireshark 1.8.x before 1.8.13 and 1.10.x before 1.10.6 does not validate a certain length value, which allows remote attackers to cause a denial of service (memory corruption and application crash) via a crafted NFS packet.",Released
20140313,CVE-2014-2282,-1,-1,867485,wireshark,https://www.suse.com/security/cve/CVE-2014-2282,"The dissect_protocol_data_parameter function in epan/dissectors/packet-m3ua.c in the M3UA dissector in Wireshark 1.10.x before 1.10.6 does not properly allocate memory, which allows remote attackers to cause a denial of service (application crash) via a crafted SS7 MTP3 packet.",Released
20140313,CVE-2014-2283,-1,-1,867485,wireshark,https://www.suse.com/security/cve/CVE-2014-2283,"epan/dissectors/packet-rlc in the RLC dissector in Wireshark 1.8.x before 1.8.13 and 1.10.x before 1.10.6 uses inconsistent memory-management approaches, which allows remote attackers to cause a denial of service (use-after-free error and application crash) via a crafted UMTS Radio Link Control packet.",Released
20140313,CVE-2014-2299,-1,-1,867485,wireshark,https://www.suse.com/security/cve/CVE-2014-2299,"Buffer overflow in the mpeg_read function in wiretap/mpeg.c in the MPEG parser in Wireshark 1.8.x before 1.8.13 and 1.10.x before 1.10.6 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a large record in MPEG data.",Released
20140317,CVE-2014-0138,-1,-1,868627,curl,https://www.suse.com/security/cve/CVE-2014-0138,"The default configuration in cURL and libcurl 7.10.6 before 7.36.0 re-uses (1) SCP, (2) SFTP, (3) POP3, (4) POP3S, (5) IMAP, (6) IMAPS, (7) SMTP, (8) SMTPS, (9) LDAP, and (10) LDAPS connections, which might allow context-dependent attackers to connect as other users via a request, a similar issue to CVE-2014-0015.",Released
20140317,CVE-2014-0139,-1,-1,868629,curl,https://www.suse.com/security/cve/CVE-2014-0139,"cURL and libcurl 7.1 before 7.36.0, when using the OpenSSL, axtls, qsossl or gskit libraries for TLS, recognize a wildcard IP address in the subject's Common Name (CN) field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority.",Released
20140318,CVE-2012-1171,-1,-1,868832,php53,https://www.suse.com/security/cve/CVE-2012-1171,"The libxml RSHUTDOWN function in PHP 5.x allows remote attackers to bypass the open_basedir protection mechanism and read arbitrary files via vectors involving a stream_close method call during use of a custom stream wrapper.",Ignore
20140318,CVE-2013-7336,-1,-1,868943,libvirt,https://www.suse.com/security/cve/CVE-2013-7336,"The qemuMigrationWaitForSpice function in qemu/qemu_migration.c in libvirt before 1.1.3 does not properly enter a monitor when performing seamless SPICE migration, which allows local users to cause a denial of service (NULL pointer dereference and libvirtd crash) by causing domblkstat to be called at the same time as the qemuMonitorGetSpiceMigrationStatus function.",Analysis
20140318,CVE-2014-2523,-1,-1,1115893,kernel-source,https://www.suse.com/security/cve/CVE-2014-2523,"net/netfilter/nf_conntrack_proto_dccp.c in the Linux kernel through 3.13.6 uses a DCCP header pointer incorrectly, which allows remote attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a DCCP packet that triggers a call to the (1) dccp_new, (2) dccp_packet, or (3) dccp_error function.",Already fixed
20140318,CVE-2014-2524,-1,-1,868822,bash,https://www.suse.com/security/cve/CVE-2014-2524,"The _rl_tropen function in util.c in GNU readline before 6.3 patch 3 allows local users to create or overwrite arbitrary files via a symlink attack on a /var/tmp/rltrace.[PID] file.",Analysis
20140318,CVE-2014-2527,-1,-1,868682,kdirstat,https://www.suse.com/security/cve/CVE-2014-2527,"kcleanup.cpp in KDirStat 2.7.0 does not properly quote strings when deleting a directory, which allows remote attackers to execute arbitrary commands via a \" (double quote) character in the directory name, a different vulnerability than CVE-2014-2528.",Released
20140318,CVE-2014-2528,-1,-1,868682,kdirstat,https://www.suse.com/security/cve/CVE-2014-2528,"kcleanup.cpp in KDirStat 2.7.3 does not properly quote strings when deleting a directory, which allows remote attackers to execute arbitrary commands via a ' (single quote) character in the directory name, a different vulnerability than CVE-2014-2527.",Released
20140319,CVE-2013-6438,-1,-1,869105,apache2,https://www.suse.com/security/cve/CVE-2013-6438,"The dav_xml_get_cdata function in main/util.c in the mod_dav module in the Apache HTTP Server before 2.4.8 does not properly remove whitespace characters from CDATA sections, which allows remote attackers to cause a denial of service (daemon crash) via a crafted DAV WRITE request.",Released
20140319,CVE-2013-7338,-1,-1,869222,python,https://www.suse.com/security/cve/CVE-2013-7338,"Python before 3.3.4 RC1 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a file size value larger than the size of the zip file to the (1) ZipExtFile.read, (2) ZipExtFile.read(n), (3) ZipExtFile.readlines, (4) ZipFile.extract, or (5) ZipFile.extractall function.",Analysis
20140321,CVE-2013-7339,-1,-1,869563,kernel-source,https://www.suse.com/security/cve/CVE-2013-7339,"The rds_ib_laddr_check function in net/rds/ib.c in the Linux kernel before 3.12.8 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a bind system call for an RDS socket on a system that lacks RDS transports.",Released
20140321,CVE-2014-2568,-1,-1,869564,kernel-source,https://www.suse.com/security/cve/CVE-2014-2568,"Use-after-free vulnerability in the nfqnl_zcopy function in net/netfilter/nfnetlink_queue_core.c in the Linux kernel through 3.13.6 allows attackers to obtain sensitive information from kernel memory by leveraging the absence of a certain orphaning operation. NOTE: the affected code was moved to the skb_zerocopy function in net/core/skbuff.c before the vulnerability was announced.",Ignore
20140324,CVE-2013-7345,-1,-1,869906,php53,https://www.suse.com/security/cve/CVE-2013-7345,"The BEGIN regular expression in the awk script detector in magic/Magdir/commands in file before 5.15 uses multiple wildcards with unlimited repetitions, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted ASCII file that triggers a large amount of backtracking, as demonstrated via a file with many newline characters.",Released
20140324,CVE-2014-0076,-1,-1,869945,openssl,https://www.suse.com/security/cve/CVE-2014-0076,"The Montgomery ladder implementation in OpenSSL through 1.0.0l does not ensure that certain swap operations have a constant-time behavior, which makes it easier for local users to obtain ECDSA nonces via a FLUSH+RELOAD cache side-channel attack.",Released
20140324,CVE-2014-1492,-1,-1,869827,ruby,https://www.suse.com/security/cve/CVE-2014-1492,"The cert_TestHostName function in lib/certdb/certdb.c in the certificate-checking implementation in Mozilla Network Security Services (NSS) before 3.16 accepts a wildcard character that is embedded in an internationalized domain name's U-label, which might allow man-in-the-middle attackers to spoof SSL servers via a crafted certificate.",Released
20140325,CVE-2014-0055,-1,-1,870173,kernel-source,https://www.suse.com/security/cve/CVE-2014-0055,"The get_rx_bufs function in drivers/vhost/net.c in the vhost-net subsystem in the Linux kernel package before 2.6.32-431.11.2 on Red Hat Enterprise Linux (RHEL) 6 does not properly handle vhost_get_vq_desc errors, which allows guest OS users to cause a denial of service (host OS crash) via unspecified vectors.",Already fixed
20140325,CVE-2014-0107,,,870082,xalan-j2,https://www.suse.com/security/cve/CVE-2014-0107,"The TransformerFactory in Apache Xalan-Java before 2.7.2 does not properly restrict access to certain properties when FEATURE_SECURE_PROCESSING is enabled, which allows remote attackers to bypass expected restrictions and load arbitrary classes or access external resources via a crafted (1) xalan:content-header, (2) xalan:entities, (3) xslt:content-header, or (4) xslt:entities property, or a Java property that is bound to the XSLT 1.0 system-property function.",Released
20140325,CVE-2014-2580,-1,-1,869925,kernel-source,https://www.suse.com/security/cve/CVE-2014-2580,"The netback driver in Xen, when using certain Linux versions that do not allow sleeping in softirq context, allows local guest administrators to cause a denial of service (\"scheduling while atomic\" error and host crash) via a malformed packet, which causes a mutex to be taken when trying to disable the interface.",Analysis
20140326,CVE-2014-0144,,8.6,870439,kvm,https://www.suse.com/security/cve/CVE-2014-0144,"QEMU before 2.0.0 block drivers for CLOOP, QCOW2 version 2 and various other image formats are vulnerable to potential memory corruptions, integer/buffer overflows or crash caused by missing input validations which could allow a remote user to execute arbitrary code on the host with the privileges of the QEMU process.",Already fixed
20140326,CVE-2014-0144,,8.6,870439,xen,https://www.suse.com/security/cve/CVE-2014-0144,"QEMU before 2.0.0 block drivers for CLOOP, QCOW2 version 2 and various other image formats are vulnerable to potential memory corruptions, integer/buffer overflows or crash caused by missing input validations which could allow a remote user to execute arbitrary code on the host with the privileges of the QEMU process.",Already fixed
20140326,CVE-2014-0147,,6.2,870439,kvm,https://www.suse.com/security/cve/CVE-2014-0147,"Qemu before 1.6.2 block diver for the various disk image formats used by Bochs and for the QCOW version 2 format, are vulnerable to a possible crash caused by signed data types or a logic error while creating QCOW2 snapshots, which leads to incorrectly calling update_refcount() routine.",Already fixed
20140326,CVE-2014-0147,,6.2,870439,xen,https://www.suse.com/security/cve/CVE-2014-0147,"Qemu before 1.6.2 block diver for the various disk image formats used by Bochs and for the QCOW version 2 format, are vulnerable to a possible crash caused by signed data types or a logic error while creating QCOW2 snapshots, which leads to incorrectly calling update_refcount() routine.",Already fixed
20140326,CVE-2014-0148,,5.5,870439,kvm,https://www.suse.com/security/cve/CVE-2014-0148,"Qemu before 2.0 block driver for Hyper-V VHDX Images is vulnerable to infinite loops and other potential issues when calculating BAT entries, due to missing bounds checks for block_size and logical_sector_size variables. These are used to derive other fields like 'sectors_per_block' etc. A user able to alter the Qemu disk image could ise this flaw to crash the Qemu instance resulting in DoS.",Already fixed
20140326,CVE-2014-0148,,5.5,870439,xen,https://www.suse.com/security/cve/CVE-2014-0148,"Qemu before 2.0 block driver for Hyper-V VHDX Images is vulnerable to infinite loops and other potential issues when calculating BAT entries, due to missing bounds checks for block_size and logical_sector_size variables. These are used to derive other fields like 'sectors_per_block' etc. A user able to alter the Qemu disk image could ise this flaw to crash the Qemu instance resulting in DoS.",Already fixed
20140327,CVE-2014-0077,-1,-1,870173,kernel-source,https://www.suse.com/security/cve/CVE-2014-0077,"drivers/vhost/net.c in the Linux kernel before 3.13.10, when mergeable buffers are disabled, does not properly validate packet lengths, which allows guest OS users to cause a denial of service (memory corruption and host OS crash) or possibly gain privileges on the host OS via crafted packets, related to the handle_rx and get_rx_bufs functions.",Already fixed
20140327,CVE-2014-2338,-1,-1,870572,strongswan,https://www.suse.com/security/cve/CVE-2014-2338,"IKEv2 in strongSwan 4.0.7 before 5.1.3 allows remote attackers to bypass authentication by rekeying an IKE_SA during (1) initiation or (2) re-authentication, which triggers the IKE_SA state to be set to established.",Released
20140327,CVE-2014-2653,-1,-1,1074631,openssh,https://www.suse.com/security/cve/CVE-2014-2653,"The verify_host_key function in sshconnect.c in the client in OpenSSH 6.6 and earlier allows remote servers to trigger the skipping of SSHFP DNS RR checking by presenting an unacceptable HostCertificate.",Already fixed
20140331,CVE-2014-0466,-1,-1,871097,a2ps,https://www.suse.com/security/cve/CVE-2014-0466,"The fixps script in a2ps 4.14 does not use the -dSAFER option when executing gs, which allows context-dependent attackers to delete arbitrary files or execute arbitrary commands via a crafted PostScript file.",Released
20140331,CVE-2014-2673,-1,-1,871149,kernel-source,https://www.suse.com/security/cve/CVE-2014-2673,"The arch_dup_task_struct function in the Transactional Memory (TM) implementation in arch/powerpc/kernel/process.c in the Linux kernel before 3.13.7 on the powerpc platform does not properly interact with the clone and fork system calls, which allows local users to cause a denial of service (Program Check and system crash) via certain instructions that are executed with the processor in the Transactional state.",Analysis
20140401,CVE-2013-5704,-1,-1,871310,apache2,https://www.suse.com/security/cve/CVE-2013-5704,"The mod_headers module in the Apache HTTP Server 2.2.22 allows remote attackers to bypass \"RequestHeader unset\" directives by placing a header in the trailer portion of data sent with chunked transfer coding.  NOTE: the vendor states \"this is not a security issue in httpd as such.\"",Released
20140401,CVE-2013-5705,-1,-1,871309,apache2-mod_security2,https://www.suse.com/security/cve/CVE-2013-5705,"apache2/modsecurity.c in ModSecurity before 2.7.6 allows remote attackers to bypass rules by using chunked transfer coding with a capitalized Chunked value in the Transfer-Encoding HTTP header.",Released
20140402,CVE-2013-7348,-1,-1,871556,kernel-source,https://www.suse.com/security/cve/CVE-2013-7348,"Double free vulnerability in the ioctx_alloc function in fs/aio.c in the Linux kernel before 3.12.4 allows local users to cause a denial of service (system crash) or possibly have unspecified other impact via vectors involving an error condition in the aio_setup_ring function.",Analysis
20140402,CVE-2014-2678,-1,-1,871561,kernel-source,https://www.suse.com/security/cve/CVE-2014-2678,"The rds_iw_laddr_check function in net/rds/iw.c in the Linux kernel through 3.14 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a bind system call for an RDS socket on a system that lacks RDS transports.",Already fixed
20140403,CVE-2014-2706,-1,-1,1115893,kernel-source,https://www.suse.com/security/cve/CVE-2014-2706,"Race condition in the mac80211 subsystem in the Linux kernel before 3.13.7 allows remote attackers to cause a denial of service (system crash) via network traffic that improperly interacts with the WLAN_STA_PS_STA state (aka power-save mode), related to sta_info.c and tx.c.",Already fixed
20140407,CVE-2014-0160,,7.5,872299,openssl,https://www.suse.com/security/cve/CVE-2014-0160,"The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug.",Already fixed
20140408,CVE-2014-0155,6.8,,824295,kernel-source,https://www.suse.com/security/cve/CVE-2014-0155,"The ioapic_deliver function in virt/kvm/ioapic.c in the Linux kernel through 3.14.1 does not properly validate the kvm_irq_delivery_to_apic return value, which allows guest OS users to cause a denial of service (host OS crash) via a crafted entry in the redirection table of an I/O APIC. NOTE: the affected code was moved to the ioapic_service function before the vulnerability was announced.",Already fixed
20140409,CVE-2014-0172,-1,-1,872785,elfutils,https://www.suse.com/security/cve/CVE-2014-0172,"Integer overflow in the check_section function in dwarf_begin_elf.c in the libdw library, as used in elfutils 0.153 and possibly through 0.158 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a malformed compressed debug section in an ELF file, which triggers a heap-based buffer overflow.",Analysis
20140411,CVE-2014-2739,-1,-1,873128,kernel-source,https://www.suse.com/security/cve/CVE-2014-2739,"The cma_req_handler function in drivers/infiniband/core/cma.c in the Linux kernel 3.14.x through 3.14.1 attempts to resolve an RDMA over Converged Ethernet (aka RoCE) address that is properly resolved within a different module, which allows remote attackers to cause a denial of service (incorrect pointer dereference and system crash) via crafted network traffic.",Analysis
20140414,CVE-2014-2851,-1,-1,824295,kernel-source,https://www.suse.com/security/cve/CVE-2014-2851,"Integer overflow in the ping_init_sock function in net/ipv4/ping.c in the Linux kernel through 3.14.1 allows local users to cause a denial of service (use-after-free and system crash) or possibly gain privileges via a crafted application that leverages an improperly managed reference counter.",Already fixed
20140415,CVE-2010-5298,-1,-1,873351,openssl,https://www.suse.com/security/cve/CVE-2010-5298,"Race condition in the ssl3_read_bytes function in s3_pkt.c in OpenSSL through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, allows remote attackers to inject data across sessions or cause a denial of service (use-after-free and parsing error) via an SSL connection in a multithreaded environment.",Released
20140415,CVE-2014-2855,-1,-1,873740,rsync,https://www.suse.com/security/cve/CVE-2014-2855,"The check_secret function in authenticate.c in rsync 3.1.0 and earlier allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a user name which does not exist in the secrets file.",Analysis
20140416,CVE-2014-2856,-1,-1,873899,cups,https://www.suse.com/security/cve/CVE-2014-2856,"Cross-site scripting (XSS) vulnerability in scheduler/client.c in Common Unix Printing System (CUPS) before 1.7.2 allows remote attackers to inject arbitrary web script or HTML via the URL path, related to the is_path_absolute function.",Analysis
20140422,CVE-2014-1933,-1,-1,863541,python-imaging,https://www.suse.com/security/cve/CVE-2014-1933,"The (1) JpegImagePlugin.py and (2) EpsImagePlugin.py scripts in Python Image Library (PIL) 1.1.7 and earlier and Pillow before 2.3.1 uses the names of temporary files on the command line, which makes it easier for local users to conduct symlink attacks by listing the processes.",Released
20140423,CVE-2014-0182,-1,-1,874788,kvm,https://www.suse.com/security/cve/CVE-2014-0182,"Heap-based buffer overflow in the virtio_load function in hw/virtio/virtio.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via a crafted config length in a savevm image.",Already fixed
20140423,CVE-2014-2913,-1,-1,874743,nagios-nrpe,https://www.suse.com/security/cve/CVE-2014-2913,"** DISPUTED ** Incomplete blacklist vulnerability in nrpe.c in Nagios Remote Plugin Executor (NRPE) 2.15 and earlier allows remote attackers to execute arbitrary commands via a newline character in the -a option to libexec/check_nrpe.  NOTE: this issue is disputed by multiple parties. It has been reported that the vendor allows newlines as \"expected behavior.\" Also, this issue can only occur when the administrator enables the \"dont_blame_nrpe\" option in nrpe.conf despite the \"HIGH security risk\" warning within the comments.",Released
20140424,CVE-2014-0181,-1,-1,875051,kernel-source,https://www.suse.com/security/cve/CVE-2014-0181,"The Netlink implementation in the Linux kernel through 3.14.1 does not provide a mechanism for authorizing socket operations based on the opener of a socket, which allows local users to bypass intended access restrictions and modify network configurations by using a Netlink socket for the (1) stdout or (2) stderr of a setuid program.",Already fixed
20140425,CVE-2014-2734,-1,-1,875192,file,https://www.suse.com/security/cve/CVE-2014-2734,"** DISPUTED ** The openssl extension in Ruby 2.x does not properly maintain the state of process memory after a file is reopened, which allows remote attackers to spoof signatures within the context of a Ruby script that attempts signature verification after performing a certain sequence of filesystem operations.  NOTE: this issue has been disputed by the Ruby OpenSSL team and third parties, who state that the original demonstration PoC contains errors and redundant or unnecessarily-complex code that does not appear to be related to a demonstration of the issue. As of 20140502, CVE is not aware of any public comment by the original researcher.",Released
20140425,CVE-2014-2734,-1,-1,875192,ruby,https://www.suse.com/security/cve/CVE-2014-2734,"** DISPUTED ** The openssl extension in Ruby 2.x does not properly maintain the state of process memory after a file is reopened, which allows remote attackers to spoof signatures within the context of a Ruby script that attempts signature verification after performing a certain sequence of filesystem operations.  NOTE: this issue has been disputed by the Ruby OpenSSL team and third parties, who state that the original demonstration PoC contains errors and redundant or unnecessarily-complex code that does not appear to be related to a demonstration of the issue. As of 20140502, CVE is not aware of any public comment by the original researcher.",Analysis
20140430,CVE-2014-0185,-1,-1,868624,php53,https://www.suse.com/security/cve/CVE-2014-0185,"sapi/fpm/fpm/fpm_unix.c in the FastCGI Process Manager (FPM) in PHP before 5.4.28 and 5.5.x before 5.5.12 uses 0666 permissions for the UNIX socket, which allows local users to gain privileges via a crafted FastCGI client.",Already fixed
20140430,CVE-2014-1737,-1,-1,1115893,kernel-source,https://www.suse.com/security/cve/CVE-2014-1737,"The raw_cmd_copyin function in drivers/block/floppy.c in the Linux kernel through 3.14.3 does not properly handle error conditions during processing of an FDRAWCMD ioctl call, which allows local users to trigger kfree operations and gain privileges by leveraging write access to a /dev/fd device.",Already fixed
20140430,CVE-2014-1738,-1,-1,875798,kernel-source,https://www.suse.com/security/cve/CVE-2014-1738,"The raw_cmd_copyout function in drivers/block/floppy.c in the Linux kernel through 3.14.3 does not properly restrict access to certain pointers during processing of an FDRAWCMD ioctl call, which allows local users to obtain sensitive information from kernel heap memory by leveraging write access to a /dev/fd device.",Already fixed
20140501,CVE-2014-0196,-1,-1,871252,kernel-source,https://www.suse.com/security/cve/CVE-2014-0196,"The n_tty_write function in drivers/tty/n_tty.c in the Linux kernel through 3.14.3 does not properly manage tty driver access in the \"LECHO & !OPOST\" case, which allows local users to cause a denial of service (memory corruption and system crash) or gain privileges by triggering a race condition involving read and write operations with long strings.",Already fixed
20140502,CVE-2014-3122,-1,-1,824295,kernel-source,https://www.suse.com/security/cve/CVE-2014-3122,"The try_to_unmap_cluster function in mm/rmap.c in the Linux kernel before 3.14.3 does not properly consider which pages must be locked, which allows local users to cause a denial of service (system crash) by triggering a memory-usage pattern that requires removal of page-table mappings.",Already fixed
20140502,CVE-2014-3125,-1,-1,873992,xen,https://www.suse.com/security/cve/CVE-2014-3125,"Xen 4.4.x, when running on an ARM system, does not properly context switch the CNTKCTL_EL1 register, which allows local guest users to modify the hardware timers and cause a denial of service (crash) via unspecified vectors.",Analysis
20140505,CVE-2014-0198,-1,-1,876282,openssl,https://www.suse.com/security/cve/CVE-2014-0198,"The do_ssl3_write function in s3_pkt.c in OpenSSL 1.x through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, does not properly manage a buffer pointer during certain recursive calls, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors that trigger an alert condition.",Released
20140506,CVE-2014-2891,-1,-1,876449,strongswan,https://www.suse.com/security/cve/CVE-2014-2891,"strongSwan before 5.1.2 allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon crash) via a crafted ID_DER_ASN1_DN ID payload.",Released
20140507,CVE-2014-0191,-1,-1,1014873,libxml2,https://www.suse.com/security/cve/CVE-2014-0191,"The xmlParserHandlePEReference function in parser.c in libxml2 before 2.9.2, as used in Web Listener in Oracle HTTP Server in Oracle Fusion Middleware 11.1.1.7.0, 12.1.2.0, and 12.1.3.0 and other products, loads external parameter entities regardless of whether entity substitution or validation is enabled, which allows remote attackers to cause a denial of service (resource consumption) via a crafted XML document.",Already fixed
20140507,CVE-2014-0191,-1,-1,1014873,openssl,https://www.suse.com/security/cve/CVE-2014-0191,"The xmlParserHandlePEReference function in parser.c in libxml2 before 2.9.2, as used in Web Listener in Oracle HTTP Server in Oracle Fusion Middleware 11.1.1.7.0, 12.1.2.0, and 12.1.3.0 and other products, loads external parameter entities regardless of whether entity substitution or validation is enabled, which allows remote attackers to cause a denial of service (resource consumption) via a crafted XML document.",Already fixed
20140507,CVE-2014-0209,-1,-1,857544,xorg-x11-libs,https://www.suse.com/security/cve/CVE-2014-0209,"Multiple integer overflows in the (1) FontFileAddEntry and (2) lexAlias functions in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 might allow local users to gain privileges by adding a directory with a large fonts.dir or fonts.alias file to the font path, which triggers a heap-based buffer overflow, related to metadata.",Released
20140507,CVE-2014-0210,-1,-1,857544,xorg-x11-libs,https://www.suse.com/security/cve/CVE-2014-0210,"Multiple buffer overflows in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 allow remote font servers to execute arbitrary code via a crafted xfs protocol reply to the (1) _fs_recv_conn_setup, (2) fs_read_open_font, (3) fs_read_query_info, (4) fs_read_extent_info, (5) fs_read_glyphs, (6) fs_read_list, or (7) fs_read_list_info function.",Released
20140507,CVE-2014-0211,-1,-1,857544,xorg-x11-libs,https://www.suse.com/security/cve/CVE-2014-0211,"Multiple integer overflows in the (1) fs_get_reply, (2) fs_alloc_glyphs, and (3) fs_read_extent_info functions in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 allow remote font servers to execute arbitrary code via a crafted xfs reply, which triggers a buffer overflow.",Released
20140508,CVE-2014-3215,-1,-1,876832,audit,https://www.suse.com/security/cve/CVE-2014-3215,"seunshare in policycoreutils 2.2.5 is owned by root with 4755 permissions, and executes programs in a way that changes the relationship between the setuid system call and the getresuid saved set-user-ID value, which makes it easier for local users to gain privileges by leveraging a program that mistakenly expected that it could permanently drop privileges.",Unsupported
20140508,CVE-2014-3215,-1,-1,876832,autofs,https://www.suse.com/security/cve/CVE-2014-3215,"seunshare in policycoreutils 2.2.5 is owned by root with 4755 permissions, and executes programs in a way that changes the relationship between the setuid system call and the getresuid saved set-user-ID value, which makes it easier for local users to gain privileges by leveraging a program that mistakenly expected that it could permanently drop privileges.",Unsupported
20140508,CVE-2014-3215,-1,-1,876832,autoyast2,https://www.suse.com/security/cve/CVE-2014-3215,"seunshare in policycoreutils 2.2.5 is owned by root with 4755 permissions, and executes programs in a way that changes the relationship between the setuid system call and the getresuid saved set-user-ID value, which makes it easier for local users to gain privileges by leveraging a program that mistakenly expected that it could permanently drop privileges.",Unsupported
20140508,CVE-2014-3215,-1,-1,876832,binutils,https://www.suse.com/security/cve/CVE-2014-3215,"seunshare in policycoreutils 2.2.5 is owned by root with 4755 permissions, and executes programs in a way that changes the relationship between the setuid system call and the getresuid saved set-user-ID value, which makes it easier for local users to gain privileges by leveraging a program that mistakenly expected that it could permanently drop privileges.",Unsupported
20140508,CVE-2014-3215,-1,-1,876832,gdm,https://www.suse.com/security/cve/CVE-2014-3215,"seunshare in policycoreutils 2.2.5 is owned by root with 4755 permissions, and executes programs in a way that changes the relationship between the setuid system call and the getresuid saved set-user-ID value, which makes it easier for local users to gain privileges by leveraging a program that mistakenly expected that it could permanently drop privileges.",Unsupported
20140508,CVE-2014-3215,-1,-1,876832,kernel-firmware,https://www.suse.com/security/cve/CVE-2014-3215,"seunshare in policycoreutils 2.2.5 is owned by root with 4755 permissions, and executes programs in a way that changes the relationship between the setuid system call and the getresuid saved set-user-ID value, which makes it easier for local users to gain privileges by leveraging a program that mistakenly expected that it could permanently drop privileges.",Unsupported
20140508,CVE-2014-3215,-1,-1,876832,libcap-ng,https://www.suse.com/security/cve/CVE-2014-3215,"seunshare in policycoreutils 2.2.5 is owned by root with 4755 permissions, and executes programs in a way that changes the relationship between the setuid system call and the getresuid saved set-user-ID value, which makes it easier for local users to gain privileges by leveraging a program that mistakenly expected that it could permanently drop privileges.",Released
20140508,CVE-2014-3421,-1,-1,876847,emacs,https://www.suse.com/security/cve/CVE-2014-3421,"lisp/gnus/gnus-fun.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on the /tmp/gnus.face.ppm temporary file.",Affected
20140508,CVE-2014-3422,-1,-1,876847,emacs,https://www.suse.com/security/cve/CVE-2014-3422,"lisp/emacs-lisp/find-gc.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file under /tmp/esrc/.",Affected
20140508,CVE-2014-3423,-1,-1,876847,emacs,https://www.suse.com/security/cve/CVE-2014-3423,"lisp/net/browse-url.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a /tmp/Mosaic.##### temporary file.",Affected
20140508,CVE-2014-3424,-1,-1,876847,emacs,https://www.suse.com/security/cve/CVE-2014-3424,"lisp/net/tramp-sh.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a /tmp/tramp.##### temporary file.",Affected
20140512,CVE-2014-3144,-1,-1,824295,kernel-source,https://www.suse.com/security/cve/CVE-2014-3144,"The (1) BPF_S_ANC_NLATTR and (2) BPF_S_ANC_NLATTR_NEST extension implementations in the sk_run_filter function in net/core/filter.c in the Linux kernel through 3.14.3 do not check whether a certain length value is sufficiently large, which allows local users to cause a denial of service (integer underflow and system crash) via crafted BPF instructions. NOTE: the affected code was moved to the __skb_get_nlattr and __skb_get_nlattr_nest functions before the vulnerability was announced.",Already fixed
20140512,CVE-2014-3145,-1,-1,824295,kernel-source,https://www.suse.com/security/cve/CVE-2014-3145,"The BPF_S_ANC_NLATTR_NEST extension implementation in the sk_run_filter function in net/core/filter.c in the Linux kernel through 3.14.3 uses the reverse order in a certain subtraction, which allows local users to cause a denial of service (over-read and system crash) via crafted BPF instructions. NOTE: the affected code was moved to the __skb_get_nlattr_nest function before the vulnerability was announced.",Already fixed
20140512,CVE-2014-3146,,,1118088,python-lxml,https://www.suse.com/security/cve/CVE-2014-3146,"Incomplete blacklist vulnerability in the lxml.html.clean module in lxml before 3.3.5 allows remote attackers to conduct cross-site scripting (XSS) attacks via control characters in the link scheme to the clean_html function.",Released
20140514,CVE-2014-0222,-1,-1,1072223,kvm,https://www.suse.com/security/cve/CVE-2014-0222,"Integer overflow in the qcow_open function in block/qcow.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service (crash) via a large L2 table in a QCOW version 1 image.",Already fixed
20140514,CVE-2014-0222,-1,-1,1072223,xen,https://www.suse.com/security/cve/CVE-2014-0222,"Integer overflow in the qcow_open function in block/qcow.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service (crash) via a large L2 table in a QCOW version 1 image.",Released
20140519,CVE-2014-0239,-1,-1,878642,samba,https://www.suse.com/security/cve/CVE-2014-0239,"The internal DNS server in Samba 4.x before 4.0.18 does not check the QR field in the header section of an incoming DNS message before sending a response, which allows remote attackers to cause a denial of service (CPU and bandwidth consumption) via a forged response packet that triggers a communication loop, a related issue to CVE-1999-0103.",Ignore
20140526,CVE-2014-3248,-1,-1,879913,puppet,https://www.suse.com/security/cve/CVE-2014-3248,"Untrusted search path vulnerability in Puppet Enterprise 2.8 before 2.8.7, Puppet before 2.7.26 and 3.x before 3.6.2, Facter 1.6.x and 2.x before 2.0.2, Hiera before 1.3.4, and Mcollective before 2.5.2, when running with Ruby 1.9.1 or earlier, allows local users to gain privileges via a Trojan horse file in the current working directory, as demonstrated using (1) rubygems/defaults/operating_system.rb, (2) Win32API.rb, (3) Win32API.so, (4) safe_yaml.rb, (5) safe_yaml/deep.rb, or (6) safe_yaml/deep.so; or (7) operatingsystem.rb, (8) operatingsystem.so, (9) osfamily.rb, or (10) osfamily.so in puppet/confine.",Released
20140526,CVE-2014-3250,-1,-1,879913,puppet,https://www.suse.com/security/cve/CVE-2014-3250,"The default vhost configuration file in Puppet before 3.6.2 does not include the SSLCARevocationCheck directive, which might allow remote attackers to obtain sensitive information via a revoked certificate when a Puppet master runs with Apache 2.4.",Released
20140528,CVE-2014-0096,,,865746,libtcnative-1-0,https://www.suse.com/security/cve/CVE-2014-0096,"java/org/apache/catalina/servlets/DefaultServlet.java in the default servlet in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4 does not properly restrict XSLT stylesheets, which allows remote attackers to bypass security-manager restrictions and read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.",Released
20140528,CVE-2014-0099,,,865746,libtcnative-1-0,https://www.suse.com/security/cve/CVE-2014-0099,"Integer overflow in java/org/apache/tomcat/util/buf/Ascii.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4, when operated behind a reverse proxy, allows remote attackers to conduct HTTP request smuggling attacks via a crafted Content-Length HTTP header.",Released
20140528,CVE-2014-0119,,,865746,libtcnative-1-0,https://www.suse.com/security/cve/CVE-2014-0119,"Apache Tomcat before 6.0.40, 7.x before 7.0.54, and 8.x before 8.0.6 does not properly constrain the class loader that accesses the XML parser used with an XSLT stylesheet, which allows remote attackers to (1) read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, or (2) read files associated with different web applications on a single Tomcat instance via a crafted web application.",Released
20140529,CVE-2014-3917,-1,-1,880484,kernel-source,https://www.suse.com/security/cve/CVE-2014-3917,"kernel/auditsc.c in the Linux kernel through 3.14.5, when CONFIG_AUDITSYSCALL is enabled with certain syscall rules, allows local users to obtain potentially sensitive single-bit values from kernel memory or cause a denial of service (OOPS) via a large value of a syscall number.",Already fixed
20140530,CVE-2014-3465,-1,-1,880733,gnutls,https://www.suse.com/security/cve/CVE-2014-3465,"The gnutls_x509_dn_oid_name function in lib/x509/common.c in GnuTLS 3.0 before 3.1.20 and 3.2.x before 3.2.10 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted X.509 certificate, related to a missing LDAP description for an OID when printing the DN.",Analysis
20140530,CVE-2014-3466,-1,-1,880730,gnutls,https://www.suse.com/security/cve/CVE-2014-3466,"Buffer overflow in the read_server_hello function in lib/gnutls_handshake.c in GnuTLS before 3.1.25, 3.2.x before 3.2.15, and 3.3.x before 3.3.4 allows remote servers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a long session id in a ServerHello message.",Already fixed
20140530,CVE-2014-3467,-1,-1,880737,gnutls,https://www.suse.com/security/cve/CVE-2014-3467,"Multiple unspecified vulnerabilities in the DER decoder in GNU Libtasn1 before 3.6, as used in GnuTLS, allow remote attackers to cause a denial of service (out-of-bounds read) via crafted ASN.1 data.",Unsupported
20140530,CVE-2014-3468,-1,-1,880735,gnutls,https://www.suse.com/security/cve/CVE-2014-3468,"The asn1_get_bit_der function in GNU Libtasn1 before 3.6 does not properly report an error when a negative bit length is identified, which allows context-dependent attackers to cause out-of-bounds access via crafted ASN.1 data.",Unsupported
20140530,CVE-2014-3469,-1,-1,880738,gnutls,https://www.suse.com/security/cve/CVE-2014-3469,"The (1) asn1_read_value_type and (2) asn1_read_value functions in GNU Libtasn1 before 3.6 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via a NULL value in an ivalue argument.",Unsupported
20140602,CVE-2014-0244,-1,-1,880962,samba,https://www.suse.com/security/cve/CVE-2014-0244,"The sys_recvfrom function in nmbd in Samba 3.6.x before 3.6.24, 4.0.x before 4.0.19, and 4.1.x before 4.1.9 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a malformed UDP packet.",Released
20140602,CVE-2014-3153,-1,-1,877775,kernel-source,https://www.suse.com/security/cve/CVE-2014-3153,"The futex_requeue function in kernel/futex.c in the Linux kernel through 3.14.5 does not ensure that calls have two different futex addresses, which allows local users to gain privileges via a crafted FUTEX_REQUEUE command that facilitates unsafe waiter modification.",Already fixed
20140603,CVE-2014-0195,-1,-1,880891,openssl,https://www.suse.com/security/cve/CVE-2014-0195,"The dtls1_reassemble_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly validate fragment lengths in DTLS ClientHello messages, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a long non-initial fragment.",Released
20140603,CVE-2014-0221,-1,-1,880891,openssl,https://www.suse.com/security/cve/CVE-2014-0221,"The dtls1_get_message_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote attackers to cause a denial of service (recursion and client crash) via a DTLS hello message in an invalid DTLS handshake.",Released
20140603,CVE-2014-0224,,7.4,1146657,openssl,https://www.suse.com/security/cve/CVE-2014-0224,"OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the \"CCS Injection\" vulnerability.",Released
20140603,CVE-2014-3470,-1,-1,880891,openssl,https://www.suse.com/security/cve/CVE-2014-3470,"The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h, when an anonymous ECDH cipher suite is used, allows remote attackers to cause a denial of service (NULL pointer dereference and client crash) by triggering a NULL certificate value.",Released
20140604,CVE-2014-3477,-1,-1,1010769,dbus-1,https://www.suse.com/security/cve/CVE-2014-3477,"The dbus-daemon in D-Bus 1.2.x through 1.4.x, 1.6.x before 1.6.20, and 1.8.x before 1.8.4, sends an AccessDenied error to the service instead of a client when the client is prohibited from accessing the service, which allows local users to cause a denial of service (initialization failure and exit) or possibly conduct a side-channel attack via a D-Bus message to an inactive service.",Released
20140605,CVE-2014-3970,-1,-1,881524,pulseaudio,https://www.suse.com/security/cve/CVE-2014-3970,"The pa_rtp_recv function in modules/rtp/rtp.c in the module-rtp-recv module in PulseAudio 5.0 and earlier allows remote attackers to cause a denial of service (assertion failure and abort) via an empty UDP packet.",Released
20140610,CVE-2014-3981,-1,-1,881982,php53,https://www.suse.com/security/cve/CVE-2014-3981,"acinclude.m4, as used in the configure script in PHP 5.5.13 and earlier, allows local users to overwrite arbitrary files via a symlink attack on the /tmp/phpglibccheck file.",Analysis
20140611,CVE-2014-4014,-1,-1,882189,kernel-source,https://www.suse.com/security/cve/CVE-2014-4014,"The capabilities implementation in the Linux kernel before 3.14.8 does not properly consider that namespaces are inapplicable to inodes, which allows local users to bypass intended chmod restrictions by first creating a user namespace, as demonstrated by setting the setgid bit on a file with group ownership of root.",Analysis
20140613,CVE-2014-4020,-1,-1,882602,wireshark,https://www.suse.com/security/cve/CVE-2014-4020,"The dissect_frame function in epan/dissectors/packet-frame.c in the frame metadissector in Wireshark 1.10.x before 1.10.8 interprets a negative integer as a length value even though it was intended to represent an error condition, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.",Analysis
20140613,CVE-2014-4027,-1,-1,882639,kernel-source,https://www.suse.com/security/cve/CVE-2014-4027,"The rd_build_device_space function in drivers/target/target_core_rd.c in the Linux kernel before 3.14 does not properly initialize a certain data structure, which allows local users to obtain sensitive information from ramdisk_mcp memory by leveraging access to a SCSI initiator.",Already fixed
20140613,CVE-2014-4043,-1,-1,882600,glibc,https://www.suse.com/security/cve/CVE-2014-4043,"The posix_spawn_file_actions_addopen function in glibc before 2.20 does not copy its path argument in accordance with the POSIX specification, which allows context-dependent attackers to trigger use-after-free vulnerabilities.",Released
20140616,CVE-2014-1739,-1,-1,882804,kernel-source,https://www.suse.com/security/cve/CVE-2014-1739,"The media_device_enum_entities function in drivers/media/media-device.c in the Linux kernel before 3.14.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory by leveraging /dev/media0 read access for a MEDIA_IOC_ENUM_ENTITIES ioctl call.",Already fixed
20140619,CVE-2014-3494,-1,-1,883374,kdelibs4,https://www.suse.com/security/cve/CVE-2014-3494,"kio/usernotificationhandler.cpp in the POP3 kioslave in kdelibs 4.10.95 before 4.13.3 does not properly generate warning notifications, which allows man-in-the-middle attackers to obtain sensitive information via an invalid certificate.",Analysis
20140620,CVE-2014-4171,-1,-1,883518,kernel-source,https://www.suse.com/security/cve/CVE-2014-4171,"mm/shmem.c in the Linux kernel through 3.15.1 does not properly implement the interaction between range notification and hole punching, which allows local users to cause a denial of service (i_mutex hold) by using the mmap system call to access a hole, as demonstrated by interfering with intended shmem activity by blocking completion of (1) an MADV_REMOVE madvise call or (2) an FALLOC_FL_PUNCH_HOLE fallocate call.",Already fixed
20140620,CVE-2014-4174,-1,-1,883537,wireshark,https://www.suse.com/security/cve/CVE-2014-4174,"wiretap/libpcap.c in the libpcap file parser in Wireshark 1.10.x before 1.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted packet-trace file that includes a large packet.",Analysis
20140623,CVE-2014-4508,5.5,,883724,kernel-source,https://www.suse.com/security/cve/CVE-2014-4508,"arch/x86/kernel/entry_32.S in the Linux kernel through 3.15.1 on 32-bit x86 platforms, when syscall auditing is enabled and the sep CPU feature flag is set, allows local users to cause a denial of service (OOPS and system crash) via an invalid syscall number, as demonstrated by number 1000.",Already fixed
20140624,CVE-2014-4607,,8.8,883947,lzo,https://www.suse.com/security/cve/CVE-2014-4607,"Integer overflow in the LZO algorithm variant in Oberhumer liblzo2 and lzo-2 before 2.07 on 32-bit platforms might allow remote attackers to execute arbitrary code via a crafted Literal Run.",Released
20140624,CVE-2014-4617,-1,-1,884130,gpg2,https://www.suse.com/security/cve/CVE-2014-4617,"The do_uncompress function in g10/compress.c in GnuPG 1.x before 1.4.17 and 2.x before 2.0.24 allows context-dependent attackers to cause a denial of service (infinite loop) via malformed compressed packets, as demonstrated by an a3 01 5b ff byte sequence.",Already fixed
20140625,CVE-2014-0206,-1,-1,884324,kernel-source,https://www.suse.com/security/cve/CVE-2014-0206,"Array index error in the aio_read_events_ring function in fs/aio.c in the Linux kernel through 3.15.1 allows local users to obtain sensitive information from kernel memory via a large head value.",Analysis
20140626,CVE-2014-4652,-1,-1,883795,kernel-source,https://www.suse.com/security/cve/CVE-2014-4652,"Race condition in the tlv handler functionality in the snd_ctl_elem_user_tlv function in sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 allows local users to obtain sensitive information from kernel memory by leveraging /dev/snd/controlCX access.",Already fixed
20140626,CVE-2014-4653,-1,-1,883795,kernel-source,https://www.suse.com/security/cve/CVE-2014-4653,"sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 does not ensure possession of a read/write lock, which allows local users to cause a denial of service (use-after-free) and obtain sensitive information from kernel memory by leveraging /dev/snd/controlCX access.",Already fixed
20140626,CVE-2014-4654,-1,-1,883795,kernel-source,https://www.suse.com/security/cve/CVE-2014-4654,"The snd_ctl_elem_add function in sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 does not check authorization for SNDRV_CTL_IOCTL_ELEM_REPLACE commands, which allows local users to remove kernel controls and cause a denial of service (use-after-free and system crash) by leveraging /dev/snd/controlCX access for an ioctl call.",Already fixed
20140626,CVE-2014-4655,-1,-1,883795,kernel-source,https://www.suse.com/security/cve/CVE-2014-4655,"The snd_ctl_elem_add function in sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 does not properly maintain the user_ctl_count value, which allows local users to cause a denial of service (integer overflow and limit bypass) by leveraging /dev/snd/controlCX access for a large number of SNDRV_CTL_IOCTL_ELEM_REPLACE ioctl calls.",Already fixed
20140626,CVE-2014-4656,-1,-1,883795,kernel-source,https://www.suse.com/security/cve/CVE-2014-4656,"Multiple integer overflows in sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 allow local users to cause a denial of service by leveraging /dev/snd/controlCX access, related to (1) index values in the snd_ctl_add function and (2) numid values in the snd_ctl_remove_numid_conflict function.",Already fixed
20140630,CVE-2014-0207,-1,-1,884986,php53,https://www.suse.com/security/cve/CVE-2014-0207,"The cdf_read_short_sector function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted CDF file.",Released
20140630,CVE-2014-3478,-1,-1,884987,file,https://www.suse.com/security/cve/CVE-2014-3478,"Buffer overflow in the mconvert function in softmagic.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, allows remote attackers to cause a denial of service (application crash) via a crafted Pascal string in a FILE_PSTRING conversion.",Already fixed
20140630,CVE-2014-3479,-1,-1,884989,php53,https://www.suse.com/security/cve/CVE-2014-3479,"The cdf_check_stream_offset function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, relies on incorrect sector-size data, which allows remote attackers to cause a denial of service (application crash) via a crafted stream offset in a CDF file.",Released
20140630,CVE-2014-3480,-1,-1,884990,php53,https://www.suse.com/security/cve/CVE-2014-3480,"The cdf_count_chain function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, does not properly validate sector-count data, which allows remote attackers to cause a denial of service (application crash) via a crafted CDF file.",Released
20140630,CVE-2014-3487,-1,-1,884991,php53,https://www.suse.com/security/cve/CVE-2014-3487,"The cdf_read_property_info function in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, does not properly validate a stream offset, which allows remote attackers to cause a denial of service (application crash) via a crafted CDF file.",Released
20140630,CVE-2014-3515,-1,-1,884992,php53,https://www.suse.com/security/cve/CVE-2014-3515,"The SPL component in PHP before 5.4.30 and 5.5.x before 5.5.14 incorrectly anticipates that certain data structures will have the array data type after unserialization, which allows remote attackers to execute arbitrary code via a crafted string that triggers use of a Hashtable destructor, related to \"type confusion\" issues in (1) ArrayObject and (2) SPLObjectStorage.",Released
20140701,CVE-2014-0236,,7.5,885196,file,https://www.suse.com/security/cve/CVE-2014-0236,"file before 5.18, as used in the Fileinfo component in PHP before 5.6.0, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a zero root_storage value in a CDF file, related to cdf.c and readcdf.c.",Analysis
20140701,CVE-2014-3533,-1,-1,885241,dbus-1,https://www.suse.com/security/cve/CVE-2014-3533,"dbus 1.3.0 before 1.6.22 and 1.8.x before 1.8.6 allows local users to cause a denial of service (disconnect) via a certain sequence of crafted messages that cause the dbus-daemon to forward a message containing an invalid file descriptor.",Unsupported
20140701,CVE-2014-4022,-1,-1,885256,xen,https://www.suse.com/security/cve/CVE-2014-4022,"The alloc_domain_struct function in arch/arm/domain.c in Xen 4.4.x, when running on an ARM platform, does not properly initialize the structure containing the grant table pages for a domain, which allows local guest administrators to obtain sensitive information via the GNTTABOP_setup_table subhypercall.",Analysis
20140701,CVE-2014-4701,-1,-1,885205,nagios-plugins,https://www.suse.com/security/cve/CVE-2014-4701,"The check_dhcp plugin in Nagios Plugins before 2.0.2 allows local users to obtain sensitive information from INI configuration files via the extra-opts flag, a different vulnerability than CVE-2014-4702.",Released
20140701,CVE-2014-4702,-1,-1,885207,nagios-plugins,https://www.suse.com/security/cve/CVE-2014-4702,"The check_icmp plugin in Nagios Plugins before 2.0.2 allows local users to obtain sensitive information from INI configuration files via the extra-opts flag, a different vulnerability than CVE-2014-4701.",Released
20140702,CVE-2014-3532,-1,-1,885241,dbus-1,https://www.suse.com/security/cve/CVE-2014-3532,"dbus 1.3.0 before 1.6.22 and 1.8.x before 1.8.6, when running on Linux 2.6.37-rc4 or later, allows local users to cause a denial of service (system-bus disconnect of other services or applications) by sending a message containing a file descriptor, then exceeding the maximum recursion depth before the initial message is forwarded.",Released
20140702,CVE-2014-3534,-1,-1,885460,kernel-source,https://www.suse.com/security/cve/CVE-2014-3534,"arch/s390/kernel/ptrace.c in the Linux kernel before 3.15.8 on the s390 platform does not properly restrict address-space control operations in PTRACE_POKEUSR_AREA requests, which allows local users to obtain read and write access to kernel memory locations, and consequently gain privileges, via a crafted application that makes a ptrace system call.",Analysis
20140702,CVE-2014-4667,-1,-1,885422,kernel-source,https://www.suse.com/security/cve/CVE-2014-4667,"The sctp_association_free function in net/sctp/associola.c in the Linux kernel before 3.15.2 does not properly manage a certain backlog value, which allows remote attackers to cause a denial of service (socket outage) via a crafted SCTP packet.",Already fixed
20140703,CVE-2014-4699,-1,-1,885725,kernel-source,https://www.suse.com/security/cve/CVE-2014-4699,"The Linux kernel before 3.15.4 on Intel processors does not properly restrict use of a non-canonical value for the saved RIP address in the case of a system call that does not use IRET, which allows local users to leverage a race condition and gain privileges, or cause a denial of service (double fault), via a crafted application that makes ptrace and fork system calls.",Already fixed
20140707,CVE-2013-2099,-1,-1,886001,python,https://www.suse.com/security/cve/CVE-2013-2099,"Algorithmic complexity vulnerability in the ssl.match_hostname function in Python 3.2.x, 3.3.x, and earlier, and unspecified versions of python-backports-ssl_match_hostname as used for older Python versions, allows remote attackers to cause a denial of service (CPU consumption) via multiple wildcard characters in the common name in a certificate.",Analysis
20140707,CVE-2014-4341,-1,-1,770172,krb5,https://www.suse.com/security/cve/CVE-2014-4341,"MIT Kerberos 5 (aka krb5) before 1.12.2 allows remote attackers to cause a denial of service (buffer over-read and application crash) by injecting invalid tokens into a GSSAPI application session.",Released
20140707,CVE-2014-4342,-1,-1,770172,krb5,https://www.suse.com/security/cve/CVE-2014-4342,"MIT Kerberos 5 (aka krb5) 1.7.x through 1.12.x before 1.12.2 allows remote attackers to cause a denial of service (buffer over-read or NULL pointer dereference, and application crash) by injecting invalid tokens into a GSSAPI application session.",Released
20140707,CVE-2014-4670,-1,-1,886059,php53,https://www.suse.com/security/cve/CVE-2014-4670,"Use-after-free vulnerability in ext/spl/spl_dllist.c in the SPL component in PHP through 5.5.14 allows context-dependent attackers to cause a denial of service or possibly have unspecified other impact via crafted iterator usage within applications in certain web-hosting environments.",Released
20140707,CVE-2014-4698,-1,-1,886060,php53,https://www.suse.com/security/cve/CVE-2014-4698,"Use-after-free vulnerability in ext/spl/spl_array.c in the SPL component in PHP through 5.5.14 allows context-dependent attackers to cause a denial of service or possibly have unspecified other impact via crafted ArrayIterator usage within applications in certain web-hosting environments.",Released
20140707,CVE-2014-4721,-1,-1,885961,php53,https://www.suse.com/security/cve/CVE-2014-4721,"The phpinfo implementation in ext/standard/info.c in PHP before 5.4.30 and 5.5.x before 5.5.14 does not ensure use of the string data type for the PHP_AUTH_PW, PHP_AUTH_TYPE, PHP_AUTH_USER, and PHP_SELF variables, which might allow context-dependent attackers to obtain sensitive information from process memory by using the integer data type with crafted values, related to a \"type confusion\" vulnerability, as demonstrated by reading a private SSL key in an Apache HTTP Server web-hosting environment with mod_ssl and a PHP 5.3.x mod_php.",Already fixed
20140711,CVE-2014-2970,-1,-1,886831,openssl,https://www.suse.com/security/cve/CVE-2014-2970,"** REJECT **  DO NOT USE THIS CANDIDATE NUMBER.  ConsultIDs: CVE-2014-5139.  Reason: This candidate is a duplicate of CVE-2014-5139, and has also been used to refer to an unrelated topic that is currently outside the scope of CVE.  This unrelated topic is a LibreSSL code change adding functionality for certain process-bifurcation use cases that might arise in future LibreSSL-based applications.  There is no CVE ID associated with this LibreSSL code change.  As of 20140730, CVE-2014-5139 is an undisclosed vulnerability in a different product, with ongoing vulnerability coordination that had previously used the CVE-2014-2970 ID.",Released
20140714,CVE-2014-4943,-1,-1,887082,kernel-source,https://www.suse.com/security/cve/CVE-2014-4943,"The PPPoL2TP feature in net/l2tp/l2tp_ppp.c in the Linux kernel through 3.15.6 allows local users to gain privileges by leveraging data-structure differences between an l2tp socket and an inet socket.",Already fixed
20140715,CVE-2014-3537,-1,-1,887240,cups,https://www.suse.com/security/cve/CVE-2014-3537,"The web interface in CUPS before 1.7.4 allows local users in the lp group to read arbitrary files via a symlink attack on a file in /var/cache/cups/rss/.",Released
20140716,CVE-2014-0075,,,887557,libtcnative-1-0,https://www.suse.com/security/cve/CVE-2014-0075,"Integer overflow in the parseChunkHeader function in java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4 allows remote attackers to cause a denial of service (resource consumption) via a malformed chunk size in chunked transfer coding of a request during the streaming of data.",Released
20140717,CVE-2013-4352,-1,-1,887771,apache2,https://www.suse.com/security/cve/CVE-2013-4352,"The cache_invalidate function in modules/cache/cache_storage.c in the mod_cache module in the Apache HTTP Server 2.4.6, when a caching forward proxy is enabled, allows remote HTTP servers to cause a denial of service (NULL pointer dereference and daemon crash) via vectors that trigger a missing hostname value.",Analysis
20140717,CVE-2014-0117,-1,-1,887767,apache2,https://www.suse.com/security/cve/CVE-2014-0117,"The mod_proxy module in the Apache HTTP Server 2.4.x before 2.4.10, when a reverse proxy is enabled, allows remote attackers to cause a denial of service (child-process crash) via a crafted HTTP Connection header.",Analysis
20140717,CVE-2014-0118,-1,-1,1078450,apache2,https://www.suse.com/security/cve/CVE-2014-0118,"The deflate_in_filter function in mod_deflate.c in the mod_deflate module in the Apache HTTP Server before 2.4.10, when request body decompression is enabled, allows remote attackers to cause a denial of service (resource consumption) via crafted request data that decompresses to a much larger size.",Released
20140717,CVE-2014-0226,-1,-1,887765,apache2,https://www.suse.com/security/cve/CVE-2014-0226,"Race condition in the mod_status module in the Apache HTTP Server before 2.4.10 allows remote attackers to cause a denial of service (heap-based buffer overflow), or possibly obtain sensitive credential information or execute arbitrary code, via a crafted request that triggers improper scoreboard handling within the status_handler function in modules/generators/mod_status.c and the lua_ap_scoreboard_worker function in modules/lua/lua_request.c.",Released
20140717,CVE-2014-0231,-1,-1,887768,apache2,https://www.suse.com/security/cve/CVE-2014-0231,"The mod_cgid module in the Apache HTTP Server before 2.4.10 does not have a timeout mechanism, which allows remote attackers to cause a denial of service (process hang) via a request to a CGI script that does not read from its stdin file descriptor.",Released
20140724,CVE-2014-4343,-1,-1,770172,krb5,https://www.suse.com/security/cve/CVE-2014-4343,"Double free vulnerability in the init_ctx_reselect function in the SPNEGO initiator in lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) 1.10.x through 1.12.x before 1.12.2 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via network traffic that appears to come from an intended acceptor, but specifies a security mechanism different from the one proposed by the initiator.",Released
20140724,CVE-2014-4344,-1,-1,888697,krb5,https://www.suse.com/security/cve/CVE-2014-4344,"The acc_ctx_cont function in the SPNEGO acceptor in lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) 1.5.x through 1.12.x before 1.12.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty continuation token at a certain point during a SPNEGO negotiation.",Released
20140724,CVE-2014-5029,-1,-1,887240,cups,https://www.suse.com/security/cve/CVE-2014-5029,"The web interface in CUPS 1.7.4 allows local users in the lp group to read arbitrary files via a symlink attack on a file in /var/cache/cups/rss/ and language[0] set to null.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-3537.",Released
20140724,CVE-2014-5030,-1,-1,887240,cups,https://www.suse.com/security/cve/CVE-2014-5030,"CUPS before 2.0 allows local users to read arbitrary files via a symlink attack on (1) index.html, (2) index.class, (3) index.pl, (4) index.php, (5) index.pyc, or (6) index.py.",Released
20140724,CVE-2014-5031,-1,-1,887240,cups,https://www.suse.com/security/cve/CVE-2014-5031,"The web interface in CUPS before 2.0 does not check that files have world-readable permissions, which allows remote attackers to obtains sensitive information via unspecified vectors.",Released
20140724,CVE-2014-5044,-1,-1,888791,gcc5,https://www.suse.com/security/cve/CVE-2014-5044,"Multiple integer overflows in libgfortran might allow remote attackers to execute arbitrary code or cause a denial of service (Fortran application crash) via vectors related to array allocation.",Already fixed
20140728,CVE-2014-5077,-1,-1,889173,kernel-source,https://www.suse.com/security/cve/CVE-2014-5077,"The sctp_assoc_update function in net/sctp/associola.c in the Linux kernel through 3.15.8, when SCTP authentication is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and OOPS) by starting to establish an association between two endpoints immediately after an exchange of INIT and INIT ACK chunks to establish an earlier association between these endpoints in the opposite direction.",Already fixed
20140729,CVE-2014-3560,-1,-1,889429,samba,https://www.suse.com/security/cve/CVE-2014-3560,"NetBIOS name services daemon (nmbd) in Samba 4.0.x before 4.0.21 and 4.1.x before 4.1.11 allows remote attackers to execute arbitrary code via unspecified vectors that modify heap memory, involving a sizeof operation on an incorrect variable in the unstrcpy macro in string_wrappers.h.",Analysis
20140730,CVE-2014-5116,-1,-1,889495,cairo,https://www.suse.com/security/cve/CVE-2014-5116,"The cairo_image_surface_get_data function in Cairo 1.10.2, as used in GTK+ and Wireshark, allows context-dependent attackers to cause a denial of service (NULL pointer dereference) via a large string.",Analysis
20140731,CVE-2014-5118,,5.5,1068390,tboot,https://www.suse.com/security/cve/CVE-2014-5118,"Trusted Boot (tboot) before 1.8.2 has a 'loader.c' Security Bypass Vulnerability",Released
20140801,CVE-2014-5161,-1,-1,889854,wireshark,https://www.suse.com/security/cve/CVE-2014-5161,"The dissect_log function in plugins/irda/packet-irda.c in the IrDA dissector in Wireshark 1.10.x before 1.10.9 does not properly strip '\n' characters, which allows remote attackers to cause a denial of service (buffer underflow and application crash) via a crafted packet.",Released
20140801,CVE-2014-5162,-1,-1,889854,wireshark,https://www.suse.com/security/cve/CVE-2014-5162,"The read_new_line function in wiretap/catapult_dct2000.c in the Catapult DCT2000 dissector in Wireshark 1.10.x before 1.10.9 does not properly strip '\n' and '\r' characters, which allows remote attackers to cause a denial of service (off-by-one buffer underflow and application crash) via a crafted packet.",Released
20140801,CVE-2014-5163,-1,-1,889854,wireshark,https://www.suse.com/security/cve/CVE-2014-5163,"The APN decode functionality in (1) epan/dissectors/packet-gtp.c and (2) epan/dissectors/packet-gsm_a_gm.c in the GTP and GSM Management dissectors in Wireshark 1.10.x before 1.10.9 does not completely initialize a certain buffer, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.",Released
20140801,CVE-2014-5164,-1,-1,889854,wireshark,https://www.suse.com/security/cve/CVE-2014-5164,"The rlc_decode_li function in epan/dissectors/packet-rlc.c in the RLC dissector in Wireshark 1.10.x before 1.10.9 initializes a certain structure member only after this member is used, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.",Released
20140801,CVE-2014-5165,-1,-1,889854,wireshark,https://www.suse.com/security/cve/CVE-2014-5165,"The dissect_ber_constrained_bitstring function in epan/dissectors/packet-ber.c in the ASN.1 BER dissector in Wireshark 1.10.x before 1.10.9 does not properly validate padding values, which allows remote attackers to cause a denial of service (buffer underflow and application crash) via a crafted packet.",Released
20140803,CVE-2014-3564,-1,-1,890123,gpgme,https://www.suse.com/security/cve/CVE-2014-3564,"Multiple heap-based buffer overflows in the status_handler function in (1) engine-gpgsm.c and (2) engine-uiserver.c in GPGME before 1.5.1 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to \"different line lengths in a specific order.\"",Released
20140807,CVE-2014-3505,-1,-1,890759,openssl,https://www.suse.com/security/cve/CVE-2014-3505,"Double free vulnerability in d1_both.c in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote attackers to cause a denial of service (application crash) via crafted DTLS packets that trigger an error condition.",Released
20140807,CVE-2014-3506,-1,-1,890759,openssl,https://www.suse.com/security/cve/CVE-2014-3506,"d1_both.c in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote attackers to cause a denial of service (memory consumption) via crafted DTLS handshake messages that trigger memory allocations corresponding to large length values.",Released
20140807,CVE-2014-3507,-1,-1,890759,openssl,https://www.suse.com/security/cve/CVE-2014-3507,"Memory leak in d1_both.c in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote attackers to cause a denial of service (memory consumption) via zero-length DTLS fragments that trigger improper handling of the return value of a certain insert function.",Released
20140807,CVE-2014-3508,-1,-1,890759,openssl,https://www.suse.com/security/cve/CVE-2014-3508,"The OBJ_obj2txt function in crypto/objects/obj_dat.c in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i, when pretty printing is used, does not ensure the presence of '\0' characters, which allows context-dependent attackers to obtain sensitive information from process stack memory by reading output from X509_name_oneline, X509_name_print_ex, and unspecified other functions.",Released
20140807,CVE-2014-3509,-1,-1,890759,openssl,https://www.suse.com/security/cve/CVE-2014-3509,"Race condition in the ssl_parse_serverhello_tlsext function in t1_lib.c in OpenSSL 1.0.0 before 1.0.0n and 1.0.1 before 1.0.1i, when multithreading and session resumption are used, allows remote SSL servers to cause a denial of service (memory overwrite and client application crash) or possibly have unspecified other impact by sending Elliptic Curve (EC) Supported Point Formats Extension data.",Released
20140807,CVE-2014-3510,-1,-1,890759,openssl,https://www.suse.com/security/cve/CVE-2014-3510,"The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote DTLS servers to cause a denial of service (NULL pointer dereference and client application crash) via a crafted handshake message in conjunction with a (1) anonymous DH or (2) anonymous ECDH ciphersuite.",Released
20140807,CVE-2014-3511,-1,-1,890759,openssl,https://www.suse.com/security/cve/CVE-2014-3511,"The ssl23_get_client_hello function in s23_srvr.c in OpenSSL 1.0.1 before 1.0.1i allows man-in-the-middle attackers to force the use of TLS 1.0 by triggering ClientHello message fragmentation in communication between a client and server that both support later TLS versions, related to a \"protocol downgrade\" issue.",Released
20140807,CVE-2014-3512,-1,-1,890759,openssl,https://www.suse.com/security/cve/CVE-2014-3512,"Multiple buffer overflows in crypto/srp/srp_lib.c in the SRP implementation in OpenSSL 1.0.1 before 1.0.1i allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via an invalid SRP (1) g, (2) A, or (3) B parameter.",Released
20140807,CVE-2014-5139,-1,-1,886831,openssl,https://www.suse.com/security/cve/CVE-2014-5139,"The ssl_set_client_disabled function in t1_lib.c in OpenSSL 1.0.1 before 1.0.1i allows remote SSL servers to cause a denial of service (NULL pointer dereference and client application crash) via a ServerHello message that includes an SRP ciphersuite without the required negotiation of that ciphersuite with the client.",Released
20140808,CVE-2014-4345,,,770172,krb5,https://www.suse.com/security/cve/CVE-2014-4345,"Off-by-one error in the krb5_encode_krbsecretkey function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the LDAP KDB module in kadmind in MIT Kerberos 5 (aka krb5) 1.6.x through 1.11.x before 1.11.6 and 1.12.x before 1.12.2 allows remote authenticated users to cause a denial of service (buffer overflow) or possibly execute arbitrary code via a series of \"cpw -keepold\" commands.",Released
20140812,CVE-2014-3158,-1,-1,891489,ppp,https://www.suse.com/security/cve/CVE-2014-3158,"Integer overflow in the getword function in options.c in pppd in Paul's PPP Package (ppp) before 2.4.7 allows attackers to \"access privileged options\" via a long word in an options file, which triggers a heap-based buffer overflow that \"[corrupts] security-relevant variables.\"",Released
20140813,CVE-2014-5206,-1,-1,891689,kernel-source,https://www.suse.com/security/cve/CVE-2014-5206,"The do_remount function in fs/namespace.c in the Linux kernel through 3.16.1 does not maintain the MNT_LOCK_READONLY bit across a remount of a bind mount, which allows local users to bypass an intended read-only restriction and defeat certain sandbox protection mechanisms via a \"mount -o remount\" command within a user namespace.",Analysis
20140813,CVE-2014-5207,-1,-1,891689,kernel-source,https://www.suse.com/security/cve/CVE-2014-5207,"fs/namespace.c in the Linux kernel through 3.16.1 does not properly restrict clearing MNT_NODEV, MNT_NOSUID, and MNT_NOEXEC and changing MNT_ATIME_MASK during a remount of a bind mount, which allows local users to gain privileges, interfere with backups and auditing on systems that had atime enabled, or cause a denial of service (excessive filesystem updating) on systems that had atime disabled via a \"mount -o remount\" command within a user namespace.",Analysis
20140815,CVE-2014-5119,-1,-1,892073,glibc,https://www.suse.com/security/cve/CVE-2014-5119,"Off-by-one error in the __gconv_translit_find function in gconv_trans.c in GNU C Library (aka glibc) allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via vectors related to the CHARSET environment variable and gconv transliteration modules.",Released
20140819,CVE-2014-5270,-1,-1,892464,libgcrypt,https://www.suse.com/security/cve/CVE-2014-5270,"Libgcrypt before 1.5.4, as used in GnuPG and other products, does not properly perform ciphertext normalization and ciphertext randomization, which makes it easier for physically proximate attackers to conduct key-extraction attacks by leveraging the ability to collect voltage data from exposed metal, a different vector than CVE-2013-4576.",Released
20140820,CVE-2014-3601,-1,-1,892782,kernel-source,https://www.suse.com/security/cve/CVE-2014-3601,"The kvm_iommu_map_pages function in virt/kvm/iommu.c in the Linux kernel through 3.16.1 miscalculates the number of pages during the handling of a mapping failure, which allows guest OS users to (1) cause a denial of service (host OS memory corruption) or possibly have unspecified other impact by triggering a large gfn value or (2) cause a denial of service (host OS memory consumption) by triggering a small gfn value that leads to permanently pinned pages.",Already fixed
20140820,CVE-2014-5356,-1,-1,892779,ceph,https://www.suse.com/security/cve/CVE-2014-5356,"OpenStack Image Registry and Delivery Service (Glance) before 2013.2.4, 2014.x before 2014.1.3, and Juno before Juno-3, when using the V2 API, does not properly enforce the image_size_cap configuration option, which allows remote authenticated users to cause a denial of service (disk consumption) by uploading a large image.",Released
20140821,CVE-2014-5147,-1,-1,892976,xen,https://www.suse.com/security/cve/CVE-2014-5147,"Xen 4.4.x, when running a 64-bit kernel on an ARM system, does not properly handle traps from the guest domain that use a different address width, which allows local guest users to cause a denial of service (host crash) via a crafted 32-bit process.",Analysis
20140821,CVE-2014-5148,-1,-1,892977,xen,https://www.suse.com/security/cve/CVE-2014-5148,"Xen 4.4.x, when running on an ARM system and \"handling an unknown system register access from 64-bit userspace,\" returns to an instruction of the trap handler for kernel space faults instead of an instruction that is associated with faults in 64-bit userspace, which allows local guest users to cause a denial of service (crash) and possibly gain privileges via a crafted process.",Analysis
20140826,CVE-2014-3609,-1,-1,893649,squid3,https://www.suse.com/security/cve/CVE-2014-3609,"HttpHdrRange.cc in Squid 3.x before 3.3.12 and 3.4.x before 3.4.6 allows remote attackers to cause a denial of service (crash) via a request with crafted \"Range headers with unidentifiable byte-range values.\"",Released
20140827,CVE-2014-5461,-1,-1,893824,lua,https://www.suse.com/security/cve/CVE-2014-5461,"Buffer overflow in the vararg functions in ldo.c in Lua 5.1 through 5.2.x before 5.2.3 allows context-dependent attackers to cause a denial of service (crash) via a small number of arguments to a function with a large number of fixed arguments.",Analysis
20140827,CVE-2014-5471,-1,-1,892490,kernel-source,https://www.suse.com/security/cve/CVE-2014-5471,"Stack consumption vulnerability in the parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel through 3.16.1 allows local users to cause a denial of service (uncontrolled recursion, and system crash or reboot) via a crafted iso9660 image with a CL entry referring to a directory entry that has a CL entry.",Already fixed
20140827,CVE-2014-5472,-1,-1,892490,kernel-source,https://www.suse.com/security/cve/CVE-2014-5472,"The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel through 3.16.1 allows local users to cause a denial of service (unkillable mount process) via a crafted iso9660 image with a self-referential CL entry.",Already fixed
20140901,CVE-2014-3565,-1,-1,894361,net-snmp,https://www.suse.com/security/cve/CVE-2014-3565,"snmplib/mib.c in net-snmp 5.7.0 and earlier, when the -OQ option is used, allows remote attackers to cause a denial of service (snmptrapd crash) via a crafted SNMP trap message, which triggers a conversion to the variable type designated in the MIB file, as demonstrated by a NULL type in an ifMtu trap message.",Released
20140902,CVE-2012-6656,-1,-1,894556,glibc,https://www.suse.com/security/cve/CVE-2012-6656,"iconvdata/ibm930.c in GNU C Library (aka glibc) before 2.16 allows context-dependent attackers to cause a denial of service (out-of-bounds read) via a multibyte character value of \"0xffff\" to the iconv function when converting IBM930 encoded data to UTF-8.",Released
20140902,CVE-2014-6040,-1,-1,894553,glibc,https://www.suse.com/security/cve/CVE-2014-6040,"GNU C Library (aka glibc) before 2.20 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via a multibyte character value of \"0xffff\" to the iconv function when converting (1) IBM933, (2) IBM935, (3) IBM937, (4) IBM939, or (5) IBM1364 encoded data to UTF-8.",Released
20140902,CVE-2014-6060,-1,-1,894580,dhcpcd,https://www.suse.com/security/cve/CVE-2014-6060,"The get_option function in dhcpcd 4.0.0 through 6.x before 6.4.3 allows remote DHCP servers to cause a denial of service by resetting the DHO_OPTIONSOVERLOADED option in the (1) bootfile or (2) servername section, which triggers the option to be processed again.",Analysis
20140903,CVE-2014-3613,-1,-1,894575,curl,https://www.suse.com/security/cve/CVE-2014-3613,"cURL and libcurl before 7.38.0 does not properly handle IP addresses in cookie domain names, which allows remote attackers to set cookies for or send arbitrary cookies to certain sites, as demonstrated by a site at 192.168.0.1 setting cookies for a site at 127.168.0.1.",Unsupported
20140904,CVE-2014-3618,-1,-1,1068648,procmail,https://www.suse.com/security/cve/CVE-2014-3618,"Heap-based buffer overflow in formisc.c in formail in procmail 3.22 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted email header, related to \"unbalanced quotes.\"",Released
20140908,CVE-2014-3615,-1,-1,895528,kvm,https://www.suse.com/security/cve/CVE-2014-3615,"The VGA emulator in QEMU allows local guest users to read host memory by setting the display to a high resolution.",Released
20140908,CVE-2014-3615,-1,-1,895528,xen,https://www.suse.com/security/cve/CVE-2014-3615,"The VGA emulator in QEMU allows local guest users to read host memory by setting the display to a high resolution.",Already fixed
20140909,CVE-2014-3621,-1,-1,895847,ceph,https://www.suse.com/security/cve/CVE-2014-3621,"The catalog url replacement in OpenStack Identity (Keystone) before 2013.2.3 and 2014.1 before 2014.1.2.1 allows remote authenticated users to read sensitive configuration options via a crafted endpoint, as demonstrated by \"$(admin_token)\" in the publicurl endpoint field.",Released
20140910,CVE-2014-0205,-1,-1,895955,kernel-source,https://www.suse.com/security/cve/CVE-2014-0205,"The futex_wait function in kernel/futex.c in the Linux kernel before 2.6.37 does not properly maintain a certain reference count during requeue operations, which allows local users to cause a denial of service (use-after-free and system crash) or possibly gain privileges via a crafted application that triggers a zero count.",Analysis
20140910,CVE-2014-3535,-1,-1,896015,kernel-source,https://www.suse.com/security/cve/CVE-2014-3535,"include/linux/netdevice.h in the Linux kernel before 2.6.36 incorrectly uses macros for netdev_printk and its related logging implementation, which allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) by sending invalid packets to a VxLAN interface.",Analysis
20140910,CVE-2014-3620,-1,-1,1199221,curl,https://www.suse.com/security/cve/CVE-2014-3620,"cURL and libcurl before 7.38.0 allow remote attackers to bypass the Same Origin Policy and set cookies for arbitrary sites by setting a cookie for a top-level domain.",Affected
20140910,CVE-2014-6268,-1,-1,895804,xen,https://www.suse.com/security/cve/CVE-2014-6268,"The evtchn_fifo_set_pending function in Xen 4.4.x allows local guest users to cause a denial of service (host crash) via vectors involving an uninitialized FIFO-based event channel control block when (1) binding or (2) moving an event to a different VCPU.",Analysis
20140910,CVE-2014-6270,-1,-1,895773,squid3,https://www.suse.com/security/cve/CVE-2014-6270,"Off-by-one error in the snmpHandleUdp function in snmp_core.cc in Squid 2.x and 3.x, when an SNMP port is configured, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted UDP SNMP request, which triggers a heap-based buffer overflow.",Released
20140910,CVE-2014-6270,-1,-1,895773,squid,https://www.suse.com/security/cve/CVE-2014-6270,"Off-by-one error in the snmpHandleUdp function in snmp_core.cc in Squid 2.x and 3.x, when an SNMP port is configured, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted UDP SNMP request, which triggers a heap-based buffer overflow.",Released
20140911,CVE-2014-0486,-1,-1,891268,squid3,https://www.suse.com/security/cve/CVE-2014-0486,"Knot DNS before 1.5.2 allows remote attackers to cause a denial of service (application crash) via a crafted DNS message.",Released
20140912,CVE-2014-3181,-1,-1,896382,kernel-source,https://www.suse.com/security/cve/CVE-2014-3181,"Multiple stack-based buffer overflows in the magicmouse_raw_event function in drivers/hid/hid-magicmouse.c in the Magic Mouse HID driver in the Linux kernel through 3.16.3 allow physically proximate attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a crafted device that provides a large amount of (1) EHCI or (2) XHCI data associated with an event.",Already fixed
20140912,CVE-2014-3182,-1,-1,896385,kernel-source,https://www.suse.com/security/cve/CVE-2014-3182,"Array index error in the logi_dj_raw_event function in drivers/hid/hid-logitech-dj.c in the Linux kernel before 3.16.2 allows physically proximate attackers to execute arbitrary code or cause a denial of service (invalid kfree) via a crafted device that provides a malformed REPORT_TYPE_NOTIF_DEVICE_UNPAIRED value.",Analysis
20140912,CVE-2014-3183,-1,-1,896387,kernel-source,https://www.suse.com/security/cve/CVE-2014-3183,"Heap-based buffer overflow in the logi_dj_ll_raw_request function in drivers/hid/hid-logitech-dj.c in the Linux kernel before 3.16.2 allows physically proximate attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a crafted device that specifies a large report size for an LED report.",Analysis
20140912,CVE-2014-3184,-1,-1,896390,kernel-source,https://www.suse.com/security/cve/CVE-2014-3184,"The report_fixup functions in the HID subsystem in the Linux kernel before 3.16.2 might allow physically proximate attackers to cause a denial of service (out-of-bounds write) via a crafted device that provides a small report descriptor, related to (1) drivers/hid/hid-cherry.c, (2) drivers/hid/hid-kye.c, (3) drivers/hid/hid-lg.c, (4) drivers/hid/hid-monterey.c, (5) drivers/hid/hid-petalynx.c, and (6) drivers/hid/hid-sunplus.c.",Already fixed
20140912,CVE-2014-3185,-1,-1,896391,kernel-source,https://www.suse.com/security/cve/CVE-2014-3185,"Multiple buffer overflows in the command_port_read_callback function in drivers/usb/serial/whiteheat.c in the Whiteheat USB Serial Driver in the Linux kernel before 3.16.2 allow physically proximate attackers to execute arbitrary code or cause a denial of service (memory corruption and system crash) via a crafted device that provides a large amount of (1) EHCI or (2) XHCI data associated with a bulk response.",Already fixed
20140912,CVE-2014-3186,-1,-1,896392,kernel-source,https://www.suse.com/security/cve/CVE-2014-3186,"Buffer overflow in the picolcd_raw_event function in devices/hid/hid-picolcd_core.c in the PicoLCD HID device driver in the Linux kernel through 3.16.3, as used in Android on Nexus 7 devices, allows physically proximate attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a crafted device that sends a large report.",Already fixed
20140915,CVE-2014-3635,-1,-1,896453,dbus-1,https://www.suse.com/security/cve/CVE-2014-3635,"Off-by-one error in D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8, when running on a 64-bit system and the max_message_unix_fds limit is set to an odd number, allows local users to cause a denial of service (dbus-daemon crash) or possibly execute arbitrary code by sending one more file descriptor than the limit, which triggers a heap-based buffer overflow or an assertion failure.",Released
20140915,CVE-2014-3636,-1,-1,896453,dbus-1,https://www.suse.com/security/cve/CVE-2014-3636,"D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8 allows local users to (1) cause a denial of service (prevention of new connections and connection drop) by queuing the maximum number of file descriptors or (2) cause a denial of service (disconnect) via multiple messages that combine to have more than the allowed number of file descriptors for a single sendmsg call.",Released
20140915,CVE-2014-3637,-1,-1,896453,dbus-1,https://www.suse.com/security/cve/CVE-2014-3637,"D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8 does not properly close connections for processes that have terminated, which allows local users to cause a denial of service via a D-bus message containing a D-Bus connection file descriptor.",Released
20140915,CVE-2014-3638,-1,-1,896453,dbus-1,https://www.suse.com/security/cve/CVE-2014-3638,"The bus_connections_check_reply function in config-parser.c in D-Bus before 1.6.24 and 1.8.x before 1.8.8 allows local users to cause a denial of service (CPU consumption) via a large number of method calls.",Released
20140915,CVE-2014-3639,-1,-1,896453,dbus-1,https://www.suse.com/security/cve/CVE-2014-3639,"The dbus-daemon in D-Bus before 1.6.24 and 1.8.x before 1.8.8 does not properly close old connections, which allows local users to cause a denial of service (incomplete connection consumption and prevention of new connections) via a large number of incomplete connections.",Released
20140915,CVE-2014-6410,-1,-1,896689,kernel-source,https://www.suse.com/security/cve/CVE-2014-6410,"The __udf_read_inode function in fs/udf/inode.c in the Linux kernel through 3.16.3 does not restrict the amount of ICB indirection, which allows physically proximate attackers to cause a denial of service (infinite loop or stack consumption) via a UDF filesystem with a crafted inode.",Already fixed
20140915,CVE-2014-6414,-1,-1,896780,ceph,https://www.suse.com/security/cve/CVE-2014-6414,"OpenStack Neutron before 2014.2.4 and 2014.1 before 2014.1.2 allows remote authenticated users to set admin network attributes to default values via unspecified vectors.",Released
20140915,CVE-2014-6416,-1,-1,896384,kernel-source,https://www.suse.com/security/cve/CVE-2014-6416,"Buffer overflow in net/ceph/auth_x.c in Ceph, as used in the Linux kernel before 3.16.3, allows remote attackers to cause a denial of service (memory corruption and panic) or possibly have unspecified other impact via a long unencrypted auth ticket.",Analysis
20140915,CVE-2014-6417,-1,-1,896384,kernel-source,https://www.suse.com/security/cve/CVE-2014-6417,"net/ceph/auth_x.c in Ceph, as used in the Linux kernel before 3.16.3, does not properly consider the possibility of kmalloc failure, which allows remote attackers to cause a denial of service (system crash) or possibly have unspecified other impact via a long unencrypted auth ticket.",Analysis
20140917,CVE-2010-5304,,7.5,897031,LibVNCServer,https://www.suse.com/security/cve/CVE-2010-5304,"A NULL pointer dereference flaw was found in the way LibVNCServer before 0.9.9 handled certain ClientCutText message. A remote attacker could use this flaw to crash the VNC server by sending a specially crafted ClientCutText message from a VNC client.",Released
20140917,CVE-2014-6051,-1,-1,897031,LibVNCServer,https://www.suse.com/security/cve/CVE-2014-6051,"Integer overflow in the MallocFrameBuffer function in vncviewer.c in LibVNCServer 0.9.9 and earlier allows remote VNC servers to cause a denial of service (crash) and possibly execute arbitrary code via an advertisement for a large screen size, which triggers a heap-based buffer overflow.",Released
20140917,CVE-2014-6052,-1,-1,897031,LibVNCServer,https://www.suse.com/security/cve/CVE-2014-6052,"The HandleRFBServerMessage function in libvncclient/rfbproto.c in LibVNCServer 0.9.9 and earlier does not check certain malloc return values, which allows remote VNC servers to cause a denial of service (application crash) or possibly execute arbitrary code by specifying a large screen size in a (1) FramebufferUpdate, (2) ResizeFrameBuffer, or (3) PalmVNCReSizeFrameBuffer message.",Released
20140917,CVE-2014-6053,-1,-1,897031,LibVNCServer,https://www.suse.com/security/cve/CVE-2014-6053,"The rfbProcessClientNormalMessage function in libvncserver/rfbserver.c in LibVNCServer 0.9.9 and earlier does not properly handle attempts to send a large amount of ClientCutText data, which allows remote attackers to cause a denial of service (memory consumption or daemon crash) via a crafted message that is processed by using a single unchecked malloc.",Released
20140917,CVE-2014-6054,-1,-1,897031,LibVNCServer,https://www.suse.com/security/cve/CVE-2014-6054,"The rfbProcessClientNormalMessage function in libvncserver/rfbserver.c in LibVNCServer 0.9.9 and earlier allows remote attackers to cause a denial of service (divide-by-zero error and server crash) via a zero value in the scaling factor in a (1) PalmVNCSetScaleFactor or (2) SetScale message.",Released
20140917,CVE-2014-6055,-1,-1,897031,LibVNCServer,https://www.suse.com/security/cve/CVE-2014-6055,"Multiple stack-based buffer overflows in the File Transfer feature in rfbserver.c in LibVNCServer 0.9.9 and earlier allow remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a (1) long file or (2) directory name or the (3) FileTime attribute in a rfbFileTransferOffer message.",Released
20140917,CVE-2014-6421,-1,-1,897055,wireshark,https://www.suse.com/security/cve/CVE-2014-6421,"Use-after-free vulnerability in the SDP dissector in Wireshark 1.10.x before 1.10.10 allows remote attackers to cause a denial of service (application crash) via a crafted packet that leverages split memory ownership between the SDP and RTP dissectors.",Released
20140917,CVE-2014-6422,-1,-1,897055,wireshark,https://www.suse.com/security/cve/CVE-2014-6422,"The SDP dissector in Wireshark 1.10.x before 1.10.10 creates duplicate hashtables for a media channel, which allows remote attackers to cause a denial of service (application crash) via a crafted packet to the RTP dissector.",Released
20140917,CVE-2014-6423,-1,-1,897055,wireshark,https://www.suse.com/security/cve/CVE-2014-6423,"The tvb_raw_text_add function in epan/dissectors/packet-megaco.c in the MEGACO dissector in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 allows remote attackers to cause a denial of service (infinite loop) via an empty line.",Released
20140917,CVE-2014-6424,-1,-1,897055,wireshark,https://www.suse.com/security/cve/CVE-2014-6424,"The dissect_v9_v10_pdu_data function in epan/dissectors/packet-netflow.c in the Netflow dissector in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 refers to incorrect offset and start variables, which allows remote attackers to cause a denial of service (uninitialized memory read and application crash) via a crafted packet.",Released
20140917,CVE-2014-6427,-1,-1,897055,wireshark,https://www.suse.com/security/cve/CVE-2014-6427,"Off-by-one error in the is_rtsp_request_or_reply function in epan/dissectors/packet-rtsp.c in the RTSP dissector in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 allows remote attackers to cause a denial of service (application crash) via a crafted packet that triggers parsing of a token located one position beyond the current position.",Released
20140917,CVE-2014-6428,-1,-1,897055,wireshark,https://www.suse.com/security/cve/CVE-2014-6428,"The dissect_spdu function in epan/dissectors/packet-ses.c in the SES dissector in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 does not initialize a certain ID value, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.",Released
20140917,CVE-2014-6429,-1,-1,897055,wireshark,https://www.suse.com/security/cve/CVE-2014-6429,"The SnifferDecompress function in wiretap/ngsniffer.c in the DOS Sniffer file parser in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 does not properly handle empty input data, which allows remote attackers to cause a denial of service (application crash) via a crafted file.",Released
20140917,CVE-2014-6430,-1,-1,897055,wireshark,https://www.suse.com/security/cve/CVE-2014-6430,"The SnifferDecompress function in wiretap/ngsniffer.c in the DOS Sniffer file parser in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 does not validate bitmask data, which allows remote attackers to cause a denial of service (application crash) via a crafted file.",Released
20140917,CVE-2014-6431,-1,-1,897055,wireshark,https://www.suse.com/security/cve/CVE-2014-6431,"Buffer overflow in the SnifferDecompress function in wiretap/ngsniffer.c in the DOS Sniffer file parser in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 allows remote attackers to cause a denial of service (application crash) via a crafted file that triggers writes of uncompressed bytes beyond the end of the output buffer.",Released
20140917,CVE-2014-6432,-1,-1,897055,wireshark,https://www.suse.com/security/cve/CVE-2014-6432,"The SnifferDecompress function in wiretap/ngsniffer.c in the DOS Sniffer file parser in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 does not prevent data overwrites during copy operations, which allows remote attackers to cause a denial of service (application crash) via a crafted file.",Released
20140918,CVE-2014-3634,-1,-1,897262,rsyslog,https://www.suse.com/security/cve/CVE-2014-3634,"rsyslog before 7.6.6 and 8.x before 8.4.1 and sysklogd 1.5 and earlier allows remote attackers to cause a denial of service (crash), possibly execute arbitrary code, or have other unspecified impact via a crafted priority (PRI) value that triggers an out-of-bounds array access.",Released
20140918,CVE-2014-6272,-1,-1,897243,libevent,https://www.suse.com/security/cve/CVE-2014-6272,"Multiple integer overflows in the evbuffer API in Libevent 1.4.x before 1.4.15, 2.0.x before 2.0.22, and 2.1.x before 2.1.5-beta allow context-dependent attackers to cause a denial of service or possibly have other unspecified impact via \"insanely large inputs\" to the (1) evbuffer_add, (2) evbuffer_expand, or (3) bufferevent_write function, which triggers a heap-based buffer overflow or an infinite loop.  NOTE: this identifier has been SPLIT per ADT3 due to different affected versions. See CVE-2015-6525 for the functions that are only affected in 2.0 and later.",Released
20140919,CVE-2014-4330,-1,-1,896715,perl,https://www.suse.com/security/cve/CVE-2014-4330,"The Dumper method in Data::Dumper before 2.154, as used in Perl 5.20.1 and earlier, allows context-dependent attackers to cause a denial of service (stack consumption and crash) via an Array-Reference with many nested Array-References, which triggers a large number of recursive calls to the DD_dump function.",Released
20140922,CVE-2014-3633,-1,-1,897783,libvirt,https://www.suse.com/security/cve/CVE-2014-3633,"The qemuDomainGetBlockIoTune function in qemu/qemu_driver.c in libvirt before 1.2.9, when a disk has been hot-plugged or removed from the live image, allows remote attackers to cause a denial of service (crash) or read sensitive heap information via a crafted blkiotune query, which triggers an out-of-bounds read.",Already fixed
20140923,CVE-2014-3657,-1,-1,897783,libvirt,https://www.suse.com/security/cve/CVE-2014-3657,"The virDomainListPopulate function in conf/domain_conf.c in libvirt before 1.2.9 does not clean up the lock on the list of domains, which allows remote attackers to cause a denial of service (deadlock) via a NULL value in the second parameter in the virConnectListAllDomains API command.",Already fixed
20140923,CVE-2014-5351,-1,-1,897874,krb5,https://www.suse.com/security/cve/CVE-2014-5351,"The kadm5_randkey_principal_3 function in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13 sends old keys in a response to a -randkey -keepold request, which allows remote authenticated users to forge tickets by leveraging administrative access.",Released
20140924,CVE-2014-7141,-1,-1,1040640,squid3,https://www.suse.com/security/cve/CVE-2014-7141,"The pinger in Squid 3.x before 3.4.8 allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and crash) via a crafted type in an (1) ICMP or (2) ICMP6 packet.",Released
20140926,CVE-2014-7185,-1,-1,898572,python,https://www.suse.com/security/cve/CVE-2014-7185,"Integer overflow in bufferobject.c in Python before 2.7.8 allows context-dependent attackers to obtain sensitive information from process memory via a large size and offset in a \"buffer\" function.",Released
20140926,CVE-2014-7187,-1,-1,1024628,bash,https://www.suse.com/security/cve/CVE-2014-7187,"Off-by-one error in the read_token_word function in parse.y in GNU Bash through 4.3 bash43-026 allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly have unspecified other impact via deeply nested for loops, aka the \"word_lineno\" issue.",Already fixed
20140927,CVE-2014-6277,-1,-1,898812,bash,https://www.suse.com/security/cve/CVE-2014-6277,"GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized memory access, and untrusted-pointer read and write operations) via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271 and CVE-2014-7169.",Already fixed
20140928,CVE-2014-6278,-1,-1,898604,bash,https://www.suse.com/security/cve/CVE-2014-6278,"GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to execute arbitrary commands via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271, CVE-2014-7169, and CVE-2014-6277.",Already fixed
20140929,CVE-2014-7188,-1,-1,880751,xen,https://www.suse.com/security/cve/CVE-2014-7188,"The hvm_msr_read_intercept function in arch/x86/hvm/hvm.c in Xen 4.1 through 4.4.x uses an improper MSR range for x2APIC emulation, which allows local HVM guests to cause a denial of service (host crash) or read data from the hypervisor or other guests via unspecified vectors.",Already fixed
20140930,CVE-2014-3608,-1,-1,899199,ceph,https://www.suse.com/security/cve/CVE-2014-3608,"The VMWare driver in OpenStack Compute (Nova) before 2014.1.3 allows remote authenticated users to bypass the quota limit and cause a denial of service (resource consumption) by putting the VM into the rescue state, suspending it, which puts into an ERROR state, and then deleting the image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2573.",Released
20140930,CVE-2014-3610,,5.5,899192,kernel-source,https://www.suse.com/security/cve/CVE-2014-3610,"The WRMSR processing functionality in the KVM subsystem in the Linux kernel through 3.17.2 does not properly handle the writing of a non-canonical address to a model-specific register, which allows guest OS users to cause a denial of service (host OS crash) by leveraging guest OS privileges, related to the wrmsr_interception function in arch/x86/kvm/svm.c and the handle_wrmsr function in arch/x86/kvm/vmx.c.",Already fixed
20140930,CVE-2014-3611,,4.7,899192,openssl,https://www.suse.com/security/cve/CVE-2014-3611,"Race condition in the __kvm_migrate_pit_timer function in arch/x86/kvm/i8254.c in the KVM subsystem in the Linux kernel through 3.17.2 allows guest OS users to cause a denial of service (host OS crash) by leveraging incorrect PIT emulation.",Released
20140930,CVE-2014-3641,-1,-1,899198,ceph,https://www.suse.com/security/cve/CVE-2014-3641,"The (1) GlusterFS and (2) Linux Smbfs drivers in OpenStack Cinder before 2014.1.3 allows remote authenticated users to obtain file data from the Cinder-volume host by cloning and attaching a volume with a crafted qcow2 header.",Released
20140930,CVE-2014-3645,-1,-1,899192,openssl,https://www.suse.com/security/cve/CVE-2014-3645,"arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel before 3.12 does not have an exit handler for the INVEPT instruction, which allows guest OS users to cause a denial of service (guest OS crash) via a crafted application.",Released
20140930,CVE-2014-3646,,5.5,899192,kernel-source,https://www.suse.com/security/cve/CVE-2014-3646,"arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel through 3.17.2 does not have an exit handler for the INVVPID instruction, which allows guest OS users to cause a denial of service (guest OS crash) via a crafted application.",Already fixed
20140930,CVE-2014-3647,5.5,5.5,1013038,kernel-source,https://www.suse.com/security/cve/CVE-2014-3647,"arch/x86/kvm/emulate.c in the KVM subsystem in the Linux kernel through 3.17.2 does not properly perform RIP changes, which allows guest OS users to cause a denial of service (guest OS crash) via a crafted application.",Already fixed
20140930,CVE-2014-7230,-1,-1,899190,ceph,https://www.suse.com/security/cve/CVE-2014-7230,"The processutils.execute function in OpenStack oslo-incubator, Cinder, Nova, and Trove before 2013.2.4 and 2014.1 before 2014.1.3 allows local users to obtain passwords from commands that cause a ProcessExecutionError by reading the log.",Released
20140930,CVE-2014-7231,-1,-1,899190,ceph,https://www.suse.com/security/cve/CVE-2014-7231,"The strutils.mask_password function in the OpenStack Oslo utility library, Cinder, Nova, and Trove before 2013.2.4 and 2014.1 before 2014.1.3 does not properly mask passwords when logging commands, which allows local users to obtain passwords by reading the log.",Released
20141002,CVE-2014-7204,-1,-1,899486,ctags,https://www.suse.com/security/cve/CVE-2014-7204,"jscript.c in Exuberant Ctags 5.8 allows remote attackers to cause a denial of service (infinite loop and CPU and disk consumption) via a crafted JavaScript file.",Released
20141004,CVE-2014-3683,-1,-1,897262,rsyslog,https://www.suse.com/security/cve/CVE-2014-3683,"Integer overflow in rsyslog before 7.6.7 and 8.x before 8.4.2 and sysklogd 1.5 and earlier allows remote attackers to cause a denial of service (crash) via a large priority (PRI) value.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-3634.",Released
20141006,CVE-2014-3581,-1,-1,899836,apache2,https://www.suse.com/security/cve/CVE-2014-3581,"The cache_merge_headers_out function in modules/cache/cache_util.c in the mod_cache module in the Apache HTTP Server before 2.4.11 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty HTTP Content-Type header.",Released
20141010,CVE-2014-3686,-1,-1,1063667,wpa_supplicant,https://www.suse.com/security/cve/CVE-2014-3686,"wpa_supplicant and hostapd 0.7.2 through 2.2, when running with certain configurations and using wpa_cli or hostapd_cli with action scripts, allows remote attackers to execute arbitrary commands via a crafted frame.",Released
20141010,CVE-2014-7970,,5.5,900644,kernel-source,https://www.suse.com/security/cve/CVE-2014-7970,"The pivot_root implementation in fs/namespace.c in the Linux kernel through 3.17 does not properly interact with certain locations of a chroot directory, which allows local users to cause a denial of service (mount-tree loop) via . (dot) values in both arguments to the pivot_root system call.",Already fixed
20141013,CVE-2014-8086,,4.7,900881,kernel-source,https://www.suse.com/security/cve/CVE-2014-8086,"Race condition in the ext4_file_write_iter function in fs/ext4/file.c in the Linux kernel through 3.17 allows local users to cause a denial of service (file unavailability) via a combination of a write action and an F_SETFL fcntl operation for the O_DIRECT flag.",Already fixed
20141013,CVE-2014-8242,-1,-1,900914,rsync,https://www.suse.com/security/cve/CVE-2014-8242,"librsync before 1.0.0 uses a truncated MD4 checksum to match blocks, which makes it easier for remote attackers to modify transmitted data via a birthday attack.",Released
20141014,CVE-2014-8750,-1,-1,901087,ceph,https://www.suse.com/security/cve/CVE-2014-8750,"Race condition in the VMware driver in OpenStack Compute (Nova) before 2014.1.4 and 2014.2 before 2014.2rc1 allows remote authenticated users to access unintended consoles by spawning an instance that triggers the same VNC port to be allocated to two different instances.",Released
20141015,CVE-2014-3513,5.3,,901277,openssl,https://www.suse.com/security/cve/CVE-2014-3513,"Memory leak in d1_srtp.c in the DTLS SRTP extension in OpenSSL 1.0.1 before 1.0.1j allows remote attackers to cause a denial of service (memory consumption) via a crafted handshake message.",Released
20141015,CVE-2014-3566,,3.4,1011293,apache2-mod_nss,https://www.suse.com/security/cve/CVE-2014-3566,"The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the \"POODLE\" issue.",Released
20141015,CVE-2014-3566,,3.4,1011293,cyrus-imapd,https://www.suse.com/security/cve/CVE-2014-3566,"The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the \"POODLE\" issue.",Released
20141015,CVE-2014-3566,,3.4,1011293,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2014-3566,"The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the \"POODLE\" issue.",Already fixed
20141015,CVE-2014-3566,,3.4,1011293,openssl,https://www.suse.com/security/cve/CVE-2014-3566,"The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the \"POODLE\" issue.",Released
20141015,CVE-2014-3566,,3.4,1011293,openwsman,https://www.suse.com/security/cve/CVE-2014-3566,"The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the \"POODLE\" issue.",Released
20141015,CVE-2014-3567,-1,-1,877506,libxml2,https://www.suse.com/security/cve/CVE-2014-3567,"Memory leak in the tls_decrypt_ticket function in t1_lib.c in OpenSSL before 0.9.8zc, 1.0.0 before 1.0.0o, and 1.0.1 before 1.0.1j allows remote attackers to cause a denial of service (memory consumption) via a crafted session ticket that triggers an integrity-check failure.",Already fixed
20141015,CVE-2014-3567,-1,-1,877506,openssl,https://www.suse.com/security/cve/CVE-2014-3567,"Memory leak in the tls_decrypt_ticket function in t1_lib.c in OpenSSL before 0.9.8zc, 1.0.0 before 1.0.0o, and 1.0.1 before 1.0.1j allows remote attackers to cause a denial of service (memory consumption) via a crafted session ticket that triggers an integrity-check failure.",Already fixed
20141015,CVE-2014-3568,-1,-1,901277,openssl,https://www.suse.com/security/cve/CVE-2014-3568,"OpenSSL before 0.9.8zc, 1.0.0 before 1.0.0o, and 1.0.1 before 1.0.1j does not properly enforce the no-ssl3 build option, which allows remote attackers to bypass intended access restrictions via an SSL 3.0 handshake, related to s23_clnt.c and s23_srvr.c.",Unsupported
20141015,CVE-2014-4288,-1,-1,901239,apache2-mod_nss,https://www.suse.com/security/cve/CVE-2014-4288,"Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-6493, CVE-2014-6503, and CVE-2014-6532.",Released
20141015,CVE-2014-4288,-1,-1,901239,cyrus-imapd,https://www.suse.com/security/cve/CVE-2014-4288,"Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-6493, CVE-2014-6503, and CVE-2014-6532.",Released
20141015,CVE-2014-4288,-1,-1,901239,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2014-4288,"Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-6493, CVE-2014-6503, and CVE-2014-6532.",Already fixed
20141015,CVE-2014-4288,-1,-1,901239,openssl,https://www.suse.com/security/cve/CVE-2014-4288,"Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-6493, CVE-2014-6503, and CVE-2014-6532.",Released
20141015,CVE-2014-4288,-1,-1,901239,openwsman,https://www.suse.com/security/cve/CVE-2014-4288,"Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-6493, CVE-2014-6503, and CVE-2014-6532.",Released
20141015,CVE-2014-6456,-1,-1,901239,apache2-mod_nss,https://www.suse.com/security/cve/CVE-2014-6456,"Unspecified vulnerability in Oracle Java SE 7u67 and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.",Released
20141015,CVE-2014-6456,-1,-1,901239,cyrus-imapd,https://www.suse.com/security/cve/CVE-2014-6456,"Unspecified vulnerability in Oracle Java SE 7u67 and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.",Released
20141015,CVE-2014-6456,-1,-1,901239,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2014-6456,"Unspecified vulnerability in Oracle Java SE 7u67 and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.",Already fixed
20141015,CVE-2014-6456,-1,-1,901239,openssl,https://www.suse.com/security/cve/CVE-2014-6456,"Unspecified vulnerability in Oracle Java SE 7u67 and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.",Released
20141015,CVE-2014-6456,-1,-1,901239,openwsman,https://www.suse.com/security/cve/CVE-2014-6456,"Unspecified vulnerability in Oracle Java SE 7u67 and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.",Released
20141015,CVE-2014-6457,-1,-1,901239,apache2-mod_nss,https://www.suse.com/security/cve/CVE-2014-6457,"Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3, and R28.3.3 allows remote attackers to affect confidentiality and integrity via vectors related to JSSE.",Released
20141015,CVE-2014-6457,-1,-1,901239,cyrus-imapd,https://www.suse.com/security/cve/CVE-2014-6457,"Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3, and R28.3.3 allows remote attackers to affect confidentiality and integrity via vectors related to JSSE.",Released
20141015,CVE-2014-6457,-1,-1,901239,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2014-6457,"Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3, and R28.3.3 allows remote attackers to affect confidentiality and integrity via vectors related to JSSE.",Already fixed
20141015,CVE-2014-6457,-1,-1,901239,openssl,https://www.suse.com/security/cve/CVE-2014-6457,"Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3, and R28.3.3 allows remote attackers to affect confidentiality and integrity via vectors related to JSSE.",Released
20141015,CVE-2014-6457,-1,-1,901239,openwsman,https://www.suse.com/security/cve/CVE-2014-6457,"Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3, and R28.3.3 allows remote attackers to affect confidentiality and integrity via vectors related to JSSE.",Released
20141015,CVE-2014-6458,-1,-1,901239,apache2-mod_nss,https://www.suse.com/security/cve/CVE-2014-6458,"Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.",Released
20141015,CVE-2014-6458,-1,-1,901239,cyrus-imapd,https://www.suse.com/security/cve/CVE-2014-6458,"Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.",Released
20141015,CVE-2014-6458,-1,-1,901239,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2014-6458,"Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.",Already fixed
20141015,CVE-2014-6458,-1,-1,901239,openssl,https://www.suse.com/security/cve/CVE-2014-6458,"Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.",Released
20141015,CVE-2014-6458,-1,-1,901239,openwsman,https://www.suse.com/security/cve/CVE-2014-6458,"Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.",Released
20141015,CVE-2014-6466,-1,-1,901239,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2014-6466,"Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20, when running on Internet Explorer, allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.",Already fixed
20141015,CVE-2014-6468,-1,-1,901239,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2014-6468,"Unspecified vulnerability in Oracle Java SE 8u20 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.",Already fixed
20141015,CVE-2014-6476,-1,-1,901239,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2014-6476,"Unspecified vulnerability in Oracle Java SE 7u67 and 8u20 allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2014-6527.",Already fixed
20141015,CVE-2014-6485,-1,-1,901239,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2014-6485,"Unspecified vulnerability in Oracle Java SE 8u20 and JavaFX 2.2.65 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.",Already fixed
20141015,CVE-2014-6493,-1,-1,901239,apache2-mod_nss,https://www.suse.com/security/cve/CVE-2014-6493,"Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4288, CVE-2014-6503, and CVE-2014-6532.",Released
20141015,CVE-2014-6493,-1,-1,901239,cyrus-imapd,https://www.suse.com/security/cve/CVE-2014-6493,"Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4288, CVE-2014-6503, and CVE-2014-6532.",Released
20141015,CVE-2014-6493,-1,-1,901239,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2014-6493,"Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4288, CVE-2014-6503, and CVE-2014-6532.",Already fixed
20141015,CVE-2014-6493,-1,-1,901239,openssl,https://www.suse.com/security/cve/CVE-2014-6493,"Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4288, CVE-2014-6503, and CVE-2014-6532.",Released
20141015,CVE-2014-6493,-1,-1,901239,openwsman,https://www.suse.com/security/cve/CVE-2014-6493,"Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4288, CVE-2014-6503, and CVE-2014-6532.",Released
20141015,CVE-2014-6502,-1,-1,901239,apache2-mod_nss,https://www.suse.com/security/cve/CVE-2014-6502,"Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect integrity via unknown vectors related to Libraries.",Released
20141015,CVE-2014-6502,-1,-1,901239,cyrus-imapd,https://www.suse.com/security/cve/CVE-2014-6502,"Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect integrity via unknown vectors related to Libraries.",Released
20141015,CVE-2014-6502,-1,-1,901239,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2014-6502,"Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect integrity via unknown vectors related to Libraries.",Already fixed
20141015,CVE-2014-6502,-1,-1,901239,openssl,https://www.suse.com/security/cve/CVE-2014-6502,"Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect integrity via unknown vectors related to Libraries.",Released
20141015,CVE-2014-6502,-1,-1,901239,openwsman,https://www.suse.com/security/cve/CVE-2014-6502,"Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect integrity via unknown vectors related to Libraries.",Released
20141015,CVE-2014-6503,-1,-1,901239,apache2-mod_nss,https://www.suse.com/security/cve/CVE-2014-6503,"Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4288, CVE-2014-6493, and CVE-2014-6532.",Released
20141015,CVE-2014-6503,-1,-1,901239,cyrus-imapd,https://www.suse.com/security/cve/CVE-2014-6503,"Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4288, CVE-2014-6493, and CVE-2014-6532.",Released
20141015,CVE-2014-6503,-1,-1,901239,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2014-6503,"Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4288, CVE-2014-6493, and CVE-2014-6532.",Already fixed
20141015,CVE-2014-6503,-1,-1,901239,openssl,https://www.suse.com/security/cve/CVE-2014-6503,"Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4288, CVE-2014-6493, and CVE-2014-6532.",Released
20141015,CVE-2014-6503,-1,-1,901239,openwsman,https://www.suse.com/security/cve/CVE-2014-6503,"Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4288, CVE-2014-6493, and CVE-2014-6532.",Released
20141015,CVE-2014-6504,-1,-1,901239,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2014-6504,"Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, and 7u67, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality via unknown vectors related to Hotspot.",Already fixed
20141015,CVE-2014-6506,-1,-1,901239,apache2-mod_nss,https://www.suse.com/security/cve/CVE-2014-6506,"Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.",Released
20141015,CVE-2014-6506,-1,-1,901239,cyrus-imapd,https://www.suse.com/security/cve/CVE-2014-6506,"Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.",Released
20141015,CVE-2014-6506,-1,-1,901239,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2014-6506,"Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.",Already fixed
20141015,CVE-2014-6506,-1,-1,901239,openssl,https://www.suse.com/security/cve/CVE-2014-6506,"Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.",Released
20141015,CVE-2014-6506,-1,-1,901239,openwsman,https://www.suse.com/security/cve/CVE-2014-6506,"Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.",Released
20141015,CVE-2014-6511,-1,-1,901239,apache2-mod_nss,https://www.suse.com/security/cve/CVE-2014-6511,"Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality via unknown vectors related to 2D.",Released
20141015,CVE-2014-6511,-1,-1,901239,cyrus-imapd,https://www.suse.com/security/cve/CVE-2014-6511,"Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality via unknown vectors related to 2D.",Released
20141015,CVE-2014-6511,-1,-1,901239,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2014-6511,"Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality via unknown vectors related to 2D.",Already fixed
20141015,CVE-2014-6511,-1,-1,901239,openssl,https://www.suse.com/security/cve/CVE-2014-6511,"Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality via unknown vectors related to 2D.",Released
20141015,CVE-2014-6511,-1,-1,901239,openwsman,https://www.suse.com/security/cve/CVE-2014-6511,"Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality via unknown vectors related to 2D.",Released
20141015,CVE-2014-6512,-1,-1,901239,apache2-mod_nss,https://www.suse.com/security/cve/CVE-2014-6512,"Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3 and R28.3.3 allows remote attackers to affect integrity via unknown vectors related to Libraries.",Released
20141015,CVE-2014-6512,-1,-1,901239,cyrus-imapd,https://www.suse.com/security/cve/CVE-2014-6512,"Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3 and R28.3.3 allows remote attackers to affect integrity via unknown vectors related to Libraries.",Released
20141015,CVE-2014-6512,-1,-1,901239,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2014-6512,"Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3 and R28.3.3 allows remote attackers to affect integrity via unknown vectors related to Libraries.",Already fixed
20141015,CVE-2014-6512,-1,-1,901239,openssl,https://www.suse.com/security/cve/CVE-2014-6512,"Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3 and R28.3.3 allows remote attackers to affect integrity via unknown vectors related to Libraries.",Released
20141015,CVE-2014-6512,-1,-1,901239,openwsman,https://www.suse.com/security/cve/CVE-2014-6512,"Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3 and R28.3.3 allows remote attackers to affect integrity via unknown vectors related to Libraries.",Released
20141015,CVE-2014-6513,-1,-1,901239,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2014-6513,"Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT.",Already fixed
20141015,CVE-2014-6515,-1,-1,901239,apache2-mod_nss,https://www.suse.com/security/cve/CVE-2014-6515,"Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect integrity via unknown vectors related to Deployment.",Released
20141015,CVE-2014-6515,-1,-1,901239,cyrus-imapd,https://www.suse.com/security/cve/CVE-2014-6515,"Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect integrity via unknown vectors related to Deployment.",Released
20141015,CVE-2014-6515,-1,-1,901239,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2014-6515,"Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect integrity via unknown vectors related to Deployment.",Already fixed
20141015,CVE-2014-6515,-1,-1,901239,openssl,https://www.suse.com/security/cve/CVE-2014-6515,"Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect integrity via unknown vectors related to Deployment.",Released
20141015,CVE-2014-6515,-1,-1,901239,openwsman,https://www.suse.com/security/cve/CVE-2014-6515,"Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect integrity via unknown vectors related to Deployment.",Released
20141015,CVE-2014-6517,-1,-1,901239,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2014-6517,"Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and Jrockit R27.8.3 and R28.3.3 allows remote attackers to affect confidentiality via vectors related to JAXP.",Already fixed
20141015,CVE-2014-6519,-1,-1,901239,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2014-6519,"Unspecified vulnerability in Oracle Java SE 7u67 and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect integrity via unknown vectors related to Hotspot.",Already fixed
20141015,CVE-2014-6527,-1,-1,901239,apache2-mod_nss,https://www.suse.com/security/cve/CVE-2014-6527,"Unspecified vulnerability in Oracle Java SE 7u67 and 8u20 allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2014-6476.",Released
20141015,CVE-2014-6527,-1,-1,901239,cyrus-imapd,https://www.suse.com/security/cve/CVE-2014-6527,"Unspecified vulnerability in Oracle Java SE 7u67 and 8u20 allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2014-6476.",Released
20141015,CVE-2014-6527,-1,-1,901239,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2014-6527,"Unspecified vulnerability in Oracle Java SE 7u67 and 8u20 allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2014-6476.",Already fixed
20141015,CVE-2014-6527,-1,-1,901239,openssl,https://www.suse.com/security/cve/CVE-2014-6527,"Unspecified vulnerability in Oracle Java SE 7u67 and 8u20 allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2014-6476.",Released
20141015,CVE-2014-6527,-1,-1,901239,openwsman,https://www.suse.com/security/cve/CVE-2014-6527,"Unspecified vulnerability in Oracle Java SE 7u67 and 8u20 allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2014-6476.",Released
20141015,CVE-2014-6531,-1,-1,901239,apache2-mod_nss,https://www.suse.com/security/cve/CVE-2014-6531,"Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality via unknown vectors related to Libraries.",Released
20141015,CVE-2014-6531,-1,-1,901239,cyrus-imapd,https://www.suse.com/security/cve/CVE-2014-6531,"Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality via unknown vectors related to Libraries.",Released
20141015,CVE-2014-6531,-1,-1,901239,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2014-6531,"Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality via unknown vectors related to Libraries.",Already fixed
20141015,CVE-2014-6531,-1,-1,901239,openssl,https://www.suse.com/security/cve/CVE-2014-6531,"Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality via unknown vectors related to Libraries.",Released
20141015,CVE-2014-6531,-1,-1,901239,openwsman,https://www.suse.com/security/cve/CVE-2014-6531,"Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality via unknown vectors related to Libraries.",Released
20141015,CVE-2014-6532,-1,-1,901239,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2014-6532,"Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4288, CVE-2014-6493, and CVE-2014-6503.",Already fixed
20141015,CVE-2014-6558,-1,-1,901239,apache2-mod_nss,https://www.suse.com/security/cve/CVE-2014-6558,"Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3 and JRockit R28.3.3 allows remote attackers to affect integrity via unknown vectors related to Security.",Released
20141015,CVE-2014-6558,-1,-1,901239,cyrus-imapd,https://www.suse.com/security/cve/CVE-2014-6558,"Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3 and JRockit R28.3.3 allows remote attackers to affect integrity via unknown vectors related to Security.",Released
20141015,CVE-2014-6558,-1,-1,901239,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2014-6558,"Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3 and JRockit R28.3.3 allows remote attackers to affect integrity via unknown vectors related to Security.",Already fixed
20141015,CVE-2014-6558,-1,-1,901239,openssl,https://www.suse.com/security/cve/CVE-2014-6558,"Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3 and JRockit R28.3.3 allows remote attackers to affect integrity via unknown vectors related to Security.",Released
20141015,CVE-2014-6558,-1,-1,901239,openwsman,https://www.suse.com/security/cve/CVE-2014-6558,"Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3 and JRockit R28.3.3 allows remote attackers to affect integrity via unknown vectors related to Security.",Released
20141015,CVE-2014-6562,-1,-1,901239,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2014-6562,"Unspecified vulnerability in Oracle Java SE 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.",Already fixed
20141016,CVE-2014-3660,-1,-1,1123919,libxml2,https://www.suse.com/security/cve/CVE-2014-3660,"parser.c in libxml2 before 2.9.2 does not properly prevent entity expansion even when entity substitution has been disabled, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted XML document containing a large number of nested entity references, a variant of the \"billion laughs\" attack.",Released
20141016,CVE-2014-3689,-1,-1,1072223,kvm,https://www.suse.com/security/cve/CVE-2014-3689,"The vmware-vga driver (hw/display/vmware_vga.c) in QEMU allows local guest users to write to qemu memory locations and gain privileges via unspecified parameters related to rectangle handling.",Released
20141016,CVE-2014-3689,-1,-1,1072223,xen,https://www.suse.com/security/cve/CVE-2014-3689,"The vmware-vga driver (hw/display/vmware_vga.c) in QEMU allows local guest users to write to qemu memory locations and gain privileges via unspecified parameters related to rectangle handling.",Released
20141020,CVE-2014-3707,,,901924,curl,https://www.suse.com/security/cve/CVE-2014-3707,"The curl_easy_duphandle function in libcurl 7.17.1 through 7.38.0, when running with the CURLOPT_COPYPOSTFIELDS option, does not properly copy HTTP POST data for an easy handle, which triggers an out-of-bounds read that allows remote web servers to read sensitive memory information.",Released
20141022,CVE-2014-3690,,5.5,902232,kernel-source,https://www.suse.com/security/cve/CVE-2014-3690,"arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel before 3.17.2 on Intel processors does not ensure that the value in the CR4 control register remains the same after a VM entry, which allows host OS users to kill arbitrary processes or cause a denial of service (system disruption) by leveraging /dev/kvm access, as demonstrated by PR_SET_TSC prctl calls within a modified copy of QEMU.",Already fixed
20141023,CVE-2014-3673,,7.5,1115893,kernel-source,https://www.suse.com/security/cve/CVE-2014-3673,"The SCTP implementation in the Linux kernel through 3.17.2 allows remote attackers to cause a denial of service (system crash) via a malformed ASCONF chunk, related to net/sctp/sm_make_chunk.c and net/sctp/sm_statefuns.c.",Already fixed
20141023,CVE-2014-3687,,7.5,1115893,kernel-source,https://www.suse.com/security/cve/CVE-2014-3687,"The sctp_assoc_lookup_asconf_ack function in net/sctp/associola.c in the SCTP implementation in the Linux kernel through 3.17.2 allows remote attackers to cause a denial of service (panic) via duplicate ASCONF chunks that trigger an incorrect uncork within the side-effect interpreter.",Already fixed
20141023,CVE-2014-3688,-1,-1,902351,kernel-source,https://www.suse.com/security/cve/CVE-2014-3688,"The SCTP implementation in the Linux kernel before 3.17.4 allows remote attackers to cause a denial of service (memory consumption) by triggering a large number of chunks in an association's output queue, as demonstrated by ASCONF probes, related to net/sctp/inqueue.c and net/sctp/sm_statefuns.c.",Released
20141023,CVE-2014-3710,-1,-1,902367,file,https://www.suse.com/security/cve/CVE-2014-3710,"The donote function in readelf.c in file through 5.20, as used in the Fileinfo component in PHP 5.4.34, does not ensure that sufficient note headers are present, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted ELF file.",Released
20141027,CVE-2014-4877,-1,-1,902709,wget,https://www.suse.com/security/cve/CVE-2014-4877,"Absolute path traversal vulnerability in GNU Wget before 1.16, when recursion is enabled, allows remote FTP servers to write to arbitrary files, and consequently execute arbitrary code, via a LIST response that references the same filename within two entries, one of which indicates that the filename is for a symlink.",Released
20141027,CVE-2014-7815,-1,-1,902737,kvm,https://www.suse.com/security/cve/CVE-2014-7815,"The set_pixel_format function in ui/vnc.c in QEMU allows remote attackers to cause a denial of service (crash) via a small bytes_per_pixel value.",Released
20141027,CVE-2014-7815,-1,-1,902737,xen,https://www.suse.com/security/cve/CVE-2014-7815,"The set_pixel_format function in ui/vnc.c in QEMU allows remote attackers to cause a denial of service (crash) via a small bytes_per_pixel value.",Released
20141027,CVE-2014-8369,,7.8,892782,kernel-source,https://www.suse.com/security/cve/CVE-2014-8369,"The kvm_iommu_map_pages function in virt/kvm/iommu.c in the Linux kernel through 3.17.2 miscalculates the number of pages during the handling of a mapping failure, which allows guest OS users to cause a denial of service (host OS page unpinning) or possibly have unspecified other impact by leveraging guest OS privileges.  NOTE: this vulnerability exists because of an incorrect fix for CVE-2014-3601.",Already fixed
20141027,CVE-2014-8480,-1,-1,902673,kernel-source,https://www.suse.com/security/cve/CVE-2014-8480,"The instruction decoder in arch/x86/kvm/emulate.c in the KVM subsystem in the Linux kernel before 3.18-rc2 lacks intended decoder-table flags for certain RIP-relative instructions, which allows guest OS users to cause a denial of service (NULL pointer dereference and host OS crash) via a crafted application.",Analysis
20141028,CVE-2014-8080,-1,-1,902851,ruby,https://www.suse.com/security/cve/CVE-2014-8080,"The REXML parser in Ruby 1.9.x before 1.9.3-p550, 2.0.x before 2.0.0-p594, and 2.1.x before 2.1.4 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document, aka an XML Entity Expansion (XEE) attack.",Released
20141030,CVE-2014-8354,-1,-1,903204,ImageMagick,https://www.suse.com/security/cve/CVE-2014-8354,"The HorizontalFilter function in resize.c in ImageMagick before 6.8.9-9 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted image file.",Released
20141103,CVE-2014-8559,,5.5,903640,kernel-source,https://www.suse.com/security/cve/CVE-2014-8559,"The d_walk function in fs/dcache.c in the Linux kernel through 3.17.2 does not properly maintain the semantics of rename_lock, which allows local users to cause a denial of service (deadlock and system hang) via a crafted application.",Released
20141105,CVE-2014-7824,-1,-1,904017,dbus-1,https://www.suse.com/security/cve/CVE-2014-7824,"D-Bus 1.3.0 through 1.6.x before 1.6.26, 1.8.x before 1.8.10, and 1.9.x before 1.9.2 allows local users to cause a denial of service (prevention of new connections and connection drop) by queuing the maximum number of file descriptors.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-3636.1.",Released
20141105,CVE-2014-7825,,7.8,904012,kernel-source,https://www.suse.com/security/cve/CVE-2014-7825,"kernel/trace/trace_syscalls.c in the Linux kernel through 3.17.2 does not properly handle private syscall numbers during use of the perf subsystem, which allows local users to cause a denial of service (out-of-bounds read and OOPS) or bypass the ASLR protection mechanism via a crafted application.",Ignore
20141106,CVE-2014-7145,-1,-1,897101,kernel-source,https://www.suse.com/security/cve/CVE-2014-7145,"The SMB2_tcon function in fs/cifs/smb2pdu.c in the Linux kernel before 3.16.3 allows remote CIFS servers to cause a denial of service (NULL pointer dereference and client system crash) or possibly have unspecified other impact by deleting the IPC$ share during resolution of DFS referrals.",Analysis
20141110,CVE-2014-8594,-1,-1,903967,xen,https://www.suse.com/security/cve/CVE-2014-8594,"The do_mmu_update function in arch/x86/mm.c in Xen 4.x through 4.4.x does not properly restrict updates to only PV page tables, which allows remote PV guests to cause a denial of service (NULL pointer dereference) by leveraging hardware emulation services for HVM guests using Hardware Assisted Paging (HAP).",Already fixed
20141110,CVE-2014-8595,-1,-1,903970,xen,https://www.suse.com/security/cve/CVE-2014-8595,"arch/x86/x86_emulate/x86_emulate.c in Xen 3.2.1 through 4.4.x does not properly check privileges, which allows local HVM guest users to gain privileges or cause a denial of service (crash) via a crafted (1) CALL, (2) JMP, (3) RETF, (4) LCALL, (5) LJMP, or (6) LRET far branch instruction.",Already fixed
20141110,CVE-2014-8651,-1,-1,904625,kdebase4-wallpapers,https://www.suse.com/security/cve/CVE-2014-8651,"The KDE Clock KCM policykit helper in kde-workspace before 4.11.14 and plasma-desktop before 5.1.1 allows local users to gain privileges via a crafted ntpUtility (ntp utility name) argument.",Released
20141110,CVE-2014-8651,-1,-1,904625,kdebase4-workspace,https://www.suse.com/security/cve/CVE-2014-8651,"The KDE Clock KCM policykit helper in kde-workspace before 4.11.14 and plasma-desktop before 5.1.1 allows local users to gain privileges via a crafted ntpUtility (ntp utility name) argument.",Released
20141110,CVE-2014-8709,-1,-1,904700,kernel-source,https://www.suse.com/security/cve/CVE-2014-8709,"The ieee80211_fragment function in net/mac80211/tx.c in the Linux kernel before 3.13.5 does not properly maintain a certain tail pointer, which allows remote attackers to obtain sensitive cleartext information by reading packets.",Already fixed
20141111,CVE-2014-3065,-1,-1,904889,apache2-mod_nss,https://www.suse.com/security/cve/CVE-2014-3065,"Unspecified vulnerability in IBM Java Runtime Environment (JRE) 7 R1 before SR2 (7.1.2.0), 7 before SR8 (7.0.8.0), 6 R1 before SR8 FP2 (6.1.8.2), 6 before SR16 FP2 (6.0.16.2), and before SR16 FP8 (5.0.16.8) allows local users to execute arbitrary code via vectors related to the shared classes cache.",Released
20141111,CVE-2014-3065,-1,-1,904889,cyrus-imapd,https://www.suse.com/security/cve/CVE-2014-3065,"Unspecified vulnerability in IBM Java Runtime Environment (JRE) 7 R1 before SR2 (7.1.2.0), 7 before SR8 (7.0.8.0), 6 R1 before SR8 FP2 (6.1.8.2), 6 before SR16 FP2 (6.0.16.2), and before SR16 FP8 (5.0.16.8) allows local users to execute arbitrary code via vectors related to the shared classes cache.",Released
20141111,CVE-2014-3065,-1,-1,904889,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2014-3065,"Unspecified vulnerability in IBM Java Runtime Environment (JRE) 7 R1 before SR2 (7.1.2.0), 7 before SR8 (7.0.8.0), 6 R1 before SR8 FP2 (6.1.8.2), 6 before SR16 FP2 (6.0.16.2), and before SR16 FP8 (5.0.16.8) allows local users to execute arbitrary code via vectors related to the shared classes cache.",Already fixed
20141111,CVE-2014-3065,-1,-1,904889,openssl,https://www.suse.com/security/cve/CVE-2014-3065,"Unspecified vulnerability in IBM Java Runtime Environment (JRE) 7 R1 before SR2 (7.1.2.0), 7 before SR8 (7.0.8.0), 6 R1 before SR8 FP2 (6.1.8.2), 6 before SR16 FP2 (6.0.16.2), and before SR16 FP8 (5.0.16.8) allows local users to execute arbitrary code via vectors related to the shared classes cache.",Released
20141111,CVE-2014-3065,-1,-1,904889,openwsman,https://www.suse.com/security/cve/CVE-2014-3065,"Unspecified vulnerability in IBM Java Runtime Environment (JRE) 7 R1 before SR2 (7.1.2.0), 7 before SR8 (7.0.8.0), 6 R1 before SR8 FP2 (6.1.8.2), 6 before SR16 FP2 (6.0.16.2), and before SR16 FP8 (5.0.16.8) allows local users to execute arbitrary code via vectors related to the shared classes cache.",Released
20141112,CVE-2014-7840,-1,-1,905097,kvm,https://www.suse.com/security/cve/CVE-2014-7840,"The host_from_stream_offset function in arch_init.c in QEMU, when loading RAM during migration, allows remote attackers to execute arbitrary code via a crafted (1) offset or (2) length value in savevm data.",Already fixed
20141112,CVE-2014-7841,-1,-1,904899,kernel-source,https://www.suse.com/security/cve/CVE-2014-7841,"The sctp_process_param function in net/sctp/sm_make_chunk.c in the SCTP implementation in the Linux kernel before 3.17.4, when ASCONF is used, allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) via a malformed INIT chunk.",Released
20141113,CVE-2014-7842,-1,-1,905312,kernel-source,https://www.suse.com/security/cve/CVE-2014-7842,"Race condition in arch/x86/kvm/x86.c in the Linux kernel before 3.17.4 allows guest OS users to cause a denial of service (guest OS crash) via a crafted application that performs an MMIO transaction or a PIO transaction to trigger a guest userspace emulation error report, a similar issue to CVE-2010-5313.",Already fixed
20141113,CVE-2014-8090,-1,-1,905326,ruby,https://www.suse.com/security/cve/CVE-2014-8090,"The REXML parser in Ruby 1.9.x before 1.9.3 patchlevel 551, 2.0.x before 2.0.0 patchlevel 598, and 2.1.x before 2.1.5 allows remote attackers to cause a denial of service (CPU and memory consumption) a crafted XML document containing an empty string in an entity that is used in a large number of nested entity references, aka an XML Entity Expansion (XEE) attack.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-1821 and CVE-2014-8080.",Released
20141113,CVE-2014-8710,-1,-1,905246,wireshark,https://www.suse.com/security/cve/CVE-2014-8710,"The decompress_sigcomp_message function in epan/sigcomp-udvm.c in the SigComp UDVM dissector in Wireshark 1.10.x before 1.10.11 allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted packet.",Released
20141113,CVE-2014-8711,-1,-1,905245,wireshark,https://www.suse.com/security/cve/CVE-2014-8711,"Multiple integer overflows in epan/dissectors/packet-amqp.c in the AMQP dissector in Wireshark 1.10.x before 1.10.11 and 1.12.x before 1.12.2 allow remote attackers to cause a denial of service (application crash) via a crafted amqp_0_10 PDU in a packet.",Released
20141113,CVE-2014-8712,-1,-1,905248,wireshark,https://www.suse.com/security/cve/CVE-2014-8712,"The build_expert_data function in epan/dissectors/packet-ncp2222.inc in the NCP dissector in Wireshark 1.10.x before 1.10.11 and 1.12.x before 1.12.2 does not properly initialize a data structure, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.",Released
20141113,CVE-2014-8713,-1,-1,905248,wireshark,https://www.suse.com/security/cve/CVE-2014-8713,"Stack-based buffer overflow in the build_expert_data function in epan/dissectors/packet-ncp2222.inc in the NCP dissector in Wireshark 1.10.x before 1.10.11 and 1.12.x before 1.12.2 allows remote attackers to cause a denial of service (application crash) via a crafted packet.",Released
20141113,CVE-2014-8714,,,905247,wireshark,https://www.suse.com/security/cve/CVE-2014-8714,"The dissect_write_structured_field function in epan/dissectors/packet-tn5250.c in the TN5250 dissector in Wireshark 1.10.x before 1.10.11 and 1.12.x before 1.12.2 allows remote attackers to cause a denial of service (infinite loop) via a crafted packet.",Released
20141113,CVE-2014-8716,-1,-1,905260,ImageMagick,https://www.suse.com/security/cve/CVE-2014-8716,"The JPEG decoder in ImageMagick before 6.8.9-9 allows local users to cause a denial of service (out-of-bounds memory access and crash).",Released
20141114,CVE-2014-8884,-1,-1,904876,kernel-source,https://www.suse.com/security/cve/CVE-2014-8884,"Stack-based buffer overflow in the ttusbdecfe_dvbs_diseqc_send_master_cmd function in drivers/media/usb/ttusb-dec/ttusbdecfe.c in the Linux kernel before 3.17.4 allows local users to cause a denial of service (system crash) or possibly gain privileges via a large message length in an ioctl call.",Already fixed
20141117,CVE-2014-8600,-1,-1,905742,kdebase4-runtime,https://www.suse.com/security/cve/CVE-2014-8600,"Multiple cross-site scripting (XSS) vulnerabilities in KDE-Runtime 4.14.3 and earlier, kwebkitpart 1.3.4 and earlier, and kio-extras 5.1.1 and earlier allow remote attackers to inject arbitrary web script or HTML via a crafted URI using the (1) zip, (2) trash, (3) tar, (4) thumbnail, (5) smtps, (6) smtp, (7) smb, (8) remote, (9) recentdocuments, (10) nntps, (11) nntp, (12) network, (13) mbox, (14) ldaps, (15) ldap, (16) fonts, (17) file, (18) desktop, (19) cgi, (20) bookmarks, or (21) ar scheme, which is not properly handled in an error message.",Affected
20141117,CVE-2014-8866,-1,-1,903970,xen,https://www.suse.com/security/cve/CVE-2014-8866,"The compatibility mode hypercall argument translation in Xen 3.3.x through 4.4.x, when running on a 64-bit hypervisor, allows local 32-bit HVM guests to cause a denial of service (host crash) via vectors involving altering the high halves of registers while in 64-bit mode.",Already fixed
20141117,CVE-2014-8867,-1,-1,903970,xen,https://www.suse.com/security/cve/CVE-2014-8867,"The acceleration support for the \"REP MOVS\" instruction in Xen 4.4.x, 3.2.x, and earlier lacks properly bounds checking for memory mapped I/O (MMIO) emulated in the hypervisor, which allows local HVM guests to cause a denial of service (host crash) via unspecified vectors.",Already fixed
20141118,CVE-2014-8767,-1,-1,905870,tcpdump,https://www.suse.com/security/cve/CVE-2014-8767,"Integer underflow in the olsr_print function in tcpdump 3.9.6 through 4.6.2, when in verbose mode, allows remote attackers to cause a denial of service (crash) via a crafted length value in an OLSR frame.",Released
20141118,CVE-2014-8768,-1,-1,905871,tcpdump,https://www.suse.com/security/cve/CVE-2014-8768,"Multiple Integer underflows in the geonet_print function in tcpdump 4.5.0 through 4.6.2, when in verbose mode, allow remote attackers to cause a denial of service (segmentation fault and crash) via a crafted length value in a Geonet frame.",Released
20141118,CVE-2014-8769,-1,-1,905871,tcpdump,https://www.suse.com/security/cve/CVE-2014-8769,"tcpdump 3.8 through 4.6.2 might allow remote attackers to obtain sensitive information from memory or cause a denial of service (packet loss or segmentation fault) via a crafted Ad hoc On-Demand Distance Vector (AODV) packet, which triggers an out-of-bounds memory access.",Released
20141119,CVE-2013-6497,-1,-1,1040662,clamav,https://www.suse.com/security/cve/CVE-2013-6497,"clamscan in ClamAV before 0.98.5, when using -a option, allows remote attackers to cause a denial of service (crash) as demonstrated by the jwplayer.js file.",Released
20141120,CVE-2014-7817,-1,-1,906371,glibc,https://www.suse.com/security/cve/CVE-2014-7817,"The wordexp function in GNU C Library (aka glibc) 2.21 does not enforce the WRDE_NOCMD flag, which allows context-dependent attackers to execute arbitrary commands, as demonstrated by input containing \"$((`...`))\".",Released
20141121,CVE-2014-9029,-1,-1,1178702,jasper,https://www.suse.com/security/cve/CVE-2014-9029,"Multiple off-by-one errors in the (1) jpc_dec_cp_setfromcox and (2) jpc_dec_cp_setfromrgn functions in jpc/jpc_dec.c in JasPer 1.900.1 and earlier allow remote attackers to execute arbitrary code via a crafted jp2 file, which triggers a heap-based buffer overflow.",Released
20141121,CVE-2014-9030,-1,-1,903970,xen,https://www.suse.com/security/cve/CVE-2014-9030,"The do_mmu_update function in arch/x86/mm.c in Xen 3.2.x through 4.4.x does not properly manage page references, which allows remote domains to cause a denial of service by leveraging control over an HVM guest and a crafted MMU_MACHPHYS_UPDATE.",Already fixed
20141124,CVE-2014-8962,-1,-1,906831,openvpn,https://www.suse.com/security/cve/CVE-2014-8962,"Stack-based buffer overflow in stream_decoder.c in libFLAC before 1.3.1 allows remote attackers to execute arbitrary code via a crafted .flac file.",Released
20141124,CVE-2014-9050,-1,-1,1040662,clamav,https://www.suse.com/security/cve/CVE-2014-9050,"Heap-based buffer overflow in the cli_scanpe function in libclamav/pe.c in ClamAV before 0.98.5 allows remote attackers to cause a denial of service (crash) via a crafted y0da Crypter PE file.",Released
20141126,CVE-2014-8092,6.8,,1000496,php53,https://www.suse.com/security/cve/CVE-2014-8092,"Multiple integer overflows in X.Org X Window System (aka X11 or X) X11R1 and X.Org Server (aka xserver and xorg-server) before 1.16.3 allow remote authenticated users to cause a denial of service (crash) or possibly execute arbitrary code via a crafted request to the (1) ProcPutImage, (2) GetHosts, (3) RegionSizeof, or (4) REQUEST_FIXED_SIZE function, which triggers an out-of-bounds read or write.",Released
20141126,CVE-2014-8092,6.8,,1000496,xorg-x11-server,https://www.suse.com/security/cve/CVE-2014-8092,"Multiple integer overflows in X.Org X Window System (aka X11 or X) X11R1 and X.Org Server (aka xserver and xorg-server) before 1.16.3 allow remote authenticated users to cause a denial of service (crash) or possibly execute arbitrary code via a crafted request to the (1) ProcPutImage, (2) GetHosts, (3) RegionSizeof, or (4) REQUEST_FIXED_SIZE function, which triggers an out-of-bounds read or write.",Already fixed
20141126,CVE-2014-8093,-1,-1,1000496,xorg-x11-server,https://www.suse.com/security/cve/CVE-2014-8093,"Multiple integer overflows in the GLX extension in XFree86 4.0, X.Org X Window System (aka X11 or X) X11R6.7, and X.Org Server (aka xserver and xorg-server) before 1.16.3 allow remote authenticated users to cause a denial of service (crash) or possibly execute arbitrary code via a crafted request to the (1) __glXDisp_ReadPixels, (2) __glXDispSwap_ReadPixels, (3) __glXDisp_GetTexImage, (4) __glXDispSwap_GetTexImage, (5) GetSeparableFilter, (6) GetConvolutionFilter, (7) GetHistogram, (8) GetMinmax, (9) GetColorTable, (10) __glXGetAnswerBuffer, (11) __GLX_GET_ANSWER_BUFFER, (12) __glXMap1dReqSize, (13) __glXMap1fReqSize, (14) Map2Size, (15) __glXMap2dReqSize, (16) __glXMap2fReqSize, (17) __glXImageSize, or (18) __glXSeparableFilter2DReqSize function, which triggers an out-of-bounds read or write.",Released
20141126,CVE-2014-8094,-1,-1,1000496,xorg-x11-server,https://www.suse.com/security/cve/CVE-2014-8094,"Integer overflow in the ProcDRI2GetBuffers function in the DRI2 extension in X.Org Server (aka xserver and xorg-server) 1.7.0 through 1.16.x before 1.16.3 allows remote authenticated users to cause a denial of service (crash) or possibly execute arbitrary code via a crafted request, which triggers an out-of-bounds read or write.",Released
20141126,CVE-2014-8095,-1,-1,1000496,xorg-x11-server,https://www.suse.com/security/cve/CVE-2014-8095,"The XInput extension in X.Org X Window System (aka X11 or X) X11R4 and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a crafted length or index value to the (1) SProcXChangeDeviceControl, (2) ProcXChangeDeviceControl, (3) ProcXChangeFeedbackControl, (4) ProcXSendExtensionEvent, (5) SProcXIAllowEvents, (6) SProcXIChangeCursor, (7) ProcXIChangeHierarchy, (8) SProcXIGetClientPointer, (9) SProcXIGrabDevice, (10) SProcXIUngrabDevice, (11) ProcXIUngrabDevice, (12) SProcXIPassiveGrabDevice, (13) ProcXIPassiveGrabDevice, (14) SProcXIPassiveUngrabDevice, (15) ProcXIPassiveUngrabDevice, (16) SProcXListDeviceProperties, (17) SProcXDeleteDeviceProperty, (18) SProcXIListProperties, (19) SProcXIDeleteProperty, (20) SProcXIGetProperty, (21) SProcXIQueryDevice, (22) SProcXIQueryPointer, (23) SProcXISelectEvents, (24) SProcXISetClientPointer, (25) SProcXISetFocus, (26) SProcXIGetFocus, or (27) SProcXIWarpPointer function.",Released
20141126,CVE-2014-8096,-1,-1,1000496,xorg-x11-server,https://www.suse.com/security/cve/CVE-2014-8096,"The SProcXCMiscGetXIDList function in the XC-MISC extension in X.Org X Window System (aka X11 or X) X11R6.0 and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a crafted length or index value.",Released
20141126,CVE-2014-8097,-1,-1,1000496,xorg-x11-server,https://www.suse.com/security/cve/CVE-2014-8097,"The DBE extension in X.Org X Window System (aka X11 or X) X11R6.1 and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a crafted length or index value to the (1) ProcDbeSwapBuffers or (2) SProcDbeSwapBuffers function.",Released
20141126,CVE-2014-8098,-1,-1,1000496,xorg-x11-server,https://www.suse.com/security/cve/CVE-2014-8098,"The GLX extension in XFree86 4.0, X.Org X Window System (aka X11 or X) X11R6.7, and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a crafted length or index value to the (1) __glXDisp_Render, (2) __glXDisp_RenderLarge, (3) __glXDispSwap_VendorPrivate, (4) __glXDispSwap_VendorPrivateWithReply, (5) set_client_info, (6) __glXDispSwap_SetClientInfoARB, (7) DoSwapInterval, (8) DoGetProgramString, (9) DoGetString, (10) __glXDispSwap_RenderMode, (11) __glXDisp_GetCompressedTexImage, (12) __glXDispSwap_GetCompressedTexImage, (13) __glXDisp_FeedbackBuffer, (14) __glXDispSwap_FeedbackBuffer, (15) __glXDisp_SelectBuffer, (16) __glXDispSwap_SelectBuffer, (17) __glXDisp_Flush, (18) __glXDispSwap_Flush, (19) __glXDisp_Finish, (20) __glXDispSwap_Finish, (21) __glXDisp_ReadPixels, (22) __glXDispSwap_ReadPixels, (23) __glXDisp_GetTexImage, (24) __glXDispSwap_GetTexImage, (25) __glXDisp_GetPolygonStipple, (26) __glXDispSwap_GetPolygonStipple, (27) __glXDisp_GetSeparableFilter, (28) __glXDisp_GetSeparableFilterEXT, (29) __glXDisp_GetConvolutionFilter, (30) __glXDisp_GetConvolutionFilterEXT, (31) __glXDisp_GetHistogram, (32) __glXDisp_GetHistogramEXT, (33) __glXDisp_GetMinmax, (34) __glXDisp_GetMinmaxEXT, (35) __glXDisp_GetColorTable, (36) __glXDisp_GetColorTableSGI, (37) GetSeparableFilter, (38) GetConvolutionFilter, (39) GetHistogram, (40) GetMinmax, or (41) GetColorTable function.",Released
20141126,CVE-2014-8099,-1,-1,1000496,xorg-x11-server,https://www.suse.com/security/cve/CVE-2014-8099,"The XVideo extension in XFree86 4.0.0, X.Org X Window System (aka X11 or X) X11R6.7, and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a crafted length or index value to the (1) SProcXvQueryExtension, (2) SProcXvQueryAdaptors, (3) SProcXvQueryEncodings, (4) SProcXvGrabPort, (5) SProcXvUngrabPort, (6) SProcXvPutVideo, (7) SProcXvPutStill, (8) SProcXvGetVideo, (9) SProcXvGetStill, (10) SProcXvPutImage, (11) SProcXvShmPutImage, (12) SProcXvSelectVideoNotify, (13) SProcXvSelectPortNotify, (14) SProcXvStopVideo, (15) SProcXvSetPortAttribute, (16) SProcXvGetPortAttribute, (17) SProcXvQueryBestSize, (18) SProcXvQueryPortAttributes, (19) SProcXvQueryImageAttributes, or (20) SProcXvListImageFormats function.",Released
20141126,CVE-2014-8100,-1,-1,1000496,xorg-x11-server,https://www.suse.com/security/cve/CVE-2014-8100,"The Render extension in XFree86 4.0.1, X.Org X Window System (aka X11 or X) X11R6.7, and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a crafted length or index value to the (1) ProcRenderQueryVersion, (2) SProcRenderQueryVersion, (3) SProcRenderQueryPictFormats, (4) SProcRenderQueryPictIndexValues, (5) SProcRenderCreatePicture, (6) SProcRenderChangePicture, (7) SProcRenderSetPictureClipRectangles, (8) SProcRenderFreePicture, (9) SProcRenderComposite, (10) SProcRenderScale, (11) SProcRenderCreateGlyphSet, (12) SProcRenderReferenceGlyphSet, (13) SProcRenderFreeGlyphSet, (14) SProcRenderFreeGlyphs, or (15) SProcRenderCompositeGlyphs function.",Released
20141126,CVE-2014-8101,-1,-1,1000496,xorg-x11-server,https://www.suse.com/security/cve/CVE-2014-8101,"The RandR extension in XFree86 4.2.0, X.Org X Window System (aka X11 or X) X11R6.7, and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a crafted length or index value to the (1) SProcRRQueryVersion, (2) SProcRRGetScreenInfo, (3) SProcRRSelectInput, or (4) SProcRRConfigureOutputProperty function.",Released
20141126,CVE-2014-8102,-1,-1,1000496,xorg-x11-server,https://www.suse.com/security/cve/CVE-2014-8102,"The SProcXFixesSelectSelectionInput function in the XFixes extension in X.Org X Window System (aka X11 or X) X11R6.8.0 and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a crafted length value.",Released
20141126,CVE-2014-9065,-1,-1,906996,xen,https://www.suse.com/security/cve/CVE-2014-9065,"common/spinlock.c in Xen 4.4.x and earlier does not properly handle read and write locks, which allows local x86 guest users to cause a denial of service (write denial or NMI watchdog timeout and host crash) via a large number of read requests, a different vulnerability to CVE-2014-9066.",Already fixed
20141126,CVE-2014-9066,-1,-1,906996,xen,https://www.suse.com/security/cve/CVE-2014-9066,"Xen 4.4.x and earlier, when using a large number of VCPUs, does not properly handle read and write locks, which allows local x86 guest users to cause a denial of service (write denial or NMI watchdog timeout and host crash) via a large number of read requests, a different vulnerability than CVE-2014-9065.",Already fixed
20141126,CVE-2014-9087,-1,-1,907074,libksba,https://www.suse.com/security/cve/CVE-2014-9087,"Integer underflow in the ksba_oid_to_str function in Libksba before 1.3.2, as used in GnuPG, allows remote attackers to cause a denial of service (crash) via a crafted OID in a (1) S/MIME message or (2) ECC based OpenPGP data, which triggers a buffer overflow.",Released
20141127,CVE-2014-9112,-1,-1,907456,cpio,https://www.suse.com/security/cve/CVE-2014-9112,"Heap-based buffer overflow in the process_copy_in function in GNU Cpio 2.11 allows remote attackers to cause a denial of service via a large block value in a cpio archive.",Released
20141127,CVE-2014-9116,-1,-1,907453,mutt,https://www.suse.com/security/cve/CVE-2014-9116,"The write_one_header function in mutt 1.5.23 does not properly handle newline characters at the beginning of a header, which allows remote attackers to cause a denial of service (crash) via a header with an empty body, which triggers a heap-based buffer overflow in the mutt_substrdup function.",Released
20141128,CVE-2013-6435,-1,-1,1101137,rpm,https://www.suse.com/security/cve/CVE-2013-6435,"Race condition in RPM 4.11.1 and earlier allows remote attackers to execute arbitrary code via a crafted RPM file whose installation extracts the contents to temporary files before validating the signature, as demonstrated by installing a file in the /etc/cron.d directory.",Released
20141201,CVE-2014-8106,-1,-1,1023004,kvm,https://www.suse.com/security/cve/CVE-2014-8106,"Heap-based buffer overflow in the Cirrus VGA emulator (hw/display/cirrus_vga.c) in QEMU before 2.2.0 allows local guest users to execute arbitrary code via vectors related to blit regions. NOTE: this vulnerability exists because an incomplete fix for CVE-2007-1320.",Already fixed
20141201,CVE-2014-8106,-1,-1,1023004,xen,https://www.suse.com/security/cve/CVE-2014-8106,"Heap-based buffer overflow in the Cirrus VGA emulator (hw/display/cirrus_vga.c) in QEMU before 2.2.0 allows local guest users to execute arbitrary code via vectors related to blit regions. NOTE: this vulnerability exists because an incomplete fix for CVE-2007-1320.",Released
20141201,CVE-2014-9090,-1,-1,817142,kernel-source,https://www.suse.com/security/cve/CVE-2014-9090,"The do_double_fault function in arch/x86/kernel/traps.c in the Linux kernel through 3.17.4 does not properly handle faults associated with the Stack Segment (SS) segment register, which allows local users to cause a denial of service (panic) via a modify_ldt system call, as demonstrated by sigreturn_32 in the linux-clock-tests test suite.",Already fixed
20141202,CVE-2014-8104,-1,-1,907764,openvpn,https://www.suse.com/security/cve/CVE-2014-8104,"OpenVPN 2.x before 2.0.11, 2.1.x, 2.2.x before 2.2.3, and 2.3.x before 2.3.6 allows remote authenticated users to cause a denial of service (server crash) via a small control channel packet.",Released
20141203,CVE-2014-8118,-1,-1,1101137,rpm,https://www.suse.com/security/cve/CVE-2014-8118,"Integer overflow in RPM 4.12 and earlier allows remote attackers to execute arbitrary code via a crafted CPIO header in the payload section of an RPM file, which triggers a stack-based buffer overflow.",Released
20141209,CVE-2014-8133,-1,-1,817142,kernel-source,https://www.suse.com/security/cve/CVE-2014-8133,"arch/x86/kernel/tls.c in the Thread Local Storage (TLS) implementation in the Linux kernel through 3.18.1 allows local users to bypass the espfix protection mechanism, and consequently makes it easier for local users to bypass the ASLR protection mechanism, via a crafted application that makes a set_thread_area system call and later reads a 16-bit value.",Released
20141209,CVE-2014-8134,,3.3,907818,kernel-source,https://www.suse.com/security/cve/CVE-2014-8134,"The paravirt_ops_setup function in arch/x86/kernel/kvm.c in the Linux kernel through 3.18 uses an improper paravirt_enabled setting for KVM guest kernels, which makes it easier for guest OS users to bypass the ASLR protection mechanism via a crafted application that reads a 16-bit value.",Already fixed
20141209,CVE-2014-8500,-1,-1,908994,bind,https://www.suse.com/security/cve/CVE-2014-8500,"ISC BIND 9.0.x through 9.8.x, 9.9.0 through 9.9.6, and 9.10.0 through 9.10.1 does not limit delegation chaining, which allows remote attackers to cause a denial of service (memory consumption and named crash) via a large or infinite number of referrals.",Released
20141210,CVE-2004-2771,-1,-1,909208,mailx,https://www.suse.com/security/cve/CVE-2004-2771,"The expand function in fio.c in Heirloom mailx 12.5 and earlier and BSD mailx 8.1.2 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in an email address.",Released
20141210,CVE-2014-7844,7.8,7.8,909208,mailx,https://www.suse.com/security/cve/CVE-2014-7844,"BSD mailx 8.1.2 and earlier allows remote attackers to execute arbitrary commands via a crafted email address.",Released
20141211,CVE-2014-8137,-1,-1,1178702,jasper,https://www.suse.com/security/cve/CVE-2014-8137,"Double free vulnerability in the jas_iccattrval_destroy function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted ICC color profile in a JPEG 2000 image file.",Released
20141211,CVE-2014-8138,-1,-1,1178702,jasper,https://www.suse.com/security/cve/CVE-2014-8138,"Heap-based buffer overflow in the jp2_decode function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted JPEG 2000 file.",Released
20141212,CVE-2014-9365,,,909713,python,https://www.suse.com/security/cve/CVE-2014-9365,"The HTTP clients in the (1) httplib, (2) urllib, (3) urllib2, and (4) xmlrpclib libraries in CPython (aka Python) 2.x before 2.7.9 and 3.x before 3.4.3, when accessing an HTTPS URL, do not (a) check the certificate against a trust store or verify that the server hostname matches a domain name in the subject's (b) Common Name or (c) subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.",Unsupported
20141215,CVE-2014-8139,,7.8,909214,unzip,https://www.suse.com/security/cve/CVE-2014-8139,"Heap-based buffer overflow in the CRC32 verification in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command.",Released
20141215,CVE-2014-8140,,7.8,909214,unzip,https://www.suse.com/security/cve/CVE-2014-8140,"Heap-based buffer overflow in the test_compr_eb function in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command.",Released
20141215,CVE-2014-8141,,7.8,909214,unzip,https://www.suse.com/security/cve/CVE-2014-8141,"Heap-based buffer overflow in the getZip64Data function in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command.",Released
20141216,CVE-2014-9322,,7.8,1115893,kernel-source,https://www.suse.com/security/cve/CVE-2014-9322,"arch/x86/kernel/entry_64.S in the Linux kernel before 3.17.5 does not properly handle faults associated with the Stack Segment (SS) segment register, which allows local users to gain privileges by triggering an IRET instruction that leads to access to a GS Base address from the wrong space.",Already fixed
20141217,CVE-2014-5353,-1,-1,910457,krb5,https://www.suse.com/security/cve/CVE-2014-5353,"The krb5_ldap_get_password_policy_from_dn function in plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c in MIT Kerberos 5 (aka krb5) before 1.13.1, when the KDC uses LDAP, allows remote authenticated users to cause a denial of service (daemon crash) via a successful LDAP query with no results, as demonstrated by using an incorrect object type for a password policy.",Released
20141217,CVE-2014-5354,-1,-1,910458,krb5,https://www.suse.com/security/cve/CVE-2014-5354,"plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.1, when the KDC uses LDAP, allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by creating a database entry for a keyless principal, as demonstrated by a kadmin \"add_principal -nokey\" or \"purgekeys -all\" command.",Released
20141218,CVE-2014-8142,-1,-1,910659,php53,https://www.suse.com/security/cve/CVE-2014-8142,"Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.36, 5.5.x before 5.5.20, and 5.6.x before 5.6.4 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages improper handling of duplicate keys within the serialized properties of an object, a different vulnerability than CVE-2004-1019.",Released
20141218,CVE-2014-9402,-1,-1,910599,glibc,https://www.suse.com/security/cve/CVE-2014-9402,"The nss_dns implementation of getnetbyname in GNU C Library (aka glibc) before 2.21, when the DNS backend in the Name Service Switch configuration is enabled, allows remote attackers to cause a denial of service (infinite loop) by sending a positive answer while a network name is being process.",Released
20141218,CVE-2015-0361,-1,-1,910681,xen,https://www.suse.com/security/cve/CVE-2015-0361,"Use-after-free vulnerability in Xen 4.2.x, 4.3.x, and 4.4.x allows remote domains to cause a denial of service (system crash) via a crafted hypercall during HVM guest teardown.",Already fixed
20141219,CVE-2014-9293,-1,-1,910764,ntp,https://www.suse.com/security/cve/CVE-2014-9293,"The config_auth function in ntpd in NTP before 4.2.7p11, when an auth key is not configured, improperly generates a key, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack.",Already fixed
20141219,CVE-2014-9294,-1,-1,910764,ntp,https://www.suse.com/security/cve/CVE-2014-9294,"util/ntp-keygen.c in ntp-keygen in NTP before 4.2.7p230 uses a weak RNG seed, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack.",Already fixed
20141219,CVE-2014-9295,-1,-1,910764,ntp,https://www.suse.com/security/cve/CVE-2014-9295,"Multiple stack-based buffer overflows in ntpd in NTP before 4.2.8 allow remote attackers to execute arbitrary code via a crafted packet, related to (1) the crypto_recv function when the Autokey Authentication feature is used, (2) the ctl_putdata function, and (3) the configure function.",Already fixed
20141219,CVE-2014-9296,,,910764,ntp,https://www.suse.com/security/cve/CVE-2014-9296,"The receive function in ntp_proto.c in ntpd in NTP before 4.2.8 continues to execute after detecting a certain authentication error, which might allow remote attackers to trigger an unintended association change via crafted packets.",Already fixed
20141229,CVE-2014-9419,-1,-1,911326,kernel-source,https://www.suse.com/security/cve/CVE-2014-9419,"The __switch_to function in arch/x86/kernel/process_64.c in the Linux kernel through 3.18.1 does not ensure that Thread Local Storage (TLS) descriptors are loaded before proceeding with other steps, which makes it easier for local users to bypass the ASLR protection mechanism via a crafted application that reads a TLS base address.",Released
20141229,CVE-2014-9420,-1,-1,906545,kernel-source,https://www.suse.com/security/cve/CVE-2014-9420,"The rock_continue function in fs/isofs/rock.c in the Linux kernel through 3.18.1 does not restrict the number of Rock Ridge continuation entries, which allows local users to cause a denial of service (infinite loop, and system crash or hang) via a crafted iso9660 image.",Released
20141230,CVE-2014-8150,-1,-1,911363,curl,https://www.suse.com/security/cve/CVE-2014-8150,"CRLF injection vulnerability in libcurl 6.0 through 7.x before 7.40.0, when using an HTTP proxy, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in a URL.",Released
20150102,CVE-2014-9425,-1,-1,911535,php53,https://www.suse.com/security/cve/CVE-2014-9425,"Double free vulnerability in the zend_ts_hash_graceful_destroy function in zend_ts_hash.c in the Zend Engine in PHP through 5.5.20 and 5.6.x through 5.6.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.",Analysis
20150105,CVE-2014-9447,-1,-1,911662,elfutils,https://www.suse.com/security/cve/CVE-2014-9447,"Directory traversal vulnerability in the read_long_names function in libelf/elf_begin.c in elfutils 0.152 and 0.161 allows remote attackers to write to arbitrary files to the root directory via a / (slash) in a crafted archive, as demonstrated using the ar program.",Released
20150106,CVE-2014-9471,-1,-1,911832,coreutils,https://www.suse.com/security/cve/CVE-2014-9471,"The parse_datetime function in GNU coreutils allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted date string, as demonstrated by the \"--date=TZ=\"123\"345\" @1\" string to the touch or date command.",Released
20150106,CVE-2014-9474,-1,-1,911812,mpfr,https://www.suse.com/security/cve/CVE-2014-9474,"Buffer overflow in the mpfr_strtofr function in GNU MPFR before 3.1.2-p11 allows context-dependent attackers to have unspecified impact via vectors related to incorrect documentation for mpn_set_str.",Released
20150106,CVE-2014-9496,-1,-1,911796,libsndfile,https://www.suse.com/security/cve/CVE-2014-9496,"The sd2_parse_rsrc_fork function in sd2.c in libsndfile allows attackers to have unspecified impact via vectors related to a (1) map offset or (2) rsrc marker, which triggers an out-of-bounds read.",Released
20150107,CVE-2014-3572,-1,-1,912015,openssl,https://www.suse.com/security/cve/CVE-2014-3572,"The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct ECDHE-to-ECDH downgrade attacks and trigger a loss of forward secrecy by omitting the ServerKeyExchange message.",Released
20150107,CVE-2014-5352,-1,-1,1005509,krb5,https://www.suse.com/security/cve/CVE-2014-5352,"The krb5_gss_process_context_token function in lib/gssapi/krb5/process_context_token.c in the libgssapi_krb5 library in MIT Kerberos 5 (aka krb5) through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 does not properly maintain security-context handles, which allows remote authenticated users to cause a denial of service (use-after-free and double free, and daemon crash) or possibly execute arbitrary code via crafted GSSAPI traffic, as demonstrated by traffic to kadmind.",Released
20150107,CVE-2014-8157,-1,-1,1178702,jasper,https://www.suse.com/security/cve/CVE-2014-8157,"Off-by-one error in the jpc_dec_process_sot function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted JPEG 2000 image, which triggers a heap-based buffer overflow.",Released
20150107,CVE-2014-8158,-1,-1,1178702,jasper,https://www.suse.com/security/cve/CVE-2014-8158,"Multiple stack-based buffer overflows in jpc_qmfb.c in JasPer 1.900.1 and earlier allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted JPEG 2000 image.",Released
20150107,CVE-2014-8275,-1,-1,912018,openssl,https://www.suse.com/security/cve/CVE-2014-8275,"OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not enforce certain constraints on certificate data, which allows remote attackers to defeat a fingerprint-based certificate-blacklist protection mechanism by including crafted data within a certificate's unsigned portion, related to crypto/asn1/a_verify.c, crypto/dsa/dsa_asn1.c, crypto/ecdsa/ecs_vrf.c, and crypto/x509/x_all.c.",Released
20150107,CVE-2014-9421,-1,-1,1005509,krb5,https://www.suse.com/security/cve/CVE-2014-9421,"The auth_gssapi_unwrap_data function in lib/rpc/auth_gssapi_misc.c in MIT Kerberos 5 (aka krb5) through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 does not properly handle partial XDR deserialization, which allows remote authenticated users to cause a denial of service (use-after-free and double free, and daemon crash) or possibly execute arbitrary code via malformed XDR data, as demonstrated by data sent to kadmind.",Released
20150107,CVE-2014-9422,-1,-1,1005509,krb5,https://www.suse.com/security/cve/CVE-2014-9422,"The check_rpcsec_auth function in kadmin/server/kadm_rpc_svc.c in kadmind in MIT Kerberos 5 (aka krb5) through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 allows remote authenticated users to bypass a kadmin/* authorization check and obtain administrative access by leveraging access to a two-component principal with an initial \"kadmind\" substring, as demonstrated by a \"ka/x\" principal.",Released
20150107,CVE-2014-9423,-1,-1,1005509,krb5,https://www.suse.com/security/cve/CVE-2014-9423,"The svcauth_gss_accept_sec_context function in lib/rpc/svc_auth_gss.c in MIT Kerberos 5 (aka krb5) 1.11.x through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 transmits uninitialized interposer data to clients, which allows remote attackers to obtain sensitive information from process heap memory by sniffing the network for data in a handle field.",Released
20150107,CVE-2015-0204,,,912014,openssl,https://www.suse.com/security/cve/CVE-2015-0204,"The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct RSA-to-EXPORT_RSA downgrade attacks and facilitate brute-force decryption by offering a weak ephemeral RSA key in a noncompliant role, related to the \"FREAK\" issue.  NOTE: the scope of this CVE is only client code based on OpenSSL, not EXPORT_RSA issues associated with servers or other TLS implementations.",Released
20150107,CVE-2015-0556,-1,-1,912072,unarj,https://www.suse.com/security/cve/CVE-2015-0556,"Open-source ARJ archiver 3.10.22 allows remote attackers to conduct directory traversal attacks via a symlink attack in an ARJ archive.",Already fixed
20150107,CVE-2015-0557,-1,-1,912072,unarj,https://www.suse.com/security/cve/CVE-2015-0557,"Open-source ARJ archiver 3.10.22 does not properly remove leading slashes from paths, which allows remote attackers to conduct absolute path traversal attacks and write to arbitrary files via multiple leading slashes in a path in an ARJ archive.",Already fixed
20150108,CVE-2014-3570,,,912296,openssl,https://www.suse.com/security/cve/CVE-2014-3570,"The BN_sqr implementation in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not properly calculate the square of a BIGNUM value, which might make it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors, related to crypto/bn/asm/mips.pl, crypto/bn/asm/x86_64-gcc.c, and crypto/bn/bn_asm.c.",Released
20150108,CVE-2014-3571,,,912294,openssl,https://www.suse.com/security/cve/CVE-2014-3571,"OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted DTLS message that is processed with a different read operation for the handshake header than for the handshake body, related to the dtls1_get_record function in d1_pkt.c and the ssl3_read_n function in s3_pkt.c.",Released
20150108,CVE-2014-9529,-1,-1,1072204,kernel-source,https://www.suse.com/security/cve/CVE-2014-9529,"Race condition in the key_gc_unused_keys function in security/keys/gc.c in the Linux kernel through 3.18.2 allows local users to cause a denial of service (memory corruption or panic) or possibly have unspecified other impact via keyctl commands that trigger access to a key structure member during garbage collection of a key.",Already fixed
20150108,CVE-2014-9529,-1,-1,1072204,php53,https://www.suse.com/security/cve/CVE-2014-9529,"Race condition in the key_gc_unused_keys function in security/keys/gc.c in the Linux kernel through 3.18.2 allows local users to cause a denial of service (memory corruption or panic) or possibly have unspecified other impact via keyctl commands that trigger access to a key structure member during garbage collection of a key.",Released
20150108,CVE-2014-9556,-1,-1,912214,libmspack,https://www.suse.com/security/cve/CVE-2014-9556,"Integer overflow in the qtmd_decompress function in libmspack 0.4 allows remote attackers to cause a denial of service (hang) via a crafted CAB file, which triggers an infinite loop.",Affected
20150108,CVE-2015-0205,-1,-1,912293,openssl,https://www.suse.com/security/cve/CVE-2015-0205,"The ssl3_get_cert_verify function in s3_srvr.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k accepts client authentication with a Diffie-Hellman (DH) certificate without requiring a CertificateVerify message, which allows remote attackers to obtain access without knowledge of a private key via crafted TLS Handshake Protocol traffic to a server that recognizes a Certification Authority with DH support.",Released
20150108,CVE-2015-0206,-1,-1,912292,openssl,https://www.suse.com/security/cve/CVE-2015-0206,"Memory leak in the dtls1_buffer_record function in d1_pkt.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k allows remote attackers to cause a denial of service (memory consumption) by sending many duplicate records for the next epoch, leading to failure of replay detection.",Released
20150108,CVE-2015-0559,-1,-1,912365,wireshark,https://www.suse.com/security/cve/CVE-2015-0559,"Multiple use-after-free vulnerabilities in epan/dissectors/packet-wccp.c in the WCCP dissector in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 allow remote attackers to cause a denial of service (application crash) via a crafted packet, related to the use of packet-scope memory instead of pinfo-scope memory.",Released
20150108,CVE-2015-0560,-1,-1,912365,wireshark,https://www.suse.com/security/cve/CVE-2015-0560,"The dissect_wccp2r1_address_table_info function in epan/dissectors/packet-wccp.c in the WCCP dissector in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 does not initialize certain data structures, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.",Released
20150108,CVE-2015-0561,-1,-1,912368,wireshark,https://www.suse.com/security/cve/CVE-2015-0561,"asn1/lpp/lpp.cnf in the LPP dissector in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 does not validate a certain index value, which allows remote attackers to cause a denial of service (out-of-bounds memory access and application crash) via a crafted packet.",Released
20150108,CVE-2015-0562,-1,-1,912369,wireshark,https://www.suse.com/security/cve/CVE-2015-0562,"Multiple use-after-free vulnerabilities in epan/dissectors/packet-dec-dnart.c in the DEC DNA Routing Protocol dissector in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 allow remote attackers to cause a denial of service (application crash) via a crafted packet, related to the use of packet-scope memory instead of pinfo-scope memory.",Released
20150108,CVE-2015-0563,-1,-1,912370,wireshark,https://www.suse.com/security/cve/CVE-2015-0563,"epan/dissectors/packet-smtp.c in the SMTP dissector in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 uses an incorrect length value for certain string-append operations, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.",Released
20150108,CVE-2015-0564,-1,-1,912372,wireshark,https://www.suse.com/security/cve/CVE-2015-0564,"Buffer underflow in the ssl_decrypt_record function in epan/dissectors/packet-ssl-utils.c in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 allows remote attackers to cause a denial of service (application crash) via a crafted packet that is improperly handled during decryption of an SSL session.",Released
20150109,CVE-2014-9428,-1,-1,912429,kernel-source,https://www.suse.com/security/cve/CVE-2014-9428,"The batadv_frag_merge_packets function in net/batman-adv/fragmentation.c in the B.A.T.M.A.N. implementation in the Linux kernel through 3.18.1 uses an incorrect length field during a calculation of an amount of memory, which allows remote attackers to cause a denial of service (mesh-node system crash) via fragmented packets.",Analysis
20150112,CVE-2014-9584,-1,-1,912654,kernel-source,https://www.suse.com/security/cve/CVE-2014-9584,"The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel before 3.18.2 does not validate a length value in the Extensions Reference (ER) System Use Field, which allows local users to obtain sensitive information from kernel memory via a crafted iso9660 image.",Already fixed
20150112,CVE-2014-9585,-1,-1,912705,kernel-source,https://www.suse.com/security/cve/CVE-2014-9585,"The vdso_addr function in arch/x86/vdso/vma.c in the Linux kernel through 3.18.2 does not properly choose memory locations for the vDSO area, which makes it easier for local users to bypass the ASLR protection mechanism by guessing a location at the end of a PMD.",Already fixed
20150114,CVE-2014-8160,-1,-1,857643,kernel-source,https://www.suse.com/security/cve/CVE-2014-8160,"net/netfilter/nf_conntrack_proto_generic.c in the Linux kernel before 3.18 generates incorrect conntrack entries during handling of certain iptables rule sets for the SCTP, DCCP, GRE, and UDP-Lite protocols, which allows remote attackers to bypass intended access restrictions via packets with disallowed port numbers.",Already fixed
20150115,CVE-2015-0231,-1,-1,910659,php53,https://www.suse.com/security/cve/CVE-2015-0231,"Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages improper handling of duplicate numerical keys within the serialized properties of an object.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-8142.",Released
20150119,CVE-2015-0235,,,844309,glibc,https://www.suse.com/security/cve/CVE-2015-0235,"Heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x versions before 2.18, allows context-dependent attackers to execute arbitrary code via vectors related to the (1) gethostbyname or (2) gethostbyname2 function, aka \"GHOST.\"",Released
20150119,CVE-2015-1193,-1,-1,913635,pax,https://www.suse.com/security/cve/CVE-2015-1193,"Multiple directory traversal vulnerabilities in pax 1:20140703 allow remote attackers to write to arbitrary files via a (1) full pathname or (2) .. (dot dot) in an archive.",Ignore
20150119,CVE-2015-1194,-1,-1,913635,pax,https://www.suse.com/security/cve/CVE-2015-1194,"pax 1:20140703 allows remote attackers to write to arbitrary files via a symlink attack in an archive.",Ignore
20150123,CVE-2014-7923,-1,-1,914468,icu,https://www.suse.com/security/cve/CVE-2014-7923,"The Regular Expressions package in International Components for Unicode (ICU) 52 before SVN revision 292944, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via vectors related to a look-behind expression.",Analysis
20150123,CVE-2014-7924,-1,-1,914468,icu,https://www.suse.com/security/cve/CVE-2014-7924,"Use-after-free vulnerability in the IndexedDB implementation in Google Chrome before 40.0.2214.91 allows remote attackers to cause a denial of service or possibly have unspecified other impact by triggering duplicate BLOB references, related to content/browser/indexed_db/indexed_db_callbacks.cc and content/browser/indexed_db/indexed_db_dispatcher_host.cc.",Analysis
20150123,CVE-2014-7925,-1,-1,914468,icu,https://www.suse.com/security/cve/CVE-2014-7925,"Use-after-free vulnerability in the WebAudio implementation in Blink, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an audio-rendering thread in which AudioNode data is improperly maintained.",Analysis
20150123,CVE-2014-7926,-1,-1,914468,icu,https://www.suse.com/security/cve/CVE-2014-7926,"The Regular Expressions package in International Components for Unicode (ICU) 52 before SVN revision 292944, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via vectors related to a zero-length quantifier.",Analysis
20150123,CVE-2014-7927,-1,-1,914468,icu,https://www.suse.com/security/cve/CVE-2014-7927,"The SimplifiedLowering::DoLoadBuffer function in compiler/simplified-lowering.cc in Google V8, as used in Google Chrome before 40.0.2214.91, does not properly choose an integer data type, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted JavaScript code.",Analysis
20150123,CVE-2014-7928,-1,-1,914468,icu,https://www.suse.com/security/cve/CVE-2014-7928,"hydrogen.cc in Google V8, as used Google Chrome before 40.0.2214.91, does not properly handle arrays with holes, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted JavaScript code that triggers an array copy.",Analysis
20150123,CVE-2014-7929,-1,-1,914468,icu,https://www.suse.com/security/cve/CVE-2014-7929,"Use-after-free vulnerability in the HTMLScriptElement::didMoveToNewDocument function in core/html/HTMLScriptElement.cpp in the DOM implementation in Blink, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving movement of a SCRIPT element across documents.",Analysis
20150123,CVE-2014-7930,-1,-1,914468,icu,https://www.suse.com/security/cve/CVE-2014-7930,"Use-after-free vulnerability in core/events/TreeScopeEventContext.cpp in the DOM implementation in Blink, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that triggers improper maintenance of TreeScope data.",Analysis
20150123,CVE-2014-7931,-1,-1,914468,icu,https://www.suse.com/security/cve/CVE-2014-7931,"factory.cc in Google V8, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted JavaScript code that triggers improper maintenance of backing-store pointers.",Analysis
20150123,CVE-2014-7932,-1,-1,914468,icu,https://www.suse.com/security/cve/CVE-2014-7932,"Use-after-free vulnerability in the Element::detach function in core/dom/Element.cpp in the DOM implementation in Blink, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving pending updates of detached elements.",Analysis
20150123,CVE-2014-7934,-1,-1,914468,icu,https://www.suse.com/security/cve/CVE-2014-7934,"Use-after-free vulnerability in the DOM implementation in Blink, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to unexpected absence of document data structures.",Analysis
20150123,CVE-2014-7935,-1,-1,914468,icu,https://www.suse.com/security/cve/CVE-2014-7935,"Use-after-free vulnerability in browser/speech/tts_message_filter.cc in the Speech implementation in Google Chrome before 40.0.2214.91 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving utterances from a closed tab.",Analysis
20150123,CVE-2014-7936,-1,-1,914468,icu,https://www.suse.com/security/cve/CVE-2014-7936,"Use-after-free vulnerability in the ZoomBubbleView::Close function in browser/ui/views/location_bar/zoom_bubble_view.cc in the Views implementation in Google Chrome before 40.0.2214.91 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted document that triggers improper maintenance of a zoom bubble.",Analysis
20150123,CVE-2014-7937,-1,-1,914468,icu,https://www.suse.com/security/cve/CVE-2014-7937,"Multiple off-by-one errors in libavcodec/vorbisdec.c in FFmpeg before 2.4.2, as used in Google Chrome before 40.0.2214.91, allow remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted Vorbis I data.",Analysis
20150123,CVE-2014-7938,-1,-1,914468,icu,https://www.suse.com/security/cve/CVE-2014-7938,"The Fonts implementation in Google Chrome before 40.0.2214.91 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.",Analysis
20150123,CVE-2014-7939,-1,-1,914468,icu,https://www.suse.com/security/cve/CVE-2014-7939,"Google Chrome before 40.0.2214.91, when the Harmony proxy in Google V8 is enabled, allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code with Proxy.create and console.log calls, related to HTTP responses that lack an \"X-Content-Type-Options: nosniff\" header.",Analysis
20150123,CVE-2014-7940,-1,-1,914468,icu,https://www.suse.com/security/cve/CVE-2014-7940,"The collator implementation in i18n/ucol.cpp in International Components for Unicode (ICU) 52 through SVN revision 293126, as used in Google Chrome before 40.0.2214.91, does not initialize memory for a data structure, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted character sequence.",Analysis
20150123,CVE-2014-7941,-1,-1,914468,icu,https://www.suse.com/security/cve/CVE-2014-7941,"The SelectionOwner::ProcessTarget function in ui/base/x/selection_owner.cc in the UI implementation in Google Chrome before 40.0.2214.91 uses an incorrect data type for a certain length value, which allows remote attackers to cause a denial of service (out-of-bounds read) via crafted X11 data.",Analysis
20150123,CVE-2014-7942,-1,-1,914468,icu,https://www.suse.com/security/cve/CVE-2014-7942,"The Fonts implementation in Google Chrome before 40.0.2214.91 does not initialize memory for a data structure, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.",Analysis
20150123,CVE-2014-9636,-1,-1,914442,unzip,https://www.suse.com/security/cve/CVE-2014-9636,"unzip 6.0 allows remote attackers to cause a denial of service (out-of-bounds read or write and crash) via an extra field with an uncompressed size smaller than the compressed field size in a zip archive that advertises STORED method compression.",Ignore
20150124,CVE-2013-7421,-1,-1,914423,kernel-source,https://www.suse.com/security/cve/CVE-2013-7421,"The Crypto API in the Linux kernel before 3.18.5 allows local users to load arbitrary kernel modules via a bind system call for an AF_ALG socket with a module name in the salg_name field, a different vulnerability than CVE-2014-9644.",Already fixed
20150124,CVE-2014-9644,-1,-1,914423,kernel-source,https://www.suse.com/security/cve/CVE-2014-9644,"The Crypto API in the Linux kernel before 3.18.5 allows local users to load arbitrary kernel modules via a bind system call for an AF_ALG socket with a parenthesized module template expression in the salg_name field, as demonstrated by the vfat(aes) expression, a different vulnerability than CVE-2013-7421.",Already fixed
20150124,CVE-2014-9645,,5.5,914423,kernel-source,https://www.suse.com/security/cve/CVE-2014-9645,"The add_probe function in modutils/modprobe.c in BusyBox before 1.23.0 allows local users to bypass intended restrictions on loading kernel modules via a / (slash) character in a module name, as demonstrated by an \"ifconfig /usbserial up\" command or a \"mount -t /snd_pcm none /\" command.",Already fixed
20150126,CVE-2014-8159,-1,-1,903967,kernel-source,https://www.suse.com/security/cve/CVE-2014-8159,"The InfiniBand (IB) implementation in the Linux kernel package before 2.6.32-504.12.2 on Red Hat Enterprise Linux (RHEL) 6 does not properly restrict use of User Verbs for registration of memory regions, which allows local users to access arbitrary physical memory locations, and consequently cause a denial of service (system crash) or gain privileges, by leveraging permissions on a uverbs device under /dev/infiniband/.",Already fixed
20150126,CVE-2014-8159,-1,-1,903967,xen,https://www.suse.com/security/cve/CVE-2014-8159,"The InfiniBand (IB) implementation in the Linux kernel package before 2.6.32-504.12.2 on Red Hat Enterprise Linux (RHEL) 6 does not properly restrict use of User Verbs for registration of memory regions, which allows local users to access arbitrary physical memory locations, and consequently cause a denial of service (system crash) or gain privileges, by leveraging permissions on a uverbs device under /dev/infiniband/.",Already fixed
20150126,CVE-2015-0232,-1,-1,914690,php53,https://www.suse.com/security/cve/CVE-2015-0232,"The exif_process_unicode function in ext/exif/exif.c in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized pointer free and application crash) via crafted EXIF data in a JPEG image.",Released
20150126,CVE-2015-0236,-1,-1,914693,libvirt,https://www.suse.com/security/cve/CVE-2015-0236,"libvirt before 1.2.12 allow remote authenticated users to obtain the VNC password by using the VIR_DOMAIN_XML_SECURE flag with a crafted (1) snapshot to the virDomainSnapshotGetXMLDesc interface or (2) image to the virDomainSaveImageGetXMLDesc interface.",Already fixed
20150126,CVE-2015-1307,-1,-1,914694,kdebase4-workspace,https://www.suse.com/security/cve/CVE-2015-1307,"plasma-workspace before 5.1.95 allows remote attackers to obtain passwords via a Trojan horse Look and Feel package.",Affected
20150126,CVE-2015-1308,-1,-1,914694,kdebase4-workspace,https://www.suse.com/security/cve/CVE-2015-1308,"kde-workspace 4.2.0 and plasma-workspace before 5.1.95 allows remote attackers to obtain input events, and consequently obtain passwords, by leveraging access to the X server when the screen is locked.",Affected
20150127,CVE-2014-8127,,6.5,1206220,tiff,https://www.suse.com/security/cve/CVE-2014-8127,"LibTIFF 4.0.3 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted TIFF image to the (1) checkInkNamesString function in tif_dir.c in the thumbnail tool, (2) compresscontig function in tiff2bw.c in the tiff2bw tool, (3) putcontig8bitCIELab function in tif_getimage.c in the tiff2rgba tool, LZWPreDecode function in tif_lzw.c in the (4) tiff2ps or (5) tiffdither tool, (6) NeXTDecode function in tif_next.c in the tiffmedian tool, or (7) TIFFWriteDirectoryTagLongLong8Array function in tif_dirwrite.c in the tiffset tool.",Released
20150127,CVE-2014-8128,,6.5,1007276,tiff,https://www.suse.com/security/cve/CVE-2014-8128,"LibTIFF prior to 4.0.4, as used in Apple iOS before 8.4 and OS X before 10.10.4 and other products, allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted TIFF image.",Released
20150127,CVE-2014-8129,,8.8,1206220,tiff,https://www.suse.com/security/cve/CVE-2014-8129,"LibTIFF 4.0.3 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via a crafted TIFF image, as demonstrated by failure of tif_next.c to verify that the BitsPerSample value is 2, and the t2p_sample_lab_signed_to_unsigned function in tiff2pdf.c.",Released
20150127,CVE-2014-8130,,,1206220,tiff,https://www.suse.com/security/cve/CVE-2014-8130,"The _TIFFmalloc function in tif_unix.c in LibTIFF 4.0.3 does not reject a zero size, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted TIFF image that is mishandled by the TIFFWriteScanline function in tif_write.c, as demonstrated by tiffdither.",Released
20150127,CVE-2014-9637,-1,-1,1059698,patch,https://www.suse.com/security/cve/CVE-2014-9637,"GNU patch 2.7.2 and earlier allows remote attackers to cause a denial of service (memory consumption and segmentation fault) via a crafted diff file.",Released
20150127,CVE-2014-9640,-1,-1,912214,libmspack,https://www.suse.com/security/cve/CVE-2014-9640,"oggenc/oggenc.c in vorbis-tools 1.4.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted raw file.",Affected
20150127,CVE-2015-1350,5.5,5.5,1052256,kernel-source,https://www.suse.com/security/cve/CVE-2015-1350,"The VFS subsystem in the Linux kernel 3.x provides an incomplete set of requirements for setattr operations that underspecifies removing extended privilege attributes, which allows local users to cause a denial of service (capability stripping) via a failed invocation of a system call, as demonstrated by using chown to remove a capability from the ping or Wireshark dumpcap program.",Released
20150129,CVE-2014-7822,-1,-1,1115893,kernel-source,https://www.suse.com/security/cve/CVE-2014-7822,"The implementation of certain splice_write file operations in the Linux kernel before 3.16 does not enforce a restriction on the maximum size of a single file, which allows local users to cause a denial of service (system crash) or possibly have unspecified other impact via a crafted splice system call, as demonstrated by use of a file descriptor associated with an ext4 filesystem.",Released
20150129,CVE-2014-9512,-1,-1,915410,rsync,https://www.suse.com/security/cve/CVE-2014-9512,"rsync 3.1.1 allows remote attackers to write to arbitrary files via a symlink attack on a file in the synchronization path.",Released
20150129,CVE-2015-0210,-1,-1,915323,wpa_supplicant,https://www.suse.com/security/cve/CVE-2015-0210,"wpa_supplicant 2.0-16 does not properly check certificate subject name, which allows remote attackers to cause a man-in-the-middle attack.",Released
20150129,CVE-2015-0247,4.5,,1123790,e2fsprogs,https://www.suse.com/security/cve/CVE-2015-0247,"Heap-based buffer overflow in openfs.c in the libext2fs library in e2fsprogs before 1.42.12 allows local users to execute arbitrary code via crafted block group descriptor data in a filesystem image.",Released
20150130,CVE-2013-7423,-1,-1,1123874,glibc,https://www.suse.com/security/cve/CVE-2013-7423,"The send_dg function in resolv/res_send.c in GNU C Library (aka glibc or libc6) before 2.20 does not properly reuse file descriptors, which allows remote attackers to send DNS queries to unintended locations via a large number of requests that trigger a call to the getaddrinfo function.",Already fixed
20150130,CVE-2014-9328,-1,-1,1040662,clamav,https://www.suse.com/security/cve/CVE-2014-9328,"ClamAV before 0.98.6 allows remote attackers to have unspecified impact via a crafted upack packer file, related to a \"heap out of bounds condition.\"",Released
20150130,CVE-2015-1419,-1,-1,900326,vsftpd,https://www.suse.com/security/cve/CVE-2015-1419,"Unspecified vulnerability in vsftpd 3.0.2 and earlier allows remote attackers to bypass access restrictions via unknown vectors, related to deny_file parsing.",Released
20150130,CVE-2015-1420,-1,-1,915517,kernel-source,https://www.suse.com/security/cve/CVE-2015-1420,"Race condition in the handle_to_path function in fs/fhandle.c in the Linux kernel through 3.19.1 allows local users to bypass intended size restrictions and trigger read operations on additional memory locations by changing the handle_bytes value of a file handle during the execution of this function.",Released
20150130,CVE-2015-1421,-1,-1,1115893,kernel-source,https://www.suse.com/security/cve/CVE-2015-1421,"Use-after-free vulnerability in the sctp_assoc_update function in net/sctp/associola.c in the Linux kernel before 3.18.8 allows remote attackers to cause a denial of service (slab corruption and panic) or possibly have unspecified other impact by triggering an INIT collision that leads to improper handling of shared-key data.",Already fixed
20150202,CVE-2015-0255,-1,-1,915810,xorg-x11-server,https://www.suse.com/security/cve/CVE-2015-0255,"X.Org Server (aka xserver and xorg-server) before 1.16.3 and 1.17.x before 1.17.1 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (crash) via a crafted string length value in a XkbSetGeometry request.",Released
20150204,CVE-2014-8891,-1,-1,916266,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2014-8891,"Unspecified vulnerability in the Java Virtual Machine (JVM) in IBM SDK, Java Technology Edition 5.0 before SR16-FP9, 6 before SR16-FP3, 6R1 before SR8-FP3, 7 before SR8-FP10, and 7R1 before SR2-FP10 allows remote attackers to escape the Java sandbox and execute arbitrary code via unspecified vectors related to the security manager.",Already fixed
20150204,CVE-2014-8892,-1,-1,916265,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2014-8892,"Unspecified vulnerability in the Java Virtual Machine (JVM) in IBM SDK, Java Technology Edition 5.0 before SR16-FP9, 6 before SR16-FP3, 6R1 before SR8-FP3, 7 before SR8-FP10, and 7R1 before SR2-FP10 allows remote attackers to bypass intended access permissions and obtain sensitive information via unspecified vectors related to the security manager.",Already fixed
20150204,CVE-2014-9297,-1,-1,911792,ntp,https://www.suse.com/security/cve/CVE-2014-9297,"** REJECT **  DO NOT USE THIS CANDIDATE NUMBER.  ConsultIDs: CVE-2014-9750, CVE-2014-9751.  Reason: this ID was intended for one issue, but was associated with two issues.  Notes: All CVE users should consult CVE-2014-9750 and CVE-2014-9751 to identify the ID or IDs of interest. All references and descriptions in this candidate have been removed to prevent accidental usage.",Already fixed
20150204,CVE-2014-9298,-1,-1,911792,ntp,https://www.suse.com/security/cve/CVE-2014-9298,"** REJECT **  DO NOT USE THIS CANDIDATE NUMBER.  ConsultIDs: CVE-2014-9750, CVE-2014-9751.  Reason: this ID was intended for one issue, but was associated with two issues.  Notes: All CVE users should consult CVE-2014-9750 and CVE-2014-9751 to identify the ID or IDs of interest. All references and descriptions in this candidate have been removed to prevent accidental usage.",Already fixed
20150204,CVE-2015-1461,-1,-1,1040662,clamav,https://www.suse.com/security/cve/CVE-2015-1461,"ClamAV before 0.98.6 allows remote attackers to have unspecified impact via a crafted (1) Yoda's crypter or (2) mew packer file, related to a \"heap out of bounds condition.\"",Released
20150204,CVE-2015-1462,-1,-1,1040662,clamav,https://www.suse.com/security/cve/CVE-2015-1462,"ClamAV before 0.98.6 allows remote attackers to have unspecified impact via a crafted upx packer file, related to a \"heap out of bounds condition.\"",Released
20150204,CVE-2015-1463,-1,-1,1040662,clamav,https://www.suse.com/security/cve/CVE-2015-1463,"ClamAV before 0.98.6 allows remote attackers to cause a denial of service (crash) via a crafted petite packer file, related to an \"incorrect compiler optimization.\"",Released
20150204,CVE-2015-1465,-1,-1,916225,kernel-source,https://www.suse.com/security/cve/CVE-2015-1465,"The IPv4 implementation in the Linux kernel before 3.18.8 does not properly consider the length of the Read-Copy Update (RCU) grace period for redirecting lookups in the absence of caching, which allows remote attackers to cause a denial of service (memory consumption or system crash) via a flood of packets.",Unsupported
20150204,CVE-2015-1472,-1,-1,916222,glibc,https://www.suse.com/security/cve/CVE-2015-1472,"The ADDW macro in stdio-common/vfscanf.c in the GNU C Library (aka glibc or libc6) before 2.21 does not properly consider data-type size during memory allocation, which allows context-dependent attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a long line containing wide characters that are improperly handled in a wscanf call.",Released
20150206,CVE-2015-1473,-1,-1,916222,glibc,https://www.suse.com/security/cve/CVE-2015-1473,"The ADDW macro in stdio-common/vfscanf.c in the GNU C Library (aka glibc or libc6) before 2.21 does not properly consider data-type size during a risk-management decision for use of the alloca function, which might allow context-dependent attackers to cause a denial of service (segmentation violation) or overwrite memory locations beyond the stack boundary via a long line containing wide characters that are improperly handled in a wscanf call.",Released
20150209,CVE-2013-4245,,7.3,916835,orca,https://www.suse.com/security/cve/CVE-2013-4245,"Orca has arbitrary code execution due to insecure Python module load",Released
20150209,CVE-2014-9655,,,1206220,tiff,https://www.suse.com/security/cve/CVE-2014-9655,"The (1) putcontig8bitYCbCr21tile function in tif_getimage.c or (2) NeXTDecode function in tif_next.c in LibTIFF allows remote attackers to cause a denial of service (uninitialized memory access) via a crafted TIFF image, as demonstrated by libtiff-cvs-1.tif and libtiff-cvs-2.tif.",Released
20150209,CVE-2014-9656,-1,-1,916847,firefox-freetype2,https://www.suse.com/security/cve/CVE-2014-9656,"The tt_sbit_decoder_load_image function in sfnt/ttsbit.c in FreeType before 2.5.4 does not properly check for an integer overflow, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted OpenType font.",Affected
20150209,CVE-2014-9657,-1,-1,916856,freetype2,https://www.suse.com/security/cve/CVE-2014-9657,"The tt_face_load_hdmx function in truetype/ttpload.c in FreeType before 2.5.4 does not establish a minimum record size, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted TrueType font.",Released
20150209,CVE-2014-9658,-1,-1,916857,freetype2,https://www.suse.com/security/cve/CVE-2014-9658,"The tt_face_load_kern function in sfnt/ttkern.c in FreeType before 2.5.4 enforces an incorrect minimum table length, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted TrueType font.",Released
20150209,CVE-2014-9659,-1,-1,916867,firefox-freetype2,https://www.suse.com/security/cve/CVE-2014-9659,"cff/cf2intrp.c in the CFF CharString interpreter in FreeType before 2.5.4 proceeds with additional hints after the hint mask has been computed, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted OpenType font.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2240.",Affected
20150209,CVE-2014-9660,-1,-1,916858,freetype2,https://www.suse.com/security/cve/CVE-2014-9660,"The _bdf_parse_glyphs function in bdf/bdflib.c in FreeType before 2.5.4 does not properly handle a missing ENDCHAR record, which allows remote attackers to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via a crafted BDF font.",Released
20150209,CVE-2014-9661,-1,-1,916859,freetype2,https://www.suse.com/security/cve/CVE-2014-9661,"type42/t42parse.c in FreeType before 2.5.4 does not consider that scanning can be incomplete without triggering an error, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted Type42 font.",Released
20150209,CVE-2014-9662,-1,-1,916860,firefox-freetype2,https://www.suse.com/security/cve/CVE-2014-9662,"cff/cf2ft.c in FreeType before 2.5.4 does not validate the return values of point-allocation functions, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted OTF font.",Affected
20150209,CVE-2014-9663,-1,-1,916865,freetype2,https://www.suse.com/security/cve/CVE-2014-9663,"The tt_cmap4_validate function in sfnt/ttcmap.c in FreeType before 2.5.4 validates a certain length field before that field's value is completely calculated, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted cmap SFNT table.",Released
20150209,CVE-2014-9664,-1,-1,916864,freetype2,https://www.suse.com/security/cve/CVE-2014-9664,"FreeType before 2.5.4 does not check for the end of the data during certain parsing actions, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted Type42 font, related to type42/t42parse.c and type1/t1load.c.",Released
20150209,CVE-2014-9665,-1,-1,916863,firefox-freetype2,https://www.suse.com/security/cve/CVE-2014-9665,"The Load_SBit_Png function in sfnt/pngshim.c in FreeType before 2.5.4 does not restrict the rows and pitch values of PNG data, which allows remote attackers to cause a denial of service (integer overflow and heap-based buffer overflow) or possibly have unspecified other impact by embedding a PNG file in a .ttf font file.",Affected
20150209,CVE-2014-9665,-1,-1,916863,freetype2,https://www.suse.com/security/cve/CVE-2014-9665,"The Load_SBit_Png function in sfnt/pngshim.c in FreeType before 2.5.4 does not restrict the rows and pitch values of PNG data, which allows remote attackers to cause a denial of service (integer overflow and heap-based buffer overflow) or possibly have unspecified other impact by embedding a PNG file in a .ttf font file.",Released
20150209,CVE-2014-9666,-1,-1,916862,firefox-freetype2,https://www.suse.com/security/cve/CVE-2014-9666,"The tt_sbit_decoder_init function in sfnt/ttsbit.c in FreeType before 2.5.4 proceeds with a count-to-size association without restricting the count value, which allows remote attackers to cause a denial of service (integer overflow and out-of-bounds read) or possibly have unspecified other impact via a crafted embedded bitmap.",Affected
20150209,CVE-2014-9667,-1,-1,916861,freetype2,https://www.suse.com/security/cve/CVE-2014-9667,"sfnt/ttload.c in FreeType before 2.5.4 proceeds with offset+length calculations without restricting the values, which allows remote attackers to cause a denial of service (integer overflow and out-of-bounds read) or possibly have unspecified other impact via a crafted SFNT table.",Released
20150209,CVE-2014-9668,-1,-1,916868,firefox-freetype2,https://www.suse.com/security/cve/CVE-2014-9668,"The woff_open_font function in sfnt/sfobjs.c in FreeType before 2.5.4 proceeds with offset+length calculations without restricting length values, which allows remote attackers to cause a denial of service (integer overflow and heap-based buffer overflow) or possibly have unspecified other impact via a crafted Web Open Font Format (WOFF) file.",Affected
20150209,CVE-2014-9669,-1,-1,916870,freetype2,https://www.suse.com/security/cve/CVE-2014-9669,"Multiple integer overflows in sfnt/ttcmap.c in FreeType before 2.5.4 allow remote attackers to cause a denial of service (out-of-bounds read or memory corruption) or possibly have unspecified other impact via a crafted cmap SFNT table.",Released
20150209,CVE-2014-9670,-1,-1,916871,freetype2,https://www.suse.com/security/cve/CVE-2014-9670,"Multiple integer signedness errors in the pcf_get_encodings function in pcf/pcfread.c in FreeType before 2.5.4 allow remote attackers to cause a denial of service (integer overflow, NULL pointer dereference, and application crash) via a crafted PCF file that specifies negative values for the first column and first row.",Released
20150209,CVE-2014-9671,-1,-1,916872,freetype2,https://www.suse.com/security/cve/CVE-2014-9671,"Off-by-one error in the pcf_get_properties function in pcf/pcfread.c in FreeType before 2.5.4 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PCF file with a 0xffffffff size value that is improperly incremented.",Released
20150209,CVE-2014-9672,-1,-1,916873,firefox-freetype2,https://www.suse.com/security/cve/CVE-2014-9672,"Array index error in the parse_fond function in base/ftmac.c in FreeType before 2.5.4 allows remote attackers to cause a denial of service (out-of-bounds read) or obtain sensitive information from process memory via a crafted FOND resource in a Mac font file.",Affected
20150209,CVE-2014-9672,-1,-1,916873,freetype2,https://www.suse.com/security/cve/CVE-2014-9672,"Array index error in the parse_fond function in base/ftmac.c in FreeType before 2.5.4 allows remote attackers to cause a denial of service (out-of-bounds read) or obtain sensitive information from process memory via a crafted FOND resource in a Mac font file.",Released
20150209,CVE-2014-9673,-1,-1,916874,freetype2,https://www.suse.com/security/cve/CVE-2014-9673,"Integer signedness error in the Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.5.4 allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted Mac font.",Released
20150209,CVE-2014-9674,-1,-1,916879,freetype2,https://www.suse.com/security/cve/CVE-2014-9674,"The Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.5.4 proceeds with adding to length values without validating the original values, which allows remote attackers to cause a denial of service (integer overflow and heap-based buffer overflow) or possibly have unspecified other impact via a crafted Mac font.",Released
20150209,CVE-2014-9675,-1,-1,916881,freetype2,https://www.suse.com/security/cve/CVE-2014-9675,"bdf/bdflib.c in FreeType before 2.5.4 identifies property names by only verifying that an initial substring is present, which allows remote attackers to discover heap pointer values and bypass the ASLR protection mechanism via a crafted BDF font.",Released
20150209,CVE-2015-1545,-1,-1,846389,openldap2,https://www.suse.com/security/cve/CVE-2015-1545,"The deref_parseCtrl function in servers/slapd/overlays/deref.c in OpenLDAP 2.4.13 through 2.4.40 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an empty attribute list in a deref control in a search request.",Already fixed
20150209,CVE-2015-1546,-1,-1,916914,openldap2,https://www.suse.com/security/cve/CVE-2015-1546,"Double free vulnerability in the get_vrFilter function in servers/slapd/filter.c in OpenLDAP 2.4.40 allows remote attackers to cause a denial of service (crash) via a crafted search query with a matched values control.",Released
20150209,CVE-2015-1547,,,1206220,tiff,https://www.suse.com/security/cve/CVE-2015-1547,"The NeXTDecode function in tif_next.c in LibTIFF allows remote attackers to cause a denial of service (uninitialized memory access) via a crafted TIFF image, as demonstrated by libtiff5.tif.",Released
20150210,CVE-2014-0227,,,917127,tomcat6,https://www.suse.com/security/cve/CVE-2014-0227,"java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat 6.x before 6.0.42, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle attempts to continue reading data after an error has occurred, which allows remote attackers to conduct HTTP request smuggling attacks or cause a denial of service (resource consumption) by streaming data with malformed chunked transfer coding.",Released
20150210,CVE-2014-9654,,9.8,917129,icu,https://www.suse.com/security/cve/CVE-2014-9654,"The Regular Expressions package in International Components for Unicode (ICU) for C/C++ before 2014-12-03, as used in Google Chrome before 40.0.2214.91, calculates certain values without ensuring that they can be represented in a 24-bit field, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted string, a related issue to CVE-2014-7923.",Released
20150211,CVE-2015-0240,-1,-1,917376,samba,https://www.suse.com/security/cve/CVE-2015-0240,"The Netlogon server implementation in smbd in Samba 3.5.x and 3.6.x before 3.6.25, 4.0.x before 4.0.25, 4.1.x before 4.1.17, and 4.2.x before 4.2.0rc5 performs a free operation on an uninitialized stack pointer, which allows remote attackers to execute arbitrary code via crafted Netlogon packets that use the ServerPasswordSet RPC API, as demonstrated by packets reaching the _netr_ServerPasswordSet function in rpc_server/netlogon/srv_netlog_nt.c.",Released
20150211,CVE-2015-1426,-1,-1,917383,facter,https://www.suse.com/security/cve/CVE-2015-1426,"Puppet Labs Facter 1.6.0 through 2.4.0 allows local users to obtains sensitive Amazon EC2 IAM instance metadata by reading a fact for an Amazon EC2 node.",Released
20150213,CVE-2014-9679,8.8,,917799,cups,https://www.suse.com/security/cve/CVE-2014-9679,"Integer underflow in the cupsRasterReadPixels function in filter/raster.c in CUPS before 2.0.2 allows remote attackers to have unspecified impact via a malformed compressed raster file, which triggers a buffer overflow.",Released
20150213,CVE-2014-9680,-1,-1,917806,sudo,https://www.suse.com/security/cve/CVE-2014-9680,"sudo before 1.8.12 does not ensure that the TZ environment variable is associated with a zoneinfo file, which allows local users to open arbitrary files for read access (but not view file contents) by running a program within an sudo session, as demonstrated by interfering with terminal output, discarding kernel-log messages, or repositioning tape drives.",Released
20150213,CVE-2015-0777,-1,-1,917830,kernel-source,https://www.suse.com/security/cve/CVE-2015-0777,"drivers/xen/usbback/usbback.c in linux-2.6.18-xen-3.4.0 (aka the Xen 3.4.x support patches for the Linux kernel 2.6.18), as used in the Linux kernel 2.6.x and 3.x in SUSE Linux distributions, allows guest OS users to obtain sensitive information from uninitialized locations in host OS kernel memory via unspecified vectors.",Released
20150214,CVE-2015-1593,-1,-1,1044934,kernel-source,https://www.suse.com/security/cve/CVE-2015-1593,"The stack randomization feature in the Linux kernel before 3.19.1 on 64-bit platforms uses incorrect data types for the results of bitwise left-shift operations, which makes it easier for attackers to bypass the ASLR protection mechanism by predicting the address of the top of the stack, related to the randomize_stack_top function in fs/binfmt_elf.c and the stack_maxrandom_size function in arch/x86/mm/mmap.c.",Released
20150216,CVE-2015-1606,,5.5,918089,gpg2,https://www.suse.com/security/cve/CVE-2015-1606,"The keyring DB in GnuPG before 2.1.2 does not properly handle invalid packets, which allows remote attackers to cause a denial of service (invalid read and use-after-free) via a crafted keyring file.",Released
20150216,CVE-2015-1607,,5.5,918090,gpg2,https://www.suse.com/security/cve/CVE-2015-1607,"kbx/keybox-search.c in GnuPG before 1.4.19, 2.0.x before 2.0.27, and 2.1.x before 2.1.2 does not properly handle bitwise left-shifts, which allows remote attackers to cause a denial of service (invalid read operation) via a crafted keyring file, related to sign extensions and \"memcpy with overlapping ranges.\"",Released
20150217,CVE-2014-8121,-1,-1,1123874,glibc,https://www.suse.com/security/cve/CVE-2014-8121,"DB_LOOKUP in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) 2.21 and earlier does not properly check if a file is open, which allows remote attackers to cause a denial of service (infinite loop) by performing a look-up on a database while iterating over it, which triggers the file pointer to be reset.",Released
20150218,CVE-2014-9683,-1,-1,918333,kernel-source,https://www.suse.com/security/cve/CVE-2014-9683,"Off-by-one error in the ecryptfs_decode_from_filename function in fs/ecryptfs/crypto.c in the eCryptfs subsystem in the Linux kernel before 3.18.2 allows local users to cause a denial of service (buffer overflow and system crash) or possibly gain privileges via a crafted filename.",Already fixed
20150218,CVE-2015-1349,-1,-1,918330,bind,https://www.suse.com/security/cve/CVE-2015-1349,"named in ISC BIND 9.7.0 through 9.9.6 before 9.9.6-P2 and 9.10.x before 9.10.1-P2, when DNSSEC validation and the managed-keys feature are enabled, allows remote attackers to cause a denial of service (assertion failure and daemon exit, or daemon crash) by triggering an incorrect trust-anchor management scenario in which no key is ready for use.",Released
20150218,CVE-2015-1572,6.7,,1123790,e2fsprogs,https://www.suse.com/security/cve/CVE-2015-1572,"Heap-based buffer overflow in closefs.c in the libext2fs library in e2fsprogs before 1.42.12 allows local users to execute arbitrary code by causing a crafted block group descriptor to be marked as dirty. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-0247.",Released
20150219,CVE-2014-5355,-1,-1,770172,krb5,https://www.suse.com/security/cve/CVE-2014-5355,"MIT Kerberos 5 (aka krb5) through 1.13.1 incorrectly expects that a krb5_read_message data field is represented as a string ending with a '\0' character, which allows remote attackers to (1) cause a denial of service (NULL pointer dereference) via a zero-byte version string or (2) cause a denial of service (out-of-bounds read) by omitting the '\0' character, related to appl/user_user/server.c and lib/krb5/krb/recvauth.c.",Released
20150223,CVE-2015-2041,-1,-1,903967,kvm,https://www.suse.com/security/cve/CVE-2015-2041,"net/llc/sysctl_net_llc.c in the Linux kernel before 3.19 uses an incorrect data type in a sysctl table, which allows local users to obtain potentially sensitive information from kernel memory or possibly have unspecified other impact by accessing a sysctl entry.",Released
20150223,CVE-2015-2041,-1,-1,903967,xen,https://www.suse.com/security/cve/CVE-2015-2041,"net/llc/sysctl_net_llc.c in the Linux kernel before 3.19 uses an incorrect data type in a sysctl table, which allows local users to obtain potentially sensitive information from kernel memory or possibly have unspecified other impact by accessing a sysctl entry.",Already fixed
20150223,CVE-2015-2042,-1,-1,903967,kvm,https://www.suse.com/security/cve/CVE-2015-2042,"net/rds/sysctl.c in the Linux kernel before 3.19 uses an incorrect data type in a sysctl table, which allows local users to obtain potentially sensitive information from kernel memory or possibly have unspecified other impact by accessing a sysctl entry.",Released
20150223,CVE-2015-2042,-1,-1,903967,xen,https://www.suse.com/security/cve/CVE-2015-2042,"net/rds/sysctl.c in the Linux kernel before 3.19 uses an incorrect data type in a sysctl table, which allows local users to obtain potentially sensitive information from kernel memory or possibly have unspecified other impact by accessing a sysctl entry.",Already fixed
20150223,CVE-2015-2044,-1,-1,918995,xen,https://www.suse.com/security/cve/CVE-2015-2044,"The emulation routines for unspecified X86 devices in Xen 3.2.x through 4.5.x does not properly initialize data, which allow local HVM guest users to obtain sensitive information via vectors involving an unsupported access size.",Already fixed
20150223,CVE-2015-2045,-1,-1,918998,xen,https://www.suse.com/security/cve/CVE-2015-2045,"The HYPERVISOR_xen_version hypercall in Xen 3.2.x through 4.5.x does not properly initialize data structures, which allows local guest users to obtain sensitive information via unspecified vectors.",Already fixed
20150226,CVE-2014-9681,-1,-1,917806,procmail,https://www.suse.com/security/cve/CVE-2014-9681,"** REJECT **  DO NOT USE THIS CANDIDATE NUMBER.  ConsultIDs: none.  Reason: This candidate was withdrawn by its CNA.  Further investigation showed that it was not a security issue.  Notes: none.",Ignore
20150226,CVE-2015-0209,-1,-1,919648,openssl,https://www.suse.com/security/cve/CVE-2015-0209,"Use-after-free vulnerability in the d2i_ECPrivateKey function in crypto/ec/ec_asn1.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a malformed Elliptic Curve (EC) private-key file that is improperly handled during import.",Released
20150227,CVE-2015-0294,,7.5,919938,gnutls,https://www.suse.com/security/cve/CVE-2015-0294,"GnuTLS before 3.3.13 does not validate that the signature algorithms match when importing a certificate.",Already fixed
20150228,CVE-2014-3591,,4.2,920057,libgcrypt,https://www.suse.com/security/cve/CVE-2014-3591,"Libgcrypt before 1.6.3 and GnuPG before 1.4.19 does not implement ciphertext blinding for Elgamal decryption, which allows physically proximate attackers to obtain the server's private key by determining factors using crafted ciphertext and the fluctuations in the electromagnetic field during multiplication.",Released
20150228,CVE-2015-0837,,5.9,920057,libgcrypt,https://www.suse.com/security/cve/CVE-2015-0837,"The mpi_powm function in Libgcrypt before 1.6.3 and GnuPG before 1.4.19 allows attackers to obtain sensitive information by leveraging timing differences when accessing a pre-computed table during modular exponentiation, related to a \"Last-Level Cache Side-Channel Attack.\"",Released
20150302,CVE-2012-6689,,7.8,920170,kernel-source,https://www.suse.com/security/cve/CVE-2012-6689,"The netlink_sendmsg function in net/netlink/af_netlink.c in the Linux kernel before 3.5.5 does not validate the dst_pid field, which allows local users to have an unspecified impact by spoofing Netlink messages.",Ignore
20150302,CVE-2014-9687,-1,-1,920160,ecryptfs-utils,https://www.suse.com/security/cve/CVE-2014-9687,"eCryptfs 104 and earlier uses a default salt to encrypt the mount passphrase, which makes it easier for attackers to obtain user passwords via a brute force attack.",Released
20150302,CVE-2015-0288,-1,-1,919648,openssl,https://www.suse.com/security/cve/CVE-2015-0288,"The X509_to_X509_REQ function in crypto/x509/x509_req.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a might allow attackers to cause a denial of service (NULL pointer dereference and application crash) via an invalid certificate key.",Released
20150303,CVE-2014-8155,-1,-1,920366,gnutls,https://www.suse.com/security/cve/CVE-2014-8155,"GnuTLS before 2.9.10 does not verify the activation and expiration dates of CA certificates, which allows man-in-the-middle attackers to spoof servers via a certificate issued by a CA certificate that is (1) not yet valid or (2) no longer valid.",Ignore
20150304,CVE-2014-8172,-1,-1,920632,kernel-source,https://www.suse.com/security/cve/CVE-2014-8172,"The filesystem implementation in the Linux kernel before 3.13 performs certain operations on lists of files with an inappropriate locking approach, which allows local users to cause a denial of service (soft lockup or system crash) via unspecified use of Asynchronous I/O (AIO) operations.",Analysis
20150304,CVE-2014-8173,,,920583,kernel-source,https://www.suse.com/security/cve/CVE-2014-8173,"The pmd_none_or_trans_huge_or_clear_bad function in include/asm-generic/pgtable.h in the Linux kernel before 3.13 on NUMA systems does not properly determine whether a Page Middle Directory (PMD) entry is a transparent huge-table entry, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted MADV_WILLNEED madvise system call that leverages the absence of a page-table lock.",Analysis
20150304,CVE-2015-0881,-1,-1,920576,squid,https://www.suse.com/security/cve/CVE-2015-0881,"CRLF injection vulnerability in Squid before 3.1.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted header in a response.",Ignore
20150304,CVE-2015-2150,-1,-1,800280,xen,https://www.suse.com/security/cve/CVE-2015-2150,"Xen 3.3.x through 4.5.x and the Linux kernel through 3.19.1 do not properly restrict access to PCI command registers, which might allow local guest OS users to cause a denial of service (non-maskable interrupt and host crash) by disabling the (1) memory or (2) I/O decoding for a PCI Express device and then accessing the device, which triggers an Unsupported Request (UR) response.",Already fixed
20150304,CVE-2015-2151,-1,-1,918998,xen,https://www.suse.com/security/cve/CVE-2015-2151,"The x86 emulator in Xen 3.2.x through 4.5.x does not properly ignore segment overrides for instructions with register operands, which allows local guest users to obtain sensitive information, cause a denial of service (memory corruption), or possibly execute arbitrary code via unspecified vectors.",Already fixed
20150304,CVE-2015-2152,-1,-1,918998,xen,https://www.suse.com/security/cve/CVE-2015-2152,"Xen 4.5.x and earlier enables certain default backends when emulating a VGA device for an x86 HVM guest qemu even when the configuration disables them, which allows local guest users to obtain access to the VGA console by (1) setting the DISPLAY environment variable, when compiled with SDL support, or connecting to the VNC server on (2) ::1 or (3) 127.0.0.1, when not compiled with SDL support.",Already fixed
20150304,CVE-2015-2188,-1,-1,920696,wireshark,https://www.suse.com/security/cve/CVE-2015-2188,"epan/dissectors/packet-wcp.c in the WCP dissector in Wireshark 1.10.x before 1.10.13 and 1.12.x before 1.12.4 does not properly initialize a data structure, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet that is improperly handled during decompression.",Released
20150304,CVE-2015-2189,-1,-1,920697,wireshark,https://www.suse.com/security/cve/CVE-2015-2189,"Off-by-one error in the pcapng_read function in wiretap/pcapng.c in the pcapng file parser in Wireshark 1.10.x before 1.10.13 and 1.12.x before 1.12.4 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via an invalid Interface Statistics Block (ISB) interface ID in a crafted packet.",Released
20150304,CVE-2015-2191,-1,-1,920699,wireshark,https://www.suse.com/security/cve/CVE-2015-2191,"Integer overflow in the dissect_tnef function in epan/dissectors/packet-tnef.c in the TNEF dissector in Wireshark 1.10.x before 1.10.13 and 1.12.x before 1.12.4 allows remote attackers to cause a denial of service (infinite loop) via a crafted length field in a packet.",Released
20150305,CVE-2015-0254,,,920813,jakarta-taglibs-standard,https://www.suse.com/security/cve/CVE-2015-0254,"Apache Standard Taglibs before 1.2.3 allows remote attackers to execute arbitrary code or conduct external XML entity (XXE) attacks via a crafted XSLT extension in a (1) <x:parse> or (2) <x:transform> JSTL XML tag.",Released
20150306,CVE-2015-1782,-1,-1,921070,libssh2_org,https://www.suse.com/security/cve/CVE-2015-1782,"The kex_agree_methods function in libssh2 before 1.5.0 allows remote servers to cause a denial of service (crash) or have other unspecified impact via crafted length values in an SSH_MSG_KEXINIT packet.",Released
20150311,CVE-2014-9488,2.5,,921719,less,https://www.suse.com/security/cve/CVE-2014-9488,"The is_utf8_well_formed function in GNU less before 475 allows remote attackers to have unspecified impact via malformed UTF-8 characters, which triggers an out-of-bounds read.",Released
20150311,CVE-2015-0282,-1,-1,919938,gnutls,https://www.suse.com/security/cve/CVE-2015-0282,"GnuTLS before 3.1.0 does not verify that the RSA PKCS #1 signature algorithm matches the signature algorithm in the certificate, which allows remote attackers to conduct downgrade attacks via unspecified vectors.",Released
20150312,CVE-2015-0295,-1,-1,921999,libqt4,https://www.suse.com/security/cve/CVE-2015-0295,"The BMP decoder in QtGui in QT before 5.5 does not properly calculate the masks used to extract the color components, which allows remote attackers to cause a denial of service (divide-by-zero and crash) via a crafted BMP file.",Released
20150312,CVE-2015-0295,-1,-1,921999,qt3,https://www.suse.com/security/cve/CVE-2015-0295,"The BMP decoder in QtGui in QT before 5.5 does not properly calculate the masks used to extract the color components, which allows remote attackers to cause a denial of service (divide-by-zero and crash) via a crafted BMP file.",Ignore
20150313,CVE-2011-5320,-1,-1,916222,glibc,https://www.suse.com/security/cve/CVE-2011-5320,"scanf and related functions in glibc before 2.15 allow local users to cause a denial of service (segmentation fault) via a large string of 0s.",Released
20150313,CVE-2015-0261,-1,-1,922220,tcpdump,https://www.suse.com/security/cve/CVE-2015-0261,"Integer signedness error in the mobility_opt_print function in the IPv6 mobility printer in tcpdump before 4.7.2 allows remote attackers to cause a denial of service (out-of-bounds read and crash) or possibly execute arbitrary code via a negative length value.",Released
20150313,CVE-2015-2154,-1,-1,922222,tcpdump,https://www.suse.com/security/cve/CVE-2015-2154,"The osi_print_cksum function in print-isoclns.c in the ethernet printer in tcpdump before 4.7.2 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted (1) length, (2) offset, or (3) base pointer checksum value.",Released
20150315,CVE-2015-2304,-1,-1,920870,bsdtar,https://www.suse.com/security/cve/CVE-2015-2304,"Absolute path traversal vulnerability in bsdcpio in libarchive 3.1.2 and earlier allows remote attackers to write to arbitrary files via a full pathname in an archive.",Released
20150316,CVE-2014-9705,-1,-1,922451,php53,https://www.suse.com/security/cve/CVE-2014-9705,"Heap-based buffer overflow in the enchant_broker_request_dict function in ext/enchant/enchant.c in PHP before 5.4.38, 5.5.x before 5.5.22, and 5.6.x before 5.6.6 allows remote attackers to execute arbitrary code via vectors that trigger creation of multiple dictionaries.",Released
20150316,CVE-2015-0286,,,919648,openssl,https://www.suse.com/security/cve/CVE-2015-0286,"The ASN1_TYPE_cmp function in crypto/asn1/a_type.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not properly perform boolean-type comparisons, which allows remote attackers to cause a denial of service (invalid read operation and application crash) via a crafted X.509 certificate to an endpoint that uses the certificate-verification feature.",Released
20150316,CVE-2015-0287,-1,-1,919648,openssl,https://www.suse.com/security/cve/CVE-2015-0287,"The ASN1_item_ex_d2i function in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not reinitialize CHOICE and ADB data structures, which might allow attackers to cause a denial of service (invalid write operation and memory corruption) by leveraging an application that relies on ASN.1 structure reuse.",Released
20150316,CVE-2015-0289,-1,-1,919648,openssl,https://www.suse.com/security/cve/CVE-2015-0289,"The PKCS#7 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not properly handle a lack of outer ContentInfo, which allows attackers to cause a denial of service (NULL pointer dereference and application crash) by leveraging an application that processes arbitrary PKCS#7 data and providing malformed data with ASN.1 encoding, related to crypto/pkcs7/pk7_doit.c and crypto/pkcs7/pk7_lib.c.",Released
20150316,CVE-2015-0292,-1,-1,919648,openssl,https://www.suse.com/security/cve/CVE-2015-0292,"Integer underflow in the EVP_DecodeUpdate function in crypto/evp/encode.c in the base64-decoding implementation in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted base64 data that triggers a buffer overflow.",Released
20150316,CVE-2015-0293,-1,-1,919648,openssl,https://www.suse.com/security/cve/CVE-2015-0293,"The SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a allows remote attackers to cause a denial of service (s2_lib.c assertion failure and daemon exit) via a crafted CLIENT-MASTER-KEY message.",Released
20150316,CVE-2015-2296,-1,-1,922448,python-requests,https://www.suse.com/security/cve/CVE-2015-2296,"The resolve_redirects function in sessions.py in requests 2.1.0 through 2.5.3 allows remote attackers to conduct session fixation attacks via a cookie without a host value in a redirect.",Already fixed
20150316,CVE-2015-2301,-1,-1,922452,php53,https://www.suse.com/security/cve/CVE-2015-2301,"Use-after-free vulnerability in the phar_rename_archive function in phar_object.c in PHP before 5.5.22 and 5.6.x before 5.6.6 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an attempted renaming of a Phar archive to the name of an existing file.",Released
20150316,CVE-2015-2305,-1,-1,1040662,clamav,https://www.suse.com/security/cve/CVE-2015-2305,"Integer overflow in the regcomp implementation in the Henry Spencer BSD regex library (aka rxspencer) alpha3.8.g5 on 32-bit platforms, as used in NetBSD through 6.1.5 and other products, might allow context-dependent attackers to execute arbitrary code via a large regular expression that leads to a heap-based buffer overflow.",Released
20150317,CVE-2009-5146,-1,-1,915976,openssl,https://www.suse.com/security/cve/CVE-2009-5146,"** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.",Affected
20150317,CVE-2015-1802,-1,-1,921978,xorg-x11-libs,https://www.suse.com/security/cve/CVE-2015-1802,"The bdfReadProperties function in bitmap/bdfread.c in X.Org libXfont before 1.4.9 and 1.5.x before 1.5.1 allows remote authenticated users to cause a denial of service (out-of-bounds write and crash) or possibly execute arbitrary code via a (1) negative or (2) large property count in a BDF font file.",Released
20150317,CVE-2015-1803,-1,-1,921978,xorg-x11-libs,https://www.suse.com/security/cve/CVE-2015-1803,"The bdfReadCharacters function in bitmap/bdfread.c in X.Org libXfont before 1.4.9 and 1.5.x before 1.5.1 does not properly handle character bitmaps it cannot read, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) and possibly execute arbitrary code via a crafted BDF font file.",Released
20150317,CVE-2015-1804,-1,-1,921978,xorg-x11-libs,https://www.suse.com/security/cve/CVE-2015-1804,"The bdfReadCharacters function in bitmap/bdfread.c in X.Org libXfont before 1.4.9 and 1.5.x before 1.5.1 does not properly perform type conversion for metrics values, which allows remote authenticated users to cause a denial of service (out-of-bounds memory access) and possibly execute arbitrary code via a crafted BDF font file.",Released
20150317,CVE-2015-2318,-1,-1,921312,mono-core,https://www.suse.com/security/cve/CVE-2015-2318,"The TLS stack in Mono before 3.12.1 allows man-in-the-middle attackers to conduct message skipping attacks and consequently impersonate clients by leveraging missing handshake state validation, aka a \"SMACK SKIP-TLS\" issue.",Released
20150317,CVE-2015-2319,-1,-1,921312,mono-core,https://www.suse.com/security/cve/CVE-2015-2319,"The TLS stack in Mono before 3.12.1 makes it easier for remote attackers to conduct cipher-downgrade attacks to EXPORT_RSA ciphers via crafted TLS traffic, related to the \"FREAK\" issue, a different vulnerability than CVE-2015-0204.",Released
20150317,CVE-2015-2320,-1,-1,921312,mono-core,https://www.suse.com/security/cve/CVE-2015-2320,"The TLS stack in Mono before 3.12.1 allows remote attackers to have unspecified impact via vectors related to client-side SSLv2 fallback.",Released
20150318,CVE-2014-7912,-1,-1,922868,dhcpcd,https://www.suse.com/security/cve/CVE-2014-7912,"The get_option function in dhcp.c in dhcpcd before 6.2.0, as used in dhcpcd 5.x in Android before 5.1 and other products, does not validate the relationship between length fields and the amount of data, which allows remote DHCP servers to execute arbitrary code or cause a denial of service (memory corruption) via a large length value of an option in a DHCPACK message.",Analysis
20150318,CVE-2014-7913,-1,-1,922868,dhcpcd,https://www.suse.com/security/cve/CVE-2014-7913,"The print_option function in dhcp-common.c in dhcpcd through 6.9.1, as used in dhcp.c in dhcpcd 5.x in Android before 5.1 and other products, misinterprets the return value of the snprintf function, which allows remote DHCP servers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted message.",Analysis
20150318,CVE-2015-1379,-1,-1,922903,socat,https://www.suse.com/security/cve/CVE-2015-1379,"The signal handler implementations in socat before 1.7.3.0 and 2.0.0-b8 allow remote attackers to cause a denial of service (process freeze or crash).",Unsupported
20150319,CVE-2014-9140,-1,-1,923142,tcpdump,https://www.suse.com/security/cve/CVE-2014-9140,"Buffer overflow in the ppp_hdlc function in print-ppp.c in tcpdump 4.6.2 and earlier allows remote attackers to cause a denial of service (crash) cia a crafted PPP packet.",Released
20150319,CVE-2015-2059,-1,-1,1173590,libidn,https://www.suse.com/security/cve/CVE-2015-2059,"The stringprep_utf8_to_ucs4 function in libin before 1.31, as used in jabberd2, allows context-dependent attackers to read system memory and possibly have other unspecified impact via invalid UTF-8 characters in a string, which triggers an out-of-bounds read.",Released
20150324,CVE-2014-8166,,8.8,923909,cups,https://www.suse.com/security/cve/CVE-2014-8166,"The browsing feature in the server in CUPS does not filter ANSI escape sequences from shared printer names, which might allow remote attackers to execute arbitrary code via a crafted printer name.",Ignore
20150324,CVE-2014-9709,-1,-1,923945,gd,https://www.suse.com/security/cve/CVE-2014-9709,"The GetCode_ function in gd_gif_in.c in GD 2.1.1 and earlier, as used in PHP before 5.5.21 and 5.6.x before 5.6.5, allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted GIF image that is improperly handled by the gdImageCreateFromGif function.",Released
20150324,CVE-2014-9709,-1,-1,923945,php53,https://www.suse.com/security/cve/CVE-2014-9709,"The GetCode_ function in gd_gif_in.c in GD 2.1.1 and earlier, as used in PHP before 5.5.21 and 5.6.x before 5.6.5, allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted GIF image that is improperly handled by the gdImageCreateFromGif function.",Released
20150324,CVE-2014-9710,-1,-1,923908,kernel-source,https://www.suse.com/security/cve/CVE-2014-9710,"The Btrfs implementation in the Linux kernel before 3.19 does not ensure that the visible xattr state is consistent with a requested replacement, which allows local users to bypass intended ACL settings and gain privileges via standard filesystem operations (1) during an xattr-replacement time window, related to a race condition, or (2) after an xattr-replacement attempt that fails because the data does not fit.",Released
20150324,CVE-2015-1779,,8.6,924018,kvm,https://www.suse.com/security/cve/CVE-2015-1779,"The VNC websocket frame decoder in QEMU allows remote attackers to cause a denial of service (memory and CPU consumption) via a large (1) websocket payload or (2) HTTP headers section.",Released
20150324,CVE-2015-2686,-1,-1,923924,kernel-source,https://www.suse.com/security/cve/CVE-2015-2686,"net/socket.c in the Linux kernel 3.19 before 3.19.3 does not validate certain range data for (1) sendto and (2) recvfrom system calls, which allows local users to gain privileges by leveraging a subsystem that uses the copy_from_iter function in the iov_iter interface, as demonstrated by the Bluetooth subsystem.",Analysis
20150325,CVE-2015-1798,-1,-1,924202,ntp,https://www.suse.com/security/cve/CVE-2015-1798,"The symmetric-key feature in the receive function in ntp_proto.c in ntpd in NTP 4.x before 4.2.8p2 requires a correct MAC only if the MAC field has a nonzero length, which makes it easier for man-in-the-middle attackers to spoof packets by omitting the MAC.",Released
20150325,CVE-2015-1799,-1,-1,924202,ntp,https://www.suse.com/security/cve/CVE-2015-1799,"The symmetric-key feature in the receive function in ntp_proto.c in ntpd in NTP 3.x and 4.x before 4.2.8p2 performs state-variable updates upon receiving certain invalid packets, which makes it easier for man-in-the-middle attackers to cause a denial of service (synchronization loss) by spoofing the source IP address of a peer.",Released
20150327,CVE-2015-2756,-1,-1,922706,xen,https://www.suse.com/security/cve/CVE-2015-2756,"QEMU, as used in Xen 3.3.x through 4.5.x, does not properly restrict access to PCI command registers, which might allow local HVM guest users to cause a denial of service (non-maskable interrupt and host crash) by disabling the (1) memory or (2) I/O decoding for a PCI Express device and then accessing the device, which triggers an Unsupported Request (UR) response.",Already fixed
20150330,CVE-2015-2325,,7.8,924960,curl,https://www.suse.com/security/cve/CVE-2015-2325,"The compile_branch function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code, cause a denial of service (out-of-bounds heap read and crash), or possibly have other unspecified impact via a regular expression with a group containing a forward reference repeated a large number of times within a repeated outer group that has a zero minimum quantifier.",Released
20150330,CVE-2015-2325,,7.8,924960,freetype2,https://www.suse.com/security/cve/CVE-2015-2325,"The compile_branch function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code, cause a denial of service (out-of-bounds heap read and crash), or possibly have other unspecified impact via a regular expression with a group containing a forward reference repeated a large number of times within a repeated outer group that has a zero minimum quantifier.",Released
20150330,CVE-2015-2325,,7.8,924960,ft2demos,https://www.suse.com/security/cve/CVE-2015-2325,"The compile_branch function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code, cause a denial of service (out-of-bounds heap read and crash), or possibly have other unspecified impact via a regular expression with a group containing a forward reference repeated a large number of times within a repeated outer group that has a zero minimum quantifier.",Released
20150330,CVE-2015-2325,,7.8,924960,icu,https://www.suse.com/security/cve/CVE-2015-2325,"The compile_branch function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code, cause a denial of service (out-of-bounds heap read and crash), or possibly have other unspecified impact via a regular expression with a group containing a forward reference repeated a large number of times within a repeated outer group that has a zero minimum quantifier.",Released
20150330,CVE-2015-2325,,7.8,924960,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2015-2325,"The compile_branch function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code, cause a denial of service (out-of-bounds heap read and crash), or possibly have other unspecified impact via a regular expression with a group containing a forward reference repeated a large number of times within a repeated outer group that has a zero minimum quantifier.",Released
20150330,CVE-2015-2325,,7.8,924960,mozilla-nspr,https://www.suse.com/security/cve/CVE-2015-2325,"The compile_branch function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code, cause a denial of service (out-of-bounds heap read and crash), or possibly have other unspecified impact via a regular expression with a group containing a forward reference repeated a large number of times within a repeated outer group that has a zero minimum quantifier.",Released
20150330,CVE-2015-2325,,7.8,924960,mozilla-nss,https://www.suse.com/security/cve/CVE-2015-2325,"The compile_branch function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code, cause a denial of service (out-of-bounds heap read and crash), or possibly have other unspecified impact via a regular expression with a group containing a forward reference repeated a large number of times within a repeated outer group that has a zero minimum quantifier.",Released
20150330,CVE-2015-2325,,7.8,924960,openssl,https://www.suse.com/security/cve/CVE-2015-2325,"The compile_branch function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code, cause a denial of service (out-of-bounds heap read and crash), or possibly have other unspecified impact via a regular expression with a group containing a forward reference repeated a large number of times within a repeated outer group that has a zero minimum quantifier.",Released
20150330,CVE-2015-2325,,7.8,924960,perl,https://www.suse.com/security/cve/CVE-2015-2325,"The compile_branch function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code, cause a denial of service (out-of-bounds heap read and crash), or possibly have other unspecified impact via a regular expression with a group containing a forward reference repeated a large number of times within a repeated outer group that has a zero minimum quantifier.",Released
20150330,CVE-2015-2325,,7.8,924960,php53,https://www.suse.com/security/cve/CVE-2015-2325,"The compile_branch function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code, cause a denial of service (out-of-bounds heap read and crash), or possibly have other unspecified impact via a regular expression with a group containing a forward reference repeated a large number of times within a repeated outer group that has a zero minimum quantifier.",Released
20150330,CVE-2015-2325,,7.8,924960,zlib,https://www.suse.com/security/cve/CVE-2015-2325,"The compile_branch function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code, cause a denial of service (out-of-bounds heap read and crash), or possibly have other unspecified impact via a regular expression with a group containing a forward reference repeated a large number of times within a repeated outer group that has a zero minimum quantifier.",Released
20150330,CVE-2015-2326,,5.5,924960,curl,https://www.suse.com/security/cve/CVE-2015-2326,"The pcre_compile2 function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code and cause a denial of service (out-of-bounds read) via regular expression with a group containing both a forward referencing subroutine call and a recursive back reference, as demonstrated by \"((?+1)(\1))/\".",Released
20150330,CVE-2015-2326,,5.5,924960,freetype2,https://www.suse.com/security/cve/CVE-2015-2326,"The pcre_compile2 function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code and cause a denial of service (out-of-bounds read) via regular expression with a group containing both a forward referencing subroutine call and a recursive back reference, as demonstrated by \"((?+1)(\1))/\".",Released
20150330,CVE-2015-2326,,5.5,924960,ft2demos,https://www.suse.com/security/cve/CVE-2015-2326,"The pcre_compile2 function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code and cause a denial of service (out-of-bounds read) via regular expression with a group containing both a forward referencing subroutine call and a recursive back reference, as demonstrated by \"((?+1)(\1))/\".",Released
20150330,CVE-2015-2326,,5.5,924960,icu,https://www.suse.com/security/cve/CVE-2015-2326,"The pcre_compile2 function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code and cause a denial of service (out-of-bounds read) via regular expression with a group containing both a forward referencing subroutine call and a recursive back reference, as demonstrated by \"((?+1)(\1))/\".",Released
20150330,CVE-2015-2326,,5.5,924960,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2015-2326,"The pcre_compile2 function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code and cause a denial of service (out-of-bounds read) via regular expression with a group containing both a forward referencing subroutine call and a recursive back reference, as demonstrated by \"((?+1)(\1))/\".",Released
20150330,CVE-2015-2326,,5.5,924960,mozilla-nspr,https://www.suse.com/security/cve/CVE-2015-2326,"The pcre_compile2 function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code and cause a denial of service (out-of-bounds read) via regular expression with a group containing both a forward referencing subroutine call and a recursive back reference, as demonstrated by \"((?+1)(\1))/\".",Released
20150330,CVE-2015-2326,,5.5,924960,mozilla-nss,https://www.suse.com/security/cve/CVE-2015-2326,"The pcre_compile2 function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code and cause a denial of service (out-of-bounds read) via regular expression with a group containing both a forward referencing subroutine call and a recursive back reference, as demonstrated by \"((?+1)(\1))/\".",Released
20150330,CVE-2015-2326,,5.5,924960,openssl,https://www.suse.com/security/cve/CVE-2015-2326,"The pcre_compile2 function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code and cause a denial of service (out-of-bounds read) via regular expression with a group containing both a forward referencing subroutine call and a recursive back reference, as demonstrated by \"((?+1)(\1))/\".",Released
20150330,CVE-2015-2326,,5.5,924960,perl,https://www.suse.com/security/cve/CVE-2015-2326,"The pcre_compile2 function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code and cause a denial of service (out-of-bounds read) via regular expression with a group containing both a forward referencing subroutine call and a recursive back reference, as demonstrated by \"((?+1)(\1))/\".",Released
20150330,CVE-2015-2326,,5.5,924960,php53,https://www.suse.com/security/cve/CVE-2015-2326,"The pcre_compile2 function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code and cause a denial of service (out-of-bounds read) via regular expression with a group containing both a forward referencing subroutine call and a recursive back reference, as demonstrated by \"((?+1)(\1))/\".",Released
20150330,CVE-2015-2326,,5.5,924960,zlib,https://www.suse.com/security/cve/CVE-2015-2326,"The pcre_compile2 function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code and cause a denial of service (out-of-bounds read) via regular expression with a group containing both a forward referencing subroutine call and a recursive back reference, as demonstrated by \"((?+1)(\1))/\".",Released
20150330,CVE-2015-2348,-1,-1,924970,php53,https://www.suse.com/security/cve/CVE-2015-2348,"The move_uploaded_file implementation in ext/standard/basic_functions.c in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 truncates a pathname upon encountering a \x00 character, which allows remote attackers to bypass intended extension restrictions and create files with unexpected names via a crafted second argument.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2006-7243.",Released
20150330,CVE-2015-2782,-1,-1,924906,unarj,https://www.suse.com/security/cve/CVE-2015-2782,"Buffer overflow in Open-source ARJ archiver 3.10.22 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted ARJ archive.",Already fixed
20150330,CVE-2015-2787,-1,-1,924972,php53,https://www.suse.com/security/cve/CVE-2015-2787,"Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages use of the unset function within an __wakeup function, a related issue to CVE-2015-0231.",Released
20150331,CVE-2014-8119,,7.5,925225,augeas,https://www.suse.com/security/cve/CVE-2014-8119,"The find_ifcfg_path function in netcf before 0.2.7 might allow attackers to cause a denial of service (application crash) via vectors involving augeas path expressions.",Released
20150331,CVE-2015-2751,-1,-1,922709,xen,https://www.suse.com/security/cve/CVE-2015-2751,"Xen 4.3.x, 4.4.x, and 4.5.x, when using toolstack disaggregation, allows remote domains with partial management control to cause a denial of service (host lock) via unspecified domctl operations.",Already fixed
20150331,CVE-2015-2752,-1,-1,922705,xen,https://www.suse.com/security/cve/CVE-2015-2752,"The XEN_DOMCTL_memory_mapping hypercall in Xen 3.2.x through 4.5.x, when using a PCI passthrough device, is not preemptible, which allows local x86 HVM domain users to cause a denial of service (host CPU consumption) via a crafted request to the device model (qemu-dm).",Already fixed
20150331,CVE-2015-2806,,,924828,gnutls,https://www.suse.com/security/cve/CVE-2015-2806,"Stack-based buffer overflow in asn1_der_decoding in libtasn1 before 4.4 allows remote attackers to have unspecified impact via unknown vectors.",Released
20150331,CVE-2015-2806,,,924828,libtasn1,https://www.suse.com/security/cve/CVE-2015-2806,"Stack-based buffer overflow in asn1_der_decoding in libtasn1 before 4.4 allows remote attackers to have unspecified impact via unknown vectors.",Released
20150401,CVE-2015-2775,5.9,,925502,mailman,https://www.suse.com/security/cve/CVE-2015-2775,"Directory traversal vulnerability in GNU Mailman before 2.1.20, when not using a static alias, allows remote attackers to execute arbitrary files via a .. (dot dot) in a list name.",Released
20150401,CVE-2015-2808,,,925378,apache2-mod_nss,https://www.suse.com/security/cve/CVE-2015-2808,"The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic that occasionally relies on keys affected by the Invariance Weakness, and then using a brute-force approach involving LSB values, aka the \"Bar Mitzvah\" issue.",Ignore
20150401,CVE-2015-2808,,,925378,gnutls,https://www.suse.com/security/cve/CVE-2015-2808,"The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic that occasionally relies on keys affected by the Invariance Weakness, and then using a brute-force approach involving LSB values, aka the \"Bar Mitzvah\" issue.",Ignore
20150401,CVE-2015-2808,,,925378,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2015-2808,"The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic that occasionally relies on keys affected by the Invariance Weakness, and then using a brute-force approach involving LSB values, aka the \"Bar Mitzvah\" issue.",Already fixed
20150401,CVE-2015-2808,,,925378,mozilla-nss,https://www.suse.com/security/cve/CVE-2015-2808,"The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic that occasionally relies on keys affected by the Invariance Weakness, and then using a brute-force approach involving LSB values, aka the \"Bar Mitzvah\" issue.",Ignore
20150401,CVE-2015-2808,,,925378,openssl,https://www.suse.com/security/cve/CVE-2015-2808,"The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic that occasionally relies on keys affected by the Invariance Weakness, and then using a brute-force approach involving LSB values, aka the \"Bar Mitzvah\" issue.",Ignore
20150407,CVE-2015-2830,-1,-1,903967,xen,https://www.suse.com/security/cve/CVE-2015-2830,"arch/x86/kernel/entry_64.S in the Linux kernel before 3.19.2 does not prevent the TS_COMPAT flag from reaching a user-mode task, which might allow local users to bypass the seccomp or audit protection mechanism via a crafted application that uses the (1) fork or (2) close system call, as demonstrated by an attack against seccomp before 3.16.",Already fixed
20150407,CVE-2015-2922,-1,-1,903967,xen,https://www.suse.com/security/cve/CVE-2015-2922,"The ndisc_router_discovery function in net/ipv6/ndisc.c in the Neighbor Discovery (ND) protocol implementation in the IPv6 stack in the Linux kernel before 3.19.6 allows remote attackers to reconfigure a hop-limit setting via a small hop_limit value in a Router Advertisement (RA) message.",Already fixed
20150408,CVE-2015-1820,-1,-1,922448,python-requests,https://www.suse.com/security/cve/CVE-2015-1820,"REST client for Ruby (aka rest-client) before 1.8.0 allows remote attackers to conduct session fixation attacks or obtain sensitive cookie information by leveraging passage of cookies set in a response to a redirect.",Already fixed
20150410,CVE-2014-0230,-1,-1,926762,tomcat6,https://www.suse.com/security/cve/CVE-2014-0230,"Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle cases where an HTTP response occurs before finishing the reading of an entire request body, which allows remote attackers to cause a denial of service (thread consumption) via a series of aborted upload attempts.",Released
20150413,CVE-2015-1855,,5.9,926974,ruby,https://www.suse.com/security/cve/CVE-2015-1855,"verify_certificate_identity in the OpenSSL extension in Ruby before 2.0.0 patchlevel 645, 2.1.x before 2.1.6, and 2.2.x before 2.2.2 does not properly validate hostnames, which allows remote attackers to spoof servers via vectors related to (1) multiple wildcards, (1) wildcards in IDNA names, (3) case sensitivity, and (4) non-ASCII characters.",Released
20150414,CVE-2015-1781,-1,-1,1123874,glibc,https://www.suse.com/security/cve/CVE-2015-1781,"Buffer overflow in the gethostbyname_r and other unspecified NSS functions in the GNU C Library (aka glibc or libc6) before 2.22 allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response, which triggers a call with a misaligned buffer.",Released
20150415,CVE-2013-7439,-1,-1,927126,SDL,https://www.suse.com/security/cve/CVE-2013-7439,"Multiple off-by-one errors in the (1) MakeBigReq and (2) SetReqLen macros in include/X11/Xlibint.h in X11R6.x and libX11 before 1.6.0 allow remote attackers to have unspecified impact via a crafted request, which triggers a buffer overflow.",Ignore
20150415,CVE-2013-7439,-1,-1,927126,xorg-x11-libs,https://www.suse.com/security/cve/CVE-2013-7439,"Multiple off-by-one errors in the (1) MakeBigReq and (2) SetReqLen macros in include/X11/Xlibint.h in X11R6.x and libX11 before 1.6.0 allow remote attackers to have unspecified impact via a crafted request, which triggers a buffer overflow.",Ignore
20150415,CVE-2013-7439,-1,-1,927126,xorg-x11-libX11,https://www.suse.com/security/cve/CVE-2013-7439,"Multiple off-by-one errors in the (1) MakeBigReq and (2) SetReqLen macros in include/X11/Xlibint.h in X11R6.x and libX11 before 1.6.0 allow remote attackers to have unspecified impact via a crafted request, which triggers a buffer overflow.",Released
20150415,CVE-2013-7439,-1,-1,927126,xorg-x11-libXext,https://www.suse.com/security/cve/CVE-2013-7439,"Multiple off-by-one errors in the (1) MakeBigReq and (2) SetReqLen macros in include/X11/Xlibint.h in X11R6.x and libX11 before 1.6.0 allow remote attackers to have unspecified impact via a crafted request, which triggers a buffer overflow.",Ignore
20150415,CVE-2013-7439,-1,-1,927126,xorg-x11-libXfixes,https://www.suse.com/security/cve/CVE-2013-7439,"Multiple off-by-one errors in the (1) MakeBigReq and (2) SetReqLen macros in include/X11/Xlibint.h in X11R6.x and libX11 before 1.6.0 allow remote attackers to have unspecified impact via a crafted request, which triggers a buffer overflow.",Ignore
20150415,CVE-2013-7439,-1,-1,927126,xorg-x11-libXp,https://www.suse.com/security/cve/CVE-2013-7439,"Multiple off-by-one errors in the (1) MakeBigReq and (2) SetReqLen macros in include/X11/Xlibint.h in X11R6.x and libX11 before 1.6.0 allow remote attackers to have unspecified impact via a crafted request, which triggers a buffer overflow.",Ignore
20150415,CVE-2013-7439,-1,-1,927126,xorg-x11-libXrender,https://www.suse.com/security/cve/CVE-2013-7439,"Multiple off-by-one errors in the (1) MakeBigReq and (2) SetReqLen macros in include/X11/Xlibint.h in X11R6.x and libX11 before 1.6.0 allow remote attackers to have unspecified impact via a crafted request, which triggers a buffer overflow.",Ignore
20150415,CVE-2013-7439,-1,-1,927126,xorg-x11-libXv,https://www.suse.com/security/cve/CVE-2013-7439,"Multiple off-by-one errors in the (1) MakeBigReq and (2) SetReqLen macros in include/X11/Xlibint.h in X11R6.x and libX11 before 1.6.0 allow remote attackers to have unspecified impact via a crafted request, which triggers a buffer overflow.",Ignore
20150417,CVE-2015-0458,-1,-1,927591,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2015-0458,"Unspecified vulnerability in in Oracle Java SE 6u91, 7u76, and 8u40 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.",Unsupported
20150417,CVE-2015-0459,-1,-1,927591,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2015-0459,"Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40, and JavaFX 2.2.76, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than CVE-2015-0491.",Affected
20150417,CVE-2015-0469,-1,-1,927591,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2015-0469,"Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.",Affected
20150417,CVE-2015-0470,-1,-1,927591,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2015-0470,"Unspecified vulnerability in Oracle Java SE 8u40 allows remote attackers to affect integrity via unknown vectors related to Hotspot.",Already fixed
20150417,CVE-2015-0477,-1,-1,927591,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2015-0477,"Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40 allows remote attackers to affect integrity via unknown vectors related to Beans.",Unsupported
20150417,CVE-2015-0478,-1,-1,927591,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2015-0478,"Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40, and JRockit R28.3.5, allows remote attackers to affect confidentiality via vectors related to JCE.",Unsupported
20150417,CVE-2015-0480,-1,-1,927591,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2015-0480,"Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40 allows remote attackers to affect integrity and availability via unknown vectors related to Tools.",Affected
20150417,CVE-2015-0484,-1,-1,927591,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2015-0484,"Unspecified vulnerability in Oracle Java SE 7u76 and 8u40, and Java FX 2.2.76, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2015-0492.",Already fixed
20150417,CVE-2015-0486,-1,-1,927591,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2015-0486,"Unspecified vulnerability in Oracle Java SE 8u40 allows remote attackers to affect confidentiality via unknown vectors related to Deployment.",Already fixed
20150417,CVE-2015-0488,-1,-1,927591,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2015-0488,"Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40, and JRockit R28.3.5, allows remote attackers to affect availability via vectors related to JSSE.",Unsupported
20150417,CVE-2015-0491,-1,-1,927591,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2015-0491,"Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40, and Java FX 2.2.76, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than CVE-2015-0459.",Affected
20150417,CVE-2015-0492,-1,-1,927591,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2015-0492,"Unspecified vulnerability in Oracle Java SE 7u76 and 8u40, and JavaFX 2.2.76, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2015-0484.",Already fixed
20150417,CVE-2015-3143,-1,-1,927556,curl,https://www.suse.com/security/cve/CVE-2015-3143,"cURL and libcurl 7.10.6 through 7.41.0 does not properly re-use NTLM connections, which allows remote attackers to connect as other users via an unauthenticated request, a similar issue to CVE-2014-0015.",Unsupported
20150418,CVE-2015-3331,-1,-1,1115893,kernel-source,https://www.suse.com/security/cve/CVE-2015-3331,"The __driver_rfc4106_decrypt function in arch/x86/crypto/aesni-intel_glue.c in the Linux kernel before 3.19.3 does not properly determine the memory locations used for encrypted data, which allows context-dependent attackers to cause a denial of service (buffer overflow and system crash) or possibly execute arbitrary code by triggering a crypto API call, as demonstrated by use of a libkcapi test program with an AF_ALG(aead) socket.",Released
20150419,CVE-2015-3144,-1,-1,927608,curl,https://www.suse.com/security/cve/CVE-2015-3144,"The fix_hostname function in cURL and libcurl 7.37.0 through 7.41.0 does not properly calculate an index, which allows remote attackers to cause a denial of service (out-of-bounds read or write and crash) or possibly have other unspecified impact via a zero-length host name, as demonstrated by \"http://:80\" and \":80.\"",Unsupported
20150419,CVE-2015-3145,-1,-1,927607,curl,https://www.suse.com/security/cve/CVE-2015-3145,"The sanitize_cookie_path function in cURL and libcurl 7.31.0 through 7.41.0 does not properly calculate an index, which allows remote attackers to cause a denial of service (out-of-bounds write and crash) or possibly have other unspecified impact via a cookie path containing only a double-quote character.",Unsupported
20150419,CVE-2015-3148,,,1092962,curl,https://www.suse.com/security/cve/CVE-2015-3148,"cURL and libcurl 7.10.6 through 7.41.0 do not properly re-use authenticated Negotiate connections, which allows remote attackers to connect as other users via a request.",Unsupported
20150420,CVE-2014-8111,-1,-1,927845,apache2-mod_jk,https://www.suse.com/security/cve/CVE-2014-8111,"Apache Tomcat Connectors (mod_jk) before 1.2.41 ignores JkUnmount rules for subtrees of previous JkMount rules, which allows remote attackers to access otherwise restricted artifacts via unspecified vectors.",Released
20150420,CVE-2014-9715,-1,-1,927780,kernel-source,https://www.suse.com/security/cve/CVE-2014-9715,"include/net/netfilter/nf_conntrack_extend.h in the netfilter subsystem in the Linux kernel before 3.14.5 uses an insufficiently large data type for certain extension data, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) via outbound network traffic that triggers extension loading, as demonstrated by configuring a PPTP tunnel in a NAT environment.",Ignore
20150420,CVE-2015-1858,-1,-1,921999,libqt4,https://www.suse.com/security/cve/CVE-2015-1858,"Multiple buffer overflows in gui/image/qbmphandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault and crash) and possibly execute arbitrary code via a crafted BMP image.",Released
20150420,CVE-2015-1859,-1,-1,921999,libqt4,https://www.suse.com/security/cve/CVE-2015-1859,"Multiple buffer overflows in plugins/imageformats/ico/qicohandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault and crash) and possibly execute arbitrary code via a crafted ICO image.",Already fixed
20150420,CVE-2015-1859,-1,-1,921999,qt3,https://www.suse.com/security/cve/CVE-2015-1859,"Multiple buffer overflows in plugins/imageformats/ico/qicohandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault and crash) and possibly execute arbitrary code via a crafted ICO image.",Ignore
20150420,CVE-2015-1860,-1,-1,921999,libqt4,https://www.suse.com/security/cve/CVE-2015-1860,"Multiple buffer overflows in gui/image/qgifhandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a crafted GIF image.",Released
20150420,CVE-2015-3310,-1,-1,927841,ppp,https://www.suse.com/security/cve/CVE-2015-3310,"Buffer overflow in the rc_mksid function in plugins/radius/util.c in Paul's PPP Package (ppp) 2.4.6 and earlier, when the PID for pppd is greater than 65535, allows remote attackers to cause a denial of service (crash) via a start accounting message to the RADIUS server.",Released
20150421,CVE-2015-3340,-1,-1,927967,xen,https://www.suse.com/security/cve/CVE-2015-3340,"Xen 4.2.x through 4.5.x does not initialize certain fields, which allows certain remote service domains to obtain sensitive information from memory via a (1) XEN_DOMCTL_gettscinfo or (2) XEN_SYSCTL_getdomaininfolist request.",Already fixed
20150422,CVE-2014-8171,,5.5,928128,kernel-source,https://www.suse.com/security/cve/CVE-2014-8171,"The memory resource controller (aka memcg) in the Linux kernel allows local users to cause a denial of service (deadlock) by spawning new processes within a memory-constrained cgroup.",Analysis
20150422,CVE-2015-1819,-1,-1,1123919,libxml2,https://www.suse.com/security/cve/CVE-2015-1819,"The xmlreader in libxml allows remote attackers to cause a denial of service (memory consumption) via crafted XML data, related to an XML Entity Expansion (XEE) attack.",Released
20150422,CVE-2015-1819,-1,-1,1123919,libxml2-python,https://www.suse.com/security/cve/CVE-2015-1819,"The xmlreader in libxml allows remote attackers to cause a denial of service (memory consumption) via crafted XML data, related to an XML Entity Expansion (XEE) attack.",Released
20150422,CVE-2015-3332,-1,-1,903967,xen,https://www.suse.com/security/cve/CVE-2015-3332,"A certain backport in the TCP Fast Open implementation for the Linux kernel before 3.18 does not properly maintain a count value, which allow local users to cause a denial of service (system crash) via the Fast Open feature, as demonstrated by visiting the chrome://flags/#enable-tcp-fast-open URL when using certain 3.10.x through 3.16.x kernel builds, including longterm-maintenance releases and ckt (aka Canonical Kernel Team) builds.",Already fixed
20150422,CVE-2015-3339,-1,-1,903967,xen,https://www.suse.com/security/cve/CVE-2015-3339,"Race condition in the prepare_binprm function in fs/exec.c in the Linux kernel before 3.19.6 allows local users to gain privileges by executing a setuid program at a time instant when a chown to root is in progress, and the ownership is changed but the setuid bit is not yet stripped.",Already fixed
20150423,CVE-2014-9718,-1,-1,928393,kvm,https://www.suse.com/security/cve/CVE-2014-9718,"The (1) BMDMA and (2) AHCI HBA interfaces in the IDE functionality in QEMU 1.0 through 2.1.3 have multiple interpretations of a function's return value, which allows guest OS users to cause a host OS denial of service (memory consumption or infinite loop, and system crash) via a PRDT with zero complete sectors, related to the bmdma_prepare_buf and ahci_dma_prepare_buf functions.",Released
20150423,CVE-2015-1119,6.3,,928380,libqt4,https://www.suse.com/security/cve/CVE-2015-1119,"WebKit, as used in Apple iOS before 8.3, Apple TV before 7.2, and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-04-08-1, APPLE-SA-2015-04-08-3, and APPLE-SA-2015-04-08-4.",Affected
20150423,CVE-2015-1120,6.3,,928380,libqt4,https://www.suse.com/security/cve/CVE-2015-1120,"WebKit, as used in Apple iOS before 8.3, Apple TV before 7.2, and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-04-08-1, APPLE-SA-2015-04-08-3, and APPLE-SA-2015-04-08-4.",Affected
20150423,CVE-2015-1121,6.3,,928380,libqt4,https://www.suse.com/security/cve/CVE-2015-1121,"WebKit, as used in Apple iOS before 8.3, Apple TV before 7.2, and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-04-08-1, APPLE-SA-2015-04-08-3, and APPLE-SA-2015-04-08-4.",Affected
20150423,CVE-2015-1122,6.3,,1082221,libqt4,https://www.suse.com/security/cve/CVE-2015-1122,"WebKit, as used in Apple iOS before 8.3, Apple TV before 7.2, and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-04-08-1, APPLE-SA-2015-04-08-3, and APPLE-SA-2015-04-08-4.",Affected
20150423,CVE-2015-1123,6.3,,928380,libqt4,https://www.suse.com/security/cve/CVE-2015-1123,"WebKit, as used in Apple iOS before 8.3 and Apple TV before 7.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-04-08-3 and APPLE-SA-2015-04-08-4.",Affected
20150423,CVE-2015-1124,6.3,,928380,libqt4,https://www.suse.com/security/cve/CVE-2015-1124,"WebKit, as used in Apple iOS before 8.3, Apple TV before 7.2, and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-04-08-1, APPLE-SA-2015-04-08-3, and APPLE-SA-2015-04-08-4.",Affected
20150423,CVE-2015-1125,4.3,,928380,libqt4,https://www.suse.com/security/cve/CVE-2015-1125,"The touch-events implementation in WebKit in Apple iOS before 8.3 allows remote attackers to trigger an association between a tap and an unintended web resource via a crafted web site.",Affected
20150423,CVE-2015-1126,4.3,,928380,libqt4,https://www.suse.com/security/cve/CVE-2015-1126,"WebKit, as used in Apple iOS before 8.3 and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, does not properly handle the userinfo field in FTP URLs, which allows remote attackers to trigger incorrect resource access via unspecified vectors.",Affected
20150423,CVE-2015-1127,3.3,,928380,libqt4,https://www.suse.com/security/cve/CVE-2015-1127,"The private-browsing implementation in WebKit in Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5 places browsing history into an index, which might allow local users to obtain sensitive information by reading index entries.",Affected
20150423,CVE-2015-3330,-1,-1,908782,php53,https://www.suse.com/security/cve/CVE-2015-3330,"The php_handler function in sapi/apache2handler/sapi_apache2.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8, when the Apache HTTP Server 2.4.x is used, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via pipelined HTTP requests that result in a \"deconfigured interpreter.\"",Ignore
20150423,CVE-2015-3405,,7.5,924202,ntp,https://www.suse.com/security/cve/CVE-2015-3405,"ntp-keygen in ntp 4.2.8px before 4.2.8p2-RC2 and 4.3.x before 4.3.12 does not generate MD5 keys with sufficient entropy on big endian machines when the lowest order byte of the temp variable is between 0x20 and 0x7f and not #, which might allow remote attackers to obtain the value of generated MD5 keys via a brute force attack with the 93 possible keys.",Already fixed
20150424,CVE-2015-2783,-1,-1,928408,php53,https://www.suse.com/security/cve/CVE-2015-2783,"ext/phar/phar.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (buffer over-read and application crash) via a crafted length value in conjunction with crafted serialized data in a phar archive, related to the phar_parse_metadata and phar_parse_pharfile functions.",Already fixed
20150424,CVE-2015-3153,-1,-1,928533,curl,https://www.suse.com/security/cve/CVE-2015-3153,"The default configuration for cURL and libcurl before 7.42.1 sends custom HTTP headers to both the proxy and destination server, which might allow remote proxy servers to obtain sensitive information by reading the header contents.",Unsupported
20150424,CVE-2015-3329,-1,-1,928408,php53,https://www.suse.com/security/cve/CVE-2015-3329,"Multiple stack-based buffer overflows in the phar_set_inode function in phar_internal.h in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allow remote attackers to execute arbitrary code via a crafted length value in a (1) tar, (2) phar, or (3) ZIP archive.",Already fixed
20150428,CVE-2015-3294,-1,-1,923144,dnsmasq,https://www.suse.com/security/cve/CVE-2015-3294,"The tcp_request function in Dnsmasq before 2.73rc4 does not properly handle the return value of the setup_reply function, which allows remote attackers to read process memory and cause a denial of service (out-of-bounds read and crash) via a malformed DNS request.",Released
20150430,CVE-2015-2170,-1,-1,1040662,clamav,https://www.suse.com/security/cve/CVE-2015-2170,"The upx decoder in ClamAV before 0.98.7 allows remote attackers to cause a denial of service (crash) via a crafted file.",Released
20150430,CVE-2015-2221,-1,-1,1040662,clamav,https://www.suse.com/security/cve/CVE-2015-2221,"ClamAV before 0.98.7 allows remote attackers to cause a denial of service (infinite loop) via a crafted y0da cryptor file.",Released
20150430,CVE-2015-2222,-1,-1,1040662,clamav,https://www.suse.com/security/cve/CVE-2015-2222,"ClamAV before 0.98.7 allows remote attackers to cause a denial of service (crash) via a crafted petite packed file.",Released
20150430,CVE-2015-2668,-1,-1,1040662,clamav,https://www.suse.com/security/cve/CVE-2015-2668,"ClamAV before 0.98.7 allows remote attackers to cause a denial of service (infinite loop) via a crafted xz archive file.",Released
20150501,CVE-2015-3456,-1,-1,929339,kvm,https://www.suse.com/security/cve/CVE-2015-3456,"The Floppy Disk Controller (FDC) in QEMU, as used in Xen 4.5.x and earlier and KVM, allows local guest users to cause a denial of service (out-of-bounds write and guest crash) or possibly execute arbitrary code via the (1) FD_CMD_READ_ID, (2) FD_CMD_DRIVE_SPECIFICATION_COMMAND, or other unspecified commands, aka VENOM.",Already fixed
20150501,CVE-2015-3456,-1,-1,929339,xen,https://www.suse.com/security/cve/CVE-2015-3456,"The Floppy Disk Controller (FDC) in QEMU, as used in Xen 4.5.x and earlier and KVM, allows local guest users to cause a denial of service (out-of-bounds write and guest crash) or possibly execute arbitrary code via the (1) FD_CMD_READ_ID, (2) FD_CMD_DRIVE_SPECIFICATION_COMMAND, or other unspecified commands, aka VENOM.",Already fixed
20150501,CVE-2015-3622,,,929414,libtasn1,https://www.suse.com/security/cve/CVE-2015-3622,"The _asn1_extract_der_octet function in lib/decoding.c in GNU Libtasn1 before 4.5 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted certificate.",Released
20150504,CVE-2015-3455,-1,-1,929493,squid,https://www.suse.com/security/cve/CVE-2015-3455,"Squid 3.2.x before 3.2.14, 3.3.x before 3.3.14, 3.4.x before 3.4.13, and 3.5.x before 3.5.4, when configured with client-first SSL-bump, do not properly validate the domain or hostname fields of X.509 certificates, which allows man-in-the-middle attackers to spoof SSL servers via a valid certificate.",Affected
20150504,CVE-2015-3636,-1,-1,929525,kernel-source,https://www.suse.com/security/cve/CVE-2015-3636,"The ping_unhash function in net/ipv4/ping.c in the Linux kernel before 4.0.3 does not initialize a certain list data structure during an unhash operation, which allows local users to gain privileges or cause a denial of service (use-after-free and system crash) by leveraging the ability to make a SOCK_DGRAM socket system call for the IPPROTO_ICMP or IPPROTO_ICMPV6 protocol, and then making a connect system call after a disconnect.",Already fixed
20150512,CVE-2015-3182,,5.5,930503,wireshark,https://www.suse.com/security/cve/CVE-2015-3182,"epan/dissectors/packet-dec-dnart.c in the DECnet NSP/RT dissector in Wireshark 1.10.12 through 1.10.14 mishandles a certain strdup return value, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.",Released
20150513,CVE-2015-3808,-1,-1,930689,wireshark,https://www.suse.com/security/cve/CVE-2015-3808,"The dissect_lbmr_pser function in epan/dissectors/packet-lbmr.c in the LBMR dissector in Wireshark 1.12.x before 1.12.5 does not reject a zero length, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet.",Released
20150513,CVE-2015-3809,-1,-1,930689,wireshark,https://www.suse.com/security/cve/CVE-2015-3809,"The dissect_lbmr_pser function in epan/dissectors/packet-lbmr.c in the LBMR dissector in Wireshark 1.12.x before 1.12.5 does not properly track the current offset, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet.",Released
20150513,CVE-2015-3810,-1,-1,930689,wireshark,https://www.suse.com/security/cve/CVE-2015-3810,"epan/dissectors/packet-websocket.c in the WebSocket dissector in Wireshark 1.12.x before 1.12.5 uses a recursive algorithm, which allows remote attackers to cause a denial of service (CPU consumption) via a crafted packet.",Released
20150513,CVE-2015-3811,-1,-1,930689,wireshark,https://www.suse.com/security/cve/CVE-2015-3811,"epan/dissectors/packet-wcp.c in the WCP dissector in Wireshark 1.10.x before 1.10.14 and 1.12.x before 1.12.5 improperly refers to previously processed bytes, which allows remote attackers to cause a denial of service (application crash) via a crafted packet, a different vulnerability than CVE-2015-2188.",Released
20150513,CVE-2015-3812,-1,-1,930689,wireshark,https://www.suse.com/security/cve/CVE-2015-3812,"Multiple memory leaks in the x11_init_protocol function in epan/dissectors/packet-x11.c in the X11 dissector in Wireshark 1.10.x before 1.10.14 and 1.12.x before 1.12.5 allow remote attackers to cause a denial of service (memory consumption) via a crafted packet.",Released
20150513,CVE-2015-3813,-1,-1,930689,wireshark,https://www.suse.com/security/cve/CVE-2015-3813,"The fragment_add_work function in epan/reassemble.c in the packet-reassembly feature in Wireshark 1.12.x before 1.12.5 does not properly determine the defragmentation state in a case of an insufficient snapshot length, which allows remote attackers to cause a denial of service (memory consumption) via a crafted packet.",Released
20150513,CVE-2015-3814,-1,-1,930689,wireshark,https://www.suse.com/security/cve/CVE-2015-3814,"The (1) dissect_tfs_request and (2) dissect_tfs_response functions in epan/dissectors/packet-ieee80211.c in the IEEE 802.11 dissector in Wireshark 1.10.x before 1.10.14 and 1.12.x before 1.12.5 interpret a zero value as a length rather than an error condition, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet.",Released
20150513,CVE-2015-3815,-1,-1,930689,wireshark,https://www.suse.com/security/cve/CVE-2015-3815,"The detect_version function in wiretap/logcat.c in the Android Logcat file parser in Wireshark 1.12.x before 1.12.5 does not check the length of the payload, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a packet with a crafted payload, as demonstrated by a length of zero, a different vulnerability than CVE-2015-3906.",Released
20150519,CVE-2014-7810,-1,-1,931442,tomcat6,https://www.suse.com/security/cve/CVE-2014-7810,"The Expression Language (EL) implementation in Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.58, and 8.x before 8.0.16 does not properly consider the possibility of an accessible interface implemented by an inaccessible class, which allows attackers to bypass a SecurityManager protection mechanism via a web application that leverages use of incorrect privileges during EL evaluation.",Released
20150519,CVE-2015-3202,-1,-1,931452,fuse,https://www.suse.com/security/cve/CVE-2015-3202,"fusermount in FUSE before 2.9.3-15 does not properly clear the environment before invoking (1) mount or (2) umount as root, which allows local users to write to arbitrary files via a crafted LIBMOUNT_MTAB environment variable that is used by mount's debugging feature.",Released
20150519,CVE-2015-3307,-1,-1,931418,php53,https://www.suse.com/security/cve/CVE-2015-3307,"The phar_parse_metadata function in ext/phar/phar.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to cause a denial of service (heap metadata corruption) or possibly have unspecified other impact via a crafted tar archive.",Already fixed
20150519,CVE-2015-4024,-1,-1,931421,php53,https://www.suse.com/security/cve/CVE-2015-4024,"Algorithmic complexity vulnerability in the multipart_buffer_headers function in main/rfc1867.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 allows remote attackers to cause a denial of service (CPU consumption) via crafted form data that triggers an improper order-of-growth outcome.",Already fixed
20150520,CVE-2015-4000,,3.7,1074631,gnutls,https://www.suse.com/security/cve/CVE-2015-4000,"The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the \"Logjam\" issue.",Released
20150520,CVE-2015-4000,,3.7,1074631,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2015-4000,"The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the \"Logjam\" issue.",Released
20150520,CVE-2015-4000,,3.7,1074631,libtcnative-1-0,https://www.suse.com/security/cve/CVE-2015-4000,"The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the \"Logjam\" issue.",Released
20150520,CVE-2015-4000,,3.7,1074631,mozilla-nss,https://www.suse.com/security/cve/CVE-2015-4000,"The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the \"Logjam\" issue.",Released
20150520,CVE-2015-4000,,3.7,1074631,nagios-nrpe,https://www.suse.com/security/cve/CVE-2015-4000,"The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the \"Logjam\" issue.",Released
20150520,CVE-2015-4000,,3.7,1074631,openldap2-client,https://www.suse.com/security/cve/CVE-2015-4000,"The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the \"Logjam\" issue.",Released
20150520,CVE-2015-4000,,3.7,1074631,openldap2,https://www.suse.com/security/cve/CVE-2015-4000,"The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the \"Logjam\" issue.",Released
20150520,CVE-2015-4000,,3.7,1074631,openssl,https://www.suse.com/security/cve/CVE-2015-4000,"The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the \"Logjam\" issue.",Released
20150521,CVE-2015-4021,-1,-1,931769,php53,https://www.suse.com/security/cve/CVE-2015-4021,"The phar_parse_tarfile function in ext/phar/tar.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 does not verify that the first character of a filename is different from the \0 character, which allows remote attackers to cause a denial of service (integer underflow and memory corruption) via a crafted entry in a tar archive.",Already fixed
20150521,CVE-2015-4022,-1,-1,931769,php53,https://www.suse.com/security/cve/CVE-2015-4022,"Integer overflow in the ftp_genlist function in ext/ftp/ftp.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 allows remote FTP servers to execute arbitrary code via a long reply to a LIST command, leading to a heap-based buffer overflow.",Already fixed
20150521,CVE-2015-4026,-1,-1,931776,php53,https://www.suse.com/security/cve/CVE-2015-4026,"The pcntl_exec implementation in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 truncates a pathname upon encountering a \x00 character, which might allow remote attackers to bypass intended extension restrictions and execute files with unexpected names via a crafted first argument.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2006-7243.",Already fixed
20150522,CVE-2015-3165,-1,-1,931972,postgresql94,https://www.suse.com/security/cve/CVE-2015-3165,"Double free vulnerability in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 allows remote attackers to cause a denial of service (crash) by closing an SSL session at a time when the authentication timeout will expire during the session shutdown sequence.",Released
20150522,CVE-2015-3166,,9.8,931972,postgresql94,https://www.suse.com/security/cve/CVE-2015-3166,"The snprintf implementation in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 does not properly handle system-call errors, which allows attackers to obtain sensitive information or have other unspecified impact via unknown vectors, as demonstrated by an out-of-memory error.",Released
20150522,CVE-2015-3167,,7.5,931972,postgresql94,https://www.suse.com/security/cve/CVE-2015-3167,"contrib/pgcrypto in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 uses different error responses when an incorrect key is used, which makes it easier for attackers to obtain the key via a brute force attack.",Released
20150522,CVE-2015-4036,-1,-1,931988,kernel-source,https://www.suse.com/security/cve/CVE-2015-4036,"Array index error in the tcm_vhost_make_tpg function in drivers/vhost/scsi.c in the Linux kernel before 4.0 might allow guest OS users to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted VHOST_SCSI_SET_ENDPOINT ioctl call.  NOTE: the affected function was renamed to vhost_scsi_make_tpg before the vulnerability was announced.",Released
20150522,CVE-2015-4047,-1,-1,931989,ipsec-tools,https://www.suse.com/security/cve/CVE-2015-4047,"racoon/gssapi.c in IPsec-Tools 0.8.2 allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon crash) via a series of crafted UDP requests.",Released
20150526,CVE-2015-4037,-1,-1,932267,kvm,https://www.suse.com/security/cve/CVE-2015-4037,"The slirp_smb function in net/slirp.c in QEMU 2.3.0 and earlier creates temporary files with predictable names, which allows local users to cause a denial of service (instantiation failure) by creating /tmp/qemu-smb.*-* files before the program.",Already fixed
20150526,CVE-2015-4037,-1,-1,932267,xen,https://www.suse.com/security/cve/CVE-2015-4037,"The slirp_smb function in net/slirp.c in QEMU 2.3.0 and earlier creates temporary files with predictable names, which allows local users to cause a denial of service (instantiation failure) by creating /tmp/qemu-smb.*-* files before the program.",Released
20150529,CVE-2015-3209,-1,-1,932267,kvm,https://www.suse.com/security/cve/CVE-2015-3209,"Heap-based buffer overflow in the PCNET controller in QEMU allows remote attackers to execute arbitrary code by sending a packet with TXSTATUS_STARTPACKET set and then a crafted packet with TXSTATUS_DEVICEOWNS set.",Already fixed
20150529,CVE-2015-3209,-1,-1,932267,xen,https://www.suse.com/security/cve/CVE-2015-3209,"Heap-based buffer overflow in the PCNET controller in QEMU allows remote attackers to execute arbitrary code by sending a packet with TXSTATUS_STARTPACKET set and then a crafted packet with TXSTATUS_DEVICEOWNS set.",Already fixed
20150601,CVE-2015-4141,-1,-1,915323,wpa_supplicant,https://www.suse.com/security/cve/CVE-2015-4141,"The WPS UPnP function in hostapd, when using WPS AP, and wpa_supplicant, when using WPS external registrar (ER), 0.7.0 through 2.4 allows remote attackers to cause a denial of service (crash) via a negative chunk length, which triggers an out-of-bounds read or heap-based buffer overflow.",Released
20150601,CVE-2015-4142,-1,-1,915323,wpa_supplicant,https://www.suse.com/security/cve/CVE-2015-4142,"Integer underflow in the WMM Action frame parser in hostapd 0.5.5 through 2.4 and wpa_supplicant 0.7.0 through 2.4, when used for AP mode MLME/SME functionality, allows remote attackers to cause a denial of service (crash) via a crafted frame, which triggers an out-of-bounds read.",Released
20150602,CVE-2014-7142,-1,-1,895773,squid3,https://www.suse.com/security/cve/CVE-2014-7142,"The pinger in Squid 3.x before 3.4.8 allows remote attackers to obtain sensitive information or cause a denial of service (crash) via a crafted (1) ICMP or (2) ICMP6 packet size.",Released
20150602,CVE-2015-0839,-1,-1,933191,hplip,https://www.suse.com/security/cve/CVE-2015-0839,"The hp-plugin utility in HP Linux Imaging and Printing (HPLIP) makes it easier for man-in-the-middle attackers to execute arbitrary code by leveraging use of a short GPG key id from a keyserver to verify print plugin downloads.",Affected
20150602,CVE-2015-4103,-1,-1,931625,xen,https://www.suse.com/security/cve/CVE-2015-4103,"Xen 3.3.x through 4.5.x does not properly restrict write access to the host MSI message data field, which allows local x86 HVM guest administrators to cause a denial of service (host interrupt handling confusion) via vectors related to qemu and accessing spanning multiple fields.",Already fixed
20150602,CVE-2015-4104,-1,-1,931626,xen,https://www.suse.com/security/cve/CVE-2015-4104,"Xen 3.3.x through 4.5.x does not properly restrict access to PCI MSI mask bits, which allows local x86 HVM guest users to cause a denial of service (unexpected interrupt and host crash) via unspecified vectors.",Already fixed
20150602,CVE-2015-4105,-1,-1,931627,xen,https://www.suse.com/security/cve/CVE-2015-4105,"Xen 3.3.x through 4.5.x enables logging for PCI MSI-X pass-through error messages, which allows local x86 HVM guests to cause a denial of service (host disk consumption) via certain invalid operations.",Already fixed
20150602,CVE-2015-4106,-1,-1,931628,xen,https://www.suse.com/security/cve/CVE-2015-4106,"QEMU does not properly restrict write access to the PCI config space for certain PCI pass-through devices, which might allow local x86 HVM guests to gain privileges, cause a denial of service (host crash), obtain sensitive information, or possibly have other unspecified impact via unknown vectors.",Already fixed
20150602,CVE-2015-4147,-1,-1,925109,php53,https://www.suse.com/security/cve/CVE-2015-4147,"The SoapClient::__call method in ext/soap/soap.c in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 does not verify that __default_headers is an array, which allows remote attackers to execute arbitrary code by providing crafted serialized data with an unexpected data type, related to a \"type confusion\" issue.",Released
20150602,CVE-2015-4148,-1,-1,933227,php53,https://www.suse.com/security/cve/CVE-2015-4148,"The do_soap_call function in ext/soap/soap.c in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 does not verify that the uri property is a string, which allows remote attackers to obtain sensitive information by providing crafted serialized data with an int data type, related to a \"type confusion\" issue.",Released
20150602,CVE-2015-4163,-1,-1,932790,xen,https://www.suse.com/security/cve/CVE-2015-4163,"GNTTABOP_swap_grant_ref in Xen 4.2 through 4.5 does not check the grant table operation version, which allows local guest domains to cause a denial of service (NULL pointer dereference) via a hypercall without a GNTTABOP_setup_table or GNTTABOP_set_version.",Already fixed
20150602,CVE-2015-4164,-1,-1,932996,xen,https://www.suse.com/security/cve/CVE-2015-4164,"The compat_iret function in Xen 3.1 through 4.5 iterates the wrong way through a loop, which allows local 32-bit PV guest administrators to cause a denial of service (large loop and system hang) via a hypercall_iret call with EFLAGS.VM set.",Already fixed
20150603,CVE-2015-1805,-1,-1,917839,kernel-source,https://www.suse.com/security/cve/CVE-2015-1805,"The (1) pipe_read and (2) pipe_write implementations in fs/pipe.c in the Linux kernel before 3.16 do not properly consider the side effects of failed __copy_to_user_inatomic and __copy_from_user_inatomic calls, which allows local users to cause a denial of service (system crash) or possibly gain privileges via a crafted application, aka an \"I/O vector array overrun.\"",Released
20150603,CVE-2015-4170,-1,-1,933423,kernel-source,https://www.suse.com/security/cve/CVE-2015-4170,"Race condition in the ldsem_cmpxchg function in drivers/tty/tty_ldsem.c in the Linux kernel before 3.13-rc4-next-20131218 allows local users to cause a denial of service (ldsem_down_read and ldsem_down_write deadlock) by establishing a new tty thread during shutdown of a previous tty thread.",Analysis
20150604,CVE-2015-4171,-1,-1,931845,strongswan,https://www.suse.com/security/cve/CVE-2015-4171,"strongSwan 4.3.0 through 5.x before 5.3.2 and strongSwan VPN Client before 1.4.6, when using EAP or pre-shared keys for authenticating an IKEv2 connection, does not enforce server authentication restrictions until the entire authentication process is complete, which allows remote servers to obtain credentials by using a valid certificate and then reading the responses.",Released
20150608,CVE-2014-9728,-1,-1,911325,kernel-source,https://www.suse.com/security/cve/CVE-2014-9728,"The UDF filesystem implementation in the Linux kernel before 3.18.2 does not validate certain lengths, which allows local users to cause a denial of service (buffer over-read and system crash) via a crafted filesystem image, related to fs/udf/inode.c and fs/udf/symlink.c.",Released
20150608,CVE-2014-9729,-1,-1,911325,kernel-source,https://www.suse.com/security/cve/CVE-2014-9729,"The udf_read_inode function in fs/udf/inode.c in the Linux kernel before 3.18.2 does not ensure a certain data-structure size consistency, which allows local users to cause a denial of service (system crash) via a crafted UDF filesystem image.",Released
20150608,CVE-2014-9730,-1,-1,911325,kernel-source,https://www.suse.com/security/cve/CVE-2014-9730,"The udf_pc_to_char function in fs/udf/symlink.c in the Linux kernel before 3.18.2 relies on component lengths that are unused, which allows local users to cause a denial of service (system crash) via a crafted UDF filesystem image.",Released
20150608,CVE-2014-9731,-1,-1,911325,kernel-source,https://www.suse.com/security/cve/CVE-2014-9731,"The UDF filesystem implementation in the Linux kernel before 3.18.2 does not ensure that space is available for storing a symlink target's name along with a trailing \0 character, which allows local users to obtain sensitive information via a crafted filesystem image, related to fs/udf/symlink.c and fs/udf/unicode.c.",Released
20150608,CVE-2015-1158,-1,-1,924208,cups,https://www.suse.com/security/cve/CVE-2015-1158,"The add_job function in scheduler/ipp.c in cupsd in CUPS before 2.0.3 performs incorrect free operations for multiple-value job-originating-host-name attributes, which allows remote attackers to trigger data corruption for reference-counted strings via a crafted (1) IPP_CREATE_JOB or (2) IPP_PRINT_JOB request, as demonstrated by replacing the configuration file and consequently executing arbitrary code.",Released
20150608,CVE-2015-1159,-1,-1,924208,cups,https://www.suse.com/security/cve/CVE-2015-1159,"Cross-site scripting (XSS) vulnerability in the cgi_puts function in cgi-bin/template.c in the template engine in CUPS before 2.0.3 allows remote attackers to inject arbitrary web script or HTML via the QUERY parameter to help/.",Released
20150608,CVE-2015-1791,,,933911,openssl,https://www.suse.com/security/cve/CVE-2015-1791,"Race condition in the ssl3_get_new_session_ticket function in ssl/s3_clnt.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b, when used for a multi-threaded client, allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact by providing a NewSessionTicket during an attempt to reuse a ticket that had been obtained earlier.",Released
20150608,CVE-2015-4167,-1,-1,917839,kernel-source,https://www.suse.com/security/cve/CVE-2015-4167,"The udf_read_inode function in fs/udf/inode.c in the Linux kernel before 3.19.1 does not validate certain length values, which allows local users to cause a denial of service (incorrect data representation or integer overflow, and OOPS) via a crafted UDF filesystem.",Released
20150609,CVE-2013-7440,-1,-1,930189,python,https://www.suse.com/security/cve/CVE-2013-7440,"The ssl.match_hostname function in CPython (aka Python) before 2.7.9 and 3.x before 3.3.3 does not properly handle wildcards in hostnames, which might allow man-in-the-middle attackers to spoof servers via a crafted certificate.",Ignore
20150609,CVE-2015-3214,-1,-1,934069,kvm,https://www.suse.com/security/cve/CVE-2015-3214,"The pit_ioport_read in i8254.c in the Linux kernel before 2.6.33 and QEMU before 2.3.1 does not distinguish between read lengths and write lengths, which might allow guest OS users to execute arbitrary code on the host OS by triggering use of an invalid index.",Released
20150612,CVE-2014-8176,,,1148697,openssl,https://www.suse.com/security/cve/CVE-2014-8176,"The dtls1_clear_queues function in ssl/d1_lib.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h frees data structures without considering that application data can arrive between a ChangeCipherSpec message and a Finished message, which allows remote DTLS peers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unexpected application data.",Released
20150612,CVE-2014-9732,-1,-1,934524,libmspack,https://www.suse.com/security/cve/CVE-2014-9732,"The cabd_extract function in cabd.c in libmspack before 0.5 does not properly maintain decompression callbacks in certain cases where an invalid file follows a valid file, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted CAB archive.",Released
20150612,CVE-2015-1788,-1,-1,934487,openssl,https://www.suse.com/security/cve/CVE-2015-1788,"The BN_GF2m_mod_inv function in crypto/bn/bn_gf2m.c in OpenSSL before 0.9.8s, 1.0.0 before 1.0.0e, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b does not properly handle ECParameters structures in which the curve is over a malformed binary polynomial field, which allows remote attackers to cause a denial of service (infinite loop) via a session that uses an Elliptic Curve algorithm, as demonstrated by an attack against a server that supports client authentication.",Released
20150612,CVE-2015-1789,,7.5,934489,openssl,https://www.suse.com/security/cve/CVE-2015-1789,"The X509_cmp_time function in crypto/x509/x509_vfy.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted length field in ASN1_TIME data, as demonstrated by an attack against a server that supports client authentication with a custom verification callback.",Released
20150612,CVE-2015-1790,-1,-1,934491,openssl,https://www.suse.com/security/cve/CVE-2015-1790,"The PKCS7_dataDecodefunction in crypto/pkcs7/pk7_doit.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a PKCS#7 blob that uses ASN.1 encoding and lacks inner EncryptedContent data.",Released
20150612,CVE-2015-1792,-1,-1,934493,openssl,https://www.suse.com/security/cve/CVE-2015-1792,"The do_free_upto function in crypto/cms/cms_smime.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service (infinite loop) via vectors that trigger a NULL value of a BIO data structure, as demonstrated by an unrecognized X.660 OID for a hash function.",Released
20150612,CVE-2015-4467,-1,-1,934524,libmspack,https://www.suse.com/security/cve/CVE-2015-4467,"The chmd_init_decomp function in chmd.c in libmspack before 0.5 does not properly validate the reset interval, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted CHM file.",Released
20150612,CVE-2015-4468,-1,-1,934524,libmspack,https://www.suse.com/security/cve/CVE-2015-4468,"Multiple integer overflows in the search_chunk function in chmd.c in libmspack before 0.5 allow remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted CHM file.",Released
20150612,CVE-2015-4469,-1,-1,934524,libmspack,https://www.suse.com/security/cve/CVE-2015-4469,"The chmd_read_headers function in chmd.c in libmspack before 0.5 does not validate name lengths, which allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted CHM file.",Released
20150612,CVE-2015-4470,-1,-1,934527,libmspack,https://www.suse.com/security/cve/CVE-2015-4470,"Off-by-one error in the inflate function in mszipd.c in libmspack before 0.5 allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted CAB archive.",Released
20150612,CVE-2015-4471,-1,-1,934528,libmspack,https://www.suse.com/security/cve/CVE-2015-4471,"Off-by-one error in the lzxd_decompress function in lzxd.c in libmspack before 0.5 allows remote attackers to cause a denial of service (buffer under-read and application crash) via a crafted CAB archive.",Released
20150612,CVE-2015-4472,-1,-1,934525,libmspack,https://www.suse.com/security/cve/CVE-2015-4472,"Off-by-one error in the READ_ENCINT macro in chmd.c in libmspack before 0.5 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted CHM file.",Released
20150617,CVE-2015-3238,,6.5,1123794,pam,https://www.suse.com/security/cve/CVE-2015-3238,"The _unix_run_helper_binary function in the pam_unix module in Linux-PAM (aka pam) before 1.2.1, when unable to directly access passwords, allows local users to enumerate usernames or cause a denial of service (hang) via a large password.",Released
20150618,CVE-2014-3538,,,935225,php53,https://www.suse.com/security/cve/CVE-2014-3538,"file before 5.19 does not properly restrict the amount of data read during a regex search, which allows remote attackers to cause a denial of service (CPU consumption) via a crafted file that triggers backtracking during processing of an awk rule.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-7345.",Released
20150618,CVE-2015-3411,,6.5,935074,php53,https://www.suse.com/security/cve/CVE-2015-3411,"PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to read or write to arbitrary files via crafted input to an application that calls (1) a DOMDocument load method, (2) the xmlwriter_open_uri function, (3) the finfo_file function, or (4) the hash_hmac_file function, as demonstrated by a filename\0.xml attack that bypasses an intended configuration in which client users may read only .xml files.",Already fixed
20150618,CVE-2015-3412,,5.3,935227,php53,https://www.suse.com/security/cve/CVE-2015-3412,"PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to read arbitrary files via crafted input to an application that calls the stream_resolve_include_path function in ext/standard/streamsfuncs.c, as demonstrated by a filename\0.extension attack that bypasses an intended configuration in which client users may read files with only one specific extension.",Already fixed
20150618,CVE-2015-4598,,6.5,935227,php53,https://www.suse.com/security/cve/CVE-2015-4598,"PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to read or write to arbitrary files via crafted input to an application that calls (1) a DOMDocument save method or (2) the GD imagepsloadfont function, as demonstrated by a filename\0.html attack that bypasses an intended configuration in which client users may write to only .html files.",Already fixed
20150618,CVE-2015-4599,-1,-1,935074,php53,https://www.suse.com/security/cve/CVE-2015-4599,"The SoapFault::__toString method in ext/soap/soap.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to obtain sensitive information, cause a denial of service (application crash), or possibly execute arbitrary code via an unexpected data type, related to a \"type confusion\" issue.",Released
20150618,CVE-2015-4600,-1,-1,935226,php53,https://www.suse.com/security/cve/CVE-2015-4600,"The SoapClient implementation in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an unexpected data type, related to \"type confusion\" issues in the (1) SoapClient::__getLastRequest, (2) SoapClient::__getLastResponse, (3) SoapClient::__getLastRequestHeaders, (4) SoapClient::__getLastResponseHeaders, (5) SoapClient::__getCookies, and (6) SoapClient::__setCookie methods.",Released
20150618,CVE-2015-4601,-1,-1,935226,php53,https://www.suse.com/security/cve/CVE-2015-4601,"PHP before 5.6.7 might allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an unexpected data type, related to \"type confusion\" issues in (1) ext/soap/php_encoding.c, (2) ext/soap/php_http.c, and (3) ext/soap/soap.c, a different issue than CVE-2015-4600.",Released
20150618,CVE-2015-4602,,9.8,935074,php53,https://www.suse.com/security/cve/CVE-2015-4602,"The __PHP_Incomplete_Class function in ext/standard/incomplete_class.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an unexpected data type, related to a \"type confusion\" issue.",Released
20150618,CVE-2015-4603,,9.8,935074,php53,https://www.suse.com/security/cve/CVE-2015-4603,"The exception::getTraceAsString function in Zend/zend_exceptions.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to execute arbitrary code via an unexpected data type, related to a \"type confusion\" issue.",Released
20150618,CVE-2015-4643,,9.8,931769,php53,https://www.suse.com/security/cve/CVE-2015-4643,"Integer overflow in the ftp_genlist function in ext/ftp/ftp.c in PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 allows remote FTP servers to execute arbitrary code via a long reply to a LIST command, leading to a heap-based buffer overflow.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-4022.",Released
20150618,CVE-2015-4644,,7.5,935074,php53,https://www.suse.com/security/cve/CVE-2015-4644,"The php_pgsql_meta_data function in pgsql.c in the PostgreSQL (aka pgsql) extension in PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 does not validate token extraction for table names, which might allow remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted name.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1352.",Released
20150619,CVE-2015-4645,5.5,5.5,935380,squashfs,https://www.suse.com/security/cve/CVE-2015-4645,"Integer overflow in the read_fragment_table_4 function in unsquash-4.c in Squashfs and sasquatch allows remote attackers to cause a denial of service (application crash) via a crafted input, which triggers a stack-based buffer overflow.",Unsupported
20150619,CVE-2015-4646,5.5,,935380,squashfs,https://www.suse.com/security/cve/CVE-2015-4646,"(1) unsquash-1.c, (2) unsquash-2.c, (3) unsquash-3.c, and (4) unsquash-4.c in Squashfs and sasquatch allow remote attackers to cause a denial of service (application crash) via a crafted input.",Unsupported
20150622,CVE-2015-4680,-1,-1,935573,freeradius-client,https://www.suse.com/security/cve/CVE-2015-4680,"FreeRADIUS 2.2.x before 2.2.8 and 3.0.x before 3.0.9 does not properly check revocation of intermediate CA certificates.",Unsupported
20150622,CVE-2015-4680,-1,-1,935573,freeradius-server,https://www.suse.com/security/cve/CVE-2015-4680,"FreeRADIUS 2.2.x before 2.2.8 and 3.0.x before 3.0.9 does not properly check revocation of intermediate CA certificates.",Released
20150623,CVE-2015-4700,-1,-1,935705,kernel-source,https://www.suse.com/security/cve/CVE-2015-4700,"The bpf_int_jit_compile function in arch/x86/net/bpf_jit_comp.c in the Linux kernel before 4.0.6 allows local users to cause a denial of service (system crash) by creating a packet filter and then loading crafted BPF instructions that trigger late convergence by the JIT compiler.",Released
20150626,CVE-2015-5073,-1,-1,936227,pcre,https://www.suse.com/security/cve/CVE-2015-5073,"Heap-based buffer overflow in the find_fixedlength function in pcre_compile.c in PCRE before 8.38 allows remote attackers to cause a denial of service (crash) or obtain sensitive information from heap memory and possibly bypass the ASLR protection mechanism via a crafted regular expression with an excess closing parenthesis.",Ignore
20150626,CVE-2015-5073,-1,-1,936227,php53,https://www.suse.com/security/cve/CVE-2015-5073,"Heap-based buffer overflow in the find_fixedlength function in pcre_compile.c in PCRE before 8.38 allows remote attackers to cause a denial of service (crash) or obtain sensitive information from heap memory and possibly bypass the ASLR protection mechanism via a crafted regular expression with an excess closing parenthesis.",Ignore
20150629,CVE-2015-4620,-1,-1,936476,bind,https://www.suse.com/security/cve/CVE-2015-4620,"name.c in named in ISC BIND 9.7.x through 9.9.x before 9.9.7-P1 and 9.10.x before 9.10.2-P2, when configured as a recursive resolver with DNSSEC validation, allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) by constructing crafted zone data and then making a query for a name in that zone.",Released
20150630,CVE-2015-3212,-1,-1,936502,kernel-source,https://www.suse.com/security/cve/CVE-2015-3212,"Race condition in net/sctp/socket.c in the Linux kernel before 4.1.2 allows local users to cause a denial of service (list corruption and panic) via a rapid series of system calls related to sockets, as demonstrated by setsockopt calls.",Released
20150630,CVE-2015-3259,-1,-1,935634,xen,https://www.suse.com/security/cve/CVE-2015-3259,"Stack-based buffer overflow in the xl command line utility in Xen 4.1.x through 4.5.x allows local guest administrators to gain privileges via a long configuration argument.",Released
20150701,CVE-2015-3239,4,,1122012,libunwind,https://www.suse.com/security/cve/CVE-2015-3239,"Off-by-one error in the dwarf_to_unw_regnum function in include/dwarf_i.h in libunwind 1.1 allows local users to have unspecified impact via invalid dwarf opcodes.",Released
20150701,CVE-2015-4651,-1,-1,935157,wireshark,https://www.suse.com/security/cve/CVE-2015-4651,"The dissect_wccp2r1_address_table_info function in epan/dissectors/packet-wccp.c in the WCCP dissector in Wireshark 1.12.x before 1.12.6 does not properly determine whether enough memory is available for storing IP address strings, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.",Released
20150701,CVE-2015-4652,-1,-1,935158,wireshark,https://www.suse.com/security/cve/CVE-2015-4652,"epan/dissectors/packet-gsm_a_dtap.c in the GSM DTAP dissector in Wireshark 1.12.x before 1.12.6 does not properly validate digit characters, which allows remote attackers to cause a denial of service (application crash) via a crafted packet, related to the de_emerg_num_list and de_bcd_num functions.",Released
20150701,CVE-2015-5146,-1,-1,936690,ntp,https://www.suse.com/security/cve/CVE-2015-5146,"ntpd in ntp before 4.2.8p3 with remote configuration enabled allows remote authenticated users with knowledge of the configuration password and access to a computer entrusted to perform remote configuration to cause a denial of service (service crash) via a NULL byte in a crafted configuration directive packet.",Already fixed
20150702,CVE-2015-5352,-1,-1,1074631,openssh,https://www.suse.com/security/cve/CVE-2015-5352,"The x11_open_helper function in channels.c in ssh in OpenSSH before 6.9, when ForwardX11Trusted mode is not used, lacks a check of the refusal deadline for X connections, which makes it easier for remote attackers to bypass intended access restrictions via a connection outside of the permitted time window.",Released
20150702,CVE-2015-5364,-1,-1,1115893,kernel-source,https://www.suse.com/security/cve/CVE-2015-5364,"The (1) udp_recvmsg and (2) udpv6_recvmsg functions in the Linux kernel before 4.0.6 do not properly consider yielding a processor, which allows remote attackers to cause a denial of service (system hang) via incorrect checksums within a UDP packet flood.",Released
20150706,CVE-2015-5366,-1,-1,781018,kernel-source,https://www.suse.com/security/cve/CVE-2015-5366,"The (1) udp_recvmsg and (2) udpv6_recvmsg functions in the Linux kernel before 4.0.6 provide inappropriate -EAGAIN return values, which allows remote attackers to cause a denial of service (EPOLLET epoll application read outage) via an incorrect checksum in a UDP packet, a different vulnerability than CVE-2015-5364.",Released
20150706,CVE-2015-5370,-1,-1,936862,samba,https://www.suse.com/security/cve/CVE-2015-5370,"Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not properly implement the DCE-RPC layer, which allows remote attackers to perform protocol-downgrade attacks, cause a denial of service (application crash or CPU consumption), or possibly execute arbitrary code on a client system via unspecified vectors.",Released
20150714,CVE-2015-3290,-1,-1,937969,kernel-source,https://www.suse.com/security/cve/CVE-2015-3290,"arch/x86/entry/entry_64.S in the Linux kernel before 4.1.6 on the x86_64 platform improperly relies on espfix64 during nested NMI processing, which allows local users to gain privileges by triggering an NMI within a certain instruction window.",Ignore
20150714,CVE-2015-3291,2.5,,937969,kernel-source,https://www.suse.com/security/cve/CVE-2015-3291,"arch/x86/entry/entry_64.S in the Linux kernel before 4.1.6 on the x86_64 platform does not properly determine when nested NMI processing is occurring, which allows local users to cause a denial of service (skipped NMI) by modifying the rsp register, issuing a syscall instruction, and triggering an NMI.",Ignore
20150715,CVE-2015-2590,-1,-1,937828,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2015-2590,"Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2015-4732.",Released
20150715,CVE-2015-2596,-1,-1,937828,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2015-2596,"Unspecified vulnerability in Oracle Java SE 7u80 allows remote attackers to affect integrity via unknown vectors related to Hotspot.",Released
20150715,CVE-2015-2597,-1,-1,937828,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2015-2597,"Unspecified vulnerability in Oracle Java SE 7u80 and 8u45 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Install.",Released
20150715,CVE-2015-2601,-1,-1,937828,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2015-2601,"Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, JRockit R28.3.6, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality via vectors related to JCE.",Released
20150715,CVE-2015-2613,-1,-1,937828,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2015-2613,"Unspecified vulnerability in Oracle Java SE 7u80 and 8u45, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality via vectors related to JCE.",Released
20150715,CVE-2015-2619,-1,-1,937828,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2015-2619,"Unspecified vulnerability in Oracle Java SE 7u80 and 8u45, JavaFX 2.2.80, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality via unknown vectors related to 2D.",Released
20150715,CVE-2015-2621,-1,-1,937828,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2015-2621,"Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and Java SE Embedded 7u75 and 8u33, allows remote attackers to affect confidentiality via vectors related to JMX.",Released
20150715,CVE-2015-2625,-1,-1,937828,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2015-2625,"Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45; JRockit R28.3.6; and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality via vectors related to JSSE.",Released
20150715,CVE-2015-2627,-1,-1,937828,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2015-2627,"Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45 allows remote attackers to affect confidentiality via unknown vectors related to installation.",Released
20150715,CVE-2015-2628,-1,-1,937828,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2015-2628,"Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA.",Released
20150715,CVE-2015-2632,-1,-1,937828,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2015-2632,"Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45 allows remote attackers to affect confidentiality via unknown vectors related to 2D.",Released
20150715,CVE-2015-2637,-1,-1,937828,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2015-2637,"Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45; JavaFX 2.2.80; and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality via unknown vectors related to 2D.",Released
20150715,CVE-2015-2638,-1,-1,937828,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2015-2638,"Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45; JavaFX 2.2.80; and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.",Released
20150715,CVE-2015-2659,-1,-1,937828,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2015-2659,"Unspecified vulnerability in Oracle Java SE 8u45 and Java SE Embedded 8u33 allows remote attackers to affect availability via unknown vectors related to Security.",Released
20150715,CVE-2015-2664,-1,-1,937828,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2015-2664,"Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.",Released
20150715,CVE-2015-4729,-1,-1,937828,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2015-4729,"Unspecified vulnerability in Oracle Java SE 7u80 and 8u45 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Deployment.",Released
20150715,CVE-2015-4731,-1,-1,937828,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2015-4731,"Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45; Java SE Embedded 7u75; and Java SE Embedded 8u33 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX.",Released
20150715,CVE-2015-4732,-1,-1,937828,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2015-4732,"Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2015-2590.",Released
20150715,CVE-2015-4733,-1,-1,937828,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2015-4733,"Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI.",Released
20150715,CVE-2015-4736,-1,-1,937828,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2015-4736,"Unspecified vulnerability in Oracle Java SE 7u80 and 8u45 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.",Released
20150715,CVE-2015-4748,-1,-1,937828,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2015-4748,"Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45; JRockit R28.3.6; and Java SE Embedded 7u75 and Embedded 8u33 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Security.",Released
20150715,CVE-2015-4749,-1,-1,937828,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2015-4749,"Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45; JRockit R28.3.6; and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect availability via vectors related to JNDI.",Released
20150715,CVE-2015-4760,-1,-1,937828,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2015-4760,"Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.",Released
20150716,CVE-2015-5154,-1,-1,938344,kvm,https://www.suse.com/security/cve/CVE-2015-5154,"Heap-based buffer overflow in the IDE subsystem in QEMU, as used in Xen 4.5.x and earlier, when the container has a CDROM drive enabled, allows local guest users to execute arbitrary code on the host via unspecified ATAPI commands.",Released
20150716,CVE-2015-5154,-1,-1,938344,xen,https://www.suse.com/security/cve/CVE-2015-5154,"Heap-based buffer overflow in the IDE subsystem in QEMU, as used in Xen 4.5.x and earlier, when the container has a CDROM drive enabled, allows local guest users to execute arbitrary code on the host via unspecified ATAPI commands.",Released
20150720,CVE-2015-3183,,,938728,apache2,https://www.suse.com/security/cve/CVE-2015-3183,"The chunked transfer coding implementation in the Apache HTTP Server before 2.4.14 does not properly parse chunk headers, which allows remote attackers to conduct HTTP request smuggling attacks via a crafted request, related to mishandling of large chunk-size values and invalid chunk-extension characters in modules/http/http_filters.c.",Released
20150720,CVE-2015-5157,7.8,,1072204,kernel-source,https://www.suse.com/security/cve/CVE-2015-5157,"arch/x86/entry/entry_64.S in the Linux kernel before 4.1.6 on the x86_64 platform mishandles IRET faults in processing NMIs that occurred during userspace execution, which might allow local users to gain privileges by triggering an NMI.",Released
20150720,CVE-2015-5400,-1,-1,938715,squid3,https://www.suse.com/security/cve/CVE-2015-5400,"Squid before 3.5.6 does not properly handle CONNECT method peer responses when configured with cache_peer, which allows remote attackers to bypass intended restrictions and gain access to a backend proxy via a CONNECT request.",Released
20150720,CVE-2015-5400,-1,-1,938715,squid,https://www.suse.com/security/cve/CVE-2015-5400,"Squid before 3.5.6 does not properly handle CONNECT method peer responses when configured with cache_peer, which allows remote attackers to bypass intended restrictions and gain access to a backend proxy via a CONNECT request.",Unsupported
20150720,CVE-2015-5589,-1,-1,935074,php53,https://www.suse.com/security/cve/CVE-2015-5589,"The phar_convert_to_other function in ext/phar/phar_object.c in PHP before 5.4.43, 5.5.x before 5.5.27, and 5.6.x before 5.6.11 does not validate a file pointer before a close operation, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted TAR archive that is mishandled in a Phar::convertToData call.",Released
20150720,CVE-2015-5590,-1,-1,935074,php53,https://www.suse.com/security/cve/CVE-2015-5590,"Stack-based buffer overflow in the phar_fix_filepath function in ext/phar/phar.c in PHP before 5.4.43, 5.5.x before 5.5.27, and 5.6.x before 5.6.11 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large length value, as demonstrated by mishandling of an e-mail attachment by the imap PHP extension.",Released
20150721,CVE-2015-1931,,5.5,937828,gnutls,https://www.suse.com/security/cve/CVE-2015-1931,"IBM Java Security Components in IBM SDK, Java Technology Edition 8 before SR1 FP10, 7 R1 before SR3 FP10, 7 before SR9 FP10, 6 R1 before SR8 FP7, 6 before SR16 FP7, and 5.0 before SR16 FP13 stores plaintext information in memory dumps, which allows local users to obtain sensitive information by reading a file.",Released
20150721,CVE-2015-1931,,5.5,937828,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2015-1931,"IBM Java Security Components in IBM SDK, Java Technology Edition 8 before SR1 FP10, 7 R1 before SR3 FP10, 7 before SR9 FP10, 6 R1 before SR8 FP7, 6 before SR16 FP7, and 5.0 before SR16 FP13 stores plaintext information in memory dumps, which allows local users to obtain sensitive information by reading a file.",Released
20150721,CVE-2015-1931,,5.5,937828,libtcnative-1-0,https://www.suse.com/security/cve/CVE-2015-1931,"IBM Java Security Components in IBM SDK, Java Technology Edition 8 before SR1 FP10, 7 R1 before SR3 FP10, 7 before SR9 FP10, 6 R1 before SR8 FP7, 6 before SR16 FP7, and 5.0 before SR16 FP13 stores plaintext information in memory dumps, which allows local users to obtain sensitive information by reading a file.",Released
20150721,CVE-2015-1931,,5.5,937828,mozilla-nss,https://www.suse.com/security/cve/CVE-2015-1931,"IBM Java Security Components in IBM SDK, Java Technology Edition 8 before SR1 FP10, 7 R1 before SR3 FP10, 7 before SR9 FP10, 6 R1 before SR8 FP7, 6 before SR16 FP7, and 5.0 before SR16 FP13 stores plaintext information in memory dumps, which allows local users to obtain sensitive information by reading a file.",Released
20150721,CVE-2015-1931,,5.5,937828,nagios-nrpe,https://www.suse.com/security/cve/CVE-2015-1931,"IBM Java Security Components in IBM SDK, Java Technology Edition 8 before SR1 FP10, 7 R1 before SR3 FP10, 7 before SR9 FP10, 6 R1 before SR8 FP7, 6 before SR16 FP7, and 5.0 before SR16 FP13 stores plaintext information in memory dumps, which allows local users to obtain sensitive information by reading a file.",Released
20150721,CVE-2015-1931,,5.5,937828,openldap2-client,https://www.suse.com/security/cve/CVE-2015-1931,"IBM Java Security Components in IBM SDK, Java Technology Edition 8 before SR1 FP10, 7 R1 before SR3 FP10, 7 before SR9 FP10, 6 R1 before SR8 FP7, 6 before SR16 FP7, and 5.0 before SR16 FP13 stores plaintext information in memory dumps, which allows local users to obtain sensitive information by reading a file.",Released
20150721,CVE-2015-1931,,5.5,937828,openldap2,https://www.suse.com/security/cve/CVE-2015-1931,"IBM Java Security Components in IBM SDK, Java Technology Edition 8 before SR1 FP10, 7 R1 before SR3 FP10, 7 before SR9 FP10, 6 R1 before SR8 FP7, 6 before SR16 FP7, and 5.0 before SR16 FP13 stores plaintext information in memory dumps, which allows local users to obtain sensitive information by reading a file.",Released
20150721,CVE-2015-1931,,5.5,937828,openssl,https://www.suse.com/security/cve/CVE-2015-1931,"IBM Java Security Components in IBM SDK, Java Technology Edition 8 before SR1 FP10, 7 R1 before SR3 FP10, 7 before SR9 FP10, 6 R1 before SR8 FP7, 6 before SR16 FP7, and 5.0 before SR16 FP13 stores plaintext information in memory dumps, which allows local users to obtain sensitive information by reading a file.",Released
20150722,CVE-2015-1283,-1,-1,1034050,expat,https://www.suse.com/security/cve/CVE-2015-1283,"Multiple integer overflows in the XML_GetBuffer function in Expat through 2.1.0, as used in Google Chrome before 44.0.2403.89 and other products, allow remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted XML data, a related issue to CVE-2015-2716.",Released
20150723,CVE-2015-5600,,,1009988,openssh,https://www.suse.com/security/cve/CVE-2015-5600,"The kbdint_next_device function in auth2-chall.c in sshd in OpenSSH through 6.9 does not properly restrict the processing of keyboard-interactive devices within a single connection, which makes it easier for remote attackers to conduct brute-force attacks or cause a denial of service (CPU consumption) via a long and duplicative list in the ssh -oKbdInteractiveDevices option, as demonstrated by a modified client that provides a different password for each pam element on this list.",Released
20150724,CVE-2012-2150,-1,-1,939367,xfsprogs,https://www.suse.com/security/cve/CVE-2012-2150,"xfs_metadump in xfsprogs before 3.2.4 does not properly obfuscate file data, which allows remote attackers to obtain sensitive information by reading a generated image.",Released
20150724,CVE-2015-3228,-1,-1,939342,ghostscript-library,https://www.suse.com/security/cve/CVE-2015-3228,"Integer overflow in the gs_heap_alloc_bytes function in base/gsmalloc.c in Ghostscript 9.15 and earlier allows remote attackers to cause a denial of service (crash) via a crafted Postscript (ps) file, as demonstrated by using the ps2pdf command, which triggers an out-of-bounds read or write.",Released
20150724,CVE-2015-5160,,5.5,939348,libvirt,https://www.suse.com/security/cve/CVE-2015-5160,"libvirt before 2.2 includes Ceph credentials on the qemu command line when using RADOS Block Device (aka RBD), which allows local users to obtain sensitive information via a process listing.",Ignore
20150727,CVE-2015-5477,-1,-1,1000362,bind,https://www.suse.com/security/cve/CVE-2015-5477,"named in ISC BIND 9.x before 9.9.7-P2 and 9.10.x before 9.10.2-P3 allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via TKEY queries.",Released
20150729,CVE-2009-5147,3.7,,939860,ruby,https://www.suse.com/security/cve/CVE-2009-5147,"DL::dlopen in Ruby 1.8, 1.9.0, 1.9.2, 1.9.3, 2.0.0 before patchlevel 648, and 2.1 before 2.1.8 opens libraries with tainted names.",Unsupported
20150730,CVE-2015-5697,1.9,,939994,kernel-source,https://www.suse.com/security/cve/CVE-2015-5697,"The get_bitmap_file function in drivers/md/md.c in the Linux kernel before 4.1.6 does not initialize a certain bitmap data structure, which allows local users to obtain sensitive information from kernel memory via a GET_BITMAP_FILE ioctl call.",Released
20150731,CVE-2015-5621,-1,-1,1111123,net-snmp,https://www.suse.com/security/cve/CVE-2015-5621,"The snmp_pdu_parse function in snmp_api.c in net-snmp 5.7.2 and earlier does not remove the varBind variable in a netsnmp_variable_list item when parsing of the SNMP PDU fails, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted packet.",Released
20150803,CVE-2015-5165,5.5,,939712,xen,https://www.suse.com/security/cve/CVE-2015-5165,"The C+ mode offload emulation in the RTL8139 network card device model in QEMU, as used in Xen 4.5.x and earlier, allows remote attackers to read process heap memory via unspecified vectors.",Released
20150803,CVE-2015-5166,-1,-1,939709,xen,https://www.suse.com/security/cve/CVE-2015-5166,"Use-after-free vulnerability in QEMU in Xen 4.5.x and earlier does not completely unplug emulated block devices, which allows local HVM guest users to gain privileges by unplugging a block device twice.",Released
20150803,CVE-2015-5707,-1,-1,923755,kernel-source,https://www.suse.com/security/cve/CVE-2015-5707,"Integer overflow in the sg_start_req function in drivers/scsi/sg.c in the Linux kernel 2.6.x through 4.x before 4.1 allows local users to cause a denial of service or possibly have unspecified other impact via a large iov_count value in a write request.",Released
20150806,CVE-2015-5156,-1,-1,1091815,kernel-source,https://www.suse.com/security/cve/CVE-2015-5156,"The virtnet_probe function in drivers/net/virtio_net.c in the Linux kernel before 4.2 attempts to support a FRAGLIST feature without proper memory allocation, which allows guest OS users to cause a denial of service (buffer overflow and memory corruption) via a crafted sequence of fragmented packets.",Released
20150807,CVE-2015-5745,,6.5,940929,kvm,https://www.suse.com/security/cve/CVE-2015-5745,"Buffer overflow in the send_control_msg function in hw/char/virtio-serial-bus.c in QEMU before 2.4.0 allows guest users to cause a denial of service (QEMU process crash) via a crafted virtio control message.",Released
20150810,CVE-2015-5177,-1,-1,941137,openslp,https://www.suse.com/security/cve/CVE-2015-5177,"Double free vulnerability in the SLPDKnownDAAdd function in slpd/slpd_knownda.c in OpenSLP 1.2.1 allows remote attackers to cause a denial of service (crash) via a crafted package.",Already fixed
20150811,CVE-2015-2877,,3.3,941252,kernel-source,https://www.suse.com/security/cve/CVE-2015-2877,"** DISPUTED ** Kernel Samepage Merging (KSM) in the Linux kernel 2.6.32 through 4.x does not prevent use of a write-timing side channel, which allows guest OS users to defeat the ASLR protection mechanism on other guest OS instances via a Cross-VM ASL INtrospection (CAIN) attack.  NOTE: the vendor states \"Basically if you care about this attack vector, disable deduplication.\" Share-until-written approaches for memory conservation among mutually untrusting tenants are inherently detectable for information disclosure, and can be classified as potentially misunderstood behaviors rather than vulnerabilities.",Ignore
20150811,CVE-2015-5180,7.5,7.5,1123874,glibc,https://www.suse.com/security/cve/CVE-2015-5180,"res_query in libresolv in glibc before 2.25 allows remote attackers to cause a denial of service (NULL pointer dereference and process crash).",Released
20150817,CVE-2015-5203,7,,1178702,jasper,https://www.suse.com/security/cve/CVE-2015-5203,"Double free vulnerability in the jasper_image_stop_load function in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via a crafted JPEG 2000 image file.",Released
20150818,CVE-2015-4650,-1,-1,936476,bind,https://www.suse.com/security/cve/CVE-2015-4650,"Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote attackers to gain shell access and execute arbitrary code with root privileges via unspecified vectors.",Released
20150819,CVE-2015-6252,-1,-1,942367,kernel-source,https://www.suse.com/security/cve/CVE-2015-6252,"The vhost_dev_ioctl function in drivers/vhost/vhost.c in the Linux kernel before 4.1.5 allows local users to cause a denial of service (memory consumption) via a VHOST_SET_LOG_FD ioctl call that triggers permanent file-descriptor allocation.",Released
20150820,CVE-2015-5221,7,,1178702,jasper,https://www.suse.com/security/cve/CVE-2015-5221,"Use-after-free vulnerability in the mif_process_cmpt function in libjasper/mif/mif_cod.c in the JasPer JPEG-2000 library before 1.900.2 allows remote attackers to cause a denial of service (crash) via a crafted JPEG 2000 image file.",Released
20150821,CVE-2015-5185,-1,-1,942628,sblim-sfcb,https://www.suse.com/security/cve/CVE-2015-5185,"The lookupProviders function in providerMgr.c in sblim-sfcb 1.3.4 and 1.3.18 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty className in a packet.",Released
20150825,CVE-2015-6241,-1,-1,941500,wireshark,https://www.suse.com/security/cve/CVE-2015-6241,"The proto_tree_add_bytes_item function in epan/proto.c in the protocol-tree implementation in Wireshark 1.12.x before 1.12.7 does not properly terminate a data structure after a failure to locate a number within a string, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.",Released
20150825,CVE-2015-6242,-1,-1,941500,wireshark,https://www.suse.com/security/cve/CVE-2015-6242,"The wmem_block_split_free_chunk function in epan/wmem/wmem_allocator_block.c in the wmem block allocator in the memory manager in Wireshark 1.12.x before 1.12.7 does not properly consider a certain case of multiple realloc operations that restore a memory chunk to its original size, which allows remote attackers to cause a denial of service (incorrect free operation and application crash) via a crafted packet.",Released
20150825,CVE-2015-6243,-1,-1,941500,wireshark,https://www.suse.com/security/cve/CVE-2015-6243,"The dissector-table implementation in epan/packet.c in Wireshark 1.12.x before 1.12.7 mishandles table searches for empty strings, which allows remote attackers to cause a denial of service (application crash) via a crafted packet, related to the (1) dissector_get_string_handle and (2) dissector_get_default_string_handle functions.",Released
20150825,CVE-2015-6244,-1,-1,941500,wireshark,https://www.suse.com/security/cve/CVE-2015-6244,"The dissect_zbee_secure function in epan/dissectors/packet-zbee-security.c in the ZigBee dissector in Wireshark 1.12.x before 1.12.7 improperly relies on length fields contained in packet data, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.",Released
20150825,CVE-2015-6245,-1,-1,941500,wireshark,https://www.suse.com/security/cve/CVE-2015-6245,"epan/dissectors/packet-gsm_rlcmac.c in the GSM RLC/MAC dissector in Wireshark 1.12.x before 1.12.7 uses incorrect integer data types, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet.",Released
20150825,CVE-2015-6246,-1,-1,941500,wireshark,https://www.suse.com/security/cve/CVE-2015-6246,"The dissect_wa_payload function in epan/dissectors/packet-waveagent.c in the WaveAgent dissector in Wireshark 1.12.x before 1.12.7 mishandles large tag values, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.",Released
20150825,CVE-2015-6247,-1,-1,941500,wireshark,https://www.suse.com/security/cve/CVE-2015-6247,"The dissect_openflow_tablemod_v5 function in epan/dissectors/packet-openflow_v5.c in the OpenFlow dissector in Wireshark 1.12.x before 1.12.7 does not validate a certain offset value, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet.",Released
20150825,CVE-2015-6248,-1,-1,941500,wireshark,https://www.suse.com/security/cve/CVE-2015-6248,"The ptvcursor_add function in the ptvcursor implementation in epan/proto.c in Wireshark 1.12.x before 1.12.7 does not check whether the expected amount of data is available, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.",Released
20150825,CVE-2015-6563,-1,-1,1074631,openssh,https://www.suse.com/security/cve/CVE-2015-6563,"The monitor component in sshd in OpenSSH before 7.0 on non-OpenBSD platforms accepts extraneous username data in MONITOR_REQ_PAM_INIT_CTX requests, which allows local users to conduct impersonation attacks by leveraging any SSH login access in conjunction with control of the sshd uid to send a crafted MONITOR_REQ_PWNAM request, related to monitor.c and monitor_wrap.c.",Released
20150825,CVE-2015-6564,-1,-1,1074631,openssh,https://www.suse.com/security/cve/CVE-2015-6564,"Use-after-free vulnerability in the mm_answer_pam_free_ctx function in monitor.c in sshd in OpenSSH before 7.0 on non-OpenBSD platforms might allow local users to gain privileges by leveraging control of the sshd uid to send an unexpectedly early MONITOR_REQ_PAM_FREE_CTX request.",Released
20150825,CVE-2015-6565,-1,-1,942850,openssh,https://www.suse.com/security/cve/CVE-2015-6565,"sshd in OpenSSH 6.8 and 6.9 uses world-writable permissions for TTY devices, which allows local users to cause a denial of service (terminal disruption) or possibly have unspecified other impact by writing to a device, as demonstrated by writing an escape sequence.",Released
20150826,CVE-2015-5194,,7.5,943216,ntp,https://www.suse.com/security/cve/CVE-2015-5194,"The log_config_command function in ntp_parser.y in ntpd in NTP before 4.2.7p42 allows remote attackers to cause a denial of service (ntpd crash) via crafted logconfig commands.",Released
20150826,CVE-2015-5195,,7.5,943216,ntp,https://www.suse.com/security/cve/CVE-2015-5195,"ntp_openssl.m4 in ntpd in NTP before 4.2.7p112 allows remote attackers to cause a denial of service (segmentation fault) via a crafted statistics or filegen configuration command that is not enabled during compilation.",Released
20150826,CVE-2015-5196,-1,-1,943216,ntp,https://www.suse.com/security/cve/CVE-2015-5196,"** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2015-7703. Reason: This candidate is a reservation duplicate of CVE-2015-7703. Notes: All CVE users should reference CVE-2015-7703 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.",Released
20150826,CVE-2015-5219,,7.5,1010964,ntp,https://www.suse.com/security/cve/CVE-2015-5219,"The ULOGTOD function in ntp.d in SNTP before 4.2.7p366 does not properly perform type conversions from a precision value to a double, which allows remote attackers to cause a denial of service (infinite loop) via a crafted NTP packet.",Released
20150831,CVE-2013-7424,-1,-1,828637,glibc,https://www.suse.com/security/cve/CVE-2013-7424,"The getaddrinfo function in glibc before 2.15, when compiled with libidn and the AI_IDN flag is used, allows context-dependent attackers to cause a denial of service (invalid free) and possibly execute arbitrary code via unspecified vectors, as demonstrated by an internationalized domain name to ping6.",Affected
20150901,CVE-2015-5722,-1,-1,944066,bind,https://www.suse.com/security/cve/CVE-2015-5722,"buffer.c in named in ISC BIND 9.x before 9.9.7-P3 and 9.10.x before 9.10.2-P4 allows remote attackers to cause a denial of service (assertion failure and daemon exit) by creating a zone containing a malformed DNSSEC key and issuing a query for a name in that zone.",Released
20150901,CVE-2015-5986,-1,-1,944066,bind,https://www.suse.com/security/cve/CVE-2015-5986,"openpgpkey_61.c in named in ISC BIND 9.9.7 before 9.9.7-P3 and 9.10.x before 9.10.2-P4 allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via a crafted DNS response.",Released
20150904,CVE-2015-0272,-1,-1,1020452,kernel-source,https://www.suse.com/security/cve/CVE-2015-0272,"GNOME NetworkManager allows remote attackers to cause a denial of service (IPv6 traffic disruption) via a crafted MTU value in an IPv6 Router Advertisement (RA) message, a different vulnerability than CVE-2015-8215.",Released
20150904,CVE-2015-3247,7,,944460,spice,https://www.suse.com/security/cve/CVE-2015-3247,"Race condition in the worker_update_monitors_config function in SPICE 0.12.4 allows a remote authenticated guest user to cause a denial of service (heap-based memory corruption and QEMU-KVM crash) or possibly execute arbitrary code on the host via unspecified vectors.",Released
20150904,CVE-2015-5239,,6.5,944463,kvm,https://www.suse.com/security/cve/CVE-2015-5239,"Integer overflow in the VNC display driver in QEMU before 2.1.0 allows attachers to cause a denial of service (process crash) via a CLIENT_CUT_TEXT message, which triggers an infinite loop.",Released
20150904,CVE-2015-5239,,6.5,944463,xen,https://www.suse.com/security/cve/CVE-2015-5239,"Integer overflow in the VNC display driver in QEMU before 2.1.0 allows attachers to cause a denial of service (process crash) via a CLIENT_CUT_TEXT message, which triggers an infinite loop.",Released
20150904,CVE-2015-6806,6.5,,944458,screen,https://www.suse.com/security/cve/CVE-2015-6806,"The MScrollV function in ansi.c in GNU screen 4.3.1 and earlier does not properly limit recursion, which allows remote attackers to cause a denial of service (stack consumption) via an escape sequence with a large repeat count value.",Released
20150907,CVE-2015-6815,,3.5,944697,kvm,https://www.suse.com/security/cve/CVE-2015-6815,"The process_tx_desc function in hw/net/e1000.c in QEMU before 2.4.0.1 does not properly process transmit descriptor data when sending a network packet, which allows attackers to cause a denial of service (infinite loop and guest crash) via unspecified vectors.",Released
20150907,CVE-2015-6815,,3.5,944697,xen,https://www.suse.com/security/cve/CVE-2015-6815,"The process_tx_desc function in hw/net/e1000.c in QEMU before 2.4.0.1 does not properly process transmit descriptor data when sending a network packet, which allows attackers to cause a denial of service (infinite loop and guest crash) via unspecified vectors.",Released
20150908,CVE-2015-5260,7.8,7.8,944787,spice,https://www.suse.com/security/cve/CVE-2015-5260,"Heap-based buffer overflow in SPICE before 0.12.6 allows guest OS users to cause a denial of service (heap-based memory corruption and QEMU-KVM crash) or possibly execute arbitrary code on the host via QXL commands related to the surface_id parameter.",Released
20150908,CVE-2015-6249,-1,-1,941500,wireshark,https://www.suse.com/security/cve/CVE-2015-6249,"The dissect_wccp2r1_address_table_info function in epan/dissectors/packet-wccp.c in the WCCP dissector in Wireshark 1.12.x before 1.12.7 does not prevent the conflicting use of a table for both IPv4 and IPv6 addresses, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.",Released
20150910,CVE-2015-5245,-1,-1,945206,ceph,https://www.suse.com/security/cve/CVE-2015-5245,"CRLF injection vulnerability in the Ceph Object Gateway (aka radosgw or RGW) in Ceph before 0.94.4 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted bucket name.",Released
20150910,CVE-2015-6831,,7.3,942291,php53,https://www.suse.com/security/cve/CVE-2015-6831,"Multiple use-after-free vulnerabilities in SPL in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allow remote attackers to execute arbitrary code via vectors involving (1) ArrayObject, (2) SplObjectStorage, and (3) SplDoublyLinkedList, which are mishandled during unserialization.",Released
20150910,CVE-2015-6832,-1,-1,942293,php53,https://www.suse.com/security/cve/CVE-2015-6832,"Use-after-free vulnerability in the SPL unserialize implementation in ext/spl/spl_array.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allows remote attackers to execute arbitrary code via crafted serialized data that triggers misuse of an array field.",Unsupported
20150910,CVE-2015-6833,-1,-1,942296,php53,https://www.suse.com/security/cve/CVE-2015-6833,"Directory traversal vulnerability in the PharData class in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allows remote attackers to write to arbitrary files via a .. (dot dot) in a ZIP archive entry that is mishandled during an extractTo call.",Released
20150911,CVE-2015-6836,-1,-1,945428,php53,https://www.suse.com/security/cve/CVE-2015-6836,"The SoapClient __call method in ext/soap/soap.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 does not properly manage headers, which allows remote attackers to execute arbitrary code via crafted serialized data that triggers a \"type confusion\" in the serialize_function_call function.",Released
20150911,CVE-2015-6837,-1,-1,945412,php53,https://www.suse.com/security/cve/CVE-2015-6837,"The xsl_ext_function_php function in ext/xsl/xsltprocessor.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13, when libxml2 before 2.9.2 is used, does not consider the possibility of a NULL valuePop return value before proceeding with a free operation during initial error checking, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted XML document, a different vulnerability than CVE-2015-6838.",Released
20150911,CVE-2015-6838,-1,-1,945412,php53,https://www.suse.com/security/cve/CVE-2015-6838,"The xsl_ext_function_php function in ext/xsl/xsltprocessor.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13, when libxml2 before 2.9.2 is used, does not consider the possibility of a NULL valuePop return value before proceeding with a free operation after the principal argument loop, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted XML document, a different vulnerability than CVE-2015-6837.",Released
20150911,CVE-2015-6855,-1,-1,945404,kvm,https://www.suse.com/security/cve/CVE-2015-6855,"hw/ide/core.c in QEMU does not properly restrict the commands accepted by an ATAPI device, which allows guest users to cause a denial of service or possibly have unspecified other impact via certain IDE commands, as demonstrated by a WIN_READ_NATIVE_MAX command to an empty drive, which triggers a divide-by-zero error and instance crash.",Released
20150911,CVE-2015-6855,-1,-1,945404,xen,https://www.suse.com/security/cve/CVE-2015-6855,"hw/ide/core.c in QEMU does not properly restrict the commands accepted by an ATAPI device, which allows guest users to cause a denial of service or possibly have unspecified other impact via certain IDE commands, as demonstrated by a WIN_READ_NATIVE_MAX command to an empty drive, which triggers a divide-by-zero error and instance crash.",Already fixed
20150912,CVE-2015-6908,-1,-1,945582,openldap2-client,https://www.suse.com/security/cve/CVE-2015-6908,"The ber_get_next function in libraries/liblber/io.c in OpenLDAP 2.4.42 and earlier allows remote attackers to cause a denial of service (reachable assertion and application crash) via crafted BER data, as demonstrated by an attack against slapd.",Released
20150912,CVE-2015-6908,-1,-1,945582,openldap2,https://www.suse.com/security/cve/CVE-2015-6908,"The ber_get_next function in libraries/liblber/io.c in OpenLDAP 2.4.42 and earlier allows remote attackers to cause a denial of service (reachable assertion and application crash) via crafted BER data, as demonstrated by an attack against slapd.",Released
20150915,CVE-2014-9745,-1,-1,945849,freetype2,https://www.suse.com/security/cve/CVE-2014-9745,"The parse_encoding function in type1/t1load.c in FreeType before 2.5.3 allows remote attackers to cause a denial of service (infinite loop) via a \"broken number-with-base\" in a Postscript stream, as demonstrated by 8#garbage.",Released
20150915,CVE-2014-9745,-1,-1,945849,ft2demos,https://www.suse.com/security/cve/CVE-2014-9745,"The parse_encoding function in type1/t1load.c in FreeType before 2.5.3 allows remote attackers to cause a denial of service (infinite loop) via a \"broken number-with-base\" in a Postscript stream, as demonstrated by 8#garbage.",Released
20150915,CVE-2015-5276,-1,-1,945842,firefox-gcc5,https://www.suse.com/security/cve/CVE-2015-5276,"The std::random_device class in libstdc++ in the GNU Compiler Collection (aka GCC) before 4.9.4 does not properly handle short reads from blocking sources, which makes it easier for context-dependent attackers to predict the random values via unspecified vectors.",Released
20150915,CVE-2015-5276,-1,-1,945842,firefox-gcc5,https://www.suse.com/security/cve/CVE-2015-5276,"The std::random_device class in libstdc++ in the GNU Compiler Collection (aka GCC) before 4.9.4 does not properly handle short reads from blocking sources, which makes it easier for context-dependent attackers to predict the random values via unspecified vectors.",Released
20150915,CVE-2015-5276,-1,-1,945842,firefox-libffi-gcc5,https://www.suse.com/security/cve/CVE-2015-5276,"The std::random_device class in libstdc++ in the GNU Compiler Collection (aka GCC) before 4.9.4 does not properly handle short reads from blocking sources, which makes it easier for context-dependent attackers to predict the random values via unspecified vectors.",Released
20150915,CVE-2015-5276,-1,-1,945842,firefox-libffi-gcc5,https://www.suse.com/security/cve/CVE-2015-5276,"The std::random_device class in libstdc++ in the GNU Compiler Collection (aka GCC) before 4.9.4 does not properly handle short reads from blocking sources, which makes it easier for context-dependent attackers to predict the random values via unspecified vectors.",Released
20150915,CVE-2015-5276,-1,-1,945842,gcc5,https://www.suse.com/security/cve/CVE-2015-5276,"The std::random_device class in libstdc++ in the GNU Compiler Collection (aka GCC) before 4.9.4 does not properly handle short reads from blocking sources, which makes it easier for context-dependent attackers to predict the random values via unspecified vectors.",Released
20150915,CVE-2015-5276,-1,-1,945842,gcc,https://www.suse.com/security/cve/CVE-2015-5276,"The std::random_device class in libstdc++ in the GNU Compiler Collection (aka GCC) before 4.9.4 does not properly handle short reads from blocking sources, which makes it easier for context-dependent attackers to predict the random values via unspecified vectors.",Already fixed
20150915,CVE-2015-5276,-1,-1,945842,libffi-gcc5,https://www.suse.com/security/cve/CVE-2015-5276,"The std::random_device class in libstdc++ in the GNU Compiler Collection (aka GCC) before 4.9.4 does not properly handle short reads from blocking sources, which makes it easier for context-dependent attackers to predict the random values via unspecified vectors.",Released
20150915,CVE-2015-5276,-1,-1,945842,mozilla-nss,https://www.suse.com/security/cve/CVE-2015-5276,"The std::random_device class in libstdc++ in the GNU Compiler Collection (aka GCC) before 4.9.4 does not properly handle short reads from blocking sources, which makes it easier for context-dependent attackers to predict the random values via unspecified vectors.",Released
20150915,CVE-2015-6937,,,1115893,kernel-source,https://www.suse.com/security/cve/CVE-2015-6937,"The __rds_conn_create function in net/rds/connection.c in the Linux kernel through 4.2.3 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by using a socket that was not properly bound.",Released
20150916,CVE-2015-5278,,6.5,945989,kvm,https://www.suse.com/security/cve/CVE-2015-5278,"The ne2000_receive function in hw/net/ne2000.c in QEMU before 2.4.0.1 allows attackers to cause a denial of service (infinite loop and instance crash) or possibly execute arbitrary code via vectors related to receiving packets.",Released
20150916,CVE-2015-5278,,6.5,945989,xen,https://www.suse.com/security/cve/CVE-2015-5278,"The ne2000_receive function in hw/net/ne2000.c in QEMU before 2.4.0.1 allows attackers to cause a denial of service (infinite loop and instance crash) or possibly execute arbitrary code via vectors related to receiving packets.",Already fixed
20150916,CVE-2015-5279,-1,-1,945987,kvm,https://www.suse.com/security/cve/CVE-2015-5279,"Heap-based buffer overflow in the ne2000_receive function in hw/net/ne2000.c in QEMU before 2.4.0.1 allows guest OS users to cause a denial of service (instance crash) or possibly execute arbitrary code via vectors related to receiving packets.",Released
20150917,CVE-2015-7236,,7.5,940191,rpcbind,https://www.suse.com/security/cve/CVE-2015-7236,"Use-after-free vulnerability in xprt_set_caller in rpcb_svc_com.c in rpcbind 0.2.1 and earlier allows remote attackers to cause a denial of service (daemon crash) via crafted packets, involving a PMAP_CALLIT code.",Released
20150921,CVE-2015-1335,-1,-1,946744,lxc,https://www.suse.com/security/cve/CVE-2015-1335,"lxc-start in lxc before 1.0.8 and 1.1.x before 1.1.4 allows local container administrators to escape AppArmor confinement via a symlink attack on a (1) mount target or (2) bind mount source.",Released
20150923,CVE-2015-7295,-1,-1,947159,kvm,https://www.suse.com/security/cve/CVE-2015-7295,"hw/virtio/virtio.c in the Virtual Network Device (virtio-net) support in QEMU, when big or mergeable receive buffers are not supported, allows remote attackers to cause a denial of service (guest network consumption) via a flood of jumbo frames on the (1) tuntap or (2) macvtap interface.",Released
20150923,CVE-2015-7311,-1,-1,947165,xen,https://www.suse.com/security/cve/CVE-2015-7311,"libxl in Xen 4.1.x through 4.6.x does not properly handle the readonly flag on disks when using the qemu-xen device model, which allows local guest users to write to a read-only disk image.",Released
20150923,CVE-2015-7313,-1,-1,947122,tiff,https://www.suse.com/security/cve/CVE-2015-7313,"LibTIFF allows remote attackers to cause a denial of service (memory consumption and crash) via a crafted tiff file.",Ignore
20150928,CVE-2015-1338,-1,-1,1049352,apport-crashdb-sle,https://www.suse.com/security/cve/CVE-2015-1338,"kernel_crashdump in Apport before 2.19 allows local users to cause a denial of service (disk consumption) or possibly gain privileges via a (1) symlink or (2) hard link attack on /var/crash/vmcore.log.",Released
20150928,CVE-2015-1338,-1,-1,1049352,apport,https://www.suse.com/security/cve/CVE-2015-1338,"kernel_crashdump in Apport before 2.19 allows local users to cause a denial of service (disk consumption) or possibly gain privileges via a (1) symlink or (2) hard link attack on /var/crash/vmcore.log.",Released
20150929,CVE-2014-9747,-1,-1,947966,freetype2,https://www.suse.com/security/cve/CVE-2014-9747,"The t42_parse_encoding function in type42/t42parse.c in FreeType before 2.5.4 does not properly update the current position for immediates-only mode, which allows remote attackers to cause a denial of service (infinite loop) via a Type42 font.",Released
20150929,CVE-2014-9747,-1,-1,947966,ft2demos,https://www.suse.com/security/cve/CVE-2014-9747,"The t42_parse_encoding function in type42/t42parse.c in FreeType before 2.5.4 does not properly update the current position for immediates-only mode, which allows remote attackers to cause a denial of service (infinite loop) via a Type42 font.",Released
20151002,CVE-2015-7384,-1,-1,948602,firefox-atk,https://www.suse.com/security/cve/CVE-2015-7384,"Node.js 4.0.0, 4.1.0, and 4.1.1 allows remote attackers to cause a denial of service.",Released
20151002,CVE-2015-7384,-1,-1,948602,firefox-cairo,https://www.suse.com/security/cve/CVE-2015-7384,"Node.js 4.0.0, 4.1.0, and 4.1.1 allows remote attackers to cause a denial of service.",Released
20151002,CVE-2015-7384,-1,-1,948602,firefox-gcc8,https://www.suse.com/security/cve/CVE-2015-7384,"Node.js 4.0.0, 4.1.0, and 4.1.1 allows remote attackers to cause a denial of service.",Released
20151002,CVE-2015-7384,-1,-1,948602,firefox-gdk-pixbuf,https://www.suse.com/security/cve/CVE-2015-7384,"Node.js 4.0.0, 4.1.0, and 4.1.1 allows remote attackers to cause a denial of service.",Released
20151002,CVE-2015-7384,-1,-1,948602,firefox-glib2,https://www.suse.com/security/cve/CVE-2015-7384,"Node.js 4.0.0, 4.1.0, and 4.1.1 allows remote attackers to cause a denial of service.",Released
20151002,CVE-2015-7384,-1,-1,948602,firefox-gtk3,https://www.suse.com/security/cve/CVE-2015-7384,"Node.js 4.0.0, 4.1.0, and 4.1.1 allows remote attackers to cause a denial of service.",Released
20151002,CVE-2015-7384,-1,-1,948602,firefox-harfbuzz,https://www.suse.com/security/cve/CVE-2015-7384,"Node.js 4.0.0, 4.1.0, and 4.1.1 allows remote attackers to cause a denial of service.",Released
20151002,CVE-2015-7384,-1,-1,948602,firefox-libffi-gcc5,https://www.suse.com/security/cve/CVE-2015-7384,"Node.js 4.0.0, 4.1.0, and 4.1.1 allows remote attackers to cause a denial of service.",Released
20151002,CVE-2015-7384,-1,-1,948602,firefox-libffi,https://www.suse.com/security/cve/CVE-2015-7384,"Node.js 4.0.0, 4.1.0, and 4.1.1 allows remote attackers to cause a denial of service.",Released
20151002,CVE-2015-7384,-1,-1,948602,firefox-pango,https://www.suse.com/security/cve/CVE-2015-7384,"Node.js 4.0.0, 4.1.0, and 4.1.1 allows remote attackers to cause a denial of service.",Released
20151002,CVE-2015-7665,-1,-1,944858,wget,https://www.suse.com/security/cve/CVE-2015-7665,"Tails before 1.7 includes the wget program but does not prevent automatic fallback from passive FTP to active FTP, which allows remote FTP servers to discover the Tor client IP address by reading a (1) PORT or (2) EPRT command.  NOTE: within wget itself, the automatic fallback is not considered a vulnerability by CVE.",Ignore
20151005,CVE-2015-7673,-1,-1,948790,firefox-gdk-pixbuf,https://www.suse.com/security/cve/CVE-2015-7673,"io-tga.c in gdk-pixbuf before 2.32.0 uses heap memory after its allocation failed, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) and possibly execute arbitrary code via a crafted Truevision TGA (TARGA) file.",Unsupported
20151005,CVE-2015-7674,-1,-1,948791,firefox-gdk-pixbuf,https://www.suse.com/security/cve/CVE-2015-7674,"Integer overflow in the pixops_scale_nearest function in pixops/pixops.c in gdk-pixbuf before 2.32.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted GIF image file, which triggers a heap-based buffer overflow.",Unsupported
20151005,CVE-2015-7674,-1,-1,948791,gtk2,https://www.suse.com/security/cve/CVE-2015-7674,"Integer overflow in the pixops_scale_nearest function in pixops/pixops.c in gdk-pixbuf before 2.32.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted GIF image file, which triggers a heap-based buffer overflow.",Released
20151006,CVE-2014-9751,-1,-1,911792,ntp,https://www.suse.com/security/cve/CVE-2014-9751,"The read_network_packet function in ntp_io.c in ntpd in NTP 4.x before 4.2.8p1 on Linux and OS X does not properly determine whether a source IP address is an IPv6 loopback address, which makes it easier for remote attackers to spoof restricted packets, and read or write to the runtime state, by leveraging the ability to reach the ntpd machine's network interface with a packet from the ::1 address.",Already fixed
20151006,CVE-2015-5261,7.1,,948976,spice,https://www.suse.com/security/cve/CVE-2015-5261,"Heap-based buffer overflow in SPICE before 0.12.6 allows guest OS users to read and write to arbitrary memory locations on the host via guest QXL commands related to surface creation.",Released
20151008,CVE-2015-7747,,8.8,949399,audiofile,https://www.suse.com/security/cve/CVE-2015-7747,"Buffer overflow in the afReadFrames function in audiofile (aka libaudiofile and Audio File Library) allows user-assisted remote attackers to cause a denial of service (program crash) or possibly execute arbitrary code via a crafted audio file, as demonstrated by sixteen-stereo-to-eight-mono.c.",Affected
20151009,CVE-2015-5218,-1,-1,949754,util-linux,https://www.suse.com/security/cve/CVE-2015-5218,"Buffer overflow in text-utils/colcrt.c in colcrt in util-linux before 2.27 allows local users to cause a denial of service (crash) via a crafted file, related to the page global variable.",Unsupported
20151009,CVE-2015-5288,-1,-1,949669,postgresql94,https://www.suse.com/security/cve/CVE-2015-5288,"The crypt function in contrib/pgcrypto in PostgreSQL before 9.0.23, 9.1.x before 9.1.19, 9.2.x before 9.2.14, 9.3.x before 9.3.10, and 9.4.x before 9.4.5 allows attackers to cause a denial of service (server crash) or read arbitrary server memory via a \"too-short\" salt.",Released
20151009,CVE-2015-5288,-1,-1,949669,postgresql94-libs,https://www.suse.com/security/cve/CVE-2015-5288,"The crypt function in contrib/pgcrypto in PostgreSQL before 9.0.23, 9.1.x before 9.1.19, 9.2.x before 9.2.14, 9.3.x before 9.3.10, and 9.4.x before 9.4.5 allows attackers to cause a denial of service (server crash) or read arbitrary server memory via a \"too-short\" salt.",Released
20151009,CVE-2015-5289,-1,-1,949669,postgresql94,https://www.suse.com/security/cve/CVE-2015-5289,"Multiple stack-based buffer overflows in json parsing in PostgreSQL before 9.3.x before 9.3.10 and 9.4.x before 9.4.5 allow attackers to cause a denial of service (server crash) via unspecified vectors, which are not properly handled in (1) json or (2) jsonb values.",Released
20151009,CVE-2015-5289,-1,-1,949669,postgresql94-libs,https://www.suse.com/security/cve/CVE-2015-5289,"Multiple stack-based buffer overflows in json parsing in PostgreSQL before 9.3.x before 9.3.10 and 9.4.x before 9.4.5 allow attackers to cause a denial of service (server crash) via unspecified vectors, which are not properly handled in (1) json or (2) jsonb values.",Released
20151012,CVE-2014-9749,-1,-1,949942,squid3,https://www.suse.com/security/cve/CVE-2014-9749,"Squid 3.4.4 through 3.4.11 and 3.5.0.1 through 3.5.1, when Digest authentication is used, allow remote authenticated users to retain access by leveraging a stale nonce, aka \"Nonce replay vulnerability.\"",Released
20151012,CVE-2014-9749,-1,-1,949942,squid,https://www.suse.com/security/cve/CVE-2014-9749,"Squid 3.4.4 through 3.4.11 and 3.5.0.1 through 3.5.1, when Digest authentication is used, allow remote authenticated users to retain access by leveraging a stale nonce, aka \"Nonce replay vulnerability.\"",Released
20151012,CVE-2015-7799,-1,-1,1020452,kernel-source,https://www.suse.com/security/cve/CVE-2015-7799,"The slhc_init function in drivers/net/slip/slhc.c in the Linux kernel through 4.2.3 does not ensure that certain slot numbers are valid, which allows local users to cause a denial of service (NULL pointer dereference and system crash) via a crafted PPPIOCSMAXCID ioctl call.",Released
20151012,CVE-2015-7803,-1,-1,949961,php53,https://www.suse.com/security/cve/CVE-2015-7803,"The phar_get_entry_data function in ext/phar/util.c in PHP before 5.5.30 and 5.6.x before 5.6.14 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a .phar file with a crafted TAR archive entry in which the Link indicator references a file that does not exist.",Released
20151012,CVE-2015-7804,-1,-1,949962,php53,https://www.suse.com/security/cve/CVE-2015-7804,"Off-by-one error in the phar_parse_zipfile function in ext/phar/zip.c in PHP before 5.5.30 and 5.6.x before 5.6.14 allows remote attackers to cause a denial of service (uninitialized pointer dereference and application crash) by including the / filename in a .zip PHAR archive.",Already fixed
20151013,CVE-2015-7696,-1,-1,1159417,unzip,https://www.suse.com/security/cve/CVE-2015-7696,"Info-ZIP UnZip 6.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly execute arbitrary code via a crafted password-protected ZIP archive, possibly related to an Extra-Field size value.",Released
20151013,CVE-2015-7697,-1,-1,1159417,unzip,https://www.suse.com/security/cve/CVE-2015-7697,"Info-ZIP UnZip 6.0 allows remote attackers to cause a denial of service (infinite loop) via empty bzip2 data in a ZIP archive.",Released
20151014,CVE-2015-7830,-1,-1,950437,wireshark,https://www.suse.com/security/cve/CVE-2015-7830,"The pcapng_read_if_descr_block function in wiretap/pcapng.c in the pcapng parser in Wireshark 1.12.x before 1.12.8 uses too many levels of pointer indirection, which allows remote attackers to cause a denial of service (incorrect free and application crash) via a crafted packet that triggers interface-filter copying.",Released
20151014,CVE-2015-7835,-1,-1,940929,xen,https://www.suse.com/security/cve/CVE-2015-7835,"The mod_l2_entry function in arch/x86/mm.c in Xen 3.4 through 4.6.x does not properly validate level 2 page table entries, which allows local PV guest administrators to gain privileges via a crafted superpage mapping.",Released
20151019,CVE-2015-7833,4.6,,1020452,kernel-source,https://www.suse.com/security/cve/CVE-2015-7833,"The usbvision driver in the Linux kernel package 3.10.0-123.20.1.el7 through 3.10.0-229.14.1.el7 in Red Hat Enterprise Linux (RHEL) 7.1 allows physically proximate attackers to cause a denial of service (panic) via a nonzero bInterfaceNumber value in a USB device descriptor.",Released
20151021,CVE-2015-4734,-1,-1,951376,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2015-4734,"Unspecified vulnerability in Oracle Java SE 6u101, 7u85 and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality via vectors related to JGSS.",Released
20151021,CVE-2015-4803,-1,-1,951376,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2015-4803,"Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60; Java SE Embedded 8u51; and JRockit R28.3.7 allows remote attackers to affect availability via vectors related to JAXP, a different vulnerability than CVE-2015-4893 and CVE-2015-4911.",Released
20151021,CVE-2015-4805,-1,-1,951376,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2015-4805,"Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Serialization.",Released
20151021,CVE-2015-4806,-1,-1,951376,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2015-4806,"Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality and integrity via unknown vectors related to Libraries.",Released
20151021,CVE-2015-4810,-1,-1,951376,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2015-4810,"Unspecified vulnerability in Oracle Java SE 7u85 and 8u60 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.",Already fixed
20151021,CVE-2015-4835,-1,-1,951376,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2015-4835,"Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA, a different vulnerability than CVE-2015-4881.",Released
20151021,CVE-2015-4840,-1,-1,951376,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2015-4840,"Unspecified vulnerability in Oracle Java SE 7u85 and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality via unknown vectors related to 2D.",Released
20151021,CVE-2015-4842,-1,-1,951376,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2015-4842,"Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality via vectors related to JAXP.",Released
20151021,CVE-2015-4843,-1,-1,951376,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2015-4843,"Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.",Released
20151021,CVE-2015-4844,-1,-1,951376,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2015-4844,"Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.",Released
20151021,CVE-2015-4860,-1,-1,951376,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2015-4860,"Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI, a different vulnerability than CVE-2015-4883.",Released
20151021,CVE-2015-4868,-1,-1,951376,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2015-4868,"Unspecified vulnerability in Oracle Java SE 8u60 and Java SE Embedded 8u51 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.",Already fixed
20151021,CVE-2015-4871,-1,-1,951376,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2015-4871,"Unspecified vulnerability in Oracle Java SE 7u85 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Libraries.",Already fixed
20151021,CVE-2015-4872,-1,-1,951376,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2015-4872,"Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60; Java SE Embedded 8u51; and JRockit R28.3.7 allows remote attackers to affect integrity via unknown vectors related to Security.",Released
20151021,CVE-2015-4881,-1,-1,951376,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2015-4881,"Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA, a different vulnerability than CVE-2015-4835.",Already fixed
20151021,CVE-2015-4882,-1,-1,951376,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2015-4882,"Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect availability via vectors related to CORBA.",Released
20151021,CVE-2015-4883,-1,-1,951376,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2015-4883,"Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI, a different vulnerability than CVE-2015-4860.",Released
20151021,CVE-2015-4893,-1,-1,951376,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2015-4893,"Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60; Java SE Embedded 8u51; and JRockit R28.3.7 allows remote attackers to affect availability via vectors related to JAXP, a different vulnerability than CVE-2015-4803 and CVE-2015-4911.",Released
20151021,CVE-2015-4901,-1,-1,951376,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2015-4901,"Unspecified vulnerability in Oracle Java SE 8u60 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to JavaFX.",Already fixed
20151021,CVE-2015-4902,-1,-1,951376,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2015-4902,"Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60 allows remote attackers to affect integrity via unknown vectors related to Deployment.",Already fixed
20151021,CVE-2015-4903,-1,-1,951376,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2015-4903,"Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality via vectors related to RMI.",Released
20151021,CVE-2015-4906,-1,-1,951376,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2015-4906,"Unspecified vulnerability in Oracle Java SE 8u60 and JavaFX 2.2.85 allows remote attackers to affect confidentiality via unknown vectors related to JavaFX, a different vulnerability than CVE-2015-4908 and CVE-2015-4916.",Already fixed
20151021,CVE-2015-4908,-1,-1,951376,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2015-4908,"Unspecified vulnerability in Oracle Java SE 8u60 and JavaFX 2.2.85 allows remote attackers to affect confidentiality via unknown vectors, a different vulnerability than CVE-2015-4906 and CVE-2015-4916.",Already fixed
20151021,CVE-2015-4911,-1,-1,951376,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2015-4911,"Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60; Java SE Embedded 8u51; and JRockit R28.3.7 allows remote attackers to affect availability via vectors related to JAXP, a different vulnerability than CVE-2015-4803 and CVE-2015-4893.",Released
20151021,CVE-2015-4916,-1,-1,951376,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2015-4916,"Unspecified vulnerability in Oracle Java SE 8u60 and JavaFX 2.2.85 allows remote attackers to affect confidentiality via unknown vectors, a different vulnerability than CVE-2015-4906 and CVE-2015-4908.",Already fixed
20151021,CVE-2015-7872,-1,-1,951440,kernel-source,https://www.suse.com/security/cve/CVE-2015-7872,"The key_gc_unused_keys function in security/keys/gc.c in the Linux kernel through 4.2.6 allows local users to cause a denial of service (OOPS) via crafted keyctl commands.",Released
20151022,CVE-2011-5325,,7.5,951562,busybox,https://www.suse.com/security/cve/CVE-2011-5325,"Directory traversal vulnerability in the BusyBox implementation of tar before 1.22.0 v5 allows remote attackers to point to files outside the current working directory via a symlink.",Unsupported
20151022,CVE-2015-5300,,,951629,ntp,https://www.suse.com/security/cve/CVE-2015-5300,"The panic_gate check in NTP before 4.2.8p5 is only re-enabled after the first change to the system clock that was greater than 128 milliseconds by default, which allows remote attackers to set NTP to an arbitrary time when started with the -g option, or to alter the time by up to 900 seconds otherwise by responding to an unspecified number of requests from trusted sources, and leveraging a resulting denial of service (abort and restart).",Released
20151022,CVE-2015-7691,,7.5,1010964,ntp,https://www.suse.com/security/cve/CVE-2015-7691,"The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash) via crafted packets containing particular autokey operations.  NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-9750.",Released
20151022,CVE-2015-7692,,7.5,1010964,ntp,https://www.suse.com/security/cve/CVE-2015-7692,"The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash).  NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-9750.",Released
20151022,CVE-2015-7701,,7.5,1010964,ntp,https://www.suse.com/security/cve/CVE-2015-7701,"Memory leak in the CRYPTO_ASSOC function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (memory consumption).",Released
20151022,CVE-2015-7702,,6.5,1010964,ntp,https://www.suse.com/security/cve/CVE-2015-7702,"The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash).  NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-9750.",Released
20151022,CVE-2015-7703,-1,-1,1010964,ntp,https://www.suse.com/security/cve/CVE-2015-7703,"The \"pidfile\" or \"driftfile\" directives in NTP ntpd 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77, when ntpd is configured to allow remote configuration, allows remote attackers with an IP address that is allowed to send configuration requests, and with knowledge of the remote configuration password to write to arbitrary files via the :config command.",Released
20151022,CVE-2015-7704,,7.5,1010964,ntp,https://www.suse.com/security/cve/CVE-2015-7704,"The ntpd client in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service via a number of crafted \"KOD\" messages.",Released
20151022,CVE-2015-7705,,9.8,1010964,ntp,https://www.suse.com/security/cve/CVE-2015-7705,"The rate limiting feature in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to have unspecified impact via a large number of crafted requests.",Released
20151022,CVE-2015-7848,-1,-1,1010964,ntp,https://www.suse.com/security/cve/CVE-2015-7848,"An integer overflow can occur in NTP-dev.4.3.70 leading to an out-of-bounds memory copy operation when processing a specially crafted private mode packet. The crafted packet needs to have the correct message authentication code and a valid timestamp. When processed by the NTP daemon, it leads to an immediate crash.",Released
20151022,CVE-2015-7849,,8.8,1010964,ntp,https://www.suse.com/security/cve/CVE-2015-7849,"Use-after-free vulnerability in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to possibly execute arbitrary code or cause a denial of service (crash) via crafted packets.",Released
20151022,CVE-2015-7850,,6.5,1010964,ntp,https://www.suse.com/security/cve/CVE-2015-7850,"ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to cause a denial of service (infinite loop or crash) by pointing the key file at the log file.",Released
20151022,CVE-2015-7851,,6.5,1010964,ntp,https://www.suse.com/security/cve/CVE-2015-7851,"Directory traversal vulnerability in the save_config function in ntpd in ntp_control.c in NTP before 4.2.8p4, when used on systems that do not use '\' or '/' characters for directory separation such as OpenVMS, allows remote authenticated users to overwrite arbitrary files.",Released
20151022,CVE-2015-7852,,5.9,1010964,ntp,https://www.suse.com/security/cve/CVE-2015-7852,"ntpq in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash) via crafted mode 6 response packets.",Released
20151022,CVE-2015-7853,,9.8,1010964,ntp,https://www.suse.com/security/cve/CVE-2015-7853,"The datalen parameter in the refclock driver in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a negative input value.",Released
20151022,CVE-2015-7854,,8.8,1010964,ntp,https://www.suse.com/security/cve/CVE-2015-7854,"Buffer overflow in the password management functionality in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted key file.",Released
20151022,CVE-2015-7855,,6.5,1010964,ntp,https://www.suse.com/security/cve/CVE-2015-7855,"The decodenetnum function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (assertion failure) via a 6 or mode 7 packet containing a long data value.",Released
20151022,CVE-2015-7871,,9.8,1010964,ntp,https://www.suse.com/security/cve/CVE-2015-7871,"Crypto-NAK packets in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to bypass authentication.",Released
20151023,CVE-2015-7941,-1,-1,1123919,libxml2,https://www.suse.com/security/cve/CVE-2015-7941,"libxml2 2.9.2 does not properly stop parsing invalid input, which allows context-dependent attackers to cause a denial of service (out-of-bounds read and libxml2 crash) via crafted XML data to the (1) xmlParseEntityDecl or (2) xmlParseConditionalSections function in parser.c, as demonstrated by non-terminated entities.",Released
20151023,CVE-2015-7941,-1,-1,1123919,libxml2-python,https://www.suse.com/security/cve/CVE-2015-7941,"libxml2 2.9.2 does not properly stop parsing invalid input, which allows context-dependent attackers to cause a denial of service (out-of-bounds read and libxml2 crash) via crafted XML data to the (1) xmlParseEntityDecl or (2) xmlParseConditionalSections function in parser.c, as demonstrated by non-terminated entities.",Released
20151023,CVE-2015-7942,-1,-1,1123919,libxml2,https://www.suse.com/security/cve/CVE-2015-7942,"The xmlParseConditionalSections function in parser.c in libxml2 does not properly skip intermediary entities when it stops parsing invalid input, which allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via crafted XML data, a different vulnerability than CVE-2015-7941.",Released
20151023,CVE-2015-7942,-1,-1,1123919,libxml2-python,https://www.suse.com/security/cve/CVE-2015-7942,"The xmlParseConditionalSections function in parser.c in libxml2 does not properly skip intermediary entities when it stops parsing invalid input, which allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via crafted XML data, a different vulnerability than CVE-2015-7941.",Released
20151025,CVE-2015-7970,-1,-1,950704,xen,https://www.suse.com/security/cve/CVE-2015-7970,"The p2m_pod_emergency_sweep function in arch/x86/mm/p2m-pod.c in Xen 3.4.x, 3.5.x, and 3.6.x is not preemptible, which allows local x86 HVM guest administrators to cause a denial of service (CPU consumption and possibly reboot) via crafted memory contents that triggers a \"time-consuming linear scan,\" related to Populate-on-Demand.",Released
20151025,CVE-2015-7972,-1,-1,950704,xen,https://www.suse.com/security/cve/CVE-2015-7972,"The (1) libxl_set_memory_target function in tools/libxl/libxl.c and (2) libxl__build_post function in tools/libxl/libxl_dom.c in Xen 3.4.x through 4.6.x do not properly calculate the balloon size when using the populate-on-demand (PoD) system, which allows local HVM guest users to cause a denial of service (guest crash) via unspecified vectors related to \"heavy memory pressure.\"",Released
20151026,CVE-2015-7969,-1,-1,950703,xen,https://www.suse.com/security/cve/CVE-2015-7969,"Multiple memory leaks in Xen 4.0 through 4.6.x allow local guest administrators or domains with certain permission to cause a denial of service (memory consumption) via a large number of \"teardowns\" of domains with the vcpu pointer array allocated using the (1) XEN_DOMCTL_max_vcpus hypercall or the xenoprofile state vcpu pointer array allocated using the (2) XENOPROF_get_buffer or (3) XENOPROF_set_passive hypercall.",Released
20151026,CVE-2015-7971,-1,-1,950706,xen,https://www.suse.com/security/cve/CVE-2015-7971,"Xen 3.2.x through 4.6.x does not limit the number of printk console messages when logging certain pmu and profiling hypercalls, which allows local guests to cause a denial of service via a sequence of crafted (1) HYPERCALL_xenoprof_op hypercalls, which are not properly handled in the do_xenoprof_op function in common/xenoprof.c, or (2) HYPERVISOR_xenpmu_op hypercalls, which are not properly handled in the do_xenpmu_op function in arch/x86/cpu/vpmu.c.",Released
20151026,CVE-2015-7981,-1,-1,952051,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2015-7981,"The png_convert_to_rfc1123 function in png.c in libpng 1.0.x before 1.0.64, 1.2.x before 1.2.54, and 1.4.x before 1.4.17 allows remote attackers to obtain sensitive process memory information via crafted tIME chunk data in an image file, which triggers an out-of-bounds read.",Released
20151026,CVE-2015-7981,-1,-1,952051,libpng12-0,https://www.suse.com/security/cve/CVE-2015-7981,"The png_convert_to_rfc1123 function in png.c in libpng 1.0.x before 1.0.64, 1.2.x before 1.2.54, and 1.4.x before 1.4.17 allows remote attackers to obtain sensitive process memory information via crafted tIME chunk data in an image file, which triggers an out-of-bounds read.",Released
20151027,CVE-2015-2695,-1,-1,770172,krb5,https://www.suse.com/security/cve/CVE-2015-2695,"lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) before 1.14 relies on an inappropriate context handle, which allows remote attackers to cause a denial of service (incorrect pointer read and process crash) via a crafted SPNEGO packet that is mishandled during a gss_inquire_context call.",Released
20151028,CVE-2015-7990,-1,-1,945825,kernel-source,https://www.suse.com/security/cve/CVE-2015-7990,"Race condition in the rds_sendmsg function in net/rds/sendmsg.c in the Linux kernel before 4.3.3 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by using a socket that was not properly bound.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-6937.",Released
20151028,CVE-2015-7995,-1,-1,1123130,libxslt,https://www.suse.com/security/cve/CVE-2015-7995,"The xsltStylePreCompute function in preproc.c in libxslt 1.1.28 does not check if the parent node is an element, which allows attackers to cause a denial of service via a crafted XML file, related to a \"type confusion\" issue.",Released
20151029,CVE-2015-8025,-1,-1,952062,xscreensaver,https://www.suse.com/security/cve/CVE-2015-8025,"driver/subprocs.c in XScreenSaver before 5.34 does not properly perform an internal consistency check, which allows physically proximate attackers to bypass the lock screen by hot swapping monitors.",Released
20151102,CVE-2015-5313,,2.5,953110,libvirt,https://www.suse.com/security/cve/CVE-2015-5313,"Directory traversal vulnerability in the virStorageBackendFileSystemVolCreate function in storage/storage_backend_fs.c in libvirt, when fine-grained Access Control Lists (ACL) are in effect, allows local users with storage_vol:create ACL but not domain:write permission to write to arbitrary files via a .. (dot dot) in a volume name.",Released
20151103,CVE-2015-5602,-1,-1,917806,sudo,https://www.suse.com/security/cve/CVE-2015-5602,"sudoedit in Sudo before 1.8.15 allows local users to gain privileges via a symlink attack on a file whose full path is defined using multiple wildcards in /etc/sudoers, as demonstrated by \"/home/*/*/file.txt.\"",Released
20151104,CVE-2014-9756,-1,-1,953516,libsndfile,https://www.suse.com/security/cve/CVE-2014-9756,"The psf_fwrite function in file_io.c in libsndfile allows attackers to cause a denial of service (divide-by-zero error and application crash) via unspecified vectors related to the headindex variable.",Released
20151104,CVE-2015-5307,-1,-1,953527,kernel-source,https://www.suse.com/security/cve/CVE-2015-5307,"The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x through 4.6.x, allows guest OS users to cause a denial of service (host OS panic or hang) by triggering many #AC (aka Alignment Check) exceptions, related to svm.c and vmx.c.",Released
20151104,CVE-2015-5307,-1,-1,953527,xen,https://www.suse.com/security/cve/CVE-2015-5307,"The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x through 4.6.x, allows guest OS users to cause a denial of service (host OS panic or hang) by triggering many #AC (aka Alignment Check) exceptions, related to svm.c and vmx.c.",Released
20151104,CVE-2015-7805,-1,-1,953516,libsndfile,https://www.suse.com/security/cve/CVE-2015-7805,"Heap-based buffer overflow in libsndfile 1.0.25 allows remote attackers to have unspecified impact via the headindex value in the header in an AIFF file.",Released
20151104,CVE-2015-8075,-1,-1,953516,libsndfile,https://www.suse.com/security/cve/CVE-2015-8075,"** REJECT **  DO NOT USE THIS CANDIDATE NUMBER.  ConsultIDs: none.  Reason: This candidate was withdrawn by its CNA.  Further investigation showed that it was not a security issue.  Notes: none.",Released
20151105,CVE-2015-8023,-1,-1,953817,strongswan,https://www.suse.com/security/cve/CVE-2015-8023,"The server implementation of the EAP-MSCHAPv2 protocol in the eap-mschapv2 plugin in strongSwan 4.2.12 through 5.x before 5.3.4 does not properly validate local state, which allows remote attackers to bypass authentication via an empty Success message in response to an initial Challenge message.",Released
20151106,CVE-2015-0138,-1,-1,952088,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2015-0138,"GSKit in IBM Tivoli Directory Server (ITDS) 6.0 before 6.0.0.73-ISS-ITDS-IF0073, 6.1 before 6.1.0.66-ISS-ITDS-IF0066, 6.2 before 6.2.0.42-ISS-ITDS-IF0042, and 6.3 before 6.3.0.35-ISS-ITDS-IF0035 and IBM Security Directory Server (ISDS) 6.3.1 before 6.3.1.9-ISS-ISDS-IF0009 does not properly restrict TLS state transitions, which makes it easier for remote attackers to conduct cipher-downgrade attacks to EXPORT_RSA ciphers via crafted TLS traffic, related to the \"FREAK\" issue, a different vulnerability than CVE-2015-0204.",Already fixed
20151106,CVE-2015-0192,-1,-1,952088,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2015-0192,"Unspecified vulnerability in IBM Java 8 before SR1, 7 R1 before SR2 FP11, 7 before SR9, 6 R1 before SR8 FP4, 6 before SR16 FP4, and 5.0 before SR16 FP10 allows remote attackers to gain privileges via unknown vectors related to the Java Virtual Machine.",Already fixed
20151106,CVE-2015-1914,-1,-1,952088,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2015-1914,"IBM Java 7 R1 before SR3, 7 before SR9, 6 R1 before SR8 FP4, 6 before SR16 FP4, and 5.0 before SR16 FP10 allows remote attackers to bypass \"permission checks\" and obtain sensitive information via vectors related to the Java Virtual Machine.",Already fixed
20151109,CVE-2015-8076,-1,-1,954200,cyrus-imapd,https://www.suse.com/security/cve/CVE-2015-8076,"The index_urlfetch function in index.c in Cyrus IMAP 2.3.x before 2.3.19, 2.4.x before 2.4.18, 2.5.x before 2.5.4 allows remote attackers to obtain sensitive information or possibly have unspecified other impact via vectors related to the urlfetch range, which triggers an out-of-bounds heap read.",Released
20151109,CVE-2015-8077,-1,-1,954200,cyrus-imapd,https://www.suse.com/security/cve/CVE-2015-8077,"Integer overflow in the index_urlfetch function in imap/index.c in Cyrus IMAP 2.3.19, 2.4.18, and 2.5.6 allows remote attackers to have unspecified impact via vectors related to urlfetch range checks and the start_octet variable. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-8076.",Released
20151109,CVE-2015-8078,-1,-1,954201,cyrus-imapd,https://www.suse.com/security/cve/CVE-2015-8078,"Integer overflow in the index_urlfetch function in imap/index.c in Cyrus IMAP 2.3.19, 2.4.18, and 2.5.6 allows remote attackers to have unspecified impact via vectors related to urlfetch range checks and the section_offset variable. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-8076.",Released
20151110,CVE-2015-7328,,4.7,954407,puppet,https://www.suse.com/security/cve/CVE-2015-7328,"Puppet Server in Puppet Enterprise before 3.8.x before 3.8.3 and 2015.2.x before 2015.2.3 uses world-readable permissions for the private key of the Certification Authority (CA) certificate during the initial installation and configuration, which might allow local users to obtain sensitive information via unspecified vectors.",Analysis
20151110,CVE-2015-8104,,,1215748,kernel-source,https://www.suse.com/security/cve/CVE-2015-8104,"The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x through 4.6.x, allows guest OS users to cause a denial of service (host OS panic or hang) by triggering many #DB (aka Debug) exceptions, related to svm.c.",Released
20151110,CVE-2015-8104,,,1215748,xen,https://www.suse.com/security/cve/CVE-2015-8104,"The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x through 4.6.x, allows guest OS users to cause a denial of service (host OS panic or hang) by triggering many #DB (aka Debug) exceptions, related to svm.c.",Released
20151113,CVE-2001-0328,-1,-1,954947,kernel-source,https://www.suse.com/security/cve/CVE-2001-0328,"TCP implementations that use random increments for initial sequence numbers (ISN) can allow remote attackers to perform session hijacking or disruption by injecting a flood of packets with a range of ISN values, one of which may match the expected ISN.",Analysis
20151113,CVE-2015-8126,-1,-1,954980,libpng12-0,https://www.suse.com/security/cve/CVE-2015-8126,"Multiple buffer overflows in the (1) png_set_PLTE and (2) png_get_PLTE functions in libpng before 1.0.64, 1.1.x and 1.2.x before 1.2.54, 1.3.x and 1.4.x before 1.4.17, 1.5.x before 1.5.24, and 1.6.x before 1.6.19 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image.",Released
20151116,CVE-2015-5006,-1,-1,955131,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2015-5006,"IBM Java Security Components in IBM SDK, Java Technology Edition 8 before SR2, 7 R1 before SR3 FP20, 7 before SR9 FP20, 6 R1 before SR8 FP15, and 6 before SR16 FP15 allow physically proximate attackers to obtain sensitive information by reading the Kerberos Credential Cache.",Released
20151116,CVE-2015-8107,-1,-1,955194,a2ps,https://www.suse.com/security/cve/CVE-2015-8107,"Format string vulnerability in GNU a2ps 4.14 allows remote attackers to execute arbitrary code.",Ignore
20151117,CVE-2015-8215,-1,-1,1020452,kernel-source,https://www.suse.com/security/cve/CVE-2015-8215,"net/ipv6/addrconf.c in the IPv6 stack in the Linux kernel before 4.0 does not validate attempted changes to the MTU value, which allows context-dependent attackers to cause a denial of service (packet loss) via a value that is (1) smaller than the minimum compliant value or (2) larger than the MTU of an interface, as demonstrated by a Router Advertisement (RA) message that is not validated by a daemon, a different vulnerability than CVE-2015-0272.  NOTE: the scope of CVE-2015-0272 is limited to the NetworkManager product.",Released
20151118,CVE-2013-7446,-1,-1,1020452,kernel-source,https://www.suse.com/security/cve/CVE-2013-7446,"Use-after-free vulnerability in net/unix/af_unix.c in the Linux kernel before 4.3.3 allows local users to bypass intended AF_UNIX socket permissions or cause a denial of service (panic) via crafted epoll_ctl calls.",Released
20151118,CVE-2015-7496,,,955552,gdm,https://www.suse.com/security/cve/CVE-2015-7496,"GNOME Display Manager (gdm) before 3.18.2 allows physically proximate attackers to bypass the lock screen by holding the Escape key.",Ignore
20151120,CVE-2015-8241,-1,-1,1123919,libxml2,https://www.suse.com/security/cve/CVE-2015-8241,"The xmlNextChar function in libxml2 2.9.2 does not properly check the state, which allows context-dependent attackers to cause a denial of service (heap-based buffer over-read and application crash) or obtain sensitive information via crafted XML data.",Released
20151120,CVE-2015-8241,-1,-1,1123919,libxml2-python,https://www.suse.com/security/cve/CVE-2015-8241,"The xmlNextChar function in libxml2 2.9.2 does not properly check the state, which allows context-dependent attackers to cause a denial of service (heap-based buffer over-read and application crash) or obtain sensitive information via crafted XML data.",Released
20151120,CVE-2015-8242,-1,-1,1123919,libxml2,https://www.suse.com/security/cve/CVE-2015-8242,"The xmlSAX2TextNode function in SAX2.c in the push interface in the HTML parser in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (stack-based buffer over-read and application crash) or obtain sensitive information via crafted XML data.",Released
20151120,CVE-2015-8242,-1,-1,1123919,libxml2-python,https://www.suse.com/security/cve/CVE-2015-8242,"The xmlSAX2TextNode function in SAX2.c in the push interface in the HTML parser in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (stack-based buffer over-read and application crash) or obtain sensitive information via crafted XML data.",Released
20151123,CVE-2015-8317,-1,-1,1123919,libxml2,https://www.suse.com/security/cve/CVE-2015-8317,"The xmlParseXMLDecl function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive information via an (1) unterminated encoding value or (2) incomplete XML declaration in XML data, which triggers an out-of-bounds heap read.",Released
20151123,CVE-2015-8317,-1,-1,1123919,libxml2-python,https://www.suse.com/security/cve/CVE-2015-8317,"The xmlParseXMLDecl function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive information via an (1) unterminated encoding value or (2) incomplete XML declaration in XML data, which triggers an out-of-bounds heap read.",Released
20151124,CVE-2015-7504,,8.8,956411,xen,https://www.suse.com/security/cve/CVE-2015-7504,"Heap-based buffer overflow in the pcnet_receive function in hw/net/pcnet.c in QEMU allows guest OS administrators to cause a denial of service (instance crash) or possibly execute arbitrary code via a series of packets in loopback mode.",Released
20151125,CVE-2015-7509,,4.4,1020452,kernel-source,https://www.suse.com/security/cve/CVE-2015-7509,"fs/ext4/namei.c in the Linux kernel before 3.7 allows physically proximate attackers to cause a denial of service (system crash) via a crafted no-journal filesystem, a related issue to CVE-2013-2015.",Released
20151125,CVE-2015-7515,-1,-1,1020452,kernel-source,https://www.suse.com/security/cve/CVE-2015-7515,"The aiptek_probe function in drivers/input/tablet/aiptek.c in the Linux kernel before 4.4 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted USB device that lacks endpoints.",Released
20151125,CVE-2015-8324,,4.6,956707,kernel-source,https://www.suse.com/security/cve/CVE-2015-8324,"The ext4 implementation in the Linux kernel before 2.6.34 does not properly track the initialization of certain data structures, which allows physically proximate attackers to cause a denial of service (NULL pointer dereference and panic) via a crafted USB device, related to the ext4_fill_super function.",Already fixed
20151125,CVE-2015-8338,,,956407,xen,https://www.suse.com/security/cve/CVE-2015-8338,"Xen 4.6.x and earlier does not properly enforce limits on page order inputs for the (1) XENMEM_increase_reservation, (2) XENMEM_populate_physmap, (3) XENMEM_exchange, and possibly other HYPERVISOR_memory_op suboperations, which allows ARM guest OS administrators to cause a denial of service (CPU consumption, guest reboot, or watchdog timeout and host reboot) and possibly have unspecified other impact via unknown vectors.",Analysis
20151125,CVE-2015-8339,,,956408,xen,https://www.suse.com/security/cve/CVE-2015-8339,"The memory_exchange function in common/memory.c in Xen 3.2.x through 4.6.x does not properly hand back pages to a domain, which might allow guest OS administrators to cause a denial of service (host crash) via unspecified vectors related to domain teardown.",Released
20151125,CVE-2015-8340,,,956408,xen,https://www.suse.com/security/cve/CVE-2015-8340,"The memory_exchange function in common/memory.c in Xen 3.2.x through 4.6.x does not properly release locks, which might allow guest OS administrators to cause a denial of service (deadlock or host crash) via unspecified vectors, related to XENMEM_exchange error handling.",Released
20151125,CVE-2015-8341,-1,-1,956409,xen,https://www.suse.com/security/cve/CVE-2015-8341,"The libxl toolstack library in Xen 4.1.x through 4.6.x does not properly release mappings of files used as kernels and initial ramdisks when managing multiple domains in the same process, which allows attackers to cause a denial of service (memory and disk consumption) by starting domains.",Released
20151126,CVE-2015-8345,-1,-1,956829,kvm,https://www.suse.com/security/cve/CVE-2015-8345,"The eepro100 emulator in QEMU qemu-kvm blank allows local guest users to cause a denial of service (application crash and infinite loop) via vectors involving the command block list.",Released
20151126,CVE-2015-8345,-1,-1,956829,xen,https://www.suse.com/security/cve/CVE-2015-8345,"The eepro100 emulator in QEMU qemu-kvm blank allows local guest users to cause a denial of service (application crash and infinite loop) via vectors involving the command block list.",Already fixed
20151130,CVE-2015-5312,-1,-1,1123919,libxml2,https://www.suse.com/security/cve/CVE-2015-5312,"The xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.3 does not properly prevent entity expansion, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted XML data, a different vulnerability than CVE-2014-3660.",Released
20151130,CVE-2015-5312,-1,-1,1123919,libxml2-python,https://www.suse.com/security/cve/CVE-2015-5312,"The xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.3 does not properly prevent entity expansion, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted XML data, a different vulnerability than CVE-2014-3660.",Released
20151130,CVE-2015-7497,-1,-1,1123919,libxml2,https://www.suse.com/security/cve/CVE-2015-7497,"Heap-based buffer overflow in the xmlDictComputeFastQKey function in dict.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service via unspecified vectors.",Released
20151130,CVE-2015-7497,-1,-1,1123919,libxml2-python,https://www.suse.com/security/cve/CVE-2015-7497,"Heap-based buffer overflow in the xmlDictComputeFastQKey function in dict.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service via unspecified vectors.",Released
20151130,CVE-2015-7498,-1,-1,1123919,libxml2,https://www.suse.com/security/cve/CVE-2015-7498,"Heap-based buffer overflow in the xmlParseXmlDecl function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service via unspecified vectors related to extracting errors after an encoding conversion failure.",Released
20151130,CVE-2015-7498,-1,-1,1123919,libxml2-python,https://www.suse.com/security/cve/CVE-2015-7498,"Heap-based buffer overflow in the xmlParseXmlDecl function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service via unspecified vectors related to extracting errors after an encoding conversion failure.",Released
20151130,CVE-2015-7499,-1,-1,1123919,libxml2,https://www.suse.com/security/cve/CVE-2015-7499,"Heap-based buffer overflow in the xmlGROW function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive process memory information via unspecified vectors.",Released
20151130,CVE-2015-7499,-1,-1,1123919,libxml2-python,https://www.suse.com/security/cve/CVE-2015-7499,"Heap-based buffer overflow in the xmlGROW function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive process memory information via unspecified vectors.",Released
20151130,CVE-2015-7500,-1,-1,1123919,libxml2,https://www.suse.com/security/cve/CVE-2015-7500,"The xmlParseMisc function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (out-of-bounds heap read) via unspecified vectors related to incorrect entities boundaries and start tags.",Released
20151130,CVE-2015-7500,-1,-1,1123919,libxml2-python,https://www.suse.com/security/cve/CVE-2015-7500,"The xmlParseMisc function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (out-of-bounds heap read) via unspecified vectors related to incorrect entities boundaries and start tags.",Released
20151130,CVE-2015-7512,,9,957162,kvm,https://www.suse.com/security/cve/CVE-2015-7512,"Buffer overflow in the pcnet_receive function in hw/net/pcnet.c in QEMU, when a guest NIC has a larger MTU, allows remote attackers to cause a denial of service (guest OS crash) or execute arbitrary code via a large packet.",Released
20151130,CVE-2015-8370,-1,-1,956631,grub2,https://www.suse.com/security/cve/CVE-2015-8370,"Multiple integer underflows in Grub2 1.98 through 2.02 allow physically proximate attackers to bypass authentication, obtain sensitive information, or cause a denial of service (disk corruption) via backspace characters in the (1) grub_username_get function in grub-core/normal/auth.c or the (2) grub_password_get function in lib/crypto.c, which trigger an \"Off-by-two\" or \"Out of bounds overwrite\" memory error.",Released
20151202,CVE-2015-8313,,5.9,957568,gnutls,https://www.suse.com/security/cve/CVE-2015-8313,"GnuTLS incorrectly validates the first byte of padding in CBC modes",Released
20151202,CVE-2015-8327,-1,-1,1027197,foomatic-filters,https://www.suse.com/security/cve/CVE-2015-8327,"Incomplete blacklist vulnerability in util.c in foomatic-rip in cups-filters 1.0.42 before 1.2.0 and in foomatic-filters in Foomatic 4.0.x allows remote attackers to execute arbitrary commands via ` (backtick) characters in a print job.",Released
20151202,CVE-2015-8380,-1,-1,957566,pcre,https://www.suse.com/security/cve/CVE-2015-8380,"The pcre_exec function in pcre_exec.c in PCRE before 8.38 mishandles a // pattern with a \01 string, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.",Already fixed
20151203,CVE-2012-6698,-1,-1,955762,dhcpcd,https://www.suse.com/security/cve/CVE-2012-6698,"The decode_search function in dhcp.c in dhcpcd 3.x allows remote DHCP servers to cause a denial of service (out-of-bounds write) via a crafted response.",Released
20151203,CVE-2012-6699,-1,-1,955762,dhcpcd,https://www.suse.com/security/cve/CVE-2012-6699,"The decode_search function in dhcp.c in dhcpcd 3.x allows remote DHCP servers to cause a denial of service (out-of-bounds read) via a crafted response.",Released
20151203,CVE-2012-6700,-1,-1,955762,dhcpcd,https://www.suse.com/security/cve/CVE-2012-6700,"The decode_search function in dhcp.c in dhcpcd 3.x does not properly free allocated memory, which allows remote DHCP servers to cause a denial of service via a crafted response.",Released
20151203,CVE-2015-3193,,7.5,1022086,firefox-atk,https://www.suse.com/security/cve/CVE-2015-3193,"The Montgomery squaring implementation in crypto/bn/asm/x86_64-mont5.pl in OpenSSL 1.0.2 before 1.0.2e on the x86_64 platform, as used by the BN_mod_exp function, mishandles carry propagation and produces incorrect output, which makes it easier for remote attackers to obtain sensitive private-key information via an attack against use of a (1) Diffie-Hellman (DH) or (2) Diffie-Hellman Ephemeral (DHE) ciphersuite.",Released
20151203,CVE-2015-3193,,7.5,1022086,firefox-cairo,https://www.suse.com/security/cve/CVE-2015-3193,"The Montgomery squaring implementation in crypto/bn/asm/x86_64-mont5.pl in OpenSSL 1.0.2 before 1.0.2e on the x86_64 platform, as used by the BN_mod_exp function, mishandles carry propagation and produces incorrect output, which makes it easier for remote attackers to obtain sensitive private-key information via an attack against use of a (1) Diffie-Hellman (DH) or (2) Diffie-Hellman Ephemeral (DHE) ciphersuite.",Released
20151203,CVE-2015-3193,,7.5,1022086,firefox-gcc8,https://www.suse.com/security/cve/CVE-2015-3193,"The Montgomery squaring implementation in crypto/bn/asm/x86_64-mont5.pl in OpenSSL 1.0.2 before 1.0.2e on the x86_64 platform, as used by the BN_mod_exp function, mishandles carry propagation and produces incorrect output, which makes it easier for remote attackers to obtain sensitive private-key information via an attack against use of a (1) Diffie-Hellman (DH) or (2) Diffie-Hellman Ephemeral (DHE) ciphersuite.",Released
20151203,CVE-2015-3193,,7.5,1022086,firefox-gdk-pixbuf,https://www.suse.com/security/cve/CVE-2015-3193,"The Montgomery squaring implementation in crypto/bn/asm/x86_64-mont5.pl in OpenSSL 1.0.2 before 1.0.2e on the x86_64 platform, as used by the BN_mod_exp function, mishandles carry propagation and produces incorrect output, which makes it easier for remote attackers to obtain sensitive private-key information via an attack against use of a (1) Diffie-Hellman (DH) or (2) Diffie-Hellman Ephemeral (DHE) ciphersuite.",Released
20151203,CVE-2015-3193,,7.5,1022086,firefox-glib2,https://www.suse.com/security/cve/CVE-2015-3193,"The Montgomery squaring implementation in crypto/bn/asm/x86_64-mont5.pl in OpenSSL 1.0.2 before 1.0.2e on the x86_64 platform, as used by the BN_mod_exp function, mishandles carry propagation and produces incorrect output, which makes it easier for remote attackers to obtain sensitive private-key information via an attack against use of a (1) Diffie-Hellman (DH) or (2) Diffie-Hellman Ephemeral (DHE) ciphersuite.",Released
20151203,CVE-2015-3193,,7.5,1022086,firefox-gtk3,https://www.suse.com/security/cve/CVE-2015-3193,"The Montgomery squaring implementation in crypto/bn/asm/x86_64-mont5.pl in OpenSSL 1.0.2 before 1.0.2e on the x86_64 platform, as used by the BN_mod_exp function, mishandles carry propagation and produces incorrect output, which makes it easier for remote attackers to obtain sensitive private-key information via an attack against use of a (1) Diffie-Hellman (DH) or (2) Diffie-Hellman Ephemeral (DHE) ciphersuite.",Released
20151203,CVE-2015-3193,,7.5,1022086,firefox-harfbuzz,https://www.suse.com/security/cve/CVE-2015-3193,"The Montgomery squaring implementation in crypto/bn/asm/x86_64-mont5.pl in OpenSSL 1.0.2 before 1.0.2e on the x86_64 platform, as used by the BN_mod_exp function, mishandles carry propagation and produces incorrect output, which makes it easier for remote attackers to obtain sensitive private-key information via an attack against use of a (1) Diffie-Hellman (DH) or (2) Diffie-Hellman Ephemeral (DHE) ciphersuite.",Released
20151203,CVE-2015-3193,,7.5,1022086,firefox-libffi-gcc5,https://www.suse.com/security/cve/CVE-2015-3193,"The Montgomery squaring implementation in crypto/bn/asm/x86_64-mont5.pl in OpenSSL 1.0.2 before 1.0.2e on the x86_64 platform, as used by the BN_mod_exp function, mishandles carry propagation and produces incorrect output, which makes it easier for remote attackers to obtain sensitive private-key information via an attack against use of a (1) Diffie-Hellman (DH) or (2) Diffie-Hellman Ephemeral (DHE) ciphersuite.",Released
20151203,CVE-2015-3193,,7.5,1022086,firefox-libffi,https://www.suse.com/security/cve/CVE-2015-3193,"The Montgomery squaring implementation in crypto/bn/asm/x86_64-mont5.pl in OpenSSL 1.0.2 before 1.0.2e on the x86_64 platform, as used by the BN_mod_exp function, mishandles carry propagation and produces incorrect output, which makes it easier for remote attackers to obtain sensitive private-key information via an attack against use of a (1) Diffie-Hellman (DH) or (2) Diffie-Hellman Ephemeral (DHE) ciphersuite.",Released
20151203,CVE-2015-3193,,7.5,1022086,firefox-pango,https://www.suse.com/security/cve/CVE-2015-3193,"The Montgomery squaring implementation in crypto/bn/asm/x86_64-mont5.pl in OpenSSL 1.0.2 before 1.0.2e on the x86_64 platform, as used by the BN_mod_exp function, mishandles carry propagation and produces incorrect output, which makes it easier for remote attackers to obtain sensitive private-key information via an attack against use of a (1) Diffie-Hellman (DH) or (2) Diffie-Hellman Ephemeral (DHE) ciphersuite.",Released
20151203,CVE-2015-3194,,7.5,957812,firefox-atk,https://www.suse.com/security/cve/CVE-2015-3194,"crypto/rsa/rsa_ameth.c in OpenSSL 1.0.1 before 1.0.1q and 1.0.2 before 1.0.2e allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an RSA PSS ASN.1 signature that lacks a mask generation function parameter.",Released
20151203,CVE-2015-3194,,7.5,957812,firefox-cairo,https://www.suse.com/security/cve/CVE-2015-3194,"crypto/rsa/rsa_ameth.c in OpenSSL 1.0.1 before 1.0.1q and 1.0.2 before 1.0.2e allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an RSA PSS ASN.1 signature that lacks a mask generation function parameter.",Released
20151203,CVE-2015-3194,,7.5,957812,firefox-gcc8,https://www.suse.com/security/cve/CVE-2015-3194,"crypto/rsa/rsa_ameth.c in OpenSSL 1.0.1 before 1.0.1q and 1.0.2 before 1.0.2e allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an RSA PSS ASN.1 signature that lacks a mask generation function parameter.",Released
20151203,CVE-2015-3194,,7.5,957812,firefox-gdk-pixbuf,https://www.suse.com/security/cve/CVE-2015-3194,"crypto/rsa/rsa_ameth.c in OpenSSL 1.0.1 before 1.0.1q and 1.0.2 before 1.0.2e allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an RSA PSS ASN.1 signature that lacks a mask generation function parameter.",Released
20151203,CVE-2015-3194,,7.5,957812,firefox-glib2,https://www.suse.com/security/cve/CVE-2015-3194,"crypto/rsa/rsa_ameth.c in OpenSSL 1.0.1 before 1.0.1q and 1.0.2 before 1.0.2e allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an RSA PSS ASN.1 signature that lacks a mask generation function parameter.",Released
20151203,CVE-2015-3194,,7.5,957812,firefox-gtk3,https://www.suse.com/security/cve/CVE-2015-3194,"crypto/rsa/rsa_ameth.c in OpenSSL 1.0.1 before 1.0.1q and 1.0.2 before 1.0.2e allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an RSA PSS ASN.1 signature that lacks a mask generation function parameter.",Released
20151203,CVE-2015-3194,,7.5,957812,firefox-harfbuzz,https://www.suse.com/security/cve/CVE-2015-3194,"crypto/rsa/rsa_ameth.c in OpenSSL 1.0.1 before 1.0.1q and 1.0.2 before 1.0.2e allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an RSA PSS ASN.1 signature that lacks a mask generation function parameter.",Released
20151203,CVE-2015-3194,,7.5,957812,firefox-libffi-gcc5,https://www.suse.com/security/cve/CVE-2015-3194,"crypto/rsa/rsa_ameth.c in OpenSSL 1.0.1 before 1.0.1q and 1.0.2 before 1.0.2e allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an RSA PSS ASN.1 signature that lacks a mask generation function parameter.",Released
20151203,CVE-2015-3194,,7.5,957812,firefox-libffi,https://www.suse.com/security/cve/CVE-2015-3194,"crypto/rsa/rsa_ameth.c in OpenSSL 1.0.1 before 1.0.1q and 1.0.2 before 1.0.2e allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an RSA PSS ASN.1 signature that lacks a mask generation function parameter.",Released
20151203,CVE-2015-3194,,7.5,957812,firefox-pango,https://www.suse.com/security/cve/CVE-2015-3194,"crypto/rsa/rsa_ameth.c in OpenSSL 1.0.1 before 1.0.1q and 1.0.2 before 1.0.2e allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an RSA PSS ASN.1 signature that lacks a mask generation function parameter.",Released
20151203,CVE-2015-3195,,5.3,923755,openssl,https://www.suse.com/security/cve/CVE-2015-3195,"The ASN1_TFLG_COMBINE implementation in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zh, 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1q, and 1.0.2 before 1.0.2e mishandles errors caused by malformed X509_ATTRIBUTE data, which allows remote attackers to obtain sensitive information from process memory by triggering a decoding failure in a PKCS#7 or CMS application.",Released
20151204,CVE-2015-1794,-1,-1,957984,openssl,https://www.suse.com/security/cve/CVE-2015-1794,"The ssl3_get_key_exchange function in ssl/s3_clnt.c in OpenSSL 1.0.2 before 1.0.2e allows remote servers to cause a denial of service (segmentation fault) via a zero p value in an anonymous Diffie-Hellman (DH) ServerKeyExchange message.",Analysis
20151207,CVE-2015-8472,-1,-1,954980,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2015-8472,"Buffer overflow in the png_set_PLTE function in libpng before 1.0.65, 1.1.x and 1.2.x before 1.2.55, 1.3.x, 1.4.x before 1.4.18, 1.5.x before 1.5.25, and 1.6.x before 1.6.20 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-8126.",Released
20151207,CVE-2015-8472,-1,-1,954980,libpng12-0,https://www.suse.com/security/cve/CVE-2015-8472,"Buffer overflow in the png_set_PLTE function in libpng before 1.0.65, 1.1.x and 1.2.x before 1.2.55, 1.3.x, 1.4.x before 1.4.18, 1.5.x before 1.5.25, and 1.6.x before 1.6.20 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-8126.",Released
20151208,CVE-2015-7543,-1,-1,958347,kdelibs3,https://www.suse.com/security/cve/CVE-2015-7543,"aRts 1.5.10 and kdelibs3 3.5.10 and earlier do not properly create temporary directories, which allows local users to hijack the IPC by pre-creating the temporary directory.",Released
20151209,CVE-2015-8504,,6.5,958491,kvm,https://www.suse.com/security/cve/CVE-2015-8504,"Qemu, when built with VNC display driver support, allows remote attackers to cause a denial of service (arithmetic exception and application crash) via crafted SetPixelFormat messages from a client.",Released
20151209,CVE-2015-8504,,6.5,958491,xen,https://www.suse.com/security/cve/CVE-2015-8504,"Qemu, when built with VNC display driver support, allows remote attackers to cause a denial of service (arithmetic exception and application crash) via crafted SetPixelFormat messages from a client.",Released
20151210,CVE-2015-5252,,7.2,958582,samba,https://www.suse.com/security/cve/CVE-2015-5252,"vfs.c in smbd in Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3, when share names with certain substring relationships exist, allows remote attackers to bypass intended file-access restrictions via a symlink that points outside of a share.",Released
20151210,CVE-2015-5296,,5.4,1058622,samba,https://www.suse.com/security/cve/CVE-2015-5296,"Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3 supports connections that are encrypted but unsigned, which allows man-in-the-middle attackers to conduct encrypted-to-unencrypted downgrade attacks by modifying the client-server data stream, related to clidfs.c, libsmb_server.c, and smbXcli_base.c.",Released
20151210,CVE-2015-5299,,5.3,958583,samba,https://www.suse.com/security/cve/CVE-2015-5299,"The shadow_copy2_get_shadow_copy_data function in modules/vfs_shadow_copy2.c in Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3 does not verify that the DIRECTORY_LIST access right has been granted, which allows remote attackers to access snapshots by visiting a shadow copy directory.",Released
20151210,CVE-2015-5330,-1,-1,958581,samba,https://www.suse.com/security/cve/CVE-2015-5330,"ldb before 1.1.24, as used in the AD LDAP server in Samba 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3, mishandles string lengths, which allows remote attackers to obtain sensitive information from daemon heap memory by sending crafted packets and then reading (1) an error message or (2) a database value.",Released
20151210,CVE-2015-8539,,7.8,1115893,kernel-source,https://www.suse.com/security/cve/CVE-2015-8539,"The KEYS subsystem in the Linux kernel before 4.4 allows local users to gain privileges or cause a denial of service (BUG) via crafted keyctl commands that negatively instantiate a key, related to security/keys/encrypted-keys/encrypted.c, security/keys/trusted.c, and security/keys/user_defined.c.",Released
20151211,CVE-2015-8540,,8.8,1149680,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2015-8540,"Integer underflow in the png_check_keyword function in pngwutil.c in libpng 0.90 through 0.99, 1.0.x before 1.0.66, 1.1.x and 1.2.x before 1.2.56, 1.3.x and 1.4.x before 1.4.19, and 1.5.x before 1.5.26 allows remote attackers to have unspecified impact via a space character as a keyword in a PNG image, which triggers an out-of-bounds read.",Released
20151211,CVE-2015-8540,,8.8,1149680,libpng12-0,https://www.suse.com/security/cve/CVE-2015-8540,"Integer underflow in the png_check_keyword function in pngwutil.c in libpng 0.90 through 0.99, 1.0.x before 1.0.66, 1.1.x and 1.2.x before 1.2.56, 1.3.x and 1.4.x before 1.4.19, and 1.5.x before 1.5.26 allows remote attackers to have unspecified impact via a space character as a keyword in a PNG image, which triggers an out-of-bounds read.",Released
20151212,CVE-2015-8000,-1,-1,944066,bind,https://www.suse.com/security/cve/CVE-2015-8000,"db.c in named in ISC BIND 9.x before 9.9.8-P2 and 9.10.x before 9.10.3-P2 allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via a malformed class attribute.",Released
20151212,CVE-2015-8461,-1,-1,958861,bind,https://www.suse.com/security/cve/CVE-2015-8461,"Race condition in resolver.c in named in ISC BIND 9.9.8 before 9.9.8-P2 and 9.10.3 before 9.10.3-P2 allows remote attackers to cause a denial of service (INSIST assertion failure and daemon exit) via unspecified vectors.",Analysis
20151213,CVE-2015-8543,,7,1020452,kernel-source,https://www.suse.com/security/cve/CVE-2015-8543,"The networking implementation in the Linux kernel through 4.3.3, as used in Android and other products, does not validate protocol identifiers for certain protocol families, which allows local users to cause a denial of service (NULL function pointer dereference and system crash) or possibly gain privileges by leveraging CLONE_NEWUSER support to execute a crafted SOCK_RAW application.",Released
20151214,CVE-2015-7549,,6,958917,kvm,https://www.suse.com/security/cve/CVE-2015-7549,"The MSI-X MMIO support in hw/pci/msix.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (NULL pointer dereference and QEMU process crash) by leveraging failure to define the .write method.",Released
20151214,CVE-2015-7549,,6,958917,xen,https://www.suse.com/security/cve/CVE-2015-7549,"The MSI-X MMIO support in hw/pci/msix.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (NULL pointer dereference and QEMU process crash) by leveraging failure to define the .write method.",Released
20151214,CVE-2015-7550,-1,-1,1020452,kernel-source,https://www.suse.com/security/cve/CVE-2015-7550,"The keyctl_read_key function in security/keys/keyctl.c in the Linux kernel before 4.3.4 does not properly use a semaphore, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted application that leverages a race condition between keyctl_revoke and keyctl_read calls.",Released
20151214,CVE-2015-7552,,,958963,firefox-gdk-pixbuf,https://www.suse.com/security/cve/CVE-2015-7552,"Heap-based buffer overflow in the gdk_pixbuf_flip function in gdk-pixbuf-scale.c in gdk-pixbuf 2.30.x allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted BMP file.",Affected
20151214,CVE-2015-7552,,,958963,gtk2,https://www.suse.com/security/cve/CVE-2015-7552,"Heap-based buffer overflow in the gdk_pixbuf_flip function in gdk-pixbuf-scale.c in gdk-pixbuf 2.30.x allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted BMP file.",Released
20151215,CVE-2015-1336,-1,-1,959132,man,https://www.suse.com/security/cve/CVE-2015-1336,"The daily mandb cleanup job in Man-db before 2.7.6.1-1 as packaged in Ubuntu and Debian allows local users with access to the man account to gain privileges via vectors involving insecure chown use.",Analysis
20151215,CVE-2015-7553,,4.7,959147,kernel-source,https://www.suse.com/security/cve/CVE-2015-7553,"Race condition in the kernel in Red Hat Enterprise Linux 7, kernel-rt and Red Hat Enterprise MRG 2, when the nfnetlink_log module is loaded, allows local users to cause a denial of service (panic) by creating netlink sockets.",Analysis
20151215,CVE-2015-8551,,6,1020452,kernel-source,https://www.suse.com/security/cve/CVE-2015-8551,"The PCI backend driver in Xen, when running on an x86 system and using Linux 3.1.x through 4.3.x as the driver domain, allows local guest administrators to hit BUG conditions and cause a denial of service (NULL pointer dereference and host OS crash) by leveraging a system with access to a passed-through MSI or MSI-X capable physical PCI device and a crafted sequence of XEN_PCI_OP_* operations, aka \"Linux pciback missing sanity checks.\"",Released
20151215,CVE-2015-8552,-1,-1,1020452,kernel-source,https://www.suse.com/security/cve/CVE-2015-8552,"The PCI backend driver in Xen, when running on an x86 system and using Linux 3.1.x through 4.3.x as the driver domain, allows local guest administrators to generate a continuous stream of WARN messages and cause a denial of service (disk consumption) by leveraging a system with access to a passed-through MSI or MSI-X capable physical PCI device and XEN_PCI_OP_enable_msi operations, aka \"Linux pciback missing sanity checks.\"",Released
20151215,CVE-2015-8553,,6.5,903967,kernel-source,https://www.suse.com/security/cve/CVE-2015-8553,"Xen allows guest OS users to obtain sensitive information from uninitialized locations in host OS kernel memory by not enabling memory and I/O decoding control bits.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-0777.",Released
20151215,CVE-2015-8555,-1,-1,958009,xen,https://www.suse.com/security/cve/CVE-2015-8555,"Xen 4.6.x, 4.5.x, 4.4.x, 4.3.x, and earlier do not initialize x86 FPU stack and XMM registers when XSAVE/XRSTOR are not used to manage guest extended register state, which allows local guest domains to obtain sensitive information from other domains via unspecified vectors.",Released
20151215,CVE-2015-8558,,5.5,959005,kvm,https://www.suse.com/security/cve/CVE-2015-8558,"The ehci_process_itd function in hw/usb/hcd-ehci.c in QEMU allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) via a circular isochronous transfer descriptor (iTD) list.",Released
20151215,CVE-2015-8558,,5.5,959005,xen,https://www.suse.com/security/cve/CVE-2015-8558,"The ehci_process_itd function in hw/usb/hcd-ehci.c in QEMU allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) via a circular isochronous transfer descriptor (iTD) list.",Released
20151215,CVE-2015-8560,-1,-1,1027197,foomatic-filters,https://www.suse.com/security/cve/CVE-2015-8560,"Incomplete blacklist vulnerability in util.c in foomatic-rip in cups-filters 1.0.42 before 1.4.0 and in foomatic-filters in Foomatic 4.0.x allows remote attackers to execute arbitrary commands via a ; (semicolon) character in a print job, a different vulnerability than CVE-2015-8327.",Released
20151216,CVE-2015-8550,-1,-1,1020452,kernel-source,https://www.suse.com/security/cve/CVE-2015-8550,"Xen, when used on a system providing PV backends, allows local guest OS administrators to cause a denial of service (host OS crash) or gain privileges by writing to memory shared between the frontend and backend, aka a double fetch vulnerability.",Released
20151216,CVE-2015-8550,-1,-1,1020452,xen,https://www.suse.com/security/cve/CVE-2015-8550,"Xen, when used on a system providing PV backends, allows local guest OS administrators to cause a denial of service (host OS crash) or gain privileges by writing to memory shared between the frontend and backend, aka a double fetch vulnerability.",Released
20151216,CVE-2015-8554,-1,-1,958007,xen,https://www.suse.com/security/cve/CVE-2015-8554,"Buffer overflow in hw/pt-msi.c in Xen 4.6.x and earlier, when using the qemu-xen-traditional (aka qemu-dm) device model, allows local x86 HVM guest administrators to gain privileges by leveraging a system with access to a passed-through MSI-X capable physical PCI device and MSI-X table entries, related to a \"write path.\"",Released
20151216,CVE-2015-8567,,7.7,959386,xen,https://www.suse.com/security/cve/CVE-2015-8567,"Memory leak in net/vmxnet3.c in QEMU allows remote attackers to cause a denial of service (memory consumption).",Released
20151216,CVE-2015-8568,,6.5,959386,xen,https://www.suse.com/security/cve/CVE-2015-8568,"Memory leak in QEMU, when built with a VMWARE VMXNET3 paravirtual NIC emulator support, allows local guest users to cause a denial of service (host memory consumption) by trying to activate the vmxnet3 device repeatedly.",Released
20151216,CVE-2015-8569,-1,-1,1020452,kernel-source,https://www.suse.com/security/cve/CVE-2015-8569,"The (1) pptp_bind and (2) pptp_connect functions in drivers/net/ppp/pptp.c in the Linux kernel through 4.3.3 do not verify an address length, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism via a crafted application.",Released
20151216,CVE-2015-8575,-1,-1,1020452,kernel-source,https://www.suse.com/security/cve/CVE-2015-8575,"The sco_sock_bind function in net/bluetooth/sco.c in the Linux kernel before 4.3.4 does not verify an address length, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism via a crafted application.",Released
20151217,CVE-2015-7551,-1,-1,939860,ruby,https://www.suse.com/security/cve/CVE-2015-7551,"The Fiddle::Handle implementation in ext/fiddle/handle.c in Ruby before 2.0.0-p648, 2.1 before 2.1.8, and 2.2 before 2.2.4, as distributed in Apple OS X before 10.11.4 and other products, mishandles tainting, which allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted string, related to the DL module and the libffi library.  NOTE: this vulnerability exists because of a CVE-2009-5147 regression.",Released
20151223,CVE-2015-8615,-1,-1,960093,xen,https://www.suse.com/security/cve/CVE-2015-8615,"The hvm_set_callback_via function in arch/x86/hvm/irq.c in Xen 4.6 does not limit the number of printk console messages when logging the new callback method, which allows local HVM guest OS users to cause a denial of service via a large number of changes to the callback method (HVM_PARAM_CALLBACK_IRQ).",Analysis
20151223,CVE-2015-8616,-1,-1,960178,php53,https://www.suse.com/security/cve/CVE-2015-8616,"Use-after-free vulnerability in the Collator::sortWithSortKeys function in ext/intl/collator/collator_sort.c in PHP 7.x before 7.0.1 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact by leveraging the relationships between a key buffer and a destroyed array.",Analysis
20151223,CVE-2015-8617,-1,-1,960177,php53,https://www.suse.com/security/cve/CVE-2015-8617,"Format string vulnerability in the zend_throw_or_error function in Zend/zend_execute_API.c in PHP 7.x before 7.0.1 allows remote attackers to execute arbitrary code via format string specifiers in a string that is misused as a class name, leading to incorrect error handling.",Analysis
20151223,CVE-2015-8618,-1,-1,957814,firefox-atk,https://www.suse.com/security/cve/CVE-2015-8618,"The Int.Exp Montgomery code in the math/big library in Go 1.5.x before 1.5.3 mishandles carry propagation and produces incorrect output, which makes it easier for attackers to obtain private RSA keys via unspecified vectors.",Released
20151223,CVE-2015-8618,-1,-1,957814,firefox-cairo,https://www.suse.com/security/cve/CVE-2015-8618,"The Int.Exp Montgomery code in the math/big library in Go 1.5.x before 1.5.3 mishandles carry propagation and produces incorrect output, which makes it easier for attackers to obtain private RSA keys via unspecified vectors.",Released
20151223,CVE-2015-8618,-1,-1,957814,firefox-gcc8,https://www.suse.com/security/cve/CVE-2015-8618,"The Int.Exp Montgomery code in the math/big library in Go 1.5.x before 1.5.3 mishandles carry propagation and produces incorrect output, which makes it easier for attackers to obtain private RSA keys via unspecified vectors.",Released
20151223,CVE-2015-8618,-1,-1,957814,firefox-gdk-pixbuf,https://www.suse.com/security/cve/CVE-2015-8618,"The Int.Exp Montgomery code in the math/big library in Go 1.5.x before 1.5.3 mishandles carry propagation and produces incorrect output, which makes it easier for attackers to obtain private RSA keys via unspecified vectors.",Released
20151223,CVE-2015-8618,-1,-1,957814,firefox-glib2,https://www.suse.com/security/cve/CVE-2015-8618,"The Int.Exp Montgomery code in the math/big library in Go 1.5.x before 1.5.3 mishandles carry propagation and produces incorrect output, which makes it easier for attackers to obtain private RSA keys via unspecified vectors.",Released
20151223,CVE-2015-8618,-1,-1,957814,firefox-gtk3,https://www.suse.com/security/cve/CVE-2015-8618,"The Int.Exp Montgomery code in the math/big library in Go 1.5.x before 1.5.3 mishandles carry propagation and produces incorrect output, which makes it easier for attackers to obtain private RSA keys via unspecified vectors.",Released
20151223,CVE-2015-8618,-1,-1,957814,firefox-harfbuzz,https://www.suse.com/security/cve/CVE-2015-8618,"The Int.Exp Montgomery code in the math/big library in Go 1.5.x before 1.5.3 mishandles carry propagation and produces incorrect output, which makes it easier for attackers to obtain private RSA keys via unspecified vectors.",Released
20151223,CVE-2015-8618,-1,-1,957814,firefox-libffi-gcc5,https://www.suse.com/security/cve/CVE-2015-8618,"The Int.Exp Montgomery code in the math/big library in Go 1.5.x before 1.5.3 mishandles carry propagation and produces incorrect output, which makes it easier for attackers to obtain private RSA keys via unspecified vectors.",Released
20151223,CVE-2015-8618,-1,-1,957814,firefox-libffi,https://www.suse.com/security/cve/CVE-2015-8618,"The Int.Exp Montgomery code in the math/big library in Go 1.5.x before 1.5.3 mishandles carry propagation and produces incorrect output, which makes it easier for attackers to obtain private RSA keys via unspecified vectors.",Released
20151223,CVE-2015-8618,-1,-1,957814,firefox-pango,https://www.suse.com/security/cve/CVE-2015-8618,"The Int.Exp Montgomery code in the math/big library in Go 1.5.x before 1.5.3 mishandles carry propagation and produces incorrect output, which makes it easier for attackers to obtain private RSA keys via unspecified vectors.",Released
20151229,CVE-2015-7554,,,1007276,tiff,https://www.suse.com/security/cve/CVE-2015-7554,"The _TIFFVGetField function in tif_dir.c in libtiff 4.0.6 allows attackers to cause a denial of service (invalid memory write and crash) or possibly have unspecified other impact via crafted field data in an extension tag in a TIFF image.",Released
20151229,CVE-2015-7555,-1,-1,960319,giflib,https://www.suse.com/security/cve/CVE-2015-7555,"Heap-based buffer overflow in giffix.c in giffix in giflib 5.1.1 allows attackers to cause a denial of service (program crash) via crafted image and logical screen width fields in a GIF file.",Released
20151229,CVE-2015-8619,-1,-1,960334,kvm,https://www.suse.com/security/cve/CVE-2015-8619,"The Human Monitor Interface support in QEMU allows remote attackers to cause a denial of service (out-of-bounds write and application crash).",Released
20151229,CVE-2015-8619,-1,-1,960334,xen,https://www.suse.com/security/cve/CVE-2015-8619,"The Human Monitor Interface support in QEMU allows remote attackers to cause a denial of service (out-of-bounds write and application crash).",Unsupported
20160104,CVE-2015-8668,,9.8,1014461,tiff,https://www.suse.com/security/cve/CVE-2015-8668,"Heap-based buffer overflow in the PackBitsPreEncode function in tif_packbits.c in bmp2tiff in libtiff 4.0.6 and earlier allows remote attackers to execute arbitrary code or cause a denial of service via a large width field in a BMP image.",Released
20160104,CVE-2015-8709,-1,-1,1010933,kernel-source,https://www.suse.com/security/cve/CVE-2015-8709,"** DISPUTED ** kernel/ptrace.c in the Linux kernel through 4.4.1 mishandles uid and gid mappings, which allows local users to gain privileges by establishing a user namespace, waiting for a root process to enter that namespace with an unsafe uid or gid, and then using the ptrace system call.  NOTE: the vendor states \"there is no kernel bug here.\"",Already fixed
20160104,CVE-2015-8711,-1,-1,960382,wireshark,https://www.suse.com/security/cve/CVE-2015-8711,"epan/dissectors/packet-nbap.c in the NBAP dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate conversation data, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted packet.",Released
20160104,CVE-2015-8712,-1,-1,960382,wireshark,https://www.suse.com/security/cve/CVE-2015-8712,"The dissect_hsdsch_channel_info function in epan/dissectors/packet-umts_fp.c in the UMTS FP dissector in Wireshark 1.12.x before 1.12.9 does not validate the number of PDUs, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.",Released
20160104,CVE-2015-8713,-1,-1,960382,wireshark,https://www.suse.com/security/cve/CVE-2015-8713,"epan/dissectors/packet-umts_fp.c in the UMTS FP dissector in Wireshark 1.12.x before 1.12.9 does not properly reserve memory for channel ID mappings, which allows remote attackers to cause a denial of service (out-of-bounds memory access and application crash) via a crafted packet.",Released
20160104,CVE-2015-8714,-1,-1,960382,wireshark,https://www.suse.com/security/cve/CVE-2015-8714,"The dissect_dcom_OBJREF function in epan/dissectors/packet-dcom.c in the DCOM dissector in Wireshark 1.12.x before 1.12.9 does not initialize a certain IPv4 data structure, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.",Released
20160104,CVE-2015-8715,-1,-1,960382,wireshark,https://www.suse.com/security/cve/CVE-2015-8715,"epan/dissectors/packet-alljoyn.c in the AllJoyn dissector in Wireshark 1.12.x before 1.12.9 does not check for empty arguments, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet.",Released
20160104,CVE-2015-8716,-1,-1,960382,wireshark,https://www.suse.com/security/cve/CVE-2015-8716,"The init_t38_info_conv function in epan/dissectors/packet-t38.c in the T.38 dissector in Wireshark 1.12.x before 1.12.9 does not ensure that a conversation exists, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.",Released
20160104,CVE-2015-8717,-1,-1,960382,wireshark,https://www.suse.com/security/cve/CVE-2015-8717,"The dissect_sdp function in epan/dissectors/packet-sdp.c in the SDP dissector in Wireshark 1.12.x before 1.12.9 does not prevent use of a negative media count, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.",Released
20160104,CVE-2015-8718,-1,-1,960382,wireshark,https://www.suse.com/security/cve/CVE-2015-8718,"Double free vulnerability in epan/dissectors/packet-nlm.c in the NLM dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1, when the \"Match MSG/RES packets for async NLM\" option is enabled, allows remote attackers to cause a denial of service (application crash) via a crafted packet.",Released
20160104,CVE-2015-8719,-1,-1,960382,wireshark,https://www.suse.com/security/cve/CVE-2015-8719,"The dissect_dns_answer function in epan/dissectors/packet-dns.c in the DNS dissector in Wireshark 1.12.x before 1.12.9 mishandles the EDNS0 Client Subnet option, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.",Released
20160104,CVE-2015-8720,-1,-1,960382,wireshark,https://www.suse.com/security/cve/CVE-2015-8720,"The dissect_ber_GeneralizedTime function in epan/dissectors/packet-ber.c in the BER dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 improperly checks an sscanf return value, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.",Released
20160104,CVE-2015-8721,-1,-1,960382,wireshark,https://www.suse.com/security/cve/CVE-2015-8721,"Buffer overflow in the tvb_uncompress function in epan/tvbuff_zlib.c in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 allows remote attackers to cause a denial of service (application crash) via a crafted packet with zlib compression.",Released
20160104,CVE-2015-8722,-1,-1,960382,wireshark,https://www.suse.com/security/cve/CVE-2015-8722,"epan/dissectors/packet-sctp.c in the SCTP dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the frame pointer, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted packet.",Released
20160104,CVE-2015-8723,-1,-1,960382,wireshark,https://www.suse.com/security/cve/CVE-2015-8723,"The AirPDcapPacketProcess function in epan/crypt/airpdcap.c in the 802.11 dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the relationship between the total length and the capture length, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) via a crafted packet.",Released
20160104,CVE-2015-8724,-1,-1,960382,wireshark,https://www.suse.com/security/cve/CVE-2015-8724,"The AirPDcapDecryptWPABroadcastKey function in epan/crypt/airpdcap.c in the 802.11 dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not verify the WPA broadcast key length, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet.",Released
20160104,CVE-2015-8725,-1,-1,960382,wireshark,https://www.suse.com/security/cve/CVE-2015-8725,"The dissect_diameter_base_framed_ipv6_prefix function in epan/dissectors/packet-diameter.c in the DIAMETER dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the IPv6 prefix length, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) via a crafted packet.",Released
20160104,CVE-2015-8726,-1,-1,960382,wireshark,https://www.suse.com/security/cve/CVE-2015-8726,"wiretap/vwr.c in the VeriWave file parser in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate certain signature and Modulation and Coding Scheme (MCS) data, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted file.",Released
20160104,CVE-2015-8727,-1,-1,960382,wireshark,https://www.suse.com/security/cve/CVE-2015-8727,"The dissect_rsvp_common function in epan/dissectors/packet-rsvp.c in the RSVP dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not properly maintain request-key data, which allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted packet.",Released
20160104,CVE-2015-8728,-1,-1,960382,wireshark,https://www.suse.com/security/cve/CVE-2015-8728,"The Mobile Identity parser in (1) epan/dissectors/packet-ansi_a.c in the ANSI A dissector and (2) epan/dissectors/packet-gsm_a_common.c in the GSM A dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 improperly uses the tvb_bcd_dig_to_wmem_packet_str function, which allows remote attackers to cause a denial of service (buffer overflow and application crash) via a crafted packet.",Released
20160104,CVE-2015-8729,-1,-1,960382,wireshark,https://www.suse.com/security/cve/CVE-2015-8729,"The ascend_seek function in wiretap/ascendtext.c in the Ascend file parser in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not ensure the presence of a '\0' character at the end of a date string, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted file.",Released
20160104,CVE-2015-8730,-1,-1,960382,wireshark,https://www.suse.com/security/cve/CVE-2015-8730,"epan/dissectors/packet-nbap.c in the NBAP dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the number of items, which allows remote attackers to cause a denial of service (invalid read operation and application crash) via a crafted packet.",Released
20160104,CVE-2015-8731,-1,-1,960382,wireshark,https://www.suse.com/security/cve/CVE-2015-8731,"The dissct_rsl_ipaccess_msg function in epan/dissectors/packet-rsl.c in the RSL dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not reject unknown TLV types, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet.",Released
20160104,CVE-2015-8732,-1,-1,960382,wireshark,https://www.suse.com/security/cve/CVE-2015-8732,"The dissect_zcl_pwr_prof_pwrprofstatersp function in epan/dissectors/packet-zbee-zcl-general.c in the ZigBee ZCL dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the Total Profile Number field, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet.",Released
20160104,CVE-2015-8733,-1,-1,960382,wireshark,https://www.suse.com/security/cve/CVE-2015-8733,"The ngsniffer_process_record function in wiretap/ngsniffer.c in the Sniffer file parser in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the relationships between record lengths and record header lengths, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted file.",Released
20160105,CVE-2015-7513,,6.5,1020452,kernel-source,https://www.suse.com/security/cve/CVE-2015-7513,"arch/x86/kvm/x86.c in the Linux kernel before 4.4 does not reset the PIT counter values during state restoration, which allows guest OS users to cause a denial of service (divide-by-zero error and host OS crash) via a zero value, related to the kvm_vm_ioctl_set_pit and kvm_vm_ioctl_set_pit2 functions.",Released
20160105,CVE-2015-8710,-1,-1,1123919,libxml2,https://www.suse.com/security/cve/CVE-2015-8710,"The htmlParseComment function in HTMLparser.c in libxml2 allows attackers to obtain sensitive information, cause a denial of service (out-of-bounds heap memory access and application crash), or possibly have unspecified other impact via an unclosed HTML comment.",Released
20160105,CVE-2015-8710,-1,-1,1123919,libxml2-python,https://www.suse.com/security/cve/CVE-2015-8710,"The htmlParseComment function in HTMLparser.c in libxml2 allows attackers to obtain sensitive information, cause a denial of service (out-of-bounds heap memory access and application crash), or possibly have unspecified other impact via an unclosed HTML comment.",Released
20160105,CVE-2015-8743,,7.1,960725,kvm,https://www.suse.com/security/cve/CVE-2015-8743,"QEMU (aka Quick Emulator) built with the NE2000 device emulation support is vulnerable to an OOB r/w access issue. It could occur while performing 'ioport' r/w operations. A privileged (CAP_SYS_RAWIO) user/process could use this flaw to leak or corrupt QEMU memory bytes.",Released
20160105,CVE-2015-8743,,7.1,960725,xen,https://www.suse.com/security/cve/CVE-2015-8743,"QEMU (aka Quick Emulator) built with the NE2000 device emulation support is vulnerable to an OOB r/w access issue. It could occur while performing 'ioport' r/w operations. A privileged (CAP_SYS_RAWIO) user/process could use this flaw to leak or corrupt QEMU memory bytes.",Released
20160105,CVE-2015-8745,,5.5,960707,xen,https://www.suse.com/security/cve/CVE-2015-8745,"QEMU (aka Quick Emulator) built with a VMWARE VMXNET3 paravirtual NIC emulator support is vulnerable to crash issue. It could occur while reading Interrupt Mask Registers (IMR). A privileged (CAP_SYS_RAWIO) guest user could use this flaw to crash the QEMU process instance resulting in DoS.",Released
20160106,CVE-2015-8744,,5.5,960835,xen,https://www.suse.com/security/cve/CVE-2015-8744,"QEMU (aka Quick Emulator) built with a VMWARE VMXNET3 paravirtual NIC emulator support is vulnerable to crash issue. It occurs when a guest sends a Layer-2 packet smaller than 22 bytes. A privileged (CAP_SYS_RAWIO) guest user could use this flaw to crash the QEMU process instance resulting in DoS.",Released
20160111,CVE-2014-9750,-1,-1,911792,ntp,https://www.suse.com/security/cve/CVE-2014-9750,"ntp_crypto.c in ntpd in NTP 4.x before 4.2.8p1, when Autokey Authentication is enabled, allows remote attackers to obtain sensitive information from process memory or cause a denial of service (daemon crash) via a packet containing an extension field with an invalid value for the length of its value field.",Already fixed
20160111,CVE-2015-8605,,6.5,961305,dhcp,https://www.suse.com/security/cve/CVE-2015-8605,"ISC DHCP 4.x before 4.1-ESV-R12-P1, 4.2.x, and 4.3.x before 4.3.3-P1 allows remote attackers to cause a denial of service (application crash) via an invalid length field in a UDP IPv4 packet.",Released
20160111,CVE-2015-8613,,6.5,961358,kvm,https://www.suse.com/security/cve/CVE-2015-8613,"Stack-based buffer overflow in the megasas_ctrl_get_info function in QEMU, when built with SCSI MegaRAID SAS HBA emulation support, allows local guest users to cause a denial of service (QEMU instance crash) via a crafted SCSI controller CTRL_GET_INFO command.",Released
20160111,CVE-2015-8613,,6.5,961358,xen,https://www.suse.com/security/cve/CVE-2015-8613,"Stack-based buffer overflow in the megasas_ctrl_get_info function in QEMU, when built with SCSI MegaRAID SAS HBA emulation support, allows local guest users to cause a denial of service (QEMU instance crash) via a crafted SCSI controller CTRL_GET_INFO command.",Released
20160111,CVE-2016-1568,,8.8,961332,kvm,https://www.suse.com/security/cve/CVE-2016-1568,"Use-after-free vulnerability in hw/ide/ahci.c in QEMU, when built with IDE AHCI Emulation support, allows guest OS users to cause a denial of service (instance crash) or possibly execute arbitrary code via an invalid AHCI Native Command Queuing (NCQ) AIO command.",Released
20160111,CVE-2016-1568,,8.8,961332,xen,https://www.suse.com/security/cve/CVE-2016-1568,"Use-after-free vulnerability in hw/ide/ahci.c in QEMU, when built with IDE AHCI Emulation support, allows guest OS users to cause a denial of service (instance crash) or possibly execute arbitrary code via an invalid AHCI Native Command Queuing (NCQ) AIO command.",Released
20160112,CVE-2015-7566,-1,-1,1020452,kernel-source,https://www.suse.com/security/cve/CVE-2015-7566,"The clie_5_attach function in drivers/usb/serial/visor.c in the Linux kernel through 4.4.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by inserting a USB device that lacks a bulk-out endpoint.",Released
20160112,CVE-2015-8767,-1,-1,1020452,kernel-source,https://www.suse.com/security/cve/CVE-2015-8767,"net/sctp/sm_sideeffect.c in the Linux kernel before 4.3 does not properly manage the relationship between a lock and a socket, which allows local users to cause a denial of service (deadlock) via a crafted sctp_accept call.",Released
20160112,CVE-2016-0723,,6.8,1020452,kernel-source,https://www.suse.com/security/cve/CVE-2016-0723,"Race condition in the tty_ioctl function in drivers/tty/tty_io.c in the Linux kernel through 4.4.1 allows local users to obtain sensitive information from kernel memory or cause a denial of service (use-after-free and system crash) by making a TIOCGETD ioctl call during processing of a TIOCSETD ioctl call.",Released
20160113,CVE-2015-7547,,8.1,1077097,glibc,https://www.suse.com/security/cve/CVE-2015-7547,"Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing \"dual A/AAAA DNS queries\" and the libnss_dns.so.2 NSS module.",Released
20160113,CVE-2016-0777,,6.5,961642,openssh,https://www.suse.com/security/cve/CVE-2016-0777,"The resend_bytes function in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2 allows remote servers to obtain sensitive information from process memory by requesting transmission of an entire buffer, as demonstrated by reading a private key.",Released
20160113,CVE-2016-0778,,8.1,961645,openssh,https://www.suse.com/security/cve/CVE-2016-0778,"The (1) roaming_read and (2) roaming_write functions in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2, when certain proxy and forward options are enabled, do not properly maintain connection file descriptors, which allows remote servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact by requesting many forwardings.",Released
20160113,CVE-2016-1570,,8.5,960861,xen,https://www.suse.com/security/cve/CVE-2016-1570,"The PV superpage functionality in arch/x86/mm.c in Xen 3.4.0, 3.4.1, and 4.1.x through 4.6.x allows local PV guests to obtain sensitive information, cause a denial of service, gain privileges, or have unspecified other impact via a crafted page identifier (MFN) to the (1) MMUEXT_MARK_SUPER or (2) MMUEXT_UNMARK_SUPER sub-op in the HYPERVISOR_mmuext_op hypercall or (3) unknown vectors related to page table updates.",Released
20160113,CVE-2016-1571,,6.3,960861,xen,https://www.suse.com/security/cve/CVE-2016-1571,"The paging_invlpg function in include/asm-x86/paging.h in Xen 3.3.x through 4.6.x, when using shadow mode paging or nested virtualization is enabled, allows local HVM guest users to cause a denial of service (host crash) via a non-canonical guest address in an INVVPID instruction, which triggers a hypervisor bug check.",Released
20160113,CVE-2016-1714,,8.1,961691,kvm,https://www.suse.com/security/cve/CVE-2016-1714,"The (1) fw_cfg_write and (2) fw_cfg_read functions in hw/nvram/fw_cfg.c in QEMU before 2.4, when built with the Firmware Configuration device emulation support, allow guest OS users with the CAP_SYS_RAWIO privilege to cause a denial of service (out-of-bounds read or write access and process crash) or possibly execute arbitrary code via an invalid current entry value in a firmware configuration.",Released
20160114,CVE-2016-1867,5.5,6.5,1178702,jasper,https://www.suse.com/security/cve/CVE-2016-1867,"The jpc_pi_nextcprl function in JasPer 1.900.1 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG 2000 image.",Released
20160115,CVE-2015-8704,-1,-1,962189,bind,https://www.suse.com/security/cve/CVE-2015-8704,"apl_42.c in ISC BIND 9.x before 9.9.8-P3, 9.9.x, and 9.10.x before 9.10.3-P3 allows remote authenticated users to cause a denial of service (INSIST assertion failure and daemon exit) via a malformed Address Prefix List (APL) record.",Released
20160115,CVE-2016-1572,,8.4,962052,ecryptfs-utils,https://www.suse.com/security/cve/CVE-2016-1572,"mount.ecryptfs_private.c in eCryptfs-utils does not validate mount destination filesystem types, which allows local users to gain privileges by mounting over a nonstandard filesystem, as demonstrated by /proc/$pid.",Released
20160118,CVE-2016-1908,,9.8,1001712,openssh,https://www.suse.com/security/cve/CVE-2016-1908,"The client in OpenSSH before 7.2 mishandles failed cookie generation for untrusted X11 forwarding and relies on the local X11 server for access-control decisions, which allows remote X11 clients to trigger a fallback and obtain trusted X11 forwarding privileges by leveraging configuration issues on this X11 server, as demonstrated by lack of the SECURITY extension on this X11 server.",Released
20160118,CVE-2016-1922,,5.5,962320,kvm,https://www.suse.com/security/cve/CVE-2016-1922,"QEMU (aka Quick Emulator) built with the TPR optimization for 32-bit Windows guests support is vulnerable to a null pointer dereference flaw. It occurs while doing I/O port write operations via hmp interface. In that, 'current_cpu' remains null, which leads to the null pointer dereference. A user or process could use this flaw to crash the QEMU instance, resulting in DoS issue.",Released
20160118,CVE-2016-1922,,5.5,962320,xen,https://www.suse.com/security/cve/CVE-2016-1922,"QEMU (aka Quick Emulator) built with the TPR optimization for 32-bit Windows guests support is vulnerable to a null pointer dereference flaw. It occurs while doing I/O port write operations via hmp interface. In that, 'current_cpu' remains null, which leads to the null pointer dereference. A user or process could use this flaw to crash the QEMU instance, resulting in DoS issue.",Unsupported
20160119,CVE-2016-1925,,9.8,962528,lha,https://www.suse.com/security/cve/CVE-2016-1925,"Integer underflow in header.c in lha allows remote attackers to have unspecified impact via a large header size value for the (1) level0 or (2) level1 header in a lha archive, which triggers a buffer overflow.",Released
20160120,CVE-2014-9761,,9.8,1123874,glibc,https://www.suse.com/security/cve/CVE-2014-9761,"Multiple stack-based buffer overflows in the GNU C Library (aka glibc or libc6) before 2.23 allow context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long argument to the (1) nan, (2) nanf, or (3) nanl function.",Released
20160120,CVE-2015-7976,-1,-1,962802,ntp,https://www.suse.com/security/cve/CVE-2015-7976,"The ntpq saveconfig command in NTP 4.1.2, 4.2.x before 4.2.8p6, 4.3, 4.3.25, 4.3.70, and 4.3.77 does not properly filter special characters, which allows attackers to cause unspecified impact via a crafted filename.",Released
20160120,CVE-2015-7979,,7.5,959243,ntp,https://www.suse.com/security/cve/CVE-2015-7979,"NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (client-server association tear down) by sending broadcast packets with invalid authentication to a broadcast client.",Released
20160120,CVE-2015-8776,,,1123874,glibc,https://www.suse.com/security/cve/CVE-2015-8776,"The strftime function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly obtain sensitive information via an out-of-range time value.",Released
20160120,CVE-2015-8777,,,1123874,glibc,https://www.suse.com/security/cve/CVE-2015-8777,"The process_envvars function in elf/rtld.c in the GNU C Library (aka glibc or libc6) before 2.23 allows local users to bypass a pointer-guarding protection mechanism via a zero value of the LD_POINTER_GUARD environment variable.",Released
20160120,CVE-2015-8778,,,1123874,glibc,https://www.suse.com/security/cve/CVE-2015-8778,"Integer overflow in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via the size argument to the __hcreate_r function, which triggers out-of-bounds heap-memory access.",Released
20160120,CVE-2015-8779,-1,-1,1123874,glibc,https://www.suse.com/security/cve/CVE-2015-8779,"Stack-based buffer overflow in the catopen function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long catalog name.",Released
20160120,CVE-2016-0402,-1,-1,960402,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2016-0402,"Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE 6u105, 7u91, and 8u66 and Java SE Embedded 8u65 allows remote attackers to affect integrity via unknown vectors related to Networking.",Released
20160120,CVE-2016-0448,-1,-1,960402,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2016-0448,"Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE 6u105, 7u91, and 8u66, and Java SE Embedded 8u65 allows remote authenticated users to affect confidentiality via vectors related to JMX.",Released
20160120,CVE-2016-0466,-1,-1,960402,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2016-0466,"Unspecified vulnerability in the Java SE, Java SE Embedded, and JRockit components in Oracle Java SE 6u105, 7u91, and 8u66; Java SE Embedded 8u65; and JRockit R28.3.8 allows remote attackers to affect availability via vectors related to JAXP.",Released
20160120,CVE-2016-0475,-1,-1,962743,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2016-0475,"Unspecified vulnerability in the Java SE, Java SE Embedded, and JRockit components in Oracle Java SE 8u66; Java SE Embedded 8u65; and JRockit R28.3.8 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Libraries.",Released
20160120,CVE-2016-0483,-1,-1,960402,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2016-0483,"Unspecified vulnerability in Oracle Java SE 6u105, 7u91, and 8u66; Java SE Embedded 8u65; and JRockit R28.3.8 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT.  NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that this is a heap-based buffer overflow in the readImage function, which allows remote attackers to execute arbitrary code via crafted image data.",Released
20160120,CVE-2016-0494,-1,-1,962743,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2016-0494,"Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE 6u105, 7u91, and 8u66 and Java SE Embedded 8u65 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.",Released
20160121,CVE-2015-7973,,6.5,959243,ntp,https://www.suse.com/security/cve/CVE-2015-7973,"NTP before 4.2.8p6 and 4.3.x before 4.3.90, when configured in broadcast mode, allows man-in-the-middle attackers to conduct replay attacks by sniffing the network.",Released
20160121,CVE-2015-7974,,7.7,959243,ntp,https://www.suse.com/security/cve/CVE-2015-7974,"NTP 4.x before 4.2.8p6 and 4.3.x before 4.3.90 do not verify peer associations of symmetric keys when authenticating packets, which might allow remote attackers to conduct impersonation attacks via an arbitrary trusted key, aka a \"skeleton key.\"",Released
20160121,CVE-2015-7975,-1,-1,959243,ntp,https://www.suse.com/security/cve/CVE-2015-7975,"The nextvar function in NTP before 4.2.8p6 and 4.3.x before 4.3.90 does not properly validate the length of its input, which allows an attacker to cause a denial of service (application crash).",Released
20160121,CVE-2015-7977,,5.9,959243,ntp,https://www.suse.com/security/cve/CVE-2015-7977,"ntpd in NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (NULL pointer dereference) via a ntpdc reslist command.",Released
20160121,CVE-2015-7978,-1,-1,959243,ntp,https://www.suse.com/security/cve/CVE-2015-7978,"NTP before 4.2.8p6 and 4.3.0 before 4.3.90 allows a remote attackers to cause a denial of service (stack exhaustion) via an ntpdc relist command, which triggers recursive traversal of the restriction list.",Released
20160121,CVE-2015-8138,,5.3,951608,ntp,https://www.suse.com/security/cve/CVE-2015-8138,"NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to bypass the origin timestamp validation via a packet with an origin timestamp set to zero.",Released
20160121,CVE-2015-8139,-1,-1,1010964,ntp,https://www.suse.com/security/cve/CVE-2015-8139,"ntpq in NTP before 4.2.8p7 allows remote attackers to obtain origin timestamps and then impersonate peers via unspecified vectors.",Released
20160121,CVE-2015-8140,-1,-1,1010964,ntp,https://www.suse.com/security/cve/CVE-2015-8140,"The ntpq protocol in NTP before 4.2.8p7 allows remote attackers to conduct replay attacks by sniffing the network.",Released
20160121,CVE-2015-8158,-1,-1,959243,ntp,https://www.suse.com/security/cve/CVE-2015-8158,"The getresponse function in ntpq in NTP versions before 4.2.8p9 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (infinite loop) via crafted packets with incorrect values.",Released
20160122,CVE-2016-1233,,7.8,963182,fuse,https://www.suse.com/security/cve/CVE-2016-1233,"An unspecified udev rule in the Debian fuse package in jessie before 2.9.3-15+deb8u2, in stretch before 2.9.5-1, and in sid before 2.9.5-1 sets world-writable permissions for the /dev/cuse character device, which allows local users to gain privileges via a character device in /dev, related to an ioctl.",Analysis
20160125,CVE-2015-3197,,5.9,963410,openssl,https://www.suse.com/security/cve/CVE-2015-3197,"ssl/s2_srvr.c in OpenSSL 1.0.1 before 1.0.1r and 1.0.2 before 1.0.2f does not prevent use of disabled ciphers, which makes it easier for man-in-the-middle attackers to defeat cryptographic protection mechanisms by performing computations on SSLv2 traffic, related to the get_client_master_key and get_client_hello functions.",Released
20160125,CVE-2016-0755,,7.3,962983,curl,https://www.suse.com/security/cve/CVE-2016-0755,"The ConnectionExists function in lib/url.c in libcurl before 7.47.0 does not properly re-use NTLM-authenticated proxy connections, which might allow remote attackers to authenticate as other users via a request, a similar issue to CVE-2014-0015.",Released
20160125,CVE-2016-2037,4.3,6.5,1028410,cpio,https://www.suse.com/security/cve/CVE-2016-2037,"The cpio_safer_name_suffix function in util.c in cpio 2.11 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted cpio file.",Released
20160127,CVE-2015-8785,,6.2,1020452,kernel-source,https://www.suse.com/security/cve/CVE-2015-8785,"The fuse_fill_write_pages function in fs/fuse/file.c in the Linux kernel before 4.4 allows local users to cause a denial of service (infinite loop) via a writev system call that triggers a zero length for the first segment of an iov.",Released
20160127,CVE-2016-1981,,5.5,963782,kvm,https://www.suse.com/security/cve/CVE-2016-1981,"QEMU (aka Quick Emulator) built with the e1000 NIC emulation support is vulnerable to an infinite loop issue. It could occur while processing data via transmit or receive descriptors, provided the initial receive/transmit descriptor head (TDH/RDH) is set outside the allocated descriptor buffer. A privileged user inside guest could use this flaw to crash the QEMU instance resulting in DoS.",Released
20160127,CVE-2016-1981,,5.5,963782,xen,https://www.suse.com/security/cve/CVE-2016-1981,"QEMU (aka Quick Emulator) built with the e1000 NIC emulation support is vulnerable to an infinite loop issue. It could occur while processing data via transmit or receive descriptors, provided the initial receive/transmit descriptor head (TDH/RDH) is set outside the allocated descriptor buffer. A privileged user inside guest could use this flaw to crash the QEMU instance resulting in DoS.",Released
20160127,CVE-2016-2053,,4.7,1020452,kernel-source,https://www.suse.com/security/cve/CVE-2016-2053,"The asn1_ber_decoder function in lib/asn1_decoder.c in the Linux kernel before 4.3 allows attackers to cause a denial of service (panic) via an ASN.1 BER file that lacks a public key, leading to mishandling by the public_key_verify_signature function in crypto/asymmetric_keys/public_key.c.",Released
20160127,CVE-2016-2069,,7.4,1020452,kernel-source,https://www.suse.com/security/cve/CVE-2016-2069,"Race condition in arch/x86/mm/tlb.c in the Linux kernel before 4.4.1 allows local users to gain privileges by triggering access to a paging structure by a different CPU.",Released
20160128,CVE-2015-5041,-1,-1,960402,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2015-5041,"The J9 JVM in IBM SDK, Java Technology Edition 6 before SR16 FP20, 6 R1 before SR8 FP20, 7 before SR9 FP30, and 7 R1 before SR3 FP30 allows remote attackers to obtain sensitive information or inject data by invoking non-public interface methods.",Released
20160128,CVE-2015-8629,,5.3,770172,krb5,https://www.suse.com/security/cve/CVE-2015-8629,"The xdr_nullstring function in lib/kadm5/kadm_rpc_xdr.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 does not verify whether '\0' characters exist as expected, which allows remote authenticated users to obtain sensitive information or cause a denial of service (out-of-bounds read) via a crafted string.",Released
20160128,CVE-2015-8631,,6.5,963975,krb5,https://www.suse.com/security/cve/CVE-2015-8631,"Multiple memory leaks in kadmin/server/server_stubs.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 allow remote authenticated users to cause a denial of service (memory consumption) via a request specifying a NULL principal name.",Released
20160128,CVE-2015-8787,,9.8,963931,kernel-source,https://www.suse.com/security/cve/CVE-2015-8787,"The nf_nat_redirect_ipv4 function in net/netfilter/nf_nat_redirect.c in the Linux kernel before 4.4 allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by sending certain IPv4 packets to an incompletely configured interface, a related issue to CVE-2003-1604.",Analysis
20160128,CVE-2016-2073,,6.5,963963,libxml2,https://www.suse.com/security/cve/CVE-2016-2073,"The htmlParseNameComplex function in HTMLparser.c in libxml2 allows attackers to cause a denial of service (out-of-bounds read) via a crafted XML document.",Released
20160128,CVE-2016-2089,5.5,6.5,1178702,jasper,https://www.suse.com/security/cve/CVE-2016-2089,"The jas_matrix_clip function in jas_seq.c in JasPer 1.900.1 allows remote attackers to cause a denial of service (invalid read and application crash) via a crafted JPEG 2000 image.",Released
20160129,CVE-2015-8781,,6.5,964213,tiff,https://www.suse.com/security/cve/CVE-2015-8781,"tif_luv.c in libtiff allows attackers to cause a denial of service (out-of-bounds write) via an invalid number of samples per pixel in a LogL compressed TIFF image, a different vulnerability than CVE-2015-8782.",Released
20160129,CVE-2015-8782,,6.5,964213,tiff,https://www.suse.com/security/cve/CVE-2015-8782,"tif_luv.c in libtiff allows attackers to cause a denial of service (out-of-bounds writes) via a crafted TIFF image, a different vulnerability than CVE-2015-8781.",Released
20160129,CVE-2015-8783,,6.5,964213,tiff,https://www.suse.com/security/cve/CVE-2015-8783,"tif_luv.c in libtiff allows attackers to cause a denial of service (out-of-bounds reads) via a crafted TIFF image.",Released
20160201,CVE-2016-2198,,5.5,964413,kvm,https://www.suse.com/security/cve/CVE-2016-2198,"QEMU (aka Quick Emulator) built with the USB EHCI emulation support is vulnerable to a null pointer dereference flaw. It could occur when an application attempts to write to EHCI capabilities registers. A privileged user inside quest could use this flaw to crash the QEMU process instance resulting in DoS.",Released
20160201,CVE-2016-2198,,5.5,964413,xen,https://www.suse.com/security/cve/CVE-2016-2198,"QEMU (aka Quick Emulator) built with the USB EHCI emulation support is vulnerable to a null pointer dereference flaw. It could occur when an application attempts to write to EHCI capabilities registers. A privileged user inside quest could use this flaw to crash the QEMU process instance resulting in DoS.",Affected
20160205,CVE-2015-8806,,7.5,963963,libxml2,https://www.suse.com/security/cve/CVE-2015-8806,"dict.c in libxml2 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via an unexpected character immediately after the \"<!DOCTYPE html\" substring in a crafted HTML document.",Released
20160208,CVE-2015-8808,-1,-1,965574,ImageMagick,https://www.suse.com/security/cve/CVE-2015-8808,"The DecodeImage function in coders/gif.c in GraphicsMagick 1.3.18 allows remote attackers to cause a denial of service (uninitialized memory access) via a crafted GIF file.",Affected
20160209,CVE-2015-7511,-1,-1,965902,libgcrypt,https://www.suse.com/security/cve/CVE-2015-7511,"Libgcrypt before 1.6.5 does not properly perform elliptic-point curve multiplication during decryption, which makes it easier for physically proximate attackers to extract ECDH keys by measuring electromagnetic emanations.",Ignore
20160210,CVE-2016-2086,,7.5,966076,firefox-atk,https://www.suse.com/security/cve/CVE-2016-2086,"Node.js 0.10.x before 0.10.42, 0.12.x before 0.12.10, 4.x before 4.3.0, and 5.x before 5.6.0 allow remote attackers to conduct HTTP request smuggling attacks via a crafted Content-Length HTTP header.",Released
20160210,CVE-2016-2086,,7.5,966076,firefox-cairo,https://www.suse.com/security/cve/CVE-2016-2086,"Node.js 0.10.x before 0.10.42, 0.12.x before 0.12.10, 4.x before 4.3.0, and 5.x before 5.6.0 allow remote attackers to conduct HTTP request smuggling attacks via a crafted Content-Length HTTP header.",Released
20160210,CVE-2016-2086,,7.5,966076,firefox-gcc8,https://www.suse.com/security/cve/CVE-2016-2086,"Node.js 0.10.x before 0.10.42, 0.12.x before 0.12.10, 4.x before 4.3.0, and 5.x before 5.6.0 allow remote attackers to conduct HTTP request smuggling attacks via a crafted Content-Length HTTP header.",Released
20160210,CVE-2016-2086,,7.5,966076,firefox-gdk-pixbuf,https://www.suse.com/security/cve/CVE-2016-2086,"Node.js 0.10.x before 0.10.42, 0.12.x before 0.12.10, 4.x before 4.3.0, and 5.x before 5.6.0 allow remote attackers to conduct HTTP request smuggling attacks via a crafted Content-Length HTTP header.",Released
20160210,CVE-2016-2086,,7.5,966076,firefox-glib2,https://www.suse.com/security/cve/CVE-2016-2086,"Node.js 0.10.x before 0.10.42, 0.12.x before 0.12.10, 4.x before 4.3.0, and 5.x before 5.6.0 allow remote attackers to conduct HTTP request smuggling attacks via a crafted Content-Length HTTP header.",Released
20160210,CVE-2016-2086,,7.5,966076,firefox-gtk3,https://www.suse.com/security/cve/CVE-2016-2086,"Node.js 0.10.x before 0.10.42, 0.12.x before 0.12.10, 4.x before 4.3.0, and 5.x before 5.6.0 allow remote attackers to conduct HTTP request smuggling attacks via a crafted Content-Length HTTP header.",Released
20160210,CVE-2016-2086,,7.5,966076,firefox-harfbuzz,https://www.suse.com/security/cve/CVE-2016-2086,"Node.js 0.10.x before 0.10.42, 0.12.x before 0.12.10, 4.x before 4.3.0, and 5.x before 5.6.0 allow remote attackers to conduct HTTP request smuggling attacks via a crafted Content-Length HTTP header.",Released
20160210,CVE-2016-2086,,7.5,966076,firefox-libffi-gcc5,https://www.suse.com/security/cve/CVE-2016-2086,"Node.js 0.10.x before 0.10.42, 0.12.x before 0.12.10, 4.x before 4.3.0, and 5.x before 5.6.0 allow remote attackers to conduct HTTP request smuggling attacks via a crafted Content-Length HTTP header.",Released
20160210,CVE-2016-2086,,7.5,966076,firefox-libffi,https://www.suse.com/security/cve/CVE-2016-2086,"Node.js 0.10.x before 0.10.42, 0.12.x before 0.12.10, 4.x before 4.3.0, and 5.x before 5.6.0 allow remote attackers to conduct HTTP request smuggling attacks via a crafted Content-Length HTTP header.",Released
20160210,CVE-2016-2086,,7.5,966076,firefox-pango,https://www.suse.com/security/cve/CVE-2016-2086,"Node.js 0.10.x before 0.10.42, 0.12.x before 0.12.10, 4.x before 4.3.0, and 5.x before 5.6.0 allow remote attackers to conduct HTTP request smuggling attacks via a crafted Content-Length HTTP header.",Released
20160210,CVE-2016-2216,,7.5,966076,firefox-atk,https://www.suse.com/security/cve/CVE-2016-2216,"The HTTP header parsing code in Node.js 0.10.x before 0.10.42, 0.11.6 through 0.11.16, 0.12.x before 0.12.10, 4.x before 4.3.0, and 5.x before 5.6.0 allows remote attackers to bypass an HTTP response-splitting protection mechanism via UTF-8 encoded Unicode characters in the HTTP header, as demonstrated by %c4%8d%c4%8a.",Released
20160210,CVE-2016-2216,,7.5,966076,firefox-cairo,https://www.suse.com/security/cve/CVE-2016-2216,"The HTTP header parsing code in Node.js 0.10.x before 0.10.42, 0.11.6 through 0.11.16, 0.12.x before 0.12.10, 4.x before 4.3.0, and 5.x before 5.6.0 allows remote attackers to bypass an HTTP response-splitting protection mechanism via UTF-8 encoded Unicode characters in the HTTP header, as demonstrated by %c4%8d%c4%8a.",Released
20160210,CVE-2016-2216,,7.5,966076,firefox-gcc8,https://www.suse.com/security/cve/CVE-2016-2216,"The HTTP header parsing code in Node.js 0.10.x before 0.10.42, 0.11.6 through 0.11.16, 0.12.x before 0.12.10, 4.x before 4.3.0, and 5.x before 5.6.0 allows remote attackers to bypass an HTTP response-splitting protection mechanism via UTF-8 encoded Unicode characters in the HTTP header, as demonstrated by %c4%8d%c4%8a.",Released
20160210,CVE-2016-2216,,7.5,966076,firefox-gdk-pixbuf,https://www.suse.com/security/cve/CVE-2016-2216,"The HTTP header parsing code in Node.js 0.10.x before 0.10.42, 0.11.6 through 0.11.16, 0.12.x before 0.12.10, 4.x before 4.3.0, and 5.x before 5.6.0 allows remote attackers to bypass an HTTP response-splitting protection mechanism via UTF-8 encoded Unicode characters in the HTTP header, as demonstrated by %c4%8d%c4%8a.",Released
20160210,CVE-2016-2216,,7.5,966076,firefox-glib2,https://www.suse.com/security/cve/CVE-2016-2216,"The HTTP header parsing code in Node.js 0.10.x before 0.10.42, 0.11.6 through 0.11.16, 0.12.x before 0.12.10, 4.x before 4.3.0, and 5.x before 5.6.0 allows remote attackers to bypass an HTTP response-splitting protection mechanism via UTF-8 encoded Unicode characters in the HTTP header, as demonstrated by %c4%8d%c4%8a.",Released
20160210,CVE-2016-2216,,7.5,966076,firefox-gtk3,https://www.suse.com/security/cve/CVE-2016-2216,"The HTTP header parsing code in Node.js 0.10.x before 0.10.42, 0.11.6 through 0.11.16, 0.12.x before 0.12.10, 4.x before 4.3.0, and 5.x before 5.6.0 allows remote attackers to bypass an HTTP response-splitting protection mechanism via UTF-8 encoded Unicode characters in the HTTP header, as demonstrated by %c4%8d%c4%8a.",Released
20160210,CVE-2016-2216,,7.5,966076,firefox-harfbuzz,https://www.suse.com/security/cve/CVE-2016-2216,"The HTTP header parsing code in Node.js 0.10.x before 0.10.42, 0.11.6 through 0.11.16, 0.12.x before 0.12.10, 4.x before 4.3.0, and 5.x before 5.6.0 allows remote attackers to bypass an HTTP response-splitting protection mechanism via UTF-8 encoded Unicode characters in the HTTP header, as demonstrated by %c4%8d%c4%8a.",Released
20160210,CVE-2016-2216,,7.5,966076,firefox-libffi-gcc5,https://www.suse.com/security/cve/CVE-2016-2216,"The HTTP header parsing code in Node.js 0.10.x before 0.10.42, 0.11.6 through 0.11.16, 0.12.x before 0.12.10, 4.x before 4.3.0, and 5.x before 5.6.0 allows remote attackers to bypass an HTTP response-splitting protection mechanism via UTF-8 encoded Unicode characters in the HTTP header, as demonstrated by %c4%8d%c4%8a.",Released
20160210,CVE-2016-2216,,7.5,966076,firefox-libffi,https://www.suse.com/security/cve/CVE-2016-2216,"The HTTP header parsing code in Node.js 0.10.x before 0.10.42, 0.11.6 through 0.11.16, 0.12.x before 0.12.10, 4.x before 4.3.0, and 5.x before 5.6.0 allows remote attackers to bypass an HTTP response-splitting protection mechanism via UTF-8 encoded Unicode characters in the HTTP header, as demonstrated by %c4%8d%c4%8a.",Released
20160210,CVE-2016-2216,,7.5,966076,firefox-pango,https://www.suse.com/security/cve/CVE-2016-2216,"The HTTP header parsing code in Node.js 0.10.x before 0.10.42, 0.11.6 through 0.11.16, 0.12.x before 0.12.10, 4.x before 4.3.0, and 5.x before 5.6.0 allows remote attackers to bypass an HTTP response-splitting protection mechanism via UTF-8 encoded Unicode characters in the HTTP header, as demonstrated by %c4%8d%c4%8a.",Released
20160211,CVE-2016-2270,,6.8,965315,xen,https://www.suse.com/security/cve/CVE-2016-2270,"Xen 4.6.x and earlier allows local guest administrators to cause a denial of service (host reboot) via vectors related to multiple mappings of MMIO pages with different cachability settings.",Released
20160211,CVE-2016-2271,,5.5,965317,xen,https://www.suse.com/security/cve/CVE-2016-2271,"VMX in Xen 4.6.x and earlier, when using an Intel or Cyrix CPU, allows local HVM guest users to cause a denial of service (guest crash) via vectors related to a non-canonical RIP.",Released
20160212,CVE-2015-8812,,9.8,1020452,kernel-source,https://www.suse.com/security/cve/CVE-2015-8812,"drivers/infiniband/hw/cxgb3/iwch_cm.c in the Linux kernel before 4.5 does not properly identify error conditions, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via crafted packets.",Released
20160212,CVE-2016-0766,,8.8,966435,postgresql94,https://www.suse.com/security/cve/CVE-2016-0766,"PostgreSQL before 9.1.20, 9.2.x before 9.2.15, 9.3.x before 9.3.11, 9.4.x before 9.4.6, and 9.5.x before 9.5.1 does not properly restrict access to unspecified custom configuration settings (GUCS) for PL/Java, which allows attackers to gain privileges via unspecified vectors.",Released
20160212,CVE-2016-0766,,8.8,966435,postgresql94-libs,https://www.suse.com/security/cve/CVE-2016-0766,"PostgreSQL before 9.1.20, 9.2.x before 9.2.15, 9.3.x before 9.3.11, 9.4.x before 9.4.6, and 9.5.x before 9.5.1 does not properly restrict access to unspecified custom configuration settings (GUCS) for PL/Java, which allows attackers to gain privileges via unspecified vectors.",Released
20160212,CVE-2016-0773,,7.5,966435,postgresql94,https://www.suse.com/security/cve/CVE-2016-0773,"PostgreSQL before 9.1.20, 9.2.x before 9.2.15, 9.3.x before 9.3.11, 9.4.x before 9.4.6, and 9.5.x before 9.5.1 allows remote attackers to cause a denial of service (infinite loop or buffer overflow and crash) via a large Unicode character range in a regular expression.",Released
20160212,CVE-2016-0773,,7.5,966435,postgresql94-libs,https://www.suse.com/security/cve/CVE-2016-0773,"PostgreSQL before 9.1.20, 9.2.x before 9.2.15, 9.3.x before 9.3.11, 9.4.x before 9.4.6, and 9.5.x before 9.5.1 allows remote attackers to cause a denial of service (infinite loop or buffer overflow and crash) via a large Unicode character range in a regular expression.",Released
20160215,CVE-2013-7447,-1,-1,966682,gtk2,https://www.suse.com/security/cve/CVE-2013-7447,"Integer overflow in the gdk_cairo_set_source_pixbuf function in gdk/gdkcairo.c in GTK+ before 3.9.8, as used in eom, gnome-photos, eog, gambas3, thunar, pinpoint, and possibly other applications, allows remote attackers to cause a denial of service (crash) via a large image file, which triggers a large memory allocation.",Released
20160215,CVE-2016-2317,,5.5,965853,ImageMagick,https://www.suse.com/security/cve/CVE-2016-2317,"Multiple buffer overflows in GraphicsMagick 1.3.23 allow remote attackers to cause a denial of service (crash) via a crafted SVG file, related to the (1) TracePoint function in magick/render.c, (2) GetToken function in magick/utility.c, and (3) GetTransformTokens function in coders/svg.c.",Affected
20160215,CVE-2016-2318,-1,-1,1047356,ImageMagick,https://www.suse.com/security/cve/CVE-2016-2318,"GraphicsMagick 1.3.23 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted SVG file, related to the (1) DrawImage function in magick/render.c, (2) SVGStartElement function in coders/svg.c, and (3) TraceArcPath function in magick/render.c.",Affected
20160215,CVE-2016-2384,,4.6,1020452,kernel-source,https://www.suse.com/security/cve/CVE-2016-2384,"Double free vulnerability in the snd_usbmidi_create function in sound/usb/midi.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service (panic) or possibly have unspecified other impact via vectors involving an invalid USB descriptor.",Released
20160217,CVE-2015-1916,-1,-1,930365,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2015-1916,"Unspecified vulnerability in IBM Java 8 before SR1 allows remote attackers to cause a denial of service via unknown vectors related to SSL/TLS and the Secure Socket Extension provider.",Already fixed
20160217,CVE-2016-0787,,5.9,1149968,libssh2_org,https://www.suse.com/security/cve/CVE-2016-0787,"The diffie_hellman_sha256 function in kex.c in libssh2 before 1.7.0 improperly truncates secrets to 128 or 256 bits, which makes it easier for man-in-the-middle attackers to decrypt or intercept SSH sessions via unspecified vectors, aka a \"bits/bytes confusion bug.\"",Released
20160217,CVE-2016-2381,,7.5,967082,perl,https://www.suse.com/security/cve/CVE-2016-2381,"Perl might allow context-dependent attackers to bypass the taint protection mechanism in a child process via duplicate environment variables in envp.",Released
20160217,CVE-2016-2390,5.9,5.9,967011,squid3,https://www.suse.com/security/cve/CVE-2016-2390,"The FwdState::connectedToPeer method in FwdState.cc in Squid before 3.5.14 and 4.0.x before 4.0.6 does not properly handle SSL handshake errors when built with the --with-openssl option, which allows remote attackers to cause a denial of service (application crash) via a plaintext HTTP message.",Released
20160217,CVE-2016-2390,5.9,5.9,967011,squid,https://www.suse.com/security/cve/CVE-2016-2390,"The FwdState::connectedToPeer method in FwdState.cc in Squid before 3.5.14 and 4.0.x before 4.0.6 does not properly handle SSL handshake errors when built with the --with-openssl option, which allows remote attackers to cause a denial of service (application crash) via a plaintext HTTP message.",Unsupported
20160217,CVE-2016-2391,,5,967012,kvm,https://www.suse.com/security/cve/CVE-2016-2391,"The ohci_bus_start function in the USB OHCI emulation support (hw/usb/hcd-ohci.c) in QEMU allows local guest OS administrators to cause a denial of service (NULL pointer dereference and QEMU process crash) via vectors related to multiple eof_timers.",Released
20160217,CVE-2016-2391,,5,967012,xen,https://www.suse.com/security/cve/CVE-2016-2391,"The ohci_bus_start function in the USB OHCI emulation support (hw/usb/hcd-ohci.c) in QEMU allows local guest OS administrators to cause a denial of service (NULL pointer dereference and QEMU process crash) via vectors related to multiple eof_timers.",Released
20160217,CVE-2016-2392,,6.5,967012,kvm,https://www.suse.com/security/cve/CVE-2016-2392,"The is_rndis function in the USB Net device emulator (hw/usb/dev-network.c) in QEMU before 2.5.1 does not properly validate USB configuration descriptor objects, which allows local guest OS administrators to cause a denial of service (NULL pointer dereference and QEMU process crash) via vectors involving a remote NDIS control message packet.",Released
20160217,CVE-2016-2392,,6.5,967012,xen,https://www.suse.com/security/cve/CVE-2016-2392,"The is_rndis function in the USB Net device emulator (hw/usb/dev-network.c) in QEMU before 2.5.1 does not properly validate USB configuration descriptor objects, which allows local guest OS administrators to cause a denial of service (NULL pointer dereference and QEMU process crash) via vectors involving a remote NDIS control message packet.",Released
20160223,CVE-2016-0706,,4.3,967815,tomcat6,https://www.suse.com/security/cve/CVE-2016-0706,"Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 does not place org.apache.catalina.manager.StatusManagerServlet on the org/apache/catalina/core/RestrictedServlets.properties list, which allows remote authenticated users to bypass intended SecurityManager restrictions and read arbitrary HTTP requests, and consequently discover session ID values, via a crafted web application.",Released
20160224,CVE-2014-9766,-1,-1,968090,pixman,https://www.suse.com/security/cve/CVE-2014-9766,"Integer overflow in the create_bits function in pixman-bits-image.c in Pixman before 0.32.6 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via large height and stride values.",Released
20160224,CVE-2015-5174,,4.3,967967,tomcat6,https://www.suse.com/security/cve/CVE-2015-5174,"Directory traversal vulnerability in RequestUtil.java in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.65, and 8.x before 8.0.27 allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /.. (slash dot dot) in a pathname used by a web application in a getResource, getResourceAsStream, or getResourcePaths call, as demonstrated by the $CATALINA_BASE/webapps directory.",Released
20160224,CVE-2015-5345,,5.3,967965,tomcat6,https://www.suse.com/security/cve/CVE-2015-5345,"The Mapper component in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.30, and 9.x before 9.0.0.M2 processes redirects before considering security constraints and Filters, which allows remote attackers to determine the existence of a directory via a URL that lacks a trailing / (slash) character.",Released
20160224,CVE-2015-8816,,6.8,1020452,kernel-source,https://www.suse.com/security/cve/CVE-2015-8816,"The hub_activate function in drivers/usb/core/hub.c in the Linux kernel before 4.3.5 does not properly maintain a hub-interface data structure, which allows physically proximate attackers to cause a denial of service (invalid memory access and system crash) or possibly have unspecified other impact by unplugging a USB hub device.",Released
20160224,CVE-2016-0702,,5.1,1007806,openssl,https://www.suse.com/security/cve/CVE-2016-0702,"The MOD_EXP_CTIME_COPY_FROM_PREBUF function in crypto/bn/bn_exp.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not properly consider cache-bank access times during modular exponentiation, which makes it easier for local users to discover RSA keys by running a crafted application on the same Intel Sandy Bridge CPU core as a victim and leveraging cache-bank conflicts, aka a \"CacheBleed\" attack.",Released
20160224,CVE-2016-0703,,5.9,968044,openssl,https://www.suse.com/security/cve/CVE-2016-0703,"The get_client_master_key function in s2_srvr.c in the SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a accepts a nonzero CLIENT-MASTER-KEY CLEAR-KEY-LENGTH value for an arbitrary cipher, which allows man-in-the-middle attackers to determine the MASTER-KEY value and decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, a related issue to CVE-2016-0800.",Released
20160224,CVE-2016-0704,,5.9,968044,openssl,https://www.suse.com/security/cve/CVE-2016-0704,"An oracle protection mechanism in the get_client_master_key function in s2_srvr.c in the SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a overwrites incorrect MASTER-KEY bytes during use of export cipher suites, which makes it easier for remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, a related issue to CVE-2016-0800.",Released
20160224,CVE-2016-0705,,9.8,968044,openssl,https://www.suse.com/security/cve/CVE-2016-0705,"Double free vulnerability in the dsa_priv_decode function in crypto/dsa/dsa_ameth.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a malformed DSA private key.",Released
20160224,CVE-2016-0714,,8.8,967964,tomcat6,https://www.suse.com/security/cve/CVE-2016-0714,"The session-persistence implementation in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 mishandles session attributes, which allows remote authenticated users to bypass intended SecurityManager restrictions and execute arbitrary code in a privileged context via a web application that places a crafted object in a session.",Released
20160224,CVE-2016-0797,,7.5,968044,openssl,https://www.suse.com/security/cve/CVE-2016-0797,"Multiple integer overflows in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allow remote attackers to cause a denial of service (heap memory corruption or NULL pointer dereference) or possibly have unspecified other impact via a long digit string that is mishandled by the (1) BN_dec2bn or (2) BN_hex2bn function, related to crypto/bn/bn.h and crypto/bn/bn_print.c.",Released
20160224,CVE-2016-0800,,5.9,1106871,openssl,https://www.suse.com/security/cve/CVE-2016-0800,"The SSLv2 protocol, as used in OpenSSL before 1.0.1s and 1.0.2 before 1.0.2g and other products, requires a server to send a ServerVerify message before establishing that a client possesses certain plaintext RSA data, which makes it easier for remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a \"DROWN\" attack.",Released
20160224,CVE-2016-1576,,7.8,968091,kernel-source,https://www.suse.com/security/cve/CVE-2016-1576,"The overlayfs implementation in the Linux kernel through 4.5.2 does not properly restrict the mount namespace, which allows local users to gain privileges by mounting an overlayfs filesystem on top of a FUSE filesystem, and then executing a crafted setuid program.",Analysis
20160224,CVE-2016-2538,,7.1,967969,kvm,https://www.suse.com/security/cve/CVE-2016-2538,"Multiple integer overflows in the USB Net device emulator (hw/usb/dev-network.c) in QEMU before 2.5.1 allow local guest OS administrators to cause a denial of service (QEMU process crash) or obtain sensitive host memory information via a remote NDIS control message packet that is mishandled in the (1) rndis_query_response, (2) rndis_set_response, or (3) usb_net_handle_dataout function.",Released
20160224,CVE-2016-2538,,7.1,967969,xen,https://www.suse.com/security/cve/CVE-2016-2538,"Multiple integer overflows in the USB Net device emulator (hw/usb/dev-network.c) in QEMU before 2.5.1 allow local guest OS administrators to cause a denial of service (QEMU process crash) or obtain sensitive host memory information via a remote NDIS control message packet that is mishandled in the (1) rndis_query_response, (2) rndis_set_response, or (3) usb_net_handle_dataout function.",Already fixed
20160224,CVE-2016-2543,,6.2,1020452,kernel-source,https://www.suse.com/security/cve/CVE-2016-2543,"The snd_seq_ioctl_remove_events function in sound/core/seq/seq_clientmgr.c in the Linux kernel before 4.4.1 does not verify FIFO assignment before proceeding with FIFO clearing, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafted ioctl call.",Released
20160224,CVE-2016-2544,,5.1,1020452,kernel-source,https://www.suse.com/security/cve/CVE-2016-2544,"Race condition in the queue_delete function in sound/core/seq/seq_queue.c in the Linux kernel before 4.4.1 allows local users to cause a denial of service (use-after-free and system crash) by making an ioctl call at a certain time.",Released
20160224,CVE-2016-2545,,5.1,1020452,kernel-source,https://www.suse.com/security/cve/CVE-2016-2545,"The snd_timer_interrupt function in sound/core/timer.c in the Linux kernel before 4.4.1 does not properly maintain a certain linked list, which allows local users to cause a denial of service (race condition and system crash) via a crafted ioctl call.",Released
20160224,CVE-2016-2546,,5.1,1020452,kernel-source,https://www.suse.com/security/cve/CVE-2016-2546,"sound/core/timer.c in the Linux kernel before 4.4.1 uses an incorrect type of mutex, which allows local users to cause a denial of service (race condition, use-after-free, and system crash) via a crafted ioctl call.",Released
20160224,CVE-2016-2547,,5.1,1020452,kernel-source,https://www.suse.com/security/cve/CVE-2016-2547,"sound/core/timer.c in the Linux kernel before 4.4.1 employs a locking approach that does not consider slave timer instances, which allows local users to cause a denial of service (race condition, use-after-free, and system crash) via a crafted ioctl call.",Released
20160224,CVE-2016-2548,,6.2,1020452,kernel-source,https://www.suse.com/security/cve/CVE-2016-2548,"sound/core/timer.c in the Linux kernel before 4.4.1 retains certain linked lists after a close or stop action, which allows local users to cause a denial of service (system crash) via a crafted ioctl call, related to the (1) snd_timer_close and (2) _snd_timer_stop functions.",Released
20160224,CVE-2016-2549,,6.2,1020452,kernel-source,https://www.suse.com/security/cve/CVE-2016-2549,"sound/core/hrtimer.c in the Linux kernel before 4.4.1 does not prevent recursive callback access, which allows local users to cause a denial of service (deadlock) via a crafted ioctl call.",Released
20160224,CVE-2016-2550,,5.5,968014,kernel-source,https://www.suse.com/security/cve/CVE-2016-2550,"The Linux kernel before 4.5 allows local users to bypass file-descriptor limits and cause a denial of service (memory consumption) by leveraging incorrect tracking of descriptor ownership and sending each descriptor over a UNIX socket before closing it. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-4312.",Released
20160225,CVE-2015-7560,,6.5,968222,samba,https://www.suse.com/security/cve/CVE-2015-7560,"The SMB1 implementation in smbd in Samba 3.x and 4.x before 4.1.23, 4.2.x before 4.2.9, 4.3.x before 4.3.6, and 4.4.x before 4.4.0rc4 allows remote authenticated users to modify arbitrary ACLs by using a UNIX SMB1 call to create a symlink, and then using a non-UNIX SMB1 call to write to the ACL content.",Released
20160225,CVE-2016-2554,,9.8,968284,php53,https://www.suse.com/security/cve/CVE-2016-2554,"Stack-based buffer overflow in ext/phar/tar.c in PHP before 5.5.32, 5.6.x before 5.6.18, and 7.x before 7.0.3 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted TAR archive.",Released
20160226,CVE-2016-0799,,9.8,968044,openssl,https://www.suse.com/security/cve/CVE-2016-0799,"The fmtstr function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g improperly calculates string lengths, which allows remote attackers to cause a denial of service (overflow and out-of-bounds read) or possibly have unspecified other impact via a long string, as demonstrated by a large amount of ASN.1 data, a different vulnerability than CVE-2016-2842.",Released
20160226,CVE-2016-1577,7,7.6,1178702,jasper,https://www.suse.com/security/cve/CVE-2016-1577,"Double free vulnerability in the jas_iccattrval_destroy function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted ICC color profile in a JPEG 2000 image file, a different vulnerability than CVE-2014-8137.",Released
20160226,CVE-2016-2116,3.3,5.7,1178702,jasper,https://www.suse.com/security/cve/CVE-2016-2116,"Memory leak in the jas_iccprof_createfrombuf function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (memory consumption) via a crafted ICC color profile in a JPEG 2000 image file.",Released
20160226,CVE-2016-2569,,7.5,968392,squid3,https://www.suse.com/security/cve/CVE-2016-2569,"Squid 3.x before 3.5.15 and 4.x before 4.0.7 does not properly append data to String objects, which allows remote servers to cause a denial of service (assertion failure and daemon exit) via a long string, as demonstrated by a crafted HTTP Vary header.",Released
20160226,CVE-2016-2569,,7.5,968392,squid,https://www.suse.com/security/cve/CVE-2016-2569,"Squid 3.x before 3.5.15 and 4.x before 4.0.7 does not properly append data to String objects, which allows remote servers to cause a denial of service (assertion failure and daemon exit) via a long string, as demonstrated by a crafted HTTP Vary header.",Ignore
20160226,CVE-2016-2570,,7.5,968392,squid3,https://www.suse.com/security/cve/CVE-2016-2570,"The Edge Side Includes (ESI) parser in Squid 3.x before 3.5.15 and 4.x before 4.0.7 does not check buffer limits during XML parsing, which allows remote HTTP servers to cause a denial of service (assertion failure and daemon exit) via a crafted XML document, related to esi/CustomParser.cc and esi/CustomParser.h.",Released
20160226,CVE-2016-2570,,7.5,968392,squid,https://www.suse.com/security/cve/CVE-2016-2570,"The Edge Side Includes (ESI) parser in Squid 3.x before 3.5.15 and 4.x before 4.0.7 does not check buffer limits during XML parsing, which allows remote HTTP servers to cause a denial of service (assertion failure and daemon exit) via a crafted XML document, related to esi/CustomParser.cc and esi/CustomParser.h.",Unsupported
20160226,CVE-2016-2571,,7.5,968394,squid3,https://www.suse.com/security/cve/CVE-2016-2571,"http.cc in Squid 3.x before 3.5.15 and 4.x before 4.0.7 proceeds with the storage of certain data after a response-parsing failure, which allows remote HTTP servers to cause a denial of service (assertion failure and daemon exit) via a malformed response.",Released
20160226,CVE-2016-2571,,7.5,968394,squid,https://www.suse.com/security/cve/CVE-2016-2571,"http.cc in Squid 3.x before 3.5.15 and 4.x before 4.0.7 proceeds with the storage of certain data after a response-parsing failure, which allows remote HTTP servers to cause a denial of service (assertion failure and daemon exit) via a malformed response.",Unsupported
20160226,CVE-2016-2572,,7.5,968394,squid3,https://www.suse.com/security/cve/CVE-2016-2572,"http.cc in Squid 4.x before 4.0.7 relies on the HTTP status code after a response-parsing failure, which allows remote HTTP servers to cause a denial of service (assertion failure and daemon exit) via a malformed response.",Released
20160226,CVE-2016-2572,,7.5,968394,squid,https://www.suse.com/security/cve/CVE-2016-2572,"http.cc in Squid 4.x before 4.0.7 relies on the HTTP status code after a response-parsing failure, which allows remote HTTP servers to cause a denial of service (assertion failure and daemon exit) via a malformed response.",Unsupported
20160227,CVE-2016-2521,,7.8,968565,wireshark,https://www.suse.com/security/cve/CVE-2016-2521,"Untrusted search path vulnerability in the WiresharkApplication class in ui/qt/wireshark_application.cpp in Wireshark 1.12.x before 1.12.10 and 2.0.x before 2.0.2 on Windows allows local users to gain privileges via a Trojan horse riched20.dll.dll file in the current working directory, related to use of QLibrary.",Released
20160227,CVE-2016-2522,,5.9,968565,wireshark,https://www.suse.com/security/cve/CVE-2016-2522,"The dissect_ber_constrained_bitstring function in epan/dissectors/packet-ber.c in the ASN.1 BER dissector in Wireshark 2.0.x before 2.0.2 does not verify that a certain length is nonzero, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet.",Released
20160227,CVE-2016-2523,,5.9,968565,wireshark,https://www.suse.com/security/cve/CVE-2016-2523,"The dnp3_al_process_object function in epan/dissectors/packet-dnp.c in the DNP3 dissector in Wireshark 1.12.x before 1.12.10 and 2.0.x before 2.0.2 allows remote attackers to cause a denial of service (infinite loop) via a crafted packet.",Released
20160227,CVE-2016-2524,,5.9,968565,wireshark,https://www.suse.com/security/cve/CVE-2016-2524,"epan/dissectors/packet-x509af.c in the X.509AF dissector in Wireshark 2.0.x before 2.0.2 mishandles the algorithm ID, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.",Released
20160227,CVE-2016-2525,,5.9,968565,wireshark,https://www.suse.com/security/cve/CVE-2016-2525,"epan/dissectors/packet-http2.c in the HTTP/2 dissector in Wireshark 2.0.x before 2.0.2 does not limit the amount of header data, which allows remote attackers to cause a denial of service (memory consumption or application crash) via a crafted packet.",Released
20160227,CVE-2016-2526,,5.9,968565,wireshark,https://www.suse.com/security/cve/CVE-2016-2526,"epan/dissectors/packet-hiqnet.c in the HiQnet dissector in Wireshark 2.0.x before 2.0.2 does not validate the data type, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet.",Released
20160227,CVE-2016-2527,,5.5,968565,wireshark,https://www.suse.com/security/cve/CVE-2016-2527,"wiretap/nettrace_3gpp_32_423.c in the 3GPP TS 32.423 Trace file parser in Wireshark 2.0.x before 2.0.2 does not ensure that a '\0' character is present at the end of certain strings, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) via a crafted file.",Released
20160227,CVE-2016-2528,,5.9,968565,wireshark,https://www.suse.com/security/cve/CVE-2016-2528,"The dissect_nhdr_extopt function in epan/dissectors/packet-lbmc.c in the LBMC dissector in Wireshark 2.0.x before 2.0.2 does not validate length values, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) via a crafted packet.",Released
20160227,CVE-2016-2529,,5.5,968565,wireshark,https://www.suse.com/security/cve/CVE-2016-2529,"The iseries_check_file_type function in wiretap/iseries.c in the iSeries file parser in Wireshark 2.0.x before 2.0.2 does not consider that a line may lack the \"OBJECT PROTOCOL\" substring, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted file.",Released
20160227,CVE-2016-2530,,5.9,968565,wireshark,https://www.suse.com/security/cve/CVE-2016-2530,"The dissct_rsl_ipaccess_msg function in epan/dissectors/packet-rsl.c in the RSL dissector in Wireshark 1.12.x before 1.12.10 and 2.0.x before 2.0.2 mishandles the case of an unrecognized TLV type, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet, a different vulnerability than CVE-2016-2531.",Released
20160227,CVE-2016-2531,,5.9,968565,wireshark,https://www.suse.com/security/cve/CVE-2016-2531,"Off-by-one error in epan/dissectors/packet-rsl.c in the RSL dissector in Wireshark 1.12.x before 1.12.10 and 2.0.x before 2.0.2 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet that triggers a 0xff tag value, a different vulnerability than CVE-2016-2530.",Released
20160227,CVE-2016-2532,,5.9,968565,wireshark,https://www.suse.com/security/cve/CVE-2016-2532,"The dissect_llrp_parameters function in epan/dissectors/packet-llrp.c in the LLRP dissector in Wireshark 1.12.x before 1.12.10 and 2.0.x before 2.0.2 does not limit the recursion depth, which allows remote attackers to cause a denial of service (memory consumption or application crash) via a crafted packet.",Released
20160229,CVE-2016-2779,8.6,7.8,1000998,util-linux,https://www.suse.com/security/cve/CVE-2016-2779,"runuser in util-linux allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.",Unsupported
20160229,CVE-2016-2781,,6.5,946429,util-linux,https://www.suse.com/security/cve/CVE-2016-2781,"chroot in GNU coreutils, when used with --userspec, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.",Ignore
20160229,CVE-2016-2782,,4.6,1020452,kernel-source,https://www.suse.com/security/cve/CVE-2016-2782,"The treo_attach function in drivers/usb/serial/visor.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by inserting a USB device that lacks a (1) bulk-in or (2) interrupt-in endpoint.",Released
20160302,CVE-2015-8817,,5.5,969121,xen,https://www.suse.com/security/cve/CVE-2015-8817,"QEMU (aka Quick Emulator) built to use 'address_space_translate' to map an address to a MemoryRegionSection is vulnerable to an OOB r/w access issue. It could occur while doing pci_dma_read/write calls. Affects QEMU versions >= 1.6.0 and <= 2.3.1. A privileged user inside guest could use this flaw to crash the guest instance resulting in DoS.",Released
20160302,CVE-2015-8818,,5.5,969122,xen,https://www.suse.com/security/cve/CVE-2015-8818,"The cpu_physical_memory_write_rom_internal function in exec.c in QEMU (aka Quick Emulator) does not properly skip MMIO regions, which allows local privileged guest users to cause a denial of service (guest crash) via unspecified vectors.",Released
20160303,CVE-2012-6701,,7.8,969354,kernel-source,https://www.suse.com/security/cve/CVE-2012-6701,"Integer overflow in fs/aio.c in the Linux kernel before 3.4.1 allows local users to cause a denial of service or possibly have unspecified other impact via a large AIO iovec.",Already fixed
20160303,CVE-2016-2841,,6,969350,kvm,https://www.suse.com/security/cve/CVE-2016-2841,"The ne2000_receive function in the NE2000 NIC emulation support (hw/net/ne2000.c) in QEMU before 2.5.1 allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via crafted values for the PSTART and PSTOP registers, involving ring buffer control.",Released
20160303,CVE-2016-2841,,6,969350,xen,https://www.suse.com/security/cve/CVE-2016-2841,"The ne2000_receive function in the NE2000 NIC emulation support (hw/net/ne2000.c) in QEMU before 2.5.1 allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via crafted values for the PSTART and PSTOP registers, involving ring buffer control.",Already fixed
20160304,CVE-2016-2842,,9.8,969517,openssl,https://www.suse.com/security/cve/CVE-2016-2842,"The doapr_outch function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not verify that a certain memory allocation succeeds, which allows remote attackers to cause a denial of service (out-of-bounds write or memory consumption) or possibly have unspecified other impact via a long string, as demonstrated by a large amount of ASN.1 data, a different vulnerability than CVE-2016-0799.",Already fixed
20160305,CVE-2016-1234,,7.5,1020940,glibc,https://www.suse.com/security/cve/CVE-2016-1234,"Stack-based buffer overflow in the glob implementation in GNU C Library (aka glibc) before 2.24, when GLOB_ALTDIRFUNC is used, allows context-dependent attackers to cause a denial of service (crash) via a long name.",Released
20160307,CVE-2016-2774,,5.9,969820,dhcp,https://www.suse.com/security/cve/CVE-2016-2774,"ISC DHCP 4.1.x before 4.1-ESV-R13 and 4.2.x and 4.3.x before 4.3.4 does not restrict the number of concurrent TCP sessions, which allows remote attackers to cause a denial of service (INSIST assertion failure or request-processing outage) by establishing many sessions.",Released
20160307,CVE-2016-2851,,9.8,969785,libotr,https://www.suse.com/security/cve/CVE-2016-2851,"Integer overflow in proto.c in libotr before 4.1.1 on 64-bit platforms allows remote attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via a series of large OTR messages, which triggers a heap-based buffer overflow.",Released
20160308,CVE-2016-1285,,6.8,970072,bind,https://www.suse.com/security/cve/CVE-2016-1285,"named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 does not properly handle DNAME records when parsing fetch reply messages, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a malformed packet to the rndc (aka control channel) interface, related to alist.c and sexpr.c.",Released
20160308,CVE-2016-1286,,8.6,970073,bind,https://www.suse.com/security/cve/CVE-2016-1286,"named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted signature record for a DNAME record, related to db.c and resolver.c.",Released
20160308,CVE-2016-2857,,8.4,970037,kvm,https://www.suse.com/security/cve/CVE-2016-2857,"The net_checksum_calculate function in net/checksum.c in QEMU allows local guest OS users to cause a denial of service (out-of-bounds heap read and crash) via the payload length in a crafted packet.",Released
20160308,CVE-2016-2858,,6.5,970036,kvm,https://www.suse.com/security/cve/CVE-2016-2858,"QEMU, when built with the Pseudo Random Number Generator (PRNG) back-end support, allows local guest OS users to cause a denial of service (process crash) via an entropy request, which triggers arbitrary stack based allocation and memory corruption.",Released
20160310,CVE-2014-7207,-1,-1,1139403,kernel-source,https://www.suse.com/security/cve/CVE-2014-7207,"A certain Debian patch to the IPv6 implementation in the Linux kernel 3.2.x through 3.2.63 does not properly validate arguments in ipv6_select_ident function calls, which allows local users to cause a denial of service (NULL pointer dereference and system crash) by leveraging (1) tun or (2) macvtap device access.",Analysis
20160310,CVE-2014-9746,-1,-1,947966,freetype2,https://www.suse.com/security/cve/CVE-2014-9746,"The (1) t1_parse_font_matrix function in type1/t1load.c, (2) cid_parse_font_matrix function in cid/cidload.c, (3) t42_parse_font_matrix function in type42/t42parse.c, and (4) ps_parser_load_field function in psaux/psobjs.c in FreeType before 2.5.4 do not check return values, which allows remote attackers to cause a denial of service (uninitialized memory access and application crash) or possibly have unspecified other impact via a crafted font.",Released
20160310,CVE-2014-9746,-1,-1,947966,ft2demos,https://www.suse.com/security/cve/CVE-2014-9746,"The (1) t1_parse_font_matrix function in type1/t1load.c, (2) cid_parse_font_matrix function in cid/cidload.c, (3) t42_parse_font_matrix function in type42/t42parse.c, and (4) ps_parser_load_field function in psaux/psobjs.c in FreeType before 2.5.4 do not check return values, which allows remote attackers to cause a denial of service (uninitialized memory access and application crash) or possibly have unspecified other impact via a crafted font.",Released
20160310,CVE-2016-2143,,7.8,1115893,kernel-source,https://www.suse.com/security/cve/CVE-2016-2143,"The fork implementation in the Linux kernel before 4.5 on s390 platforms mishandles the case of four page-table levels, which allows local users to cause a denial of service (system crash) or possibly have unspecified other impact via a crafted application, related to arch/s390/include/asm/mmu_context.h and arch/s390/include/asm/pgalloc.h.",Released
20160311,CVE-2003-1604,-1,-1,963931,kernel-source,https://www.suse.com/security/cve/CVE-2003-1604,"The redirect_target function in net/ipv4/netfilter/ipt_REDIRECT.c in the Linux kernel before 2.6.0 allows remote attackers to cause a denial of service (NULL pointer dereference and OOPS) by sending packets to an interface that has a 0.0.0.0 IP address, a related issue to CVE-2015-8787.",Analysis
20160311,CVE-2016-2147,,7.5,970663,busybox,https://www.suse.com/security/cve/CVE-2016-2147,"Integer overflow in the DHCP client (udhcpc) in BusyBox before 1.25.0 allows remote attackers to cause a denial of service (crash) via a malformed RFC1035-encoded domain name, which triggers an out-of-bounds heap write.",Unsupported
20160311,CVE-2016-3115,,6.4,1005738,openssh,https://www.suse.com/security/cve/CVE-2016-3115,"Multiple CRLF injection vulnerabilities in session.c in sshd in OpenSSH before 7.2p2 allow remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data, related to the (1) do_authenticated1 and (2) session_x11_req functions.",Released
20160314,CVE-2016-2186,,4.6,1020452,kernel-source,https://www.suse.com/security/cve/CVE-2016-2186,"The powermate_probe function in drivers/input/misc/powermate.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.",Released
20160314,CVE-2016-2188,,4.6,1020452,kernel-source,https://www.suse.com/security/cve/CVE-2016-2188,"The iowarrior_probe function in drivers/usb/misc/iowarrior.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.",Released
20160314,CVE-2016-2342,,8.1,970952,quagga,https://www.suse.com/security/cve/CVE-2016-2342,"The bgp_nlri_parse_vpnv4 function in bgp_mplsvpn.c in the VPNv4 NLRI parser in bgpd in Quagga before 1.0.20160309, when a certain VPNv4 configuration is used, relies on a Labeled-VPN SAFI routes-data length field during a data copy, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted packet.",Released
20160314,CVE-2016-2847,,6.2,1020452,kernel-source,https://www.suse.com/security/cve/CVE-2016-2847,"fs/pipe.c in the Linux kernel before 4.5 does not limit the amount of unread data in pipes, which allows local users to cause a denial of service (memory consumption) by creating many pipes with non-default sizes.",Released
20160314,CVE-2016-3137,,4.6,1020452,kernel-source,https://www.suse.com/security/cve/CVE-2016-3137,"drivers/usb/serial/cypress_m8.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a USB device without both an interrupt-in and an interrupt-out endpoint descriptor, related to the cypress_generic_port_probe and cypress_open functions.",Released
20160314,CVE-2016-3138,,4.6,1020452,kernel-source,https://www.suse.com/security/cve/CVE-2016-3138,"The acm_probe function in drivers/usb/class/cdc-acm.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a USB device without both a control and a data endpoint descriptor.",Released
20160314,CVE-2016-3139,,4.6,1020452,kernel-source,https://www.suse.com/security/cve/CVE-2016-3139,"The wacom_probe function in drivers/input/tablet/wacom_sys.c in the Linux kernel before 3.17 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.",Released
20160314,CVE-2016-3140,,4.6,1020452,kernel-source,https://www.suse.com/security/cve/CVE-2016-3140,"The digi_port_init function in drivers/usb/serial/digi_acceleport.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.",Released
20160314,CVE-2016-3141,,9.8,969821,php53,https://www.suse.com/security/cve/CVE-2016-3141,"Use-after-free vulnerability in wddx.c in the WDDX extension in PHP before 5.5.33 and 5.6.x before 5.6.19 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact by triggering a wddx_deserialize call on XML data containing a crafted var element.",Released
20160315,CVE-2016-2184,,4.6,1020452,kernel-source,https://www.suse.com/security/cve/CVE-2016-2184,"The create_fixed_stream_quirk function in sound/usb/quirks.c in the snd-usb-audio driver in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference or double free, and system crash) via a crafted endpoints value in a USB device descriptor.",Released
20160315,CVE-2016-2185,,4.6,1020452,kernel-source,https://www.suse.com/security/cve/CVE-2016-2185,"The ati_remote2_probe function in drivers/input/misc/ati_remote2.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.",Released
20160315,CVE-2016-3134,,8.4,1020452,kernel-source,https://www.suse.com/security/cve/CVE-2016-3134,"The netfilter subsystem in the Linux kernel through 4.5.2 does not validate certain offset fields, which allows local users to gain privileges or cause a denial of service (heap memory corruption) via an IPT_SO_SET_REPLACE setsockopt call.",Released
20160316,CVE-2016-3156,,5.5,1020452,kernel-source,https://www.suse.com/security/cve/CVE-2016-3156,"The IPv4 implementation in the Linux kernel before 4.5.2 mishandles destruction of device objects, which allows guest OS users to cause a denial of service (host OS networking outage) by arranging for a large number of IP addresses.",Released
20160317,CVE-2014-9767,-1,-1,971612,php53,https://www.suse.com/security/cve/CVE-2014-9767,"Directory traversal vulnerability in the ZipArchive::extractTo function in ext/zip/php_zip.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 and ext/zip/ext_zip.cpp in HHVM before 3.12.1 allows remote attackers to create arbitrary empty directories via a crafted ZIP archive.",Released
20160317,CVE-2016-3157,,7.8,970965,kernel-source,https://www.suse.com/security/cve/CVE-2016-3157,"The __switch_to function in arch/x86/kernel/process_64.c in the Linux kernel does not properly context-switch IOPL on 64-bit PV Xen guests, which allows local guest OS users to gain privileges, cause a denial of service (guest OS crash), or obtain sensitive information by leveraging I/O port access.",Analysis
20160317,CVE-2016-3185,,7.1,971611,php53,https://www.suse.com/security/cve/CVE-2016-3185,"The make_http_soap_request function in ext/soap/php_http.c in PHP before 5.4.44, 5.5.x before 5.5.28, 5.6.x before 5.6.12, and 7.x before 7.0.4 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (type confusion and application crash) via crafted serialized _cookies data, related to the SoapClient::__call method in ext/soap/soap.c.",Released
20160321,CVE-2016-2187,4.6,4.6,1020452,kernel-source,https://www.suse.com/security/cve/CVE-2016-2187,"The gtco_probe function in drivers/input/tablet/gtco.c in the Linux kernel through 4.5.2 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.",Released
20160321,CVE-2016-3119,,5.3,971942,krb5,https://www.suse.com/security/cve/CVE-2016-3119,"The process_db_args function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the LDAP KDB module in kadmind in MIT Kerberos 5 (aka krb5) through 1.13.4 and 1.14.x through 1.14.1 mishandles the DB argument, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request to modify a principal.",Released
20160323,CVE-2016-3627,,7.5,1026099,libxml2,https://www.suse.com/security/cve/CVE-2016-3627,"The xmlStringGetNodeList function in tree.c in libxml2 2.9.3 and earlier, when used in recovery mode, allows context-dependent attackers to cause a denial of service (infinite recursion, stack consumption, and application crash) via a crafted XML document.",Released
20160329,CVE-2016-2110,,5.9,1009711,samba,https://www.suse.com/security/cve/CVE-2016-2110,"The NTLMSSP authentication implementation in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 allows man-in-the-middle attackers to perform protocol-downgrade attacks by modifying the client-server data stream to remove application-layer flags or encryption settings, as demonstrated by clearing the NTLMSSP_NEGOTIATE_SEAL or NTLMSSP_NEGOTIATE_SIGN option to disrupt LDAP security.",Released
20160329,CVE-2016-2111,,6.3,973032,samba-doc,https://www.suse.com/security/cve/CVE-2016-2111,"The NETLOGON service in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2, when a domain controller is configured, allows remote attackers to spoof the computer name of a secure channel's endpoint, and obtain sensitive session information, by running a crafted application and leveraging the ability to sniff network traffic, a related issue to CVE-2015-0005.",Released
20160329,CVE-2016-2111,,6.3,973032,samba,https://www.suse.com/security/cve/CVE-2016-2111,"The NETLOGON service in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2, when a domain controller is configured, allows remote attackers to spoof the computer name of a secure channel's endpoint, and obtain sensitive session information, by running a crafted application and leveraging the ability to sniff network traffic, a related issue to CVE-2015-0005.",Released
20160329,CVE-2016-2112,,5.9,973031,samba-doc,https://www.suse.com/security/cve/CVE-2016-2112,"The bundled LDAP client library in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not recognize the \"client ldap sasl wrapping\" setting, which allows man-in-the-middle attackers to perform LDAP protocol-downgrade attacks by modifying the client-server data stream.",Released
20160329,CVE-2016-2112,,5.9,973031,samba,https://www.suse.com/security/cve/CVE-2016-2112,"The bundled LDAP client library in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not recognize the \"client ldap sasl wrapping\" setting, which allows man-in-the-middle attackers to perform LDAP protocol-downgrade attacks by modifying the client-server data stream.",Released
20160329,CVE-2016-2113,,7.4,973031,samba,https://www.suse.com/security/cve/CVE-2016-2113,"Samba 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not verify X.509 certificates from TLS servers, which allows man-in-the-middle attackers to spoof LDAPS and HTTPS servers and obtain sensitive information via a crafted certificate.",Released
20160329,CVE-2016-2115,,5.9,973036,samba-doc,https://www.suse.com/security/cve/CVE-2016-2115,"Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not require SMB signing within a DCERPC session over ncacn_np, which allows man-in-the-middle attackers to spoof SMB clients by modifying the client-server data stream.",Released
20160329,CVE-2016-2115,,5.9,973036,samba,https://www.suse.com/security/cve/CVE-2016-2115,"Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not require SMB signing within a DCERPC session over ncacn_np, which allows man-in-the-middle attackers to spoof SMB clients by modifying the client-server data stream.",Released
20160329,CVE-2016-2118,,7.5,971965,samba-doc,https://www.suse.com/security/cve/CVE-2016-2118,"The MS-SAMR and MS-LSAD protocol implementations in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 mishandle DCERPC connections, which allows man-in-the-middle attackers to perform protocol-downgrade attacks and impersonate users by modifying the client-server data stream, aka \"BADLOCK.\"",Released
20160329,CVE-2016-2118,,7.5,971965,samba,https://www.suse.com/security/cve/CVE-2016-2118,"The MS-SAMR and MS-LSAD protocol implementations in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 mishandle DCERPC connections, which allows man-in-the-middle attackers to perform protocol-downgrade attacks and impersonate users by modifying the client-server data stream, aka \"BADLOCK.\"",Released
20160330,CVE-2016-3075,,7.5,1123874,glibc,https://www.suse.com/security/cve/CVE-2016-3075,"Stack-based buffer overflow in the nss_dns implementation of the getnetbyname function in GNU C Library (aka glibc) before 2.24 allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via a long name.",Released
20160330,CVE-2016-3158,,3.8,973188,xen,https://www.suse.com/security/cve/CVE-2016-3158,"The xrstor function in arch/x86/xstate.c in Xen 4.x does not properly handle writes to the hardware FSW.ES bit when running on AMD64 processors, which allows local guest OS users to obtain sensitive register content information from another guest by leveraging pending exception and mask bits.  NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-2076.",Released
20160330,CVE-2016-3159,,3.8,973188,xen,https://www.suse.com/security/cve/CVE-2016-3159,"The fpu_fxrstor function in arch/x86/i387.c in Xen 4.x does not properly handle writes to the hardware FSW.ES bit when running on AMD64 processors, which allows local guest OS users to obtain sensitive register content information from another guest by leveraging pending exception and mask bits.  NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-2076.",Released
20160331,CVE-2015-8835,-1,-1,973351,php53,https://www.suse.com/security/cve/CVE-2015-8835,"The make_http_soap_request function in ext/soap/php_http.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 does not properly retrieve keys, which allows remote attackers to cause a denial of service (NULL pointer dereference, type confusion, and application crash) or possibly execute arbitrary code via crafted serialized data representing a numerically indexed _cookies array, related to the SoapClient::__call method in ext/soap/soap.c.",Released
20160331,CVE-2016-3186,,6.2,973340,tiff,https://www.suse.com/security/cve/CVE-2016-3186,"Buffer overflow in the readextension function in gif2tiff.c in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (application crash) via a crafted GIF file.",Released
20160404,CVE-2015-8838,-1,-1,973792,php53,https://www.suse.com/security/cve/CVE-2015-8838,"ext/mysqlnd/mysqlnd.c in PHP before 5.4.43, 5.5.x before 5.5.27, and 5.6.x before 5.6.11 uses a client SSL option to mean that SSL is optional, which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack, a related issue to CVE-2015-3152.",Released
20160404,CVE-2016-3947,,8.2,973782,squid3,https://www.suse.com/security/cve/CVE-2016-3947,"Heap-based buffer overflow in the Icmp6::Recv function in icmp/Icmp6.cc in the pinger utility in Squid before 3.5.16 and 4.x before 4.0.8 allows remote servers to cause a denial of service (performance degradation or transition failures) or write sensitive information to log files via an ICMPv6 packet.",Released
20160404,CVE-2016-3948,7.5,7.5,973783,squid3,https://www.suse.com/security/cve/CVE-2016-3948,"Squid 3.x before 3.5.16 and 4.x before 4.0.8 improperly perform bounds checking, which allows remote attackers to cause a denial of service via a crafted HTTP response, related to Vary headers.",Released
20160405,CVE-2016-0764,,6.2,974072,NetworkManager,https://www.suse.com/security/cve/CVE-2016-0764,"Race condition in Network Manager before 1.0.12 as packaged in Red Hat Enterprise Linux Desktop 7, Red Hat Enterprise Linux HPC Node 7, Red Hat Enterprise Linux Server 7, and Red Hat Enterprise Linux Workstation 7 allows local users to obtain sensitive connection information by reading temporary files during ifcfg and keyfile changes.",Affected
20160406,CVE-2016-3960,,8.8,1072223,xen,https://www.suse.com/security/cve/CVE-2016-3960,"Integer overflow in the x86 shadow pagetable code in Xen allows local guest OS users to cause a denial of service (host crash) or possibly gain privileges by shadowing a superpage mapping.",Released
20160407,CVE-2016-3619,,6.5,1040080,tiff,https://www.suse.com/security/cve/CVE-2016-3619,"The DumpModeEncode function in tif_dumpmode.c in the bmp2tiff tool in LibTIFF 4.0.6 and earlier, when the \"-c none\" option is used, allows remote attackers to cause a denial of service (buffer over-read) via a crafted BMP image.",Released
20160407,CVE-2016-3620,,7.5,1040080,tiff,https://www.suse.com/security/cve/CVE-2016-3620,"The ZIPEncode function in tif_zip.c in the bmp2tiff tool in LibTIFF 4.0.6 and earlier, when the \"-c zip\" option is used, allows remote attackers to cause a denial of service (buffer over-read) via a crafted BMP image.",Released
20160407,CVE-2016-3621,,8.8,1040080,tiff,https://www.suse.com/security/cve/CVE-2016-3621,"The LZWEncode function in tif_lzw.c in the bmp2tiff tool in LibTIFF 4.0.6 and earlier, when the \"-c lzw\" option is used, allows remote attackers to cause a denial of service (buffer over-read) via a crafted BMP image.",Released
20160407,CVE-2016-3622,,6.5,974449,tiff,https://www.suse.com/security/cve/CVE-2016-3622,"The fpAcc function in tif_predict.c in the tiff2rgba tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (divide-by-zero error) via a crafted TIFF image.",Released
20160407,CVE-2016-3631,,7.5,974544,tiff,https://www.suse.com/security/cve/CVE-2016-3631,"The (1) cpStrips and (2) cpTiles functions in the thumbnail tool in LibTIFF 4.0.6 and earlier allow remote attackers to cause a denial of service (out-of-bounds read) via vectors related to the bytecounts[] array variable.",Ignore
20160408,CVE-2016-3623,,7.5,974617,tiff,https://www.suse.com/security/cve/CVE-2016-3623,"The rgb2ycbcr tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (divide-by-zero) by setting the (1) v or (2) h parameter to 0.",Released
20160408,CVE-2016-3632,,7.8,1007276,tiff,https://www.suse.com/security/cve/CVE-2016-3632,"The _TIFFVGetField function in tif_dirinfo.c in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds write) or execute arbitrary code via a crafted TIFF image.",Released
20160408,CVE-2016-3945,,7.8,974614,tiff,https://www.suse.com/security/cve/CVE-2016-3945,"Multiple integer overflows in the (1) cvt_by_strip and (2) cvt_by_tile functions in the tiff2rgba tool in LibTIFF 4.0.6 and earlier, when -b mode is enabled, allow remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted TIFF image, which triggers an out-of-bounds write.",Released
20160411,CVE-2016-3977,,5.5,974847,giflib,https://www.suse.com/security/cve/CVE-2016-3977,"Heap-based buffer overflow in util/gif2rgb.c in gif2rgb in giflib 5.1.2 allows remote attackers to cause a denial of service (application crash) via the background color index in a GIF file.",Released
20160412,CVE-2016-3990,,7.8,975069,tiff,https://www.suse.com/security/cve/CVE-2016-3990,"Heap-based buffer overflow in the horizontalDifference8 function in tif_pixarlog.c in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted TIFF image to tiffcp.",Released
20160412,CVE-2016-3991,,7.8,975070,tiff,https://www.suse.com/security/cve/CVE-2016-3991,"Heap-based buffer overflow in the loadImage function in the tiffcrop tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds write) or execute arbitrary code via a crafted TIFF image with zero tiles.",Unsupported
20160412,CVE-2016-4001,,8.6,975128,kvm,https://www.suse.com/security/cve/CVE-2016-4001,"Buffer overflow in the stellaris_enet_receive function in hw/net/stellaris_enet.c in QEMU, when the Stellaris ethernet controller is configured to accept large packets, allows remote attackers to cause a denial of service (QEMU crash) via a large packet.",Released
20160412,CVE-2016-4002,,9,975136,kvm,https://www.suse.com/security/cve/CVE-2016-4002,"Buffer overflow in the mipsnet_receive function in hw/net/mipsnet.c in QEMU, when the guest NIC is configured to accept large packets, allows remote attackers to cause a denial of service (memory corruption and QEMU crash) or possibly execute arbitrary code via a packet larger than 1514 bytes.",Released
20160412,CVE-2016-4002,,9,975136,xen,https://www.suse.com/security/cve/CVE-2016-4002,"Buffer overflow in the mipsnet_receive function in hw/net/mipsnet.c in QEMU, when the guest NIC is configured to accept large packets, allows remote attackers to cause a denial of service (memory corruption and QEMU crash) or possibly execute arbitrary code via a packet larger than 1514 bytes.",Affected
20160413,CVE-2014-4703,-1,-1,885205,nagios-plugins,https://www.suse.com/security/cve/CVE-2014-4703,"lib/parse_ini.c in Nagios Plugins 2.0.2 allows local users to obtain sensitive information via a symlink attack on the configuration file in the extra-opts flag.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-4701.",Released
20160415,CVE-2016-4020,,6.5,975700,kvm,https://www.suse.com/security/cve/CVE-2016-4020,"The patch_instruction function in hw/i386/kvmvapic.c in QEMU does not initialize the imm32 variable, which allows local guest OS administrators to obtain sensitive information from host stack memory by accessing the Task Priority Register (TPR).",Released
20160415,CVE-2016-4020,,6.5,975700,xen,https://www.suse.com/security/cve/CVE-2016-4020,"The patch_instruction function in hw/i386/kvmvapic.c in QEMU does not initialize the imm32 variable, which allows local guest OS administrators to obtain sensitive information from host stack memory by accessing the Task Priority Register (TPR).",Released
20160416,CVE-2015-8325,,7.8,1138392,openssh,https://www.suse.com/security/cve/CVE-2015-8325,"The do_setup_env function in session.c in sshd in OpenSSH through 7.2p2, when the UseLogin feature is enabled and PAM is configured to read .pam_environment files in user home directories, allows local users to gain privileges by triggering a crafted environment for the /bin/login program, as demonstrated by an LD_PRELOAD environment variable.",Released
20160419,CVE-2016-3955,,9.8,1115893,kernel-source,https://www.suse.com/security/cve/CVE-2016-3955,"The usbip_recv_xbuff function in drivers/usb/usbip/usbip_common.c in the Linux kernel before 4.5.3 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via a crafted length value in a USB/IP packet.",Released
20160419,CVE-2016-4037,,6,959005,kvm,https://www.suse.com/security/cve/CVE-2016-4037,"The ehci_advance_state function in hw/usb/hcd-ehci.c in QEMU allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) via a circular split isochronous transfer descriptor (siTD) list, a related issue to CVE-2015-8558.",Released
20160419,CVE-2016-4037,,6,959005,xen,https://www.suse.com/security/cve/CVE-2016-4037,"The ehci_advance_state function in hw/usb/hcd-ehci.c in QEMU allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) via a circular split isochronous transfer descriptor (siTD) list, a related issue to CVE-2015-8558.",Released
20160420,CVE-2016-0686,,9.6,976340,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2016-0686,"Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 and Java SE Embedded 8u77 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Serialization.",Unsupported
20160420,CVE-2016-0687,,9.6,976340,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2016-0687,"Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 and Java SE Embedded 8u77 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to the Hotspot sub-component.",Unsupported
20160420,CVE-2016-0695,,5.9,976340,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2016-0695,"Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect confidentiality via vectors related to Security.",Unsupported
20160420,CVE-2016-3422,,4.3,976340,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2016-3422,"Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 allows remote attackers to affect availability via vectors related to 2D.",Unsupported
20160420,CVE-2016-3425,,4.3,976340,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2016-3425,"Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect availability via vectors related to JAXP.",Unsupported
20160420,CVE-2016-3426,,3.1,976340,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2016-3426,"Unspecified vulnerability in Oracle Java SE 8u77 and Java SE Embedded 8u77 allows remote attackers to affect confidentiality via vectors related to JCE.",Unsupported
20160420,CVE-2016-3427,,9,1011805,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2016-3427,"Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX.",Unsupported
20160420,CVE-2016-3443,,9.6,976340,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2016-3443,"Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to 2D.  NOTE: the previous information is from the April 2016 CPU. Oracle has not commented on third-party claims that this issue allows remote attackers to obtain sensitive information via crafted font data, which triggers an out-of-bounds read.",Unsupported
20160420,CVE-2016-3449,,8.3,976340,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2016-3449,"Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Deployment.",Unsupported
20160420,CVE-2016-4036,,5.5,770619,quagga,https://www.suse.com/security/cve/CVE-2016-4036,"The quagga package before 0.99.23-2.6.1 in openSUSE and SUSE Linux Enterprise Server 11 SP 1 uses weak permissions for /etc/quagga, which allows local users to obtain sensitive information by reading files in the directory.",Released
20160421,CVE-2015-8853,-1,-1,976584,perl,https://www.suse.com/security/cve/CVE-2015-8853,"The (1) S_reghop3, (2) S_reghop4, and (3) S_reghopmaybe3 functions in regexec.c in Perl before 5.24.0 allow context-dependent attackers to cause a denial of service (infinite loop) via crafted utf-8 data, as demonstrated by \"a\x80.\"",Released
20160421,CVE-2016-4051,,8.8,976553,squid3,https://www.suse.com/security/cve/CVE-2016-4051,"Buffer overflow in cachemgr.cgi in Squid 2.x, 3.x before 3.5.17, and 4.x before 4.0.9 might allow remote attackers to cause a denial of service or execute arbitrary code by seeding manager reports with crafted data.",Released
20160421,CVE-2016-4051,,8.8,976553,squid,https://www.suse.com/security/cve/CVE-2016-4051,"Buffer overflow in cachemgr.cgi in Squid 2.x, 3.x before 3.5.17, and 4.x before 4.0.9 might allow remote attackers to cause a denial of service or execute arbitrary code by seeding manager reports with crafted data.",Released
20160421,CVE-2016-4052,,8.1,976556,squid3,https://www.suse.com/security/cve/CVE-2016-4052,"Multiple stack-based buffer overflows in Squid 3.x before 3.5.17 and 4.x before 4.0.9 allow remote HTTP servers to cause a denial of service or execute arbitrary code via crafted Edge Side Includes (ESI) responses.",Released
20160421,CVE-2016-4053,,3.7,976556,squid3,https://www.suse.com/security/cve/CVE-2016-4053,"Squid 3.x before 3.5.17 and 4.x before 4.0.9 allow remote attackers to obtain sensitive stack layout information via crafted Edge Side Includes (ESI) responses, related to incorrect use of assert and compiler optimization.",Released
20160421,CVE-2016-4054,,8.1,976556,squid3,https://www.suse.com/security/cve/CVE-2016-4054,"Buffer overflow in Squid 3.x before 3.5.17 and 4.x before 4.0.9 allows remote attackers to execute arbitrary code via crafted Edge Side Includes (ESI) responses.",Released
20160423,CVE-2016-2109,,7.5,1015243,openssl,https://www.suse.com/security/cve/CVE-2016-2109,"The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in the ASN.1 BIO implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (memory consumption) via a short invalid encoding.",Released
20160425,CVE-2015-5161,-1,-1,976996,php53,https://www.suse.com/security/cve/CVE-2015-5161,"The Zend_Xml_Security::scan in ZendXml before 1.0.1 and Zend Framework before 1.12.14, 2.x before 2.4.6, and 2.5.x before 2.5.2, when running under PHP-FPM in a threaded environment, allows remote attackers to bypass security checks and conduct XML external entity (XXE) and XML entity expansion (XEE) attacks via multibyte encoded characters.",Released
20160425,CVE-2015-8866,,9.6,976996,php53,https://www.suse.com/security/cve/CVE-2015-8866,"ext/libxml/libxml.c in PHP before 5.5.22 and 5.6.x before 5.6.6, when PHP-FPM is used, does not isolate each thread from libxml_disable_entity_loader changes in other threads, which allows remote attackers to conduct XML External Entity (XXE) and XML Entity Expansion (XEE) attacks via a crafted XML document, a related issue to CVE-2015-5161.",Released
20160425,CVE-2015-8867,,7.5,977005,php53,https://www.suse.com/security/cve/CVE-2015-8867,"The openssl_random_pseudo_bytes function in ext/openssl/openssl.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 incorrectly relies on the deprecated RAND_pseudo_bytes function, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors.",Released
20160425,CVE-2015-8868,-1,-1,976844,poppler,https://www.suse.com/security/cve/CVE-2015-8868,"Heap-based buffer overflow in the ExponentialFunction::ExponentialFunction function in Poppler before 0.40.0 allows remote attackers to cause a denial of service (memory corruption and crash) or possibly execute arbitrary code via an invalid blend mode in the ExtGState dictionary in a crafted PDF document.",Released
20160425,CVE-2016-4006,,5.9,976944,wireshark,https://www.suse.com/security/cve/CVE-2016-4006,"epan/proto.c in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 does not limit the protocol-tree depth, which allows remote attackers to cause a denial of service (stack memory consumption and application crash) via a crafted packet.",Released
20160425,CVE-2016-4049,,7.5,977012,quagga,https://www.suse.com/security/cve/CVE-2016-4049,"The bgp_dump_routes_func function in bgpd/bgp_dump.c in Quagga does not perform size checks when dumping data, which might allow remote attackers to cause a denial of service (assertion failure and daemon crash) via a large BGP packet.",Released
20160425,CVE-2016-4073,,9.8,977003,php53,https://www.suse.com/security/cve/CVE-2016-4073,"Multiple integer overflows in the mbfl_strcut function in ext/mbstring/libmbfl/mbfl/mbfilter.c in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted mb_strcut call.",Released
20160425,CVE-2016-4076,,5.9,976944,wireshark,https://www.suse.com/security/cve/CVE-2016-4076,"epan/dissectors/packet-ncp2222.inc in the NCP dissector in Wireshark 2.0.x before 2.0.3 does not properly initialize memory for search patterns, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.",Released
20160425,CVE-2016-4077,,5.9,976944,wireshark,https://www.suse.com/security/cve/CVE-2016-4077,"epan/reassemble.c in TShark in Wireshark 2.0.x before 2.0.3 relies on incorrect special-case handling of truncated Tvb data structures, which allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted packet.",Released
20160425,CVE-2016-4078,,5.9,976944,wireshark,https://www.suse.com/security/cve/CVE-2016-4078,"The IEEE 802.11 dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 does not properly restrict element lists, which allows remote attackers to cause a denial of service (deep recursion and application crash) via a crafted packet, related to epan/dissectors/packet-capwap.c and epan/dissectors/packet-ieee80211.c.",Released
20160425,CVE-2016-4079,,5.9,976944,wireshark,https://www.suse.com/security/cve/CVE-2016-4079,"epan/dissectors/packet-pktc.c in the PKTC dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 does not verify BER identifiers, which allows remote attackers to cause a denial of service (out-of-bounds write and application crash) via a crafted packet.",Released
20160425,CVE-2016-4080,,5.9,976944,wireshark,https://www.suse.com/security/cve/CVE-2016-4080,"epan/dissectors/packet-pktc.c in the PKTC dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 misparses timestamp fields, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet.",Released
20160425,CVE-2016-4081,,5.9,976944,wireshark,https://www.suse.com/security/cve/CVE-2016-4081,"epan/dissectors/packet-iax2.c in the IAX2 dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 uses an incorrect integer data type, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet.",Released
20160425,CVE-2016-4082,,5.9,976944,wireshark,https://www.suse.com/security/cve/CVE-2016-4082,"epan/dissectors/packet-gsm_cbch.c in the GSM CBCH dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 uses the wrong variable to index an array, which allows remote attackers to cause a denial of service (out-of-bounds access and application crash) via a crafted packet.",Released
20160425,CVE-2016-4083,,5.9,976944,wireshark,https://www.suse.com/security/cve/CVE-2016-4083,"epan/dissectors/packet-mswsp.c in the MS-WSP dissector in Wireshark 2.0.x before 2.0.3 does not ensure that data is available before array allocation, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.",Released
20160425,CVE-2016-4084,,5.9,976944,wireshark,https://www.suse.com/security/cve/CVE-2016-4084,"Integer signedness error in epan/dissectors/packet-mswsp.c in the MS-WSP dissector in Wireshark 2.0.x before 2.0.3 allows remote attackers to cause a denial of service (integer overflow and application crash) via a crafted packet that triggers an unexpected array size.",Released
20160425,CVE-2016-4085,,5.9,976944,wireshark,https://www.suse.com/security/cve/CVE-2016-4085,"Stack-based buffer overflow in epan/dissectors/packet-ncp2222.inc in the NCP dissector in Wireshark 1.12.x before 1.12.11 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a long string in a packet.",Released
20160427,CVE-2016-1547,,5.3,962784,ntp,https://www.suse.com/security/cve/CVE-2016-1547,"An off-path attacker can cause a preemptible client association to be demobilized in NTP 4.2.8p4 and earlier and NTPSec a5fb34b9cc89b92a8fef2f459004865c93bb7f92 by sending a crypto NAK packet to a victim client with a spoofed source address of an existing associated peer. This is true even if authentication is enabled.",Released
20160427,CVE-2016-1548,,7.2,959243,ntp,https://www.suse.com/security/cve/CVE-2016-1548,"An attacker can spoof a packet from a legitimate ntpd server with an origin timestamp that matches the peer->dst timestamp recorded for that server. After making this switch, the client in NTP 4.2.8p4 and earlier and NTPSec aa48d001683e5b791a743ec9c575aaf7d867a2b0c will reject all future legitimate server responses. It is possible to force the victim client to move time after the mode has been changed. ntpq gives no indication that the mode has been switched.",Released
20160427,CVE-2016-1549,,6.5,1083424,ntp,https://www.suse.com/security/cve/CVE-2016-1549,"A malicious authenticated peer can create arbitrarily-many ephemeral associations in order to win the clock selection algorithm in ntpd in NTP 4.2.8p4 and earlier and NTPsec 3e160db8dc248a0bcb053b56a80167dc742d2b74 and a5fb34b9cc89b92a8fef2f459004865c93bb7f92 and modify a victim's clock.",Released
20160427,CVE-2016-1550,,5.3,977446,ntp,https://www.suse.com/security/cve/CVE-2016-1550,"An exploitable vulnerability exists in the message authentication functionality of libntp in ntp 4.2.8p4 and NTPSec a5fb34b9cc89b92a8fef2f459004865c93bb7f92. An attacker can send a series of crafted messages to attempt to recover the message digest key.",Released
20160427,CVE-2016-1551,,3.7,977446,ntp,https://www.suse.com/security/cve/CVE-2016-1551,"ntpd in NTP 4.2.8p3 and NTPsec a5fb34b9cc89b92a8fef2f459004865c93bb7f92 relies on the underlying operating system to protect it from requests that impersonate reference clocks. Because reference clocks are treated like other peers and stored in the same structure, any packet with a source ip address of a reference clock (127.127.1.1 for example) that reaches the receive() function will match that reference clock's peer record and will be treated as a trusted peer. Any system that lacks the typical martian packet filtering which would block these packets is in danger of having its time controlled by an attacker.",Released
20160427,CVE-2016-2516,,5.3,977446,ntp,https://www.suse.com/security/cve/CVE-2016-2516,"NTP before 4.2.8p7 and 4.3.x before 4.3.92, when mode7 is enabled, allows remote attackers to cause a denial of service (ntpd abort) by using the same IP address multiple times in an unconfig directive.",Released
20160427,CVE-2016-2517,,5.3,977446,ntp,https://www.suse.com/security/cve/CVE-2016-2517,"NTP before 4.2.8p7 and 4.3.x before 4.3.92 allows remote attackers to cause a denial of service (prevent subsequent authentication) by leveraging knowledge of the controlkey or requestkey and sending a crafted packet to ntpd, which changes the value of trustedkey, controlkey, or requestkey.  NOTE: this vulnerability exists because of a CVE-2016-2516 regression.",Released
20160427,CVE-2016-2518,,5.3,977446,ntp,https://www.suse.com/security/cve/CVE-2016-2518,"The MATCH_ASSOC function in NTP before version 4.2.8p9 and 4.3.x before 4.3.92 allows remote attackers to cause an out-of-bounds reference via an addpeer request with a large hmode value.",Released
20160427,CVE-2016-2519,,5.9,959243,ntp,https://www.suse.com/security/cve/CVE-2016-2519,"ntpd in NTP before 4.2.8p7 and 4.3.x before 4.3.92 allows remote attackers to cause a denial of service (ntpd abort) by a large request data value, which triggers the ctl_getitem function to return a NULL value.",Released
20160427,CVE-2016-3705,,7.5,1017497,libxml2,https://www.suse.com/security/cve/CVE-2016-3705,"The (1) xmlParserEntityCheck and (2) xmlParseAttValueComplex functions in parser.c in libxml2 2.9.3 do not properly keep track of the recursion depth, which allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via a crafted XML document containing a large number of nested entity references.",Released
20160428,CVE-2016-0264,,5.6,977648,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2016-0264,"Buffer overflow in the Java Virtual Machine (JVM) in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25 (6.1.8.25), 7 before SR9 FP40 (7.0.9.40), 7 R1 before SR3 FP40 (7.1.3.40), and 8 before SR3 (8.0.3.0) allows remote attackers to execute arbitrary code via unspecified vectors.",Released
20160428,CVE-2016-0363,,8.1,977650,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2016-0363,"The com.ibm.CORBA.iiop.ClientDelegate class in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25 (6.1.8.25), 7 before SR9 FP40 (7.0.9.40), 7 R1 before SR3 FP40 (7.1.3.40), and 8 before SR3 (8.0.3.0) uses the invoke method of the java.lang.reflect.Method class in an AccessController doPrivileged block, which allows remote attackers to call setSecurityManager and bypass a sandbox protection mechanism via vectors related to a Proxy object instance implementing the java.lang.reflect.InvocationHandler interface.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-3009.",Released
20160428,CVE-2016-0376,,8.1,977646,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2016-0376,"The com.ibm.rmi.io.SunSerializableFactory class in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25 (6.1.8.25), 7 before SR9 FP40 (7.0.9.40), 7 R1 before SR3 FP40 (7.1.3.40), and 8 before SR3 (8.0.3.0) does not properly deserialize classes in an AccessController doPrivileged block, which allows remote attackers to bypass a sandbox protection mechanism and execute arbitrary code as demonstrated by the readValue method of the com.ibm.rmi.io.ValueHandlerPool.ValueHandlerSingleton class, which implements the javax.rmi.CORBA.ValueHandler interface.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-5456.",Released
20160428,CVE-2016-2105,,7.5,977584,openssl,https://www.suse.com/security/cve/CVE-2016-2105,"Integer overflow in the EVP_EncodeUpdate function in crypto/evp/encode.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of binary data.",Released
20160428,CVE-2016-2106,,7.5,977584,openssl,https://www.suse.com/security/cve/CVE-2016-2106,"Integer overflow in the EVP_EncryptUpdate function in crypto/evp/evp_enc.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of data.",Released
20160428,CVE-2016-2108,,9.8,1001502,openssl,https://www.suse.com/security/cve/CVE-2016-2108,"The ASN.1 implementation in OpenSSL before 1.0.1o and 1.0.2 before 1.0.2c allows remote attackers to execute arbitrary code or cause a denial of service (buffer underflow and memory corruption) via an ANY field in crafted serialized data, aka the \"negative zero\" issue.",Released
20160502,CVE-2016-4342,,8.8,977991,php53,https://www.suse.com/security/cve/CVE-2016-4342,"ext/phar/phar_object.c in PHP before 5.5.32, 5.6.x before 5.6.18, and 7.x before 7.0.3 mishandles zero-length uncompressed data, which allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a crafted (1) TAR, (2) ZIP, or (3) PHAR archive.",Released
20160502,CVE-2016-4343,,8.8,977992,php53,https://www.suse.com/security/cve/CVE-2016-4343,"The phar_make_dirstream function in ext/phar/dirstream.c in PHP before 5.6.18 and 7.x before 7.0.3 mishandles zero-size ././@LongLink files, which allows remote attackers to cause a denial of service (uninitialized pointer dereference) or possibly have unspecified other impact via a crafted TAR archive.",Unsupported
20160502,CVE-2016-4344,,9.8,977993,php53,https://www.suse.com/security/cve/CVE-2016-4344,"Integer overflow in the xml_utf8_encode function in ext/xml/xml.c in PHP before 7.0.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a long argument to the utf8_encode function, leading to a heap-based buffer overflow.",Released
20160502,CVE-2016-4345,,9.8,977993,php53,https://www.suse.com/security/cve/CVE-2016-4345,"Integer overflow in the php_filter_encode_url function in ext/filter/sanitizing_filters.c in PHP before 7.0.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a long string, leading to a heap-based buffer overflow.",Analysis
20160502,CVE-2016-4346,,9.8,977993,php53,https://www.suse.com/security/cve/CVE-2016-4346,"Integer overflow in the str_pad function in ext/standard/string.c in PHP before 7.0.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a long string, leading to a heap-based buffer overflow.",Released
20160502,CVE-2016-4347,-1,-1,977985,libcroco,https://www.suse.com/security/cve/CVE-2016-4347,"** REJECT **  DO NOT USE THIS CANDIDATE NUMBER.  ConsultIDs: CVE-2015-7558.  Reason: This candidate is a reservation duplicate of CVE-2015-7558.  Notes: All CVE users should reference CVE-2015-7558 instead of this candidate.  All references and descriptions in this candidate have been removed to prevent accidental usage.",Released
20160502,CVE-2016-4347,-1,-1,977985,librsvg,https://www.suse.com/security/cve/CVE-2016-4347,"** REJECT **  DO NOT USE THIS CANDIDATE NUMBER.  ConsultIDs: CVE-2015-7558.  Reason: This candidate is a reservation duplicate of CVE-2015-7558.  Notes: All CVE users should reference CVE-2015-7558 instead of this candidate.  All references and descriptions in this candidate have been removed to prevent accidental usage.",Released
20160502,CVE-2016-4348,,7.5,977986,libcroco,https://www.suse.com/security/cve/CVE-2016-4348,"The _rsvg_css_normalize_font_size function in librsvg 2.40.2 allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via circular definitions in an SVG document.",Released
20160502,CVE-2016-4348,,7.5,977986,librsvg,https://www.suse.com/security/cve/CVE-2016-4348,"The _rsvg_css_normalize_font_size function in librsvg 2.40.2 allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via circular definitions in an SVG document.",Released
20160502,CVE-2016-4415,,5.9,977983,wireshark,https://www.suse.com/security/cve/CVE-2016-4415,"wiretap/vwr.c in the Ixia IxVeriWave file parser in Wireshark 2.x before 2.0.2 incorrectly increases a certain octet count, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) via a crafted file.",Already fixed
20160502,CVE-2016-4416,,5.9,977983,wireshark,https://www.suse.com/security/cve/CVE-2016-4416,"epan/dissectors/packet-ieee80211.c in the IEEE 802.11 dissector in Wireshark 2.x before 2.0.2 mishandles the Grouping subfield, which allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted packet.",Already fixed
20160502,CVE-2016-4417,,5.9,977983,wireshark,https://www.suse.com/security/cve/CVE-2016-4417,"Off-by-one error in epan/dissectors/packet-gsm_abis_oml.c in the GSM A-bis OML dissector in Wireshark 1.12.x before 1.12.10 and 2.x before 2.0.2 allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted packet that triggers a 0xff tag value.",Already fixed
20160502,CVE-2016-4418,,5.9,977983,wireshark,https://www.suse.com/security/cve/CVE-2016-4418,"epan/dissectors/packet-ber.c in the ASN.1 BER dissector in Wireshark 1.12.x before 1.12.10 and 2.x before 2.0.2 allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted packet that triggers an empty set.",Already fixed
20160502,CVE-2016-4419,,5.9,977983,wireshark,https://www.suse.com/security/cve/CVE-2016-4419,"epan/dissectors/packet-spice.c in the SPICE dissector in Wireshark 2.x before 2.0.2 mishandles capability data, which allows remote attackers to cause a denial of service (large loop) via a crafted packet.",Already fixed
20160502,CVE-2016-4420,,5.9,977983,wireshark,https://www.suse.com/security/cve/CVE-2016-4420,"The NFS dissector in Wireshark 2.x before 2.0.2 allows remote attackers to cause a denial of service (application crash) via a crafted packet.",Already fixed
20160502,CVE-2016-4421,,5.9,977983,wireshark,https://www.suse.com/security/cve/CVE-2016-4421,"epan/dissectors/packet-ber.c in the ASN.1 BER dissector in Wireshark 1.12.x before 1.12.10 and 2.x before 2.0.2 allows remote attackers to cause a denial of service (deep recursion, stack consumption, and application crash) via a packet that specifies deeply nested data.",Already fixed
20160503,CVE-2016-3710,,8.8,978158,kvm,https://www.suse.com/security/cve/CVE-2016-3710,"The VGA module in QEMU improperly performs bounds checking on banked access to video memory, which allows local guest OS administrators to execute arbitrary code on the host by changing access modes after setting the bank register, aka the \"Dark Portal\" issue.",Released
20160503,CVE-2016-3710,,8.8,978158,xen,https://www.suse.com/security/cve/CVE-2016-3710,"The VGA module in QEMU improperly performs bounds checking on banked access to video memory, which allows local guest OS administrators to execute arbitrary code on the host by changing access modes after setting the bank register, aka the \"Dark Portal\" issue.",Released
20160503,CVE-2016-3712,,5.5,978160,kvm,https://www.suse.com/security/cve/CVE-2016-3712,"Integer overflow in the VGA module in QEMU allows local guest OS users to cause a denial of service (out-of-bounds read and QEMU process crash) by editing VGA registers in VBE mode.",Released
20160503,CVE-2016-3714,,8.4,1000484,ImageMagick,https://www.suse.com/security/cve/CVE-2016-3714,"The (1) EPHEMERAL, (2) HTTPS, (3) MVG, (4) MSL, (5) TEXT, (6) SHOW, (7) WIN, and (8) PLT coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to execute arbitrary code via shell metacharacters in a crafted image, aka \"ImageTragick.\"",Released
20160503,CVE-2016-3715,,5.5,1000484,ImageMagick,https://www.suse.com/security/cve/CVE-2016-3715,"The EPHEMERAL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to delete arbitrary files via a crafted image.",Released
20160503,CVE-2016-3716,,3.3,1000484,ImageMagick,https://www.suse.com/security/cve/CVE-2016-3716,"The MSL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to move arbitrary files via a crafted image.",Released
20160503,CVE-2016-3717,,5.5,1000484,ImageMagick,https://www.suse.com/security/cve/CVE-2016-3717,"The LABEL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to read arbitrary files via a crafted image.",Released
20160503,CVE-2016-3718,,6.3,1000484,ImageMagick,https://www.suse.com/security/cve/CVE-2016-3718,"The (1) HTTP and (2) FTP coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted image.",Released
20160503,CVE-2016-4476,,7.5,978172,wpa_supplicant,https://www.suse.com/security/cve/CVE-2016-4476,"hostapd 0.6.7 through 2.5 and wpa_supplicant 0.6.7 through 2.5 do not reject \n and \r characters in passphrase parameters, which allows remote attackers to cause a denial of service (daemon outage) via a crafted WPS operation.",Unsupported
20160503,CVE-2016-4477,,7.8,978175,wpa_supplicant,https://www.suse.com/security/cve/CVE-2016-4477,"wpa_supplicant 0.4.0 through 2.5 does not reject \n and \r characters in passphrase parameters, which allows local users to trigger arbitrary library loading and consequently gain privileges, or cause a denial of service (daemon outage), via a crafted (1) SET, (2) SET_CRED, or (3) SET_NETWORK command.",Unsupported
20160504,CVE-2016-4482,,6.2,1020452,kernel-source,https://www.suse.com/security/cve/CVE-2016-4482,"The proc_connectinfo function in drivers/usb/core/devio.c in the Linux kernel through 4.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted USBDEVFS_CONNECTINFO ioctl call.",Released
20160504,CVE-2016-4483,,7.5,1026101,libxml2,https://www.suse.com/security/cve/CVE-2016-4483,"The xmlBufAttrSerializeTxtContent function in xmlsave.c in libxml2 allows context-dependent attackers to cause a denial of service (out-of-bounds read and application crash) via a non-UTF-8 attribute value, related to serialization.  NOTE: this vulnerability may be a duplicate of CVE-2016-3627.",Released
20160506,CVE-2016-2226,,7.8,978812,gcc,https://www.suse.com/security/cve/CVE-2016-2226,"Integer overflow in the string_appends function in cplus-dem.c in libiberty allows remote attackers to execute arbitrary code via a crafted executable, which triggers a buffer overflow.",Won't fix
20160506,CVE-2016-4485,5.3,7.5,1020452,kernel-source,https://www.suse.com/security/cve/CVE-2016-4485,"The llc_cmsg_rcv function in net/llc/af_llc.c in the Linux kernel before 4.5.5 does not initialize a certain data structure, which allows attackers to obtain sensitive information from kernel stack memory by reading a message.",Released
20160506,CVE-2016-4486,,3.3,1020452,kernel-source,https://www.suse.com/security/cve/CVE-2016-4486,"The rtnl_fill_link_ifmap function in net/core/rtnetlink.c in the Linux kernel before 4.5.5 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory by reading a Netlink message.",Released
20160506,CVE-2016-4487,,5.5,978813,gcc,https://www.suse.com/security/cve/CVE-2016-4487,"Use-after-free vulnerability in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to \"btypevec.\"",Affected
20160506,CVE-2016-4488,,5.5,978814,gcc,https://www.suse.com/security/cve/CVE-2016-4488,"Use-after-free vulnerability in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to \"ktypevec.\"",Affected
20160506,CVE-2016-4489,,5.5,978815,gcc,https://www.suse.com/security/cve/CVE-2016-4489,"Integer overflow in the gnu_special function in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to the \"demangling of virtual tables.\"",Affected
20160506,CVE-2016-4490,,5.5,978816,gcc,https://www.suse.com/security/cve/CVE-2016-4490,"Integer overflow in cp-demangle.c in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to inconsistent use of the long and int types for lengths.",Affected
20160506,CVE-2016-4491,,5.5,978817,gcc,https://www.suse.com/security/cve/CVE-2016-4491,"The d_print_comp function in cp-demangle.c in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, which triggers infinite recursion and a buffer overflow, related to a node having \"itself as ancestor more than once.\"",Unsupported
20160506,CVE-2016-4492,,4.4,978818,gcc,https://www.suse.com/security/cve/CVE-2016-4492,"Buffer overflow in the do_type function in cplus-dem.c in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary.",Unsupported
20160506,CVE-2016-4493,,5.5,978819,gcc,https://www.suse.com/security/cve/CVE-2016-4493,"The demangle_template_value_parm and do_hpacc_template_literal functions in cplus-dem.c in libiberty allow remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted binary.",Unsupported
20160506,CVE-2016-4537,,9.8,978827,php53,https://www.suse.com/security/cve/CVE-2016-4537,"The bcpowmod function in ext/bcmath/bcmath.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 accepts a negative integer for the scale argument, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted call.",Released
20160506,CVE-2016-4538,,9.8,978827,php53,https://www.suse.com/security/cve/CVE-2016-4538,"The bcpowmod function in ext/bcmath/bcmath.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 modifies certain data structures without considering whether they are copies of the _zero_, _one_, or _two_ global variable, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted call.",Released
20160506,CVE-2016-4539,,9.8,978828,php53,https://www.suse.com/security/cve/CVE-2016-4539,"The xml_parse_into_struct function in ext/xml/xml.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 allows remote attackers to cause a denial of service (buffer under-read and segmentation fault) or possibly have unspecified other impact via crafted XML data in the second argument, leading to a parser level of zero.",Released
20160506,CVE-2016-4540,,9.8,978829,php53,https://www.suse.com/security/cve/CVE-2016-4540,"The grapheme_stripos function in ext/intl/grapheme/grapheme_string.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a negative offset.",Released
20160506,CVE-2016-4541,,9.8,978829,php53,https://www.suse.com/security/cve/CVE-2016-4541,"The grapheme_strpos function in ext/intl/grapheme/grapheme_string.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a negative offset.",Released
20160506,CVE-2016-4542,9.8,9.8,978830,php53,https://www.suse.com/security/cve/CVE-2016-4542,"The exif_process_IFD_TAG function in ext/exif/exif.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 does not properly construct spprintf arguments, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via crafted header data.",Released
20160506,CVE-2016-4543,9.8,9.8,978830,php53,https://www.suse.com/security/cve/CVE-2016-4543,"The exif_process_IFD_in_JPEG function in ext/exif/exif.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 does not validate IFD sizes, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via crafted header data.",Released
20160506,CVE-2016-4544,9.8,9.8,978830,php53,https://www.suse.com/security/cve/CVE-2016-4544,"The exif_process_TIFF_in_JPEG function in ext/exif/exif.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 does not validate TIFF start data, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via crafted header data.",Released
20160509,CVE-2015-3288,,7.8,1115893,kernel-source,https://www.suse.com/security/cve/CVE-2015-3288,"mm/memory.c in the Linux kernel before 4.1.4 mishandles anonymous pages, which allows local users to gain privileges or cause a denial of service (page tainting) via a crafted application that triggers writing to page zero.",Released
20160509,CVE-2016-4553,,8.6,979009,squid3,https://www.suse.com/security/cve/CVE-2016-4553,"client_side.cc in Squid before 3.5.18 and 4.x before 4.0.10 does not properly ignore the Host header when absolute-URI is provided, which allows remote attackers to conduct cache-poisoning attacks via an HTTP request.",Released
20160509,CVE-2016-4554,,8.6,979010,squid3,https://www.suse.com/security/cve/CVE-2016-4554,"mime_header.cc in Squid before 3.5.18 allows remote attackers to bypass intended same-origin restrictions and possibly conduct cache-poisoning attacks via a crafted HTTP Host header, aka a \"header smuggling\" issue.",Released
20160509,CVE-2016-4554,,8.6,979010,squid,https://www.suse.com/security/cve/CVE-2016-4554,"mime_header.cc in Squid before 3.5.18 allows remote attackers to bypass intended same-origin restrictions and possibly conduct cache-poisoning attacks via a crafted HTTP Host header, aka a \"header smuggling\" issue.",Released
20160509,CVE-2016-4555,,7.5,979008,squid3,https://www.suse.com/security/cve/CVE-2016-4555,"client_side_request.cc in Squid 3.x before 3.5.18 and 4.x before 4.0.10 allows remote servers to cause a denial of service (crash) via crafted Edge Side Includes (ESI) responses.",Released
20160509,CVE-2016-4556,,7.5,979008,squid3,https://www.suse.com/security/cve/CVE-2016-4556,"Double free vulnerability in Esi.cc in Squid 3.x before 3.5.18 and 4.x before 4.0.10 allows remote servers to cause a denial of service (crash) via a crafted Edge Side Includes (ESI) response.",Released
20160510,CVE-2016-4569,3.3,5.5,1020452,kernel-source,https://www.suse.com/security/cve/CVE-2016-4569,"The snd_timer_user_params function in sound/core/timer.c in the Linux kernel through 4.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface.",Released
20160511,CVE-2016-0718,,9.8,979441,expat,https://www.suse.com/security/cve/CVE-2016-0718,"Expat allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a malformed input document, which triggers a buffer overflow.",Released
20160511,CVE-2016-4565,,7.8,1020452,kernel-source,https://www.suse.com/security/cve/CVE-2016-4565,"The InfiniBand (aka IB) stack in the Linux kernel before 4.5.3 incorrectly relies on the write system call, which allows local users to cause a denial of service (kernel memory write operation) or possibly have unspecified other impact via a uAPI interface.",Released
20160511,CVE-2016-4574,,7.5,1135436,libksba,https://www.suse.com/security/cve/CVE-2016-4574,"Off-by-one error in the append_utf8_value function in the DN decoder (dn.c) in Libksba before 1.3.4 allows remote attackers to cause a denial of service (out-of-bounds read) via invalid utf-8 encoded data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-4356.",Released
20160513,CVE-2016-0758,,7.8,1020452,kernel-source,https://www.suse.com/security/cve/CVE-2016-0758,"Integer overflow in lib/asn1_decoder.c in the Linux kernel before 4.6 allows local users to gain privileges via crafted ASN.1 data.",Released
20160513,CVE-2016-4480,,8.4,1072198,xen,https://www.suse.com/security/cve/CVE-2016-4480,"The guest_walk_tables function in arch/x86/mm/guest_walk.c in Xen 4.6.x and earlier does not properly handle the Page Size (PS) page table entry bit at the L4 and L3 page table levels, which might allow local guest OS users to gain privileges via a crafted mapping of memory.",Released
20160513,CVE-2016-4578,,5.5,1020452,kernel-source,https://www.suse.com/security/cve/CVE-2016-4578,"sound/core/timer.c in the Linux kernel through 4.6 does not initialize certain r1 data structures, which allows local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface, related to the (1) snd_timer_user_ccallback and (2) snd_timer_user_tinterrupt functions.",Released
20160513,CVE-2016-4579,,7.5,1135436,libksba,https://www.suse.com/security/cve/CVE-2016-4579,"Libksba before 1.3.4 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via unspecified vectors, related to the \"returned length of the object from _ksba_ber_parse_tl.\"",Released
20160517,CVE-2015-4116,-1,-1,980366,php53,https://www.suse.com/security/cve/CVE-2015-4116,"Use-after-free vulnerability in the spl_ptr_heap_insert function in ext/spl/spl_heap.c in PHP before 5.5.27 and 5.6.x before 5.6.11 allows remote attackers to execute arbitrary code by triggering a failed SplMinHeap::compare operation.",Released
20160517,CVE-2015-8872,,6.2,980364,dosfstools,https://www.suse.com/security/cve/CVE-2015-8872,"The set_fat function in fat.c in dosfstools before 4.0 might allow attackers to corrupt a FAT12 filesystem or cause a denial of service (invalid memory read and crash) by writing an odd number of clusters to the third to last entry on a FAT12 filesystem, which triggers an \"off-by-two error.\"",Released
20160517,CVE-2015-8873,,7.5,980366,php53,https://www.suse.com/security/cve/CVE-2015-8873,"Stack consumption vulnerability in Zend/zend_exceptions.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allows remote attackers to cause a denial of service (segmentation fault) via recursive method calls.",Released
20160517,CVE-2015-8874,-1,-1,980366,php53,https://www.suse.com/security/cve/CVE-2015-8874,"Stack consumption vulnerability in GD in PHP before 5.6.12 allows remote attackers to cause a denial of service via a crafted imagefilltoborder call.",Released
20160517,CVE-2016-4804,,6.2,980364,dosfstools,https://www.suse.com/security/cve/CVE-2016-4804,"The read_boot function in boot.c in dosfstools before 4.0 allows attackers to cause a denial of service (crash) via a crafted filesystem, which triggers a heap-based buffer overflow in the (1) read_fat function or an out-of-bounds heap read in (2) get_fat function.",Released
20160517,CVE-2016-4805,,7.8,1020452,kernel-source,https://www.suse.com/security/cve/CVE-2016-4805,"Use-after-free vulnerability in drivers/net/ppp/ppp_generic.c in the Linux kernel before 4.5.2 allows local users to cause a denial of service (memory corruption and system crash, or spinlock) or possibly have unspecified other impact by removing a network namespace, related to the ppp_register_net_channel and ppp_unregister_channel functions.",Released
20160518,CVE-2016-3706,,7.5,1123874,glibc,https://www.suse.com/security/cve/CVE-2016-3706,"Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in the GNU C Library (aka glibc or libc6) allows remote attackers to cause a denial of service (crash) via vectors involving hostent conversion. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4458.",Released
20160519,CVE-2016-1602,,7.8,1063385,supportutils,https://www.suse.com/security/cve/CVE-2016-1602,"A code injection in the supportconfig data collection tool in supportutils in SUSE Linux Enterprise Server 12 and 12-SP1 and SUSE Linux Enterprise Desktop 12 and 12-SP1 could be used by local attackers to execute code as the user running supportconfig (usually root).",Released
20160519,CVE-2016-4439,,8.2,980711,kvm,https://www.suse.com/security/cve/CVE-2016-4439,"The esp_reg_write function in hw/scsi/esp.c in the 53C9X Fast SCSI Controller (FSC) support in QEMU does not properly check command buffer length, which allows local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) or potentially execute arbitrary code on the QEMU host via unspecified vectors.",Released
20160519,CVE-2016-4439,,8.2,980711,xen,https://www.suse.com/security/cve/CVE-2016-4439,"The esp_reg_write function in hw/scsi/esp.c in the 53C9X Fast SCSI Controller (FSC) support in QEMU does not properly check command buffer length, which allows local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) or potentially execute arbitrary code on the QEMU host via unspecified vectors.",Released
20160519,CVE-2016-4441,,6,980723,kvm,https://www.suse.com/security/cve/CVE-2016-4441,"The get_cmd function in hw/scsi/esp.c in the 53C9X Fast SCSI Controller (FSC) support in QEMU does not properly check DMA length, which allows local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) via unspecified vectors, involving an SCSI command.",Released
20160519,CVE-2016-4441,,6,980723,xen,https://www.suse.com/security/cve/CVE-2016-4441,"The get_cmd function in hw/scsi/esp.c in the 53C9X Fast SCSI Controller (FSC) support in QEMU does not properly check DMA length, which allows local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) via unspecified vectors, involving an SCSI command.",Released
20160519,CVE-2016-4912,,7.5,1074356,openslp,https://www.suse.com/security/cve/CVE-2016-4912,"The _xrealloc function in xlsp_xmalloc.c in OpenSLP 2.0.0 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a large number of crafted packets, which triggers a memory allocation failure.",Unsupported
20160519,CVE-2016-4913,5.5,7.8,1115893,kernel-source,https://www.suse.com/security/cve/CVE-2016-4913,"The get_rock_ridge_filename function in fs/isofs/rock.c in the Linux kernel before 4.5.5 mishandles NM (aka alternate name) entries containing \0 characters, which allows local users to obtain sensitive information from kernel memory or possibly have unspecified other impact via a crafted isofs filesystem.",Released
20160520,CVE-2016-4429,,5.9,1081556,glibc,https://www.suse.com/security/cve/CVE-2016-4429,"Stack-based buffer overflow in the clntudp_call function in sunrpc/clnt_udp.c in the GNU C Library (aka glibc or libc6) allows remote servers to cause a denial of service (crash) or possibly unspecified other impact via a flood of crafted ICMP and UDP packets.",Released
20160523,CVE-2015-8876,,9.8,1019550,php53,https://www.suse.com/security/cve/CVE-2015-8876,"Zend/zend_exceptions.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 does not validate certain Exception objects, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or trigger unintended method execution via crafted serialized data.",Unsupported
20160523,CVE-2015-8878,,5.9,981055,php53,https://www.suse.com/security/cve/CVE-2015-8878,"main/php_open_temporary_file.c in PHP before 5.5.28 and 5.6.x before 5.6.12 does not ensure thread safety, which allows remote attackers to cause a denial of service (race condition and heap memory corruption) by leveraging an application that performs many temporary-file accesses.",Ignore
20160523,CVE-2015-8879,,7.5,981050,php53,https://www.suse.com/security/cve/CVE-2015-8879,"The odbc_bindcols function in ext/odbc/php_odbc.c in PHP before 5.6.12 mishandles driver behavior for SQL_WVARCHAR columns, which allows remote attackers to cause a denial of service (application crash) in opportunistic circumstances by leveraging use of the odbc_fetch_array function to access a certain type of Microsoft SQL Server table.",Released
20160523,CVE-2016-1762,,8.1,1123919,libxml2,https://www.suse.com/security/cve/CVE-2016-1762,"The xmlNextChar function in libxml2 before 2.9.4 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document.",Released
20160523,CVE-2016-1833,,8.8,1123919,libxml2,https://www.suse.com/security/cve/CVE-2016-1833,"The htmlCurrentChar function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document.",Released
20160523,CVE-2016-1834,,8.8,1123919,libxml2,https://www.suse.com/security/cve/CVE-2016-1834,"Heap-based buffer overflow in the xmlStrncat function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document.",Released
20160523,CVE-2016-1835,,8.8,1123919,libxml2,https://www.suse.com/security/cve/CVE-2016-1835,"Use-after-free vulnerability in the xmlSAX2AttributeNs function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2 and OS X before 10.11.5, allows remote attackers to cause a denial of service via a crafted XML document.",Released
20160523,CVE-2016-1837,,8.8,1123919,libxml2,https://www.suse.com/security/cve/CVE-2016-1837,"Multiple use-after-free vulnerabilities in the (1) htmlPArsePubidLiteral and (2) htmlParseSystemiteral functions in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allow remote attackers to cause a denial of service via a crafted XML document.",Released
20160523,CVE-2016-1838,,8.8,1123919,libxml2,https://www.suse.com/security/cve/CVE-2016-1838,"The xmlPArserPrintFileContextInternal function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document.",Released
20160523,CVE-2016-1839,6.5,8.8,1039069,libxml2,https://www.suse.com/security/cve/CVE-2016-1839,"The xmlDictAddString function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document.",Released
20160523,CVE-2016-1840,,8.8,1123919,libxml2,https://www.suse.com/security/cve/CVE-2016-1840,"Heap-based buffer overflow in the xmlFAParsePosCharGroup function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document.",Released
20160524,CVE-2014-3672,,6.5,981264,xen,https://www.suse.com/security/cve/CVE-2014-3672,"The qemu implementation in libvirt before 1.3.0 and Xen allows local guest OS users to cause a denial of service (host disk consumption) by writing to stdout or stderr.",Released
20160524,CVE-2016-4580,,7.5,870618,kernel-source,https://www.suse.com/security/cve/CVE-2016-4580,"The x25_negotiate_facilities function in net/x25/x25_facilities.c in the Linux kernel before 4.5.5 does not properly initialize a certain data structure, which allows attackers to obtain sensitive information from kernel stack memory via an X.25 Call Request.",Released
20160524,CVE-2016-4952,,5.3,981266,xen,https://www.suse.com/security/cve/CVE-2016-4952,"QEMU (aka Quick Emulator), when built with VMWARE PVSCSI paravirtual SCSI bus emulation support, allows local guest OS administrators to cause a denial of service (out-of-bounds array access) via vectors related to the (1) PVSCSI_CMD_SETUP_RINGS or (2) PVSCSI_CMD_SETUP_MSG_RING SCSI command.",Affected
20160524,CVE-2016-4962,,6.7,979620,xen,https://www.suse.com/security/cve/CVE-2016-4962,"The libxl device-handling in Xen 4.6.x and earlier allows local OS guest administrators to cause a denial of service (resource consumption or management facility confusion) or gain host OS privileges by manipulating information in guest controlled areas of xenstore.",Released
20160524,CVE-2016-4963,,4.7,979641,xen,https://www.suse.com/security/cve/CVE-2016-4963,"The libxl device-handling in Xen through 4.6.x allows local guest OS users with access to the driver domain to cause a denial of service (management tool confusion) by manipulating information in the backend directories in xenstore.",Released
20160525,CVE-2016-4447,,7.5,1123919,libxml2,https://www.suse.com/security/cve/CVE-2016-4447,"The xmlParseElementDecl function in parser.c in libxml2 before 2.9.4 allows context-dependent attackers to cause a denial of service (heap-based buffer underread and application crash) via a crafted file, involving xmlParseName.",Released
20160525,CVE-2016-4448,,9.8,1010299,libxml2,https://www.suse.com/security/cve/CVE-2016-4448,"Format string vulnerability in libxml2 before 2.9.4 allows attackers to have unspecified impact via format string specifiers in unknown vectors.",Released
20160525,CVE-2016-4449,,7.1,1123919,libxml2,https://www.suse.com/security/cve/CVE-2016-4449,"XML external entity (XXE) vulnerability in the xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.4, when not in validating mode, allows context-dependent attackers to read arbitrary files or cause a denial of service (resource consumption) via unspecified vectors.",Released
20160527,CVE-2013-7456,-1,-1,982009,php53,https://www.suse.com/security/cve/CVE-2013-7456,"gd_interpolation.c in the GD Graphics Library (aka libgd) before 2.1.1, as used in PHP before 5.5.36, 5.6.x before 5.6.22, and 7.x before 7.0.7, allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted image that is mishandled by the imagescale function.",Already fixed
20160527,CVE-2016-4953,,7.5,962784,ntp,https://www.suse.com/security/cve/CVE-2016-4953,"ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (ephemeral-association demobilization) by sending a spoofed crypto-NAK packet with incorrect authentication data at a certain time.",Released
20160527,CVE-2016-4954,,7.5,982056,ntp,https://www.suse.com/security/cve/CVE-2016-4954,"The process_packet function in ntp_proto.c in ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (peer-variable modification) by sending spoofed packets from many source IP addresses in a certain scenario, as demonstrated by triggering an incorrect leap indication.",Released
20160527,CVE-2016-4955,,5.9,982056,ntp,https://www.suse.com/security/cve/CVE-2016-4955,"ntpd in NTP 4.x before 4.2.8p8, when autokey is enabled, allows remote attackers to cause a denial of service (peer-variable clearing and association outage) by sending (1) a spoofed crypto-NAK packet or (2) a packet with an incorrect MAC value at a certain time.",Released
20160527,CVE-2016-4956,,5.3,977461,ntp,https://www.suse.com/security/cve/CVE-2016-4956,"ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (interleaved-mode transition and time change) via a spoofed broadcast packet.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-1548.",Released
20160527,CVE-2016-4957,,8.6,977459,ntp,https://www.suse.com/security/cve/CVE-2016-4957,"ntpd in NTP before 4.2.8p8 allows remote attackers to cause a denial of service (daemon crash) via a crypto-NAK packet.  NOTE: this vulnerability exists because of an incorrect fix for CVE-2016-1547.",Released
20160527,CVE-2016-5093,,8.6,982010,php53,https://www.suse.com/security/cve/CVE-2016-5093,"The get_icu_value_internal function in ext/intl/locale/locale_methods.c in PHP before 5.5.36, 5.6.x before 5.6.22, and 7.x before 7.0.7 does not ensure the presence of a '\0' character, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted locale_get_primary_language call.",Released
20160527,CVE-2016-5094,,8.6,982011,php53,https://www.suse.com/security/cve/CVE-2016-5094,"Integer overflow in the php_html_entities function in ext/standard/html.c in PHP before 5.5.36 and 5.6.x before 5.6.22 allows remote attackers to cause a denial of service or possibly have unspecified other impact by triggering a large output string from the htmlspecialchars function.",Released
20160527,CVE-2016-5095,,8.6,982011,php53,https://www.suse.com/security/cve/CVE-2016-5095,"Integer overflow in the php_escape_html_entities_ex function in ext/standard/html.c in PHP before 5.5.36 and 5.6.x before 5.6.22 allows remote attackers to cause a denial of service or possibly have unspecified other impact by triggering a large output string from a FILTER_SANITIZE_FULL_SPECIAL_CHARS filter_var call.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-5094.",Released
20160527,CVE-2016-5096,,8.6,982013,php53,https://www.suse.com/security/cve/CVE-2016-5096,"Integer overflow in the fread function in ext/standard/file.c in PHP before 5.5.36 and 5.6.x before 5.6.22 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large integer in the second argument.",Released
20160527,CVE-2016-5105,,4.1,982017,kvm,https://www.suse.com/security/cve/CVE-2016-5105,"The megasas_dcmd_cfg_read function in hw/scsi/megasas.c in QEMU, when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, uses an uninitialized variable, which allows local guest administrators to read host memory via vectors involving a MegaRAID Firmware Interface (MFI) command.",Released
20160527,CVE-2016-5105,,4.1,982017,xen,https://www.suse.com/security/cve/CVE-2016-5105,"The megasas_dcmd_cfg_read function in hw/scsi/megasas.c in QEMU, when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, uses an uninitialized variable, which allows local guest administrators to read host memory via vectors involving a MegaRAID Firmware Interface (MFI) command.",Unsupported
20160527,CVE-2016-5106,,5.3,982018,kvm,https://www.suse.com/security/cve/CVE-2016-5106,"The megasas_dcmd_set_properties function in hw/scsi/megasas.c in QEMU, when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, allows local guest administrators to cause a denial of service (out-of-bounds write access) via vectors involving a MegaRAID Firmware Interface (MFI) command.",Released
20160527,CVE-2016-5106,,5.3,982018,xen,https://www.suse.com/security/cve/CVE-2016-5106,"The megasas_dcmd_set_properties function in hw/scsi/megasas.c in QEMU, when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, allows local guest administrators to cause a denial of service (out-of-bounds write access) via vectors involving a MegaRAID Firmware Interface (MFI) command.",Unsupported
20160527,CVE-2016-5107,,5.3,982019,kvm,https://www.suse.com/security/cve/CVE-2016-5107,"The megasas_lookup_frame function in QEMU, when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, allows local guest OS administrators to cause a denial of service (out-of-bounds read and crash) via unspecified vectors.",Released
20160527,CVE-2016-5107,,5.3,982019,xen,https://www.suse.com/security/cve/CVE-2016-5107,"The megasas_lookup_frame function in QEMU, when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, allows local guest OS administrators to cause a denial of service (out-of-bounds read and crash) via unspecified vectors.",Unsupported
20160530,CVE-2016-4453,,4.4,982223,kvm,https://www.suse.com/security/cve/CVE-2016-4453,"The vmsvga_fifo_run function in hw/display/vmware_vga.c in QEMU allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via a VGA command.",Released
20160530,CVE-2016-4453,,4.4,982223,xen,https://www.suse.com/security/cve/CVE-2016-4453,"The vmsvga_fifo_run function in hw/display/vmware_vga.c in QEMU allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via a VGA command.",Ignore
20160530,CVE-2016-4454,,6,982222,kvm,https://www.suse.com/security/cve/CVE-2016-4454,"The vmsvga_fifo_read_raw function in hw/display/vmware_vga.c in QEMU allows local guest OS administrators to obtain sensitive host memory information or cause a denial of service (QEMU process crash) by changing FIFO registers and issuing a VGA command, which triggers an out-of-bounds read.",Released
20160530,CVE-2016-4454,,6,982222,xen,https://www.suse.com/security/cve/CVE-2016-4454,"The vmsvga_fifo_read_raw function in hw/display/vmware_vga.c in QEMU allows local guest OS administrators to obtain sensitive host memory information or cause a denial of service (QEMU process crash) by changing FIFO registers and issuing a VGA command, which triggers an out-of-bounds read.",Unsupported
20160530,CVE-2016-5114,,9.1,982162,php53,https://www.suse.com/security/cve/CVE-2016-5114,"sapi/fpm/fpm/fpm_log.c in PHP before 5.5.31, 5.6.x before 5.6.17, and 7.x before 7.0.2 misinterprets the semantics of the snprintf return value, which allows attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read and buffer overflow) via a long string, as demonstrated by a long URI in a configuration with custom REQUEST_URI logging.",Released
20160530,CVE-2016-5118,,9.8,1000484,ImageMagick,https://www.suse.com/security/cve/CVE-2016-5118,"The OpenBlob function in blob.c in GraphicsMagick before 1.3.24 and ImageMagick allows remote attackers to execute arbitrary code via a | (pipe) character at the start of a filename.",Released
20160531,CVE-2016-2150,7.1,7.1,982385,spice,https://www.suse.com/security/cve/CVE-2016-2150,"SPICE allows local guest OS users to read from or write to arbitrary host memory locations via crafted primary surface parameters, a similar issue to CVE-2015-5261.",Released
20160531,CVE-2016-5126,,7.8,982285,xen,https://www.suse.com/security/cve/CVE-2016-5126,"Heap-based buffer overflow in the iscsi_aio_ioctl function in block/iscsi.c in QEMU allows local guest OS users to cause a denial of service (QEMU process crash) or possibly execute arbitrary code via a crafted iSCSI asynchronous I/O ioctl call.",Released
20160601,CVE-2016-2177,5.9,9.8,982575,openssl,https://www.suse.com/security/cve/CVE-2016-2177,"OpenSSL through 1.0.2h incorrectly uses pointer arithmetic for heap-buffer boundary checks, which might allow remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact by leveraging unexpected malloc behavior, related to s3_srvr.c, ssl_sess.c, and t1_lib.c.",Released
20160602,CVE-2016-2853,,7.8,982781,kernel-bigmem,https://www.suse.com/security/cve/CVE-2016-2853,"The aufs module for the Linux kernel 3.x and 4.x does not properly restrict the mount namespace, which allows local users to gain privileges by mounting an aufs filesystem on top of a FUSE filesystem, and then executing a crafted setuid program.",Analysis
20160602,CVE-2016-2853,,7.8,982781,kernel-default,https://www.suse.com/security/cve/CVE-2016-2853,"The aufs module for the Linux kernel 3.x and 4.x does not properly restrict the mount namespace, which allows local users to gain privileges by mounting an aufs filesystem on top of a FUSE filesystem, and then executing a crafted setuid program.",Analysis
20160602,CVE-2016-2853,,7.8,982781,kernel-ec2,https://www.suse.com/security/cve/CVE-2016-2853,"The aufs module for the Linux kernel 3.x and 4.x does not properly restrict the mount namespace, which allows local users to gain privileges by mounting an aufs filesystem on top of a FUSE filesystem, and then executing a crafted setuid program.",Analysis
20160602,CVE-2016-2853,,7.8,982781,kernel-pae,https://www.suse.com/security/cve/CVE-2016-2853,"The aufs module for the Linux kernel 3.x and 4.x does not properly restrict the mount namespace, which allows local users to gain privileges by mounting an aufs filesystem on top of a FUSE filesystem, and then executing a crafted setuid program.",Analysis
20160602,CVE-2016-2853,,7.8,982781,kernel-ppc64,https://www.suse.com/security/cve/CVE-2016-2853,"The aufs module for the Linux kernel 3.x and 4.x does not properly restrict the mount namespace, which allows local users to gain privileges by mounting an aufs filesystem on top of a FUSE filesystem, and then executing a crafted setuid program.",Analysis
20160602,CVE-2016-2853,,7.8,982781,kernel-source,https://www.suse.com/security/cve/CVE-2016-2853,"The aufs module for the Linux kernel 3.x and 4.x does not properly restrict the mount namespace, which allows local users to gain privileges by mounting an aufs filesystem on top of a FUSE filesystem, and then executing a crafted setuid program.",Analysis
20160602,CVE-2016-2853,,7.8,982781,kernel-syms,https://www.suse.com/security/cve/CVE-2016-2853,"The aufs module for the Linux kernel 3.x and 4.x does not properly restrict the mount namespace, which allows local users to gain privileges by mounting an aufs filesystem on top of a FUSE filesystem, and then executing a crafted setuid program.",Analysis
20160602,CVE-2016-2853,,7.8,982781,kernel-trace,https://www.suse.com/security/cve/CVE-2016-2853,"The aufs module for the Linux kernel 3.x and 4.x does not properly restrict the mount namespace, which allows local users to gain privileges by mounting an aufs filesystem on top of a FUSE filesystem, and then executing a crafted setuid program.",Analysis
20160602,CVE-2016-2853,,7.8,982781,kernel-xen,https://www.suse.com/security/cve/CVE-2016-2853,"The aufs module for the Linux kernel 3.x and 4.x does not properly restrict the mount namespace, which allows local users to gain privileges by mounting an aufs filesystem on top of a FUSE filesystem, and then executing a crafted setuid program.",Analysis
20160602,CVE-2016-2854,,7.8,982780,kernel-source,https://www.suse.com/security/cve/CVE-2016-2854,"The aufs module for the Linux kernel 3.x and 4.x does not properly maintain POSIX ACL xattr data, which allows local users to gain privileges by leveraging a group-writable setgid directory.",Analysis
20160602,CVE-2016-4008,,5.9,982779,libtasn1,https://www.suse.com/security/cve/CVE-2016-4008,"The _asn1_extract_der_octet function in lib/decoding.c in GNU Libtasn1 before 4.8, when used without the ASN1_DECODE_FLAG_STRICT_DER flag, allows remote attackers to cause a denial of service (infinite recursion) via a crafted certificate.",Released
20160603,CVE-2014-9805,-1,-1,982969,ImageMagick,https://www.suse.com/security/cve/CVE-2014-9805,"ImageMagick allows remote attackers to cause a denial of service (segmentation fault and application crash) via a crafted pnm file.",Released
20160603,CVE-2014-9806,-1,-1,982969,ImageMagick,https://www.suse.com/security/cve/CVE-2014-9806,"ImageMagick allows remote attackers to cause a denial of service (file descriptor consumption) via a crafted file.",Released
20160603,CVE-2014-9807,-1,-1,982969,ImageMagick,https://www.suse.com/security/cve/CVE-2014-9807,"The pdb coder in ImageMagick allows remote attackers to cause a denial of service (double free) via unspecified vectors.",Released
20160603,CVE-2014-9808,-1,-1,982969,ImageMagick,https://www.suse.com/security/cve/CVE-2014-9808,"ImageMagick allows remote attackers to cause a denial of service (segmentation fault and application crash) via a crafted dpc image.",Released
20160603,CVE-2014-9809,-1,-1,982969,ImageMagick,https://www.suse.com/security/cve/CVE-2014-9809,"ImageMagick allows remote attackers to cause a denial of service (segmentation fault and application crash) via a crafted xwd image.",Released
20160603,CVE-2014-9810,-1,-1,982969,ImageMagick,https://www.suse.com/security/cve/CVE-2014-9810,"The dpx file handler in ImageMagick allows remote attackers to cause a denial of service (segmentation fault and application crash) via a malformed dpx file.",Released
20160603,CVE-2014-9811,-1,-1,982969,ImageMagick,https://www.suse.com/security/cve/CVE-2014-9811,"The xwd file handler in ImageMagick allows remote attackers to cause a denial of service (segmentation fault and application crash) via a malformed xwd file.",Released
20160603,CVE-2014-9812,-1,-1,982969,ImageMagick,https://www.suse.com/security/cve/CVE-2014-9812,"ImageMagick allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted ps file.",Released
20160603,CVE-2014-9813,-1,-1,982969,ImageMagick,https://www.suse.com/security/cve/CVE-2014-9813,"ImageMagick allows remote attackers to cause a denial of service (application crash) via a crafted viff file.",Released
20160603,CVE-2014-9814,-1,-1,982969,ImageMagick,https://www.suse.com/security/cve/CVE-2014-9814,"ImageMagick allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted wpg file.",Released
20160603,CVE-2014-9815,-1,-1,982969,ImageMagick,https://www.suse.com/security/cve/CVE-2014-9815,"ImageMagick allows remote attackers to cause a denial of service (application crash) via a crafted wpg file.",Released
20160603,CVE-2014-9816,-1,-1,982969,ImageMagick,https://www.suse.com/security/cve/CVE-2014-9816,"ImageMagick allows remote attackers to cause a denial of service (out-of-bounds access) via a crafted viff file.",Released
20160603,CVE-2014-9817,-1,-1,982969,ImageMagick,https://www.suse.com/security/cve/CVE-2014-9817,"Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted pdb file.",Released
20160603,CVE-2014-9818,-1,-1,1000690,ImageMagick,https://www.suse.com/security/cve/CVE-2014-9818,"ImageMagick allows remote attackers to cause a denial of service (out-of-bounds access) via a malformed sun file.",Released
20160603,CVE-2014-9819,-1,-1,982969,ImageMagick,https://www.suse.com/security/cve/CVE-2014-9819,"Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted palm file, a different vulnerability than CVE-2014-9823.",Released
20160603,CVE-2014-9820,-1,-1,982969,ImageMagick,https://www.suse.com/security/cve/CVE-2014-9820,"Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted pnm file.",Released
20160603,CVE-2014-9821,-1,-1,982969,ImageMagick,https://www.suse.com/security/cve/CVE-2014-9821,"Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted xpm file.",Unsupported
20160603,CVE-2014-9822,-1,-1,982969,ImageMagick,https://www.suse.com/security/cve/CVE-2014-9822,"Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted quantum file.",Released
20160603,CVE-2014-9823,-1,-1,982969,ImageMagick,https://www.suse.com/security/cve/CVE-2014-9823,"Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted palm file, a different vulnerability than CVE-2014-9819.",Released
20160603,CVE-2014-9824,-1,-1,982969,ImageMagick,https://www.suse.com/security/cve/CVE-2014-9824,"Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted psd file, a different vulnerability than CVE-2014-9825.",Released
20160603,CVE-2014-9826,-1,-1,982969,ImageMagick,https://www.suse.com/security/cve/CVE-2014-9826,"ImageMagick allows remote attackers to have unspecified impact via vectors related to error handling in sun files.",Released
20160603,CVE-2014-9828,-1,-1,982969,ImageMagick,https://www.suse.com/security/cve/CVE-2014-9828,"coders/psd.c in ImageMagick allows remote attackers to have unspecified impact via a crafted psd file.",Released
20160603,CVE-2014-9829,-1,-1,982969,ImageMagick,https://www.suse.com/security/cve/CVE-2014-9829,"coders/sun.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds access) via a crafted sun file.",Released
20160603,CVE-2014-9830,-1,-1,1000690,ImageMagick,https://www.suse.com/security/cve/CVE-2014-9830,"coders/sun.c in ImageMagick allows remote attackers to have unspecified impact via a corrupted sun file.",Released
20160603,CVE-2014-9831,-1,-1,982969,ImageMagick,https://www.suse.com/security/cve/CVE-2014-9831,"coders/wpg.c in ImageMagick allows remote attackers to have unspecified impact via a corrupted wpg file.",Released
20160603,CVE-2014-9832,-1,-1,982969,ImageMagick,https://www.suse.com/security/cve/CVE-2014-9832,"Heap overflow in ImageMagick 6.8.9-9 via a crafted pcx file.",Affected
20160603,CVE-2014-9834,-1,-1,982969,ImageMagick,https://www.suse.com/security/cve/CVE-2014-9834,"Heap overflow in ImageMagick 6.8.9-9 via a crafted pict file.",Released
20160603,CVE-2014-9835,-1,-1,982969,ImageMagick,https://www.suse.com/security/cve/CVE-2014-9835,"Heap overflow in ImageMagick 6.8.9-9 via a crafted wpf file.",Released
20160603,CVE-2014-9836,-1,-1,982969,ImageMagick,https://www.suse.com/security/cve/CVE-2014-9836,"ImageMagick 6.8.9-9 allows remote attackers to cause a denial of service via a crafted xpm file.",Released
20160603,CVE-2014-9837,-1,-1,982969,ImageMagick,https://www.suse.com/security/cve/CVE-2014-9837,"coders/pnm.c in ImageMagick 6.9.0-1 Beta and earlier allows remote attackers to cause a denial of service (crash) via a crafted png file.",Released
20160603,CVE-2014-9838,-1,-1,982969,ImageMagick,https://www.suse.com/security/cve/CVE-2014-9838,"magick/cache.c in ImageMagick 6.8.9-9 allows remote attackers to cause a denial of service (crash).",Released
20160603,CVE-2014-9839,-1,-1,982969,ImageMagick,https://www.suse.com/security/cve/CVE-2014-9839,"magick/colormap-private.h in ImageMagick 6.8.9-9 allows remote attackers to cause a denial of service (out-of-bounds access).",Released
20160603,CVE-2014-9840,-1,-1,982969,ImageMagick,https://www.suse.com/security/cve/CVE-2014-9840,"ImageMagick 6.8.9-9 allows remote attackers to cause a denial of service (out-of-bounds access) via a crafted palm file.",Released
20160603,CVE-2014-9841,-1,-1,982969,ImageMagick,https://www.suse.com/security/cve/CVE-2014-9841,"The ReadPSDLayers function in coders/psd.c in ImageMagick 6.8.9.9 allows remote attackers to have unspecified impact via unknown vectors, related to \"throwing of exceptions.\"",Unsupported
20160603,CVE-2014-9842,-1,-1,982969,ImageMagick,https://www.suse.com/security/cve/CVE-2014-9842,"Memory leak in the ReadPSDLayers function in coders/psd.c in ImageMagick 6.8.9.9 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors.",Released
20160603,CVE-2014-9843,-1,-1,1000697,ImageMagick,https://www.suse.com/security/cve/CVE-2014-9843,"The DecodePSDPixels function in coders/psd.c in ImageMagick 6.8.9.9 allows remote attackers to have unspecified impact via unknown vectors.",Unsupported
20160603,CVE-2014-9844,-1,-1,982969,ImageMagick,https://www.suse.com/security/cve/CVE-2014-9844,"The ReadRLEImage function in coders/rle.c in ImageMagick 6.8.9.9 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted image file.",Released
20160603,CVE-2014-9845,-1,-1,982969,ImageMagick,https://www.suse.com/security/cve/CVE-2014-9845,"The ReadDIBImage function in coders/dib.c in ImageMagick allows remote attackers to cause a denial of service (crash) via a corrupted dib file.",Released
20160603,CVE-2014-9846,-1,-1,982969,ImageMagick,https://www.suse.com/security/cve/CVE-2014-9846,"Buffer overflow in the ReadRLEImage function in coders/rle.c in ImageMagick 6.8.9.9 allows remote attackers to have unspecified impact.",Released
20160603,CVE-2014-9847,-1,-1,1040304,ImageMagick,https://www.suse.com/security/cve/CVE-2014-9847,"The jng decoder in ImageMagick 6.8.9.9 allows remote attackers to have an unspecified impact.",Released
20160603,CVE-2014-9849,-1,-1,982969,ImageMagick,https://www.suse.com/security/cve/CVE-2014-9849,"The png coder in ImageMagick allows remote attackers to cause a denial of service (crash).",Released
20160603,CVE-2014-9851,-1,-1,1106989,ImageMagick,https://www.suse.com/security/cve/CVE-2014-9851,"ImageMagick 6.8.9.9 allows remote attackers to cause a denial of service (application crash).",Released
20160603,CVE-2014-9853,-1,-1,982969,ImageMagick,https://www.suse.com/security/cve/CVE-2014-9853,"Memory leak in coders/rle.c in ImageMagick allows remote attackers to cause a denial of service (memory consumption) via a crafted rle file.",Released
20160603,CVE-2014-9854,-1,-1,982969,ImageMagick,https://www.suse.com/security/cve/CVE-2014-9854,"coders/tiff.c in ImageMagick allows remote attackers to cause a denial of service (application crash) via vectors related to the \"identification of image.\"",Released
20160603,CVE-2015-8894,-1,-1,982969,ImageMagick,https://www.suse.com/security/cve/CVE-2015-8894,"Double free vulnerability in coders/tga.c in ImageMagick 7.0.0 and later allows remote attackers to cause a denial of service (application crash) via a crafted tga file.",Released
20160603,CVE-2015-8896,,6.5,982969,ImageMagick,https://www.suse.com/security/cve/CVE-2015-8896,"Integer truncation issue in coders/pict.c in ImageMagick before 7.0.5-0 allows remote attackers to cause a denial of service (application crash) via a crafted .pict file.",Released
20160603,CVE-2015-8897,-1,-1,982969,ImageMagick,https://www.suse.com/security/cve/CVE-2015-8897,"The SpliceImage function in MagickCore/transform.c in ImageMagick before 6.9.2-4 allows remote attackers to cause a denial of service (application crash) via a crafted png file.",Released
20160603,CVE-2015-8898,-1,-1,982969,ImageMagick,https://www.suse.com/security/cve/CVE-2015-8898,"The WriteImages function in magick/constitute.c in ImageMagick before 6.9.2-4 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted image file.",Released
20160603,CVE-2016-5238,,5.5,982959,kvm,https://www.suse.com/security/cve/CVE-2016-5238,"The get_cmd function in hw/scsi/esp.c in QEMU might allow local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) via vectors related to reading from the information transfer buffer in non-DMA mode.",Released
20160603,CVE-2016-5238,,5.5,982959,xen,https://www.suse.com/security/cve/CVE-2016-5238,"The get_cmd function in hw/scsi/esp.c in QEMU might allow local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) via vectors related to reading from the information transfer buffer in non-DMA mode.",Released
20160604,CVE-2016-1583,8.1,7.8,1020452,kernel-source,https://www.suse.com/security/cve/CVE-2016-1583,"The ecryptfs_privileged_open function in fs/ecryptfs/kthread.c in the Linux kernel before 4.6.3 allows local users to gain privileges or cause a denial of service (stack memory consumption) via vectors involving crafted mmap calls for /proc pathnames, leading to recursive pagefault handling.",Released
20160606,CVE-2012-6702,,5.9,983215,expat,https://www.suse.com/security/cve/CVE-2012-6702,"Expat, when used in a parser that has not called XML_SetHashSalt or passed it a seed of 0, makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via vectors involving use of the srand function.",Released
20160606,CVE-2015-8899,-1,-1,983273,dnsmasq,https://www.suse.com/security/cve/CVE-2015-8899,"Dnsmasq before 2.76 allows remote servers to cause a denial of service (crash) via a reply with an empty DNS address that has an (1) A or (2) AAAA record defined locally.",Released
20160606,CVE-2015-8900,,5.5,983232,ImageMagick,https://www.suse.com/security/cve/CVE-2015-8900,"The ReadHDRImage function in coders/hdr.c in ImageMagick 6.x and 7.x allows remote attackers to cause a denial of service (infinite loop) via a crafted HDR file.",Unsupported
20160606,CVE-2015-8901,,6.5,983234,ImageMagick,https://www.suse.com/security/cve/CVE-2015-8901,"ImageMagick 6.x before 6.9.0-5 Beta allows remote attackers to cause a denial of service (infinite loop) via a crafted MIFF file.",Released
20160606,CVE-2015-8902,,6.5,1052711,ImageMagick,https://www.suse.com/security/cve/CVE-2015-8902,"The ReadBlobByte function in coders/pdb.c in ImageMagick 6.x before 6.9.0-5 Beta allows remote attackers to cause a denial of service (infinite loop) via a crafted PDB file.",Released
20160606,CVE-2015-8903,,6.5,983259,ImageMagick,https://www.suse.com/security/cve/CVE-2015-8903,"The ReadVICARImage function in coders/vicar.c in ImageMagick 6.x before 6.9.0-5 Beta allows remote attackers to cause a denial of service (infinite loop) via a crafted VICAR file.",Released
20160606,CVE-2016-4562,,8.8,983292,ImageMagick,https://www.suse.com/security/cve/CVE-2016-4562,"The DrawDashPolygon function in MagickCore/draw.c in ImageMagick before 6.9.4-0 and 7.x before 7.0.1-2 mishandles calculations of certain vertices integer data, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted file.",Released
20160606,CVE-2016-4563,,8.8,983305,ImageMagick,https://www.suse.com/security/cve/CVE-2016-4563,"The TraceStrokePolygon function in MagickCore/draw.c in ImageMagick before 6.9.4-0 and 7.x before 7.0.1-2 mishandles the relationship between the BezierQuantum value and certain strokes data, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted file.",Released
20160606,CVE-2016-4564,,9.8,983308,ImageMagick,https://www.suse.com/security/cve/CVE-2016-4564,"The DrawImage function in MagickCore/draw.c in ImageMagick before 6.9.4-0 and 7.x before 7.0.1-2 makes an incorrect function call in attempting to locate the next token, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted file.",Released
20160606,CVE-2016-5102,,5.5,983268,tiff,https://www.suse.com/security/cve/CVE-2016-5102,"Buffer overflow in the readgifimage function in gif2tiff.c in the gif2tiff tool in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (segmentation fault) via a crafted gif file.",Released
20160606,CVE-2016-5240,,5.5,983309,ImageMagick,https://www.suse.com/security/cve/CVE-2016-5240,"The DrawDashPolygon function in magick/render.c in GraphicsMagick before 1.3.24 and the SVG renderer in ImageMagick allow remote attackers to cause a denial of service (infinite loop) by converting a circularly defined SVG file.",Already fixed
20160606,CVE-2016-5243,,5.5,983212,kernel-source,https://www.suse.com/security/cve/CVE-2016-5243,"The tipc_nl_compat_link_dump function in net/tipc/netlink_compat.c in the Linux kernel through 4.6.3 does not properly copy a certain string, which allows local users to obtain sensitive information from kernel stack memory by reading a Netlink message.",Released
20160606,CVE-2016-5244,,7.5,983213,kernel-source,https://www.suse.com/security/cve/CVE-2016-5244,"The rds_inc_info_copy function in net/rds/recv.c in the Linux kernel through 4.6.3 does not initialize a certain structure member, which allows remote attackers to obtain sensitive information from kernel stack memory by reading an RDS message.",Released
20160606,CVE-2016-5300,6.5,7.5,983216,expat,https://www.suse.com/security/cve/CVE-2016-5300,"The XML parser in Expat does not use sufficient entropy for hash initialization, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted identifiers in an XML document.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0876.",Released
20160607,CVE-2016-5241,,5.5,983455,ImageMagick,https://www.suse.com/security/cve/CVE-2016-5241,"magick/render.c in GraphicsMagick before 1.3.24 allows remote attackers to cause a denial of service (arithmetic exception and application crash) via a crafted svg file.",Affected
20160607,CVE-2016-5318,,6.5,1007276,tiff,https://www.suse.com/security/cve/CVE-2016-5318,"Stack-based buffer overflow in the _TIFFVGetField function in libtiff 4.0.6 and earlier allows remote attackers to crash the application via a crafted tiff.",Released
20160607,CVE-2016-5319,,6.5,1074186,tiff,https://www.suse.com/security/cve/CVE-2016-5319,"Heap-based buffer overflow in tif_packbits.c in libtiff 4.0.6 and earlier allows remote attackers to crash the application via a crafted bmp file.",Released
20160609,CVE-2016-4472,,8.1,1034050,expat,https://www.suse.com/security/cve/CVE-2016-4472,"The overflow protection in Expat is removed by compilers with certain optimization settings, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted XML data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1283 and CVE-2015-2716.",Already fixed
20160609,CVE-2016-4971,,8.8,1023231,wget,https://www.suse.com/security/cve/CVE-2016-4971,"GNU wget before 1.18 allows remote servers to write to arbitrary files by redirecting a request from HTTP to a crafted FTP resource.",Released
20160609,CVE-2016-5337,,5.5,983961,kvm,https://www.suse.com/security/cve/CVE-2016-5337,"The megasas_ctrl_get_info function in hw/scsi/megasas.c in QEMU allows local guest OS administrators to obtain sensitive host memory information via vectors related to reading device control information.",Released
20160609,CVE-2016-5337,,5.5,983961,xen,https://www.suse.com/security/cve/CVE-2016-5337,"The megasas_ctrl_get_info function in hw/scsi/megasas.c in QEMU allows local guest OS administrators to obtain sensitive host memory information via vectors related to reading device control information.",Released
20160609,CVE-2016-5338,,7.8,983982,kvm,https://www.suse.com/security/cve/CVE-2016-5338,"The (1) esp_reg_read and (2) esp_reg_write functions in hw/scsi/esp.c in QEMU allow local guest OS administrators to cause a denial of service (QEMU process crash) or execute arbitrary code on the QEMU host via vectors related to the information transfer buffer.",Released
20160609,CVE-2016-5338,,7.8,983982,xen,https://www.suse.com/security/cve/CVE-2016-5338,"The (1) esp_reg_read and (2) esp_reg_write functions in hw/scsi/esp.c in QEMU allow local guest OS administrators to cause a denial of service (QEMU process crash) or execute arbitrary code on the QEMU host via vectors related to the information transfer buffer.",Released
20160609,CVE-2016-5350,7.5,7.5,983671,libsmi,https://www.suse.com/security/cve/CVE-2016-5350,"epan/dissectors/packet-dcerpc-spoolss.c in the SPOOLS component in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles unexpected offsets, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet.",Released
20160609,CVE-2016-5350,7.5,7.5,983671,portaudio,https://www.suse.com/security/cve/CVE-2016-5350,"epan/dissectors/packet-dcerpc-spoolss.c in the SPOOLS component in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles unexpected offsets, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet.",Released
20160609,CVE-2016-5350,7.5,7.5,983671,wireshark,https://www.suse.com/security/cve/CVE-2016-5350,"epan/dissectors/packet-dcerpc-spoolss.c in the SPOOLS component in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles unexpected offsets, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet.",Released
20160609,CVE-2016-5351,7.5,5.9,983671,libsmi,https://www.suse.com/security/cve/CVE-2016-5351,"epan/crypt/airpdcap.c in the IEEE 802.11 dissector in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles the lack of an EAPOL_RSN_KEY, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.",Released
20160609,CVE-2016-5351,7.5,5.9,983671,portaudio,https://www.suse.com/security/cve/CVE-2016-5351,"epan/crypt/airpdcap.c in the IEEE 802.11 dissector in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles the lack of an EAPOL_RSN_KEY, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.",Released
20160609,CVE-2016-5351,7.5,5.9,983671,wireshark,https://www.suse.com/security/cve/CVE-2016-5351,"epan/crypt/airpdcap.c in the IEEE 802.11 dissector in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles the lack of an EAPOL_RSN_KEY, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.",Released
20160609,CVE-2016-5352,7.5,5.9,983671,libsmi,https://www.suse.com/security/cve/CVE-2016-5352,"epan/crypt/airpdcap.c in the IEEE 802.11 dissector in Wireshark 2.x before 2.0.4 mishandles certain length values, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.",Released
20160609,CVE-2016-5352,7.5,5.9,983671,portaudio,https://www.suse.com/security/cve/CVE-2016-5352,"epan/crypt/airpdcap.c in the IEEE 802.11 dissector in Wireshark 2.x before 2.0.4 mishandles certain length values, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.",Released
20160609,CVE-2016-5352,7.5,5.9,983671,wireshark,https://www.suse.com/security/cve/CVE-2016-5352,"epan/crypt/airpdcap.c in the IEEE 802.11 dissector in Wireshark 2.x before 2.0.4 mishandles certain length values, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.",Released
20160609,CVE-2016-5353,7.5,5.9,983671,libsmi,https://www.suse.com/security/cve/CVE-2016-5353,"epan/dissectors/packet-umts_fp.c in the UMTS FP dissector in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles the reserved C/T value, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.",Released
20160609,CVE-2016-5353,7.5,5.9,983671,portaudio,https://www.suse.com/security/cve/CVE-2016-5353,"epan/dissectors/packet-umts_fp.c in the UMTS FP dissector in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles the reserved C/T value, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.",Released
20160609,CVE-2016-5353,7.5,5.9,983671,wireshark,https://www.suse.com/security/cve/CVE-2016-5353,"epan/dissectors/packet-umts_fp.c in the UMTS FP dissector in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles the reserved C/T value, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.",Released
20160609,CVE-2016-5354,7.5,5.9,983671,libsmi,https://www.suse.com/security/cve/CVE-2016-5354,"The USB subsystem in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles class types, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.",Released
20160609,CVE-2016-5354,7.5,5.9,983671,portaudio,https://www.suse.com/security/cve/CVE-2016-5354,"The USB subsystem in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles class types, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.",Released
20160609,CVE-2016-5354,7.5,5.9,983671,wireshark,https://www.suse.com/security/cve/CVE-2016-5354,"The USB subsystem in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles class types, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.",Released
20160609,CVE-2016-5355,7.5,5.9,983671,libsmi,https://www.suse.com/security/cve/CVE-2016-5355,"wiretap/toshiba.c in the Toshiba file parser in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles sscanf unsigned-integer processing, which allows remote attackers to cause a denial of service (application crash) via a crafted file.",Released
20160609,CVE-2016-5355,7.5,5.9,983671,portaudio,https://www.suse.com/security/cve/CVE-2016-5355,"wiretap/toshiba.c in the Toshiba file parser in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles sscanf unsigned-integer processing, which allows remote attackers to cause a denial of service (application crash) via a crafted file.",Released
20160609,CVE-2016-5355,7.5,5.9,983671,wireshark,https://www.suse.com/security/cve/CVE-2016-5355,"wiretap/toshiba.c in the Toshiba file parser in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles sscanf unsigned-integer processing, which allows remote attackers to cause a denial of service (application crash) via a crafted file.",Released
20160609,CVE-2016-5356,7.5,5.9,983671,libsmi,https://www.suse.com/security/cve/CVE-2016-5356,"wiretap/cosine.c in the CoSine file parser in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles sscanf unsigned-integer processing, which allows remote attackers to cause a denial of service (application crash) via a crafted file.",Released
20160609,CVE-2016-5356,7.5,5.9,983671,portaudio,https://www.suse.com/security/cve/CVE-2016-5356,"wiretap/cosine.c in the CoSine file parser in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles sscanf unsigned-integer processing, which allows remote attackers to cause a denial of service (application crash) via a crafted file.",Released
20160609,CVE-2016-5356,7.5,5.9,983671,wireshark,https://www.suse.com/security/cve/CVE-2016-5356,"wiretap/cosine.c in the CoSine file parser in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles sscanf unsigned-integer processing, which allows remote attackers to cause a denial of service (application crash) via a crafted file.",Released
20160609,CVE-2016-5357,7.5,5.9,983671,libsmi,https://www.suse.com/security/cve/CVE-2016-5357,"wiretap/netscreen.c in the NetScreen file parser in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles sscanf unsigned-integer processing, which allows remote attackers to cause a denial of service (application crash) via a crafted file.",Released
20160609,CVE-2016-5357,7.5,5.9,983671,portaudio,https://www.suse.com/security/cve/CVE-2016-5357,"wiretap/netscreen.c in the NetScreen file parser in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles sscanf unsigned-integer processing, which allows remote attackers to cause a denial of service (application crash) via a crafted file.",Released
20160609,CVE-2016-5357,7.5,5.9,983671,wireshark,https://www.suse.com/security/cve/CVE-2016-5357,"wiretap/netscreen.c in the NetScreen file parser in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles sscanf unsigned-integer processing, which allows remote attackers to cause a denial of service (application crash) via a crafted file.",Released
20160609,CVE-2016-5358,7.5,5.9,983671,libsmi,https://www.suse.com/security/cve/CVE-2016-5358,"epan/dissectors/packet-pktap.c in the Ethernet dissector in Wireshark 2.x before 2.0.4 mishandles the packet-header data type, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.",Released
20160609,CVE-2016-5358,7.5,5.9,983671,portaudio,https://www.suse.com/security/cve/CVE-2016-5358,"epan/dissectors/packet-pktap.c in the Ethernet dissector in Wireshark 2.x before 2.0.4 mishandles the packet-header data type, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.",Released
20160609,CVE-2016-5358,7.5,5.9,983671,wireshark,https://www.suse.com/security/cve/CVE-2016-5358,"epan/dissectors/packet-pktap.c in the Ethernet dissector in Wireshark 2.x before 2.0.4 mishandles the packet-header data type, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.",Released
20160609,CVE-2016-5359,7.5,5.9,983671,libsmi,https://www.suse.com/security/cve/CVE-2016-5359,"epan/dissectors/packet-wbxml.c in the WBXML dissector in Wireshark 1.12.x before 1.12.12 mishandles offsets, which allows remote attackers to cause a denial of service (integer overflow and infinite loop) via a crafted packet.",Released
20160609,CVE-2016-5359,7.5,5.9,983671,portaudio,https://www.suse.com/security/cve/CVE-2016-5359,"epan/dissectors/packet-wbxml.c in the WBXML dissector in Wireshark 1.12.x before 1.12.12 mishandles offsets, which allows remote attackers to cause a denial of service (integer overflow and infinite loop) via a crafted packet.",Released
20160609,CVE-2016-5359,7.5,5.9,983671,wireshark,https://www.suse.com/security/cve/CVE-2016-5359,"epan/dissectors/packet-wbxml.c in the WBXML dissector in Wireshark 1.12.x before 1.12.12 mishandles offsets, which allows remote attackers to cause a denial of service (integer overflow and infinite loop) via a crafted packet.",Released
20160610,CVE-2016-1409,,7.5,984122,kernel-source,https://www.suse.com/security/cve/CVE-2016-1409,"The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in Cisco IOS XE 2.1 through 3.17S, IOS XR 2.0.0 through 5.3.2, and NX-OS allows remote attackers to cause a denial of service (packet-processing outage) via crafted ND messages, aka Bug ID CSCuz66542, as exploited in the wild in May 2016.",Ignore
20160610,CVE-2016-1951,,8.6,984117,mozilla-nspr,https://www.suse.com/security/cve/CVE-2016-1951,"Multiple integer overflows in io/prprf.c in Mozilla Netscape Portable Runtime (NSPR) before 4.12 allow remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a long string to a PR_*printf function.",Already fixed
20160613,CVE-2016-1405,,7.5,978459,clamav,https://www.suse.com/security/cve/CVE-2016-1405,"libclamav in ClamAV (aka Clam AntiVirus), as used in Advanced Malware Protection (AMP) on Cisco Email Security Appliance (ESA) devices before 9.7.0-125 and Web Security Appliance (WSA) devices before 9.0.1-135 and 9.1.x before 9.1.1-041, allows remote attackers to cause a denial of service (AMP process restart) via a crafted document, aka Bug IDs CSCuv78533 and CSCuw60503.",Already fixed
20160614,CVE-2016-1371,,5.5,978459,clamav,https://www.suse.com/security/cve/CVE-2016-1371,"ClamAV (aka Clam AntiVirus) before 0.99.2 allows remote attackers to cause a denial of service (application crash) via a crafted mew packer executable.",Already fixed
20160614,CVE-2016-1372,,5.5,984650,clamav,https://www.suse.com/security/cve/CVE-2016-1372,"ClamAV (aka Clam AntiVirus) before 0.99.2 allows remote attackers to cause a denial of service (application crash) via a crafted 7z file.",Already fixed
20160615,CVE-2016-0772,,6.5,984751,python,https://www.suse.com/security/cve/CVE-2016-0772,"The smtplib library in CPython (aka Python) before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 does not return an error when StartTLS fails, which might allow man-in-the-middle attackers to bypass the TLS protections by leveraging a network position between the client and the registry to block the StartTLS command, aka a \"StartTLS stripping attack.\"",Released
20160615,CVE-2016-4470,,5.5,1020452,kernel-source,https://www.suse.com/security/cve/CVE-2016-4470,"The key_reject_and_link function in security/keys/key.c in the Linux kernel through 4.6.3 does not ensure that a certain data structure is initialized, which allows local users to cause a denial of service (system crash) via vectors involving a crafted keyctl request2 command.",Released
20160615,CVE-2016-5314,,8.8,984831,tiff,https://www.suse.com/security/cve/CVE-2016-5314,"Buffer overflow in the PixarLogDecode function in tif_pixarlog.c in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted TIFF image, as demonstrated by overwriting the vgetparent function pointer with rgb2ycbcr.",Released
20160615,CVE-2016-5315,,5.5,984809,tiff,https://www.suse.com/security/cve/CVE-2016-5315,"The setByteArray function in tif_dir.c in libtiff 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted tiff image.",Released
20160615,CVE-2016-5316,,6.5,984837,tiff,https://www.suse.com/security/cve/CVE-2016-5316,"Out-of-bounds read in the PixarLogCleanup function in tif_pixarlog.c in libtiff 4.0.6 and earlier allows remote attackers to crash the application by sending a crafted TIFF image to the rgb2ycbcr tool.",Released
20160615,CVE-2016-5317,,6.5,984842,tiff,https://www.suse.com/security/cve/CVE-2016-5317,"Buffer overflow in the PixarLogDecode function in libtiff.so in the PixarLogDecode function in libtiff 4.0.6 and earlier, as used in GNOME nautilus, allows attackers to cause a denial of service attack (crash) via a crafted TIFF file.",Released
20160616,CVE-2016-4809,,7.5,984990,bsdtar,https://www.suse.com/security/cve/CVE-2016-4809,"The archive_read_format_cpio_read_header function in archive_read_support_format_cpio.c in libarchive before 3.2.1 allows remote attackers to cause a denial of service (application crash) via a CPIO archive with a large symlink.",Released
20160616,CVE-2016-5636,7.8,9.8,1065451,python,https://www.suse.com/security/cve/CVE-2016-5636,"Integer overflow in the get_data function in zipimport.c in CPython (aka Python) before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 allows remote attackers to have unspecified impact via a negative data size value, which triggers a heap-based buffer overflow.",Released
20160617,CVE-2016-5687,,9.8,1000713,ImageMagick,https://www.suse.com/security/cve/CVE-2016-5687,"The VerticalFilter function in the DDS coder in ImageMagick before 6.9.4-3 and 7.x before 7.0.1-4 allows remote attackers to have unspecified impact via a crafted DDS file, which triggers an out-of-bounds read.",Released
20160617,CVE-2016-5688,,8.1,985442,ImageMagick,https://www.suse.com/security/cve/CVE-2016-5688,"The WPG parser in ImageMagick before 6.9.4-4 and 7.x before 7.0.1-5, when a memory limit is set, allows remote attackers to have unspecified impact via vectors related to the SetImageExtent return-value check, which trigger (1) a heap-based buffer overflow in the SetPixelIndex function or an invalid write operation in the (2) ScaleCharToQuantum or (3) SetPixelIndex functions.",Released
20160617,CVE-2016-5689,,9.8,985460,ImageMagick,https://www.suse.com/security/cve/CVE-2016-5689,"The DCM reader in ImageMagick before 6.9.4-5 and 7.x before 7.0.1-7 allows remote attackers to have unspecified impact by leveraging lack of NULL pointer checks.",Released
20160617,CVE-2016-5690,,9.8,985451,ImageMagick,https://www.suse.com/security/cve/CVE-2016-5690,"The ReadDCMImage function in DCM reader in ImageMagick before 6.9.4-5 and 7.x before 7.0.1-7 allows remote attackers to have unspecified impact via vectors involving the for statement in computing the pixel scaling table.",Released
20160617,CVE-2016-5691,,9.8,985456,ImageMagick,https://www.suse.com/security/cve/CVE-2016-5691,"The DCM reader in ImageMagick before 6.9.4-5 and 7.x before 7.0.1-7 allows remote attackers to have unspecified impact by leveraging lack of validation of (1) pixel.red, (2) pixel.green, and (3) pixel.blue.",Released
20160617,CVE-2016-5699,,6.1,1122729,python,https://www.suse.com/security/cve/CVE-2016-5699,"CRLF injection vulnerability in the HTTPConnection.putheader function in urllib2 and urllib in CPython (aka Python) before 2.7.10 and 3.x before 3.4.4 allows remote attackers to inject arbitrary HTTP headers via CRLF sequences in a URL.",Released
20160620,CVE-2015-8915,-1,-1,985601,bsdtar,https://www.suse.com/security/cve/CVE-2015-8915,"bsdcpio in libarchive before 3.2.0 allows remote attackers to cause a denial of service (invalid read and crash) via crafted cpio file.",Released
20160620,CVE-2015-8916,,,985694,bsdtar,https://www.suse.com/security/cve/CVE-2015-8916,"bsdtar in libarchive before 3.2.0 returns a success code without filling the entry when the header is a \"split file in multivolume RAR,\" which allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted rar file.",Won't fix
20160620,CVE-2015-8917,,,985691,bsdtar,https://www.suse.com/security/cve/CVE-2015-8917,"bsdtar in libarchive before 3.2.0 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an invalid character in the name of a cab file.",Won't fix
20160620,CVE-2015-8918,,7.5,985698,bsdtar,https://www.suse.com/security/cve/CVE-2015-8918,"The archive_string_append function in archive_string.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted cab files, related to \"overlapping memcpy.\"",Released
20160620,CVE-2015-8920,,5.5,985675,bsdtar,https://www.suse.com/security/cve/CVE-2015-8920,"The _ar_read_header function in archive_read_support_format_ar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds stack read) via a crafted ar file.",Released
20160620,CVE-2015-8921,,7.5,985682,bsdtar,https://www.suse.com/security/cve/CVE-2015-8921,"The ae_strtofflags function in archive_entry.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mtree file.",Released
20160620,CVE-2015-8922,,5.5,985685,bsdtar,https://www.suse.com/security/cve/CVE-2015-8922,"The read_CodersInfo function in archive_read_support_format_7zip.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted 7z file, related to the _7z_folder struct.",Ignore
20160620,CVE-2015-8923,,6.5,985703,bsdtar,https://www.suse.com/security/cve/CVE-2015-8923,"The process_extra function in libarchive before 3.2.0 uses the size field and a signed number in an offset, which allows remote attackers to cause a denial of service (crash) via a crafted zip file.",Already fixed
20160620,CVE-2015-8924,,5.5,985609,bsdtar,https://www.suse.com/security/cve/CVE-2015-8924,"The archive_read_format_tar_read_header function in archive_read_support_format_tar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted tar file.",Released
20160620,CVE-2015-8925,,,985706,bsdtar,https://www.suse.com/security/cve/CVE-2015-8925,"The readline function in archive_read_support_format_mtree.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (invalid read) via a crafted mtree file, related to newline parsing.",Released
20160620,CVE-2015-8929,,,985669,bsdtar,https://www.suse.com/security/cve/CVE-2015-8929,"Memory leak in the __archive_read_get_extract function in archive_read_extract2.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service via a tar file.",Released
20160620,CVE-2016-3189,,6.5,985657,bzip2,https://www.suse.com/security/cve/CVE-2016-3189,"Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the block.",Released
20160622,CVE-2015-8935,,,986004,php53,https://www.suse.com/security/cve/CVE-2015-8935,"The sapi_header_op function in main/SAPI.c in PHP before 5.4.38, 5.5.x before 5.5.22, and 5.6.x before 5.6.6 supports deprecated line folding without considering browser compatibility, which allows remote attackers to conduct cross-site scripting (XSS) attacks against Internet Explorer by leveraging (1) %0A%20 or (2) %0D%0A%20 mishandling in the header function.",Released
20160622,CVE-2015-8936,-1,-1,985612,squidGuard,https://www.suse.com/security/cve/CVE-2015-8936,"Cross-site scripting (XSS) vulnerability in squidGuard.cgi in squidGuard before 1.5 allows remote attackers to inject arbitrary web script or HTML via a blocked site link.",Released
20160623,CVE-2016-5768,3.7,9.8,986246,php53,https://www.suse.com/security/cve/CVE-2016-5768,"Double free vulnerability in the _php_mb_regex_ereg_replace_exec function in php_mbregex.c in the mbstring extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by leveraging a callback exception.",Released
20160623,CVE-2016-5772,,9.8,986244,php53,https://www.suse.com/security/cve/CVE-2016-5772,"Double free vulnerability in the php_wddx_process_data function in wddx.c in the WDDX extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted XML data that is mishandled in a wddx_deserialize call.",Released
20160623,CVE-2016-5773,,9.8,986247,php53,https://www.suse.com/security/cve/CVE-2016-5773,"php_zip.c in the zip extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and application crash) via crafted serialized data containing a ZipArchive object.",Released
20160624,CVE-2016-3092,7.5,7.5,1068865,jakarta-commons-fileupload,https://www.suse.com/security/cve/CVE-2016-3092,"The MultipartStream class in Apache Commons Fileupload before 1.3.2, as used in Apache Tomcat 7.x before 7.0.70, 8.x before 8.0.36, 8.5.x before 8.5.3, and 9.x before 9.0.0.M7 and other products, allows remote attackers to cause a denial of service (CPU consumption) via a long boundary string.",Released
20160624,CVE-2016-4997,,7.8,1020452,kernel-source,https://www.suse.com/security/cve/CVE-2016-4997,"The compat IPT_SO_SET_REPLACE and IP6T_SO_SET_REPLACE setsockopt implementations in the netfilter subsystem in the Linux kernel before 4.6.3 allow local users to gain privileges or cause a denial of service (memory corruption) by leveraging in-container root access to provide a crafted offset value that triggers an unintended decrement.",Released
20160624,CVE-2016-4998,,7.1,1020452,kernel-source,https://www.suse.com/security/cve/CVE-2016-4998,"The IPT_SO_SET_REPLACE setsockopt implementation in the netfilter subsystem in the Linux kernel before 4.6 allows local users to cause a denial of service (out-of-bounds read) or possibly obtain sensitive information from kernel heap memory by leveraging in-container root access to provide a crafted offset value that leads to crossing a ruleset blob boundary.",Released
20160624,CVE-2016-5766,,8.8,986386,php53,https://www.suse.com/security/cve/CVE-2016-5766,"Integer overflow in the _gd2GetHeader function in gd_gd2.c in the GD Graphics Library (aka libgd) before 2.2.3, as used in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8, allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via crafted chunk dimensions in an image.",Released
20160624,CVE-2016-5767,,8.8,986393,php53,https://www.suse.com/security/cve/CVE-2016-5767,"Integer overflow in the gdImageCreate function in gd.c in the GD Graphics Library (aka libgd) before 2.0.34RC1, as used in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8, allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted image dimensions.",Released
20160624,CVE-2016-5769,,9.8,986388,php53,https://www.suse.com/security/cve/CVE-2016-5769,"Multiple integer overflows in mcrypt.c in the mcrypt extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allow remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted length value, related to the (1) mcrypt_generic and (2) mdecrypt_generic functions.",Released
20160624,CVE-2016-5770,5.6,9.8,986392,php53,https://www.suse.com/security/cve/CVE-2016-5770,"Integer overflow in the SplFileObject::fread function in spl_directory.c in the SPL extension in PHP before 5.5.37 and 5.6.x before 5.6.23 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large integer argument, a related issue to CVE-2016-5096.",Released
20160624,CVE-2016-5771,5.6,9.8,986247,php53,https://www.suse.com/security/cve/CVE-2016-5771,"spl_array.c in the SPL extension in PHP before 5.5.37 and 5.6.x before 5.6.23 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and application crash) via crafted serialized data.",Released
20160627,CVE-2016-5823,,5.5,986632,libical,https://www.suse.com/security/cve/CVE-2016-5823,"The icalproperty_new_clone function in libical 0.47 and 1.0 allows remote attackers to cause a denial of service (use-after-free) via a crafted ics file.",Released
20160627,CVE-2016-5824,,5.5,1015964,libical,https://www.suse.com/security/cve/CVE-2016-5824,"libical 1.0 allows remote attackers to cause a denial of service (use-after-free) via a crafted ics file.",Released
20160627,CVE-2016-5825,,5.5,986631,libical,https://www.suse.com/security/cve/CVE-2016-5825,"The icalparser_parse_string function in libical 0.47 and 1.0 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted ics file.",Released
20160627,CVE-2016-5826,,7.5,986631,libical,https://www.suse.com/security/cve/CVE-2016-5826,"The parser_get_next_char function in libical 0.47 and 1.0 allows remote attackers to cause a denial of service (out-of-bounds heap read) by crafting a string to the icalparser_parse_string function.",Released
20160627,CVE-2016-5827,,7.5,986631,libical,https://www.suse.com/security/cve/CVE-2016-5827,"The icaltime_from_string function in libical 0.47 and 1.0 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted string to the icalparser_parse_string function.",Released
20160627,CVE-2016-5829,,7.8,1053919,kernel-source,https://www.suse.com/security/cve/CVE-2016-5829,"Multiple heap-based buffer overflows in the hiddev_ioctl_usage function in drivers/hid/usbhid/hiddev.c in the Linux kernel through 4.6.3 allow local users to cause a denial of service or possibly have unspecified other impact via a crafted (1) HIDIOCGUSAGES or (2) HIDIOCSUSAGES ioctl call.",Released
20160627,CVE-2016-5841,,9.8,986609,ImageMagick,https://www.suse.com/security/cve/CVE-2016-5841,"Integer overflow in MagickCore/profile.c in ImageMagick before 7.0.2-1 allows remote attackers to cause a denial of service (segmentation fault) or possibly execute arbitrary code via vectors involving the offset variable.",Released
20160627,CVE-2016-5842,,7.5,986608,ImageMagick,https://www.suse.com/security/cve/CVE-2016-5842,"MagickCore/property.c in ImageMagick before 7.0.2-1 allows remote attackers to obtain sensitive memory information via vectors involving the q variable, which triggers an out-of-bounds read.",Released
20160628,CVE-2014-9903,,,986794,kernel-source,https://www.suse.com/security/cve/CVE-2014-9903,"The sched_read_attr function in kernel/sched/core.c in the Linux kernel 3.14-rc before 3.14-rc4 uses an incorrect size, which allows local users to obtain sensitive information from kernel stack memory via a crafted sched_getattr system call.",Analysis
20160628,CVE-2016-5728,,6.3,986827,kernel-source,https://www.suse.com/security/cve/CVE-2016-5728,"Race condition in the vop_ioctl function in drivers/misc/mic/vop/vop_vringh.c in the MIC VOP driver in the Linux kernel before 4.6.1 allows local users to obtain sensitive information from kernel memory or cause a denial of service (memory corruption and system crash) by changing a certain header, aka a \"double fetch\" vulnerability.",Analysis
20160630,CVE-2016-5009,,6.5,987144,ceph,https://www.suse.com/security/cve/CVE-2016-5009,"The handle_command function in mon/Monitor.cc in Ceph allows remote authenticated users to cause a denial of service (segmentation fault and ceph monitor crash) via an (1) empty or (2) crafted prefix.",Ignore
20160630,CVE-2016-5746,,5.1,984245,yast2-storage,https://www.suse.com/security/cve/CVE-2016-5746,"libstorage, libstorage-ng, and yast-storage improperly store passphrases for encrypted storage devices in a temporary file on disk, which might allow local users to obtain sensitive information by reading the file, as demonstrated by /tmp/libstorage-XXXXXX/pwdf.",Released
20160701,CVE-2016-5875,,,1007284,tiff,https://www.suse.com/security/cve/CVE-2016-5875,"** REJECT **  DO NOT USE THIS CANDIDATE NUMBER.  ConsultIDs: CVE-2016-5314.  Reason: This candidate is a reservation duplicate of CVE-2016-5314.  Notes: All CVE users should reference CVE-2016-5314 instead of this candidate.  All references and descriptions in this candidate have been removed to prevent accidental usage.",Released
20160701,CVE-2016-6153,,5.9,1149969,sqlite3,https://www.suse.com/security/cve/CVE-2016-6153,"os_unix.c in SQLite before 3.13.0 improperly implements the temporary directory search algorithm, which might allow local users to obtain sensitive information, cause a denial of service (application crash), or have unspecified other impact by leveraging use of the current working directory for temporary files.",Released
20160704,CVE-2016-5008,,9.8,987527,libvirt,https://www.suse.com/security/cve/CVE-2016-5008,"libvirt before 2.0.0 improperly disables password checking when the password on a VNC server is set to an empty string, which allows remote attackers to bypass authentication and establish a VNC session by connecting to the server.",Released
20160704,CVE-2016-6128,,7.5,987580,gd,https://www.suse.com/security/cve/CVE-2016-6128,"The gdImageCropThreshold function in gd_crop.c in the GD Graphics Library (aka libgd) before 2.2.3, as used in PHP before 7.0.9, allows remote attackers to cause a denial of service (application crash) via an invalid color index.",Already fixed
20160704,CVE-2016-6128,,7.5,987580,php53,https://www.suse.com/security/cve/CVE-2016-6128,"The gdImageCropThreshold function in gd_crop.c in the GD Graphics Library (aka libgd) before 2.2.3, as used in PHP before 7.0.9, allows remote attackers to cause a denial of service (application crash) via an invalid color index.",Unsupported
20160704,CVE-2016-6131,,7.5,1075785,binutils,https://www.suse.com/security/cve/CVE-2016-6131,"The demangler in GNU Libiberty allows remote attackers to cause a denial of service (infinite loop, stack overflow, and crash) via a cycle in the references of remembered mangled types.",Unsupported
20160704,CVE-2016-6131,,7.5,1075785,crash,https://www.suse.com/security/cve/CVE-2016-6131,"The demangler in GNU Libiberty allows remote attackers to cause a denial of service (infinite loop, stack overflow, and crash) via a cycle in the references of remembered mangled types.",Unsupported
20160704,CVE-2016-6131,,7.5,1075785,gcc33,https://www.suse.com/security/cve/CVE-2016-6131,"The demangler in GNU Libiberty allows remote attackers to cause a denial of service (infinite loop, stack overflow, and crash) via a cycle in the references of remembered mangled types.",Unsupported
20160704,CVE-2016-6131,,7.5,1075785,gcc43,https://www.suse.com/security/cve/CVE-2016-6131,"The demangler in GNU Libiberty allows remote attackers to cause a denial of service (infinite loop, stack overflow, and crash) via a cycle in the references of remembered mangled types.",Unsupported
20160704,CVE-2016-6131,,7.5,1075785,gcc5,https://www.suse.com/security/cve/CVE-2016-6131,"The demangler in GNU Libiberty allows remote attackers to cause a denial of service (infinite loop, stack overflow, and crash) via a cycle in the references of remembered mangled types.",Unsupported
20160704,CVE-2016-6131,,7.5,1075785,gdb,https://www.suse.com/security/cve/CVE-2016-6131,"The demangler in GNU Libiberty allows remote attackers to cause a denial of service (infinite loop, stack overflow, and crash) via a cycle in the references of remembered mangled types.",Unsupported
20160706,CVE-2016-1238,6.7,7.8,1108749,perl,https://www.suse.com/security/cve/CVE-2016-1238,"(1) cpan/Archive-Tar/bin/ptar, (2) cpan/Archive-Tar/bin/ptardiff, (3) cpan/Archive-Tar/bin/ptargrep, (4) cpan/CPAN/scripts/cpan, (5) cpan/Digest-SHA/shasum, (6) cpan/Encode/bin/enc2xs, (7) cpan/Encode/bin/encguess, (8) cpan/Encode/bin/piconv, (9) cpan/Encode/bin/ucmlint, (10) cpan/Encode/bin/unidump, (11) cpan/ExtUtils-MakeMaker/bin/instmodsh, (12) cpan/IO-Compress/bin/zipdetails, (13) cpan/JSON-PP/bin/json_pp, (14) cpan/Test-Harness/bin/prove, (15) dist/ExtUtils-ParseXS/lib/ExtUtils/xsubpp, (16) dist/Module-CoreList/corelist, (17) ext/Pod-Html/bin/pod2html, (18) utils/c2ph.PL, (19) utils/h2ph.PL, (20) utils/h2xs.PL, (21) utils/libnetcfg.PL, (22) utils/perlbug.PL, (23) utils/perldoc.PL, (24) utils/perlivp.PL, and (25) utils/splain.PL in Perl 5.x before 5.22.3-RC2 and 5.24 before 5.24.1-RC2 do not properly remove . (period) characters from the end of the includes directory array, which might allow local users to gain privileges via a Trojan horse module under the current working directory.",Released
20160706,CVE-2016-1238,6.7,7.8,1108749,spamassassin,https://www.suse.com/security/cve/CVE-2016-1238,"(1) cpan/Archive-Tar/bin/ptar, (2) cpan/Archive-Tar/bin/ptardiff, (3) cpan/Archive-Tar/bin/ptargrep, (4) cpan/CPAN/scripts/cpan, (5) cpan/Digest-SHA/shasum, (6) cpan/Encode/bin/enc2xs, (7) cpan/Encode/bin/encguess, (8) cpan/Encode/bin/piconv, (9) cpan/Encode/bin/ucmlint, (10) cpan/Encode/bin/unidump, (11) cpan/ExtUtils-MakeMaker/bin/instmodsh, (12) cpan/IO-Compress/bin/zipdetails, (13) cpan/JSON-PP/bin/json_pp, (14) cpan/Test-Harness/bin/prove, (15) dist/ExtUtils-ParseXS/lib/ExtUtils/xsubpp, (16) dist/Module-CoreList/corelist, (17) ext/Pod-Html/bin/pod2html, (18) utils/c2ph.PL, (19) utils/h2ph.PL, (20) utils/h2xs.PL, (21) utils/libnetcfg.PL, (22) utils/perlbug.PL, (23) utils/perldoc.PL, (24) utils/perlivp.PL, and (25) utils/splain.PL in Perl 5.x before 5.22.3-RC2 and 5.24 before 5.24.1-RC2 do not properly remove . (period) characters from the end of the includes directory array, which might allow local users to gain privileges via a Trojan horse module under the current working directory.",Released
20160706,CVE-2016-6163,,5.5,977985,librsvg,https://www.suse.com/security/cve/CVE-2016-6163,"The rsvg_pattern_fix_fallback function in rsvg-paint_server.c in librsvg2 2.40.2 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted svg file.",Released
20160706,CVE-2016-6170,,6.5,1028603,bind,https://www.suse.com/security/cve/CVE-2016-6170,"ISC BIND through 9.9.9-P1, 9.10.x through 9.10.4-P1, and 9.11.x through 9.11.0b1 allows primary DNS servers to cause a denial of service (secondary DNS server crash) via a large AXFR response, and possibly allows IXFR servers to cause a denial of service (IXFR client crash) via a large IXFR response and allows remote authenticated users to cause a denial of service (primary DNS server crash) via a large UPDATE message.",Released
20160707,CVE-2016-6156,,5.1,988025,kernel-source,https://www.suse.com/security/cve/CVE-2016-6156,"Race condition in the ec_device_ioctl_xcmd function in drivers/platform/chrome/cros_ec_dev.c in the Linux kernel before 4.7 allows local users to cause a denial of service (out-of-bounds array access) by changing a certain size value, aka a \"double fetch\" vulnerability.",Analysis
20160707,CVE-2016-6161,,6.5,988032,gd,https://www.suse.com/security/cve/CVE-2016-6161,"The output function in gd_gif_out.c in the GD Graphics Library (aka libgd) allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted image.",Released
20160707,CVE-2016-6162,,7.8,1009969,kernel-source,https://www.suse.com/security/cve/CVE-2016-6162,"net/core/skbuff.c in the Linux kernel 4.7-rc6 allows local users to cause a denial of service (panic) or possibly have unspecified other impact via certain IPv6 socket operations.",Analysis
20160708,CVE-2016-6136,5.3,4.7,988153,kernel-source,https://www.suse.com/security/cve/CVE-2016-6136,"Race condition in the audit_log_single_execve_arg function in kernel/auditsc.c in the Linux kernel through 4.7 allows local users to bypass intended character-set restrictions or disrupt system-call auditing by changing a certain string, aka a \"double fetch\" vulnerability.",Unsupported
20160711,CVE-2016-6185,,7.8,988311,perl,https://www.suse.com/security/cve/CVE-2016-6185,"The XSLoader::load method in XSLoader in Perl does not properly locate .so files when called in a string eval, which might allow local users to execute arbitrary code via a Trojan horse library under the current working directory.",Released
20160711,CVE-2016-6187,,7.8,988307,kernel-source,https://www.suse.com/security/cve/CVE-2016-6187,"The apparmor_setprocattr function in security/apparmor/lsm.c in the Linux kernel before 4.6.5 does not validate the buffer size, which allows local users to gain privileges by triggering an AppArmor setprocattr hook.",Analysis
20160712,CVE-2016-5387,,8.1,988484,apache2,https://www.suse.com/security/cve/CVE-2016-5387,"The Apache HTTP Server through 2.4.23 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an \"httpoxy\" issue.  NOTE: the vendor states \"This mitigation has been assigned the identifier CVE-2016-5387\"; in other words, this is not a CVE ID for a vulnerability.",Released
20160712,CVE-2016-5388,,8.1,988484,tomcat6,https://www.suse.com/security/cve/CVE-2016-5388,"Apache Tomcat 7.x through 7.0.70 and 8.x through 8.5.4, when the CGI Servlet is enabled, follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an \"httpoxy\" issue. NOTE: the vendor states \"A mitigation is planned for future releases of Tomcat, tracked as CVE-2016-5388\"; in other words, this is not a CVE ID for a vulnerability.",Released
20160714,CVE-2016-6213,,4.7,988964,kernel-source,https://www.suse.com/security/cve/CVE-2016-6213,"fs/namespace.c in the Linux kernel before 4.9 does not restrict how many mounts may exist in a mount namespace, which allows local users to cause a denial of service (memory consumption and deadlock) via MS_BIND mount system calls, as demonstrated by a loop that triggers exponential growth in the number of mounts.",Ignore
20160715,CVE-2016-5696,4.8,4.8,1020452,kernel-source,https://www.suse.com/security/cve/CVE-2016-5696,"net/ipv4/tcp_input.c in the Linux kernel before 4.7 does not properly determine the rate of challenge ACK segments, which makes it easier for remote attackers to hijack TCP sessions via a blind in-window attack.",Released
20160718,CVE-2016-6210,,5.9,1001712,openssh-askpass-gnome,https://www.suse.com/security/cve/CVE-2016-6210,"sshd in OpenSSH before 7.3, when SHA256 or SHA512 are used for user password hashing, uses BLOWFISH hashing on a static password when the username does not exist, which allows remote attackers to enumerate users by leveraging the timing difference between responses when a large password is provided.",Released
20160718,CVE-2016-6210,,5.9,1001712,openssh,https://www.suse.com/security/cve/CVE-2016-6210,"sshd in OpenSSH before 7.3, when SHA256 or SHA512 are used for user password hashing, uses BLOWFISH hashing on a static password when the username does not exist, which allows remote attackers to enumerate users by leveraging the timing difference between responses when a large password is provided.",Released
20160719,CVE-2014-3587,-1,-1,987530,php53,https://www.suse.com/security/cve/CVE-2014-3587,"Integer overflow in the cdf_read_property_info function in cdf.c in file through 5.19, as used in the Fileinfo component in PHP before 5.4.32 and 5.5.x before 5.5.16, allows remote attackers to cause a denial of service (application crash) via a crafted CDF file.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1571.",Released
20160719,CVE-2016-2775,,5.9,989528,bind,https://www.suse.com/security/cve/CVE-2016-2775,"ISC BIND 9.x before 9.9.9-P2, 9.10.x before 9.10.4-P2, and 9.11.x before 9.11.0b2, when lwresd or the named lwres option is enabled, allows remote attackers to cause a denial of service (daemon crash) via a long request that uses the lightweight resolver protocol.",Released
20160720,CVE-2016-3485,,2.9,1009280,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2016-3485,"Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92; Java SE Embedded 8u91; and JRockit R28.3.10 allows local users to affect integrity via vectors related to Networking.",Released
20160720,CVE-2016-3587,,9.6,989721,php53,https://www.suse.com/security/cve/CVE-2016-3587,"Unspecified vulnerability in Oracle Java SE 8u92 and Java SE Embedded 8u91 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Hotspot.",Released
20160721,CVE-2016-6258,,8.8,1072198,xen,https://www.suse.com/security/cve/CVE-2016-6258,"The PV pagetable code in arch/x86/mm.c in Xen 4.7.x and earlier allows local 32-bit PV guest OS administrators to gain host OS privileges by leveraging fast-paths for updating pagetable entries.",Released
20160722,CVE-2015-8948,,7.5,1014473,libidn,https://www.suse.com/security/cve/CVE-2015-8948,"idn in GNU libidn before 1.33 might allow remote attackers to obtain sensitive memory information by reading a zero byte as input, which triggers an out-of-bounds read.",Released
20160722,CVE-2016-5408,,9.8,976553,squid3,https://www.suse.com/security/cve/CVE-2016-5408,"Stack-based buffer overflow in the munge_other_line function in cachemgr.cgi in the squid package before 3.1.23-16.el6_8.6 in Red Hat Enterprise Linux 6 allows remote attackers to execute arbitrary code via unspecified vectors.  NOTE: this vulnerability exists because of an incorrect fix for CVE-2016-4051.",Released
20160722,CVE-2016-5408,,9.8,976553,squid,https://www.suse.com/security/cve/CVE-2016-5408,"Stack-based buffer overflow in the munge_other_line function in cachemgr.cgi in the squid package before 3.1.23-16.el6_8.6 in Red Hat Enterprise Linux 6 allows remote attackers to execute arbitrary code via unspecified vectors.  NOTE: this vulnerability exists because of an incorrect fix for CVE-2016-4051.",Released
20160722,CVE-2016-6261,,7.5,1118435,libidn,https://www.suse.com/security/cve/CVE-2016-6261,"The idna_to_ascii_4i function in lib/idna.c in libidn before 1.33 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via 64 bytes of input.",Released
20160722,CVE-2016-6262,,7.5,1014473,libidn,https://www.suse.com/security/cve/CVE-2016-6262,"idn in libidn before 1.33 might allow remote attackers to obtain sensitive memory information by reading a zero byte as input, which triggers an out-of-bounds read, a different vulnerability than CVE-2015-8948.",Released
20160722,CVE-2016-6263,,7.5,1118435,libidn,https://www.suse.com/security/cve/CVE-2016-6263,"The stringprep_utf8_nfkc_normalize function in lib/nfkc.c in libidn before 1.33 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via crafted UTF-8 data.",Released
20160723,CVE-2016-1705,,8.8,989901,libxml2,https://www.suse.com/security/cve/CVE-2016-1705,"Multiple unspecified vulnerabilities in Google Chrome before 52.0.2743.82 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.",Released
20160723,CVE-2016-1705,,8.8,989901,libxml2-python,https://www.suse.com/security/cve/CVE-2016-1705,"Multiple unspecified vulnerabilities in Google Chrome before 52.0.2743.82 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.",Released
20160723,CVE-2016-1706,,9.6,989901,libxml2,https://www.suse.com/security/cve/CVE-2016-1706,"The PPAPI implementation in Google Chrome before 52.0.2743.82 does not validate the origin of IPC messages to the plugin broker process that should have come from the browser process, which allows remote attackers to bypass a sandbox protection mechanism via an unexpected message type, related to broker_process_dispatcher.cc, ppapi_plugin_process_host.cc, ppapi_thread.cc, and render_frame_message_filter.cc.",Released
20160723,CVE-2016-1706,,9.6,989901,libxml2-python,https://www.suse.com/security/cve/CVE-2016-1706,"The PPAPI implementation in Google Chrome before 52.0.2743.82 does not validate the origin of IPC messages to the plugin broker process that should have come from the browser process, which allows remote attackers to bypass a sandbox protection mechanism via an unexpected message type, related to broker_process_dispatcher.cc, ppapi_plugin_process_host.cc, ppapi_thread.cc, and render_frame_message_filter.cc.",Released
20160723,CVE-2016-1707,,6.5,989901,libxml2,https://www.suse.com/security/cve/CVE-2016-1707,"ios/web/web_state/ui/crw_web_controller.mm in Google Chrome before 52.0.2743.82 on iOS does not ensure that an invalid URL is replaced with the about:blank URL, which allows remote attackers to spoof the URL display via a crafted web site.",Released
20160723,CVE-2016-1707,,6.5,989901,libxml2-python,https://www.suse.com/security/cve/CVE-2016-1707,"ios/web/web_state/ui/crw_web_controller.mm in Google Chrome before 52.0.2743.82 on iOS does not ensure that an invalid URL is replaced with the about:blank URL, which allows remote attackers to spoof the URL display via a crafted web site.",Released
20160723,CVE-2016-1708,,8.8,989901,libxml2,https://www.suse.com/security/cve/CVE-2016-1708,"The Chrome Web Store inline-installation implementation in the Extensions subsystem in Google Chrome before 52.0.2743.82 does not properly consider object lifetimes during progress observation, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted web site.",Released
20160723,CVE-2016-1708,,8.8,989901,libxml2-python,https://www.suse.com/security/cve/CVE-2016-1708,"The Chrome Web Store inline-installation implementation in the Extensions subsystem in Google Chrome before 52.0.2743.82 does not properly consider object lifetimes during progress observation, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted web site.",Released
20160723,CVE-2016-1709,,8.8,989901,libxml2,https://www.suse.com/security/cve/CVE-2016-1709,"Heap-based buffer overflow in the ByteArray::Get method in data/byte_array.cc in Google sfntly before 2016-06-10, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted SFNT font.",Released
20160723,CVE-2016-1709,,8.8,989901,libxml2-python,https://www.suse.com/security/cve/CVE-2016-1709,"Heap-based buffer overflow in the ByteArray::Get method in data/byte_array.cc in Google sfntly before 2016-06-10, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted SFNT font.",Released
20160723,CVE-2016-1710,,8.8,989901,libxml2,https://www.suse.com/security/cve/CVE-2016-1710,"The ChromeClientImpl::createWindow method in WebKit/Source/web/ChromeClientImpl.cpp in Blink, as used in Google Chrome before 52.0.2743.82, does not prevent window creation by a deferred frame, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.",Released
20160723,CVE-2016-1710,,8.8,989901,libxml2-python,https://www.suse.com/security/cve/CVE-2016-1710,"The ChromeClientImpl::createWindow method in WebKit/Source/web/ChromeClientImpl.cpp in Blink, as used in Google Chrome before 52.0.2743.82, does not prevent window creation by a deferred frame, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.",Released
20160723,CVE-2016-1711,,8.8,989901,libxml2,https://www.suse.com/security/cve/CVE-2016-1711,"WebKit/Source/core/loader/FrameLoader.cpp in Blink, as used in Google Chrome before 52.0.2743.82, does not disable frame navigation during a detach operation on a DocumentLoader object, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.",Released
20160723,CVE-2016-1711,,8.8,989901,libxml2-python,https://www.suse.com/security/cve/CVE-2016-1711,"WebKit/Source/core/loader/FrameLoader.cpp in Blink, as used in Google Chrome before 52.0.2743.82, does not disable frame navigation during a detach operation on a DocumentLoader object, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.",Released
20160723,CVE-2016-5127,,7.5,989901,libxml2,https://www.suse.com/security/cve/CVE-2016-5127,"Use-after-free vulnerability in WebKit/Source/core/editing/VisibleUnits.cpp in Blink, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code involving an @import at-rule in a Cascading Style Sheets (CSS) token sequence in conjunction with a rel=import attribute of a LINK element.",Released
20160723,CVE-2016-5127,,7.5,989901,libxml2-python,https://www.suse.com/security/cve/CVE-2016-5127,"Use-after-free vulnerability in WebKit/Source/core/editing/VisibleUnits.cpp in Blink, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code involving an @import at-rule in a Cascading Style Sheets (CSS) token sequence in conjunction with a rel=import attribute of a LINK element.",Released
20160723,CVE-2016-5128,,8.8,989901,libxml2,https://www.suse.com/security/cve/CVE-2016-5128,"objects.cc in Google V8 before 5.2.361.27, as used in Google Chrome before 52.0.2743.82, does not prevent API interceptors from modifying a store target without setting a property, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.",Released
20160723,CVE-2016-5128,,8.8,989901,libxml2-python,https://www.suse.com/security/cve/CVE-2016-5128,"objects.cc in Google V8 before 5.2.361.27, as used in Google Chrome before 52.0.2743.82, does not prevent API interceptors from modifying a store target without setting a property, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.",Released
20160723,CVE-2016-5129,,8.8,989901,libxml2,https://www.suse.com/security/cve/CVE-2016-5129,"Google V8 before 5.2.361.32, as used in Google Chrome before 52.0.2743.82, does not properly process left-trimmed objects, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted JavaScript code.",Released
20160723,CVE-2016-5129,,8.8,989901,libxml2-python,https://www.suse.com/security/cve/CVE-2016-5129,"Google V8 before 5.2.361.32, as used in Google Chrome before 52.0.2743.82, does not properly process left-trimmed objects, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted JavaScript code.",Released
20160723,CVE-2016-5130,,6.5,989901,libxml2,https://www.suse.com/security/cve/CVE-2016-5130,"content/renderer/history_controller.cc in Google Chrome before 52.0.2743.82 does not properly restrict multiple uses of a JavaScript forward method, which allows remote attackers to spoof the URL display via a crafted web site.",Released
20160723,CVE-2016-5130,,6.5,989901,libxml2-python,https://www.suse.com/security/cve/CVE-2016-5130,"content/renderer/history_controller.cc in Google Chrome before 52.0.2743.82 does not properly restrict multiple uses of a JavaScript forward method, which allows remote attackers to spoof the URL display via a crafted web site.",Released
20160723,CVE-2016-5131,8.8,8.8,1014873,libxml2,https://www.suse.com/security/cve/CVE-2016-5131,"Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function.",Released
20160723,CVE-2016-5131,8.8,8.8,1014873,libxml2-python,https://www.suse.com/security/cve/CVE-2016-5131,"Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function.",Released
20160723,CVE-2016-5132,,8.8,989901,libxml2,https://www.suse.com/security/cve/CVE-2016-5132,"The Service Workers subsystem in Google Chrome before 52.0.2743.82 does not properly implement the Secure Contexts specification during decisions about whether to control a subframe, which allows remote attackers to bypass the Same Origin Policy via an https IFRAME element inside an http IFRAME element.",Released
20160723,CVE-2016-5132,,8.8,989901,libxml2-python,https://www.suse.com/security/cve/CVE-2016-5132,"The Service Workers subsystem in Google Chrome before 52.0.2743.82 does not properly implement the Secure Contexts specification during decisions about whether to control a subframe, which allows remote attackers to bypass the Same Origin Policy via an https IFRAME element inside an http IFRAME element.",Released
20160723,CVE-2016-5133,,5.3,989901,libxml2,https://www.suse.com/security/cve/CVE-2016-5133,"Google Chrome before 52.0.2743.82 mishandles origin information during proxy authentication, which allows man-in-the-middle attackers to spoof a proxy-authentication login prompt or trigger incorrect credential storage by modifying the client-server data stream.",Released
20160723,CVE-2016-5133,,5.3,989901,libxml2-python,https://www.suse.com/security/cve/CVE-2016-5133,"Google Chrome before 52.0.2743.82 mishandles origin information during proxy authentication, which allows man-in-the-middle attackers to spoof a proxy-authentication login prompt or trigger incorrect credential storage by modifying the client-server data stream.",Released
20160723,CVE-2016-5134,,8.8,989901,libxml2,https://www.suse.com/security/cve/CVE-2016-5134,"net/proxy/proxy_service.cc in the Proxy Auto-Config (PAC) feature in Google Chrome before 52.0.2743.82 does not ensure that URL information is restricted to a scheme, host, and port, which allows remote attackers to discover credentials by operating a server with a PAC script, a related issue to CVE-2016-3763.",Released
20160723,CVE-2016-5134,,8.8,989901,libxml2-python,https://www.suse.com/security/cve/CVE-2016-5134,"net/proxy/proxy_service.cc in the Proxy Auto-Config (PAC) feature in Google Chrome before 52.0.2743.82 does not ensure that URL information is restricted to a scheme, host, and port, which allows remote attackers to discover credentials by operating a server with a PAC script, a related issue to CVE-2016-3763.",Released
20160723,CVE-2016-5135,,6.5,989901,libxml2,https://www.suse.com/security/cve/CVE-2016-5135,"WebKit/Source/core/html/parser/HTMLPreloadScanner.cpp in Blink, as used in Google Chrome before 52.0.2743.82, does not consider referrer-policy information inside an HTML document during a preload request, which allows remote attackers to bypass the Content Security Policy (CSP) protection mechanism via a crafted web site, as demonstrated by a \"Content-Security-Policy: referrer origin-when-cross-origin\" header that overrides a \"<META name='referrer' content='no-referrer'>\" element.",Released
20160723,CVE-2016-5135,,6.5,989901,libxml2-python,https://www.suse.com/security/cve/CVE-2016-5135,"WebKit/Source/core/html/parser/HTMLPreloadScanner.cpp in Blink, as used in Google Chrome before 52.0.2743.82, does not consider referrer-policy information inside an HTML document during a preload request, which allows remote attackers to bypass the Content Security Policy (CSP) protection mechanism via a crafted web site, as demonstrated by a \"Content-Security-Policy: referrer origin-when-cross-origin\" header that overrides a \"<META name='referrer' content='no-referrer'>\" element.",Released
20160723,CVE-2016-5136,,8.8,989901,libxml2,https://www.suse.com/security/cve/CVE-2016-5136,"Use-after-free vulnerability in extensions/renderer/user_script_injector.cc in the Extensions subsystem in Google Chrome before 52.0.2743.82 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to script deletion.",Released
20160723,CVE-2016-5136,,8.8,989901,libxml2-python,https://www.suse.com/security/cve/CVE-2016-5136,"Use-after-free vulnerability in extensions/renderer/user_script_injector.cc in the Extensions subsystem in Google Chrome before 52.0.2743.82 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to script deletion.",Released
20160723,CVE-2016-5137,,4.3,989901,libxml2,https://www.suse.com/security/cve/CVE-2016-5137,"The CSPSource::schemeMatches function in WebKit/Source/core/frame/csp/CSPSource.cpp in the Content Security Policy (CSP) implementation in Blink, as used in Google Chrome before 52.0.2743.82, does not apply http :80 policies to https :443 URLs and does not apply ws :80 policies to wss :443 URLs, which makes it easier for remote attackers to determine whether a specific HSTS web site has been visited by reading a CSP report.  NOTE: this vulnerability is associated with a specification change after CVE-2016-1617 resolution.",Released
20160723,CVE-2016-5137,,4.3,989901,libxml2-python,https://www.suse.com/security/cve/CVE-2016-5137,"The CSPSource::schemeMatches function in WebKit/Source/core/frame/csp/CSPSource.cpp in the Content Security Policy (CSP) implementation in Blink, as used in Google Chrome before 52.0.2743.82, does not apply http :80 policies to https :443 URLs and does not apply ws :80 policies to wss :443 URLs, which makes it easier for remote attackers to determine whether a specific HSTS web site has been visited by reading a CSP report.  NOTE: this vulnerability is associated with a specification change after CVE-2016-1617 resolution.",Released
20160725,CVE-2016-6223,,9.1,990460,tiff,https://www.suse.com/security/cve/CVE-2016-6223,"The TIFFReadRawStrip1 and TIFFReadRawTile1 functions in tif_read.c in libtiff before 4.0.7 allows remote attackers to cause a denial of service (crash) or possibly obtain sensitive information via a negative index in a file-content buffer.",Unsupported
20160726,CVE-2016-6293,,9.8,1035111,icu,https://www.suse.com/security/cve/CVE-2016-6293,"The uloc_acceptLanguageFromHTTP function in common/uloc.cpp in International Components for Unicode (ICU) through 57.1 for C/C++ does not ensure that there is a '\0' character at the end of a certain temporary array, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a call with a long httpAcceptLanguage argument.",Released
20160726,CVE-2016-6293,,9.8,1035111,php53,https://www.suse.com/security/cve/CVE-2016-6293,"The uloc_acceptLanguageFromHTTP function in common/uloc.cpp in International Components for Unicode (ICU) through 57.1 for C/C++ does not ensure that there is a '\0' character at the end of a certain temporary array, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a call with a long httpAcceptLanguage argument.",Unsupported
20160726,CVE-2016-6294,,9.8,1035111,icu,https://www.suse.com/security/cve/CVE-2016-6294,"The locale_accept_from_http function in ext/intl/locale/locale_methods.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 does not properly restrict calls to the ICU uloc_acceptLanguageFromHTTP function, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a call with a long argument.",Released
20160726,CVE-2016-6294,,9.8,1035111,php53,https://www.suse.com/security/cve/CVE-2016-6294,"The locale_accept_from_http function in ext/intl/locale/locale_methods.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 does not properly restrict calls to the ICU uloc_acceptLanguageFromHTTP function, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a call with a long argument.",Unsupported
20160727,CVE-2014-0235,-1,-1,987530,php53,https://www.suse.com/security/cve/CVE-2014-0235,"** REJECT **  DO NOT USE THIS CANDIDATE NUMBER.  ConsultIDs: CVE-2014-0325, CVE-2014-3538.  Reason: This candidate is a duplicate of CVE-2014-0325 and/or CVE-2014-3538.  A typo caused the wrong ID to be used.  Notes: All CVE users should reference CVE-2014-0325 instead of this candidate for the issue in the Internet Explorer product, and should reference CVE-2014-3538 instead of this candidate for the issue in the file product.  All references and descriptions in this candidate have been removed to prevent accidental usage.",Released
20160727,CVE-2016-5403,,5.5,990923,kvm,https://www.suse.com/security/cve/CVE-2016-5403,"The virtqueue_pop function in hw/virtio/virtio.c in QEMU allows local guest OS administrators to cause a denial of service (memory consumption and QEMU process crash) by submitting requests without waiting for completion.",Released
20160727,CVE-2016-5403,,5.5,990923,xen,https://www.suse.com/security/cve/CVE-2016-5403,"The virtqueue_pop function in hw/virtio/virtio.c in QEMU allows local guest OS administrators to cause a denial of service (memory consumption and QEMU process crash) by submitting requests without waiting for completion.",Released
20160727,CVE-2016-6351,,6.7,990835,xen,https://www.suse.com/security/cve/CVE-2016-6351,"The esp_do_dma function in hw/scsi/esp.c in QEMU (aka Quick Emulator), when built with ESP/NCR53C9x controller emulation support, allows local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) or execute arbitrary code on the QEMU host via vectors involving DMA read into ESP command buffer.",Unsupported
20160801,CVE-2016-5399,,7.8,991430,php53,https://www.suse.com/security/cve/CVE-2016-5399,"The bzread function in ext/bz2/bz2.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (out-of-bounds write) or execute arbitrary code via a crafted bz2 archive.",Released
20160801,CVE-2016-5419,,7.5,1033413,curl,https://www.suse.com/security/cve/CVE-2016-5419,"curl and libcurl before 7.50.1 do not prevent TLS session resumption when the client certificate has changed, which allows remote attackers to bypass intended restrictions by resuming a session.",Released
20160801,CVE-2016-5420,,7.5,991390,curl,https://www.suse.com/security/cve/CVE-2016-5420,"curl and libcurl before 7.50.1 do not check the client certificate when choosing the TLS connection to reuse, which might allow remote attackers to hijack the authentication of the connection by leveraging a previously created connection with a different client certificate.",Released
20160801,CVE-2016-5421,,8.1,991391,curl,https://www.suse.com/security/cve/CVE-2016-5421,"Use-after-free vulnerability in libcurl before 7.50.1 allows attackers to control which connection is used or possibly have unspecified other impact via unknown vectors.",Ignore
20160801,CVE-2016-6207,,6.5,991434,php53,https://www.suse.com/security/cve/CVE-2016-6207,"Integer overflow in the _gdContributionsAlloc function in gd_interpolation.c in GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds memory write or memory consumption) via unspecified vectors.",Unsupported
20160801,CVE-2016-6288,,9.8,991433,php53,https://www.suse.com/security/cve/CVE-2016-6288,"The php_url_parse_ex function in ext/standard/url.c in PHP before 5.5.38 allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via vectors involving the smart_str data type.",Released
20160801,CVE-2016-6289,,7.8,991428,php53,https://www.suse.com/security/cve/CVE-2016-6289,"Integer overflow in the virtual_file_ex function in TSRM/tsrm_virtual_cwd.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a crafted extract operation on a ZIP archive.",Released
20160801,CVE-2016-6290,,9.8,991429,php53,https://www.suse.com/security/cve/CVE-2016-6290,"ext/session/session.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 does not properly maintain a certain hash data structure, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via vectors related to session deserialization.",Released
20160801,CVE-2016-6291,,9.8,991427,php53,https://www.suse.com/security/cve/CVE-2016-6291,"The exif_process_IFD_in_MAKERNOTE function in ext/exif/exif.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (out-of-bounds array access and memory corruption), obtain sensitive information from process memory, or possibly have unspecified other impact via a crafted JPEG image.",Released
20160801,CVE-2016-6292,,6.5,991422,php53,https://www.suse.com/security/cve/CVE-2016-6292,"The exif_process_user_comment function in ext/exif/exif.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted JPEG image.",Unsupported
20160801,CVE-2016-6296,,9.8,991437,php53,https://www.suse.com/security/cve/CVE-2016-6296,"Integer signedness error in the simplestring_addn function in simplestring.c in xmlrpc-epi through 0.54.2, as used in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9, allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a long first argument to the PHP xmlrpc_encode_request function.",Released
20160801,CVE-2016-6297,,8.8,991426,php53,https://www.suse.com/security/cve/CVE-2016-6297,"Integer overflow in the php_stream_zip_opener function in ext/zip/zip_stream.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a crafted zip:// URL.",Released
20160801,CVE-2016-6352,,7.5,1027024,firefox-gdk-pixbuf,https://www.suse.com/security/cve/CVE-2016-6352,"The OneLine32 function in io-ico.c in gdk-pixbuf before 2.35.3 allows remote attackers to cause a denial of service (out-of-bounds write and crash) via crafted dimensions in an ICO file.",Won't fix
20160801,CVE-2016-6352,,7.5,1027024,gtk2,https://www.suse.com/security/cve/CVE-2016-6352,"The OneLine32 function in io-ico.c in gdk-pixbuf before 2.35.3 allows remote attackers to cause a denial of service (out-of-bounds write and crash) via crafted dimensions in an ICO file.",Released
20160801,CVE-2016-6490,,4.4,991466,kvm,https://www.suse.com/security/cve/CVE-2016-6490,"The virtqueue_map_desc function in hw/virtio/virtio.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via a zero length for the descriptor buffer.",Released
20160801,CVE-2016-6491,,8.8,991445,ImageMagick,https://www.suse.com/security/cve/CVE-2016-6491,"Buffer overflow in the Get8BIMProperty function in MagickCore/property.c in ImageMagick before 6.9.5-4 and 7.x before 7.0.2-6 allows remote attackers to cause a denial of service (out-of-bounds read, memory leak, and crash) via a crafted image.",Released
20160801,CVE-2016-6504,,5.9,991012,wireshark,https://www.suse.com/security/cve/CVE-2016-6504,"epan/dissectors/packet-ncp2222.inc in the NDS dissector in Wireshark 1.12.x before 1.12.13 does not properly maintain a ptvc data structure, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted packet.",Released
20160801,CVE-2016-6505,,5.9,991013,wireshark,https://www.suse.com/security/cve/CVE-2016-6505,"epan/dissectors/packet-packetbb.c in the PacketBB dissector in Wireshark 1.12.x before 1.12.13 and 2.x before 2.0.5 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted packet.",Released
20160801,CVE-2016-6506,,5.9,991015,wireshark,https://www.suse.com/security/cve/CVE-2016-6506,"epan/dissectors/packet-wsp.c in the WSP dissector in Wireshark 1.12.x before 1.12.13 and 2.x before 2.0.5 allows remote attackers to cause a denial of service (infinite loop) via a crafted packet.",Released
20160801,CVE-2016-6507,,5.9,991016,wireshark,https://www.suse.com/security/cve/CVE-2016-6507,"epan/dissectors/packet-mmse.c in the MMSE dissector in Wireshark 1.12.x before 1.12.13 allows remote attackers to cause a denial of service (infinite loop) via a crafted packet.",Released
20160801,CVE-2016-6508,,5.9,991017,wireshark,https://www.suse.com/security/cve/CVE-2016-6508,"epan/dissectors/packet-rlc.c in the RLC dissector in Wireshark 1.12.x before 1.12.13 and 2.x before 2.0.5 uses an incorrect integer data type, which allows remote attackers to cause a denial of service (large loop) via a crafted packet.",Released
20160801,CVE-2016-6509,,5.9,991018,wireshark,https://www.suse.com/security/cve/CVE-2016-6509,"epan/dissectors/packet-ldss.c in the LDSS dissector in Wireshark 1.12.x before 1.12.13 and 2.x before 2.0.5 mishandles conversations, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.",Released
20160801,CVE-2016-6510,,5.9,991019,wireshark,https://www.suse.com/security/cve/CVE-2016-6510,"Off-by-one error in epan/dissectors/packet-rlc.c in the RLC dissector in Wireshark 1.12.x before 1.12.13 and 2.x before 2.0.5 allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) via a crafted packet.",Released
20160801,CVE-2016-6511,,5.9,991020,wireshark,https://www.suse.com/security/cve/CVE-2016-6511,"epan/proto.c in Wireshark 1.12.x before 1.12.13 and 2.x before 2.0.5 allows remote attackers to cause a denial of service (OpenFlow dissector large loop) via a crafted packet.",Released
20160802,CVE-2016-6480,5.1,5.1,1004418,kernel-source,https://www.suse.com/security/cve/CVE-2016-6480,"Race condition in the ioctl_send_fib function in drivers/scsi/aacraid/commctrl.c in the Linux kernel through 4.7 allows local users to cause a denial of service (out-of-bounds access or system crash) by changing a certain size value, aka a \"double fetch\" vulnerability.",Released
20160802,CVE-2016-6516,,7.4,991604,kernel-source,https://www.suse.com/security/cve/CVE-2016-6516,"Race condition in the ioctl_file_dedupe_range function in fs/ioctl.c in the Linux kernel through 4.7 allows local users to cause a denial of service (heap-based buffer overflow) or possibly gain privileges by changing a certain count value, aka a \"double fetch\" vulnerability.",Analysis
20160803,CVE-2016-6301,,7.5,991940,busybox,https://www.suse.com/security/cve/CVE-2016-6301,"The recv_and_process_client_pkt function in networking/ntpd.c in busybox allows remote attackers to cause a denial of service (CPU and bandwidth consumption) via a forged NTP packet, which triggers a communication loop.",Unsupported
20160803,CVE-2016-6520,,9.1,991872,ImageMagick,https://www.suse.com/security/cve/CVE-2016-6520,"Buffer overflow in MagickCore/enhance.c in ImageMagick before 7.0.2-7 allows remote attackers to have unspecified impact via vectors related to pixel cache morphology.",Released
20160804,CVE-2016-1000110,,6.1,988484,python,https://www.suse.com/security/cve/CVE-2016-1000110,"The CGIHandler class in Python before 2.7.12 does not protect against the HTTP_PROXY variable name clash in a CGI script, which could allow a remote attacker to redirect HTTP requests.",Released
20160808,CVE-2016-3841,,7.3,1052256,kernel-source,https://www.suse.com/security/cve/CVE-2016-3841,"The IPv6 stack in the Linux kernel before 4.3.3 mishandles options data, which allows local users to gain privileges or cause a denial of service (use-after-free and system crash) via a crafted sendmsg system call.",Released
20160808,CVE-2016-5384,,7.8,1123116,fontconfig,https://www.suse.com/security/cve/CVE-2016-5384,"fontconfig before 2.12.1 does not validate offsets, which allows local users to trigger arbitrary free calls and consequently conduct double free attacks and execute arbitrary code via a crafted cache file.",Released
20160808,CVE-2016-6515,,7.5,1115893,openssh,https://www.suse.com/security/cve/CVE-2016-6515,"The auth_password function in auth-passwd.c in sshd in OpenSSH before 7.3 does not limit password lengths for password authentication, which allows remote attackers to cause a denial of service (crypt CPU consumption) via a long string.",Released
20160809,CVE-2014-9870,-1,-1,992729,kernel-source,https://www.suse.com/security/cve/CVE-2014-9870,"The Linux kernel before 3.11 on ARM platforms, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does not properly consider user-space access to the TPIDRURW register, which allows local users to gain privileges via a crafted application, aka Android internal bug 28749743 and Qualcomm internal bug CR561044.",Ignore
20160810,CVE-2016-6318,,7.8,1123113,cracklib,https://www.suse.com/security/cve/CVE-2016-6318,"Stack-based buffer overflow in the FascistGecosUser function in lib/fascist.c in cracklib allows local users to cause a denial of service (application crash) or gain privileges via a long GECOS field, involving longbuffer.",Released
20160812,CVE-2016-5423,,8.3,1041981,postgresql94,https://www.suse.com/security/cve/CVE-2016-5423,"PostgreSQL before 9.1.23, 9.2.x before 9.2.18, 9.3.x before 9.3.14, 9.4.x before 9.4.9, and 9.5.x before 9.5.4 allow remote authenticated users to cause a denial of service (NULL pointer dereference and server crash), obtain sensitive memory information, or possibly execute arbitrary code via (1) a CASE expression within the test value subexpression of another CASE or (2) inlining of an SQL function that implements the equality operator used for a CASE expression involving values of different types.",Released
20160812,CVE-2016-5424,,7.1,1041981,postgresql94,https://www.suse.com/security/cve/CVE-2016-5424,"PostgreSQL before 9.1.23, 9.2.x before 9.2.18, 9.3.x before 9.3.14, 9.4.x before 9.4.9, and 9.5.x before 9.5.4 might allow remote authenticated users with the CREATEDB or CREATEROLE role to gain superuser privileges via a (1) \" (double quote), (2) \ (backslash), (3) carriage return, or (4) newline character in a (a) database or (b) role name that is mishandled during an administrative operation.",Released
20160817,CVE-2016-6313,,5.3,1123792,libgcrypt,https://www.suse.com/security/cve/CVE-2016-6313,"The mixing functions in the random number generator in Libgcrypt before 1.5.6, 1.6.x before 1.6.6, and 1.7.x before 1.7.3 and GnuPG before 1.4.21 make it easier for attackers to obtain the values of 160 bits by leveraging knowledge of the previous 4640 bits.",Released
20160818,CVE-2016-6828,,5.5,1052256,kernel-source,https://www.suse.com/security/cve/CVE-2016-6828,"The tcp_check_send_head function in include/net/tcp.h in the Linux kernel before 4.7.5 does not properly maintain certain SACK state after a failed data copy, which allows local users to cause a denial of service (tcp_xmit_retransmit_queue use-after-free and system crash) via a crafted SACK option.",Released
20160818,CVE-2016-6834,,4.4,994418,xen,https://www.suse.com/security/cve/CVE-2016-6834,"The net_tx_pkt_do_sw_fragmentation function in hw/net/net_tx_pkt.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via a zero length for the current fragment length.",Released
20160819,CVE-2015-0239,-1,-1,987709,kernel-source,https://www.suse.com/security/cve/CVE-2015-0239,"The em_sysenter function in arch/x86/kvm/emulate.c in the Linux kernel before 3.18.5, when the guest OS lacks SYSENTER MSR initialization, allows guest OS users to gain guest OS privileges or cause a denial of service (guest OS crash) by triggering use of a 16-bit code segment for emulation of a SYSENTER instruction.",Released
20160819,CVE-2016-0821,,5.5,987709,kernel-source,https://www.suse.com/security/cve/CVE-2016-0821,"The LIST_POISON feature in include/linux/poison.h in the Linux kernel before 4.3, as used in Android 6.0.1 before 2016-03-01, does not properly consider the relationship to the mmap_min_addr value, which makes it easier for attackers to bypass a poison-pointer protection mechanism by triggering the use of an uninitialized list entry, aka Android internal bug 26186802, a different vulnerability than CVE-2015-3636.",Released
20160819,CVE-2016-6835,,6,994605,xen,https://www.suse.com/security/cve/CVE-2016-6835,"The vmxnet_tx_pkt_parse_headers function in hw/net/vmxnet_tx_pkt.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (buffer over-read) by leveraging failure to check IP header length.",Released
20160820,CVE-2013-5634,-1,-1,987709,kernel-source,https://www.suse.com/security/cve/CVE-2013-5634,"arch/arm/kvm/arm.c in the Linux kernel before 3.10 on the ARM platform, when KVM is used, allows host OS users to cause a denial of service (NULL pointer dereference, OOPS, and host OS crash) or possibly have unspecified other impact by omitting vCPU initialization before a KVM_GET_REG_LIST ioctl call.",Released
20160820,CVE-2014-2889,-1,-1,987709,kernel-source,https://www.suse.com/security/cve/CVE-2014-2889,"Off-by-one error in the bpf_jit_compile function in arch/x86/net/bpf_jit_comp.c in the Linux kernel before 3.1.8, when BPF JIT is enabled, allows local users to cause a denial of service (system crash) or possibly gain privileges via a long jump after a conditional jump.",Released
20160820,CVE-2014-4157,-1,-1,987709,kernel-source,https://www.suse.com/security/cve/CVE-2014-4157,"arch/mips/include/asm/thread_info.h in the Linux kernel before 3.14.8 on the MIPS platform does not configure _TIF_SECCOMP checks on the fast system-call path, which allows local users to bypass intended PR_SET_SECCOMP restrictions by executing a crafted application without invoking a trace or audit subsystem.",Released
20160820,CVE-2014-4322,-1,-1,987709,kernel-source,https://www.suse.com/security/cve/CVE-2014-4322,"drivers/misc/qseecom.c in the QSEECOM driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not validate certain offset, length, and base values within an ioctl call, which allows attackers to gain privileges or cause a denial of service (memory corruption) via a crafted application.",Released
20160820,CVE-2014-7843,-1,-1,987709,kernel-source,https://www.suse.com/security/cve/CVE-2014-7843,"The __clear_user function in arch/arm64/lib/clear_user.S in the Linux kernel before 3.17.4 on the ARM64 platform allows local users to cause a denial of service (system crash) by reading one byte beyond a /dev/zero page boundary.",Released
20160820,CVE-2014-8481,-1,-1,987709,kernel-source,https://www.suse.com/security/cve/CVE-2014-8481,"The instruction decoder in arch/x86/kvm/emulate.c in the KVM subsystem in the Linux kernel before 3.18-rc2 does not properly handle invalid instructions, which allows guest OS users to cause a denial of service (NULL pointer dereference and host OS crash) via a crafted application that triggers (1) an improperly fetched instruction or (2) an instruction that occupies too many bytes.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-8480.",Analysis
20160820,CVE-2016-0823,,4,987709,kernel-source,https://www.suse.com/security/cve/CVE-2016-0823,"The pagemap_open function in fs/proc/task_mmu.c in the Linux kernel before 3.19.3, as used in Android 6.0.1 before 2016-03-01, allows local users to obtain sensitive physical-address information by reading a pagemap file, aka Android internal bug 25739721.",Released
20160820,CVE-2016-2181,,7.5,1004104,openssl,https://www.suse.com/security/cve/CVE-2016-2181,"The Anti-Replay feature in the DTLS implementation in OpenSSL before 1.1.0 mishandles early use of a new epoch number in conjunction with a large sequence number, which allows remote attackers to cause a denial of service (false-positive packet drops) via spoofed DTLS records, related to rec_layer_d1.c and ssl3_record.c.",Released
20160820,CVE-2016-6327,,5.5,994748,kernel-source,https://www.suse.com/security/cve/CVE-2016-6327,"drivers/infiniband/ulp/srpt/ib_srpt.c in the Linux kernel before 4.5.1 allows local users to cause a denial of service (NULL pointer dereference and system crash) by using an ABORT_TASK command to abort a device write operation.",Already fixed
20160820,CVE-2016-6836,,6,994760,xen,https://www.suse.com/security/cve/CVE-2016-6836,"The vmxnet3_complete_packet function in hw/net/vmxnet3.c in QEMU (aka Quick Emulator) allows local guest OS administrators to obtain sensitive host memory information by leveraging failure to initialize the txcq_descr object.",Released
20160821,CVE-2016-6833,,4.4,994774,xen,https://www.suse.com/security/cve/CVE-2016-6833,"Use-after-free vulnerability in the vmxnet3_io_bar0_write function in hw/net/vmxnet3.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (QEMU instance crash) by leveraging failure to check if the device is active.",Released
20160821,CVE-2016-6888,,4.4,994771,xen,https://www.suse.com/security/cve/CVE-2016-6888,"Integer overflow in the net_tx_pkt_init function in hw/net/net_tx_pkt.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (QEMU process crash) via the maximum fragmentation count, which triggers an unchecked multiplication and NULL pointer dereference.",Released
20160822,CVE-2016-2179,,7.5,1004104,openssl,https://www.suse.com/security/cve/CVE-2016-2179,"The DTLS implementation in OpenSSL before 1.1.0 does not properly restrict the lifetime of queue entries associated with unused out-of-order messages, which allows remote attackers to cause a denial of service (memory consumption) by maintaining many crafted DTLS sessions simultaneously, related to d1_lib.c, statem_dtls.c, statem_lib.c, and statem_srvr.c.",Released
20160824,CVE-2016-2183,,7.5,1001912,firefox-atk,https://www.suse.com/security/cve/CVE-2016-2183,"The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a \"Sweet32\" attack.",Released
20160824,CVE-2016-2183,,7.5,1001912,firefox-cairo,https://www.suse.com/security/cve/CVE-2016-2183,"The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a \"Sweet32\" attack.",Released
20160824,CVE-2016-2183,,7.5,1001912,firefox-gcc8,https://www.suse.com/security/cve/CVE-2016-2183,"The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a \"Sweet32\" attack.",Released
20160824,CVE-2016-2183,,7.5,1001912,firefox-gdk-pixbuf,https://www.suse.com/security/cve/CVE-2016-2183,"The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a \"Sweet32\" attack.",Released
20160824,CVE-2016-2183,,7.5,1001912,firefox-glib2,https://www.suse.com/security/cve/CVE-2016-2183,"The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a \"Sweet32\" attack.",Released
20160824,CVE-2016-2183,,7.5,1001912,firefox-gtk3,https://www.suse.com/security/cve/CVE-2016-2183,"The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a \"Sweet32\" attack.",Released
20160824,CVE-2016-2183,,7.5,1001912,firefox-harfbuzz,https://www.suse.com/security/cve/CVE-2016-2183,"The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a \"Sweet32\" attack.",Released
20160824,CVE-2016-2183,,7.5,1001912,firefox-libffi-gcc5,https://www.suse.com/security/cve/CVE-2016-2183,"The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a \"Sweet32\" attack.",Released
20160824,CVE-2016-2183,,7.5,1001912,firefox-libffi,https://www.suse.com/security/cve/CVE-2016-2183,"The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a \"Sweet32\" attack.",Released
20160824,CVE-2016-2183,,7.5,1001912,firefox-pango,https://www.suse.com/security/cve/CVE-2016-2183,"The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a \"Sweet32\" attack.",Released
20160824,CVE-2016-2183,,7.5,1001912,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2016-2183,"The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a \"Sweet32\" attack.",Released
20160824,CVE-2016-2183,,7.5,1001912,openssl,https://www.suse.com/security/cve/CVE-2016-2183,"The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a \"Sweet32\" attack.",Released
20160824,CVE-2016-6302,,7.5,1004104,openssl,https://www.suse.com/security/cve/CVE-2016-6302,"The tls_decrypt_ticket function in ssl/t1_lib.c in OpenSSL before 1.1.0 does not consider the HMAC size during validation of the ticket length, which allows remote attackers to cause a denial of service via a ticket that is too short.",Released
20160824,CVE-2016-6329,,5.9,1026864,openvpn,https://www.suse.com/security/cve/CVE-2016-6329,"OpenVPN, when using a 64-bit block cipher, makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTP-over-OpenVPN session using Blowfish in CBC mode, aka a \"Sweet32\" attack.",Released
20160824,CVE-2016-6893,,8.8,995352,mailman,https://www.suse.com/security/cve/CVE-2016-6893,"Cross-site request forgery (CSRF) vulnerability in the user options page in GNU Mailman 2.1.x before 2.1.23 allows remote attackers to hijack the authentication of arbitrary users for requests that modify an option, as demonstrated by gaining access to the credentials of a victim's account.",Released
20160825,CVE-2016-4473,,9.8,995512,php53,https://www.suse.com/security/cve/CVE-2016-4473,"/ext/phar/phar_object.c in PHP 7.0.7 and 5.6.x allows remote attackers to execute arbitrary code.  NOTE: Introduced as part of an incomplete fix to CVE-2015-6833.",Unsupported
20160826,CVE-2015-8952,3.3,,995759,kernel-source,https://www.suse.com/security/cve/CVE-2015-8952,"The mbcache feature in the ext2 and ext4 filesystem implementations in the Linux kernel before 4.6 mishandles xattr block caching, which allows local users to cause a denial of service (soft lockup) via filesystem operations in environments that use many attributes, as demonstrated by Ceph and Samba.",Ignore
20160826,CVE-2016-7092,8.5,8.2,995785,xen,https://www.suse.com/security/cve/CVE-2016-7092,"The get_page_from_l3e function in arch/x86/mm.c in Xen allows local 32-bit PV guest OS administrators to gain host OS privileges via vectors related to L3 recursive pagetables.",Released
20160826,CVE-2016-7093,,8.2,995789,xen,https://www.suse.com/security/cve/CVE-2016-7093,"Xen 4.5.3, 4.6.3, and 4.7.x allow local HVM guest OS administrators to overwrite hypervisor memory and consequently gain host OS privileges by leveraging mishandling of instruction pointer truncation during emulation.",Released
20160826,CVE-2016-7094,,4.1,995792,xen,https://www.suse.com/security/cve/CVE-2016-7094,"Buffer overflow in Xen 4.7.x and earlier allows local x86 HVM guest OS administrators on guests running with shadow paging to cause a denial of service via a pagetable update.",Released
20160829,CVE-2016-2182,,9.8,1004104,openssl,https://www.suse.com/security/cve/CVE-2016-2182,"The BN_bn2dec function in crypto/bn/bn_print.c in OpenSSL before 1.1.0 does not properly validate division results, which allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact via unknown vectors.",Released
20160829,CVE-2016-7097,,4.4,1021258,kernel-source,https://www.suse.com/security/cve/CVE-2016-7097,"The filesystem implementation in the Linux kernel through 4.8.2 preserves the setgid bit during a setxattr call, which allows local users to gain group privileges by leveraging the existence of a setgid program with restrictions on execute permissions.",Released
20160829,CVE-2016-7098,,8.1,995964,wget,https://www.suse.com/security/cve/CVE-2016-7098,"Race condition in wget 1.17 and earlier, when used in recursive or mirroring mode to download a single file, might allow remote servers to bypass intended access list restrictions by keeping an HTTP connection open.",Released
20160831,CVE-2016-7116,,6,996441,kvm,https://www.suse.com/security/cve/CVE-2016-7116,"Directory traversal vulnerability in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS administrators to access host files outside the export path via a .. (dot dot) in an unspecified string.",Released
20160831,CVE-2016-7118,,5.5,996563,kernel-source,https://www.suse.com/security/cve/CVE-2016-7118,"fs/fcntl.c in the \"aufs 3.2.x+setfl-debian\" patch in the linux-image package 3.2.0-4 (kernel 3.2.81-1) in Debian wheezy mishandles F_SETFL fcntl calls on directories, which allows local users to cause a denial of service (NULL pointer dereference and system crash) via standard filesystem operations, as demonstrated by scp from an AUFS filesystem.",Analysis
20160902,CVE-2016-7031,,7.5,997025,ceph,https://www.suse.com/security/cve/CVE-2016-7031,"The RGW code in Ceph before 10.0.1, when authenticated-read ACL is applied to a bucket, allows remote attackers to list the bucket contents via a URL.",Ignore
20160905,CVE-2016-7123,8.8,8.8,997205,mailman,https://www.suse.com/security/cve/CVE-2016-7123,"Cross-site request forgery (CSRF) vulnerability in the admin web interface in GNU Mailman before 2.1.15 allows remote attackers to hijack the authentication of administrators.",Ignore
20160905,CVE-2016-7124,,9.8,997206,php53,https://www.suse.com/security/cve/CVE-2016-7124,"ext/standard/var_unserializer.c in PHP before 5.6.25 and 7.x before 7.0.10 mishandles certain invalid objects, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data that leads to a (1) __destruct call or (2) magic method call.",Released
20160905,CVE-2016-7125,7.5,7.5,997207,php53,https://www.suse.com/security/cve/CVE-2016-7125,"ext/session/session.c in PHP before 5.6.25 and 7.x before 7.0.10 skips invalid session names in a way that triggers incorrect parsing, which allows remote attackers to inject arbitrary-type session data by leveraging control of a session name, as demonstrated by object injection.",Released
20160905,CVE-2016-7126,,9.8,997208,php53,https://www.suse.com/security/cve/CVE-2016-7126,"The imagetruecolortopalette function in ext/gd/gd.c in PHP before 5.6.25 and 7.x before 7.0.10 does not properly validate the number of colors, which allows remote attackers to cause a denial of service (select_colors allocation error and out-of-bounds write) or possibly have unspecified other impact via a large value in the third argument.",Released
20160905,CVE-2016-7127,,9.8,997210,php53,https://www.suse.com/security/cve/CVE-2016-7127,"The imagegammacorrect function in ext/gd/gd.c in PHP before 5.6.25 and 7.x before 7.0.10 does not properly validate gamma values, which allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact by providing different signs for the second and third arguments.",Released
20160905,CVE-2016-7128,,5.3,997211,php53,https://www.suse.com/security/cve/CVE-2016-7128,"The exif_process_IFD_in_TIFF function in ext/exif/exif.c in PHP before 5.6.25 and 7.x before 7.0.10 mishandles the case of a thumbnail offset that exceeds the file size, which allows remote attackers to obtain sensitive information from process memory via a crafted TIFF image.",Released
20160905,CVE-2016-7129,,9.8,997220,php53,https://www.suse.com/security/cve/CVE-2016-7129,"The php_wddx_process_data function in ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via an invalid ISO 8601 time value, as demonstrated by a wddx_deserialize call that mishandles a dateTime element in a wddxPacket XML document.",Released
20160905,CVE-2016-7130,,7.5,997257,php53,https://www.suse.com/security/cve/CVE-2016-7130,"The php_wddx_pop_element function in ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly have unspecified other impact via an invalid base64 binary value, as demonstrated by a wddx_deserialize call that mishandles a binary element in a wddxPacket XML document.",Released
20160905,CVE-2016-7131,,7.5,997225,php53,https://www.suse.com/security/cve/CVE-2016-7131,"ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly have unspecified other impact via a malformed wddxPacket XML document that is mishandled in a wddx_deserialize call, as demonstrated by a tag that lacks a < (less than) character.",Released
20160905,CVE-2016-7132,,7.5,997230,php53,https://www.suse.com/security/cve/CVE-2016-7132,"ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly have unspecified other impact via an invalid wddxPacket XML document that is mishandled in a wddx_deserialize call, as demonstrated by a stray element inside a boolean element, leading to incorrect pop processing.",Released
20160906,CVE-2016-7141,,7.5,991390,curl,https://www.suse.com/security/cve/CVE-2016-7141,"curl and libcurl before 7.50.2, when built with NSS and the libnsspem.so library is available at runtime, allow remote attackers to hijack the authentication of a TLS connection by leveraging reuse of a previously loaded client certificate from file for a connection for which no certificate has been set, a different vulnerability than CVE-2016-5420.",Released
20160907,CVE-2016-7154,,6.7,997731,xen,https://www.suse.com/security/cve/CVE-2016-7154,"Use-after-free vulnerability in the FIFO event channel code in Xen 4.4.x allows local guest OS administrators to cause a denial of service (host crash) and possibly execute arbitrary code or obtain sensitive information via an invalid guest frame number.",Released
20160912,CVE-2016-7175,,5.9,998099,wireshark,https://www.suse.com/security/cve/CVE-2016-7175,"epan/dissectors/packet-qnet6.c in the QNX6 QNET dissector in Wireshark 2.x before 2.0.6 mishandles MAC address data, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet.",Released
20160912,CVE-2016-7176,,5.9,998099,wireshark,https://www.suse.com/security/cve/CVE-2016-7176,"epan/dissectors/packet-h225.c in the H.225 dissector in Wireshark 2.x before 2.0.6 calls snprintf with one of its input buffers as the output buffer, which allows remote attackers to cause a denial of service (copy overlap and application crash) via a crafted packet.",Released
20160912,CVE-2016-7177,,5.9,998099,wireshark,https://www.suse.com/security/cve/CVE-2016-7177,"epan/dissectors/packet-catapult-dct2000.c in the Catapult DCT2000 dissector in Wireshark 2.x before 2.0.6 does not restrict the number of channels, which allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted packet.",Released
20160912,CVE-2016-7178,,5.9,998099,wireshark,https://www.suse.com/security/cve/CVE-2016-7178,"epan/dissectors/packet-umts_fp.c in the UMTS FP dissector in Wireshark 2.x before 2.0.6 does not ensure that memory is allocated for certain data structures, which allows remote attackers to cause a denial of service (invalid write access and application crash) via a crafted packet.",Released
20160912,CVE-2016-7179,,5.9,998099,wireshark,https://www.suse.com/security/cve/CVE-2016-7179,"Stack-based buffer overflow in epan/dissectors/packet-catapult-dct2000.c in the Catapult DCT2000 dissector in Wireshark 2.x before 2.0.6 allows remote attackers to cause a denial of service (application crash) via a crafted packet.",Released
20160912,CVE-2016-7180,,5.9,998099,wireshark,https://www.suse.com/security/cve/CVE-2016-7180,"epan/dissectors/packet-ipmi-trace.c in the IPMI trace dissector in Wireshark 2.x before 2.0.6 does not properly consider whether a string is constant, which allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted packet.",Released
20160913,CVE-2016-7170,,4.4,998516,kvm,https://www.suse.com/security/cve/CVE-2016-7170,"The vmsvga_fifo_run function in hw/display/vmware_vga.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) via vectors related to cursor.mask[] and cursor.image[] array sizes when processing a DEFINE_CURSOR svga command.",Released
20160914,CVE-2016-5170,,8.8,998743,firefox-atk,https://www.suse.com/security/cve/CVE-2016-5170,"WebKit/Source/bindings/modules/v8/V8BindingForModules.cpp in Blink, as used in Google Chrome before 53.0.2785.113, does not properly consider getter side effects during array key conversion, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted Indexed Database (aka IndexedDB) API calls.",Released
20160914,CVE-2016-5170,,8.8,998743,firefox-cairo,https://www.suse.com/security/cve/CVE-2016-5170,"WebKit/Source/bindings/modules/v8/V8BindingForModules.cpp in Blink, as used in Google Chrome before 53.0.2785.113, does not properly consider getter side effects during array key conversion, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted Indexed Database (aka IndexedDB) API calls.",Released
20160914,CVE-2016-5170,,8.8,998743,firefox-gcc8,https://www.suse.com/security/cve/CVE-2016-5170,"WebKit/Source/bindings/modules/v8/V8BindingForModules.cpp in Blink, as used in Google Chrome before 53.0.2785.113, does not properly consider getter side effects during array key conversion, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted Indexed Database (aka IndexedDB) API calls.",Released
20160914,CVE-2016-5170,,8.8,998743,firefox-gdk-pixbuf,https://www.suse.com/security/cve/CVE-2016-5170,"WebKit/Source/bindings/modules/v8/V8BindingForModules.cpp in Blink, as used in Google Chrome before 53.0.2785.113, does not properly consider getter side effects during array key conversion, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted Indexed Database (aka IndexedDB) API calls.",Released
20160914,CVE-2016-5170,,8.8,998743,firefox-glib2,https://www.suse.com/security/cve/CVE-2016-5170,"WebKit/Source/bindings/modules/v8/V8BindingForModules.cpp in Blink, as used in Google Chrome before 53.0.2785.113, does not properly consider getter side effects during array key conversion, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted Indexed Database (aka IndexedDB) API calls.",Released
20160914,CVE-2016-5170,,8.8,998743,firefox-gtk3,https://www.suse.com/security/cve/CVE-2016-5170,"WebKit/Source/bindings/modules/v8/V8BindingForModules.cpp in Blink, as used in Google Chrome before 53.0.2785.113, does not properly consider getter side effects during array key conversion, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted Indexed Database (aka IndexedDB) API calls.",Released
20160914,CVE-2016-5170,,8.8,998743,firefox-harfbuzz,https://www.suse.com/security/cve/CVE-2016-5170,"WebKit/Source/bindings/modules/v8/V8BindingForModules.cpp in Blink, as used in Google Chrome before 53.0.2785.113, does not properly consider getter side effects during array key conversion, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted Indexed Database (aka IndexedDB) API calls.",Released
20160914,CVE-2016-5170,,8.8,998743,firefox-libffi-gcc5,https://www.suse.com/security/cve/CVE-2016-5170,"WebKit/Source/bindings/modules/v8/V8BindingForModules.cpp in Blink, as used in Google Chrome before 53.0.2785.113, does not properly consider getter side effects during array key conversion, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted Indexed Database (aka IndexedDB) API calls.",Released
20160914,CVE-2016-5170,,8.8,998743,firefox-libffi,https://www.suse.com/security/cve/CVE-2016-5170,"WebKit/Source/bindings/modules/v8/V8BindingForModules.cpp in Blink, as used in Google Chrome before 53.0.2785.113, does not properly consider getter side effects during array key conversion, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted Indexed Database (aka IndexedDB) API calls.",Released
20160914,CVE-2016-5170,,8.8,998743,firefox-pango,https://www.suse.com/security/cve/CVE-2016-5170,"WebKit/Source/bindings/modules/v8/V8BindingForModules.cpp in Blink, as used in Google Chrome before 53.0.2785.113, does not properly consider getter side effects during array key conversion, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted Indexed Database (aka IndexedDB) API calls.",Released
20160914,CVE-2016-5171,,8.8,998743,firefox-atk,https://www.suse.com/security/cve/CVE-2016-5171,"WebKit/Source/bindings/templates/interface.cpp in Blink, as used in Google Chrome before 53.0.2785.113, does not prevent certain constructor calls, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted JavaScript code.",Released
20160914,CVE-2016-5171,,8.8,998743,firefox-cairo,https://www.suse.com/security/cve/CVE-2016-5171,"WebKit/Source/bindings/templates/interface.cpp in Blink, as used in Google Chrome before 53.0.2785.113, does not prevent certain constructor calls, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted JavaScript code.",Released
20160914,CVE-2016-5171,,8.8,998743,firefox-gcc8,https://www.suse.com/security/cve/CVE-2016-5171,"WebKit/Source/bindings/templates/interface.cpp in Blink, as used in Google Chrome before 53.0.2785.113, does not prevent certain constructor calls, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted JavaScript code.",Released
20160914,CVE-2016-5171,,8.8,998743,firefox-gdk-pixbuf,https://www.suse.com/security/cve/CVE-2016-5171,"WebKit/Source/bindings/templates/interface.cpp in Blink, as used in Google Chrome before 53.0.2785.113, does not prevent certain constructor calls, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted JavaScript code.",Released
20160914,CVE-2016-5171,,8.8,998743,firefox-glib2,https://www.suse.com/security/cve/CVE-2016-5171,"WebKit/Source/bindings/templates/interface.cpp in Blink, as used in Google Chrome before 53.0.2785.113, does not prevent certain constructor calls, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted JavaScript code.",Released
20160914,CVE-2016-5171,,8.8,998743,firefox-gtk3,https://www.suse.com/security/cve/CVE-2016-5171,"WebKit/Source/bindings/templates/interface.cpp in Blink, as used in Google Chrome before 53.0.2785.113, does not prevent certain constructor calls, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted JavaScript code.",Released
20160914,CVE-2016-5171,,8.8,998743,firefox-harfbuzz,https://www.suse.com/security/cve/CVE-2016-5171,"WebKit/Source/bindings/templates/interface.cpp in Blink, as used in Google Chrome before 53.0.2785.113, does not prevent certain constructor calls, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted JavaScript code.",Released
20160914,CVE-2016-5171,,8.8,998743,firefox-libffi-gcc5,https://www.suse.com/security/cve/CVE-2016-5171,"WebKit/Source/bindings/templates/interface.cpp in Blink, as used in Google Chrome before 53.0.2785.113, does not prevent certain constructor calls, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted JavaScript code.",Released
20160914,CVE-2016-5171,,8.8,998743,firefox-libffi,https://www.suse.com/security/cve/CVE-2016-5171,"WebKit/Source/bindings/templates/interface.cpp in Blink, as used in Google Chrome before 53.0.2785.113, does not prevent certain constructor calls, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted JavaScript code.",Released
20160914,CVE-2016-5171,,8.8,998743,firefox-pango,https://www.suse.com/security/cve/CVE-2016-5171,"WebKit/Source/bindings/templates/interface.cpp in Blink, as used in Google Chrome before 53.0.2785.113, does not prevent certain constructor calls, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted JavaScript code.",Released
20160914,CVE-2016-5172,,6.5,998743,firefox-atk,https://www.suse.com/security/cve/CVE-2016-5172,"The parser in Google V8, as used in Google Chrome before 53.0.2785.113, mishandles scopes, which allows remote attackers to obtain sensitive information from arbitrary memory locations via crafted JavaScript code.",Released
20160914,CVE-2016-5172,,6.5,998743,firefox-cairo,https://www.suse.com/security/cve/CVE-2016-5172,"The parser in Google V8, as used in Google Chrome before 53.0.2785.113, mishandles scopes, which allows remote attackers to obtain sensitive information from arbitrary memory locations via crafted JavaScript code.",Released
20160914,CVE-2016-5172,,6.5,998743,firefox-gcc8,https://www.suse.com/security/cve/CVE-2016-5172,"The parser in Google V8, as used in Google Chrome before 53.0.2785.113, mishandles scopes, which allows remote attackers to obtain sensitive information from arbitrary memory locations via crafted JavaScript code.",Released
20160914,CVE-2016-5172,,6.5,998743,firefox-gdk-pixbuf,https://www.suse.com/security/cve/CVE-2016-5172,"The parser in Google V8, as used in Google Chrome before 53.0.2785.113, mishandles scopes, which allows remote attackers to obtain sensitive information from arbitrary memory locations via crafted JavaScript code.",Released
20160914,CVE-2016-5172,,6.5,998743,firefox-glib2,https://www.suse.com/security/cve/CVE-2016-5172,"The parser in Google V8, as used in Google Chrome before 53.0.2785.113, mishandles scopes, which allows remote attackers to obtain sensitive information from arbitrary memory locations via crafted JavaScript code.",Released
20160914,CVE-2016-5172,,6.5,998743,firefox-gtk3,https://www.suse.com/security/cve/CVE-2016-5172,"The parser in Google V8, as used in Google Chrome before 53.0.2785.113, mishandles scopes, which allows remote attackers to obtain sensitive information from arbitrary memory locations via crafted JavaScript code.",Released
20160914,CVE-2016-5172,,6.5,998743,firefox-harfbuzz,https://www.suse.com/security/cve/CVE-2016-5172,"The parser in Google V8, as used in Google Chrome before 53.0.2785.113, mishandles scopes, which allows remote attackers to obtain sensitive information from arbitrary memory locations via crafted JavaScript code.",Released
20160914,CVE-2016-5172,,6.5,998743,firefox-libffi-gcc5,https://www.suse.com/security/cve/CVE-2016-5172,"The parser in Google V8, as used in Google Chrome before 53.0.2785.113, mishandles scopes, which allows remote attackers to obtain sensitive information from arbitrary memory locations via crafted JavaScript code.",Released
20160914,CVE-2016-5172,,6.5,998743,firefox-libffi,https://www.suse.com/security/cve/CVE-2016-5172,"The parser in Google V8, as used in Google Chrome before 53.0.2785.113, mishandles scopes, which allows remote attackers to obtain sensitive information from arbitrary memory locations via crafted JavaScript code.",Released
20160914,CVE-2016-5172,,6.5,998743,firefox-pango,https://www.suse.com/security/cve/CVE-2016-5172,"The parser in Google V8, as used in Google Chrome before 53.0.2785.113, mishandles scopes, which allows remote attackers to obtain sensitive information from arbitrary memory locations via crafted JavaScript code.",Released
20160914,CVE-2016-5173,,7.1,998743,firefox-atk,https://www.suse.com/security/cve/CVE-2016-5173,"The extensions subsystem in Google Chrome before 53.0.2785.113 does not properly restrict access to Object.prototype, which allows remote attackers to load unintended resources, and consequently trigger unintended JavaScript function calls and bypass the Same Origin Policy via an indirect interception attack.",Released
20160914,CVE-2016-5173,,7.1,998743,firefox-cairo,https://www.suse.com/security/cve/CVE-2016-5173,"The extensions subsystem in Google Chrome before 53.0.2785.113 does not properly restrict access to Object.prototype, which allows remote attackers to load unintended resources, and consequently trigger unintended JavaScript function calls and bypass the Same Origin Policy via an indirect interception attack.",Released
20160914,CVE-2016-5173,,7.1,998743,firefox-gcc8,https://www.suse.com/security/cve/CVE-2016-5173,"The extensions subsystem in Google Chrome before 53.0.2785.113 does not properly restrict access to Object.prototype, which allows remote attackers to load unintended resources, and consequently trigger unintended JavaScript function calls and bypass the Same Origin Policy via an indirect interception attack.",Released
20160914,CVE-2016-5173,,7.1,998743,firefox-gdk-pixbuf,https://www.suse.com/security/cve/CVE-2016-5173,"The extensions subsystem in Google Chrome before 53.0.2785.113 does not properly restrict access to Object.prototype, which allows remote attackers to load unintended resources, and consequently trigger unintended JavaScript function calls and bypass the Same Origin Policy via an indirect interception attack.",Released
20160914,CVE-2016-5173,,7.1,998743,firefox-glib2,https://www.suse.com/security/cve/CVE-2016-5173,"The extensions subsystem in Google Chrome before 53.0.2785.113 does not properly restrict access to Object.prototype, which allows remote attackers to load unintended resources, and consequently trigger unintended JavaScript function calls and bypass the Same Origin Policy via an indirect interception attack.",Released
20160914,CVE-2016-5173,,7.1,998743,firefox-gtk3,https://www.suse.com/security/cve/CVE-2016-5173,"The extensions subsystem in Google Chrome before 53.0.2785.113 does not properly restrict access to Object.prototype, which allows remote attackers to load unintended resources, and consequently trigger unintended JavaScript function calls and bypass the Same Origin Policy via an indirect interception attack.",Released
20160914,CVE-2016-5173,,7.1,998743,firefox-harfbuzz,https://www.suse.com/security/cve/CVE-2016-5173,"The extensions subsystem in Google Chrome before 53.0.2785.113 does not properly restrict access to Object.prototype, which allows remote attackers to load unintended resources, and consequently trigger unintended JavaScript function calls and bypass the Same Origin Policy via an indirect interception attack.",Released
20160914,CVE-2016-5173,,7.1,998743,firefox-libffi-gcc5,https://www.suse.com/security/cve/CVE-2016-5173,"The extensions subsystem in Google Chrome before 53.0.2785.113 does not properly restrict access to Object.prototype, which allows remote attackers to load unintended resources, and consequently trigger unintended JavaScript function calls and bypass the Same Origin Policy via an indirect interception attack.",Released
20160914,CVE-2016-5173,,7.1,998743,firefox-libffi,https://www.suse.com/security/cve/CVE-2016-5173,"The extensions subsystem in Google Chrome before 53.0.2785.113 does not properly restrict access to Object.prototype, which allows remote attackers to load unintended resources, and consequently trigger unintended JavaScript function calls and bypass the Same Origin Policy via an indirect interception attack.",Released
20160914,CVE-2016-5173,,7.1,998743,firefox-pango,https://www.suse.com/security/cve/CVE-2016-5173,"The extensions subsystem in Google Chrome before 53.0.2785.113 does not properly restrict access to Object.prototype, which allows remote attackers to load unintended resources, and consequently trigger unintended JavaScript function calls and bypass the Same Origin Policy via an indirect interception attack.",Released
20160914,CVE-2016-5174,,6.5,998743,firefox-atk,https://www.suse.com/security/cve/CVE-2016-5174,"browser/ui/cocoa/browser_window_controller_private.mm in Google Chrome before 53.0.2785.113 does not process fullscreen toggle requests during a fullscreen transition, which allows remote attackers to cause a denial of service (unsuppressed popup) via a crafted web site.",Released
20160914,CVE-2016-5174,,6.5,998743,firefox-cairo,https://www.suse.com/security/cve/CVE-2016-5174,"browser/ui/cocoa/browser_window_controller_private.mm in Google Chrome before 53.0.2785.113 does not process fullscreen toggle requests during a fullscreen transition, which allows remote attackers to cause a denial of service (unsuppressed popup) via a crafted web site.",Released
20160914,CVE-2016-5174,,6.5,998743,firefox-gcc8,https://www.suse.com/security/cve/CVE-2016-5174,"browser/ui/cocoa/browser_window_controller_private.mm in Google Chrome before 53.0.2785.113 does not process fullscreen toggle requests during a fullscreen transition, which allows remote attackers to cause a denial of service (unsuppressed popup) via a crafted web site.",Released
20160914,CVE-2016-5174,,6.5,998743,firefox-gdk-pixbuf,https://www.suse.com/security/cve/CVE-2016-5174,"browser/ui/cocoa/browser_window_controller_private.mm in Google Chrome before 53.0.2785.113 does not process fullscreen toggle requests during a fullscreen transition, which allows remote attackers to cause a denial of service (unsuppressed popup) via a crafted web site.",Released
20160914,CVE-2016-5174,,6.5,998743,firefox-glib2,https://www.suse.com/security/cve/CVE-2016-5174,"browser/ui/cocoa/browser_window_controller_private.mm in Google Chrome before 53.0.2785.113 does not process fullscreen toggle requests during a fullscreen transition, which allows remote attackers to cause a denial of service (unsuppressed popup) via a crafted web site.",Released
20160914,CVE-2016-5174,,6.5,998743,firefox-gtk3,https://www.suse.com/security/cve/CVE-2016-5174,"browser/ui/cocoa/browser_window_controller_private.mm in Google Chrome before 53.0.2785.113 does not process fullscreen toggle requests during a fullscreen transition, which allows remote attackers to cause a denial of service (unsuppressed popup) via a crafted web site.",Released
20160914,CVE-2016-5174,,6.5,998743,firefox-harfbuzz,https://www.suse.com/security/cve/CVE-2016-5174,"browser/ui/cocoa/browser_window_controller_private.mm in Google Chrome before 53.0.2785.113 does not process fullscreen toggle requests during a fullscreen transition, which allows remote attackers to cause a denial of service (unsuppressed popup) via a crafted web site.",Released
20160914,CVE-2016-5174,,6.5,998743,firefox-libffi-gcc5,https://www.suse.com/security/cve/CVE-2016-5174,"browser/ui/cocoa/browser_window_controller_private.mm in Google Chrome before 53.0.2785.113 does not process fullscreen toggle requests during a fullscreen transition, which allows remote attackers to cause a denial of service (unsuppressed popup) via a crafted web site.",Released
20160914,CVE-2016-5174,,6.5,998743,firefox-libffi,https://www.suse.com/security/cve/CVE-2016-5174,"browser/ui/cocoa/browser_window_controller_private.mm in Google Chrome before 53.0.2785.113 does not process fullscreen toggle requests during a fullscreen transition, which allows remote attackers to cause a denial of service (unsuppressed popup) via a crafted web site.",Released
20160914,CVE-2016-5174,,6.5,998743,firefox-pango,https://www.suse.com/security/cve/CVE-2016-5174,"browser/ui/cocoa/browser_window_controller_private.mm in Google Chrome before 53.0.2785.113 does not process fullscreen toggle requests during a fullscreen transition, which allows remote attackers to cause a denial of service (unsuppressed popup) via a crafted web site.",Released
20160914,CVE-2016-5175,,8.8,998743,firefox-atk,https://www.suse.com/security/cve/CVE-2016-5175,"Multiple unspecified vulnerabilities in Google Chrome before 53.0.2785.113 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.",Released
20160914,CVE-2016-5175,,8.8,998743,firefox-cairo,https://www.suse.com/security/cve/CVE-2016-5175,"Multiple unspecified vulnerabilities in Google Chrome before 53.0.2785.113 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.",Released
20160914,CVE-2016-5175,,8.8,998743,firefox-gcc8,https://www.suse.com/security/cve/CVE-2016-5175,"Multiple unspecified vulnerabilities in Google Chrome before 53.0.2785.113 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.",Released
20160914,CVE-2016-5175,,8.8,998743,firefox-gdk-pixbuf,https://www.suse.com/security/cve/CVE-2016-5175,"Multiple unspecified vulnerabilities in Google Chrome before 53.0.2785.113 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.",Released
20160914,CVE-2016-5175,,8.8,998743,firefox-glib2,https://www.suse.com/security/cve/CVE-2016-5175,"Multiple unspecified vulnerabilities in Google Chrome before 53.0.2785.113 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.",Released
20160914,CVE-2016-5175,,8.8,998743,firefox-gtk3,https://www.suse.com/security/cve/CVE-2016-5175,"Multiple unspecified vulnerabilities in Google Chrome before 53.0.2785.113 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.",Released
20160914,CVE-2016-5175,,8.8,998743,firefox-harfbuzz,https://www.suse.com/security/cve/CVE-2016-5175,"Multiple unspecified vulnerabilities in Google Chrome before 53.0.2785.113 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.",Released
20160914,CVE-2016-5175,,8.8,998743,firefox-libffi-gcc5,https://www.suse.com/security/cve/CVE-2016-5175,"Multiple unspecified vulnerabilities in Google Chrome before 53.0.2785.113 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.",Released
20160914,CVE-2016-5175,,8.8,998743,firefox-libffi,https://www.suse.com/security/cve/CVE-2016-5175,"Multiple unspecified vulnerabilities in Google Chrome before 53.0.2785.113 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.",Released
20160914,CVE-2016-5175,,8.8,998743,firefox-pango,https://www.suse.com/security/cve/CVE-2016-5175,"Multiple unspecified vulnerabilities in Google Chrome before 53.0.2785.113 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.",Released
20160914,CVE-2016-7167,,9.8,998760,curl,https://www.suse.com/security/cve/CVE-2016-7167,"Multiple integer overflows in the (1) curl_escape, (2) curl_easy_escape, (3) curl_unescape, and (4) curl_easy_unescape functions in libcurl before 7.50.3 allow attackers to have unspecified impact via a string of length 0xffffffff, which triggers a heap-based buffer overflow.",Released
20160919,CVE-2016-2178,,5.5,1004104,openssl,https://www.suse.com/security/cve/CVE-2016-2178,"The dsa_sign_setup function in crypto/dsa/dsa_ossl.c in OpenSSL through 1.0.2h does not properly ensure the use of constant-time operations, which makes it easier for local users to discover a DSA private key via a timing side-channel attack.",Released
20160919,CVE-2016-6303,,9.8,1004104,openssl,https://www.suse.com/security/cve/CVE-2016-6303,"Integer overflow in the MDC2_Update function in crypto/mdc2/mdc2dgst.c in OpenSSL before 1.1.0 allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact via unknown vectors.",Released
20160919,CVE-2016-6304,,7.5,1001706,openssl,https://www.suse.com/security/cve/CVE-2016-6304,"Multiple memory leaks in t1_lib.c in OpenSSL before 1.0.1u, 1.0.2 before 1.0.2i, and 1.1.0 before 1.1.0a allow remote attackers to cause a denial of service (memory consumption) via large OCSP Status Request extensions.",Released
20160919,CVE-2016-6306,,5.9,1004104,openssl,https://www.suse.com/security/cve/CVE-2016-6306,"The certificate parser in OpenSSL before 1.0.1u and 1.0.2 before 1.0.2i might allow remote attackers to cause a denial of service (out-of-bounds read) via crafted certificate operations, related to s3_clnt.c and s3_srvr.c.",Released
20160919,CVE-2016-7411,,9.8,999682,php53,https://www.suse.com/security/cve/CVE-2016-7411,"ext/standard/var_unserializer.re in PHP before 5.6.26 mishandles object-deserialization failures, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via an unserialize call that references a partially constructed object.",Released
20160919,CVE-2016-7412,,8.1,999680,php53,https://www.suse.com/security/cve/CVE-2016-7412,"ext/mysqlnd/mysqlnd_wireprotocol.c in PHP before 5.6.26 and 7.x before 7.0.11 does not verify that a BIT field has the UNSIGNED_FLAG flag, which allows remote MySQL servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted field metadata.",Released
20160919,CVE-2016-7413,,9.8,999679,php53,https://www.suse.com/security/cve/CVE-2016-7413,"Use-after-free vulnerability in the wddx_stack_destroy function in ext/wddx/wddx.c in PHP before 5.6.26 and 7.x before 7.0.11 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a wddxPacket XML document that lacks an end-tag for a recordset field element, leading to mishandling in a wddx_deserialize call.",Released
20160919,CVE-2016-7416,,7.5,999685,php53,https://www.suse.com/security/cve/CVE-2016-7416,"ext/intl/msgformat/msgformat_format.c in PHP before 5.6.26 and 7.x before 7.0.11 does not properly restrict the locale length provided to the Locale class in the ICU library, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a MessageFormatter::formatMessage call with a long first argument.",Released
20160919,CVE-2016-7417,,9.8,999684,php53,https://www.suse.com/security/cve/CVE-2016-7417,"ext/spl/spl_array.c in PHP before 5.6.26 and 7.x before 7.0.11 proceeds with SplArray unserialization without validating a return value and data type, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data.",Released
20160919,CVE-2016-7444,,7.5,999646,gnutls,https://www.suse.com/security/cve/CVE-2016-7444,"The gnutls_ocsp_resp_check_crt function in lib/x509/ocsp.c in GnuTLS before 3.4.15 and 3.5.x before 3.5.4 does not verify the serial length of an OCSP response, which might allow remote attackers to bypass an intended certificate validation mechanism via vectors involving trailing bytes left by gnutls_malloc.",Ignore
20160919,CVE-2016-7446,,9.8,999673,ImageMagick,https://www.suse.com/security/cve/CVE-2016-7446,"Buffer overflow in the MVG and SVG rendering code in GraphicsMagick 1.3.24 allows remote attackers to have unspecified impact via unknown vectors. Note: This vulnerability exists due to an incomplete patch for CVE-2016-2317.",Affected
20160919,CVE-2016-7447,,9.8,999673,ImageMagick,https://www.suse.com/security/cve/CVE-2016-7447,"Heap-based buffer overflow in the EscapeParenthesis function in GraphicsMagick before 1.3.25 allows remote attackers to have unspecified impact via unknown vectors.",Affected
20160919,CVE-2016-7448,,7.5,999673,ImageMagick,https://www.suse.com/security/cve/CVE-2016-7448,"The Utah RLE reader in GraphicsMagick before 1.3.25 allows remote attackers to cause a denial of service (CPU consumption or large memory allocations) via vectors involving the header information and the file size.",Affected
20160919,CVE-2016-7449,,7.5,999673,ImageMagick,https://www.suse.com/security/cve/CVE-2016-7449,"The TIFFGetField function in coders/tiff.c in GraphicsMagick 1.3.24 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a file containing an \"unterminated\" string.",Affected
20160920,CVE-2016-7414,,9.8,999820,php53,https://www.suse.com/security/cve/CVE-2016-7414,"The ZIP signature-verification feature in PHP before 5.6.26 and 7.x before 7.0.11 does not ensure that the uncompressed_filesize field is large enough, which allows remote attackers to cause a denial of service (out-of-bounds memory access) or possibly have unspecified other impact via a crafted PHAR archive, related to ext/phar/util.c and ext/phar/zip.c.",Released
20160920,CVE-2016-7418,,7.5,999819,php53,https://www.suse.com/security/cve/CVE-2016-7418,"The php_wddx_push_element function in ext/wddx/wddx.c in PHP before 5.6.26 and 7.x before 7.0.11 allows remote attackers to cause a denial of service (invalid pointer access and out-of-bounds read) or possibly have unspecified other impact via an incorrect boolean element in a wddxPacket XML document, leading to mishandling in a wddx_deserialize call.",Released
20160920,CVE-2016-7425,,7.8,1115893,kernel-source,https://www.suse.com/security/cve/CVE-2016-7425,"The arcmsr_iop_message_xfer function in drivers/scsi/arcmsr/arcmsr_hba.c in the Linux kernel through 4.8.2 does not restrict a certain length field, which allows local users to gain privileges or cause a denial of service (heap-based buffer overflow) via an ARCMSR_MESSAGE_WRITE_WQBUFFER control code.",Released
20160922,CVE-2016-0634,,7.5,1000396,bash,https://www.suse.com/security/cve/CVE-2016-0634,"The expansion of '\h' in the prompt string in bash 4.3 allows remote authenticated users to execute arbitrary code via shell metacharacters placed in 'hostname' of a machine.",Released
20160922,CVE-2016-2776,,7.5,1000362,bind,https://www.suse.com/security/cve/CVE-2016-2776,"buffer.c in named in ISC BIND 9 before 9.9.9-P3, 9.10.x before 9.10.4-P3, and 9.11.x before 9.11.0rc3 does not properly construct responses, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted query.",Released
20160922,CVE-2016-7527,,6.5,1000436,ImageMagick,https://www.suse.com/security/cve/CVE-2016-7527,"coders/wpg.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file.",Released
20160922,CVE-2016-7528,,6.5,1000434,ImageMagick,https://www.suse.com/security/cve/CVE-2016-7528,"The ReadVIFFImage function in coders/viff.c in ImageMagick allows remote attackers to cause a denial of service (segmentation fault) via a crafted VIFF file.",Released
20160922,CVE-2016-7529,,6.5,1000399,ImageMagick,https://www.suse.com/security/cve/CVE-2016-7529,"coders/xcf.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted XCF file.",Released
20160923,CVE-2014-9907,,,1000714,ImageMagick,https://www.suse.com/security/cve/CVE-2014-9907,"coders/dds.c in ImageMagick allows remote attackers to cause a denial of service via a crafted DDS file.",Released
20160923,CVE-2015-8957,,,1000690,ImageMagick,https://www.suse.com/security/cve/CVE-2015-8957,"Buffer overflow in ImageMagick before 6.9.0-4 Beta allows remote attackers to cause a denial of service (application crash) via a crafted SUN file.",Released
20160923,CVE-2015-8958,,,1000690,ImageMagick,https://www.suse.com/security/cve/CVE-2015-8958,"coders/sun.c in ImageMagick before 6.9.0-4 Beta allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted SUN file.",Released
20160923,CVE-2015-8959,,6.5,1000713,ImageMagick,https://www.suse.com/security/cve/CVE-2015-8959,"coders/dds.c in ImageMagick before 6.9.0-4 Beta allows remote attackers to cause a denial of service (CPU consumption) via a crafted DDS file.",Released
20160923,CVE-2016-7514,,6.5,1000688,ImageMagick,https://www.suse.com/security/cve/CVE-2016-7514,"The ReadPSDChannelPixels function in coders/psd.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PSD file.",Released
20160923,CVE-2016-7515,,6.5,1000689,ImageMagick,https://www.suse.com/security/cve/CVE-2016-7515,"The ReadRLEImage function in coders/rle.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via vectors related to the number of pixels.",Released
20160923,CVE-2016-7516,,6.5,1000692,ImageMagick,https://www.suse.com/security/cve/CVE-2016-7516,"The ReadVIFFImage function in coders/viff.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted VIFF file.",Released
20160923,CVE-2016-7517,,6.5,1000693,ImageMagick,https://www.suse.com/security/cve/CVE-2016-7517,"The EncodeImage function in coders/pict.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PICT file.",Released
20160923,CVE-2016-7518,,6.5,1000694,ImageMagick,https://www.suse.com/security/cve/CVE-2016-7518,"The ReadSUNImage function in coders/sun.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted SUN file.",Released
20160923,CVE-2016-7519,,6.5,1000689,ImageMagick,https://www.suse.com/security/cve/CVE-2016-7519,"The ReadRLEImage function in coders/rle.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file.",Released
20160923,CVE-2016-7522,,6.5,1000698,ImageMagick,https://www.suse.com/security/cve/CVE-2016-7522,"The ReadPSDImage function in MagickCore/locale.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PSD file.",Released
20160923,CVE-2016-7523,,6.5,1000699,ImageMagick,https://www.suse.com/security/cve/CVE-2016-7523,"coders/meta.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file.",Released
20160923,CVE-2016-7524,,6.5,1000700,ImageMagick,https://www.suse.com/security/cve/CVE-2016-7524,"coders/meta.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file.",Released
20160923,CVE-2016-7525,,6.5,1000688,ImageMagick,https://www.suse.com/security/cve/CVE-2016-7525,"Heap-based buffer overflow in coders/psd.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PSD file.",Released
20160923,CVE-2016-7526,,6.5,1000436,ImageMagick,https://www.suse.com/security/cve/CVE-2016-7526,"coders/wpg.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted file.",Released
20160923,CVE-2016-7530,,6.5,1000399,ImageMagick,https://www.suse.com/security/cve/CVE-2016-7530,"The quantum handling code in ImageMagick allows remote attackers to cause a denial of service (divide-by-zero error or out-of-bounds write) via a crafted file.",Released
20160923,CVE-2016-7531,,6.5,1000704,ImageMagick,https://www.suse.com/security/cve/CVE-2016-7531,"MagickCore/memory.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted PDB file.",Released
20160923,CVE-2016-7533,,6.5,1000707,ImageMagick,https://www.suse.com/security/cve/CVE-2016-7533,"The ReadWPGImage function in coders/wpg.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted WPG file.",Released
20160923,CVE-2016-7535,,6.5,1000709,ImageMagick,https://www.suse.com/security/cve/CVE-2016-7535,"coders/psd.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted PSD file.",Released
20160923,CVE-2016-7537,,6.5,1000711,ImageMagick,https://www.suse.com/security/cve/CVE-2016-7537,"MagickCore/memory.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds access) via a crafted PDB file.",Released
20160926,CVE-2016-6823,,7.5,1001066,ImageMagick,https://www.suse.com/security/cve/CVE-2016-6823,"Integer overflow in the BMP coder in ImageMagick before 7.0.2-10 allows remote attackers to cause a denial of service (crash) via crafted height and width values, which triggers an out-of-bounds write.",Released
20160926,CVE-2016-7101,,6.5,1001221,ImageMagick,https://www.suse.com/security/cve/CVE-2016-7101,"The SGI coder in ImageMagick before 7.0.2-10 allows remote attackers to cause a denial of service (out-of-bounds read) via a large row value in an sgi file.",Released
20160926,CVE-2016-7161,,9.8,1001151,kvm,https://www.suse.com/security/cve/CVE-2016-7161,"Heap-based buffer overflow in the .receive callback of xlnx.xps-ethernetlite in QEMU (aka Quick Emulator) allows attackers to execute arbitrary code on the QEMU host via a large ethlite packet.",Released
20160926,CVE-2016-7543,,8.4,1001299,bash,https://www.suse.com/security/cve/CVE-2016-7543,"Bash before 4.4 allows local users to execute arbitrary commands with root privileges via crafted SHELLOPTS and PS4 environment variables.",Released
20160926,CVE-2016-7545,,8.8,1000998,policycoreutils,https://www.suse.com/security/cve/CVE-2016-7545,"SELinux policycoreutils allows local users to execute arbitrary commands outside of the sandbox via a crafted TIOCSTI ioctl call.",Released
20160929,CVE-2013-5653,,,1001951,ghostscript-library,https://www.suse.com/security/cve/CVE-2013-5653,"The getenv and filenameforall functions in Ghostscript 9.10 ignore the \"-dSAFER\" argument, which allows remote attackers to read data via a crafted postscript file.",Released
20160930,CVE-2016-7777,,6.3,1000106,xen,https://www.suse.com/security/cve/CVE-2016-7777,"Xen 4.7.x and earlier does not properly honor CR0.TS and CR0.EM, which allows local x86 HVM guest OS users to read or modify FPU, MMX, or XMM register state information belonging to arbitrary tasks on the guest by modifying an instruction while the hypervisor is preparing to emulate it.",Released
20161001,CVE-2016-7800,,7.5,1002422,ImageMagick,https://www.suse.com/security/cve/CVE-2016-7800,"Integer underflow in the parse8BIM function in coders/meta.c in GraphicsMagick 1.3.25 and earlier allows remote attackers to cause a denial of service (application crash) via a crafted 8BIM chunk, which triggers a heap-based buffer overflow.",Released
20161002,CVE-2016-7799,,6.5,1002421,ImageMagick,https://www.suse.com/security/cve/CVE-2016-7799,"MagickCore/profile.c in ImageMagick before 7.0.3-2 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file.",Released
20161003,CVE-2016-1246,,7.5,1002626,perl-DBD-mysql,https://www.suse.com/security/cve/CVE-2016-1246,"Buffer overflow in the DBD::mysql module before 4.037 for Perl allows context-dependent attackers to cause a denial of service (crash) via vectors related to an error message.",Released
20161003,CVE-2016-7908,,4.4,1002550,kvm,https://www.suse.com/security/cve/CVE-2016-7908,"The mcf_fec_do_tx function in hw/net/mcf_fec.c in QEMU (aka Quick Emulator) does not properly limit the buffer descriptor count when transmitting packets, which allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via vectors involving a buffer descriptor with a length of 0 and crafted values in bd.flags.",Released
20161003,CVE-2016-7908,,4.4,1002550,xen,https://www.suse.com/security/cve/CVE-2016-7908,"The mcf_fec_do_tx function in hw/net/mcf_fec.c in QEMU (aka Quick Emulator) does not properly limit the buffer descriptor count when transmitting packets, which allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via vectors involving a buffer descriptor with a length of 0 and crafted values in bd.flags.",Released
20161003,CVE-2016-7909,,4.4,1002557,kvm,https://www.suse.com/security/cve/CVE-2016-7909,"The pcnet_rdra_addr function in hw/net/pcnet.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) by setting the (1) receive or (2) transmit descriptor ring length to 0.",Released
20161003,CVE-2016-7909,,4.4,1002557,xen,https://www.suse.com/security/cve/CVE-2016-7909,"The pcnet_rdra_addr function in hw/net/pcnet.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) by setting the (1) receive or (2) transmit descriptor ring length to 0.",Ignore
20161005,CVE-2016-5407,,9.8,1003017,xorg-x11-libXv,https://www.suse.com/security/cve/CVE-2016-5407,"The (1) XvQueryAdaptors and (2) XvQueryEncodings functions in X.org libXv before 1.0.11 allow remote X servers to trigger out-of-bounds memory access operations via vectors involving length specifications in received data.",Released
20161005,CVE-2016-7117,8.1,9.8,1003077,kernel-source,https://www.suse.com/security/cve/CVE-2016-7117,"Use-after-free vulnerability in the __sys_recvmmsg function in net/socket.c in the Linux kernel before 4.5.2 allows remote attackers to execute arbitrary code via vectors involving a recvmmsg system call that is mishandled during error processing.",Released
20161005,CVE-2016-7942,,9.8,1002991,xorg-x11-libX11,https://www.suse.com/security/cve/CVE-2016-7942,"The XGetImage function in X.org libX11 before 1.6.4 might allow remote X servers to gain privileges via vectors involving image type and geometry, which triggers out-of-bounds read operations.",Released
20161005,CVE-2016-7943,,9.8,1002991,xorg-x11-libX11,https://www.suse.com/security/cve/CVE-2016-7943,"The XListFonts function in X.org libX11 before 1.6.4 might allow remote X servers to gain privileges via vectors involving length fields, which trigger out-of-bounds write operations.",Released
20161005,CVE-2016-7944,,9.8,1002995,xorg-x11-libXfixes,https://www.suse.com/security/cve/CVE-2016-7944,"Integer overflow in X.org libXfixes before 5.0.3 on 32-bit platforms might allow remote X servers to gain privileges via a length value of INT_MAX, which triggers the client to stop reading data and get out of sync.",Released
20161005,CVE-2016-7945,,7.5,1002998,xorg-x11-libs,https://www.suse.com/security/cve/CVE-2016-7945,"Multiple integer overflows in X.org libXi before 1.7.7 allow remote X servers to cause a denial of service (out-of-bounds memory access or infinite loop) via vectors involving length fields.",Released
20161005,CVE-2016-7946,,7.5,1002998,xorg-x11-libs,https://www.suse.com/security/cve/CVE-2016-7946,"X.org libXi before 1.7.7 allows remote X servers to cause a denial of service (infinite loop) via vectors involving length fields.",Released
20161005,CVE-2016-7947,,9.8,1003000,xorg-x11-libs,https://www.suse.com/security/cve/CVE-2016-7947,"Multiple integer overflows in X.org libXrandr before 1.5.1 allow remote X servers to trigger out-of-bounds write operations via a crafted response.",Released
20161005,CVE-2016-7948,,9.8,1003000,xorg-x11-libs,https://www.suse.com/security/cve/CVE-2016-7948,"X.org libXrandr before 1.5.1 allows remote X servers to trigger out-of-bounds write operations by leveraging mishandling of reply data.",Released
20161005,CVE-2016-7949,,9.8,1003002,xorg-x11-libXrender,https://www.suse.com/security/cve/CVE-2016-7949,"Multiple buffer overflows in the (1) XvQueryAdaptors and (2) XvQueryEncodings functions in X.org libXrender before 0.9.10 allow remote X servers to trigger out-of-bounds write operations via vectors involving length fields.",Released
20161005,CVE-2016-7950,,9.8,1003002,xorg-x11-libXrender,https://www.suse.com/security/cve/CVE-2016-7950,"The XRenderQueryFilters function in X.org libXrender before 0.9.10 allows remote X servers to trigger out-of-bounds write operations via vectors involving filter name lengths.",Released
20161005,CVE-2016-7951,,9.8,1003012,xorg-x11-libs,https://www.suse.com/security/cve/CVE-2016-7951,"Multiple integer overflows in X.org libXtst before 1.2.3 allow remote X servers to trigger out-of-bounds memory access operations by leveraging the lack of range checks.",Released
20161005,CVE-2016-7952,,7.5,1003012,xorg-x11-libs,https://www.suse.com/security/cve/CVE-2016-7952,"X.org libXtst before 1.2.3 allows remote X servers to cause a denial of service (infinite loop) via a reply in the (1) XRecordStartOfData, (2) XRecordEndOfData, or (3) XRecordClientDied category without a client sequence and with attached data.",Released
20161005,CVE-2016-7953,,9.8,1003023,xorg-x11-libs,https://www.suse.com/security/cve/CVE-2016-7953,"Buffer underflow in X.org libXvMC before 1.0.10 allows remote X servers to have unspecified impact via an empty string.",Released
20161005,CVE-2016-7966,,7.3,1002977,kdepim4,https://www.suse.com/security/cve/CVE-2016-7966,"Through a malicious URL that contained a quote character it was possible to inject HTML code in KMail's plaintext viewer. Due to the parser used on the URL it was not possible to include the equal sign (=) or a space into the injected HTML, which greatly reduces the available HTML functionality. Although it is possible to include an HTML comment indicator to hide content.",Analysis
20161005,CVE-2016-7967,,8.1,1002977,kdepim4,https://www.suse.com/security/cve/CVE-2016-7967,"KMail since version 5.3.0 used a QWebEngine based viewer that had JavaScript enabled. Since the generated html is executed in the local file security context by default access to remote and local URLs was enabled.",Analysis
20161005,CVE-2016-7968,,6.5,1002977,kdepim4,https://www.suse.com/security/cve/CVE-2016-7968,"KMail since version 5.3.0 used a QWebEngine based viewer that had JavaScript enabled. HTML Mail contents were not sanitized for JavaScript and included code was executed.",Analysis
20161006,CVE-2016-7976,,8.8,1001951,ghostscript-library,https://www.suse.com/security/cve/CVE-2016-7976,"The PS Interpreter in Ghostscript 9.18 and 9.20 allows remote attackers to execute arbitrary code via crafted userparams.",Released
20161006,CVE-2016-7977,,5.5,1001951,ghostscript-library,https://www.suse.com/security/cve/CVE-2016-7977,"Ghostscript before 9.21 might allow remote attackers to bypass the SAFER mode protection mechanism and consequently read arbitrary files via the use of the .libfile operator in a crafted postscript document.",Released
20161006,CVE-2016-7978,,9.8,1001951,ghostscript-library,https://www.suse.com/security/cve/CVE-2016-7978,"Use-after-free vulnerability in Ghostscript 9.20 might allow remote attackers to execute arbitrary code via vectors related to a reference leak in .setdevice.",Released
20161006,CVE-2016-7979,,9.8,1001951,ghostscript-library,https://www.suse.com/security/cve/CVE-2016-7979,"Ghostscript before 9.21 might allow remote attackers to bypass the SAFER mode protection mechanism and consequently execute arbitrary code by leveraging type confusion in .initialize_dsc_parser.",Released
20161008,CVE-2016-7996,,9.8,1003629,ImageMagick,https://www.suse.com/security/cve/CVE-2016-7996,"Heap-based buffer overflow in the WPG format reader in GraphicsMagick 1.3.25 and earlier allows remote attackers to have unspecified impact via a colormap with a large number of entries.",Released
20161008,CVE-2016-7997,,7.5,1003629,ImageMagick,https://www.suse.com/security/cve/CVE-2016-7997,"The WPG format reader in GraphicsMagick 1.3.25 and earlier allows remote attackers to cause a denial of service (assertion failure and crash) via vectors related to a ReferenceBlob and a NULL pointer.",Released
20161010,CVE-2015-8956,,,1003925,kernel-source,https://www.suse.com/security/cve/CVE-2015-8956,"The rfcomm_sock_bind function in net/bluetooth/rfcomm/sock.c in the Linux kernel before 4.2 allows local users to obtain sensitive information or cause a denial of service (NULL pointer dereference) via vectors involving a bind system call on a Bluetooth RFCOMM socket.",Released
20161010,CVE-2016-1240,,7.8,1003877,tomcat6,https://www.suse.com/security/cve/CVE-2016-1240,"The Tomcat init script in the tomcat7 package before 7.0.56-3+deb8u4 and tomcat8 package before 8.0.14-1+deb8u3 on Debian jessie and the tomcat6 and libtomcat6-java packages before 6.0.35-1ubuntu3.8 on Ubuntu 12.04 LTS, the tomcat7 and libtomcat7-java packages before 7.0.52-1ubuntu0.7 on Ubuntu 14.04 LTS, and tomcat8 and libtomcat8-java packages before 8.0.32-1ubuntu1.2 on Ubuntu 16.04 LTS allows local users with access to the tomcat account to gain root privileges via a symlink attack on the Catalina log file, as demonstrated by /var/log/tomcat7/catalina.out.",Analysis
20161010,CVE-2016-8576,,6,1003878,kvm,https://www.suse.com/security/cve/CVE-2016-8576,"The xhci_ring_fetch function in hw/usb/hcd-xhci.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) by leveraging failure to limit the number of link Transfer Request Blocks (TRB) to process.",Released
20161010,CVE-2016-8577,,6,1003893,kvm,https://www.suse.com/security/cve/CVE-2016-8577,"Memory leak in the v9fs_read function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption) via vectors related to an I/O read operation.",Released
20161010,CVE-2016-8578,,6,1003894,kvm,https://www.suse.com/security/cve/CVE-2016-8578,"The v9fs_iov_vunmarshal function in fsdev/9p-iov-marshal.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (NULL pointer dereference and QEMU process crash) by sending an empty string parameter to a 9P operation.",Released
20161012,CVE-2016-8602,,7.8,1001951,ghostscript-library,https://www.suse.com/security/cve/CVE-2016-8602,"The .sethalftone5 function in psi/zht2.c in Ghostscript before 9.21 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Postscript document that calls .sethalftone5 with an empty operand stack.",Released
20161012,CVE-2016-8605,,5.3,1004221,guile,https://www.suse.com/security/cve/CVE-2016-8605,"The mkdir procedure of GNU Guile temporarily changed the process' umask to zero. During that time window, in a multithreaded application, other threads could end up creating files with insecure permissions. For example, mkdir without the optional mode argument would create directories as 0777. This is fixed in Guile 2.0.13. Prior versions are affected.",Released
20161013,CVE-2016-5195,7.8,7.8,1004418,kernel-source,https://www.suse.com/security/cve/CVE-2016-5195,"Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before 4.8.3 allows local users to gain privileges by leveraging incorrect handling of a copy-on-write (COW) feature to write to a read-only memory mapping, as exploited in the wild in October 2016, aka \"Dirty COW.\"",Released
20161013,CVE-2016-7042,,6.2,1004517,kernel-source,https://www.suse.com/security/cve/CVE-2016-7042,"The proc_keys_show function in security/keys/proc.c in the Linux kernel through 4.8.2, when the GNU Compiler Collection (gcc) stack protector is enabled, uses an incorrect buffer size for certain timeout data, which allows local users to cause a denial of service (stack memory corruption and panic) by reading the /proc/keys file.",Released
20161013,CVE-2016-8660,5.5,5.5,1004532,kernel-source,https://www.suse.com/security/cve/CVE-2016-8660,"The XFS subsystem in the Linux kernel through 4.8.2 allows local users to cause a denial of service (fdatasync failure and system hang) by using the vfs syscall group in the trinity program, related to a \"page lock order bug in the XFS seek hole/data implementation.\"",Analysis
20161015,CVE-2016-8667,,6,1004702,kvm,https://www.suse.com/security/cve/CVE-2016-8667,"The rc4030_write function in hw/dma/rc4030.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (divide-by-zero error and QEMU process crash) via a large interval timer reload value.",Released
20161015,CVE-2016-8667,,6,1004702,xen,https://www.suse.com/security/cve/CVE-2016-8667,"The rc4030_write function in hw/dma/rc4030.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (divide-by-zero error and QEMU process crash) via a large interval timer reload value.",Ignore
20161015,CVE-2016-8669,,6,1004707,kvm,https://www.suse.com/security/cve/CVE-2016-8669,"The serial_update_parameters function in hw/char/serial.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (divide-by-zero error and QEMU process crash) via vectors involving a value of divider greater than baud base.",Released
20161015,CVE-2016-8670,,9.8,1004924,gd,https://www.suse.com/security/cve/CVE-2016-8670,"Integer signedness error in the dynamicGetbuf function in gd_io_dp.c in the GD Graphics Library (aka libgd) through 2.2.3, as used in PHP before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a crafted imagecreatefromstring call.",Released
20161015,CVE-2016-8670,,9.8,1004924,php53,https://www.suse.com/security/cve/CVE-2016-8670,"Integer signedness error in the dynamicGetbuf function in gd_io_dp.c in the GD Graphics Library (aka libgd) through 2.2.3, as used in PHP before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a crafted imagecreatefromstring call.",Released
20161017,CVE-2016-8682,,7.5,1005125,ImageMagick,https://www.suse.com/security/cve/CVE-2016-8682,"The ReadSCTImage function in coders/sct.c in GraphicsMagick 1.3.25 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted SCT header.",Released
20161017,CVE-2016-8683,,7.8,1005127,ImageMagick,https://www.suse.com/security/cve/CVE-2016-8683,"The ReadPCXImage function in coders/pcx.c in GraphicsMagick 1.3.25 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation failure and a \"file truncation error for corrupt file.\"",Released
20161017,CVE-2016-8684,,7.8,1005123,ImageMagick,https://www.suse.com/security/cve/CVE-2016-8684,"The MagickMalloc function in magick/memory.c in GraphicsMagick 1.3.25 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation failure and a \"file truncation error for corrupt file.\"",Released
20161017,CVE-2016-8687,3.3,7.5,1005070,bsdtar,https://www.suse.com/security/cve/CVE-2016-8687,"Stack-based buffer overflow in the safe_fprintf function in tar/util.c in libarchive 3.2.1 allows remote attackers to cause a denial of service via a crafted non-printable multibyte character in a filename.",Released
20161017,CVE-2016-8690,,5.5,1005084,jasper,https://www.suse.com/security/cve/CVE-2016-8690,"The bmp_getdata function in libjasper/bmp/bmp_dec.c in JasPer before 1.900.5 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted BMP image in an imginfo command.",Released
20161017,CVE-2016-8691,,5.5,1005090,jasper,https://www.suse.com/security/cve/CVE-2016-8691,"The jpc_dec_process_siz function in libjasper/jpc/jpc_dec.c in JasPer before 1.900.4 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted XRsiz value in a BMP image to the imginfo command.",Released
20161017,CVE-2016-8692,,5.5,1005090,jasper,https://www.suse.com/security/cve/CVE-2016-8692,"The jpc_dec_process_siz function in libjasper/jpc/jpc_dec.c in JasPer before 1.900.4 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted YRsiz value in a BMP image to the imginfo command.",Released
20161018,CVE-2016-1245,,9.8,1005258,quagga,https://www.suse.com/security/cve/CVE-2016-1245,"It was discovered that the zebra daemon in Quagga before 1.0.20161017 suffered from a stack-based buffer overflow when processing IPv6 Neighbor Discovery messages. The root cause was relying on BUFSIZ to be compatible with a message size; however, BUFSIZ is system-dependent.",Released
20161018,CVE-2016-6911,,5.5,1004924,gd,https://www.suse.com/security/cve/CVE-2016-6911,"The dynamicGetbuf function in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TIFF image.",Released
20161018,CVE-2016-6911,,5.5,1004924,php53,https://www.suse.com/security/cve/CVE-2016-6911,"The dynamicGetbuf function in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TIFF image.",Released
20161018,CVE-2016-8693,,7.8,1005242,jasper,https://www.suse.com/security/cve/CVE-2016-8693,"Double free vulnerability in the mem_close function in jas_stream.c in JasPer before 1.900.10 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted BMP image to the imginfo command.",Released
20161019,CVE-2016-4658,,9.8,1005544,libxml2,https://www.suse.com/security/cve/CVE-2016-4658,"xpointer.c in libxml2 before 2.9.5 (as used in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3, and other products) does not forbid namespace nodes in XPointer ranges, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and memory corruption) via a crafted XML document.",Released
20161019,CVE-2016-4738,,8.8,1005591,libxslt,https://www.suse.com/security/cve/CVE-2016-4738,"libxslt in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.",Released
20161019,CVE-2016-5542,,3.1,1005522,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2016-5542,"Unspecified vulnerability in Oracle Java SE 6u121, 7u111, 8u102; and Java SE Embedded 8u101 allows remote attackers to affect integrity via vectors related to Libraries.",Released
20161019,CVE-2016-5554,,4.3,1005523,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2016-5554,"Unspecified vulnerability in Oracle Java SE 6u121, 7u111, 8u102; and Java SE Embedded 8u101 allows remote attackers to affect integrity via vectors related to JMX.",Released
20161019,CVE-2016-5556,,9.6,1005524,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2016-5556,"Unspecified vulnerability in Oracle Java SE 6u121, 7u111, and 8u102 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to 2D.",Released
20161019,CVE-2016-5568,,9.6,1005525,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2016-5568,"Unspecified vulnerability in Oracle Java SE 6u121, 7u111, and 8u102 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT.",Released
20161019,CVE-2016-5573,,8.3,1005526,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2016-5573,"Unspecified vulnerability in Oracle Java SE 6u121, 7u111, 8u102; and Java SE Embedded 8u101 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Hotspot, a different vulnerability than CVE-2016-5582.",Released
20161019,CVE-2016-5597,,5.9,1005528,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2016-5597,"Unspecified vulnerability in Oracle Java SE 6u121, 7u111, 8u102; and Java SE Embedded 8u101 allows remote attackers to affect confidentiality via vectors related to Networking.",Released
20161019,CVE-2016-5617,,,1005563,mozilla-nspr,https://www.suse.com/security/cve/CVE-2016-5617,"** REJECT **  DO NOT USE THIS CANDIDATE NUMBER.  ConsultIDs: CVE-2016-6664.  Reason: This candidate is a reservation duplicate of CVE-2016-6664.  Notes: All CVE users should reference CVE-2016-6664 instead of this candidate.  All references and descriptions in this candidate have been removed to prevent accidental usage.",Released
20161019,CVE-2016-5617,,,1005563,mozilla-nss,https://www.suse.com/security/cve/CVE-2016-5617,"** REJECT **  DO NOT USE THIS CANDIDATE NUMBER.  ConsultIDs: CVE-2016-6664.  Reason: This candidate is a reservation duplicate of CVE-2016-6664.  Notes: All CVE users should reference CVE-2016-6664 instead of this candidate.  All references and descriptions in this candidate have been removed to prevent accidental usage.",Released
20161019,CVE-2016-8858,5.8,7.5,1005480,openssh,https://www.suse.com/security/cve/CVE-2016-8858,"** DISPUTED ** The kex_input_kexinit function in kex.c in OpenSSH 6.x and 7.x through 7.3 allows remote attackers to cause a denial of service (memory consumption) by sending many duplicate KEXINIT requests.  NOTE: a third party reports that \"OpenSSH upstream does not consider this as a security issue.\"",Released
20161020,CVE-2016-8610,7.5,7.5,1005878,gnutls,https://www.suse.com/security/cve/CVE-2016-8610,"A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections from other clients.",Released
20161020,CVE-2016-8610,7.5,7.5,1005878,openssl,https://www.suse.com/security/cve/CVE-2016-8610,"A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections from other clients.",Released
20161024,CVE-2016-8615,,7.5,1005633,curl,https://www.suse.com/security/cve/CVE-2016-8615,"A flaw was found in curl before version 7.51. If cookie state is written into a cookie jar file that is later read back and used for subsequent requests, a malicious HTTP server can inject new cookies for arbitrary domains into said cookie jar.",Released
20161024,CVE-2016-8616,,5.9,1005634,curl,https://www.suse.com/security/cve/CVE-2016-8616,"A flaw was found in curl before version 7.51.0 When re-using a connection, curl was doing case insensitive comparisons of user name and password with the existing connections. This means that if an unused connection with proper credentials exists for a protocol that has connection-scoped credentials, an attacker can cause that connection to be reused if s/he knows the case-insensitive version of the correct password.",Released
20161024,CVE-2016-8617,,7,1005635,curl,https://www.suse.com/security/cve/CVE-2016-8617,"The base64 encode function in curl before version 7.51.0 is prone to a buffer being under allocated in 32bit systems if it receives at least 1Gb as input via `CURLOPT_USERNAME`.",Released
20161024,CVE-2016-8618,6.5,9.8,1005637,curl,https://www.suse.com/security/cve/CVE-2016-8618,"The libcurl API function called `curl_maprintf()` before version 7.51.0 can be tricked into doing a double-free due to an unsafe `size_t` multiplication, on systems using 32 bit `size_t` variables.",Released
20161024,CVE-2016-8619,,9.8,1005638,curl,https://www.suse.com/security/cve/CVE-2016-8619,"The function `read_data()` in security.c in curl before version 7.51.0 is vulnerable to memory double free.",Released
20161024,CVE-2016-8620,,9.8,1005640,curl,https://www.suse.com/security/cve/CVE-2016-8620,"The 'globbing' feature in curl before version 7.51.0 has a flaw that leads to integer overflow and out-of-bounds read via user controlled input.",Released
20161024,CVE-2016-8621,5.3,7.5,1005642,curl,https://www.suse.com/security/cve/CVE-2016-8621,"The `curl_getdate` function in curl before version 7.51.0 is vulnerable to an out of bounds read if it receives an input with one digit short.",Released
20161024,CVE-2016-8622,,9.8,1005643,curl,https://www.suse.com/security/cve/CVE-2016-8622,"The URL percent-encoding decode function in libcurl before 7.51.0 is called `curl_easy_unescape`. Internally, even if this function would be made to allocate a unscape destination buffer larger than 2GB, it would return that new length in a signed 32 bit integer variable, thus the length would get either just truncated or both truncated and turned negative. That could then lead to libcurl writing outside of its heap based buffer.",Released
20161024,CVE-2016-8623,,7.5,1005645,curl,https://www.suse.com/security/cve/CVE-2016-8623,"A flaw was found in curl before version 7.51.0. The way curl handles cookies permits other threads to trigger a use-after-free leading to information disclosure.",Released
20161024,CVE-2016-8624,,7.5,1005646,curl,https://www.suse.com/security/cve/CVE-2016-8624,"curl before version 7.51.0 doesn't parse the authority component of the URL correctly when the host name part ends with a '#' character, and could instead be tricked into connecting to a different host. This may have security implications if you for example use an URL parser that follows the RFC to check for allowed domains before using curl to request them.",Released
20161024,CVE-2016-8625,,7.5,1005649,curl,https://www.suse.com/security/cve/CVE-2016-8625,"curl before version 7.51.0 uses outdated IDNA 2003 standard to handle International Domain Names and this may lead users to potentially and unknowingly issue network transfer requests to the wrong host.",Ignore
20161024,CVE-2016-8880,,,1006591,jasper,https://www.suse.com/security/cve/CVE-2016-8880,"** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2011-4516. Reason: This candidate is a duplicate of CVE-2011-4516. Notes: All CVE users should reference CVE-2011-4516 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.",Released
20161024,CVE-2016-8881,,,1006593,jasper,https://www.suse.com/security/cve/CVE-2016-8881,"** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2011-4517. Reason: This candidate is a duplicate of CVE-2011-4517. Notes: All CVE users should reference CVE-2011-4517 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.",Released
20161024,CVE-2016-8882,,5.5,1006597,jasper,https://www.suse.com/security/cve/CVE-2016-8882,"The jpc_dec_tilefini function in libjasper/jpc/jpc_dec.c in JasPer before 1.900.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted file.",Released
20161024,CVE-2016-8883,5.5,5.5,1006598,jasper,https://www.suse.com/security/cve/CVE-2016-8883,"The jpc_dec_tiledecode function in jpc_dec.c in JasPer before 1.900.8 allows remote attackers to cause a denial of service (assertion failure) via a crafted file.",Released
20161024,CVE-2016-8886,,7.8,1006599,jasper,https://www.suse.com/security/cve/CVE-2016-8886,"The jas_malloc function in libjasper/base/jas_malloc.c in JasPer before 1.900.11 allows remote attackers to have unspecified impact via a crafted file, which triggers a memory allocation failure.",Released
20161024,CVE-2016-8909,,6,1006536,kvm,https://www.suse.com/security/cve/CVE-2016-8909,"The intel_hda_xfer function in hw/audio/intel-hda.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) via an entry with the same value for buffer length and pointer position.",Released
20161024,CVE-2016-8910,3,6,1006538,kvm,https://www.suse.com/security/cve/CVE-2016-8910,"The rtl8139_cplus_transmit function in hw/net/rtl8139.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) by leveraging failure to limit the ring descriptor count.",Released
20161024,CVE-2016-8910,3,6,1006538,xen,https://www.suse.com/security/cve/CVE-2016-8910,"The rtl8139_cplus_transmit function in hw/net/rtl8139.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) by leveraging failure to limit the ring descriptor count.",Already fixed
20161025,CVE-2016-8887,,5.5,1006836,jasper,https://www.suse.com/security/cve/CVE-2016-8887,"The jp2_colr_destroy function in libjasper/jp2/jp2_cod.c in JasPer before 1.900.10 allows remote attackers to cause a denial of service (NULL pointer dereference).",Released
20161026,CVE-2016-8884,,5.5,1005084,jasper,https://www.suse.com/security/cve/CVE-2016-8884,"The bmp_getdata function in libjasper/bmp/bmp_dec.c in JasPer 1.900.5 allows remote attackers to cause a denial of service (NULL pointer dereference) by calling the imginfo command with a crafted BMP image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8690.",Released
20161026,CVE-2016-8885,,5.5,1005084,jasper,https://www.suse.com/security/cve/CVE-2016-8885,"The bmp_getdata function in libjasper/bmp/bmp_dec.c in JasPer before 1.900.9 allows remote attackers to cause a denial of service (NULL pointer dereference) by calling the imginfo command with a crafted BMP image.",Released
20161027,CVE-2016-5652,,7,1007280,tiff,https://www.suse.com/security/cve/CVE-2016-5652,"An exploitable heap-based buffer overflow exists in the handling of TIFF images in LibTIFF's TIFF2PDF tool. A crafted TIFF document can lead to a heap-based buffer overflow resulting in remote code execution. Vulnerability can be triggered via a saved TIFF file delivered by other means.",Released
20161027,CVE-2016-5857,,7.8,1007284,tiff,https://www.suse.com/security/cve/CVE-2016-5857,"The Qualcomm SPCom driver in Android before 7.0 allows local users to execute arbitrary code within the context of the kernel via a crafted application, aka Android internal bug 34386529 and Qualcomm internal bug CR#1094140.",Already fixed
20161027,CVE-2016-6321,,7.5,1007188,tar,https://www.suse.com/security/cve/CVE-2016-6321,"Directory traversal vulnerability in the safer_name_suffix function in GNU tar 1.14 through 1.29 might allow remote attackers to bypass an intended protection mechanism and write to arbitrary files via vectors related to improper sanitization of the file_name parameter, aka POINTYFEATHER.",Released
20161027,CVE-2016-8331,,8.1,1007276,tiff,https://www.suse.com/security/cve/CVE-2016-8331,"An exploitable remote code execution vulnerability exists in the handling of TIFF images in LibTIFF version 4.0.6. A crafted TIFF document can lead to a type confusion vulnerability resulting in remote code execution. This vulnerability can be triggered via a TIFF file delivered to the application using LibTIFF's tag extension functionality.",Released
20161027,CVE-2016-8626,6.5,6.5,1007217,ceph,https://www.suse.com/security/cve/CVE-2016-8626,"A flaw was found in Red Hat Ceph before 0.94.9-8. The way Ceph Object Gateway handles POST object requests permits an authenticated attacker to launch a denial of service attack by sending null or specially crafted POST object requests.",Ignore
20161027,CVE-2016-8862,,8.8,1007245,ImageMagick,https://www.suse.com/security/cve/CVE-2016-8862,"The AcquireMagickMemory function in MagickCore/memory.c in ImageMagick before 7.0.3.3 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation failure.",Released
20161027,CVE-2016-8866,,8.8,1007245,ImageMagick,https://www.suse.com/security/cve/CVE-2016-8866,"The AcquireMagickMemory function in MagickCore/memory.c in ImageMagick 7.0.3.3 before 7.0.3.8 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation failure.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8862.",Released
20161027,CVE-2016-9082,,5.5,1007255,cairo,https://www.suse.com/security/cve/CVE-2016-9082,"Integer overflow in the write_png function in cairo 1.14.6 allows remote attackers to cause a denial of service (invalid pointer dereference) via a large svg file.",Released
20161027,CVE-2016-9082,,5.5,1007255,firefox-cairo,https://www.suse.com/security/cve/CVE-2016-9082,"Integer overflow in the write_png function in cairo 1.14.6 allows remote attackers to cause a denial of service (invalid pointer dereference) via a large svg file.",Ignore
20161028,CVE-2016-7032,,7,1007501,sudo,https://www.suse.com/security/cve/CVE-2016-7032,"sudo_noexec.so in Sudo before 1.8.15 on Linux might allow local users to bypass intended noexec command restrictions via an application that calls the (1) system or (2) popen function.",Released
20161028,CVE-2016-7076,,7.8,1007501,sudo,https://www.suse.com/security/cve/CVE-2016-7076,"sudo before version 1.8.18p1 is vulnerable to a bypass in the sudo noexec restriction if application run via sudo executed wordexp() C library function with a user supplied argument. A local user permitted to run such application via sudo with noexec restriction could possibly use this flaw to execute arbitrary commands with elevated privileges.",Released
20161031,CVE-2015-5191,-1,-1,1007600,open-vm-tools,https://www.suse.com/security/cve/CVE-2015-5191,"VMware Tools prior to 10.0.9 contains multiple file system races in libDeployPkg, related to the use of hard-coded paths under /tmp. Successful exploitation of this issue may result in a local privilege escalation. CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",Released
20161031,CVE-2016-5180,,9.8,1007728,libcares2,https://www.suse.com/security/cve/CVE-2016-5180,"Heap-based buffer overflow in the ares_create_query function in c-ares 1.x before 1.12.0 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly execute arbitrary code via a hostname with an escaped trailing dot.",Released
20161031,CVE-2016-8864,7.5,7.5,1007829,bind,https://www.suse.com/security/cve/CVE-2016-8864,"named in ISC BIND 9.x before 9.9.9-P4, 9.10.x before 9.10.4-P4, and 9.11.x before 9.11.0-P1 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a DNAME record in the answer section of a response to a recursive query, related to db.c and resolver.c.",Released
20161031,CVE-2016-9101,,6,1007391,kvm,https://www.suse.com/security/cve/CVE-2016-9101,"Memory leak in hw/net/eepro100.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption and QEMU process crash) by repeatedly unplugging an i8255x (PRO100) NIC device.",Released
20161031,CVE-2016-9101,,6,1007391,xen,https://www.suse.com/security/cve/CVE-2016-9101,"Memory leak in hw/net/eepro100.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption and QEMU process crash) by repeatedly unplugging an i8255x (PRO100) NIC device.",Released
20161031,CVE-2016-9102,,6,1007450,kvm,https://www.suse.com/security/cve/CVE-2016-9102,"Memory leak in the v9fs_xattrcreate function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption and QEMU process crash) via a large number of Txattrcreate messages with the same fid number.",Released
20161031,CVE-2016-9103,,6,1007454,kvm,https://www.suse.com/security/cve/CVE-2016-9103,"The v9fs_xattrcreate function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS administrators to obtain sensitive host heap memory information by reading xattribute values before writing to them.",Released
20161031,CVE-2016-9104,,4.4,1007493,kvm,https://www.suse.com/security/cve/CVE-2016-9104,"Multiple integer overflows in the (1) v9fs_xattr_read and (2) v9fs_xattr_write functions in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allow local guest OS administrators to cause a denial of service (QEMU process crash) via a crafted offset, which triggers an out-of-bounds access.",Released
20161031,CVE-2016-9104,,4.4,1007493,xen,https://www.suse.com/security/cve/CVE-2016-9104,"Multiple integer overflows in the (1) v9fs_xattr_read and (2) v9fs_xattr_write functions in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allow local guest OS administrators to cause a denial of service (QEMU process crash) via a crafted offset, which triggers an out-of-bounds access.",Ignore
20161031,CVE-2016-9105,,6,1007494,kvm,https://www.suse.com/security/cve/CVE-2016-9105,"Memory leak in the v9fs_link function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption) via vectors involving a reference to the source fid object.",Released
20161031,CVE-2016-9106,,6,1007495,kvm,https://www.suse.com/security/cve/CVE-2016-9106,"Memory leak in the v9fs_write function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption) by leveraging failure to free an IO vector.",Released
20161101,CVE-2016-0762,,5.9,1007854,tomcat6,https://www.suse.com/security/cve/CVE-2016-0762,"The Realm implementations in Apache Tomcat versions 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 did not process the supplied password if the supplied user name did not exist. This made a timing attack possible to determine valid user names. Note that the default configuration includes the LockOutRealm which makes exploitation of this vulnerability harder.",Released
20161101,CVE-2016-5018,,9.1,1007855,tomcat6,https://www.suse.com/security/cve/CVE-2016-5018,"In Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 a malicious web application was able to bypass a configured SecurityManager via a Tomcat utility method that was accessible to web applications.",Released
20161101,CVE-2016-6794,,5.3,1007857,tomcat6,https://www.suse.com/security/cve/CVE-2016-6794,"When a SecurityManager is configured, a web application's ability to read system properties should be controlled by the SecurityManager. In Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70, 6.0.0 to 6.0.45 the system property replacement feature for configuration files could be used by a malicious web application to bypass the SecurityManager and read system properties that should not be visible.",Released
20161101,CVE-2016-6796,,7.5,1007858,tomcat6,https://www.suse.com/security/cve/CVE-2016-6796,"A malicious web application running on Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 was able to bypass a configured SecurityManager via manipulation of the configuration parameters for the JSP Servlet.",Released
20161101,CVE-2016-6797,,7.5,1007853,tomcat6,https://www.suse.com/security/cve/CVE-2016-6797,"The ResourceLinkFactory implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 did not limit web application access to global JNDI resources to those resources explicitly linked to the web application. Therefore, it was possible for a web application to access any global JNDI resource whether an explicit ResourceLink had been configured or not.",Released
20161102,CVE-2016-9138,,9.8,1008026,php53,https://www.suse.com/security/cve/CVE-2016-9138,"PHP through 5.6.27 and 7.x through 7.0.12 mishandles property modification during __wakeup processing, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data, as demonstrated by Exception::__toString with DateInterval::__wakeup.",Affected
20161107,CVE-2015-8970,5.5,5.5,1008374,kernel-source,https://www.suse.com/security/cve/CVE-2015-8970,"crypto/algif_skcipher.c in the Linux kernel before 4.4.2 does not verify that a setkey operation has been performed on an AF_ALG socket before an accept system call is processed, which allows local users to cause a denial of service (NULL pointer dereference and system crash) via a crafted application that does not supply a key, related to the lrw_crypt function in crypto/lrw.c.",Released
20161107,CVE-2016-8632,,7.8,1008831,kernel-source,https://www.suse.com/security/cve/CVE-2016-8632,"The tipc_msg_build function in net/tipc/msg.c in the Linux kernel through 4.8.11 does not validate the relationship between the minimum fragment length and the maximum packet size, which allows local users to gain privileges or cause a denial of service (heap-based buffer overflow) by leveraging the CAP_NET_ADMIN capability.",Released
20161107,CVE-2016-8633,6.8,6.8,1008833,kernel-source,https://www.suse.com/security/cve/CVE-2016-8633,"drivers/firewire/net.c in the Linux kernel before 4.8.7, in certain unusual hardware configurations, allows remote attackers to execute arbitrary code via crafted fragmented packets.",Released
20161114,CVE-2016-9262,7,5.5,1009994,jasper,https://www.suse.com/security/cve/CVE-2016-9262,"Multiple integer overflows in the (1) jas_realloc function in base/jas_malloc.c and (2) mem_resize function in base/jas_stream.c in JasPer before 1.900.22 allow remote attackers to cause a denial of service via a crafted image, which triggers use after free vulnerabilities.",Released
20161115,CVE-2016-8646,,5.5,1010150,kernel-source,https://www.suse.com/security/cve/CVE-2016-8646,"The hash_accept function in crypto/algif_hash.c in the Linux kernel before 4.3.6 allows local users to cause a denial of service (OOPS) by attempting to trigger use of in-kernel hash algorithms for a socket that has received zero bytes of data.",Released
20161115,CVE-2016-9273,,5.5,1010163,tiff,https://www.suse.com/security/cve/CVE-2016-9273,"tiffsplit in libtiff 4.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file, related to changing td_nstrips in TIFF_STRIPCHOP mode.",Released
20161115,CVE-2016-9297,,7.5,1010161,tiff,https://www.suse.com/security/cve/CVE-2016-9297,"The TIFFFetchNormalTag function in LibTiff 4.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) via crafted TIFF_SETGET_C16ASCII or TIFF_SETGET_C32_ASCII tag values.",Ignore
20161116,CVE-2015-8961,,7.8,1010492,kernel-source,https://www.suse.com/security/cve/CVE-2015-8961,"The __ext4_journal_stop function in fs/ext4/ext4_jbd2.c in the Linux kernel before 4.3.3 allows local users to gain privileges or cause a denial of service (use-after-free) by leveraging improper access to a certain error field.",Analysis
20161116,CVE-2015-8962,7,7.3,1010501,kernel-source,https://www.suse.com/security/cve/CVE-2015-8962,"Double free vulnerability in the sg_common_write function in drivers/scsi/sg.c in the Linux kernel before 4.4 allows local users to gain privileges or cause a denial of service (memory corruption and system crash) by detaching a device during an SG_IO ioctl call.",Released
20161116,CVE-2015-8964,3.3,,1010507,kernel-source,https://www.suse.com/security/cve/CVE-2015-8964,"The tty_set_termios_ldisc function in drivers/tty/tty_ldisc.c in the Linux kernel before 4.5 allows local users to obtain sensitive information from kernel memory by reading a tty data structure.",Released
20161116,CVE-2016-1249,,5.9,1010457,perl-DBD-mysql,https://www.suse.com/security/cve/CVE-2016-1249,"The DBD::mysql module before 4.039 for Perl, when using server-side prepared statement support, allows attackers to cause a denial of service (out-of-bounds read) via vectors involving an unaligned number of placeholders in WHERE condition and output fields in SELECT expression.",Released
20161116,CVE-2016-5285,,7.5,1010517,mozilla-nss,https://www.suse.com/security/cve/CVE-2016-5285,"A Null pointer dereference vulnerability exists in Mozilla Network Security Services due to a missing NULL check in PK11_SignWithSymKey / ssl3_ComputeRecordMACConstantTime, which could let a remote malicious user cause a Denial of Service.",Released
20161116,CVE-2016-7912,,7.8,1010480,kernel-source,https://www.suse.com/security/cve/CVE-2016-7912,"Use-after-free vulnerability in the ffs_user_copy_worker function in drivers/usb/gadget/function/f_fs.c in the Linux kernel before 4.5.3 allows local users to gain privileges by accessing an I/O data structure after a certain callback call.",Analysis
20161116,CVE-2016-7915,,5.5,1010470,kernel-source,https://www.suse.com/security/cve/CVE-2016-7915,"The hid_input_field function in drivers/hid/hid-core.c in the Linux kernel before 4.6 allows physically proximate attackers to obtain sensitive information from kernel memory or cause a denial of service (out-of-bounds read) by connecting a device, as demonstrated by a Logitech DJ receiver.",Released
20161116,CVE-2016-7916,,5.5,1010467,kernel-source,https://www.suse.com/security/cve/CVE-2016-7916,"Race condition in the environ_read function in fs/proc/base.c in the Linux kernel before 4.5.4 allows local users to obtain sensitive information from kernel memory by reading a /proc/*/environ file during a process-setup time interval in which environment-variable copying is incomplete.",Released
20161117,CVE-2016-1248,,7.8,1010685,vim,https://www.suse.com/security/cve/CVE-2016-1248,"vim before patch 8.0.0056 does not properly validate values for the 'filetype', 'syntax' and 'keymap' options, which may result in the execution of arbitrary code if a file with a specially crafted modeline is opened.",Released
20161117,CVE-2016-7910,7,7.8,1010716,kernel-source,https://www.suse.com/security/cve/CVE-2016-7910,"Use-after-free vulnerability in the disk_seqf_stop function in block/genhd.c in the Linux kernel before 4.7.1 allows local users to gain privileges by leveraging the execution of a certain stop operation even if the corresponding start operation had failed.",Released
20161117,CVE-2016-7911,,7.8,1010711,kernel-source,https://www.suse.com/security/cve/CVE-2016-7911,"Race condition in the get_task_ioprio function in block/ioprio.c in the Linux kernel before 4.6.6 allows local users to gain privileges or cause a denial of service (use-after-free) via a crafted ioprio_get system call.",Released
20161117,CVE-2016-9318,,5.5,1010675,libxml2,https://www.suse.com/security/cve/CVE-2016-9318,"libxml2 2.9.4 and earlier, as used in XMLSec 1.2.23 and earlier and other products, does not offer a flag directly indicating that the current document may be read but other files may not be opened, which makes it easier for remote attackers to conduct XML External Entity (XXE) attacks via a crafted document.",Released
20161117,CVE-2016-9318,,5.5,1010675,libxml2-python,https://www.suse.com/security/cve/CVE-2016-9318,"libxml2 2.9.4 and earlier, as used in XMLSec 1.2.23 and earlier and other products, does not offer a flag directly indicating that the current document may be read but other files may not be opened, which makes it easier for remote attackers to conduct XML External Entity (XXE) attacks via a crafted document.",Released
20161117,CVE-2016-9372,,5.9,1010807,wireshark,https://www.suse.com/security/cve/CVE-2016-9372,"In Wireshark 2.2.0 to 2.2.1, the Profinet I/O dissector could loop excessively, triggered by network traffic or a capture file. This was addressed in plugins/profinet/packet-pn-rtc-one.c by rejecting input with too many I/O objects.",Released
20161117,CVE-2016-9373,,5.9,1010754,wireshark,https://www.suse.com/security/cve/CVE-2016-9373,"In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the DCERPC dissector could crash with a use-after-free, triggered by network traffic or a capture file. This was addressed in epan/dissectors/packet-dcerpc-nt.c and epan/dissectors/packet-dcerpc-spoolss.c by using the wmem file scope for private strings.",Released
20161117,CVE-2016-9374,,5.9,1010752,wireshark,https://www.suse.com/security/cve/CVE-2016-9374,"In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the AllJoyn dissector could crash with a buffer over-read, triggered by network traffic or a capture file. This was addressed in epan/dissectors/packet-alljoyn.c by ensuring that a length variable properly tracked the state of a signature variable.",Released
20161117,CVE-2016-9375,,5.9,1010740,wireshark,https://www.suse.com/security/cve/CVE-2016-9375,"In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the DTN dissector could go into an infinite loop, triggered by network traffic or a capture file. This was addressed in epan/dissectors/packet-dtn.c by checking whether SDNV evaluation was successful.",Released
20161117,CVE-2016-9376,,5.9,1010735,wireshark,https://www.suse.com/security/cve/CVE-2016-9376,"In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the OpenFlow dissector could crash with memory exhaustion, triggered by network traffic or a capture file. This was addressed in epan/dissectors/packet-openflow_v5.c by ensuring that certain length values were sufficiently large.",Released
20161117,CVE-2016-9379,,7.9,1009111,xen,https://www.suse.com/security/cve/CVE-2016-9379,"The pygrub boot loader emulator in Xen, when S-expression output format is requested, allows local pygrub-using guest OS administrators to read or delete arbitrary files on the host via string quotes and S-expressions in the bootloader configuration file.",Released
20161117,CVE-2016-9380,,7.5,1009111,xen,https://www.suse.com/security/cve/CVE-2016-9380,"The pygrub boot loader emulator in Xen, when nul-delimited output format is requested, allows local pygrub-using guest OS administrators to read or delete arbitrary files on the host via NUL bytes in the bootloader configuration file.",Released
20161117,CVE-2016-9381,7.5,7.5,1009109,xen,https://www.suse.com/security/cve/CVE-2016-9381,"Race condition in QEMU in Xen allows local x86 HVM guest OS administrators to gain privileges by changing certain data on shared rings, aka a \"double fetch\" vulnerability.",Released
20161117,CVE-2016-9382,,7.8,1009103,xen,https://www.suse.com/security/cve/CVE-2016-9382,"Xen 4.0.x through 4.7.x mishandle x86 task switches to VM86 mode, which allows local 32-bit x86 HVM guest OS users to gain privileges or cause a denial of service (guest OS crash) by leveraging a guest operating system that uses hardware task switching and allows a new task to start in VM86 mode.",Released
20161117,CVE-2016-9383,,8.8,1009107,xen,https://www.suse.com/security/cve/CVE-2016-9383,"Xen, when running on a 64-bit hypervisor, allows local x86 guest OS users to modify arbitrary memory and consequently obtain sensitive information, cause a denial of service (host crash), or execute arbitrary code on the host by leveraging broken emulation of bit test instructions.",Released
20161117,CVE-2016-9385,,6,1009104,xen,https://www.suse.com/security/cve/CVE-2016-9385,"The x86 segment base write emulation functionality in Xen 4.4.x through 4.7.x allows local x86 PV guest OS administrators to cause a denial of service (host crash) by leveraging lack of canonical address checks.",Released
20161117,CVE-2016-9386,,7.8,1009100,xen,https://www.suse.com/security/cve/CVE-2016-9386,"The x86 emulator in Xen does not properly treat x86 NULL segments as unusable when accessing memory, which might allow local HVM guest users to gain privileges via vectors involving \"unexpected\" base/limit values.",Released
20161117,CVE-2016-9390,5.5,5.5,1010774,jasper,https://www.suse.com/security/cve/CVE-2016-9390,"The jas_seq2d_create function in jas_seq.c in JasPer before 1.900.14 allows remote attackers to cause a denial of service (assertion failure) via a crafted image file.",Released
20161117,CVE-2016-9391,5.5,7.5,1010782,jasper,https://www.suse.com/security/cve/CVE-2016-9391,"The jpc_bitstream_getbits function in jpc_bs.c in JasPer before 2.0.10 allows remote attackers to cause a denial of service (assertion failure) via a very large integer.",Released
20161117,CVE-2016-9392,,5.5,1010757,jasper,https://www.suse.com/security/cve/CVE-2016-9392,"The calcstepsizes function in jpc_dec.c in JasPer before 1.900.17 allows remote attackers to cause a denial of service (assertion failure) via a crafted file.",Released
20161117,CVE-2016-9393,,5.5,1010757,jasper,https://www.suse.com/security/cve/CVE-2016-9393,"The jpc_pi_nextrpcl function in jpc_t2cod.c in JasPer before 1.900.17 allows remote attackers to cause a denial of service (assertion failure) via a crafted file.",Released
20161117,CVE-2016-9394,5.5,5.5,1010756,jasper,https://www.suse.com/security/cve/CVE-2016-9394,"The jas_seq2d_create function in jas_seq.c in JasPer before 1.900.17 allows remote attackers to cause a denial of service (assertion failure) via a crafted file.",Released
20161117,CVE-2016-9396,3.3,7.5,1010783,jasper,https://www.suse.com/security/cve/CVE-2016-9396,"The JPC_NOMINALGAIN function in jpc/jpc_t1cod.c in JasPer through 2.0.12 allows remote attackers to cause a denial of service (JPC_COX_RFT assertion failure) via unspecified vectors.",Released
20161117,CVE-2016-9397,3.3,7.5,1010786,ghostscript-library,https://www.suse.com/security/cve/CVE-2016-9397,"The jpc_dequantize function in jpc_dec.c in JasPer 1.900.13 allows remote attackers to cause a denial of service (assertion failure) via unspecified vectors.",Ignore
20161117,CVE-2016-9397,3.3,7.5,1010786,jasper,https://www.suse.com/security/cve/CVE-2016-9397,"The jpc_dequantize function in jpc_dec.c in JasPer 1.900.13 allows remote attackers to cause a denial of service (assertion failure) via unspecified vectors.",Released
20161118,CVE-2016-8649,,9.1,1010933,kernel-source,https://www.suse.com/security/cve/CVE-2016-8649,"lxc-attach in LXC before 1.0.9 and 2.x before 2.0.6 allows an attacker inside of an unprivileged container to use an inherited file descriptor, of the host's /proc, to access the rest of the host's filesystem via the openat() family of syscalls.",Analysis
20161118,CVE-2016-9387,2.5,7.8,1010960,ghostscript-library,https://www.suse.com/security/cve/CVE-2016-9387,"Integer overflow in the jpc_dec_process_siz function in libjasper/jpc/jpc_dec.c in JasPer before 1.900.13 allows remote attackers to have unspecified impact via a crafted file, which triggers an assertion failure.",Ignore
20161118,CVE-2016-9388,5.5,5.5,1010975,jasper,https://www.suse.com/security/cve/CVE-2016-9388,"The ras_getcmap function in ras_dec.c in JasPer before 1.900.14 allows remote attackers to cause a denial of service (assertion failure) via a crafted image file.",Released
20161118,CVE-2016-9389,5.5,7.5,1010968,jasper,https://www.suse.com/security/cve/CVE-2016-9389,"The jpc_irct and jpc_iict functions in jpc_mct.c in JasPer before 1.900.14 allow remote attackers to cause a denial of service (assertion failure).",Released
20161118,CVE-2016-9395,,5.5,1010977,ghostscript-library,https://www.suse.com/security/cve/CVE-2016-9395,"The jas_seq2d_create function in jas_seq.c in JasPer before 1.900.25 allows remote attackers to cause a denial of service (assertion failure) via a crafted file.",Ignore
20161118,CVE-2016-9395,,5.5,1010977,jasper,https://www.suse.com/security/cve/CVE-2016-9395,"The jas_seq2d_create function in jas_seq.c in JasPer before 1.900.25 allows remote attackers to cause a denial of service (assertion failure) via a crafted file.",Released
20161118,CVE-2016-9399,5.5,7.5,1010980,jasper,https://www.suse.com/security/cve/CVE-2016-9399,"The calcstepsizes function in jpc_dec.c in JasPer 1.900.22 allows remote attackers to cause a denial of service (assertion failure) via unspecified vectors.",Released
20161118,CVE-2016-9401,,5.5,1010845,bash,https://www.suse.com/security/cve/CVE-2016-9401,"popd in bash might allow local users to bypass the restricted shell and cause a use-after-free via a crafted address.",Released
20161119,CVE-2016-9448,,7.5,1010161,tiff,https://www.suse.com/security/cve/CVE-2016-9448,"The TIFFFetchNormalTag function in LibTiff 4.0.6 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) by setting the tags TIFF_SETGET_C16ASCII or TIFF_SETGET_C32_ASCII to values that access 0-byte arrays.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-9297.",Ignore
20161119,CVE-2016-9453,7.8,7.8,1007280,tiff,https://www.suse.com/security/cve/CVE-2016-9453,"The t2p_readwrite_pdf_image_tile function in LibTIFF allows remote attackers to cause a denial of service (out-of-bounds write and crash) or possibly execute arbitrary code via a JPEG file with a TIFFTAG_JPEGTABLES of length one.",Released
20161121,CVE-2016-7426,,5.3,1011406,ntp,https://www.suse.com/security/cve/CVE-2016-7426,"NTP before 4.2.8p9 rate limits responses received from the configured sources when rate limiting for all associations is enabled, which allows remote attackers to cause a denial of service (prevent responses from the sources) by sending responses with a spoofed source address.",Released
20161121,CVE-2016-7427,,4.3,1011390,ntp,https://www.suse.com/security/cve/CVE-2016-7427,"The broadcast mode replay prevention functionality in ntpd in NTP before 4.2.8p9 allows remote attackers to cause a denial of service (reject broadcast mode packets) via a crafted broadcast mode packet.",Released
20161121,CVE-2016-7428,,4.3,1011417,ntp,https://www.suse.com/security/cve/CVE-2016-7428,"ntpd in NTP before 4.2.8p9 allows remote attackers to cause a denial of service (reject broadcast mode packets) via the poll interval in a broadcast packet.",Released
20161121,CVE-2016-7429,,3.7,1011404,ntp,https://www.suse.com/security/cve/CVE-2016-7429,"NTP before 4.2.8p9 changes the peer structure to the interface it receives the response from a source, which allows remote attackers to cause a denial of service (prevent communication with a source) by sending a response for a source to an interface the source does not use.",Released
20161121,CVE-2016-7431,,5.3,1011395,ntp,https://www.suse.com/security/cve/CVE-2016-7431,"NTP before 4.2.8p9 allows remote attackers to bypass the origin timestamp protection mechanism via an origin timestamp of zero.  NOTE: this vulnerability exists because of a CVE-2015-8138 regression.",Released
20161121,CVE-2016-7433,,5.3,1011411,ntp,https://www.suse.com/security/cve/CVE-2016-7433,"NTP before 4.2.8p9 does not properly perform the initial sync calculations, which allows remote attackers to unspecified impact via unknown vectors, related to a \"root distance that did not include the peer dispersion.\"",Released
20161121,CVE-2016-7434,,7.5,1011398,ntp,https://www.suse.com/security/cve/CVE-2016-7434,"The read_mru_list function in NTP before 4.2.8p9 allows remote attackers to cause a denial of service (crash) via a crafted mrulist query.",Released
20161121,CVE-2016-9310,,6.5,1011377,ntp,https://www.suse.com/security/cve/CVE-2016-9310,"The control mode (mode 6) functionality in ntpd in NTP before 4.2.8p9 allows remote attackers to set or unset traps via a crafted control mode packet.",Released
20161121,CVE-2016-9311,,5.9,1011377,ntp,https://www.suse.com/security/cve/CVE-2016-9311,"ntpd in NTP before 4.2.8p9, when the trap service is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted packet.",Released
20161121,CVE-2016-9422,,8.8,1011269,w3m,https://www.suse.com/security/cve/CVE-2016-9422,"An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. The feed_table_tag function in w3m doesn't properly validate the value of table span, which allows remote attackers to cause a denial of service (stack and/or heap buffer overflow) and possibly execute arbitrary code via a crafted HTML page.",Released
20161121,CVE-2016-9423,,8.8,1011270,w3m,https://www.suse.com/security/cve/CVE-2016-9423,"An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. Heap-based buffer overflow in w3m allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted HTML page.",Released
20161121,CVE-2016-9424,,8.8,1011271,w3m,https://www.suse.com/security/cve/CVE-2016-9424,"An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m doesn't properly validate the value of tag attribute, which allows remote attackers to cause a denial of service (heap buffer overflow crash) and possibly execute arbitrary code via a crafted HTML page.",Released
20161121,CVE-2016-9425,,8.8,1011272,w3m,https://www.suse.com/security/cve/CVE-2016-9425,"An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. Heap-based buffer overflow in the addMultirowsForm function in w3m allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted HTML page.",Released
20161121,CVE-2016-9426,,8.8,1011275,w3m,https://www.suse.com/security/cve/CVE-2016-9426,"An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. Integer overflow vulnerability in the renderTable function in w3m allows remote attackers to cause a denial of service (OOM) and possibly execute arbitrary code due to bdwgc's bug (CVE-2016-9427) via a crafted HTML page.",Already fixed
20161121,CVE-2016-9428,,8.8,1011277,w3m,https://www.suse.com/security/cve/CVE-2016-9428,"An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. Heap-based buffer overflow in the addMultirowsForm function in w3m allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted HTML page.",Already fixed
20161121,CVE-2016-9429,,8.8,1011278,w3m,https://www.suse.com/security/cve/CVE-2016-9429,"An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. Buffer overflow in the formUpdateBuffer function in w3m allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted HTML page.",Already fixed
20161121,CVE-2016-9430,,6.5,1011279,w3m,https://www.suse.com/security/cve/CVE-2016-9430,"An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page.",Already fixed
20161121,CVE-2016-9431,,6.5,1011280,w3m,https://www.suse.com/security/cve/CVE-2016-9431,"An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. Infinite recursion vulnerability in w3m allows remote attackers to cause a denial of service via a crafted HTML page.",Already fixed
20161121,CVE-2016-9432,,6.5,1011281,w3m,https://www.suse.com/security/cve/CVE-2016-9432,"An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause a denial of service (memory corruption, segmentation fault, and crash) via a crafted HTML page.",Already fixed
20161121,CVE-2016-9433,,6.5,1011282,w3m,https://www.suse.com/security/cve/CVE-2016-9433,"An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause a denial of service (out-of-bounds array access) via a crafted HTML page.",Already fixed
20161121,CVE-2016-9434,,6.5,1011283,w3m,https://www.suse.com/security/cve/CVE-2016-9434,"An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page.",Released
20161121,CVE-2016-9435,,6.5,1011284,w3m,https://www.suse.com/security/cve/CVE-2016-9435,"The HTMLtagproc1 function in file.c in w3m before 0.5.3+git20161009 does not properly initialize values, which allows remote attackers to crash the application via a crafted html file, related to <dd> tags.",Released
20161121,CVE-2016-9436,,6.5,1011285,w3m,https://www.suse.com/security/cve/CVE-2016-9436,"parsetagx.c in w3m before 0.5.3+git20161009 does not properly initialize values, which allows remote attackers to crash the application via a crafted html file, related to a <i> tag.",Released
20161121,CVE-2016-9437,,6.5,1011286,w3m,https://www.suse.com/security/cve/CVE-2016-9437,"An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) and possibly memory corruption via a crafted HTML page.",Released
20161121,CVE-2016-9438,,6.5,1011287,w3m,https://www.suse.com/security/cve/CVE-2016-9438,"An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page.",Released
20161121,CVE-2016-9439,,6.5,1011288,w3m,https://www.suse.com/security/cve/CVE-2016-9439,"An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. Infinite recursion vulnerability in w3m allows remote attackers to cause a denial of service via a crafted HTML page.",Released
20161121,CVE-2016-9440,,6.5,1011289,w3m,https://www.suse.com/security/cve/CVE-2016-9440,"An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page.",Released
20161121,CVE-2016-9441,,6.5,1011290,w3m,https://www.suse.com/security/cve/CVE-2016-9441,"An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page.",Released
20161121,CVE-2016-9442,,6.5,1011291,w3m,https://www.suse.com/security/cve/CVE-2016-9442,"An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause memory corruption in certain conditions via a crafted HTML page.",Released
20161121,CVE-2016-9443,,6.5,1011292,w3m,https://www.suse.com/security/cve/CVE-2016-9443,"An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page.",Released
20161122,CVE-2016-8641,,6.7,1011630,nagios,https://www.suse.com/security/cve/CVE-2016-8641,"A privilege escalation vulnerability was found in nagios 4.2.x that occurs in daemon-init.in when creating necessary files and insecurely changing the ownership afterwards. It's possible for the local attacker to create symbolic links before the files are to be created and possibly escalating the privileges with the ownership change.",Released
20161122,CVE-2016-9555,5.9,9.8,1011685,kernel-source,https://www.suse.com/security/cve/CVE-2016-9555,"The sctp_sf_ootb function in net/sctp/sm_statefuns.c in the Linux kernel before 4.8.8 lacks chunk-length checking for the first chunk, which allows remote attackers to cause a denial of service (out-of-bounds slab access) or possibly have unspecified other impact via crafted SCTP data.",Released
20161123,CVE-2016-6816,,7.1,1011812,tomcat6,https://www.suse.com/security/cve/CVE-2016-6816,"The code in Apache Tomcat 9.0.0.M1 to 9.0.0.M11, 8.5.0 to 8.5.6, 8.0.0.RC1 to 8.0.38, 7.0.0 to 7.0.72, and 6.0.0 to 6.0.47 that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack and/or obtain sensitive information from requests other then their own.",Released
20161123,CVE-2016-6817,,7.5,1011808,tomcat6,https://www.suse.com/security/cve/CVE-2016-6817,"The HTTP/2 header parser in Apache Tomcat 9.0.0.M1 to 9.0.0.M11 and 8.5.0 to 8.5.6 entered an infinite loop if a header was received that was larger than the available buffer. This made a denial of service attack possible.",Analysis
20161123,CVE-2016-8650,8.8,5.5,1011820,kernel-source,https://www.suse.com/security/cve/CVE-2016-8650,"The mpi_powm function in lib/mpi/mpi-pow.c in the Linux kernel through 4.8.11 does not ensure that memory is allocated for limb data, which allows local users to cause a denial of service (stack memory corruption and panic) via an add_key system call for an RSA key with a zero exponent.",Released
20161123,CVE-2016-8735,,9.8,1011805,tomcat6,https://www.suse.com/security/cve/CVE-2016-8735,"Remote code execution is possible with Apache Tomcat before 6.0.48, 7.x before 7.0.73, 8.x before 8.0.39, 8.5.x before 8.5.7, and 9.x before 9.0.0.M12 if JmxRemoteLifecycleListener is used and an attacker can reach JMX ports. The issue exists because this listener wasn't updated for consistency with the CVE-2016-3427 Oracle patch that affected credential types.",Released
20161123,CVE-2016-9533,,9.8,1011849,tiff,https://www.suse.com/security/cve/CVE-2016-9533,"tif_pixarlog.c in libtiff 4.0.6 has out-of-bounds write vulnerabilities in heap allocated buffers. Reported as MSVR 35094, aka \"PixarLog horizontalDifference heap-buffer-overflow.\"",Already fixed
20161123,CVE-2016-9534,,9.8,1011847,tiff,https://www.suse.com/security/cve/CVE-2016-9534,"tif_write.c in libtiff 4.0.6 has an issue in the error code path of TIFFFlushData1() that didn't reset the tif_rawcc and tif_rawcp members. Reported as MSVR 35095, aka \"TIFFFlushData1 heap-buffer-overflow.\"",Already fixed
20161123,CVE-2016-9535,,9.8,1011846,tiff,https://www.suse.com/security/cve/CVE-2016-9535,"tif_predict.h and tif_predict.c in libtiff 4.0.6 have assertions that can lead to assertion failures in debug mode, or buffer overflows in release mode, when dealing with unusual tile size like YCbCr with subsampling. Reported as MSVR 35105, aka \"Predictor heap-buffer-overflow.\"",Released
20161123,CVE-2016-9536,,9.8,1011845,tiff,https://www.suse.com/security/cve/CVE-2016-9536,"tools/tiff2pdf.c in libtiff 4.0.6 has out-of-bounds write vulnerabilities in heap allocated buffers in t2p_process_jpeg_strip(). Reported as MSVR 35098, aka \"t2p_process_jpeg_strip heap-buffer-overflow.\"",Released
20161123,CVE-2016-9538,,9.8,1004519,tiff,https://www.suse.com/security/cve/CVE-2016-9538,"tools/tiffcrop.c in libtiff 4.0.6 reads an undefined buffer in readContigStripsIntoBuffer() because of a uint16 integer overflow. Reported as MSVR 35100.",Ignore
20161123,CVE-2016-9540,,9.8,1011839,tiff,https://www.suse.com/security/cve/CVE-2016-9540,"tools/tiffcp.c in libtiff 4.0.6 has an out-of-bounds write on tiled images with odd tile width versus image width. Reported as MSVR 35103, aka \"cpStripToTile heap-buffer-overflow.\"",Released
20161123,CVE-2016-9556,,5.5,1011130,ImageMagick,https://www.suse.com/security/cve/CVE-2016-9556,"The IsPixelGray function in MagickCore/pixel-accessor.h in ImageMagick 7.0.3-8 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted image file.",Released
20161123,CVE-2016-9557,,5.5,1010786,jasper,https://www.suse.com/security/cve/CVE-2016-9557,"Integer overflow in jas_image.c in JasPer before 1.900.25 allows remote attackers to cause a denial of service (application crash) via a crafted file.",Released
20161123,CVE-2016-9559,,6.5,1011136,ImageMagick,https://www.suse.com/security/cve/CVE-2016-9559,"coders/tiff.c in ImageMagick before 7.0.3.7 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted image.",Released
20161123,CVE-2016-9560,7.8,7.8,1011830,jasper,https://www.suse.com/security/cve/CVE-2016-9560,"Stack-based buffer overflow in the jpc_tsfb_getbands2 function in jpc_tsfb.c in JasPer before 1.900.30 allows remote attackers to have unspecified impact via a crafted image.",Released
20161124,CVE-2016-9621,-1,-1,1011278,w3m,https://www.suse.com/security/cve/CVE-2016-9621,"** REJECT **  DO NOT USE THIS CANDIDATE NUMBER.  ConsultIDs: CVE-2016-9429.  Reason: This candidate is a reservation duplicate of CVE-2016-9429.  Notes: All CVE users should reference CVE-2016-9429 instead of this candidate.  All references and descriptions in this candidate have been removed to prevent accidental usage.",Released
20161124,CVE-2016-9622,,6.5,1011293,w3m,https://www.suse.com/security/cve/CVE-2016-9622,"An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page.",Released
20161124,CVE-2016-9623,,6.5,1011293,w3m,https://www.suse.com/security/cve/CVE-2016-9623,"An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page.",Released
20161124,CVE-2016-9624,,6.5,1011293,w3m,https://www.suse.com/security/cve/CVE-2016-9624,"An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page.",Released
20161124,CVE-2016-9625,,6.5,1011293,w3m,https://www.suse.com/security/cve/CVE-2016-9625,"An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. Infinite recursion vulnerability in w3m allows remote attackers to cause a denial of service via a crafted HTML page.",Released
20161124,CVE-2016-9626,,6.5,1011293,w3m,https://www.suse.com/security/cve/CVE-2016-9626,"An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. Infinite recursion vulnerability in w3m allows remote attackers to cause a denial of service via a crafted HTML page.",Released
20161124,CVE-2016-9627,,6.5,1011293,w3m,https://www.suse.com/security/cve/CVE-2016-9627,"An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (heap buffer overflow and crash) via a crafted HTML page.",Released
20161124,CVE-2016-9628,,6.5,1011293,w3m,https://www.suse.com/security/cve/CVE-2016-9628,"An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page.",Released
20161124,CVE-2016-9629,,6.5,1011293,w3m,https://www.suse.com/security/cve/CVE-2016-9629,"An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page.",Released
20161124,CVE-2016-9630,,6.5,1011293,w3m,https://www.suse.com/security/cve/CVE-2016-9630,"An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (global buffer overflow and crash) via a crafted HTML page.",Released
20161124,CVE-2016-9631,,6.5,1011293,w3m,https://www.suse.com/security/cve/CVE-2016-9631,"An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page.",Released
20161124,CVE-2016-9632,,6.5,1011293,w3m,https://www.suse.com/security/cve/CVE-2016-9632,"An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (global buffer overflow and crash) via a crafted HTML page.",Released
20161124,CVE-2016-9633,,6.5,1011293,w3m,https://www.suse.com/security/cve/CVE-2016-9633,"An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (infinite loop and resource consumption) via a crafted HTML page.",Released
20161124,CVE-2016-9634,,9.8,1012102,gstreamer-0_10-plugins-good,https://www.suse.com/security/cve/CVE-2016-9634,"Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer before 1.10.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via the start_line parameter.",Released
20161124,CVE-2016-9635,,9.8,1012102,gstreamer-0_10-plugins-good,https://www.suse.com/security/cve/CVE-2016-9635,"Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer before 1.10.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by providing a 'skip count' that goes beyond initialized buffer.",Released
20161124,CVE-2016-9636,,9.8,1012102,gstreamer-0_10-plugins-good,https://www.suse.com/security/cve/CVE-2016-9636,"Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer before 1.10.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by providing a 'write count' that goes beyond the initialized buffer.",Released
20161124,CVE-2016-9637,,7.5,1011652,xen,https://www.suse.com/security/cve/CVE-2016-9637,"The (1) ioport_read and (2) ioport_write functions in Xen, when qemu is used as a device model within Xen, might allow local x86 HVM guest OS administrators to gain qemu process privileges via vectors involving an out-of-range ioport access.",Released
20161125,CVE-2014-9911,,9.8,1012224,icu,https://www.suse.com/security/cve/CVE-2014-9911,"Stack-based buffer overflow in the ures_getByKeyWithFallback function in common/uresbund.cpp in International Components for Unicode (ICU) before 54.1 for C/C++ allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted uloc_getDisplayName call.",Released
20161125,CVE-2014-9912,,,1012224,php53,https://www.suse.com/security/cve/CVE-2014-9912,"The get_icu_disp_value_src_php function in ext/intl/locale/locale_methods.c in PHP before 5.3.29, 5.4.x before 5.4.30, and 5.5.x before 5.5.14 does not properly restrict calls to the ICU uresbund.cpp component, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a locale_get_display_name call with a long first argument.",Released
20161129,CVE-2016-1251,,8.1,1012546,perl-DBD-mysql,https://www.suse.com/security/cve/CVE-2016-1251,"There is a vulnerability of type use-after-free affecting DBD::mysql (aka DBD-mysql or the Database Interface (DBI) MySQL driver for Perl) 3.x and 4.x before 4.041 when used with mysql_server_prepare=1.",Released
20161129,CVE-2016-8654,7.8,7.8,1012530,jasper,https://www.suse.com/security/cve/CVE-2016-8654,"A heap-buffer overflow vulnerability was found in QMFB code in JPC codec caused by buffer being allocated with too small size. jasper versions before 2.0.0 are affected.",Released
20161130,CVE-2016-9685,,5.5,1012832,kernel-source,https://www.suse.com/security/cve/CVE-2016-9685,"Multiple memory leaks in error paths in fs/xfs/xfs_attr_list.c in the Linux kernel before 4.5.1 allow local users to cause a denial of service (memory consumption) via crafted XFS filesystem operations.",Released
20161201,CVE-2016-9755,,7.8,1013060,kernel-source,https://www.suse.com/security/cve/CVE-2016-9755,"The netfilter subsystem in the Linux kernel before 4.9 mishandles IPv6 reassembly, which allows local users to cause a denial of service (integer overflow, out-of-bounds write, and GPF) or possibly have unspecified other impact via a crafted application that makes socket, connect, and writev system calls, related to net/ipv6/netfilter/nf_conntrack_reasm.c and net/ipv6/netfilter/nf_defrag_ipv6_hooks.c.",Analysis
20161201,CVE-2016-9756,4.1,5.5,1013038,kernel-source,https://www.suse.com/security/cve/CVE-2016-9756,"arch/x86/kvm/emulate.c in the Linux kernel before 4.8.12 does not properly initialize Code Segment (CS) in certain error cases, which allows local users to obtain sensitive information from kernel stack memory via a crafted application.",Released
20161202,CVE-2016-9773,,5.5,1011130,ImageMagick,https://www.suse.com/security/cve/CVE-2016-9773,"Heap-based buffer overflow in the IsPixelGray function in MagickCore/pixel-accessor.h in ImageMagick 7.0.3.8 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted image file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-9556.",Released
20161202,CVE-2016-9776,3,5.5,1013285,kvm,https://www.suse.com/security/cve/CVE-2016-9776,"QEMU (aka Quick Emulator) built with the ColdFire Fast Ethernet Controller emulator support is vulnerable to an infinite loop issue. It could occur while receiving packets in 'mcf_fec_receive'. A privileged user/process inside guest could use this issue to crash the QEMU process on the host leading to DoS.",Released
20161202,CVE-2016-9776,3,5.5,1013285,xen,https://www.suse.com/security/cve/CVE-2016-9776,"QEMU (aka Quick Emulator) built with the ColdFire Fast Ethernet Controller emulator support is vulnerable to an infinite loop issue. It could occur while receiving packets in 'mcf_fec_receive'. A privileged user/process inside guest could use this issue to crash the QEMU process on the host leading to DoS.",Released
20161202,CVE-2016-9777,,7.8,1013283,kernel-source,https://www.suse.com/security/cve/CVE-2016-9777,"KVM in the Linux kernel before 4.8.12, when I/O APIC is enabled, does not properly restrict the VCPU index, which allows guest OS users to gain host OS privileges or cause a denial of service (out-of-bounds array access and host OS crash) via a crafted interrupt request, related to arch/x86/kvm/ioapic.c and arch/x86/kvm/ioapic.h.",Analysis
20161203,CVE-2012-6704,6.7,7.8,1013531,kernel-source,https://www.suse.com/security/cve/CVE-2012-6704,"The sock_setsockopt function in net/core/sock.c in the Linux kernel before 3.5 mishandles negative values of sk_sndbuf and sk_rcvbuf, which allows local users to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact by leveraging the CAP_NET_ADMIN capability for a crafted setsockopt system call with the (1) SO_SNDBUF or (2) SO_RCVBUF option.",Released
20161203,CVE-2016-9793,,7.8,1013531,kernel-source,https://www.suse.com/security/cve/CVE-2016-9793,"The sock_setsockopt function in net/core/sock.c in the Linux kernel before 4.8.14 mishandles negative values of sk_sndbuf and sk_rcvbuf, which allows local users to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact by leveraging the CAP_NET_ADMIN capability for a crafted setsockopt system call with the (1) SO_SNDBUFFORCE or (2) SO_RCVBUFFORCE option.",Released
20161203,CVE-2016-9794,7,7.8,1013533,kernel-source,https://www.suse.com/security/cve/CVE-2016-9794,"Race condition in the snd_pcm_period_elapsed function in sound/core/pcm_lib.c in the ALSA subsystem in the Linux kernel before 4.7 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted SNDRV_PCM_TRIGGER_START command.",Released
20161205,CVE-2016-9807,,5.5,1013655,gstreamer-0_10-plugins-good,https://www.suse.com/security/cve/CVE-2016-9807,"The flx_decode_chunks function in gst/flx/gstflxdec.c in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (invalid memory read and crash) via a crafted FLIC file.",Released
20161205,CVE-2016-9808,,7.5,1012102,gstreamer-0_10-plugins-good,https://www.suse.com/security/cve/CVE-2016-9808,"The FLIC decoder in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (out-of-bounds write and crash) via a crafted series of skip and count pairs.",Released
20161205,CVE-2016-9810,,5.5,1013663,gstreamer-0_10-plugins-good,https://www.suse.com/security/cve/CVE-2016-9810,"The gst_decode_chain_free_internal function in the flxdex decoder in gst-plugins-good in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (invalid memory read and crash) via an invalid file, which triggers an incorrect unref call.",Released
20161205,CVE-2016-9811,,4.7,1013669,gstreamer-0_10-plugins-base,https://www.suse.com/security/cve/CVE-2016-9811,"The windows_icon_typefind function in gst-plugins-base in GStreamer before 1.10.2, when G_SLICE is set to always-malloc, allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted ico file.",Released
20161205,CVE-2016-9830,,5.5,1013640,ImageMagick,https://www.suse.com/security/cve/CVE-2016-9830,"The MagickRealloc function in memory.c in Graphicsmagick 1.3.25 allows remote attackers to cause a denial of service (crash) via large dimensions in a jpeg image.",Affected
20161205,CVE-2016-9845,,6.5,1013767,xen,https://www.suse.com/security/cve/CVE-2016-9845,"QEMU (aka Quick Emulator) built with the Virtio GPU Device emulator support is vulnerable to an information leakage issue. It could occur while processing 'VIRTIO_GPU_CMD_GET_CAPSET_INFO' command. A guest user/process could use this flaw to leak contents of the host memory bytes.",Ignore
20161205,CVE-2016-9846,,6.5,1013764,xen,https://www.suse.com/security/cve/CVE-2016-9846,"QEMU (aka Quick Emulator) built with the Virtio GPU Device emulator support is vulnerable to a memory leakage issue. It could occur while updating the cursor data in update_cursor_data_virgl. A guest user/process could use this flaw to leak host memory bytes, resulting in DoS for a host.",Ignore
20161206,CVE-2014-9913,,4,1013993,unzip,https://www.suse.com/security/cve/CVE-2014-9913,"Buffer overflow in the list_files function in list.c in Info-Zip UnZip 6.0 allows remote attackers to cause a denial of service (crash) via vectors related to the compression method.",Released
20161206,CVE-2016-9840,,8.8,1003579,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2016-9840,"inftrees.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.",Released
20161206,CVE-2016-9840,,8.8,1003579,zlib,https://www.suse.com/security/cve/CVE-2016-9840,"inftrees.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.",Released
20161206,CVE-2016-9841,,9.8,1003579,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2016-9841,"inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.",Released
20161206,CVE-2016-9841,,9.8,1003579,zlib,https://www.suse.com/security/cve/CVE-2016-9841,"inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.",Released
20161206,CVE-2016-9842,,8.8,1003580,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2016-9842,"The inflateMark function in inflate.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving left shifts of negative integers.",Released
20161206,CVE-2016-9842,,8.8,1003580,zlib,https://www.suse.com/security/cve/CVE-2016-9842,"The inflateMark function in inflate.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving left shifts of negative integers.",Released
20161206,CVE-2016-9843,,9.8,1003580,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2016-9843,"The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving big-endian CRC calculation.",Released
20161206,CVE-2016-9843,,9.8,1003580,zlib,https://www.suse.com/security/cve/CVE-2016-9843,"The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving big-endian CRC calculation.",Released
20161206,CVE-2016-9844,,4,1013992,unzip,https://www.suse.com/security/cve/CVE-2016-9844,"Buffer overflow in the zi_short function in zipinfo.c in Info-Zip UnZip 6.0 allows remote attackers to cause a denial of service (crash) via a large compression method value in the central directory file header.",Released
20161207,CVE-2016-8707,,7.8,1014159,ImageMagick,https://www.suse.com/security/cve/CVE-2016-8707,"An exploitable out of bounds write exists in the handling of compressed TIFF images in ImageMagicks's convert utility. A crafted TIFF document can lead to an out of bounds write which in particular circumstances could be leveraged into remote code execution. The vulnerability can be triggered through any user controlled TIFF that is handled by this functionality.",Released
20161208,CVE-2015-8870,,,1014461,tiff,https://www.suse.com/security/cve/CVE-2015-8870,"Integer overflow in tools/bmp2tiff.c in LibTIFF before 4.0.4 allows remote attackers to cause a denial of service (heap-based buffer over-read), or possibly obtain sensitive information from process memory, via crafted width and length values in RLE4 or RLE8 data in a BMP file.",Released
20161208,CVE-2016-2124,6.8,5.9,1014440,samba,https://www.suse.com/security/cve/CVE-2016-2124,"A flaw was found in the way samba implemented SMB1 authentication. An attacker could use this flaw to retrieve the plaintext password sent over the wire even if Kerberos authentication was required.",Released
20161208,CVE-2016-2125,,6.5,1014441,samba,https://www.suse.com/security/cve/CVE-2016-2125,"It was found that Samba before versions 4.5.3, 4.4.8, 4.3.13 always requested forwardable tickets when using Kerberos authentication. A service to which Samba authenticated using Kerberos could subsequently use the ticket to impersonate Samba to other services or domain users.",Released
20161208,CVE-2016-2126,,6.5,1014442,samba,https://www.suse.com/security/cve/CVE-2016-2126,"Samba version 4.0.0 up to 4.5.2 is vulnerable to privilege elevation due to incorrect handling of the PAC (Privilege Attribute Certificate) checksum. A remote, authenticated, attacker can cause the winbindd process to crash using a legitimate Kerberos ticket. A local service with access to the winbindd privileged pipe can cause winbindd to cache elevated access permissions.",Released
20161208,CVE-2016-9566,7.3,7.8,1014637,nagios,https://www.suse.com/security/cve/CVE-2016-9566,"base/logging.c in Nagios Core before 4.2.4 allows local users with access to an account in the nagios group to gain root privileges via a symlink attack on the log file.  NOTE: this can be leveraged by remote attackers using CVE-2016-9565.",Released
20161208,CVE-2016-9907,,6.5,1014109,kvm,https://www.suse.com/security/cve/CVE-2016-9907,"Quick Emulator (Qemu) built with the USB redirector usb-guest support is vulnerable to a memory leakage flaw. It could occur while destroying the USB redirector in 'usbredir_handle_destroy'. A guest user/process could use this issue to leak host memory, resulting in DoS for a host.",Released
20161208,CVE-2016-9911,,6.5,1014111,kvm,https://www.suse.com/security/cve/CVE-2016-9911,"Quick Emulator (Qemu) built with the USB EHCI Emulation support is vulnerable to a memory leakage issue. It could occur while processing packet data in 'ehci_init_transfer'. A guest user/process could use this issue to leak host memory, resulting in DoS for a host.",Released
20161209,CVE-2015-8966,,,1014754,kernel-source,https://www.suse.com/security/cve/CVE-2015-8966,"arch/arm/kernel/sys_oabi-compat.c in the Linux kernel before 4.4 allows local users to gain privileges via a crafted (1) F_OFD_GETLK, (2) F_OFD_SETLK, or (3) F_OFD_SETLKW command in an fcntl64 system call.",Analysis
20161209,CVE-2015-8967,,7.8,1014749,kernel-source,https://www.suse.com/security/cve/CVE-2015-8967,"arch/arm64/kernel/sys.c in the Linux kernel before 4.0 allows local users to bypass the \"strict page permissions\" protection mechanism and modify the system-call table, and consequently gain privileges, by leveraging write access.",Analysis
20161209,CVE-2016-8399,,7,1014746,kernel-source,https://www.suse.com/security/cve/CVE-2016-8399,"An elevation of privilege vulnerability in the kernel networking subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Moderate because it first requires compromising a privileged process and current compiler optimizations restrict access to the vulnerable code. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31349935.",Released
20161209,CVE-2016-9120,,7.8,1014747,kernel-source,https://www.suse.com/security/cve/CVE-2016-9120,"Race condition in the ion_ioctl function in drivers/staging/android/ion/ion.c in the Linux kernel before 4.6 allows local users to gain privileges or cause a denial of service (use-after-free) by calling ION_IOC_FREE on two CPUs at the same time.",Analysis
20161209,CVE-2016-9576,,7.8,1013604,kernel-source,https://www.suse.com/security/cve/CVE-2016-9576,"The blk_rq_map_user_iov function in block/blk-map.c in the Linux kernel before 4.8.14 does not properly restrict the type of iterator, which allows local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device.",Released
20161209,CVE-2016-9919,,7.5,1014701,kernel-source,https://www.suse.com/security/cve/CVE-2016-9919,"The icmp6_send function in net/ipv6/icmp.c in the Linux kernel through 4.8.12 omits a certain check of the dst data structure, which allows remote attackers to cause a denial of service (panic) via a fragmented IPv6 packet.",Ignore
20161209,CVE-2016-9921,,6.5,1014702,kvm,https://www.suse.com/security/cve/CVE-2016-9921,"Quick emulator (Qemu) built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to a divide by zero issue. It could occur while copying VGA data when cirrus graphics mode was set to be VGA. A privileged user inside guest could use this flaw to crash the Qemu process instance on the host, resulting in DoS.",Released
20161209,CVE-2016-9922,,5.5,1014702,kvm,https://www.suse.com/security/cve/CVE-2016-9922,"The cirrus_do_copy function in hw/display/cirrus_vga.c in QEMU (aka Quick Emulator), when cirrus graphics mode is VGA, allows local guest OS privileged users to cause a denial of service (divide-by-zero error and QEMU process crash) via vectors involving blit pitch values.",Released
20161209,CVE-2016-9923,,6.5,1014703,kvm,https://www.suse.com/security/cve/CVE-2016-9923,"Quick Emulator (Qemu) built with the 'chardev' backend support is vulnerable to a use after free issue. It could occur while hotplug and unplugging the device in the guest. A guest user/process could use this flaw to crash a Qemu process on the host resulting in DoS.",Ignore
20161209,CVE-2016-9923,,6.5,1014703,xen,https://www.suse.com/security/cve/CVE-2016-9923,"Quick Emulator (Qemu) built with the 'chardev' backend support is vulnerable to a use after free issue. It could occur while hotplug and unplugging the device in the guest. A guest user/process could use this flaw to crash a Qemu process on the host resulting in DoS.",Ignore
20161212,CVE-2016-6786,,7,1015160,kernel-source,https://www.suse.com/security/cve/CVE-2016-6786,"kernel/events/core.c in the performance subsystem in the Linux kernel before 4.0 mismanages locks during certain migrations, which allows local users to gain privileges via a crafted application, aka Android internal bug 30955111.",Ignore
20161212,CVE-2016-6787,,7,1015160,kernel-source,https://www.suse.com/security/cve/CVE-2016-6787,"kernel/events/core.c in the performance subsystem in the Linux kernel before 4.0 mismanages locks during certain migrations, which allows local users to gain privileges via a crafted application, aka Android internal bug 31095224.",Ignore
20161212,CVE-2016-8745,,7.5,1015119,tomcat6,https://www.suse.com/security/cve/CVE-2016-8745,"A bug in the error handling of the send file code for the NIO HTTP connector in Apache Tomcat 9.0.0.M1 to 9.0.0.M13, 8.5.0 to 8.5.8, 8.0.0.RC1 to 8.0.39, 7.0.0 to 7.0.73 and 6.0.16 to 6.0.48 resulted in the current Processor object being added to the Processor cache multiple times. This in turn meant that the same Processor could be used for concurrent requests. Sharing a Processor can result in information leakage between requests including, not not limited to, session ID and the response body. The bug was first noticed in 8.5.x onwards where it appears the refactoring of the Connector code for 8.5.x onwards made it more likely that the bug was observed. Initially it was thought that the 8.5.x refactoring introduced the bug but further investigation has shown that the bug is present in all currently supported Tomcat versions.",Released
20161212,CVE-2016-9917,,7.5,1015171,bluez,https://www.suse.com/security/cve/CVE-2016-9917,"In BlueZ 5.42, a buffer overflow was observed in \"read_n\" function in \"tools/hcidump.c\" source file. This issue can be triggered by processing a corrupted dump file and will result in hcidump crash.",Unsupported
20161212,CVE-2016-9933,,7.5,1015187,gd,https://www.suse.com/security/cve/CVE-2016-9933,"Stack consumption vulnerability in the gdImageFillToBorder function in gd.c in the GD Graphics Library (aka libgd) before 2.2.2, as used in PHP before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service (segmentation violation) via a crafted imagefilltoborder call that triggers use of a negative color value.",Released
20161212,CVE-2016-9933,,7.5,1015187,php53,https://www.suse.com/security/cve/CVE-2016-9933,"Stack consumption vulnerability in the gdImageFillToBorder function in gd.c in the GD Graphics Library (aka libgd) before 2.2.2, as used in PHP before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service (segmentation violation) via a crafted imagefilltoborder call that triggers use of a negative color value.",Released
20161212,CVE-2016-9934,,7.5,1015188,php53,https://www.suse.com/security/cve/CVE-2016-9934,"ext/wddx/wddx.c in PHP before 5.6.28 and 7.x before 7.0.13 allows remote attackers to cause a denial of service (NULL pointer dereference) via crafted serialized data in a wddxPacket XML document, as demonstrated by a PDORow string.",Released
20161212,CVE-2016-9935,,9.8,1015189,php53,https://www.suse.com/security/cve/CVE-2016-9935,"The php_wddx_push_element function in ext/wddx/wddx.c in PHP before 5.6.29 and 7.x before 7.0.14 allows remote attackers to cause a denial of service (out-of-bounds read and memory corruption) or possibly have unspecified other impact via an empty boolean element in a wddxPacket XML document.",Released
20161213,CVE-2016-9583,5.5,7.8,1015400,jasper,https://www.suse.com/security/cve/CVE-2016-9583,"An out-of-bounds heap read vulnerability was found in the jpc_pi_nextpcrl() function of jasper before 2.0.6 when processing crafted input.",Released
20161213,CVE-2016-9586,5.9,8.1,1015332,curl,https://www.suse.com/security/cve/CVE-2016-9586,"curl before version 7.52.0 is vulnerable to a buffer overflow when doing a large floating point output in libcurl's implementation of the printf() functions. If there are any application that accepts a format string from the outside without necessary input filtering, it could allow remote attacks.",Released
20161213,CVE-2016-9932,,3.3,1012651,xen,https://www.suse.com/security/cve/CVE-2016-9932,"CMPXCHG8B emulation in Xen 3.3.x through 4.7.x on x86 systems allows local HVM guest OS users to obtain sensitive information from host stack memory via a \"supposedly-ignored\" operand size prefix.",Released
20161214,CVE-2013-1430,3.3,9.8,1015567,xrdp,https://www.suse.com/security/cve/CVE-2013-1430,"An issue was discovered in xrdp before 0.9.1. When successfully logging in using RDP into an xrdp session, the file ~/.vnc/sesman_${username}_passwd is created. Its content is the equivalent of the user's cleartext password, DES encrypted with a known key.",Unsupported
20161214,CVE-2016-8635,,5.3,1015422,mozilla-nss,https://www.suse.com/security/cve/CVE-2016-8635,"It was found that Diffie Hellman Client key exchange handling in NSS 3.21.x was vulnerable to small subgroup confinement attack. An attacker could use this flaw to recover private keys by confining the client DH key to small subgroup of the desired group.",Released
20161214,CVE-2016-9574,,5.9,1015499,mozilla-nss,https://www.suse.com/security/cve/CVE-2016-9574,"nss before version 3.30 is vulnerable to a remote denial of service during the session handshake when using SessionTicket extension and ECDHE-ECDSA.",Released
20161215,CVE-2016-9588,3.5,5.5,1015703,kernel-source,https://www.suse.com/security/cve/CVE-2016-9588,"arch/x86/kvm/vmx.c in the Linux kernel through 4.9 mismanages the #BP and #OF exceptions, which allows guest OS users to cause a denial of service (guest OS crash) by declining to handle an exception thrown by an L2 guest.",Unsupported
20161216,CVE-2016-9584,,9.1,1015964,libical,https://www.suse.com/security/cve/CVE-2016-9584,"libical allows remote attackers to cause a denial of service (use-after-free) and possibly read heap memory via a crafted ics file.",Released
20161216,CVE-2016-9591,,5.5,1015993,jasper,https://www.suse.com/security/cve/CVE-2016-9591,"JasPer before version 2.0.12 is vulnerable to a use-after-free in the way it decodes certain JPEG 2000 image files resulting in a crash on the application using JasPer.",Released
20161219,CVE-2016-10002,,7.5,1016168,squid3,https://www.suse.com/security/cve/CVE-2016-10002,"Incorrect processing of responses to If-None-Modified HTTP conditional requests in Squid HTTP Proxy 3.1.10 through 3.1.23, 3.2.0.3 through 3.5.22, and 4.0.1 through 4.0.16 leads to client-specific Cookie data being leaked to other clients. Attack requests can easily be crafted by a client to probe a cache for this information.",Released
20161219,CVE-2016-10002,,7.5,1016168,squid,https://www.suse.com/security/cve/CVE-2016-10002,"Incorrect processing of responses to If-None-Modified HTTP conditional requests in Squid HTTP Proxy 3.1.10 through 3.1.23, 3.2.0.3 through 3.5.22, and 4.0.1 through 4.0.16 leads to client-specific Cookie data being leaked to other clients. Attack requests can easily be crafted by a client to probe a cache for this information.",Ignore
20161219,CVE-2016-10009,,7.3,1016336,openssh,https://www.suse.com/security/cve/CVE-2016-10009,"Untrusted search path vulnerability in ssh-agent.c in ssh-agent in OpenSSH before 7.4 allows remote attackers to execute arbitrary local PKCS#11 modules by leveraging control over a forwarded agent-socket.",Released
20161219,CVE-2016-10011,,5.5,1016336,openssh,https://www.suse.com/security/cve/CVE-2016-10011,"authfile.c in sshd in OpenSSH before 7.4 does not properly consider the effects of realloc on buffer contents, which might allow local users to obtain sensitive private-key information by leveraging access to a privilege-separated child process.",Released
20161219,CVE-2016-10012,,7.8,1006166,openssh-askpass-gnome,https://www.suse.com/security/cve/CVE-2016-10012,"The shared memory manager (associated with pre-authentication compression) in sshd in OpenSSH before 7.4 does not ensure that a bounds check is enforced by all compilers, which might allows local users to gain privileges by leveraging access to a sandboxed privilege-separation process, related to the m_zback and m_zlib data structures.",Released
20161219,CVE-2016-10012,,7.8,1006166,openssh,https://www.suse.com/security/cve/CVE-2016-10012,"The shared memory manager (associated with pre-authentication compression) in sshd in OpenSSH before 7.4 does not ensure that a bounds check is enforced by all compilers, which might allows local users to gain privileges by leveraging access to a sandboxed privilege-separation process, related to the m_zback and m_zlib data structures.",Released
20161219,CVE-2016-10013,,7.8,1016340,xen,https://www.suse.com/security/cve/CVE-2016-10013,"Xen through 4.8.x allows local 64-bit x86 HVM guest OS users to gain privileges by leveraging mishandling of SYSCALL singlestep during emulation.",Released
20161221,CVE-2016-10024,,6,1014298,xen,https://www.suse.com/security/cve/CVE-2016-10024,"Xen through 4.8.x allows local x86 PV guest OS kernel administrators to cause a denial of service (host hang or crash) by modifying the instruction stream asynchronously while performing certain kernel operations.",Released
20161221,CVE-2016-2161,,7.5,1016714,apache2,https://www.suse.com/security/cve/CVE-2016-2161,"In Apache HTTP Server versions 2.4.0 to 2.4.23, malicious input to mod_auth_digest can cause the server to crash, and each instance continues to crash even for subsequently valid requests.",Released
20161221,CVE-2016-8743,,7.5,1016715,apache2,https://www.suse.com/security/cve/CVE-2016-8743,"Apache HTTP Server, in all releases prior to 2.2.32 and 2.4.25, was liberal in the whitespace accepted from requests and sent in response lines and headers. Accepting these different behaviors represented a security concern when httpd participates in any chain of proxies or interacts with back-end application servers, either through mod_proxy or using conventional CGI mechanisms, and may result in request smuggling, response splitting and cache pollution.",Released
20161227,CVE-2016-10046,,5.5,1016742,ImageMagick,https://www.suse.com/security/cve/CVE-2016-10046,"Heap-based buffer overflow in the DrawImage function in magick/draw.c in ImageMagick before 6.9.5-5 allows remote attackers to cause a denial of service (application crash) via a crafted image file.",Released
20161227,CVE-2016-10048,,7.5,1017310,ImageMagick,https://www.suse.com/security/cve/CVE-2016-10048,"Directory traversal vulnerability in magick/module.c in ImageMagick 6.9.4-7 allows remote attackers to load arbitrary modules via unspecified vectors.",Released
20161227,CVE-2016-10049,,7.8,1017311,ImageMagick,https://www.suse.com/security/cve/CVE-2016-10049,"Buffer overflow in the ReadRLEImage function in coders/rle.c in ImageMagick before 6.9.4-4 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted RLE file.",Released
20161227,CVE-2016-10050,,7.8,1017312,ImageMagick,https://www.suse.com/security/cve/CVE-2016-10050,"Heap-based buffer overflow in the ReadRLEImage function in coders/rle.c in ImageMagick 6.9.4-8 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted RLE file.",Released
20161227,CVE-2016-10051,,7.8,1017313,ImageMagick,https://www.suse.com/security/cve/CVE-2016-10051,"Use-after-free vulnerability in the ReadPWPImage function in coders/pwp.c in ImageMagick 6.9.5-5 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file.",Released
20161227,CVE-2016-10052,,7.8,1017314,ImageMagick,https://www.suse.com/security/cve/CVE-2016-10052,"Buffer overflow in the WriteProfile function in coders/jpeg.c in ImageMagick before 6.9.5-6 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file.",Released
20161227,CVE-2016-10059,,7.8,1017318,ImageMagick,https://www.suse.com/security/cve/CVE-2016-10059,"Buffer overflow in coders/tiff.c in ImageMagick before 6.9.4-1 allows remote attackers to cause a denial of service (application crash) or have unspecified other impact via a crafted TIFF file.",Released
20161227,CVE-2016-10060,,6.5,1017319,ImageMagick,https://www.suse.com/security/cve/CVE-2016-10060,"The ConcatenateImages function in MagickWand/magick-cli.c in ImageMagick before 7.0.1-10 does not check the return value of the fputc function, which allows remote attackers to cause a denial of service (application crash) via a crafted file.",Released
20161227,CVE-2016-10061,,6.5,1017319,ImageMagick,https://www.suse.com/security/cve/CVE-2016-10061,"The ReadGROUP4Image function in coders/tiff.c in ImageMagick before 7.0.1-10 does not check the return value of the fputc function, which allows remote attackers to cause a denial of service (crash) via a crafted image file.",Released
20161227,CVE-2016-10062,,5.5,1017319,ImageMagick,https://www.suse.com/security/cve/CVE-2016-10062,"The ReadGROUP4Image function in coders/tiff.c in ImageMagick does not check the return value of the fwrite function, which allows remote attackers to cause a denial of service (application crash) via a crafted file.",Released
20161227,CVE-2016-10063,,7.8,1016589,ImageMagick,https://www.suse.com/security/cve/CVE-2016-10063,"Buffer overflow in coders/tiff.c in ImageMagick before 6.9.5-1 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file, related to extend validity.",Released
20161227,CVE-2016-10064,,7.8,1016590,ImageMagick,https://www.suse.com/security/cve/CVE-2016-10064,"Buffer overflow in coders/tiff.c in ImageMagick before 6.9.5-1 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file.",Released
20161227,CVE-2016-10065,,7.8,1016591,ImageMagick,https://www.suse.com/security/cve/CVE-2016-10065,"The ReadVIFFImage function in coders/viff.c in ImageMagick before 7.0.1-0 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file.",Released
20161227,CVE-2016-10068,,5.5,1017324,ImageMagick,https://www.suse.com/security/cve/CVE-2016-10068,"The MSL interpreter in ImageMagick before 6.9.6-4 allows remote attackers to cause a denial of service (segmentation fault and application crash) via a crafted XML file.",Released
20161227,CVE-2016-10070,,5.5,1017326,ImageMagick,https://www.suse.com/security/cve/CVE-2016-10070,"Heap-based buffer overflow in the CalcMinMax function in coders/mat.c in ImageMagick before 6.9.4-0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted mat file.",Released
20161227,CVE-2016-10071,,5.5,1017326,ImageMagick,https://www.suse.com/security/cve/CVE-2016-10071,"coders/mat.c in ImageMagick before 6.9.4-0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted mat file.",Released
20161229,CVE-2016-9597,,7.5,1014873,libxml2,https://www.suse.com/security/cve/CVE-2016-9597,"It was found that Red Hat JBoss Core Services erratum RHSA-2016:2957 for CVE-2016-3705 did not actually include the fix for the issue found in libxml2, making it vulnerable to a Denial of Service attack due to a Stack Overflow. This is a regression CVE for the same issue as CVE-2016-3705.",Released
20161230,CVE-2016-10087,,7.5,1017646,libpng12-0,https://www.suse.com/security/cve/CVE-2016-10087,"The png_set_text_2 function in libpng 0.71 before 1.0.67, 1.2.x before 1.2.57, 1.4.x before 1.4.20, 1.5.x before 1.5.28, and 1.6.x before 1.6.27 allows context-dependent attackers to cause a NULL pointer dereference vectors involving loading a text chunk into a png structure, removing the text, and then adding another text chunk to the structure.",Released
20170101,CVE-2016-10092,,7.8,1017693,tiff,https://www.suse.com/security/cve/CVE-2016-10092,"Heap-based buffer overflow in the readContigStripsIntoBuffer function in tif_unix.c in LibTIFF 4.0.7, 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5 and 4.0.6 allows remote attackers to have unspecified impact via a crafted image.",Released
20170101,CVE-2016-10093,,7.8,1017693,tiff,https://www.suse.com/security/cve/CVE-2016-10093,"Integer overflow in tools/tiffcp.c in LibTIFF 4.0.7, 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5 and 4.0.6 allows remote attackers to have unspecified impact via a crafted image, which triggers a heap-based buffer overflow.",Released
20170101,CVE-2016-10094,,7.8,1017693,tiff,https://www.suse.com/security/cve/CVE-2016-10094,"Off-by-one error in the t2p_readwrite_pdf_image_tile function in tools/tiff2pdf.c in LibTIFF 4.0.7 allows remote attackers to have unspecified impact via a crafted image.",Released
20170101,CVE-2016-10095,,5.5,1017690,tiff,https://www.suse.com/security/cve/CVE-2016-10095,"Stack-based buffer overflow in the _TIFFVGetField function in tif_dir.c in LibTIFF 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6, 4.0.7 and 4.0.8 allows remote attackers to cause a denial of service (crash) via a crafted TIFF file.",Released
20170102,CVE-2016-10088,,7,1013604,kernel-source,https://www.suse.com/security/cve/CVE-2016-10088,"The sg implementation in the Linux kernel through 4.9 does not properly restrict write operations in situations where the KERNEL_DS option is set, which allows local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device, related to block/bsg.c and drivers/scsi/sg.c.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-9576.",Released
20170102,CVE-2016-9941,,9.8,1017711,LibVNCServer,https://www.suse.com/security/cve/CVE-2016-9941,"Heap-based buffer overflow in rfbproto.c in LibVNCClient in LibVNCServer before 0.9.11 allows remote servers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted FramebufferUpdate message containing a subrectangle outside of the client drawing area.",Released
20170102,CVE-2016-9942,,9.8,1017712,LibVNCServer,https://www.suse.com/security/cve/CVE-2016-9942,"Heap-based buffer overflow in ultra.c in LibVNCClient in LibVNCServer before 0.9.11 allows remote servers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted FramebufferUpdate message with the Ultra type tile, such that the LZO payload decompressed length exceeds what is specified by the tile dimensions.",Released
20170104,CVE-2016-10089,6.7,7.8,1011630,nagios,https://www.suse.com/security/cve/CVE-2016-10089,"Nagios 4.3.2 and earlier allows local users to gain root privileges via a hard link attack on the Nagios init script file, related to CVE-2016-8641.",Released
20170104,CVE-2016-9600,4.7,6.5,1018088,jasper,https://www.suse.com/security/cve/CVE-2016-9600,"JasPer before version 2.0.10 is vulnerable to a null pointer dereference was found in the decoded creation of JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash.",Released
20170104,CVE-2016-9601,,5.5,1018128,ghostscript-library,https://www.suse.com/security/cve/CVE-2016-9601,"ghostscript before version 9.21 is vulnerable to a heap based buffer overflow that was found in the ghostscript jbig2_decode_gray_scale_image function which is used to decode halftone segments in a JBIG2 image. A document (PostScript or PDF) with an embedded, specially crafted, jbig2 image could trigger a segmentation fault in ghostscript.",Released
20170105,CVE-2016-9754,,7.8,1018342,kernel-source,https://www.suse.com/security/cve/CVE-2016-9754,"The ring_buffer_resize function in kernel/trace/ring_buffer.c in the profiling subsystem in the Linux kernel before 4.6.1 mishandles certain integer calculations, which allows local users to gain privileges by writing to the /sys/kernel/debug/tracing/buffer_size_kb file.",Ignore
20170107,CVE-2016-9131,,7.5,1018699,bind,https://www.suse.com/security/cve/CVE-2016-9131,"named in ISC BIND 9.x before 9.9.9-P5, 9.10.x before 9.10.4-P5, and 9.11.x before 9.11.0-P2 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a malformed response to an RTYPE ANY query.",Released
20170107,CVE-2016-9147,,7.5,1018699,bind,https://www.suse.com/security/cve/CVE-2016-9147,"named in ISC BIND 9.9.9-P4, 9.9.9-S6, 9.10.4-P4, and 9.11.0-P1 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a response containing an inconsistency among the DNSSEC-related RRsets.",Released
20170107,CVE-2016-9444,,7.5,1018699,bind,https://www.suse.com/security/cve/CVE-2016-9444,"named in ISC BIND 9.x before 9.9.9-P5, 9.10.x before 9.10.4-P5, and 9.11.x before 9.11.0-P2 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted DS resource record in an answer.",Released
20170107,CVE-2016-9778,,5.9,1018699,bind,https://www.suse.com/security/cve/CVE-2016-9778,"An error in handling certain queries can cause an assertion failure when a server is using the nxdomain-redirect feature to cover a zone for which it is also providing authoritative service. A vulnerable server could be intentionally stopped by an attacker if it was using a configuration that met the criteria for the vulnerability and if the attacker could cause it to accept a query that possessed the required attributes. Please note: This vulnerability affects the \"nxdomain-redirect\" feature, which is one of two methods of handling NXDOMAIN redirection, and is only available in certain versions of BIND. Redirection using zones of type \"redirect\" is not affected by this vulnerability. Affects BIND 9.9.8-S1 -> 9.9.8-S3, 9.9.9-S1 -> 9.9.9-S6, 9.11.0-9.11.0-P1.",Ignore
20170109,CVE-2016-10124,,8.6,1018892,lxc,https://www.suse.com/security/cve/CVE-2016-10124,"An issue was discovered in Linux Containers (LXC) before 2016-02-22. When executing a program via lxc-attach, the nonpriv session can escape to the parent session by using the TIOCSTI ioctl to push characters into the terminal's input buffer, allowing an attacker to escape the container.",Ignore
20170111,CVE-2015-7558,-1,-1,1138468,libcroco,https://www.suse.com/security/cve/CVE-2015-7558,"librsvg before 2.40.12 allows context-dependent attackers to cause a denial of service (infinite loop, stack consumption, and application crash) via cyclic references in an SVG document.",Released
20170111,CVE-2015-7558,-1,-1,1138468,librsvg,https://www.suse.com/security/cve/CVE-2015-7558,"librsvg before 2.40.12 allows context-dependent attackers to cause a denial of service (infinite loop, stack consumption, and application crash) via cyclic references in an SVG document.",Released
20170111,CVE-2016-7056,,5.5,1005878,openssl,https://www.suse.com/security/cve/CVE-2016-7056,"A timing attack flaw was found in OpenSSL 1.0.1u and before that could allow a malicious user with local access to recover ECDSA P-256 private keys.",Released
20170111,CVE-2017-5335,,7.5,1018832,gnutls,https://www.suse.com/security/cve/CVE-2017-5335,"The stream reading functions in lib/opencdk/read-packet.c in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allow remote attackers to cause a denial of service (out-of-memory error and crash) via a crafted OpenPGP certificate.",Released
20170111,CVE-2017-5336,,9.8,1018832,gnutls,https://www.suse.com/security/cve/CVE-2017-5336,"Stack-based buffer overflow in the cdk_pk_get_keyid function in lib/opencdk/pubkey.c in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allows remote attackers to have unspecified impact via a crafted OpenPGP certificate.",Released
20170111,CVE-2017-5337,,9.8,1018832,gnutls,https://www.suse.com/security/cve/CVE-2017-5337,"Multiple heap-based buffer overflows in the read_attribute function in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allow remote attackers to have unspecified impact via a crafted OpenPGP certificate.",Released
20170112,CVE-2016-7478,,7.5,1019550,php53,https://www.suse.com/security/cve/CVE-2016-7478,"Zend/zend_exceptions.c in PHP, possibly 5.x before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service (infinite loop) via a crafted Exception object in serialized data, a related issue to CVE-2015-8876.",Released
20170112,CVE-2017-5225,,9.8,1019611,tiff,https://www.suse.com/security/cve/CVE-2017-5225,"LibTIFF version 4.0.7 is vulnerable to a heap buffer overflow in the tools/tiffcp resulting in DoS or code execution via a crafted BitsPerSample value.",Released
20170113,CVE-2017-5357,,7.5,1019807,ed,https://www.suse.com/security/cve/CVE-2017-5357,"regex.c in GNU ed before 1.14.1 allows attackers to cause a denial of service (crash) via a malformed command, which triggers an invalid free.",Released
20170116,CVE-2016-10142,,8.6,1020078,kernel-source,https://www.suse.com/security/cve/CVE-2016-10142,"An issue was discovered in the IPv6 protocol specification, related to ICMP Packet Too Big (PTB) messages. (The scope of this CVE is all affected IPv6 implementations from all vendors.) The security implications of IP fragmentation have been discussed at length in [RFC6274] and [RFC7739]. An attacker can leverage the generation of IPv6 atomic fragments to trigger the use of fragmentation in an arbitrary IPv6 flow (in scenarios in which actual fragmentation of packets is not needed) and can subsequently perform any type of fragmentation-based attack against legacy IPv6 nodes that do not implement [RFC6946]. That is, employing fragmentation where not actually needed allows for fragmentation-based attack vectors to be employed, unnecessarily. We note that, unfortunately, even nodes that already implement [RFC6946] can be subject to DoS attacks as a result of the generation of IPv6 atomic fragments. Let us assume that Host A is communicating with Host B and that, as a result of the widespread dropping of IPv6 packets that contain extension headers (including fragmentation) [RFC7872], some intermediate node filters fragments between Host B and Host A. If an attacker sends a forged ICMPv6 PTB error message to Host B, reporting an MTU smaller than 1280, this will trigger the generation of IPv6 atomic fragments from that moment on (as required by [RFC2460]). When Host B starts sending IPv6 atomic fragments (in response to the received ICMPv6 PTB error message), these packets will be dropped, since we previously noted that IPv6 packets with extension headers were being dropped between Host B and Host A. Thus, this situation will result in a DoS scenario. Another possible scenario is that in which two BGP peers are employing IPv6 transport and they implement Access Control Lists (ACLs) to drop IPv6 fragments (to avoid control-plane attacks). If the aforementioned BGP peers drop IPv6 fragments but still honor received ICMPv6 PTB error messages, an attacker could easily attack the corresponding peering session by simply sending an ICMPv6 PTB message with a reported MTU smaller than 1280 bytes. Once the attack packet has been sent, the aforementioned routers will themselves be the ones dropping their own traffic.",Ignore
20170116,CVE-2017-0386,7.8,7.8,1020123,libnl3,https://www.suse.com/security/cve/CVE-2017-0386,"An elevation of privilege vulnerability in the libnl library could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-32255299.",Unsupported
20170116,CVE-2017-0386,7.8,7.8,1020123,libnl,https://www.suse.com/security/cve/CVE-2017-0386,"An elevation of privilege vulnerability in the libnl library could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-32255299.",Released
20170117,CVE-2016-10144,,9.8,1020433,ImageMagick,https://www.suse.com/security/cve/CVE-2016-10144,"coders/ipl.c in ImageMagick allows remote attackers to have unspecific impact by leveraging a missing malloc check.",Released
20170117,CVE-2016-10145,,9.8,1020435,ImageMagick,https://www.suse.com/security/cve/CVE-2016-10145,"Off-by-one error in coders/wpg.c in ImageMagick allows remote attackers to have unspecified impact via vectors related to a string copy.",Released
20170117,CVE-2016-10146,,7.5,1020443,ImageMagick,https://www.suse.com/security/cve/CVE-2016-10146,"Multiple memory leaks in the caption and label handling code in ImageMagick allow remote attackers to cause a denial of service (memory consumption) via unspecified vectors.",Released
20170117,CVE-2016-9602,,8.8,1020427,kvm,https://www.suse.com/security/cve/CVE-2016-9602,"Qemu before version 2.9 is vulnerable to an improper link following when built with the VirtFS. A privileged user inside guest could use this flaw to access host file system beyond the shared folder and potentially escalating their privileges on a host.",Released
20170117,CVE-2017-5498,,5.5,1020353,jasper,https://www.suse.com/security/cve/CVE-2017-5498,"libjasper/include/jasper/jas_math.h in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via vectors involving left shift of a negative value.",Released
20170117,CVE-2017-5499,,5.5,1020451,jasper,https://www.suse.com/security/cve/CVE-2017-5499,"Integer overflow in libjasper/jpc/jpc_dec.c in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via a crafted file.",Released
20170117,CVE-2017-5500,,5.5,1020451,jasper,https://www.suse.com/security/cve/CVE-2017-5500,"libjasper/jpc/jpc_dec.c in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via vectors involving left shift of a negative value.",Released
20170117,CVE-2017-5501,,5.5,1020451,jasper,https://www.suse.com/security/cve/CVE-2017-5501,"Integer overflow in libjasper/jpc/jpc_tsfb.c in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via a crafted file.",Released
20170117,CVE-2017-5502,,5.5,1020451,jasper,https://www.suse.com/security/cve/CVE-2017-5502,"libjasper/jp2/jp2_dec.c in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via vectors involving left shift of a negative value.",Released
20170117,CVE-2017-5503,,5.5,1020456,jasper,https://www.suse.com/security/cve/CVE-2017-5503,"The dec_clnpass function in libjasper/jpc/jpc_t1dec.c in JasPer 1.900.27 allows remote attackers to cause a denial of service (invalid memory write and crash) or possibly have unspecified other impact via a crafted image.",Released
20170117,CVE-2017-5504,,5.5,1020456,jasper,https://www.suse.com/security/cve/CVE-2017-5504,"The jpc_undo_roi function in libjasper/jpc/jpc_dec.c in JasPer 1.900.27 allows remote attackers to cause a denial of service (invalid memory read and crash) via a crafted image.",Released
20170117,CVE-2017-5505,,5.5,1020456,jasper,https://www.suse.com/security/cve/CVE-2017-5505,"The jas_matrix_asl function in jas_seq.c in JasPer 1.900.27 allows remote attackers to cause a denial of service (invalid memory read and crash) via a crafted image.",Released
20170117,CVE-2017-5506,,7.8,1020436,ImageMagick,https://www.suse.com/security/cve/CVE-2017-5506,"Double free vulnerability in magick/profile.c in ImageMagick allows remote attackers to have unspecified impact via a crafted file.",Released
20170117,CVE-2017-5507,,7.5,1020439,ImageMagick,https://www.suse.com/security/cve/CVE-2017-5507,"Memory leak in coders/mpc.c in ImageMagick before 6.9.7-4 and 7.x before 7.0.4-4 allows remote attackers to cause a denial of service (memory consumption) via vectors involving a pixel cache.",Released
20170117,CVE-2017-5508,,5.5,1020441,ImageMagick,https://www.suse.com/security/cve/CVE-2017-5508,"Heap-based buffer overflow in the PushQuantumPixel function in ImageMagick before 6.9.7-3 and 7.x before 7.0.4-3 allows remote attackers to cause a denial of service (application crash) via a crafted TIFF file.",Released
20170117,CVE-2017-5511,,9.8,1020448,ImageMagick,https://www.suse.com/security/cve/CVE-2017-5511,"coders/psd.c in ImageMagick allows remote attackers to have unspecified impact by leveraging an improper cast, which triggers a heap-based buffer overflow.",Released
20170118,CVE-2017-2583,,8.4,1020602,kernel-source,https://www.suse.com/security/cve/CVE-2017-2583,"The load_segment_descriptor implementation in arch/x86/kvm/emulate.c in the Linux kernel before 4.9.5 improperly emulates a \"MOV SS, NULL selector\" instruction, which allows guest OS users to cause a denial of service (guest OS crash) or gain guest OS privileges via a crafted application.",Unsupported
20170119,CVE-2016-5546,,7.5,1020905,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2016-5546,"Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111; JRockit: R28.3.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, JRockit accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS v3.0 Base Score 7.5 (Integrity impacts).",Released
20170119,CVE-2016-5547,,5.3,1020905,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2016-5547,"Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 7u121 and 8u112; Java SE Embedded: 8u111; JRockit: R28.3.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS v3.0 Base Score 5.3 (Availability impacts).",Released
20170119,CVE-2016-5548,,6.5,1020905,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2016-5548,"Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS v3.0 Base Score 6.5 (Confidentiality impacts).",Released
20170119,CVE-2016-5549,,6.5,1020905,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2016-5549,"Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 7u121 and 8u112; Java SE Embedded: 8u111. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS v3.0 Base Score 6.5 (Confidentiality impacts).",Released
20170119,CVE-2016-5552,,5.3,1020905,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2016-5552,"Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111; JRockit: R28.3.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded, JRockit accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS v3.0 Base Score 5.3 (Integrity impacts).",Released
20170119,CVE-2016-7922,,9.8,1020940,tcpdump,https://www.suse.com/security/cve/CVE-2016-7922,"The AH parser in tcpdump before 4.9.0 has a buffer overflow in print-ah.c:ah_print().",Released
20170119,CVE-2016-7923,,9.8,1020940,tcpdump,https://www.suse.com/security/cve/CVE-2016-7923,"The ARP parser in tcpdump before 4.9.0 has a buffer overflow in print-arp.c:arp_print().",Released
20170119,CVE-2016-7924,,9.8,1020940,tcpdump,https://www.suse.com/security/cve/CVE-2016-7924,"The ATM parser in tcpdump before 4.9.0 has a buffer overflow in print-atm.c:oam_print().",Released
20170119,CVE-2016-7925,,9.8,1020940,tcpdump,https://www.suse.com/security/cve/CVE-2016-7925,"The compressed SLIP parser in tcpdump before 4.9.0 has a buffer overflow in print-sl.c:sl_if_print().",Released
20170119,CVE-2016-7926,,9.8,1020940,tcpdump,https://www.suse.com/security/cve/CVE-2016-7926,"The Ethernet parser in tcpdump before 4.9.0 has a buffer overflow in print-ether.c:ethertype_print().",Released
20170119,CVE-2016-7927,,9.8,1020940,tcpdump,https://www.suse.com/security/cve/CVE-2016-7927,"The IEEE 802.11 parser in tcpdump before 4.9.0 has a buffer overflow in print-802_11.c:ieee802_11_radio_print().",Released
20170119,CVE-2016-7928,,9.8,1020940,tcpdump,https://www.suse.com/security/cve/CVE-2016-7928,"The IPComp parser in tcpdump before 4.9.0 has a buffer overflow in print-ipcomp.c:ipcomp_print().",Released
20170119,CVE-2016-7929,,9.8,1020940,tcpdump,https://www.suse.com/security/cve/CVE-2016-7929,"The Juniper PPPoE ATM parser in tcpdump before 4.9.0 has a buffer overflow in print-juniper.c:juniper_parse_header().",Released
20170119,CVE-2016-7930,,9.8,1020940,tcpdump,https://www.suse.com/security/cve/CVE-2016-7930,"The LLC/SNAP parser in tcpdump before 4.9.0 has a buffer overflow in print-llc.c:llc_print().",Released
20170119,CVE-2016-7931,,9.8,1020940,tcpdump,https://www.suse.com/security/cve/CVE-2016-7931,"The MPLS parser in tcpdump before 4.9.0 has a buffer overflow in print-mpls.c:mpls_print().",Released
20170119,CVE-2016-7932,,9.8,1020940,tcpdump,https://www.suse.com/security/cve/CVE-2016-7932,"The PIM parser in tcpdump before 4.9.0 has a buffer overflow in print-pim.c:pimv2_check_checksum().",Released
20170119,CVE-2016-7933,,9.8,1020940,tcpdump,https://www.suse.com/security/cve/CVE-2016-7933,"The PPP parser in tcpdump before 4.9.0 has a buffer overflow in print-ppp.c:ppp_hdlc_if_print().",Released
20170119,CVE-2016-7934,,9.8,1020940,tcpdump,https://www.suse.com/security/cve/CVE-2016-7934,"The RTCP parser in tcpdump before 4.9.0 has a buffer overflow in print-udp.c:rtcp_print().",Released
20170119,CVE-2016-7935,,9.8,1020940,tcpdump,https://www.suse.com/security/cve/CVE-2016-7935,"The RTP parser in tcpdump before 4.9.0 has a buffer overflow in print-udp.c:rtp_print().",Released
20170119,CVE-2016-7936,,9.8,1020940,tcpdump,https://www.suse.com/security/cve/CVE-2016-7936,"The UDP parser in tcpdump before 4.9.0 has a buffer overflow in print-udp.c:udp_print().",Released
20170119,CVE-2016-7937,,9.8,1020940,tcpdump,https://www.suse.com/security/cve/CVE-2016-7937,"The VAT parser in tcpdump before 4.9.0 has a buffer overflow in print-udp.c:vat_print().",Released
20170119,CVE-2016-7938,,9.8,1020940,tcpdump,https://www.suse.com/security/cve/CVE-2016-7938,"The ZeroMQ parser in tcpdump before 4.9.0 has an integer overflow in print-zeromq.c:zmtp1_print_frame().",Released
20170119,CVE-2016-7939,,9.8,1020940,tcpdump,https://www.suse.com/security/cve/CVE-2016-7939,"The GRE parser in tcpdump before 4.9.0 has a buffer overflow in print-gre.c, multiple functions.",Released
20170119,CVE-2016-7940,,9.8,1020940,tcpdump,https://www.suse.com/security/cve/CVE-2016-7940,"The STP parser in tcpdump before 4.9.0 has a buffer overflow in print-stp.c, multiple functions.",Released
20170119,CVE-2016-7973,,9.8,1020940,tcpdump,https://www.suse.com/security/cve/CVE-2016-7973,"The AppleTalk parser in tcpdump before 4.9.0 has a buffer overflow in print-atalk.c, multiple functions.",Released
20170119,CVE-2016-7974,,9.8,1020940,tcpdump,https://www.suse.com/security/cve/CVE-2016-7974,"The IP parser in tcpdump before 4.9.0 has a buffer overflow in print-ip.c, multiple functions.",Released
20170119,CVE-2016-7975,,9.8,1020940,tcpdump,https://www.suse.com/security/cve/CVE-2016-7975,"The TCP parser in tcpdump before 4.9.0 has a buffer overflow in print-tcp.c:tcp_print().",Released
20170119,CVE-2016-7983,,9.8,1020940,tcpdump,https://www.suse.com/security/cve/CVE-2016-7983,"The BOOTP parser in tcpdump before 4.9.0 has a buffer overflow in print-bootp.c:bootp_print().",Released
20170119,CVE-2016-7984,,9.8,1020940,tcpdump,https://www.suse.com/security/cve/CVE-2016-7984,"The TFTP parser in tcpdump before 4.9.0 has a buffer overflow in print-tftp.c:tftp_print().",Released
20170119,CVE-2016-7985,,9.8,1020940,tcpdump,https://www.suse.com/security/cve/CVE-2016-7985,"The CALM FAST parser in tcpdump before 4.9.0 has a buffer overflow in print-calm-fast.c:calm_fast_print().",Released
20170119,CVE-2016-7986,,9.8,1020940,tcpdump,https://www.suse.com/security/cve/CVE-2016-7986,"The GeoNetworking parser in tcpdump before 4.9.0 has a buffer overflow in print-geonet.c, multiple functions.",Released
20170119,CVE-2016-7992,,9.8,1020940,tcpdump,https://www.suse.com/security/cve/CVE-2016-7992,"The Classical IP over ATM parser in tcpdump before 4.9.0 has a buffer overflow in print-cip.c:cip_if_print().",Released
20170119,CVE-2016-7993,,9.8,1020940,tcpdump,https://www.suse.com/security/cve/CVE-2016-7993,"A bug in util-print.c:relts_print() in tcpdump before 4.9.0 could cause a buffer overflow in multiple protocol parsers (DNS, DVMRP, HSRP, IGMP, lightweight resolver protocol, PIM).",Released
20170119,CVE-2016-8328,,3.7,1020905,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2016-8328,"Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Java Mission Control). The supported version that is affected is Java SE: 8u112. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE accessible data. Note: Applies to Java Mission Control Installation. CVSS v3.0 Base Score 3.7 (Integrity impacts).",Released
20170119,CVE-2016-8574,,9.8,1020940,tcpdump,https://www.suse.com/security/cve/CVE-2016-8574,"The FRF.15 parser in tcpdump before 4.9.0 has a buffer overflow in print-fr.c:frf15_print().",Released
20170119,CVE-2016-8575,,9.8,1020940,tcpdump,https://www.suse.com/security/cve/CVE-2016-8575,"The Q.933 parser in tcpdump before 4.9.0 has a buffer overflow in print-fr.c:q933_print(), a different vulnerability than CVE-2017-5482.",Released
20170119,CVE-2017-3231,,4.3,1020905,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2017-3231,"Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS v3.0 Base Score 4.3 (Confidentiality impacts).",Released
20170119,CVE-2017-3241,,9,1020905,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2017-3241,"Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111; JRockit: R28.3.12. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. While the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS v3.0 Base Score 9.0 (Confidentiality, Integrity and Availability impacts).",Released
20170119,CVE-2017-3252,,5.8,1020905,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2017-3252,"Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JAAS). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111; JRockit: R28.3.12. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, JRockit accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS v3.0 Base Score 5.8 (Integrity impacts).",Released
20170119,CVE-2017-3253,,7.5,1020905,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2017-3253,"Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: 2D). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111; JRockit: R28.3.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS v3.0 Base Score 7.5 (Availability impacts).",Released
20170119,CVE-2017-3259,,3.7,1020905,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2017-3259,"Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS v3.0 Base Score 3.7 (Confidentiality impacts).",Released
20170119,CVE-2017-3260,,8.3,1020905,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2017-3260,"Vulnerability in the Java SE component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 7u121 and 8u112. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS v3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts).",Released
20170119,CVE-2017-3261,,4.3,1020905,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2017-3261,"Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS v3.0 Base Score 4.3 (Confidentiality impacts).",Released
20170119,CVE-2017-3262,,5.3,1020905,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2017-3262,"Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Java Mission Control). The supported version that is affected is Java SE: 8u112. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data. Note: Applies to Java Mission Control Installation. CVSS v3.0 Base Score 5.3 (Confidentiality impacts).",Released
20170119,CVE-2017-3272,,9.6,1020905,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2017-3272,"Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS v3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts).",Released
20170119,CVE-2017-3289,,9.6,1020905,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2017-3289,"Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 7u121 and 8u112; Java SE Embedded: 8u111. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS v3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts).",Released
20170119,CVE-2017-5202,,9.8,1020940,tcpdump,https://www.suse.com/security/cve/CVE-2017-5202,"The ISO CLNS parser in tcpdump before 4.9.0 has a buffer overflow in print-isoclns.c:clnp_print().",Released
20170119,CVE-2017-5203,,9.8,1020940,tcpdump,https://www.suse.com/security/cve/CVE-2017-5203,"The BOOTP parser in tcpdump before 4.9.0 has a buffer overflow in print-bootp.c:bootp_print().",Released
20170119,CVE-2017-5204,,9.8,1020940,tcpdump,https://www.suse.com/security/cve/CVE-2017-5204,"The IPv6 parser in tcpdump before 4.9.0 has a buffer overflow in print-ip6.c:ip6_print().",Released
20170119,CVE-2017-5205,,9.8,1020940,tcpdump,https://www.suse.com/security/cve/CVE-2017-5205,"The ISAKMP parser in tcpdump before 4.9.0 has a buffer overflow in print-isakmp.c:ikev2_e_print().",Released
20170119,CVE-2017-5341,,9.8,1020940,tcpdump,https://www.suse.com/security/cve/CVE-2017-5341,"The OTV parser in tcpdump before 4.9.0 has a buffer overflow in print-otv.c:otv_print().",Released
20170119,CVE-2017-5342,,9.8,1020940,tcpdump,https://www.suse.com/security/cve/CVE-2017-5342,"In tcpdump before 4.9.0, a bug in multiple protocol parsers (Geneve, GRE, NSH, OTV, VXLAN and VXLAN GPE) could cause a buffer overflow in print-ether.c:ether_print().",Released
20170119,CVE-2017-5482,,9.8,1020940,tcpdump,https://www.suse.com/security/cve/CVE-2017-5482,"The Q.933 parser in tcpdump before 4.9.0 has a buffer overflow in print-fr.c:q933_print(), a different vulnerability than CVE-2016-8575.",Released
20170119,CVE-2017-5483,,9.8,1020940,tcpdump,https://www.suse.com/security/cve/CVE-2017-5483,"The SNMP parser in tcpdump before 4.9.0 has a buffer overflow in print-snmp.c:asn1_parse().",Released
20170119,CVE-2017-5484,,9.8,1020940,tcpdump,https://www.suse.com/security/cve/CVE-2017-5484,"The ATM parser in tcpdump before 4.9.0 has a buffer overflow in print-atm.c:sig_print().",Released
20170119,CVE-2017-5485,,9.8,1020940,tcpdump,https://www.suse.com/security/cve/CVE-2017-5485,"The ISO CLNS parser in tcpdump before 4.9.0 has a buffer overflow in addrtoname.c:lookup_nsap().",Released
20170119,CVE-2017-5486,,9.8,1020940,tcpdump,https://www.suse.com/security/cve/CVE-2017-5486,"The ISO CLNS parser in tcpdump before 4.9.0 has a buffer overflow in print-isoclns.c:clnp_print().",Released
20170120,CVE-2016-10150,,9.8,1020693,kernel-source,https://www.suse.com/security/cve/CVE-2016-10150,"Use-after-free vulnerability in the kvm_ioctl_create_device function in virt/kvm/kvm_main.c in the Linux kernel before 4.8.13 allows host OS users to cause a denial of service (host OS crash) or possibly gain privileges via crafted ioctl calls on the /dev/kvm device.",Analysis
20170121,CVE-2016-10153,,7.8,1021253,kernel-source,https://www.suse.com/security/cve/CVE-2016-10153,"The crypto scatterlist API in the Linux kernel 4.9.x before 4.9.6 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memory corruption) or possibly have unspecified other impact by leveraging reliance on earlier net/ceph/crypto.c code.",Analysis
20170121,CVE-2016-10154,,5.5,1021254,kernel-source,https://www.suse.com/security/cve/CVE-2016-10154,"The smbhash function in fs/cifs/smbencrypt.c in the Linux kernel 4.9.x before 4.9.1 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memory corruption) or possibly have unspecified other impact by leveraging use of more than one virtual page for a scatterlist.",Analysis
20170121,CVE-2016-10155,,6,1021129,kvm,https://www.suse.com/security/cve/CVE-2016-10155,"Memory leak in hw/watchdog/wdt_i6300esb.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption and QEMU process crash) via a large number of device unplug operations.",Released
20170121,CVE-2016-10155,,6,1021129,xen,https://www.suse.com/security/cve/CVE-2016-10155,"Memory leak in hw/watchdog/wdt_i6300esb.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption and QEMU process crash) via a large number of device unplug operations.",Ignore
20170121,CVE-2017-5547,,7.8,1021252,kernel-source,https://www.suse.com/security/cve/CVE-2017-5547,"drivers/hid/hid-corsair.c in the Linux kernel 4.9.x before 4.9.6 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memory corruption) or possibly have unspecified other impact by leveraging use of more than one virtual page for a DMA scatterlist.",Analysis
20170121,CVE-2017-5548,,7.8,1021255,kernel-source,https://www.suse.com/security/cve/CVE-2017-5548,"drivers/net/ieee802154/atusb.c in the Linux kernel 4.9.x before 4.9.6 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memory corruption) or possibly have unspecified other impact by leveraging use of more than one virtual page for a DMA scatterlist.",Analysis
20170121,CVE-2017-5549,3.3,5.5,1021256,kernel-source,https://www.suse.com/security/cve/CVE-2017-5549,"The klsi_105_get_line_state function in drivers/usb/serial/kl5kusb105.c in the Linux kernel before 4.9.5 places uninitialized heap-memory contents into a log entry upon a failure to read the line status, which allows local users to obtain sensitive information by reading the log.",Released
20170121,CVE-2017-5551,4.4,4.4,1021258,kernel-source,https://www.suse.com/security/cve/CVE-2017-5551,"The simple_set_acl function in fs/posix_acl.c in the Linux kernel before 4.9.6 preserves the setgid bit during a setxattr call involving a tmpfs filesystem, which allows local users to gain group privileges by leveraging the existence of a setgid program with restrictions on execute permissions.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-7097.",Released
20170121,CVE-2017-5552,,6.5,1021195,xen,https://www.suse.com/security/cve/CVE-2017-5552,"Memory leak in the virgl_resource_attach_backing function in hw/display/virtio-gpu-3d.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (host memory consumption) via a large number of VIRTIO_GPU_CMD_RESOURCE_ATTACH_BACKING commands.",Ignore
20170124,CVE-2017-5495,,7.5,1021669,quagga,https://www.suse.com/security/cve/CVE-2017-5495,"All versions of Quagga, 0.93 through 1.1.0, are vulnerable to an unbounded memory allocation in the telnet 'vty' CLI, leading to a Denial-of-Service of Quagga daemons, or even the entire host. When Quagga daemons are configured with their telnet CLI enabled, anyone who can connect to the TCP ports can trigger this vulnerability, prior to authentication. Most distributions restrict the Quagga telnet interface to local access only by default. The Quagga telnet interface 'vty' input buffer grows automatically, without bound, so long as a newline is not entered. This allows an attacker to cause the Quagga daemon to allocate unbounded memory by sending very long strings without a newline. Eventually the daemon is terminated by the system, or the system itself runs out of memory. This is fixed in Quagga 1.1.1 and Free Range Routing (FRR) Protocol Suite 2017-01-10.",Released
20170125,CVE-2016-10164,,9.8,1021315,xorg-x11-libXpm,https://www.suse.com/security/cve/CVE-2016-10164,"Multiple integer overflows in libXpm before 3.5.12, when a program requests parsing XPM extensions on a 64-bit platform, allow remote attackers to cause a denial of service (out-of-bounds write) or execute arbitrary code via (1) the number of extensions or (2) their concatenated length in a crafted XPM file, which triggers a heap-based buffer overflow.",Released
20170125,CVE-2016-10165,5.7,7.1,1021364,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2016-10165,"The Type_MLU_Read function in cmstypes.c in Little CMS (aka lcms2) allows remote attackers to obtain sensitive information or cause a denial of service via an image with a crafted ICC profile, which triggers an out-of-bounds heap read.",Affected
20170125,CVE-2017-5579,,6.5,1021741,kvm,https://www.suse.com/security/cve/CVE-2017-5579,"Memory leak in the serial_exit_core function in hw/char/serial.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption and QEMU process crash) via a large number of device unplug operations.",Released
20170125,CVE-2017-5579,,6.5,1021741,xen,https://www.suse.com/security/cve/CVE-2017-5579,"Memory leak in the serial_exit_core function in hw/char/serial.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption and QEMU process crash) via a large number of device unplug operations.",Affected
20170126,CVE-2017-5596,,7.5,1021739,wireshark,https://www.suse.com/security/cve/CVE-2017-5596,"In Wireshark 2.2.0 to 2.2.3 and 2.0.0 to 2.0.9, the ASTERIX dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-asterix.c by changing a data type to avoid an integer overflow.",Released
20170126,CVE-2017-5597,,7.5,1021739,wireshark,https://www.suse.com/security/cve/CVE-2017-5597,"In Wireshark 2.2.0 to 2.2.3 and 2.0.0 to 2.0.9, the DHCPv6 dissector could go into a large loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-dhcpv6.c by changing a data type to avoid an integer overflow.",Released
20170127,CVE-2016-10158,,7.5,1022219,php53,https://www.suse.com/security/cve/CVE-2016-10158,"The exif_convert_any_to_int function in ext/exif/exif.c in PHP before 5.6.30, 7.0.x before 7.0.15, and 7.1.x before 7.1.1 allows remote attackers to cause a denial of service (application crash) via crafted EXIF data that triggers an attempt to divide the minimum representable negative integer by -1.",Released
20170127,CVE-2016-10159,,7.5,1022255,php53,https://www.suse.com/security/cve/CVE-2016-10159,"Integer overflow in the phar_parse_pharfile function in ext/phar/phar.c in PHP before 5.6.30 and 7.0.x before 7.0.15 allows remote attackers to cause a denial of service (memory consumption or application crash) via a truncated manifest entry in a PHAR archive.",Released
20170127,CVE-2016-10160,,9.8,1022257,php53,https://www.suse.com/security/cve/CVE-2016-10160,"Off-by-one error in the phar_parse_pharfile function in ext/phar/phar.c in PHP before 5.6.30 and 7.0.x before 7.0.15 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted PHAR archive with an alias mismatch.",Released
20170127,CVE-2016-10161,,7.5,1022260,php53,https://www.suse.com/security/cve/CVE-2016-10161,"The object_common1 function in ext/standard/var_unserializer.c in PHP before 5.6.30, 7.0.x before 7.0.15, and 7.1.x before 7.1.1 allows remote attackers to cause a denial of service (buffer over-read and application crash) via crafted serialized data that is mishandled in a finish_nested_data call.",Released
20170127,CVE-2016-9317,,5.5,1022283,gd,https://www.suse.com/security/cve/CVE-2016-9317,"The gdImageCreate function in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to cause a denial of service (system hang) via an oversized image.",Released
20170127,CVE-2016-9317,,5.5,1022283,php53,https://www.suse.com/security/cve/CVE-2016-9317,"The gdImageCreate function in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to cause a denial of service (system hang) via an oversized image.",Already fixed
20170128,CVE-2016-10166,,9.8,1022069,php53,https://www.suse.com/security/cve/CVE-2016-10166,"Integer underflow in the _gdContributionsAlloc function in gd_interpolation.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to have unspecified impact via vectors related to decrementing the u variable.",Released
20170128,CVE-2016-10167,,5.5,1022069,gd,https://www.suse.com/security/cve/CVE-2016-10167,"The gdImageCreateFromGd2Ctx function in gd_gd2.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to cause a denial of service (application crash) via a crafted image file.",Released
20170128,CVE-2016-10167,,5.5,1022069,php53,https://www.suse.com/security/cve/CVE-2016-10167,"The gdImageCreateFromGd2Ctx function in gd_gd2.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to cause a denial of service (application crash) via a crafted image file.",Released
20170128,CVE-2016-10168,,7.8,1022069,gd,https://www.suse.com/security/cve/CVE-2016-10168,"Integer overflow in gd_io.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to have unspecified impact via vectors involving the number of horizontal and vertical chunks in an image.",Released
20170128,CVE-2016-10168,,7.8,1022069,php53,https://www.suse.com/security/cve/CVE-2016-10168,"Integer overflow in gd_io.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to have unspecified impact via vectors involving the number of horizontal and vertical chunks in an image.",Released
20170129,CVE-2016-10169,4.4,5.5,1021483,wavpack,https://www.suse.com/security/cve/CVE-2016-10169,"The read_code function in read_words.c in Wavpack before 5.1.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted WV file.",Released
20170129,CVE-2016-10170,4.4,5.5,1021483,wavpack,https://www.suse.com/security/cve/CVE-2016-10170,"The WriteCaffHeader function in cli/caff.c in Wavpack before 5.1.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted WV file.",Released
20170129,CVE-2016-10171,4.4,5.5,1021483,wavpack,https://www.suse.com/security/cve/CVE-2016-10171,"The unreorder_channels function in cli/wvunpack.c in Wavpack before 5.1.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted WV file.",Released
20170129,CVE-2016-10172,4.4,5.5,1021483,wavpack,https://www.suse.com/security/cve/CVE-2016-10172,"The read_new_config_info function in open_utils.c in Wavpack before 5.1.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted WV file.",Released
20170201,CVE-2016-3695,2.2,5.5,1023051,kernel-default,https://www.suse.com/security/cve/CVE-2016-3695,"The einj_error_inject function in drivers/acpi/apei/einj.c in the Linux kernel allows local users to simulate hardware errors and consequently cause a denial of service by leveraging failure to disable APEI error injection through EINJ when securelevel is set.",Ignore
20170201,CVE-2016-3695,2.2,5.5,1023051,kernel-source,https://www.suse.com/security/cve/CVE-2016-3695,"The einj_error_inject function in drivers/acpi/apei/einj.c in the Linux kernel allows local users to simulate hardware errors and consequently cause a denial of service by leveraging failure to disable APEI error injection through EINJ when securelevel is set.",Affected
20170201,CVE-2016-3695,2.2,5.5,1023051,kernel-syms,https://www.suse.com/security/cve/CVE-2016-3695,"The einj_error_inject function in drivers/acpi/apei/einj.c in the Linux kernel allows local users to simulate hardware errors and consequently cause a denial of service by leveraging failure to disable APEI error injection through EINJ when securelevel is set.",Affected
20170201,CVE-2016-9577,8.8,8.8,1023078,spice,https://www.suse.com/security/cve/CVE-2016-9577,"A vulnerability was discovered in SPICE before 0.13.90 in the server's protocol handling. An authenticated attacker could send crafted messages to the SPICE server causing a heap overflow leading to a crash or possible code execution.",Released
20170201,CVE-2016-9578,7.5,7.5,1023078,spice,https://www.suse.com/security/cve/CVE-2016-9578,"A vulnerability was discovered in SPICE before 0.13.90 in the server's protocol handling. An attacker able to connect to the SPICE server could send crafted messages which would cause the process to crash.",Released
20170201,CVE-2017-2615,,5.5,1023004,kvm,https://www.suse.com/security/cve/CVE-2017-2615,"Quick emulator (QEMU) built with the Cirrus CLGD 54xx VGA emulator support is vulnerable to an out-of-bounds access issue. It could occur while copying VGA data via bitblt copy in backward mode. A privileged user inside a guest could use this flaw to crash the QEMU process resulting in DoS or potentially execute arbitrary code on the host with privileges of QEMU process on the host.",Released
20170201,CVE-2017-2615,,5.5,1023004,xen,https://www.suse.com/security/cve/CVE-2017-2615,"Quick emulator (QEMU) built with the Cirrus CLGD 54xx VGA emulator support is vulnerable to an out-of-bounds access issue. It could occur while copying VGA data via bitblt copy in backward mode. A privileged user inside a guest could use this flaw to crash the QEMU process resulting in DoS or potentially execute arbitrary code on the host with privileges of QEMU process on the host.",Released
20170202,CVE-2016-10195,,9.8,1022917,libevent,https://www.suse.com/security/cve/CVE-2016-10195,"The name_parse function in evdns.c in libevent before 2.1.6-beta allows remote attackers to have unspecified impact via vectors involving the label_len variable, which triggers an out-of-bounds stack read.",Released
20170202,CVE-2016-10196,,7.5,1022918,firefox-gcc5,https://www.suse.com/security/cve/CVE-2016-10196,"Stack-based buffer overflow in the evutil_parse_sockaddr_port function in evutil.c in libevent before 2.1.6-beta allows attackers to cause a denial of service (segmentation fault) via vectors involving a long string in brackets in the ip_as_string argument.",Released
20170202,CVE-2016-10196,,7.5,1022918,firefox-libffi-gcc5,https://www.suse.com/security/cve/CVE-2016-10196,"Stack-based buffer overflow in the evutil_parse_sockaddr_port function in evutil.c in libevent before 2.1.6-beta allows attackers to cause a denial of service (segmentation fault) via vectors involving a long string in brackets in the ip_as_string argument.",Released
20170202,CVE-2016-10196,,7.5,1022918,libevent,https://www.suse.com/security/cve/CVE-2016-10196,"Stack-based buffer overflow in the evutil_parse_sockaddr_port function in evutil.c in libevent before 2.1.6-beta allows attackers to cause a denial of service (segmentation fault) via vectors involving a long string in brackets in the ip_as_string argument.",Released
20170202,CVE-2016-10196,,7.5,1022918,mozilla-nss,https://www.suse.com/security/cve/CVE-2016-10196,"Stack-based buffer overflow in the evutil_parse_sockaddr_port function in evutil.c in libevent before 2.1.6-beta allows attackers to cause a denial of service (segmentation fault) via vectors involving a long string in brackets in the ip_as_string argument.",Released
20170202,CVE-2016-10197,,7.5,1022919,libevent,https://www.suse.com/security/cve/CVE-2016-10197,"The search_make_new function in evdns.c in libevent before 2.1.6-beta allows attackers to cause a denial of service (out-of-bounds read) via an empty hostname.",Released
20170202,CVE-2017-2616,,4.7,1023041,coreutils,https://www.suse.com/security/cve/CVE-2017-2616,"A race condition was found in util-linux before 2.32.1 in the way su handled the management of child processes. A local authenticated attacker could use this flaw to kill other processes with root privileges under specific conditions.",Released
20170202,CVE-2017-2616,,4.7,1023041,util-linux,https://www.suse.com/security/cve/CVE-2017-2616,"A race condition was found in util-linux before 2.32.1 in the way su handled the management of child processes. A local authenticated attacker could use this flaw to kill other processes with root privileges under specific conditions.",Ignore
20170202,CVE-2017-5837,,5.5,1023259,gstreamer-0_10-plugins-base,https://www.suse.com/security/cve/CVE-2017-5837,"The gst_riff_create_audio_caps function in gst-libs/gst/riff/riff-media.c in gst-plugins-base in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (floating point exception and crash) via a crafted video file.",Released
20170202,CVE-2017-5844,,5.5,1023259,gstreamer-0_10-plugins-base,https://www.suse.com/security/cve/CVE-2017-5844,"The gst_riff_create_audio_caps function in gst-libs/gst/riff/riff-media.c in gst-plugins-base in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (floating point exception and crash) via a crafted ASF file.",Released
20170202,CVE-2017-5856,,6.5,1023053,kvm,https://www.suse.com/security/cve/CVE-2017-5856,"Memory leak in the megasas_handle_dcmd function in hw/scsi/megasas.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption) via MegaRAID Firmware Interface (MFI) commands with the sglist size set to a value over 2 Gb.",Released
20170202,CVE-2017-5856,,6.5,1023053,xen,https://www.suse.com/security/cve/CVE-2017-5856,"Memory leak in the megasas_handle_dcmd function in hw/scsi/megasas.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption) via MegaRAID Firmware Interface (MFI) commands with the sglist size set to a value over 2 Gb.",Already fixed
20170207,CVE-2017-3135,7.5,5.9,1018700,bind,https://www.suse.com/security/cve/CVE-2017-3135,"Under some conditions when using both DNS64 and RPZ to rewrite query responses, query processing can resume in an inconsistent state leading to either an INSIST assertion failure or an attempt to read through a NULL pointer. Affects BIND 9.8.8, 9.9.3-S1 -> 9.9.9-S7, 9.9.3 -> 9.9.9-P5, 9.9.10b1, 9.10.0 -> 9.10.4-P5, 9.10.5b1, 9.11.0 -> 9.11.0-P2, 9.11.1b1.",Released
20170207,CVE-2017-5898,,5.5,1023907,kvm,https://www.suse.com/security/cve/CVE-2017-5898,"Integer overflow in the emulated_apdu_from_guest function in usb/dev-smartcard-reader.c in Quick Emulator (Qemu), when built with the CCID Card device emulator support, allows local users to cause a denial of service (application crash) via a large Application Protocol Data Units (APDU) unit.",Released
20170207,CVE-2017-5898,,5.5,1023907,xen,https://www.suse.com/security/cve/CVE-2017-5898,"Integer overflow in the emulated_apdu_from_guest function in usb/dev-smartcard-reader.c in Quick Emulator (Qemu), when built with the CCID Card device emulator support, allows local users to cause a denial of service (application crash) via a large Application Protocol Data Units (APDU) unit.",Ignore
20170208,CVE-2017-2579,,7.8,1024287,netpbm,https://www.suse.com/security/cve/CVE-2017-2579,"An out-of-bounds read vulnerability was found in netpbm before 10.61. The expandCodeOntoStack() function has an insufficient code value check, so that a maliciously crafted file could cause the application to crash or possibly allows code execution.",Released
20170208,CVE-2017-2580,,7.8,1024287,netpbm,https://www.suse.com/security/cve/CVE-2017-2580,"An out-of-bounds write vulnerability was found in netpbm before 10.61. A maliciously crafted file could cause the application to crash or possibly allow code execution.",Released
20170208,CVE-2017-2581,,7.8,1024287,netpbm,https://www.suse.com/security/cve/CVE-2017-2581,"An out-of-bounds write vulnerability was found in netpbm before 10.61. A maliciously crafted file could cause the application to crash or possibly allow code execution.",Released
20170208,CVE-2017-2586,,5.5,1024287,netpbm,https://www.suse.com/security/cve/CVE-2017-2586,"A null pointer dereference vulnerability was found in netpbm before 10.61. A maliciously crafted SVG file could cause the application to crash.",Released
20170208,CVE-2017-2587,,5.5,1024287,netpbm,https://www.suse.com/security/cve/CVE-2017-2587,"A memory allocation vulnerability was found in netpbm before 10.61. A maliciously crafted SVG file could cause the application to crash.",Released
20170208,CVE-2017-5884,3.1,7.8,1024266,gtk-vnc,https://www.suse.com/security/cve/CVE-2017-5884,"gtk-vnc before 0.7.0 does not properly check boundaries of subrectangle-containing tiles, which allows remote servers to execute arbitrary code via the src x, y coordinates in a crafted (1) rre, (2) hextile, or (3) copyrect tile.",Affected
20170210,CVE-2017-2620,,9.9,1024834,kvm,https://www.suse.com/security/cve/CVE-2017-2620,"Quick emulator (QEMU) before 2.8 built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to an out-of-bounds access issue. The issue could occur while copying VGA data in cirrus_bitblt_cputovideo. A privileged user inside guest could use this flaw to crash the QEMU process OR potentially execute arbitrary code on host with privileges of the QEMU process.",Already fixed
20170210,CVE-2017-2620,,9.9,1024834,xen,https://www.suse.com/security/cve/CVE-2017-2620,"Quick emulator (QEMU) before 2.8 built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to an out-of-bounds access issue. The issue could occur while copying VGA data in cirrus_bitblt_cputovideo. A privileged user inside guest could use this flaw to crash the QEMU process OR potentially execute arbitrary code on host with privileges of the QEMU process.",Released
20170210,CVE-2017-5953,8.4,9.8,1024724,vim,https://www.suse.com/security/cve/CVE-2017-5953,"vim before patch 8.0.0322 does not properly validate values for tree length when handling a spell file, which may result in an integer overflow at a memory allocation site and a resultant buffer overflow.",Released
20170212,CVE-2017-5970,,7.5,1024938,kernel-source,https://www.suse.com/security/cve/CVE-2017-5970,"The ipv4_pktinfo_prepare function in net/ipv4/ip_sockglue.c in the Linux kernel through 4.9.9 allows attackers to cause a denial of service (system crash) via (1) an application that makes crafted system calls or possibly (2) IPv4 traffic with invalid IP options.",Released
20170213,CVE-2017-2624,5.9,7,1025029,xorg-x11-server,https://www.suse.com/security/cve/CVE-2017-2624,"It was found that xorg-x11-server before 1.19.0 including uses memcmp() to check the received MIT cookie against a series of valid cookies. If the cookie is correct, it is allowed to attach to the Xorg session. Since most memcmp() implementations return after an invalid byte is seen, this causes a time difference between a valid and invalid byte, which could allow an efficient brute force attack.",Released
20170213,CVE-2017-2625,,6.5,1025046,xorg-x11-libXdmcp,https://www.suse.com/security/cve/CVE-2017-2625,"It was discovered that libXdmcp before 1.1.2 including used weak entropy to generate session keys. On a multi-user system using xdmcp, a local attacker could potentially use information available from the process list to brute force the key, allowing them to hijack other users' sessions.",Released
20170213,CVE-2017-2626,5.2,5.2,1025068,gnome-session,https://www.suse.com/security/cve/CVE-2017-2626,"It was discovered that libICE before 1.0.9-8 used a weak entropy to generate keys. A local attacker could potentially use this flaw for session hijacking using the information available from the process list.",Released
20170213,CVE-2017-2626,5.2,5.2,1025068,xorg-x11-libICE,https://www.suse.com/security/cve/CVE-2017-2626,"It was discovered that libICE before 1.0.9-8 used a weak entropy to generate keys. A local attacker could potentially use this flaw for session hijacking using the information available from the process list.",Released
20170213,CVE-2017-5969,,4.7,1024989,libxml2,https://www.suse.com/security/cve/CVE-2017-5969,"** DISPUTED ** libxml2 2.9.4, when used in recover mode, allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted XML document.  NOTE: The maintainer states \"I would disagree of a CVE with the Recover parsing option which should only be used for manual recovery at least for XML parser.\"",Released
20170213,CVE-2017-5969,,4.7,1024989,libxml2-python,https://www.suse.com/security/cve/CVE-2017-5969,"** DISPUTED ** libxml2 2.9.4, when used in recover mode, allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted XML document.  NOTE: The maintainer states \"I would disagree of a CVE with the Recover parsing option which should only be used for manual recovery at least for XML parser.\"",Released
20170213,CVE-2017-5973,,5.5,1025109,kvm,https://www.suse.com/security/cve/CVE-2017-5973,"The xhci_kick_epctx function in hw/usb/hcd-xhci.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (infinite loop and QEMU process crash) via vectors related to control transfer descriptor sequence.",Released
20170213,CVE-2017-5973,,5.5,1025109,xen,https://www.suse.com/security/cve/CVE-2017-5973,"The xhci_kick_epctx function in hw/usb/hcd-xhci.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (infinite loop and QEMU process crash) via vectors related to control transfer descriptor sequence.",Ignore
20170214,CVE-2017-5967,,4,1025209,kernel-source,https://www.suse.com/security/cve/CVE-2017-5967,"The time subsystem in the Linux kernel through 4.9.9, when CONFIG_TIMER_STATS is enabled, allows local users to discover real PID values (as distinguished from PID values inside a PID namespace) by reading the /proc/timer_list file, related to the print_timer function in kernel/time/timer_list.c and the __timer_stats_timer_set_start_info function in kernel/time/timer.c.",Ignore
20170214,CVE-2017-5986,,5.5,1025235,kernel-source,https://www.suse.com/security/cve/CVE-2017-5986,"Race condition in the sctp_wait_for_sndbuf function in net/sctp/socket.c in the Linux kernel before 4.9.11 allows local users to cause a denial of service (assertion failure and panic) via a multithreaded application that peels off an association in a certain buffer-full state.",Released
20170215,CVE-2015-8984,-1,-1,1123874,glibc,https://www.suse.com/security/cve/CVE-2015-8984,"The fnmatch function in the GNU C Library (aka glibc or libc6) before 2.22 might allow context-dependent attackers to cause a denial of service (application crash) via a malformed pattern, which triggers an out-of-bounds read.",Released
20170216,CVE-2017-6001,,7,1015160,kernel-source,https://www.suse.com/security/cve/CVE-2017-6001,"Race condition in kernel/events/core.c in the Linux kernel before 4.9.7 allows local users to gain privileges via a crafted application that makes concurrent perf_event_open system calls for moving a software group into a hardware context.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-6786.",Ignore
20170217,CVE-2017-6014,,7.5,1025913,wireshark,https://www.suse.com/security/cve/CVE-2017-6014,"In Wireshark 2.2.4 and earlier, a crafted or malformed STANAG 4607 capture file will cause an infinite loop and memory exhaustion. If the packet size field in a packet header is null, the offset to read from will not advance, causing continuous attempts to read the same zero length packet. This will quickly exhaust all system memory.",Released
20170218,CVE-2017-6074,7.8,7.8,1026024,kernel-source,https://www.suse.com/security/cve/CVE-2017-6074,"The dccp_rcv_state_process function in net/dccp/input.c in the Linux kernel through 4.9.11 mishandles DCCP_PKT_REQUEST packet data structures in the LISTEN state, which allows local users to obtain root privileges or cause a denial of service (double free) via an application that makes an IPV6_RECVPKTINFO setsockopt system call.",Released
20170220,CVE-2016-9596,,6.5,1026099,libxml2,https://www.suse.com/security/cve/CVE-2016-9596,"libxml2, as used in Red Hat JBoss Core Services and when in recovery mode, allows context-dependent attackers to cause a denial of service (stack consumption) via a crafted XML document. NOTE: this vulnerability exists because of an incorrect fix for CVE-2016-3627.",Released
20170220,CVE-2017-5972,7.5,7.5,1026173,kernel-source,https://www.suse.com/security/cve/CVE-2017-5972,"The TCP stack in the Linux kernel 3.x does not properly implement a SYN cookie protection mechanism for the case of a fast network connection, which allows remote attackers to cause a denial of service (CPU consumption) by sending many TCP SYN packets, as demonstrated by an attack against the kernel-3.10.0 package in CentOS Linux 7. NOTE: third parties have been unable to discern any relationship between the GitHub Engineering finding and the Trigemini.c attack code.",Ignore
20170223,CVE-2016-7837,,7.8,1026652,bluez,https://www.suse.com/security/cve/CVE-2016-7837,"Buffer overflow in BlueZ 5.41 and earlier allows an attacker to execute arbitrary code via the parse_line function used in some userland utilities.",Unsupported
20170223,CVE-2017-2633,,6.5,1026612,kvm,https://www.suse.com/security/cve/CVE-2017-2633,"An out-of-bounds memory access issue was found in Quick Emulator (QEMU) before 1.7.2 in the VNC display driver. This flaw could occur while refreshing the VNC display surface area in the 'vnc_refresh_server_surface'. A user inside a guest could use this flaw to crash the QEMU process.",Released
20170223,CVE-2017-2633,,6.5,1026612,xen,https://www.suse.com/security/cve/CVE-2017-2633,"An out-of-bounds memory access issue was found in Quick Emulator (QEMU) before 1.7.2 in the VNC display driver. This flaw could occur while refreshing the VNC display surface area in the 'vnc_refresh_server_surface'. A user inside a guest could use this flaw to crash the QEMU process.",Released
20170223,CVE-2017-6214,,7.5,1026722,kernel-source,https://www.suse.com/security/cve/CVE-2017-6214,"The tcp_splice_read function in net/ipv4/tcp.c in the Linux kernel before 4.9.11 allows remote attackers to cause a denial of service (infinite loop and soft lockup) via vectors involving a TCP packet with the URG flag.",Released
20170224,CVE-2017-5669,,7.8,1026914,kernel-source,https://www.suse.com/security/cve/CVE-2017-5669,"The do_shmat function in ipc/shm.c in the Linux kernel through 4.9.12 does not restrict the address calculated by a certain rounding operation, which allows local users to map page zero, and consequently bypass a protection mechanism that exists for the mmap system call, by making crafted shmget and shmat system calls in a privileged context.",Released
20170227,CVE-2017-6312,,5.5,1027024,firefox-gdk-pixbuf,https://www.suse.com/security/cve/CVE-2017-6312,"Integer overflow in io-ico.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (segmentation fault and application crash) via a crafted image entry offset in an ICO file, which triggers an out-of-bounds read, related to compiler optimizations.",Released
20170227,CVE-2017-6312,,5.5,1027024,gtk2,https://www.suse.com/security/cve/CVE-2017-6312,"Integer overflow in io-ico.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (segmentation fault and application crash) via a crafted image entry offset in an ICO file, which triggers an out-of-bounds read, related to compiler optimizations.",Released
20170227,CVE-2017-6313,4.4,7.1,1027024,firefox-gdk-pixbuf,https://www.suse.com/security/cve/CVE-2017-6313,"Integer underflow in the load_resources function in io-icns.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (out-of-bounds read and program crash) via a crafted image entry size in an ICO file.",Ignore
20170227,CVE-2017-6313,4.4,7.1,1027024,gtk2,https://www.suse.com/security/cve/CVE-2017-6313,"Integer underflow in the load_resources function in io-icns.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (out-of-bounds read and program crash) via a crafted image entry size in an ICO file.",Released
20170227,CVE-2017-6314,3.3,5.5,1027024,gtk2,https://www.suse.com/security/cve/CVE-2017-6314,"The make_available_at_least function in io-tiff.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (infinite loop) via a large TIFF file.",Released
20170227,CVE-2017-6353,5.5,5.5,1025235,kernel-source,https://www.suse.com/security/cve/CVE-2017-6353,"net/sctp/socket.c in the Linux kernel through 4.10.1 does not properly restrict association peel-off operations during certain wait states, which allows local users to cause a denial of service (invalid unlock and double free) via a multithreaded application.  NOTE: this vulnerability exists because of an incorrect fix for CVE-2017-5986.",Released
20170228,CVE-2017-2619,,7.5,1027147,samba,https://www.suse.com/security/cve/CVE-2017-2619,"Samba before versions 4.6.1, 4.5.7 and 4.4.11 are vulnerable to a malicious client using a symlink race to allow access to areas of the server file system not exported under the share definition.",Released
20170228,CVE-2017-6318,,7.5,1027197,sane-backends,https://www.suse.com/security/cve/CVE-2017-6318,"saned in sane-backends 1.0.25 allows remote attackers to obtain sensitive memory information via a crafted SANE_NET_CONTROL_OPTION packet.",Released
20170228,CVE-2017-6335,,5.5,1027255,ImageMagick,https://www.suse.com/security/cve/CVE-2017-6335,"The QuantumTransferMode function in coders/tiff.c in GraphicsMagick 1.3.25 and earlier allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a small samples per pixel value in a CMYKA TIFF file.",Ignore
20170228,CVE-2017-6346,,7,1027179,kernel-source,https://www.suse.com/security/cve/CVE-2017-6346,"Race condition in net/packet/af_packet.c in the Linux kernel before 4.9.13 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a multithreaded application that makes PACKET_FANOUT setsockopt system calls.",Unsupported
20170228,CVE-2017-6348,6.2,5.5,1027178,kernel-source,https://www.suse.com/security/cve/CVE-2017-6348,"The hashbin_delete function in net/irda/irqueue.c in the Linux kernel before 4.9.13 improperly manages lock dropping, which allows local users to cause a denial of service (deadlock) via crafted operations on IrDA devices.",Released
20170301,CVE-2014-2146,-1,-1,995359,firefox-atk,https://www.suse.com/security/cve/CVE-2014-2146,"The Zone-Based Firewall (ZBFW) functionality in Cisco IOS, possibly 15.4 and earlier, and IOS XE, possibly 3.13 and earlier, mishandles zone checking for existing sessions, which allows remote attackers to bypass intended resource-access restrictions via spoofed traffic that matches one of these sessions, aka Bug IDs CSCun94946 and CSCun96847.",Released
20170301,CVE-2014-2146,-1,-1,995359,firefox-cairo,https://www.suse.com/security/cve/CVE-2014-2146,"The Zone-Based Firewall (ZBFW) functionality in Cisco IOS, possibly 15.4 and earlier, and IOS XE, possibly 3.13 and earlier, mishandles zone checking for existing sessions, which allows remote attackers to bypass intended resource-access restrictions via spoofed traffic that matches one of these sessions, aka Bug IDs CSCun94946 and CSCun96847.",Released
20170301,CVE-2014-2146,-1,-1,995359,firefox-gcc8,https://www.suse.com/security/cve/CVE-2014-2146,"The Zone-Based Firewall (ZBFW) functionality in Cisco IOS, possibly 15.4 and earlier, and IOS XE, possibly 3.13 and earlier, mishandles zone checking for existing sessions, which allows remote attackers to bypass intended resource-access restrictions via spoofed traffic that matches one of these sessions, aka Bug IDs CSCun94946 and CSCun96847.",Released
20170301,CVE-2014-2146,-1,-1,995359,firefox-gdk-pixbuf,https://www.suse.com/security/cve/CVE-2014-2146,"The Zone-Based Firewall (ZBFW) functionality in Cisco IOS, possibly 15.4 and earlier, and IOS XE, possibly 3.13 and earlier, mishandles zone checking for existing sessions, which allows remote attackers to bypass intended resource-access restrictions via spoofed traffic that matches one of these sessions, aka Bug IDs CSCun94946 and CSCun96847.",Released
20170301,CVE-2014-2146,-1,-1,995359,firefox-glib2,https://www.suse.com/security/cve/CVE-2014-2146,"The Zone-Based Firewall (ZBFW) functionality in Cisco IOS, possibly 15.4 and earlier, and IOS XE, possibly 3.13 and earlier, mishandles zone checking for existing sessions, which allows remote attackers to bypass intended resource-access restrictions via spoofed traffic that matches one of these sessions, aka Bug IDs CSCun94946 and CSCun96847.",Released
20170301,CVE-2014-2146,-1,-1,995359,firefox-gtk3,https://www.suse.com/security/cve/CVE-2014-2146,"The Zone-Based Firewall (ZBFW) functionality in Cisco IOS, possibly 15.4 and earlier, and IOS XE, possibly 3.13 and earlier, mishandles zone checking for existing sessions, which allows remote attackers to bypass intended resource-access restrictions via spoofed traffic that matches one of these sessions, aka Bug IDs CSCun94946 and CSCun96847.",Released
20170301,CVE-2014-2146,-1,-1,995359,firefox-harfbuzz,https://www.suse.com/security/cve/CVE-2014-2146,"The Zone-Based Firewall (ZBFW) functionality in Cisco IOS, possibly 15.4 and earlier, and IOS XE, possibly 3.13 and earlier, mishandles zone checking for existing sessions, which allows remote attackers to bypass intended resource-access restrictions via spoofed traffic that matches one of these sessions, aka Bug IDs CSCun94946 and CSCun96847.",Released
20170301,CVE-2014-2146,-1,-1,995359,firefox-libffi-gcc5,https://www.suse.com/security/cve/CVE-2014-2146,"The Zone-Based Firewall (ZBFW) functionality in Cisco IOS, possibly 15.4 and earlier, and IOS XE, possibly 3.13 and earlier, mishandles zone checking for existing sessions, which allows remote attackers to bypass intended resource-access restrictions via spoofed traffic that matches one of these sessions, aka Bug IDs CSCun94946 and CSCun96847.",Released
20170301,CVE-2014-2146,-1,-1,995359,firefox-libffi,https://www.suse.com/security/cve/CVE-2014-2146,"The Zone-Based Firewall (ZBFW) functionality in Cisco IOS, possibly 15.4 and earlier, and IOS XE, possibly 3.13 and earlier, mishandles zone checking for existing sessions, which allows remote attackers to bypass intended resource-access restrictions via spoofed traffic that matches one of these sessions, aka Bug IDs CSCun94946 and CSCun96847.",Released
20170301,CVE-2014-2146,-1,-1,995359,firefox-pango,https://www.suse.com/security/cve/CVE-2014-2146,"The Zone-Based Firewall (ZBFW) functionality in Cisco IOS, possibly 15.4 and earlier, and IOS XE, possibly 3.13 and earlier, mishandles zone checking for existing sessions, which allows remote attackers to bypass intended resource-access restrictions via spoofed traffic that matches one of these sessions, aka Bug IDs CSCun94946 and CSCun96847.",Released
20170301,CVE-2014-2146,-1,-1,995359,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2014-2146,"The Zone-Based Firewall (ZBFW) functionality in Cisco IOS, possibly 15.4 and earlier, and IOS XE, possibly 3.13 and earlier, mishandles zone checking for existing sessions, which allows remote attackers to bypass intended resource-access restrictions via spoofed traffic that matches one of these sessions, aka Bug IDs CSCun94946 and CSCun96847.",Released
20170301,CVE-2014-2146,-1,-1,995359,openssl,https://www.suse.com/security/cve/CVE-2014-2146,"The Zone-Based Firewall (ZBFW) functionality in Cisco IOS, possibly 15.4 and earlier, and IOS XE, possibly 3.13 and earlier, mishandles zone checking for existing sessions, which allows remote attackers to bypass intended resource-access restrictions via spoofed traffic that matches one of these sessions, aka Bug IDs CSCun94946 and CSCun96847.",Released
20170301,CVE-2016-10228,3.3,5.9,1027496,glibc,https://www.suse.com/security/cve/CVE-2016-10228,"The iconv program in the GNU C Library (aka glibc or libc6) 2.31 and earlier, when invoked with multiple suffixes in the destination encoding (TRANSLATE or IGNORE) along with the -c option, enters an infinite loop when processing invalid multi-byte input sequences, leading to a denial of service.",Unsupported
20170302,CVE-2017-2636,,7,1027565,kernel-source,https://www.suse.com/security/cve/CVE-2017-2636,"Race condition in drivers/tty/n_hdlc.c in the Linux kernel through 4.10.1 allows local users to gain privileges or cause a denial of service (double free) by setting the HDLC line discipline.",Released
20170306,CVE-2016-10244,,7.8,1028103,freetype2,https://www.suse.com/security/cve/CVE-2016-10244,"The parse_charstrings function in type1/t1load.c in FreeType 2 before 2.7 does not ensure that a font contains a glyph name, which allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted file.",Released
20170306,CVE-2017-6467,,7.5,1027998,wireshark,https://www.suse.com/security/cve/CVE-2017-6467,"In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is a Netscaler file parser infinite loop, triggered by a malformed capture file. This was addressed in wiretap/netscaler.c by changing the restrictions on file size.",Affected
20170306,CVE-2017-6468,,7.5,1027998,wireshark,https://www.suse.com/security/cve/CVE-2017-6468,"In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is a NetScaler file parser crash, triggered by a malformed capture file. This was addressed in wiretap/netscaler.c by validating the relationship between pages and records.",Affected
20170306,CVE-2017-6469,,7.5,1027998,wireshark,https://www.suse.com/security/cve/CVE-2017-6469,"In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is an LDSS dissector crash, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-ldss.c by ensuring that memory is allocated for a certain data structure.",Released
20170306,CVE-2017-6470,,7.5,1027998,wireshark,https://www.suse.com/security/cve/CVE-2017-6470,"In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is an IAX2 infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-iax2.c by constraining packet lateness.",Released
20170306,CVE-2017-6471,,7.5,1027998,wireshark,https://www.suse.com/security/cve/CVE-2017-6471,"In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is a WSP infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-wsp.c by validating the capability length.",Released
20170306,CVE-2017-6472,,7.5,1027998,wireshark,https://www.suse.com/security/cve/CVE-2017-6472,"In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is an RTMPT dissector infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-rtmpt.c by properly incrementing a certain sequence value.",Released
20170306,CVE-2017-6473,,7.5,1027998,wireshark,https://www.suse.com/security/cve/CVE-2017-6473,"In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is a K12 file parser crash, triggered by a malformed capture file. This was addressed in wiretap/k12.c by validating the relationships between lengths and offsets.",Released
20170306,CVE-2017-6474,,7.5,1027998,wireshark,https://www.suse.com/security/cve/CVE-2017-6474,"In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is a NetScaler file parser infinite loop, triggered by a malformed capture file. This was addressed in wiretap/netscaler.c by validating record sizes.",Released
20170306,CVE-2017-6500,,5.5,1028079,ImageMagick,https://www.suse.com/security/cve/CVE-2017-6500,"An issue was discovered in ImageMagick 6.9.7. A specially crafted sun file triggers a heap-based buffer over-read.",Released
20170306,CVE-2017-6505,,6.5,1028184,kvm,https://www.suse.com/security/cve/CVE-2017-6505,"The ohci_service_ed_list function in hw/usb/hcd-ohci.c in QEMU (aka Quick Emulator) before 2.9.0 allows local guest OS users to cause a denial of service (infinite loop) via vectors involving the number of link endpoint list descriptors, a different vulnerability than CVE-2017-9330.",Released
20170306,CVE-2017-6505,,6.5,1028184,xen,https://www.suse.com/security/cve/CVE-2017-6505,"The ohci_service_ed_list function in hw/usb/hcd-ohci.c in QEMU (aka Quick Emulator) before 2.9.0 allows local guest OS users to cause a denial of service (infinite loop) via vectors involving the number of link endpoint list descriptors, a different vulnerability than CVE-2017-9330.",Ignore
20170307,CVE-2016-9398,,7.5,1010979,jasper,https://www.suse.com/security/cve/CVE-2016-9398,"The jpc_floorlog2 function in jpc_math.c in JasPer before 1.900.17 allows remote attackers to cause a denial of service (assertion failure) via unspecified vectors.",Released
20170307,CVE-2017-6508,,6.1,1028301,wget,https://www.suse.com/security/cve/CVE-2017-6508,"CRLF injection vulnerability in the url_parse function in url.c in Wget through 1.19.1 allows remote attackers to inject arbitrary HTTP headers via CRLF sequences in the host subcomponent of a URL.",Released
20170308,CVE-2016-10200,,7,1027179,kernel-source,https://www.suse.com/security/cve/CVE-2016-10200,"Race condition in the L2TPv3 IP Encapsulation feature in the Linux kernel before 4.8.14 allows local users to gain privileges or cause a denial of service (use-after-free) by making multiple bind system calls without properly ascertaining whether a socket has the SOCK_ZAPPED status, related to net/l2tp/l2tp_ip.c and net/l2tp/l2tp_ip6.c.",Released
20170309,CVE-2016-9603,,9.9,1028655,kvm,https://www.suse.com/security/cve/CVE-2016-9603,"A heap buffer overflow flaw was found in QEMU's Cirrus CLGD 54xx VGA emulator's VNC display driver support before 2.9; the issue could occur when a VNC client attempted to update its display after a VGA operation is performed by a guest. A privileged user/process inside a guest could use this flaw to crash the QEMU process or, potentially, execute arbitrary code on the host with privileges of the QEMU process.",Released
20170309,CVE-2016-9603,,9.9,1028655,xen,https://www.suse.com/security/cve/CVE-2016-9603,"A heap buffer overflow flaw was found in QEMU's Cirrus CLGD 54xx VGA emulator's VNC display driver support before 2.9; the issue could occur when a VNC client attempted to update its display after a VGA operation is performed by a guest. A privileged user/process inside a guest could use this flaw to crash the QEMU process or, potentially, execute arbitrary code on the host with privileges of the QEMU process.",Released
20170310,CVE-2017-5029,,8.8,1028848,libxslt,https://www.suse.com/security/cve/CVE-2017-5029,"The xsltAddTextString function in transform.c in libxslt 1.1.29, as used in Blink in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android, lacked a check for integer overflow during a size calculation, which allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.",Released
20170313,CVE-2017-6850,,5.5,1021868,jasper,https://www.suse.com/security/cve/CVE-2017-6850,"The jp2_cdef_destroy function in jp2_cod.c in JasPer before 2.0.13 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted image.",Released
20170315,CVE-2016-10251,5.5,7.8,1029497,jasper,https://www.suse.com/security/cve/CVE-2016-10251,"Integer overflow in the jpc_pi_nextcprl function in jpc_t2cod.c in JasPer before 1.900.20 allows remote attackers to have unspecified impact via a crafted file, which triggers use of an uninitialized value.",Released
20170315,CVE-2017-6852,5.6,7.8,1021871,jasper,https://www.suse.com/security/cve/CVE-2017-6852,"Heap-based buffer overflow in the jpc_dec_decodepkt function in jpc_t2dec.c in JasPer 2.0.10 allows remote attackers to have unspecified impact via a crafted image.",Already fixed
20170316,CVE-2016-10250,,7.5,1006836,jasper,https://www.suse.com/security/cve/CVE-2016-10250,"The jp2_colr_destroy function in jp2_cod.c in JasPer before 1.900.13 allows remote attackers to cause a denial of service (NULL pointer dereference) by leveraging incorrect cleanup of JP2 box data on error. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8887.",Released
20170316,CVE-2017-6507,,5.9,1029696,apparmor,https://www.suse.com/security/cve/CVE-2017-6507,"An issue was discovered in AppArmor before 2.12. Incorrect handling of unknown AppArmor profiles in AppArmor init scripts, upstart jobs, and/or systemd unit files allows an attacker to possibly have increased attack surfaces of processes that were intended to be confined by AppArmor. This is due to the common logic to handle 'restart' operations removing AppArmor profiles that aren't found in the typical filesystem locations, such as /etc/apparmor.d/. Userspace projects that manage their own AppArmor profiles in atypical directories, such as what's done by LXD and Docker, are affected by this flaw in the AppArmor init script logic.",Analysis
20170317,CVE-2015-8982,7.4,8.1,1123874,glibc,https://www.suse.com/security/cve/CVE-2015-8982,"Integer overflow in the strxfrm function in the GNU C Library (aka glibc or libc6) before 2.21 allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string, which triggers a stack-based buffer overflow.",Released
20170317,CVE-2015-8983,6.6,,1123874,glibc,https://www.suse.com/security/cve/CVE-2015-8983,"Integer overflow in the _IO_wstr_overflow function in libio/wstrops.c in the GNU C Library (aka glibc or libc6) before 2.22 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors related to computing a size in bytes, which triggers a heap-based buffer overflow.",Released
20170317,CVE-2015-8985,5.1,5.9,1193625,glibc,https://www.suse.com/security/cve/CVE-2015-8985,"The pop_fail_stack function in the GNU C Library (aka glibc or libc6) allows context-dependent attackers to cause a denial of service (assertion failure and application crash) via vectors related to extended regular expression processing.",Released
20170317,CVE-2017-6951,5.5,5.5,1029850,kernel-source,https://www.suse.com/security/cve/CVE-2017-6951,"The keyring_search_aux function in security/keys/keyring.c in the Linux kernel through 3.14.79 allows local users to cause a denial of service (NULL pointer dereference and OOPS) via a request_key system call for the \"dead\" type.",Released
20170317,CVE-2017-6965,5.5,5.5,1029909,binutils,https://www.suse.com/security/cve/CVE-2017-6965,"readelf in GNU Binutils 2.28 writes to illegal addresses while processing corrupt input files containing symbol-difference relocations, leading to a heap-based buffer overflow.",Unsupported
20170317,CVE-2017-6966,,5.5,1029908,binutils,https://www.suse.com/security/cve/CVE-2017-6966,"readelf in GNU Binutils 2.28 has a use-after-free (specifically read-after-free) error while processing multiple, relocated sections in an MSP430 binary. This is caused by mishandling of an invalid symbol index, and mishandling of state across invocations.",Ignore
20170317,CVE-2017-6967,5.5,7.3,1029912,xrdp,https://www.suse.com/security/cve/CVE-2017-6967,"xrdp 0.9.1 calls the PAM function auth_start_session() in an incorrect location, leading to PAM session modules not being properly initialized, with a potential consequence of incorrect configurations or elevation of privileges, aka a pam_limits.so bypass.",Unsupported
20170317,CVE-2017-6969,,9.1,1029907,binutils,https://www.suse.com/security/cve/CVE-2017-6969,"readelf in GNU Binutils 2.28 is vulnerable to a heap-based buffer over-read while processing corrupt RL78 binaries. The vulnerability can trigger program crashes. It may lead to an information leak as well.",Ignore
20170320,CVE-2016-9042,,5.9,1030050,ntp,https://www.suse.com/security/cve/CVE-2016-9042,"An exploitable denial of service vulnerability exists in the origin timestamp check functionality of ntpd 4.2.8p9. A specially crafted unauthenticated network packet can be used to reset the expected origin timestamp for target peers. Legitimate replies from targeted peers will fail the origin timestamp check (TEST2) causing the reply to be dropped and creating a denial of service condition.",Released
20170320,CVE-2017-6451,,7.8,1030050,ntp,https://www.suse.com/security/cve/CVE-2017-6451,"The mx4200_send function in the legacy MX4200 refclock in NTP before 4.2.8p10 and 4.3.x before 4.3.94 does not properly handle the return value of the snprintf function, which allows local users to execute arbitrary code via unspecified vectors, which trigger an out-of-bounds memory write.",Released
20170320,CVE-2017-6452,,7.8,1030050,ntp,https://www.suse.com/security/cve/CVE-2017-6452,"Stack-based buffer overflow in the Windows installer for NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows local users to have unspecified impact via an application path on the command line.",Analysis
20170320,CVE-2017-6455,,7,1030050,ntp,https://www.suse.com/security/cve/CVE-2017-6455,"NTP before 4.2.8p10 and 4.3.x before 4.3.94, when using PPSAPI, allows local users to gain privileges via a DLL in the PPSAPI_DLLS environment variable.",Analysis
20170320,CVE-2017-6458,,8.8,1030050,ntp,https://www.suse.com/security/cve/CVE-2017-6458,"Multiple buffer overflows in the ctl_put* functions in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allow remote authenticated users to have unspecified impact via a long variable.",Released
20170320,CVE-2017-6459,,5.5,1030050,ntp,https://www.suse.com/security/cve/CVE-2017-6459,"The Windows installer for NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows local users to have unspecified impact via vectors related to an argument with multiple null bytes.",Analysis
20170320,CVE-2017-6460,,8.8,1030050,ntp,https://www.suse.com/security/cve/CVE-2017-6460,"Stack-based buffer overflow in the reslist function in ntpq in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows remote servers have unspecified impact via a long flagstr variable in a restriction list response.",Released
20170320,CVE-2017-6462,,7.8,1030050,ntp,https://www.suse.com/security/cve/CVE-2017-6462,"Buffer overflow in the legacy Datum Programmable Time Server (DPTS) refclock driver in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows local users to have unspecified impact via a crafted /dev/datum device.",Released
20170320,CVE-2017-6463,,6.5,1030050,ntp,https://www.suse.com/security/cve/CVE-2017-6463,"NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows remote authenticated users to cause a denial of service (daemon crash) via an invalid setting in a :config directive, related to the unpeer option.",Released
20170320,CVE-2017-6464,,6.5,1030050,ntp,https://www.suse.com/security/cve/CVE-2017-6464,"NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows remote attackers to cause a denial of service (ntpd crash) via a malformed mode configuration directive.",Released
20170321,CVE-2014-9939,-1,-1,1030296,binutils,https://www.suse.com/security/cve/CVE-2014-9939,"ihex.c in GNU Binutils before 2.26 contains a stack buffer overflow when printing bad bytes in Intel Hex objects.",Ignore
20170321,CVE-2017-7187,5.5,7.8,1027179,kernel-source,https://www.suse.com/security/cve/CVE-2017-7187,"The sg_ioctl function in drivers/scsi/sg.c in the Linux kernel through 4.10.4 allows local users to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a large command size in an SG_NEXT_CMD_LEN ioctl call, leading to out-of-bounds write access in the sg_write function.",Released
20170321,CVE-2017-7207,,5.5,1030263,ghostscript-library,https://www.suse.com/security/cve/CVE-2017-7207,"The mem_get_bits_rectangle function in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted PostScript document.",Released
20170321,CVE-2017-7209,,5.5,1030295,binutils,https://www.suse.com/security/cve/CVE-2017-7209,"The dump_section_as_bytes function in readelf in GNU Binutils 2.28 accesses a NULL pointer while reading section contents in a corrupt binary, leading to a program crash.",Ignore
20170321,CVE-2017-7210,,5.5,1030295,binutils,https://www.suse.com/security/cve/CVE-2017-7210,"objdump in GNU Binutils 2.28 is vulnerable to multiple heap-based buffer over-reads (of size 1 and size 8) while handling corrupt STABS enum type strings in a crafted object file, leading to program crash.",Ignore
20170322,CVE-2016-10254,,5.5,1030472,elfutils,https://www.suse.com/security/cve/CVE-2016-10254,"The allocate_elf function in common.h in elfutils before 0.168 allows remote attackers to cause a denial of service (crash) via a crafted ELF file, which triggers a memory allocation failure.",Released
20170322,CVE-2016-10255,,5.5,1030472,elfutils,https://www.suse.com/security/cve/CVE-2016-10255,"The __libelf_set_rawdata_wrlock function in elf_getdata.c in elfutils before 0.168 allows remote attackers to cause a denial of service (crash) via a crafted (1) sh_off or (2) sh_size ELF header value, which triggers a memory allocation failure.",Released
20170322,CVE-2017-7228,,8.2,1030442,xen,https://www.suse.com/security/cve/CVE-2017-7228,"An issue (known as XSA-212) was discovered in Xen, with fixes available for 4.8.x, 4.7.x, 4.6.x, 4.5.x, and 4.4.x. The earlier XSA-29 fix introduced an insufficient check on XENMEM_exchange input, allowing the caller to drive hypervisor memory accesses outside of the guest provided input/output arrays.",Released
20170323,CVE-2017-2647,7.8,7.8,1030593,kernel-source,https://www.suse.com/security/cve/CVE-2017-2647,"The KEYS subsystem in the Linux kernel before 3.18 allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via vectors involving a NULL value for a certain match field, related to the keyring_search_iterator function in keyring.c.",Released
20170323,CVE-2017-7184,,7.8,1030573,kernel-source,https://www.suse.com/security/cve/CVE-2017-7184,"The xfrm_replay_verify_len function in net/xfrm/xfrm_user.c in the Linux kernel through 4.10.6 does not validate certain size data after an XFRM_MSG_NEWAE update, which allows local users to obtain root privileges or cause a denial of service (heap-based out-of-bounds access) by leveraging the CAP_NET_ADMIN capability, as demonstrated during a Pwn2Own competition at CanSecWest 2017 for the Ubuntu 16.10 linux-image-* package 4.8.0.41.52.",Released
20170323,CVE-2017-7223,,7.5,1030295,binutils,https://www.suse.com/security/cve/CVE-2017-7223,"GNU assembler in GNU Binutils 2.28 is vulnerable to a global buffer overflow (of size 1) while attempting to unget an EOF character from the input stream, potentially leading to a program crash.",Ignore
20170323,CVE-2017-7224,,5.5,1030295,binutils,https://www.suse.com/security/cve/CVE-2017-7224,"The find_nearest_line function in objdump in GNU Binutils 2.28 is vulnerable to an invalid write (of size 1) while disassembling a corrupt binary that contains an empty function name, leading to a program crash.",Ignore
20170323,CVE-2017-7225,,7.5,1030295,binutils,https://www.suse.com/security/cve/CVE-2017-7225,"The find_nearest_line function in addr2line in GNU Binutils 2.28 does not handle the case where the main file name and the directory name are both empty, triggering a NULL pointer dereference and an invalid write, and leading to a program crash.",Ignore
20170323,CVE-2017-7226,,9.1,1030295,binutils,https://www.suse.com/security/cve/CVE-2017-7226,"The pe_ILF_object_p function in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to a heap-based buffer over-read of size 4049 because it uses the strlen function instead of strnlen, leading to program crashes in several utilities such as addr2line, size, and strings. It could lead to information disclosure as well.",Ignore
20170323,CVE-2017-7227,3.3,7.5,1030583,binutils,https://www.suse.com/security/cve/CVE-2017-7227,"GNU linker (ld) in GNU Binutils 2.28 is vulnerable to a heap-based buffer overflow while processing a bogus input script, leading to a program crash. This relates to lack of '\0' termination of a name field in ldlex.l.",Unsupported
20170327,CVE-2017-7261,,5.5,1027179,kernel-source,https://www.suse.com/security/cve/CVE-2017-7261,"The vmw_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel through 4.10.5 does not check for a zero value of certain levels data, which allows local users to cause a denial of service (ZERO_SIZE_PTR dereference, and GPF and possibly panic) via a crafted ioctl call for a /dev/dri/renderD* device.",Released
20170328,CVE-2016-10266,,5.5,1017694,tiff,https://www.suse.com/security/cve/CVE-2016-10266,"LibTIFF 4.0.7 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted TIFF image, related to libtiff/tif_read.c:351:22.",Released
20170328,CVE-2016-10267,,5.5,1017694,tiff,https://www.suse.com/security/cve/CVE-2016-10267,"LibTIFF 4.0.7 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted TIFF image, related to libtiff/tif_ojpeg.c:816:8.",Released
20170328,CVE-2016-10268,,7.8,1017693,tiff,https://www.suse.com/security/cve/CVE-2016-10268,"tools/tiffcp.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (integer underflow and heap-based buffer under-read) or possibly have unspecified other impact via a crafted TIFF image, related to \"READ of size 78490\" and libtiff/tif_unix.c:115:23.",Released
20170328,CVE-2016-10269,,7.8,1017693,tiff,https://www.suse.com/security/cve/CVE-2016-10269,"LibTIFF 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6 and 4.0.7 allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted TIFF image, related to \"READ of size 512\" and libtiff/tif_unix.c:340:2.",Released
20170328,CVE-2016-10270,,7.8,1031250,tiff,https://www.suse.com/security/cve/CVE-2016-10270,"LibTIFF 4.0.7 allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted TIFF image, related to \"READ of size 8\" and libtiff/tif_read.c:523:22.",Released
20170328,CVE-2017-7272,5.4,7.4,1031246,php53,https://www.suse.com/security/cve/CVE-2017-7272,"PHP through 7.1.11 enables potential SSRF in applications that accept an fsockopen or pfsockopen hostname argument with an expectation that the port number is constrained. Because a :port syntax is recognized, fsockopen will use the port number that is specified in the hostname argument, instead of the port number in the second argument of the function.",Released
20170328,CVE-2017-7273,4.6,6.6,1031240,kernel-source,https://www.suse.com/security/cve/CVE-2017-7273,"The cp_report_fixup function in drivers/hid/hid-cypress.c in the Linux kernel 3.2 and 4.x before 4.9.4 allows physically proximate attackers to cause a denial of service (integer underflow) or possibly have unspecified other impact via a crafted HID report.",Released
20170328,CVE-2017-7277,,7.1,1031265,kernel-source,https://www.suse.com/security/cve/CVE-2017-7277,"The TCP stack in the Linux kernel through 4.10.6 mishandles the SCM_TIMESTAMPING_OPT_STATS feature, which allows local users to obtain sensitive information from the kernel's internal socket data structures or cause a denial of service (out-of-bounds read) via crafted system calls, related to net/core/skbuff.c and net/socket.c.",Analysis
20170329,CVE-2017-7294,6.1,7.8,1027179,kernel-source,https://www.suse.com/security/cve/CVE-2017-7294,"The vmw_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel through 4.10.6 does not validate addition of certain levels data, which allows local users to trigger an integer overflow and out-of-bounds write, and cause a denial of service (system hang or crash) or possibly gain privileges, via a crafted ioctl call for a /dev/dri/renderD* device.",Released
20170330,CVE-2017-7300,,7.5,1030295,binutils,https://www.suse.com/security/cve/CVE-2017-7300,"The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has an aout_link_add_symbols function in bfd/aoutx.h that is vulnerable to a heap-based buffer over-read (off-by-one) because of an incomplete check for invalid string offsets while loading symbols, leading to a GNU linker (ld) program crash.",Ignore
20170330,CVE-2017-7302,,7.5,1030295,binutils,https://www.suse.com/security/cve/CVE-2017-7302,"The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has a swap_std_reloc_out function in bfd/aoutx.h that is vulnerable to an invalid read (of size 4) because of missing checks for relocs that could not be recognised. This vulnerability causes Binutils utilities like strip to crash.",Ignore
20170330,CVE-2017-7308,,7.8,1027179,kernel-source,https://www.suse.com/security/cve/CVE-2017-7308,"The packet_set_ring function in net/packet/af_packet.c in the Linux kernel through 4.10.6 does not properly validate certain block-size data, which allows local users to cause a denial of service (integer signedness error and out-of-bounds write), or gain privileges (if the CAP_NET_RAW capability is held), via crafted system calls.",Released
20170403,CVE-2016-10219,,5.5,1032138,ghostscript-library,https://www.suse.com/security/cve/CVE-2016-10219,"The intersect function in base/gxfill.c in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted file.",Released
20170403,CVE-2017-5951,3.3,5.5,1032114,ghostscript-library,https://www.suse.com/security/cve/CVE-2017-5951,"The mem_get_bits_rectangle function in base/gdevmem.c in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file.",Affected
20170404,CVE-2014-9922,7,,1032340,kernel-source,https://www.suse.com/security/cve/CVE-2014-9922,"The eCryptfs subsystem in the Linux kernel before 3.18 allows local users to gain privileges via a large filesystem stack that includes an overlayfs layer, related to fs/ecryptfs/main.c and fs/overlayfs/super.c.",Released
20170404,CVE-2016-10229,,9.8,1032268,kernel-source,https://www.suse.com/security/cve/CVE-2016-10229,"udp.c in the Linux kernel before 4.5 allows remote attackers to execute arbitrary code via UDP traffic that triggers an unsafe second checksum calculation during execution of a recv system call with the MSG_PEEK flag.",Unsupported
20170404,CVE-2016-10317,5.3,7.8,1032230,ghostscript-library,https://www.suse.com/security/cve/CVE-2016-10317,"The fill_threshhold_buffer function in base/gxht_thresh.c in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted PostScript document.",Released
20170404,CVE-2017-2671,7.8,5.5,1027179,kernel-source,https://www.suse.com/security/cve/CVE-2017-2671,"The ping_unhash function in net/ipv4/ping.c in the Linux kernel through 4.10.8 is too late in obtaining a certain lock and consequently cannot ensure that disconnect function calls are safe, which allows local users to cause a denial of service (panic) by leveraging access to the protocol value of IPPROTO_ICMP in a socket system call.",Released
20170404,CVE-2017-7407,2.4,2.4,1032309,curl,https://www.suse.com/security/cve/CVE-2017-7407,"The ourWriteOut function in tool_writeout.c in curl 7.53.1 might allow physically proximate attackers to obtain sensitive information from process memory in opportunistic circumstances by reading a workstation screen during use of a --write-out argument ending in a '%' character, which leads to a heap-based buffer over-read.",Released
20170405,CVE-2016-10318,,6.5,1032435,kernel-source,https://www.suse.com/security/cve/CVE-2016-10318,"A missing authorization check in the fscrypt_process_policy function in fs/crypto/policy.c in the ext4 and f2fs filesystem encryption support in the Linux kernel before 4.7.4 allows a user to assign an encryption policy to a directory owned by a different user, potentially creating a denial of service.",Analysis
20170406,CVE-2015-9019,,,1123130,libxslt,https://www.suse.com/security/cve/CVE-2015-9019,"In libxslt 1.1.29 and earlier, the EXSLT math.random function was not initialized with a random seed during startup, which could cause usage of this function to produce predictable outputs.",Released
20170408,CVE-2017-7585,7.3,5.5,1033054,libsndfile,https://www.suse.com/security/cve/CVE-2017-7585,"In libsndfile before 1.0.28, an error in the \"flac_buffer_copy()\" function (flac.c) can be exploited to cause a stack-based buffer overflow via a specially crafted FLAC file.",Released
20170410,CVE-2017-7593,5.3,5.5,1033129,tiff,https://www.suse.com/security/cve/CVE-2017-7593,"tif_read.c in LibTIFF 4.0.7 does not ensure that tif_rawdata is properly initialized, which might allow remote attackers to obtain sensitive information from process memory via a crafted image.",Released
20170410,CVE-2017-7595,,5.5,1033111,tiff,https://www.suse.com/security/cve/CVE-2017-7595,"The JPEGSetupEncode function in tiff_jpeg.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted image.",Released
20170410,CVE-2017-7596,7.3,7.8,1033112,tiff,https://www.suse.com/security/cve/CVE-2017-7596,"LibTIFF 4.0.7 has an \"outside the range of representable values of type float\" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.",Released
20170410,CVE-2017-7597,5.3,7.8,1033112,tiff,https://www.suse.com/security/cve/CVE-2017-7597,"tif_dirread.c in LibTIFF 4.0.7 has an \"outside the range of representable values of type float\" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.",Released
20170410,CVE-2017-7599,5.3,7.8,1033112,tiff,https://www.suse.com/security/cve/CVE-2017-7599,"LibTIFF 4.0.7 has an \"outside the range of representable values of type short\" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.",Released
20170410,CVE-2017-7600,3.7,7.8,1033112,tiff,https://www.suse.com/security/cve/CVE-2017-7600,"LibTIFF 4.0.7 has an \"outside the range of representable values of type unsigned char\" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.",Released
20170410,CVE-2017-7601,3.7,7.8,1033111,tiff,https://www.suse.com/security/cve/CVE-2017-7601,"LibTIFF 4.0.7 has a \"shift exponent too large for 64-bit type long\" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.",Released
20170410,CVE-2017-7602,5.3,7.8,1033109,tiff,https://www.suse.com/security/cve/CVE-2017-7602,"LibTIFF 4.0.7 has a signed integer overflow, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.",Released
20170410,CVE-2017-7606,,6.5,1033091,ImageMagick,https://www.suse.com/security/cve/CVE-2017-7606,"coders/rle.c in ImageMagick 7.0.5-4 has an \"outside the range of representable values of type unsigned char\" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.",Released
20170410,CVE-2017-7607,4.3,5.5,1033084,elfutils,https://www.suse.com/security/cve/CVE-2017-7607,"The handle_gnu_hash function in readelf.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.",Released
20170410,CVE-2017-7608,3.3,5.5,1033085,elfutils,https://www.suse.com/security/cve/CVE-2017-7608,"The ebl_object_note_type_name function in eblobjnotetypename.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.",Released
20170410,CVE-2017-7610,3.3,5.5,1033087,elfutils,https://www.suse.com/security/cve/CVE-2017-7610,"The check_group function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.",Released
20170410,CVE-2017-7611,3.3,5.5,1033088,elfutils,https://www.suse.com/security/cve/CVE-2017-7611,"The check_symtab_shndx function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.",Released
20170410,CVE-2017-7612,3.3,5.5,1033089,elfutils,https://www.suse.com/security/cve/CVE-2017-7612,"The check_sysv_hash function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.",Released
20170410,CVE-2017-7613,3.3,5.5,1033090,elfutils,https://www.suse.com/security/cve/CVE-2017-7613,"elflint.c in elfutils 0.168 does not validate the number of sections and the number of segments, which allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file.",Released
20170410,CVE-2017-7614,3.3,9.8,1033122,binutils,https://www.suse.com/security/cve/CVE-2017-7614,"elflink.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has a \"member access within null pointer\" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via an \"int main() {return 0;}\" program.",Unsupported
20170410,CVE-2017-7616,4,5.5,1033336,kernel-source,https://www.suse.com/security/cve/CVE-2017-7616,"Incorrect error handling in the set_mempolicy and mbind compat syscalls in mm/mempolicy.c in the Linux kernel through 4.10.9 allows local users to obtain sensitive information from uninitialized stack data by triggering failure of a certain bitmap operation.",Released
20170411,CVE-2017-3136,,5.9,1018700,bind,https://www.suse.com/security/cve/CVE-2017-3136,"A query with a specific set of characteristics could cause a server using DNS64 to encounter an assertion failure and terminate. An attacker could deliberately construct a query, enabling denial-of-service against a server if it was configured to use the DNS64 feature and other preconditions were met. Affects BIND 9.8.0 -> 9.8.8-P1, 9.9.0 -> 9.9.9-P6, 9.9.10b1->9.9.10rc1, 9.10.0 -> 9.10.4-P6, 9.10.5b1->9.10.5rc1, 9.11.0 -> 9.11.0-P3, 9.11.1b1->9.11.1rc1, 9.9.3-S1 -> 9.9.9-S8.",Released
20170411,CVE-2017-3137,7.5,7.5,1018700,bind,https://www.suse.com/security/cve/CVE-2017-3137,"Mistaken assumptions about the ordering of records in the answer section of a response containing CNAME or DNAME resource records could lead to a situation in which named would exit with an assertion failure when processing a response in which records occurred in an unusual order. Affects BIND 9.9.9-P6, 9.9.10b1->9.9.10rc1, 9.10.4-P6, 9.10.5b1->9.10.5rc1, 9.11.0-P3, 9.11.1b1->9.11.1rc1, and 9.9.9-S8.",Released
20170411,CVE-2017-3138,,5.3,1018700,bind,https://www.suse.com/security/cve/CVE-2017-3138,"named contains a feature which allows operators to issue commands to a running server by communicating with the server process over a control channel, using a utility program such as rndc. A regression introduced in a recent feature change has created a situation under which some versions of named can be caused to exit with a REQUIRE assertion failure if they are sent a null command string. Affects BIND 9.9.9->9.9.9-P7, 9.9.10b1->9.9.10rc2, 9.10.4->9.10.4-P7, 9.10.5b1->9.10.5rc2, 9.11.0->9.11.0-P4, 9.11.1b1->9.11.1rc2, 9.9.9-S1->9.9.9-S9.",Released
20170411,CVE-2017-5647,7.5,7.5,1033448,tomcat6,https://www.suse.com/security/cve/CVE-2017-5647,"A bug in the handling of the pipelined requests in Apache Tomcat 9.0.0.M1 to 9.0.0.M18, 8.5.0 to 8.5.12, 8.0.0.RC1 to 8.0.42, 7.0.0 to 7.0.76, and 6.0.0 to 6.0.52, when send file was used, results in the pipelined request being lost when send file processing of the previous request completed. This could result in responses appearing to be sent for the wrong request. For example, a user agent that sent requests A, B and C could see the correct response for request A, the response for request C for request B and no response for request C.",Released
20170412,CVE-2017-7467,,9.8,1033783,minicom,https://www.suse.com/security/cve/CVE-2017-7467,"A buffer overflow flaw was found in the way minicom before version 2.7.1 handled VT100 escape sequences. A malicious terminal device could potentially use this flaw to crash minicom, or execute arbitrary code in the context of the minicom process.",Released
20170412,CVE-2017-7697,6.5,5.5,1033564,libsamplerate,https://www.suse.com/security/cve/CVE-2017-7697,"In libsamplerate before 0.1.9, a buffer over-read occurs in the calc_output_single function in src_sinc.c via a crafted audio file.",Released
20170412,CVE-2017-7741,6.5,5.5,1033054,libsndfile,https://www.suse.com/security/cve/CVE-2017-7741,"In libsndfile before 1.0.28, an error in the \"flac_buffer_copy()\" function (flac.c) can be exploited to cause a segmentation violation (with write memory access) via a specially crafted FLAC file during a resample attempt, a similar issue to CVE-2017-7585.",Released
20170412,CVE-2017-7742,6.5,5.5,1033054,libsndfile,https://www.suse.com/security/cve/CVE-2017-7742,"In libsndfile before 1.0.28, an error in the \"flac_buffer_copy()\" function (flac.c) can be exploited to cause a segmentation violation (with read memory access) via a specially crafted FLAC file during a resample attempt, a similar issue to CVE-2017-7585.",Released
20170413,CVE-2017-7700,7.5,6.5,1033936,wireshark,https://www.suse.com/security/cve/CVE-2017-7700,"In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the NetScaler file parser could go into an infinite loop, triggered by a malformed capture file. This was addressed in wiretap/netscaler.c by ensuring a nonzero record size.",Released
20170413,CVE-2017-7701,7.5,7.5,1033937,wireshark,https://www.suse.com/security/cve/CVE-2017-7701,"In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the BGP dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-bgp.c by using a different integer data type.",Released
20170413,CVE-2017-7702,7.5,7.5,1033938,wireshark,https://www.suse.com/security/cve/CVE-2017-7702,"In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the WBXML dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-wbxml.c by adding length validation.",Released
20170413,CVE-2017-7703,7.5,7.5,1033939,wireshark,https://www.suse.com/security/cve/CVE-2017-7703,"In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the IMAP dissector could crash, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-imap.c by calculating a line's end correctly.",Released
20170413,CVE-2017-7704,7.5,7.5,1033940,wireshark,https://www.suse.com/security/cve/CVE-2017-7704,"In Wireshark 2.2.0 to 2.2.5, the DOF dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-dof.c by using a different integer data type and adjusting a return value.",Released
20170413,CVE-2017-7705,7.5,7.5,1033941,wireshark,https://www.suse.com/security/cve/CVE-2017-7705,"In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the RPC over RDMA dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-rpcrdma.c by correctly checking for going beyond the maximum offset.",Released
20170413,CVE-2017-7745,7.5,7.5,1033942,wireshark,https://www.suse.com/security/cve/CVE-2017-7745,"In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the SIGCOMP dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-sigcomp.c by correcting a memory-size check.",Released
20170413,CVE-2017-7746,7.5,7.5,1033943,wireshark,https://www.suse.com/security/cve/CVE-2017-7746,"In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the SLSK dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-slsk.c by adding checks for the remaining length.",Released
20170413,CVE-2017-7747,7.5,7.5,1033944,wireshark,https://www.suse.com/security/cve/CVE-2017-7747,"In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the PacketBB dissector could crash, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-packetbb.c by restricting additions to the protocol tree.",Released
20170413,CVE-2017-7748,7.5,7.5,1033945,wireshark,https://www.suse.com/security/cve/CVE-2017-7748,"In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the WSP dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-wsp.c by adding a length check.",Released
20170414,CVE-2016-10328,,9.8,1034191,freetype2,https://www.suse.com/security/cve/CVE-2016-10328,"FreeType 2 before 2016-12-16 has an out-of-bounds write caused by a heap-based buffer overflow related to the cff_parser_run function in cff/cffparse.c.",Released
20170414,CVE-2016-10328,,9.8,1034191,ft2demos,https://www.suse.com/security/cve/CVE-2016-10328,"FreeType 2 before 2016-12-16 has an out-of-bounds write caused by a heap-based buffer overflow related to the cff_parser_run function in cff/cffparse.c.",Released
20170414,CVE-2017-7869,9.8,7.5,1034173,gnutls,https://www.suse.com/security/cve/CVE-2017-7869,"GnuTLS before 2017-02-20 has an out-of-bounds write caused by an integer overflow and heap-based buffer overflow related to the cdk_pkt_read function in opencdk/read-packet.c. This issue (which is a subset of the vendor's GNUTLS-SA-2017-3 report) is fixed in 3.5.10.",Released
20170415,CVE-2017-6827,,7.8,1026979,audiofile,https://www.suse.com/security/cve/CVE-2017-6827,"Heap-based buffer overflow in the MSADPCM::initializeCoefficients function in MSADPCM.cpp in audiofile (aka libaudiofile and Audio File Library) 0.3.6 allows remote attackers to have unspecified impact via a crafted audio file.",Released
20170415,CVE-2017-6828,,7.8,1026980,audiofile,https://www.suse.com/security/cve/CVE-2017-6828,"Heap-based buffer overflow in the readValue function in FileHandle.cpp in audiofile (aka libaudiofile and Audio File Library) 0.3.6 allows remote attackers to have unspecified impact via a crafted WAV file.",Released
20170415,CVE-2017-6829,,5.5,1026981,audiofile,https://www.suse.com/security/cve/CVE-2017-6829,"The decodeSample function in IMA.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (crash) via a crafted file.",Released
20170415,CVE-2017-6830,,5.5,1026982,audiofile,https://www.suse.com/security/cve/CVE-2017-6830,"Heap-based buffer overflow in the alaw2linear_buf function in G711.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (crash) via a crafted file.",Released
20170415,CVE-2017-6831,,5.5,1026983,audiofile,https://www.suse.com/security/cve/CVE-2017-6831,"Heap-based buffer overflow in the decodeBlockWAVE function in IMA.cpp in Audio File Library (aka audiofile) 0.3.6, 0.3.5, 0.3.4, 0.3.3, 0.3.2, 0.3.1, 0.3.0 and 0.2.7 allows remote attackers to cause a denial of service (crash) via a crafted file.",Released
20170415,CVE-2017-6832,,5.5,1026984,audiofile,https://www.suse.com/security/cve/CVE-2017-6832,"Heap-based buffer overflow in the decodeBlock in MSADPCM.cpp in Audio File Library (aka audiofile) 0.3.6, 0.3.5, 0.3.4, 0.3.3, 0.3.2, 0.3.1, 0.3.0, 0.2.7 allows remote attackers to cause a denial of service (crash) via a crafted file.",Released
20170415,CVE-2017-6833,,5.5,1026985,audiofile,https://www.suse.com/security/cve/CVE-2017-6833,"The runPull function in libaudiofile/modules/BlockCodec.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (divide-by-zero error and crash) via a crafted file.",Released
20170415,CVE-2017-6834,3.3,5.5,1026986,audiofile,https://www.suse.com/security/cve/CVE-2017-6834,"Heap-based buffer overflow in the ulaw2linear_buf function in G711.cpp in Audio File Library (aka audiofile) 0.3.6, 0.3.5, 0.3.4, 0.3.3, 0.3.2, 0.3.1, 0.3.0, 0.2.7 allows remote attackers to cause a denial of service (crash) via a crafted file.",Released
20170415,CVE-2017-6835,,5.5,1026988,audiofile,https://www.suse.com/security/cve/CVE-2017-6835,"The reset1 function in libaudiofile/modules/BlockCodec.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (divide-by-zero error and crash) via a crafted file.",Released
20170415,CVE-2017-6836,,5.5,1026987,audiofile,https://www.suse.com/security/cve/CVE-2017-6836,"Heap-based buffer overflow in the Expand3To4Module::run function in libaudiofile/modules/SimpleModule.h in Audio File Library (aka audiofile) 0.3.6, 0.3.5, 0.3.4, 0.3.3, 0.3.2, 0.3.1, 0.3.0 allows remote attackers to cause a denial of service (crash) via a crafted file.",Released
20170415,CVE-2017-6837,,5.5,1026978,audiofile,https://www.suse.com/security/cve/CVE-2017-6837,"WAVE.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (crash) via vectors related to a large number of coefficients.",Released
20170415,CVE-2017-6838,,5.5,1026978,audiofile,https://www.suse.com/security/cve/CVE-2017-6838,"Integer overflow in sfcommands/sfconvert.c in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (crash) via a crafted file.",Released
20170415,CVE-2017-6839,,5.5,1026978,audiofile,https://www.suse.com/security/cve/CVE-2017-6839,"Integer overflow in modules/MSADPCM.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (crash) via a crafted file.",Released
20170417,CVE-2017-7889,5.9,7.8,1034405,kernel-source,https://www.suse.com/security/cve/CVE-2017-7889,"The mm subsystem in the Linux kernel through 3.2 does not properly enforce the CONFIG_STRICT_DEVMEM protection mechanism, which allows local users to read or write to kernel memory locations in the first megabyte (and bypass slab-allocation access restrictions) via an application that opens the /dev/mem file, related to arch/x86/mm/init.c and drivers/char/mem.c.",Ignore
20170418,CVE-2017-5645,,9.8,1034569,log4j,https://www.suse.com/security/cve/CVE-2017-5645,"In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code.",Released
20170418,CVE-2017-7645,7.5,7.5,1034670,kernel-source,https://www.suse.com/security/cve/CVE-2017-7645,"The NFSv2/NFSv3 server in the nfsd subsystem in the Linux kernel through 4.10.11 allows remote attackers to cause a denial of service (system crash) via a long RPC reply, related to net/sunrpc/svc.c, fs/nfsd/nfs3xdr.c, and fs/nfsd/nfsxdr.c.",Released
20170418,CVE-2017-7867,7.5,7.5,1034678,icu,https://www.suse.com/security/cve/CVE-2017-7867,"International Components for Unicode (ICU) for C/C++ before 2017-02-13 has an out-of-bounds write caused by a heap-based buffer overflow related to the utf8TextAccess function in common/utext.cpp and the utext_setNativeIndex* function.",Released
20170418,CVE-2017-7868,7.5,7.5,1034674,icu,https://www.suse.com/security/cve/CVE-2017-7868,"International Components for Unicode (ICU) for C/C++ before 2017-02-13 has an out-of-bounds write caused by a heap-based buffer overflow related to the utf8TextAccess function in common/utext.cpp and the utext_moveIndex32* function.",Released
20170419,CVE-2017-3509,,4.2,1034849,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2017-3509,"Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 4.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N).",Released
20170419,CVE-2017-3511,,7.7,1034849,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2017-3511,"Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JCE). Supported versions that are affected are Java SE: 7u131 and 8u121; Java SE Embedded: 8u121; JRockit: R28.3.13. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Java SE, Java SE Embedded, JRockit executes to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 7.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).",Released
20170419,CVE-2017-3512,,8.3,1034849,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2017-3512,"Vulnerability in the Java SE component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 7u131 and 8u121. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).",Released
20170419,CVE-2017-3514,,8.3,1034849,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2017-3514,"Vulnerability in the Java SE component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).",Released
20170419,CVE-2017-3526,,5.9,1034849,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2017-3526,"Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JAXP). Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121; JRockit: R28.3.13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).",Released
20170419,CVE-2017-3533,,3.7,1034849,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2017-3533,"Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121; JRockit: R28.3.13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via FTP to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded, JRockit accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).",Released
20170419,CVE-2017-3539,,3.1,1005522,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2017-3539,"Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N).",Released
20170419,CVE-2017-3544,,3.7,1034849,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2017-3544,"Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121; JRockit: R28.3.13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via SMTP to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded, JRockit accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).",Released
20170419,CVE-2017-7471,,9,1034866,kvm,https://www.suse.com/security/cve/CVE-2017-7471,"Quick Emulator (Qemu) built with the VirtFS, host directory sharing via Plan 9 File System (9pfs) support, is vulnerable to an improper access control issue. It could occur while accessing files on a shared host directory. A privileged user inside guest could use this flaw to access host file system beyond the shared folder and potentially escalating their privileges on a host.",Released
20170419,CVE-2017-7472,5.5,5.5,1034862,kernel-source,https://www.suse.com/security/cve/CVE-2017-7472,"The KEYS subsystem in the Linux kernel before 4.10.13 allows local users to cause a denial of service (memory consumption) via a series of KEY_REQKEY_DEFL_THREAD_KEYRING keyctl_set_reqkey_keyring calls.",Released
20170419,CVE-2017-7718,,5.5,1034908,kvm,https://www.suse.com/security/cve/CVE-2017-7718,"hw/display/cirrus_vga_rop.h in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) via vectors related to copying VGA data via the cirrus_bitblt_rop_fwd_transp_ and cirrus_bitblt_rop_fwd_ functions.",Released
20170419,CVE-2017-7718,,5.5,1034908,xen,https://www.suse.com/security/cve/CVE-2017-7718,"hw/display/cirrus_vga_rop.h in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) via vectors related to copying VGA data via the cirrus_bitblt_rop_fwd_transp_ and cirrus_bitblt_rop_fwd_ functions.",Released
20170419,CVE-2017-7941,,6.5,1034876,ImageMagick,https://www.suse.com/security/cve/CVE-2017-7941,"The ReadSGIImage function in sgi.c in ImageMagick 7.0.5-4 allows remote attackers to consume an amount of available memory via a crafted file.",Released
20170419,CVE-2017-7942,,6.5,1034872,ImageMagick,https://www.suse.com/security/cve/CVE-2017-7942,"The ReadAVSImage function in avs.c in ImageMagick 7.0.5-4 allows remote attackers to consume an amount of available memory via a crafted file.",Released
20170419,CVE-2017-7943,,6.5,1034870,ImageMagick,https://www.suse.com/security/cve/CVE-2017-7943,"The ReadSVGImage function in svg.c in ImageMagick 7.0.5-4 allows remote attackers to consume an amount of available memory via a crafted file.",Released
20170419,CVE-2017-7960,4,5.5,1034481,libcroco,https://www.suse.com/security/cve/CVE-2017-7960,"The cr_input_new_from_uri function in cr-input.c in libcroco 0.6.11 and 0.6.12 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted CSS file.",Released
20170419,CVE-2017-7961,3.3,7.8,1034482,libcroco,https://www.suse.com/security/cve/CVE-2017-7961,"** DISPUTED ** The cr_tknzr_parse_rgb function in cr-tknzr.c in libcroco 0.6.11 and 0.6.12 has an \"outside the range of representable values of type long\" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted CSS file. NOTE: third-party analysis reports \"This is not a security issue in my view. The conversion surely is truncating the double into a long value, but there is no impact as the value is one of the RGB components.\"",Already fixed
20170419,CVE-2017-7963,5.3,7.5,1035029,php53,https://www.suse.com/security/cve/CVE-2017-7963,"** DISPUTED ** The GNU Multiple Precision Arithmetic Library (GMP) interfaces for PHP through 7.1.4 allow attackers to cause a denial of service (memory consumption and application crash) via operations on long strings. NOTE: the vendor disputes this, stating \"There is no security issue here, because GMP safely aborts in case of an OOM condition. The only attack vector here is denial of service. However, if you allow attacker-controlled, unbounded allocations you have a DoS vector regardless of GMP's OOM behavior.\"",Ignore
20170420,CVE-2017-5461,,9.8,1035082,firefox-gcc5,https://www.suse.com/security/cve/CVE-2017-5461,"Mozilla Network Security Services (NSS) before 3.21.4, 3.22.x through 3.28.x before 3.28.4, 3.29.x before 3.29.5, and 3.30.x before 3.30.1 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact by leveraging incorrect base64 operations.",Released
20170420,CVE-2017-5461,,9.8,1035082,firefox-libffi-gcc5,https://www.suse.com/security/cve/CVE-2017-5461,"Mozilla Network Security Services (NSS) before 3.21.4, 3.22.x through 3.28.x before 3.28.4, 3.29.x before 3.29.5, and 3.30.x before 3.30.1 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact by leveraging incorrect base64 operations.",Released
20170420,CVE-2017-5461,,9.8,1035082,mozilla-nss,https://www.suse.com/security/cve/CVE-2017-5461,"Mozilla Network Security Services (NSS) before 3.21.4, 3.22.x through 3.28.x before 3.28.4, 3.29.x before 3.29.5, and 3.30.x before 3.30.1 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact by leveraging incorrect base64 operations.",Released
20170420,CVE-2017-7979,,7.8,1035107,kernel-source,https://www.suse.com/security/cve/CVE-2017-7979,"The cookie feature in the packet action API implementation in net/sched/act_api.c in the Linux kernel 4.11.x through 4.11-rc7 mishandles the tb nlattr array, which allows local users to cause a denial of service (uninitialized memory access and refcount underflow, and system hang or crash) or possibly have unspecified other impact via \"tc filter add\" commands in certain contexts. NOTE: this does not affect stable kernels, such as 4.10.x, from kernel.org.",Analysis
20170421,CVE-2017-7980,5.5,7.8,1035406,kvm,https://www.suse.com/security/cve/CVE-2017-7980,"Heap-based buffer overflow in Cirrus CLGD 54xx VGA Emulator in Quick Emulator (Qemu) 2.8 and earlier allows local guest OS users to execute arbitrary code or cause a denial of service (crash) via vectors related to a VNC client updating its display after a VGA operation.",Released
20170421,CVE-2017-7980,5.5,7.8,1035406,xen,https://www.suse.com/security/cve/CVE-2017-7980,"Heap-based buffer overflow in Cirrus CLGD 54xx VGA Emulator in Quick Emulator (Qemu) 2.8 and earlier allows local guest OS users to execute arbitrary code or cause a denial of service (crash) via vectors related to a VNC client updating its display after a VGA operation.",Released
20170422,CVE-2016-9604,4.4,4.4,1035576,kernel-source,https://www.suse.com/security/cve/CVE-2016-9604,"It was discovered in the Linux kernel before 4.11-rc8 that root can gain direct access to an internal keyring, such as '.dns_resolver' in RHEL-7 or '.builtin_trusted_keys' upstream, by joining it as its session keyring. This allows root to bypass module signature verification by adding a new public key of its own devising to the keyring.",Released
20170424,CVE-2007-6761,,,1035720,kernel-source,https://www.suse.com/security/cve/CVE-2007-6761,"drivers/media/video/videobuf-vmalloc.c in the Linux kernel before 2.6.24 does not initialize videobuf_mapping data structures, which allows local users to trigger an incorrect count value and videobuf leak via unspecified vectors, a different vulnerability than CVE-2010-5321.",Ignore
20170424,CVE-2017-8061,,7.8,1035693,kernel-source,https://www.suse.com/security/cve/CVE-2017-8061,"drivers/media/usb/dvb-usb/dvb-usb-firmware.c in the Linux kernel 4.9.x and 4.10.x before 4.10.7 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memory corruption) or possibly have unspecified other impact by leveraging use of more than one virtual page for a DMA scatterlist.",Analysis
20170424,CVE-2017-8062,,7.8,1035691,kernel-source,https://www.suse.com/security/cve/CVE-2017-8062,"drivers/media/usb/dvb-usb/dw2102.c in the Linux kernel 4.9.x and 4.10.x before 4.10.4 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memory corruption) or possibly have unspecified other impact by leveraging use of more than one virtual page for a DMA scatterlist.",Analysis
20170424,CVE-2017-8063,,7.8,1035689,kernel-source,https://www.suse.com/security/cve/CVE-2017-8063,"drivers/media/usb/dvb-usb/cxusb.c in the Linux kernel 4.9.x and 4.10.x before 4.10.12 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash) or possibly have unspecified other impact by leveraging use of more than one virtual page for a DMA scatterlist.",Analysis
20170424,CVE-2017-8064,,7.8,1035681,kernel-source,https://www.suse.com/security/cve/CVE-2017-8064,"drivers/media/usb/dvb-usb-v2/dvb_usb_core.c in the Linux kernel 4.9.x and 4.10.x before 4.10.12 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memory corruption) or possibly have unspecified other impact by leveraging use of more than one virtual page for a DMA scatterlist.",Analysis
20170424,CVE-2017-8065,,7.8,1035673,kernel-source,https://www.suse.com/security/cve/CVE-2017-8065,"crypto/ccm.c in the Linux kernel 4.9.x and 4.10.x through 4.10.12 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memory corruption) or possibly have unspecified other impact by leveraging use of more than one virtual page for a DMA scatterlist.",Analysis
20170424,CVE-2017-8066,,7.8,1035672,kernel-source,https://www.suse.com/security/cve/CVE-2017-8066,"drivers/net/can/usb/gs_usb.c in the Linux kernel 4.9.x and 4.10.x before 4.10.2 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memory corruption) or possibly have unspecified other impact by leveraging use of more than one virtual page for a DMA scatterlist.",Analysis
20170424,CVE-2017-8067,,7.8,1035670,kernel-source,https://www.suse.com/security/cve/CVE-2017-8067,"drivers/char/virtio_console.c in the Linux kernel 4.9.x and 4.10.x before 4.10.12 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memory corruption) or possibly have unspecified other impact by leveraging use of more than one virtual page for a DMA scatterlist.",Analysis
20170424,CVE-2017-8068,,7.8,1035669,kernel-source,https://www.suse.com/security/cve/CVE-2017-8068,"drivers/net/usb/pegasus.c in the Linux kernel 4.9.x before 4.9.11 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memory corruption) or possibly have unspecified other impact by leveraging use of more than one virtual page for a DMA scatterlist.",Analysis
20170424,CVE-2017-8069,,7.8,1035668,kernel-source,https://www.suse.com/security/cve/CVE-2017-8069,"drivers/net/usb/rtl8150.c in the Linux kernel 4.9.x before 4.9.11 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memory corruption) or possibly have unspecified other impact by leveraging use of more than one virtual page for a DMA scatterlist.",Analysis
20170424,CVE-2017-8070,,7.8,1035658,kernel-source,https://www.suse.com/security/cve/CVE-2017-8070,"drivers/net/usb/catc.c in the Linux kernel 4.9.x before 4.9.11 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memory corruption) or possibly have unspecified other impact by leveraging use of more than one virtual page for a DMA scatterlist.",Analysis
20170424,CVE-2017-8071,,5.5,1035667,kernel-source,https://www.suse.com/security/cve/CVE-2017-8071,"drivers/hid/hid-cp2112.c in the Linux kernel 4.9.x before 4.9.9 uses a spinlock without considering that sleeping is possible in a USB HID request callback, which allows local users to cause a denial of service (deadlock) via unspecified vectors.",Analysis
20170424,CVE-2017-8072,,7.8,1035649,kernel-source,https://www.suse.com/security/cve/CVE-2017-8072,"The cp2112_gpio_direction_input function in drivers/hid/hid-cp2112.c in the Linux kernel 4.9.x before 4.9.9 does not have the expected EIO error status for a zero-length report, which allows local users to have an unspecified impact via unknown vectors.",Analysis
20170424,CVE-2017-8105,5.6,9.8,1034186,firefox-freetype2,https://www.suse.com/security/cve/CVE-2017-8105,"FreeType 2 before 2017-03-24 has an out-of-bounds write caused by a heap-based buffer overflow related to the t1_decoder_parse_charstrings function in psaux/t1decode.c.",Released
20170424,CVE-2017-8105,5.6,9.8,1034186,freetype2,https://www.suse.com/security/cve/CVE-2017-8105,"FreeType 2 before 2017-03-24 has an out-of-bounds write caused by a heap-based buffer overflow related to the t1_decoder_parse_charstrings function in psaux/t1decode.c.",Released
20170425,CVE-2017-7477,,7,1035823,kernel-source,https://www.suse.com/security/cve/CVE-2017-7477,"Heap-based buffer overflow in drivers/net/macsec.c in the MACsec module in the Linux kernel through 4.10.12 allows attackers to cause a denial of service or possibly have unspecified other impact by leveraging the use of a MAX_SKB_FRAGS+1 size in conjunction with the NETIF_F_FRAGLIST feature, leading to an error in the skb_to_sgvec function.",Analysis
20170425,CVE-2017-8086,,6.5,1035950,kvm,https://www.suse.com/security/cve/CVE-2017-8086,"Memory leak in the v9fs_list_xattr function in hw/9pfs/9p-xattr.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (memory consumption) via vectors involving the orig_value variable.",Released
20170426,CVE-2017-8112,,6.5,1036211,xen,https://www.suse.com/security/cve/CVE-2017-8112,"hw/scsi/vmw_pvscsi.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (infinite loop and CPU consumption) via the message ring page count.",Affected
20170427,CVE-2017-8287,7,9.8,1034186,firefox-freetype2,https://www.suse.com/security/cve/CVE-2017-8287,"FreeType 2 before 2017-03-26 has an out-of-bounds write caused by a heap-based buffer overflow related to the t1_builder_close_contour function in psaux/psobjs.c.",Released
20170427,CVE-2017-8287,7,9.8,1034186,freetype2,https://www.suse.com/security/cve/CVE-2017-8287,"FreeType 2 before 2017-03-26 has an out-of-bounds write caused by a heap-based buffer overflow related to the t1_builder_close_contour function in psaux/psobjs.c.",Released
20170427,CVE-2017-8291,,7.8,1036453,ghostscript-library,https://www.suse.com/security/cve/CVE-2017-8291,"Artifex Ghostscript through 2017-04-26 allows -dSAFER bypass and remote command execution via .rsdparams type confusion with a \"/OutputFile (%pipe%\" substring in a crafted .eps document that is an input to the gs program, as exploited in the wild in April 2017.",Released
20170428,CVE-2017-7475,,5.5,1036789,cairo,https://www.suse.com/security/cve/CVE-2017-7475,"Cairo version 1.15.4 is vulnerable to a NULL pointer dereference related to the FT_Load_Glyph and FT_Render_Glyph resulting in an application crash.",Released
20170428,CVE-2017-7475,,5.5,1036789,firefox-cairo,https://www.suse.com/security/cve/CVE-2017-7475,"Cairo version 1.15.4 is vulnerable to a NULL pointer dereference related to the FT_Load_Glyph and FT_Render_Glyph resulting in an application crash.",Released
20170428,CVE-2017-7895,,9.8,1034670,kernel-source,https://www.suse.com/security/cve/CVE-2017-7895,"The NFSv2 and NFSv3 server implementations in the Linux kernel through 4.10.13 lack certain checks for the end of a buffer, which allows remote attackers to trigger pointer-arithmetic errors or possibly have unspecified other impact via crafted requests, related to fs/nfsd/nfs3xdr.c and fs/nfsd/nfsxdr.c.",Ignore
20170430,CVE-2017-8344,,6.5,1036978,ImageMagick,https://www.suse.com/security/cve/CVE-2017-8344,"In ImageMagick 7.0.5-5, the ReadPCXImage function in pcx.c allows attackers to cause a denial of service (memory leak) via a crafted file.",Released
20170430,CVE-2017-8345,,6.5,1036980,ImageMagick,https://www.suse.com/security/cve/CVE-2017-8345,"In ImageMagick 7.0.5-5, the ReadMNGImage function in png.c allows attackers to cause a denial of service (memory leak) via a crafted file.",Released
20170430,CVE-2017-8346,,6.5,1036981,ImageMagick,https://www.suse.com/security/cve/CVE-2017-8346,"In ImageMagick 7.0.5-5, the ReadDCMImage function in dcm.c allows attackers to cause a denial of service (memory leak) via a crafted file.",Released
20170430,CVE-2017-8348,,6.5,1036983,ImageMagick,https://www.suse.com/security/cve/CVE-2017-8348,"In ImageMagick 7.0.5-5, the ReadMATImage function in mat.c allows attackers to cause a denial of service (memory leak) via a crafted file.",Released
20170430,CVE-2017-8349,,6.5,1036984,ImageMagick,https://www.suse.com/security/cve/CVE-2017-8349,"In ImageMagick 7.0.5-5, the ReadSFWImage function in sfw.c allows attackers to cause a denial of service (memory leak) via a crafted file.",Released
20170430,CVE-2017-8350,,6.5,1036985,ImageMagick,https://www.suse.com/security/cve/CVE-2017-8350,"In ImageMagick 7.0.5-5, the ReadJNGImage function in png.c allows attackers to cause a denial of service (memory leak) via a crafted file.",Released
20170430,CVE-2017-8351,,6.5,1036986,ImageMagick,https://www.suse.com/security/cve/CVE-2017-8351,"In ImageMagick 7.0.5-5, the ReadPCDImage function in pcd.c allows attackers to cause a denial of service (memory leak) via a crafted file.",Released
20170430,CVE-2017-8352,,6.5,1036987,ImageMagick,https://www.suse.com/security/cve/CVE-2017-8352,"In ImageMagick 7.0.5-5, the ReadXWDImage function in xwd.c allows attackers to cause a denial of service (memory leak) via a crafted file.",Released
20170430,CVE-2017-8353,,6.5,1036988,ImageMagick,https://www.suse.com/security/cve/CVE-2017-8353,"In ImageMagick 7.0.5-5, the ReadPICTImage function in pict.c allows attackers to cause a denial of service (memory leak) via a crafted file.",Released
20170430,CVE-2017-8354,,6.5,1036989,ImageMagick,https://www.suse.com/security/cve/CVE-2017-8354,"In ImageMagick 7.0.5-5, the ReadBMPImage function in bmp.c allows attackers to cause a denial of service (memory leak) via a crafted file.",Released
20170430,CVE-2017-8355,,6.5,1036990,ImageMagick,https://www.suse.com/security/cve/CVE-2017-8355,"In ImageMagick 7.0.5-5, the ReadMTVImage function in mtv.c allows attackers to cause a denial of service (memory leak) via a crafted file.",Released
20170430,CVE-2017-8357,,6.5,1036976,ImageMagick,https://www.suse.com/security/cve/CVE-2017-8357,"In ImageMagick 7.0.5-5, the ReadEPTImage function in ept.c allows attackers to cause a denial of service (memory leak) via a crafted file.",Released
20170430,CVE-2017-8361,,8.8,1036944,libsndfile,https://www.suse.com/security/cve/CVE-2017-8361,"The flac_buffer_copy function in flac.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted audio file.",Released
20170430,CVE-2017-8362,,6.5,1036943,libsndfile,https://www.suse.com/security/cve/CVE-2017-8362,"The flac_buffer_copy function in flac.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (invalid read and application crash) via a crafted audio file.",Released
20170430,CVE-2017-8363,,6.5,1036945,libsndfile,https://www.suse.com/security/cve/CVE-2017-8363,"The flac_buffer_copy function in flac.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted audio file.",Released
20170430,CVE-2017-8365,,6.5,1036946,libsndfile,https://www.suse.com/security/cve/CVE-2017-8365,"The i2les_array function in pcm.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted audio file.",Released
20170501,CVE-2015-2809,-1,-1,1037001,avahi,https://www.suse.com/security/cve/CVE-2015-2809,"The Multicast DNS (mDNS) responder in Synology DiskStation Manager (DSM) before 3.1 inadvertently responds to unicast queries with source addresses that are not link-local, which allows remote attackers to cause a denial of service (traffic amplification) or obtain potentially sensitive information via port-5353 UDP packets to the Avahi component.",Ignore
20170501,CVE-2017-6520,,9.1,1037001,avahi,https://www.suse.com/security/cve/CVE-2017-6520,"The Multicast DNS (mDNS) responder used in BOSE Soundtouch 30 inadvertently responds to IPv4 unicast queries with source addresses that are not link-local, which allows remote attackers to cause a denial of service (traffic amplification) or obtain potentially sensitive information via port-5353 UDP packets.",Analysis
20170501,CVE-2017-8392,3.3,7.5,1037052,binutils,https://www.suse.com/security/cve/CVE-2017-8392,"The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read of size 8 because of missing a check to determine whether symbols are NULL in the _bfd_dwarf2_find_nearest_line function. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, such as objdump, to crash.",Unsupported
20170502,CVE-2017-8309,,7.5,1037242,kvm,https://www.suse.com/security/cve/CVE-2017-8309,"Memory leak in the audio/audio.c in QEMU (aka Quick Emulator) allows remote attackers to cause a denial of service (memory consumption) by repeatedly starting and stopping audio capture.",Released
20170502,CVE-2017-8309,,7.5,1037242,xen,https://www.suse.com/security/cve/CVE-2017-8309,"Memory leak in the audio/audio.c in QEMU (aka Quick Emulator) allows remote attackers to cause a denial of service (memory consumption) by repeatedly starting and stopping audio capture.",Released
20170502,CVE-2017-8393,3.3,7.5,1037057,binutils,https://www.suse.com/security/cve/CVE-2017-8393,"The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to a global buffer over-read error because of an assumption made by code that runs for objcopy and strip, that SHT_REL/SHR_RELA sections are always named starting with a .rel/.rela prefix. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, such as objcopy and strip, to crash.",Unsupported
20170502,CVE-2017-8394,3.3,7.5,1037061,binutils,https://www.suse.com/security/cve/CVE-2017-8394,"The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read of size 4 due to NULL pointer dereferencing of _bfd_elf_large_com_section. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, such as objcopy, to crash.",Unsupported
20170502,CVE-2017-8395,3.3,7.5,1037062,binutils,https://www.suse.com/security/cve/CVE-2017-8395,"The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid write of size 8 because of missing a malloc() return-value check to see if memory had actually been allocated in the _bfd_generic_get_section_contents function. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, such as objcopy, to crash.",Unsupported
20170502,CVE-2017-8396,,7.5,1037066,binutils,https://www.suse.com/security/cve/CVE-2017-8396,"The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read of size 1 because the existing reloc offset range tests didn't catch small negative offsets less than the size of the reloc field. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, such as objdump, to crash.",Ignore
20170502,CVE-2017-8397,3.3,7.5,1037070,binutils,https://www.suse.com/security/cve/CVE-2017-8397,"The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read of size 1 and an invalid write of size 1 during processing of a corrupt binary containing reloc(s) with negative addresses. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, such as objdump, to crash.",Unsupported
20170502,CVE-2017-8398,3.3,7.5,1037072,binutils,https://www.suse.com/security/cve/CVE-2017-8398,"dwarf.c in GNU Binutils 2.28 is vulnerable to an invalid read of size 1 during dumping of debug information from a corrupt binary. This vulnerability causes programs that conduct an analysis of binary programs, such as objdump and readelf, to crash.",Unsupported
20170502,CVE-2017-8421,,5.5,1037273,binutils,https://www.suse.com/security/cve/CVE-2017-8421,"The function coff_set_alignment_hook in coffcode.h in Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has a memory leak vulnerability which can cause memory exhaustion in objdump via a crafted PE file. Additional validation in dump_relocs_in_section in objdump.c can resolve this.",Ignore
20170503,CVE-2015-9004,,7.8,1037306,kernel-source,https://www.suse.com/security/cve/CVE-2015-9004,"kernel/events/core.c in the Linux kernel before 3.19 mishandles counter grouping, which allows local users to gain privileges via a crafted application, related to the perf_pmu_register and perf_event_open functions.",Ignore
20170504,CVE-2017-7484,,7.5,1037603,postgresql94,https://www.suse.com/security/cve/CVE-2017-7484,"It was found that some selectivity estimation functions in PostgreSQL before 9.2.21, 9.3.x before 9.3.17, 9.4.x before 9.4.12, 9.5.x before 9.5.7, and 9.6.x before 9.6.3 did not check user privileges before providing information from pg_statistic, possibly leaking information. An unprivileged attacker could use this flaw to steal some information from tables they are otherwise not allowed to access.",Released
20170504,CVE-2017-7484,,7.5,1037603,postgresql94-libs,https://www.suse.com/security/cve/CVE-2017-7484,"It was found that some selectivity estimation functions in PostgreSQL before 9.2.21, 9.3.x before 9.3.17, 9.4.x before 9.4.12, 9.5.x before 9.5.7, and 9.6.x before 9.6.3 did not check user privileges before providing information from pg_statistic, possibly leaking information. An unprivileged attacker could use this flaw to steal some information from tables they are otherwise not allowed to access.",Released
20170504,CVE-2017-7486,,7.5,1037624,postgresql94,https://www.suse.com/security/cve/CVE-2017-7486,"PostgreSQL versions 8.4 - 9.6 are vulnerable to information leak in pg_user_mappings view which discloses foreign server passwords to any user having USAGE privilege on the associated foreign server.",Released
20170504,CVE-2017-7486,,7.5,1037624,postgresql94-libs,https://www.suse.com/security/cve/CVE-2017-7486,"PostgreSQL versions 8.4 - 9.6 are vulnerable to information leak in pg_user_mappings view which discloses foreign server passwords to any user having USAGE privilege on the associated foreign server.",Released
20170504,CVE-2017-8765,,6.5,1037527,ImageMagick,https://www.suse.com/security/cve/CVE-2017-8765,"The function named ReadICONImage in coders\icon.c in ImageMagick 7.0.5-5 has a memory leak vulnerability which can cause memory exhaustion via a crafted ICON file.",Released
20170504,CVE-2017-8779,7.5,7.5,1037559,libtirpc,https://www.suse.com/security/cve/CVE-2017-8779,"rpcbind through 0.2.4, LIBTIRPC through 1.0.1 and 1.0.2-rc through 1.0.2-rc3, and NTIRPC through 1.4.3 do not consider the maximum RPC data size during memory allocation for XDR strings, which allows remote attackers to cause a denial of service (memory consumption with no subsequent free) via a crafted UDP packet to port 111, aka rpcbomb.",Released
20170504,CVE-2017-8779,7.5,7.5,1037559,rpcbind,https://www.suse.com/security/cve/CVE-2017-8779,"rpcbind through 0.2.4, LIBTIRPC through 1.0.1 and 1.0.2-rc through 1.0.2-rc3, and NTIRPC through 1.4.3 do not consider the maximum RPC data size during memory allocation for XDR strings, which allows remote attackers to cause a denial of service (memory consumption with no subsequent free) via a crafted UDP packet to port 111, aka rpcbomb.",Released
20170507,CVE-2017-8804,,7.5,1037559,glibc,https://www.suse.com/security/cve/CVE-2017-8804,"** DISPUTED ** The xdr_bytes and xdr_string functions in the GNU C Library (aka glibc or libc6) 2.25 mishandle failures of buffer deserialization, which allows remote attackers to cause a denial of service (virtual memory allocation, or memory consumption if an overcommit setting is not used) via a crafted UDP packet to port 111, a related issue to CVE-2017-8779. NOTE: [Information provided from upstream and references]",Released
20170508,CVE-2017-8830,,6.5,1038000,ImageMagick,https://www.suse.com/security/cve/CVE-2017-8830,"In ImageMagick 7.0.5-6, the ReadBMPImage function in bmp.c:1379 allows attackers to cause a denial of service (memory leak) via a crafted file.",Released
20170508,CVE-2017-8831,6.7,7.8,1037994,kernel-source,https://www.suse.com/security/cve/CVE-2017-8831,"The saa7164_bus_get function in drivers/media/pci/saa7164/saa7164-bus.c in the Linux kernel through 4.11.5 allows local users to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact by changing a certain sequence-number value, aka a \"double fetch\" vulnerability.",Released
20170509,CVE-2017-7485,,5.9,1038293,postgresql94,https://www.suse.com/security/cve/CVE-2017-7485,"In PostgreSQL 9.3.x before 9.3.17, 9.4.x before 9.4.12, 9.5.x before 9.5.7, and 9.6.x before 9.6.3, it was found that the PGREQUIRESSL environment variable was no longer enforcing a SSL/TLS connection to a PostgreSQL server. An active Man-in-the-Middle attacker could use this flaw to strip the SSL/TLS protection from a connection between a client and a server.",Released
20170509,CVE-2017-7485,,5.9,1038293,postgresql94-libs,https://www.suse.com/security/cve/CVE-2017-7485,"In PostgreSQL 9.3.x before 9.3.17, 9.4.x before 9.4.12, 9.5.x before 9.5.7, and 9.6.x before 9.6.3, it was found that the PGREQUIRESSL environment variable was no longer enforcing a SSL/TLS connection to a PostgreSQL server. An active Man-in-the-Middle attacker could use this flaw to strip the SSL/TLS protection from a connection between a client and a server.",Released
20170510,CVE-2017-1289,8.2,8.2,1038505,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2017-1289,"IBM SDK, Java Technology Edition is vulnerable XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume memory resources. IBM X-Force ID: 125150.",Released
20170510,CVE-2017-7494,8.8,9.8,1038231,samba,https://www.suse.com/security/cve/CVE-2017-7494,"Samba since version 3.5.0 and before 4.6.4, 4.5.10 and 4.4.14 is vulnerable to remote code execution vulnerability, allowing a malicious client to upload a shared library to a writable share, and then cause the server to load and execute it.",Released
20170510,CVE-2017-8872,5.4,9.1,1038444,libxml2,https://www.suse.com/security/cve/CVE-2017-8872,"The htmlParseTryOrFinish function in HTMLparser.c in libxml2 2.9.4 allows attackers to cause a denial of service (buffer over-read) or information disclosure.",Released
20170510,CVE-2017-8872,5.4,9.1,1038444,libxml2-python,https://www.suse.com/security/cve/CVE-2017-8872,"The htmlParseTryOrFinish function in HTMLparser.c in libxml2 2.9.4 allows attackers to cause a denial of service (buffer over-read) or information disclosure.",Released
20170510,CVE-2017-8890,7.8,7.8,1038544,kernel-source,https://www.suse.com/security/cve/CVE-2017-8890,"The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel through 4.10.15 allows attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call.",Released
20170511,CVE-2017-7478,,7.5,1038709,openvpn,https://www.suse.com/security/cve/CVE-2017-7478,"OpenVPN version 2.3.12 and newer is vulnerable to unauthenticated Denial of Service of server via received large control packet. Note that this issue is fixed in 2.3.15 and 2.4.2.",Released
20170511,CVE-2017-7479,,6.5,1038711,openvpn,https://www.suse.com/security/cve/CVE-2017-7479,"OpenVPN versions before 2.3.15 and before 2.4.2 are vulnerable to reachable assertion when packet-ID counter rolls over resulting into Denial of Service of server by authenticated attacker.",Released
20170512,CVE-2017-7487,5.5,7.8,1038879,kernel-source,https://www.suse.com/security/cve/CVE-2017-7487,"The ipxitf_ioctl function in net/ipx/af_ipx.c in the Linux kernel through 4.11.1 mishandles reference counts, which allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a failed SIOCGIFADDR ioctl call for an IPX interface.",Released
20170512,CVE-2017-8903,7.8,8.8,1034843,xen,https://www.suse.com/security/cve/CVE-2017-8903,"Xen through 4.8.x on 64-bit platforms mishandles page tables after an IRET hypercall, which might allow PV guest OS users to execute arbitrary code on the host OS, aka XSA-213.",Released
20170512,CVE-2017-8904,7.8,8.8,1034844,xen,https://www.suse.com/security/cve/CVE-2017-8904,"Xen through 4.8.x mishandles the \"contains segment descriptors\" property during GNTTABOP_transfer (aka guest transfer) operations, which might allow PV guest OS users to execute arbitrary code on the host OS, aka XSA-214.",Released
20170512,CVE-2017-8905,7.8,8.8,1034845,xen,https://www.suse.com/security/cve/CVE-2017-8905,"Xen through 4.6.x on 64-bit platforms mishandles a failsafe callback, which might allow PV guest OS users to execute arbitrary code on the host OS, aka XSA-215.",Released
20170513,CVE-2017-8924,4,4.6,1037182,kernel-source,https://www.suse.com/security/cve/CVE-2017-8924,"The edge_bulk_in_callback function in drivers/usb/serial/io_ti.c in the Linux kernel before 4.10.4 allows local users to obtain sensitive information (in the dmesg ringbuffer and syslog) from uninitialized kernel memory by using a crafted USB device (posing as an io_ti USB serial device) to trigger an integer underflow.",Released
20170513,CVE-2017-8925,4,5.5,1037183,kernel-source,https://www.suse.com/security/cve/CVE-2017-8925,"The omninet_open function in drivers/usb/serial/omninet.c in the Linux kernel before 4.10.4 allows local users to cause a denial of service (tty exhaustion) by leveraging reference count mishandling.",Released
20170516,CVE-2016-10040,3.7,5.5,1039291,libqt4,https://www.suse.com/security/cve/CVE-2016-10040,"Stack-based buffer overflow in QXmlSimpleReader in Qt 4.8.5 allows remote attackers to cause a denial of service (application crash) via a xml file with multiple nested open tags.",Ignore
20170517,CVE-2016-10277,,7.8,1039456,kernel-source,https://www.suse.com/security/cve/CVE-2016-10277,"An elevation of privilege vulnerability in the Motorola bootloader could enable a local malicious application to execute arbitrary code within the context of the bootloader. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-33840490.",Released
20170517,CVE-2017-1000363,6.8,7.8,1039456,kernel-source,https://www.suse.com/security/cve/CVE-2017-1000363,"Linux drivers/char/lp.c Out-of-Bounds Write. Due to a missing bounds check, and the fact that parport_ptr integer is static, a 'secure boot' kernel command line adversary (can happen due to bootloader vulns, e.g. Google Nexus 6's CVE-2016-10277, where due to a vulnerability the adversary has partial control over the command line) can overflow the parport_nr array in the following code, by appending many (>LP_NO) 'lp=none' arguments to the command line.",Released
20170517,CVE-2017-7493,,7.8,1039495,kvm,https://www.suse.com/security/cve/CVE-2017-7493,"Quick Emulator (Qemu) built with the VirtFS, host directory sharing via Plan 9 File System(9pfs) support, is vulnerable to an improper access control issue. It could occur while accessing virtfs metadata files in mapped-file security mode. A guest user could use this flaw to escalate their privileges inside guest.",Released
20170517,CVE-2017-9022,5.9,7.5,1039514,strongswan,https://www.suse.com/security/cve/CVE-2017-9022,"The gmp plugin in strongSwan before 5.5.3 does not properly validate RSA public keys before calling mpz_powm_sec, which allows remote peers to cause a denial of service (floating point exception and process crash) via a crafted certificate.",Released
20170517,CVE-2017-9023,5.9,7.5,1039515,strongswan,https://www.suse.com/security/cve/CVE-2017-9023,"The ASN.1 parser in strongSwan before 5.5.3 improperly handles CHOICE types when the x509 plugin is enabled, which allows remote attackers to cause a denial of service (infinite loop) via a crafted certificate.",Released
20170518,CVE-2017-9038,3.3,5.5,1038874,binutils,https://www.suse.com/security/cve/CVE-2017-9038,"GNU Binutils 2.28 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file, related to the byte_get_little_endian function in elfcomm.c, the get_unwind_section_word function in readelf.c, and ARM unwind information that contains invalid word offsets.",Unsupported
20170518,CVE-2017-9039,3.7,5.5,1038875,binutils,https://www.suse.com/security/cve/CVE-2017-9039,"GNU Binutils 2.28 allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file with many program headers, related to the get_program_headers function in readelf.c.",Unsupported
20170518,CVE-2017-9040,3.7,5.5,1038876,binutils,https://www.suse.com/security/cve/CVE-2017-9040,"GNU Binutils 2017-04-03 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash), related to the process_mips_specific function in readelf.c, via a crafted ELF file that triggers a large memory-allocation attempt.",Unsupported
20170518,CVE-2017-9041,3.7,5.5,1038874,binutils,https://www.suse.com/security/cve/CVE-2017-9041,"GNU Binutils 2.28 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file, related to MIPS GOT mishandling in the process_mips_specific function in readelf.c.",Unsupported
20170518,CVE-2017-9042,3.7,7.8,1038878,binutils,https://www.suse.com/security/cve/CVE-2017-9042,"readelf.c in GNU Binutils 2017-04-12 has a \"cannot be represented in type long\" issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted ELF file.",Unsupported
20170518,CVE-2017-9044,3.3,5.5,1038881,binutils,https://www.suse.com/security/cve/CVE-2017-9044,"The print_symbol_for_build_attribute function in readelf.c in GNU Binutils 2017-04-12 allows remote attackers to cause a denial of service (invalid read and SEGV) via a crafted ELF file.",Unsupported
20170518,CVE-2017-9047,5.3,7.5,1039063,libxml2,https://www.suse.com/security/cve/CVE-2017-9047,"A buffer overflow was discovered in libxml2 20904-GITv2.9.4-16-g0741801. The function xmlSnprintfElementContent in valid.c is supposed to recursively dump the element content definition into a char buffer 'buf' of size 'size'. The variable len is assigned strlen(buf). If the content->type is XML_ELEMENT_CONTENT_ELEMENT, then (i) the content->prefix is appended to buf (if it actually fits) whereupon (ii) content->name is written to the buffer. However, the check for whether the content->name actually fits also uses 'len' rather than the updated buffer length strlen(buf). This allows us to write about \"size\" many bytes beyond the allocated memory. This vulnerability causes programs that use libxml2, such as PHP, to crash.",Released
20170518,CVE-2017-9048,5.3,7.5,1039064,libxml2,https://www.suse.com/security/cve/CVE-2017-9048,"libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a stack-based buffer overflow. The function xmlSnprintfElementContent in valid.c is supposed to recursively dump the element content definition into a char buffer 'buf' of size 'size'. At the end of the routine, the function may strcat two more characters without checking whether the current strlen(buf) + 2 < size. This vulnerability causes programs that use libxml2, such as PHP, to crash.",Released
20170518,CVE-2017-9049,5.3,7.5,1039063,libxml2,https://www.suse.com/security/cve/CVE-2017-9049,"libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based buffer over-read in the xmlDictComputeFastKey function in dict.c. This vulnerability causes programs that use libxml2, such as PHP, to crash. This vulnerability exists because of an incomplete fix for libxml2 Bug 759398.",Released
20170518,CVE-2017-9050,5.3,7.5,1039066,libxml2,https://www.suse.com/security/cve/CVE-2017-9050,"libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based buffer over-read in the xmlDictAddString function in dict.c. This vulnerability causes programs that use libxml2, such as PHP, to crash. This vulnerability exists because of an incomplete fix for CVE-2016-1839.",Released
20170518,CVE-2017-9059,5.5,5.5,1039674,kernel-source,https://www.suse.com/security/cve/CVE-2017-9059,"The NFSv4 implementation in the Linux kernel through 4.11.1 allows local users to cause a denial of service (resource consumption) by leveraging improper channel callback shutdown when unmounting an NFSv4 filesystem, aka a \"module reference and kernel daemon\" leak.",Analysis
20170519,CVE-2017-7500,7.3,7.8,1126909,rpm,https://www.suse.com/security/cve/CVE-2017-7500,"It was found that rpm did not properly handle RPM installations when a destination path was a symbolic link to a directory, possibly changing ownership and permissions of an arbitrary directory, and RPM files being placed in an arbitrary destination. An attacker, with write access to a directory in which a subdirectory will be installed, could redirect that directory to an arbitrary location and gain root privilege.",Unsupported
20170519,CVE-2017-7501,7.3,7.8,1119217,rpm,https://www.suse.com/security/cve/CVE-2017-7501,"It was found that versions of rpm before 4.13.0.2 use temporary files with predictable names when installing an RPM. An attacker with ability to write in a directory where files will be installed could create symbolic links to an arbitrary location and modify content, and possibly permissions to arbitrary files, which could be used for denial of service or possibly privilege escalation.",Unsupported
20170519,CVE-2017-9074,5.5,7.8,1039882,kernel-source,https://www.suse.com/security/cve/CVE-2017-9074,"The IPv6 fragmentation implementation in the Linux kernel through 4.11.1 does not consider that the nexthdr field may be associated with an invalid option, which allows local users to cause a denial of service (out-of-bounds read and BUG) or possibly have unspecified other impact via crafted socket and send system calls.",Released
20170519,CVE-2017-9075,5.5,7.8,1038544,kernel-source,https://www.suse.com/security/cve/CVE-2017-9075,"The sctp_v6_create_accept_sk function in net/sctp/ipv6.c in the Linux kernel through 4.11.1 mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890.",Released
20170519,CVE-2017-9076,6.2,7.8,1038544,kernel-source,https://www.suse.com/security/cve/CVE-2017-9076,"The dccp_v6_request_recv_sock function in net/dccp/ipv6.c in the Linux kernel through 4.11.1 mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890.",Released
20170519,CVE-2017-9077,5.5,7.8,1038544,kernel-source,https://www.suse.com/security/cve/CVE-2017-9077,"The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel through 4.11.1 mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890.",Released
20170520,CVE-2017-9098,5.3,7.5,1040025,ImageMagick,https://www.suse.com/security/cve/CVE-2017-9098,"ImageMagick before 7.0.5-2 and GraphicsMagick before 1.3.24 use uninitialized memory in the RLE decoder, allowing an attacker to leak sensitive information from process memory space, as demonstrated by remote attacks against ImageMagick code in a long-running server process that converts image data on behalf of multiple users. This is caused by a missing initialization step in the ReadRLEImage function in coders/rle.c.",Released
20170522,CVE-2017-1000364,8.4,7.4,1039346,kernel-source,https://www.suse.com/security/cve/CVE-2017-1000364,"An issue was discovered in the size of the stack guard page on Linux, specifically a 4k stack guard page is not sufficiently large and can be \"jumped\" over (the stack guard page is bypassed), this affects Linux Kernel versions 4.11.5 and earlier (the stackguard page was introduced in 2010).",Released
20170522,CVE-2017-1000366,8.4,7.8,1037551,glibc,https://www.suse.com/security/cve/CVE-2017-1000366,"glibc contains a vulnerability that allows specially crafted LD_LIBRARY_PATH values to manipulate the heap/stack, causing them to alias, potentially resulting in arbitrary code execution. Please note that additional hardening changes have been made to glibc to prevent manipulation of stack and heap memory but these issues are not directly exploitable, as such they have not been given a CVE. This affects glibc 2.25 and earlier.",Released
20170522,CVE-2017-2295,8.1,8.2,1040151,puppet,https://www.suse.com/security/cve/CVE-2017-2295,"Versions of Puppet prior to 4.10.1 will deserialize data off the wire (from the agent to the server, in this case) with a attacker-specified format. This could be used to force YAML deserialization in an unsafe manner, which would lead to remote code execution. This change constrains the format of data on the wire to PSON or safely decoded YAML.",Released
20170522,CVE-2017-9083,3.3,6.5,1040170,poppler,https://www.suse.com/security/cve/CVE-2017-9083,"poppler 0.54.0, as used in Evince and other products, has a NULL pointer dereference in the JPXStream::readUByte function in JPXStream.cc. For example, the perf_test utility will crash (segmentation fault) when parsing an invalid PDF file.",Unsupported
20170522,CVE-2017-9110,5.3,6.5,1040107,OpenEXR,https://www.suse.com/security/cve/CVE-2017-9110,"In OpenEXR 2.2.0, an invalid read of size 2 in the hufDecode function in ImfHuf.cpp could cause the application to crash.",Released
20170522,CVE-2017-9111,,8.8,1040109,OpenEXR,https://www.suse.com/security/cve/CVE-2017-9111,"In OpenEXR 2.2.0, an invalid write of size 8 in the storeSSE function in ImfOptimizedPixelReading.h could cause the application to crash or execute arbitrary code.",Released
20170522,CVE-2017-9112,5.9,6.5,1040112,OpenEXR,https://www.suse.com/security/cve/CVE-2017-9112,"In OpenEXR 2.2.0, an invalid read of size 1 in the getBits function in ImfHuf.cpp could cause the application to crash.",Released
20170522,CVE-2017-9113,5.9,8.8,1040113,OpenEXR,https://www.suse.com/security/cve/CVE-2017-9113,"In OpenEXR 2.2.0, an invalid write of size 1 in the bufferedReadPixels function in ImfInputFile.cpp could cause the application to crash or execute arbitrary code.",Released
20170522,CVE-2017-9114,5.3,6.5,1040114,OpenEXR,https://www.suse.com/security/cve/CVE-2017-9114,"In OpenEXR 2.2.0, an invalid read of size 1 in the refill function in ImfFastHuf.cpp could cause the application to crash.",Released
20170522,CVE-2017-9115,,8.8,1040115,OpenEXR,https://www.suse.com/security/cve/CVE-2017-9115,"In OpenEXR 2.2.0, an invalid write of size 2 in the = operator function in half.h could cause the application to crash or execute arbitrary code.",Released
20170522,CVE-2017-9117,5.3,9.8,1040080,tiff,https://www.suse.com/security/cve/CVE-2017-9117,"In LibTIFF 4.0.7, the program processes BMP images without verifying that biWidth and biHeight in the bitmap-information header match the actual input, leading to a heap-based buffer over-read in bmp2tiff.",Released
20170523,CVE-2017-1000365,2.9,7.8,1037551,kernel-source,https://www.suse.com/security/cve/CVE-2017-1000365,"The Linux Kernel imposes a size restriction on the arguments and environmental strings passed through RLIMIT_STACK/RLIM_INFINITY (1/4 of the size), but does not take the argument and environment pointers into account, which allows attackers to bypass this limitation. This affects Linux Kernel versions 4.11.5 and earlier. It appears that this feature was introduced in the Linux Kernel version 2.6.23.",Released
20170523,CVE-2017-9141,4,6.5,1040303,ImageMagick,https://www.suse.com/security/cve/CVE-2017-9141,"In ImageMagick 7.0.5-7 Q16, a crafted file could trigger an assertion failure in the ResetImageProfileIterator function in MagickCore/profile.c because of missing checks in the ReadDDSImage function in coders/dds.c.",Released
20170523,CVE-2017-9142,4,6.5,1036985,ImageMagick,https://www.suse.com/security/cve/CVE-2017-9142,"In ImageMagick 7.0.5-7 Q16, a crafted file could trigger an assertion failure in the WriteBlob function in MagickCore/blob.c because of missing checks in the ReadOneJNGImage function in coders/png.c.",Released
20170523,CVE-2017-9143,4,6.5,1040306,ImageMagick,https://www.suse.com/security/cve/CVE-2017-9143,"In ImageMagick 7.0.5-5, the ReadARTImage function in coders/art.c allows attackers to cause a denial of service (memory leak) via a crafted .art file.",Released
20170523,CVE-2017-9144,4,6.5,1040332,ImageMagick,https://www.suse.com/security/cve/CVE-2017-9144,"In ImageMagick 7.0.5-5, a crafted RLE image can trigger a crash because of incorrect EOF handling in coders/rle.c.",Released
20170523,CVE-2017-9147,5.3,6.5,1040322,tiff,https://www.suse.com/security/cve/CVE-2017-9147,"LibTIFF 4.0.7 has an invalid read in the _TIFFVGetField function in tif_dir.c, which might allow remote attackers to cause a denial of service (crash) via a crafted TIFF file.",Released
20170523,CVE-2017-9150,4,5.5,1040279,kernel-source,https://www.suse.com/security/cve/CVE-2017-9150,"The do_check function in kernel/bpf/verifier.c in the Linux kernel before 4.11.1 does not make the allow_ptr_leaks value available for restricting the output of the print_bpf_insn function, which allows local users to obtain sensitive address information via crafted bpf system calls.",Unsupported
20170523,CVE-2017-9211,5.5,5.5,1040389,kernel-source,https://www.suse.com/security/cve/CVE-2017-9211,"The crypto_skcipher_init_tfm function in crypto/skcipher.c in the Linux kernel through 4.11.2 relies on a setkey function that lacks a key-size check, which allows local users to cause a denial of service (NULL pointer dereference) via a crafted application.",Analysis
20170524,CVE-2017-6891,5.1,8.8,1040621,gnutls,https://www.suse.com/security/cve/CVE-2017-6891,"Two errors in the \"asn1_find_node()\" function (lib/parser_aux.c) within GnuTLS libtasn1 version 4.10 can be exploited to cause a stacked-based buffer overflow by tricking a user into processing a specially crafted assignments file via the e.g. asn1Coding utility.",Released
20170524,CVE-2017-6891,5.1,8.8,1040621,libtasn1,https://www.suse.com/security/cve/CVE-2017-6891,"Two errors in the \"asn1_find_node()\" function (lib/parser_aux.c) within GnuTLS libtasn1 version 4.10 can be exploited to cause a stacked-based buffer overflow by tricking a user into processing a specially crafted assignments file via the e.g. asn1Coding utility.",Released
20170524,CVE-2017-9216,5.3,6.5,1040643,ghostscript-library,https://www.suse.com/security/cve/CVE-2017-9216,"libjbig2dec.a in Artifex jbig2dec 0.13, as used in MuPDF and Ghostscript, has a NULL pointer dereference in the jbig2_huffman_get function in jbig2_huffman.c. For example, the jbig2dec utility will crash (segmentation fault) when parsing an invalid file.",Released
20170526,CVE-2017-9224,4,9.8,1040891,php53,https://www.suse.com/security/cve/CVE-2017-9224,"An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds read occurs in match_at() during regular expression searching. A logical error involving order of validation and access in match_at() could result in an out-of-bounds read from a stack buffer.",Released
20170526,CVE-2017-9224,4,9.8,1040891,ruby,https://www.suse.com/security/cve/CVE-2017-9224,"An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds read occurs in match_at() during regular expression searching. A logical error involving order of validation and access in match_at() could result in an out-of-bounds read from a stack buffer.",Unsupported
20170526,CVE-2017-9226,4.8,9.8,1040889,php53,https://www.suse.com/security/cve/CVE-2017-9226,"An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write or read occurs in next_state_val() during regular expression compilation. Octal numbers larger than 0xff are not handled correctly in fetch_token() and fetch_token_in_cc(). A malformed regular expression containing an octal number in the form of '\700' would produce an invalid code point value larger than 0xff in next_state_val(), resulting in an out-of-bounds write memory corruption.",Released
20170526,CVE-2017-9226,4.8,9.8,1040889,ruby,https://www.suse.com/security/cve/CVE-2017-9226,"An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write or read occurs in next_state_val() during regular expression compilation. Octal numbers larger than 0xff are not handled correctly in fetch_token() and fetch_token_in_cc(). A malformed regular expression containing an octal number in the form of '\700' would produce an invalid code point value larger than 0xff in next_state_val(), resulting in an out-of-bounds write memory corruption.",Unsupported
20170526,CVE-2017-9227,4,9.8,1040883,php53,https://www.suse.com/security/cve/CVE-2017-9227,"An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds read occurs in mbc_enc_len() during regular expression searching. Invalid handling of reg->dmin in forward_search_range() could result in an invalid pointer dereference, as an out-of-bounds read from a stack buffer.",Released
20170526,CVE-2017-9239,3.3,6.5,1040973,exiv2,https://www.suse.com/security/cve/CVE-2017-9239,"An issue was discovered in Exiv2 0.26. When the data structure of the structure ifd is incorrect, the program assigns pValue_ to 0x0, and the value of pValue() is 0x0. TiffImageEntry::doWriteImage will use the value of pValue() to cause a segmentation fault. To exploit this vulnerability, someone must open a crafted tiff file.",Won't fix
20170529,CVE-2017-9148,7.4,9.8,1041445,freeradius-server,https://www.suse.com/security/cve/CVE-2017-9148,"The TLS session cache in FreeRADIUS 2.1.1 through 2.1.7, 3.0.x before 3.0.14, 3.1.x before 2017-02-04, and 4.0.x before 2017-02-04 fails to reliably prevent resumption of an unauthenticated session, which allows remote attackers (such as malicious 802.1X supplicants) to bypass authentication via PEAP or TTLS.",Released
20170529,CVE-2017-9242,7.8,5.5,1041431,kernel-source,https://www.suse.com/security/cve/CVE-2017-9242,"The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel through 4.11.3 is too late in checking whether an overwrite of an skb data structure may occur, which allows local users to cause a denial of service (system crash) via crafted system calls.",Released
20170530,CVE-2017-7502,7.5,7.5,1041603,mozilla-nss,https://www.suse.com/security/cve/CVE-2017-7502,"Null pointer dereference vulnerability in NSS since 3.24.0 was found when server receives empty SSLv2 messages resulting into denial of service by remote attacker.",Already fixed
20170601,CVE-2017-9330,3.8,5.6,1042159,kvm,https://www.suse.com/security/cve/CVE-2017-9330,"QEMU (aka Quick Emulator) before 2.9.0, when built with the USB OHCI Emulation support, allows local guest OS users to cause a denial of service (infinite loop) by leveraging an incorrect return value, a different vulnerability than CVE-2017-6505.",Released
20170601,CVE-2017-9330,3.8,5.6,1042159,xen,https://www.suse.com/security/cve/CVE-2017-9330,"QEMU (aka Quick Emulator) before 2.9.0, when built with the USB OHCI Emulation support, allows local guest OS users to cause a denial of service (infinite loop) by leveraging an incorrect return value, a different vulnerability than CVE-2017-6505.",Released
20170602,CVE-2017-9343,5.9,7.5,1042309,wireshark,https://www.suse.com/security/cve/CVE-2017-9343,"In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the MSNIP dissector misuses a NULL pointer. This was addressed in epan/dissectors/packet-msnip.c by validating an IPv4 address.",Affected
20170602,CVE-2017-9344,5.9,7.5,1042298,wireshark,https://www.suse.com/security/cve/CVE-2017-9344,"In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the Bluetooth L2CAP dissector could divide by zero. This was addressed in epan/dissectors/packet-btl2cap.c by validating an interval value.",Affected
20170602,CVE-2017-9345,5.9,7.5,1042300,wireshark,https://www.suse.com/security/cve/CVE-2017-9345,"In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the DNS dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-dns.c by trying to detect self-referencing pointers.",Affected
20170602,CVE-2017-9346,5.9,7.5,1042301,wireshark,https://www.suse.com/security/cve/CVE-2017-9346,"In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the SoulSeek dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-slsk.c by making loop bounds more explicit.",Affected
20170602,CVE-2017-9347,5.9,7.5,1042308,wireshark,https://www.suse.com/security/cve/CVE-2017-9347,"In Wireshark 2.2.0 to 2.2.6, the ROS dissector could crash with a NULL pointer dereference. This was addressed in epan/dissectors/asn1/ros/packet-ros-template.c by validating an OID.",Affected
20170602,CVE-2017-9348,5.9,7.5,1042303,wireshark,https://www.suse.com/security/cve/CVE-2017-9348,"In Wireshark 2.2.0 to 2.2.6, the DOF dissector could read past the end of a buffer. This was addressed in epan/dissectors/packet-dof.c by validating a size value.",Affected
20170602,CVE-2017-9349,5.9,7.5,1042305,wireshark,https://www.suse.com/security/cve/CVE-2017-9349,"In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the DICOM dissector has an infinite loop. This was addressed in epan/dissectors/packet-dcm.c by validating a length value.",Affected
20170602,CVE-2017-9350,5.9,7.5,1042299,wireshark,https://www.suse.com/security/cve/CVE-2017-9350,"In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the openSAFETY dissector could crash or exhaust system memory. This was addressed in epan/dissectors/packet-opensafety.c by checking for a negative length.",Affected
20170602,CVE-2017-9351,5.9,7.5,1042302,wireshark,https://www.suse.com/security/cve/CVE-2017-9351,"In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the DHCP dissector could read past the end of a buffer. This was addressed in epan/dissectors/packet-bootp.c by extracting the Vendor Class Identifier more carefully.",Affected
20170602,CVE-2017-9352,5.9,7.5,1042304,wireshark,https://www.suse.com/security/cve/CVE-2017-9352,"In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the Bazaar dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-bzr.c by ensuring that backwards parsing cannot occur.",Affected
20170602,CVE-2017-9353,5.9,7.5,1042306,wireshark,https://www.suse.com/security/cve/CVE-2017-9353,"In Wireshark 2.2.0 to 2.2.6, the IPv6 dissector could crash. This was addressed in epan/dissectors/packet-ipv6.c by validating an IPv6 address.",Affected
20170602,CVE-2017-9354,5.9,7.5,1042307,wireshark,https://www.suse.com/security/cve/CVE-2017-9354,"In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the RGMP dissector could crash. This was addressed in epan/dissectors/packet-rgmp.c by validating an IPv4 address.",Affected
20170606,CVE-2017-5664,7.5,7.5,1042910,tomcat6,https://www.suse.com/security/cve/CVE-2017-5664,"The error page mechanism of the Java Servlet Specification requires that, when an error occurs and an error page is configured for the error that occurred, the original request and response are forwarded to the error page. This means that the request is presented to the error page with the original HTTP method. If the error page is a static file, expected behaviour is to serve content of the file as if processing a GET request, regardless of the actual HTTP method. The Default Servlet in Apache Tomcat 9.0.0.M1 to 9.0.0.M20, 8.5.0 to 8.5.14, 8.0.0.RC1 to 8.0.43 and 7.0.0 to 7.0.77 did not do this. Depending on the original request this could lead to unexpected and undesirable results for static error pages including, if the DefaultServlet is configured to permit writes, the replacement or removal of the custom error page. Notes for other user provided error pages: (1) Unless explicitly coded otherwise, JSPs ignore the HTTP method. JSPs used as error pages must must ensure that they handle any error dispatch as a GET request, regardless of the actual method. (2) By default, the response generated by a Servlet does depend on the HTTP method. Custom Servlets used as error pages must ensure that they handle any error dispatch as a GET request, regardless of the actual method.",Released
20170606,CVE-2017-9373,3.8,5.5,1042801,kvm,https://www.suse.com/security/cve/CVE-2017-9373,"Memory leak in QEMU (aka Quick Emulator), when built with IDE AHCI Emulation support, allows local guest OS privileged users to cause a denial of service (memory consumption) by repeatedly hot-unplugging the AHCI device.",Released
20170606,CVE-2017-9375,3.8,5.5,1042800,kvm,https://www.suse.com/security/cve/CVE-2017-9375,"QEMU (aka Quick Emulator), when built with USB xHCI controller emulator support, allows local guest OS privileged users to cause a denial of service (infinite recursive call) via vectors involving control transfer descriptors sequencing.",Released
20170606,CVE-2017-9405,5.9,6.5,1042911,ImageMagick,https://www.suse.com/security/cve/CVE-2017-9405,"In ImageMagick 7.0.5-5, the ReadICONImage function in icon.c:452 allows attackers to cause a denial of service (memory leak) via a crafted file.",Released
20170606,CVE-2017-9407,5.9,6.5,1042824,ImageMagick,https://www.suse.com/security/cve/CVE-2017-9407,"In ImageMagick 7.0.5-5, the ReadPALMImage function in palm.c allows attackers to cause a denial of service (memory leak) via a crafted file.",Released
20170606,CVE-2017-9409,4,6.5,1042948,ImageMagick,https://www.suse.com/security/cve/CVE-2017-9409,"In ImageMagick 7.0.5-5, the ReadMPCImage function in mpc.c allows attackers to cause a denial of service (memory leak) via a crafted file.",Released
20170606,CVE-2017-9439,5.9,6.5,1042826,ImageMagick,https://www.suse.com/security/cve/CVE-2017-9439,"In ImageMagick 7.0.5-5, a memory leak was found in the function ReadPDBImage in coders/pdb.c, which allows attackers to cause a denial of service via a crafted file.",Released
20170607,CVE-2017-7515,2.8,5.5,1043088,poppler,https://www.suse.com/security/cve/CVE-2017-7515,"poppler through version 0.55.0 is vulnerable to an uncontrolled recursion in pdfunite resulting into potential denial-of-service.",Ignore
20170607,CVE-2017-9374,3.8,5.5,1043073,xen,https://www.suse.com/security/cve/CVE-2017-9374,"Memory leak in QEMU (aka Quick Emulator), when built with USB EHCI Emulation support, allows local guest OS privileged users to cause a denial of service (memory consumption) by repeatedly hot-unplugging the device.",Ignore
20170608,CVE-2017-9261,,6.5,1043354,ImageMagick,https://www.suse.com/security/cve/CVE-2017-9261,"In ImageMagick 7.0.5-6 Q16, the ReadMNGImage function in coders/png.c allows attackers to cause a denial of service (memory leak) via a crafted file.",Released
20170608,CVE-2017-9262,4.2,6.5,1043353,ImageMagick,https://www.suse.com/security/cve/CVE-2017-9262,"In ImageMagick 7.0.5-6 Q16, the ReadJNGImage function in coders/png.c allows attackers to cause a denial of service (memory leak) via a crafted file.",Released
20170608,CVE-2017-9500,4.3,6.5,1043290,ImageMagick,https://www.suse.com/security/cve/CVE-2017-9500,"In ImageMagick 7.0.5-8 Q16, an assertion failure was found in the function ResetImageProfileIterator, which allows attackers to cause a denial of service via a crafted file.",Released
20170608,CVE-2017-9501,4.3,6.5,1043289,ImageMagick,https://www.suse.com/security/cve/CVE-2017-9501,"In ImageMagick 7.0.5-7 Q16, an assertion failure was found in the function LockSemaphoreInfo, which allows attackers to cause a denial of service via a crafted file.",Released
20170608,CVE-2017-9503,3.8,5.5,1043296,kvm,https://www.suse.com/security/cve/CVE-2017-9503,"QEMU (aka Quick Emulator), when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, allows local guest OS privileged users to cause a denial of service (NULL pointer dereference and QEMU process crash) via vectors involving megasas command processing.",Released
20170608,CVE-2017-9503,3.8,5.5,1043296,xen,https://www.suse.com/security/cve/CVE-2017-9503,"QEMU (aka Quick Emulator), when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, allows local guest OS privileged users to cause a denial of service (NULL pointer dereference and QEMU process crash) via vectors involving megasas command processing.",Affected
20170612,CVE-2017-7519,4.3,4.4,1043767,ceph,https://www.suse.com/security/cve/CVE-2017-7519,"In Ceph, a format string flaw was found in the way libradosstriper parses input from user. A user could crash an application or service using the libradosstriper library.",Unsupported
20170612,CVE-2017-8834,3.7,6.5,1043898,libcroco,https://www.suse.com/security/cve/CVE-2017-8834,"The cr_tknzr_parse_comment function in cr-tknzr.c in libcroco 0.6.12 allows remote attackers to cause a denial of service (memory allocation error) via a crafted CSS file.",Released
20170612,CVE-2017-8871,3.7,6.5,1043898,libcroco,https://www.suse.com/security/cve/CVE-2017-8871,"The cr_parser_parse_selector_core function in cr-parser.c in libcroco 0.6.12 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted CSS file.",Released
20170613,CVE-2015-9096,5.3,,1043983,ruby,https://www.suse.com/security/cve/CVE-2015-9096,"Net::SMTP in Ruby before 2.4.0 is vulnerable to SMTP command injection via CRLF sequences in a RCPT TO or MAIL FROM command, as demonstrated by CRLF sequences immediately before and after a DATA substring.",Won't fix
20170613,CVE-2017-1000380,4,5.5,1044125,kernel-source,https://www.suse.com/security/cve/CVE-2017-1000380,"sound/core/timer.c in the Linux kernel before 4.11.5 is vulnerable to a data race in the ALSA /dev/snd/timer driver resulting in local users being able to read information belonging to other users, i.e., uninitialized memory contents may be disclosed when a read and an ioctl happen at the same time.",Released
20170614,CVE-2017-0663,8.1,7.8,1044337,libxml2,https://www.suse.com/security/cve/CVE-2017-0663,"A remote code execution vulnerability in libxml2 could enable an attacker using a specially crafted file to execute arbitrary code within the context of an unprivileged process. This issue is rated as High due to the possibility of remote code execution in an application that uses this library. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37104170.",Released
20170614,CVE-2017-7775,5.3,,1043960,firefox-gcc5,https://www.suse.com/security/cve/CVE-2017-7775,"** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.",Released
20170614,CVE-2017-7775,5.3,,1043960,firefox-libffi-gcc5,https://www.suse.com/security/cve/CVE-2017-7775,"** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.",Released
20170614,CVE-2017-7775,5.3,,1043960,mozilla-nss,https://www.suse.com/security/cve/CVE-2017-7775,"** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.",Released
20170614,CVE-2017-9604,6.8,7.5,1044210,kdepim4,https://www.suse.com/security/cve/CVE-2017-9604,"KDE kmail before 5.5.2 and messagelib before 5.5.2, as distributed in KDE Applications before 17.04.2, do not ensure that a plugin's sign/encrypt action occurs during use of the Send Later feature, which allows remote attackers to obtain sensitive information by sniffing the network.",Won't fix
20170615,CVE-2017-9616,5.3,5.5,1044418,wireshark,https://www.suse.com/security/cve/CVE-2017-9616,"In Wireshark 2.2.7, overly deep mp4 chunks may cause stack exhaustion (uncontrolled recursion) in the dissect_mp4_box function in epan/dissectors/file-mp4.c.",Already fixed
20170615,CVE-2017-9617,5.3,5.5,1044417,libsmi,https://www.suse.com/security/cve/CVE-2017-9617,"In Wireshark 2.2.7, deeply nested DAAP data may cause stack exhaustion (uncontrolled recursion) in the dissect_daap_one_tag function in epan/dissectors/packet-daap.c in the DAAP dissector.",Released
20170615,CVE-2017-9617,5.3,5.5,1044417,portaudio,https://www.suse.com/security/cve/CVE-2017-9617,"In Wireshark 2.2.7, deeply nested DAAP data may cause stack exhaustion (uncontrolled recursion) in the dissect_daap_one_tag function in epan/dissectors/packet-daap.c in the DAAP dissector.",Released
20170615,CVE-2017-9617,5.3,5.5,1044417,wireshark,https://www.suse.com/security/cve/CVE-2017-9617,"In Wireshark 2.2.7, deeply nested DAAP data may cause stack exhaustion (uncontrolled recursion) in the dissect_daap_one_tag function in epan/dissectors/packet-daap.c in the DAAP dissector.",Released
20170616,CVE-2017-9670,3.3,7.8,1044638,gnuplot,https://www.suse.com/security/cve/CVE-2017-9670,"An uninitialized stack variable vulnerability in load_tic_series() in set.c in gnuplot 5.2.rc1 allows an attacker to cause Denial of Service (Segmentation fault and Memory Corruption) or possibly have unspecified other impact when a victim opens a specially crafted file.",Released
20170619,CVE-2017-1000370,2.9,7.8,1037551,kernel-source,https://www.suse.com/security/cve/CVE-2017-1000370,"The offset2lib patch as used in the Linux Kernel contains a vulnerability that allows a PIE binary to be execve()'ed with 1GB of arguments or environmental strings then the stack occupies the address 0x80000000 and the PIE binary is mapped above 0x40000000 nullifying the protection of the offset2lib patch. This affects Linux Kernel version 4.11.5 and earlier. This is a different issue than CVE-2017-1000371. This issue appears to be limited to i386 based systems.",Ignore
20170619,CVE-2017-1000371,2.9,7.8,1037551,kernel-source,https://www.suse.com/security/cve/CVE-2017-1000371,"The offset2lib patch as used by the Linux Kernel contains a vulnerability, if RLIMIT_STACK is set to RLIM_INFINITY and 1 Gigabyte of memory is allocated (the maximum under the 1/4 restriction) then the stack will be grown down to 0x80000000, and as the PIE binary is mapped above 0x80000000 the minimum distance between the end of the PIE binary's read-write segment and the start of the stack becomes small enough that the stack guard page can be jumped over by an attacker. This affects Linux Kernel version 4.11.5. This is a different issue than CVE-2017-1000370 and CVE-2017-1000365. This issue appears to be limited to i386 based systems.",Ignore
20170619,CVE-2017-7375,5.3,9.8,1044894,libxml2,https://www.suse.com/security/cve/CVE-2017-7375,"A flaw in libxml2 allows remote XML entity inclusion with default parser flags (i.e., when the caller did not request entity substitution, DTD validation, external DTD subset loading, or default DTD attributes). Depending on the context, this may expose a higher-risk attack surface in libxml2 not usually reachable with default parser flags, and expose content from local files, HTTP, or FTP servers (which might be otherwise unreachable).",Released
20170619,CVE-2017-7376,3.7,9.8,1044887,libxml2,https://www.suse.com/security/cve/CVE-2017-7376,"Buffer overflow in libxml2 allows remote attackers to execute arbitrary code by leveraging an incorrect limit for port values when handling redirects.",Released
20170619,CVE-2017-9233,7.5,7.5,1030296,expat,https://www.suse.com/security/cve/CVE-2017-9233,"XML External Entity vulnerability in libexpat 2.2.0 and earlier (Expat XML Parser Library) allows attackers to put the parser in an infinite loop using a malformed external entity definition from an external DTD.",Released
20170619,CVE-2017-9746,3.1,7.8,1030296,binutils,https://www.suse.com/security/cve/CVE-2017-9746,"The disassemble_bytes function in objdump.c in GNU Binutils 2.28 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of rae insns printing for this file during \"objdump -D\" execution.",Ignore
20170619,CVE-2017-9747,3.7,7.8,1030296,binutils,https://www.suse.com/security/cve/CVE-2017-9747,"The ieee_archive_p function in bfd/ieee.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, might allow remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during \"objdump -D\" execution. NOTE: this may be related to a compiler bug.",Unsupported
20170619,CVE-2017-9748,3.1,7.8,1030296,binutils,https://www.suse.com/security/cve/CVE-2017-9748,"The ieee_object_p function in bfd/ieee.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, might allow remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during \"objdump -D\" execution. NOTE: this may be related to a compiler bug.",Unsupported
20170619,CVE-2017-9750,3.1,7.8,1030296,binutils,https://www.suse.com/security/cve/CVE-2017-9750,"opcodes/rx-decode.opc in GNU Binutils 2.28 lacks bounds checks for certain scale arrays, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during \"objdump -D\" execution.",Unsupported
20170619,CVE-2017-9755,3.3,7.8,1030296,binutils,https://www.suse.com/security/cve/CVE-2017-9755,"opcodes/i386-dis.c in GNU Binutils 2.28 does not consider the number of registers for bnd mode, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during \"objdump -D\" execution.",Unsupported
20170619,CVE-2017-9756,3.1,7.8,1030296,binutils,https://www.suse.com/security/cve/CVE-2017-9756,"The aarch64_ext_ldst_reglist function in opcodes/aarch64-dis.c in GNU Binutils 2.28 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during \"objdump -D\" execution.",Ignore
20170620,CVE-2017-1000376,7.4,7,1045091,gcc43,https://www.suse.com/security/cve/CVE-2017-1000376,"libffi requests an executable stack allowing attackers to more easily trigger arbitrary code execution by overwriting the stack. Please note that libffi is used by a number of other libraries. It was previously stated that this affects libffi version 3.2.1 but this appears to be incorrect. libffi prior to version 3.1 on 32 bit x86 systems was vulnerable, and upstream is believed to have fixed this issue in version 3.1.",Released
20170620,CVE-2017-3167,7.4,9.8,1045065,apache2,https://www.suse.com/security/cve/CVE-2017-3167,"In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, use of the ap_get_basic_auth_pw() by third-party modules outside of the authentication phase may lead to authentication requirements being bypassed.",Released
20170620,CVE-2017-3169,3.7,9.8,1045062,apache2,https://www.suse.com/security/cve/CVE-2017-3169,"In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, mod_ssl may dereference a NULL pointer when third-party modules call ap_hook_process_connection() during an HTTP request to an HTTPS port.",Released
20170620,CVE-2017-7508,5.9,7.5,1044947,openvpn,https://www.suse.com/security/cve/CVE-2017-7508,"OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to remote denial-of-service when receiving malformed IPv6 packet.",Released
20170620,CVE-2017-7520,8.2,7.4,1044947,openvpn,https://www.suse.com/security/cve/CVE-2017-7520,"OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to denial-of-service and/or possibly sensitive memory leak triggered by man-in-the-middle attacker.",Released
20170620,CVE-2017-7521,7.5,5.9,1044947,openvpn,https://www.suse.com/security/cve/CVE-2017-7521,"OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to remote denial-of-service due to memory exhaustion caused by memory leaks and double-free issue in extract_x509_extension().",Released
20170620,CVE-2017-7522,6.5,6.5,1044947,openvpn,https://www.suse.com/security/cve/CVE-2017-7522,"OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to denial-of-service by authenticated remote attacker via sending a certificate with an embedded NULL character.",Released
20170620,CVE-2017-7668,,7.5,1045061,apache2,https://www.suse.com/security/cve/CVE-2017-7668,"The HTTP strict parsing changes added in Apache httpd 2.2.32 and 2.4.24 introduced a bug in token list parsing, which allows ap_find_token() to search past the end of its input string. By maliciously crafting a sequence of request headers, an attacker may be able to cause a segmentation fault, or to force ap_find_token() to return an incorrect value.",Released
20170620,CVE-2017-7679,6.5,9.8,1045060,apache2,https://www.suse.com/security/cve/CVE-2017-7679,"In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, mod_mime can read one byte past the end of a buffer when sending a malicious Content-Type response header.",Released
20170620,CVE-2017-9763,4.1,7.5,1045063,grub2,https://www.suse.com/security/cve/CVE-2017-9763,"The grub_ext2_read_block function in fs/ext2.c in GNU GRUB before 2013-11-12, as used in shlr/grub/fs/ext2.c in radare2 1.5.0, allows remote attackers to cause a denial of service (excessive stack use and application crash) via a crafted binary file, related to use of a variable-size stack array.",Released
20170621,CVE-2017-9766,5.3,7.5,1045341,libsmi,https://www.suse.com/security/cve/CVE-2017-9766,"In Wireshark 2.2.7, PROFINET IO data with a high recursion depth allows remote attackers to cause a denial of service (stack exhaustion) in the dissect_IODWriteReq function in plugins/profinet/packet-dcerpc-pn-io.c.",Released
20170621,CVE-2017-9766,5.3,7.5,1045341,portaudio,https://www.suse.com/security/cve/CVE-2017-9766,"In Wireshark 2.2.7, PROFINET IO data with a high recursion depth allows remote attackers to cause a denial of service (stack exhaustion) in the dissect_IODWriteReq function in plugins/profinet/packet-dcerpc-pn-io.c.",Released
20170621,CVE-2017-9766,5.3,7.5,1045341,wireshark,https://www.suse.com/security/cve/CVE-2017-9766,"In Wireshark 2.2.7, PROFINET IO data with a high recursion depth allows remote attackers to cause a denial of service (stack exhaustion) in the dissect_IODWriteReq function in plugins/profinet/packet-dcerpc-pn-io.c.",Released
20170622,CVE-2012-6706,8.8,,1045315,clamav,https://www.suse.com/security/cve/CVE-2012-6706,"A VMSF_DELTA memory corruption was discovered in unrar before 5.5.5, as used in Sophos Anti-Virus Threat Detection Engine before 3.37.2 and other products, that can lead to arbitrary code execution. An integer overflow can be caused in DataSize+CurChannel. The result is a negative value of the \"DestPos\" variable, which allows the attacker to write out of bounds when setting Mem[DestPos].",Released
20170622,CVE-2012-6706,8.8,,1045315,unrar,https://www.suse.com/security/cve/CVE-2012-6706,"A VMSF_DELTA memory corruption was discovered in unrar before 5.5.5, as used in Sophos Anti-Virus Threat Detection Engine before 3.37.2 and other products, that can lead to arbitrary code execution. An integer overflow can be caused in DataSize+CurChannel. The result is a negative value of the \"DestPos\" variable, which allows the attacker to write out of bounds when setting Mem[DestPos].",Released
20170622,CVE-2017-9782,5.3,5.5,1045450,jasper,https://www.suse.com/security/cve/CVE-2017-9782,"JasPer 2.0.12 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted image, related to the jp2_decode function in libjasper/jp2/jp2_dec.c.",Released
20170623,CVE-2017-9269,7.7,9.8,1038984,libzypp,https://www.suse.com/security/cve/CVE-2017-9269,"In libzypp before August 2018 GPG keys attached to YUM repositories were not correctly pinned, allowing malicious repository mirrors to silently downgrade to unsigned repositories with potential malicious content.",Ignore
20170623,CVE-2017-9776,6.5,7.8,1045721,poppler,https://www.suse.com/security/cve/CVE-2017-9776,"Integer overflow leading to Heap buffer overflow in JBIG2Stream.cc in pdftocairo in Poppler before 0.56 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document.",Released
20170627,CVE-2017-7482,6.6,7.8,1046107,kernel-source,https://www.suse.com/security/cve/CVE-2017-7482,"In the Linux kernel before version 4.12, Kerberos 5 tickets decoded when using the RXRPC keys incorrectly assumes the size of a field. This could lead to the size-remaining variable wrapping and the data pointer going over the end of the buffer. This could possibly lead to memory corruption and possible privilege escalation.",Released
20170627,CVE-2017-9935,7.3,8.8,1046077,tiff,https://www.suse.com/security/cve/CVE-2017-9935,"In LibTIFF 4.0.8, there is a heap-based buffer overflow in the t2p_write_pdf function in tools/tiff2pdf.c. This heap overflow could lead to different damages. For example, a crafted TIFF document can lead to an out-of-bounds read in TIFFCleanup, an invalid free in TIFFClose or t2p_free, memory corruption in t2p_readwrite_pdf_image, or a double free in t2p_free. Given these possibilities, it probably could cause arbitrary code execution.",Released
20170627,CVE-2017-9937,5.3,6.5,1046071,tiff,https://www.suse.com/security/cve/CVE-2017-9937,"In LibTIFF 4.0.8, there is a memory malloc failure in tif_jbig.c. A crafted TIFF document can lead to an abort resulting in a remote denial of service attack.",Ignore
20170627,CVE-2017-9955,4.3,5.5,1046094,binutils,https://www.suse.com/security/cve/CVE-2017-9955,"The get_build_id function in opncls.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file in which a certain size field is larger than a corresponding data field, as demonstrated by mishandling within the objdump program.",Unsupported
20170629,CVE-2017-10664,5.3,7.5,1046636,kvm,https://www.suse.com/security/cve/CVE-2017-10664,"qemu-nbd in QEMU (aka Quick Emulator) does not ignore SIGPIPE, which allows remote attackers to cause a denial of service (daemon crash) by disconnecting during a server-to-client reply attempt.",Released
20170629,CVE-2017-10664,5.3,7.5,1046636,xen,https://www.suse.com/security/cve/CVE-2017-10664,"qemu-nbd in QEMU (aka Quick Emulator) does not ignore SIGPIPE, which allows remote attackers to cause a denial of service (daemon crash) by disconnecting during a server-to-client reply attempt.",Ignore
20170629,CVE-2017-3142,5.3,3.7,1024130,bind,https://www.suse.com/security/cve/CVE-2017-3142,"An attacker who is able to send and receive messages to an authoritative DNS server and who has knowledge of a valid TSIG key name may be able to circumvent TSIG authentication of AXFR requests via a carefully constructed request packet. A server that relies solely on TSIG keys for protection with no other ACL protection could be manipulated into: providing an AXFR of a zone to an unauthorized recipient or accepting bogus NOTIFY packets. Affects BIND 9.4.0->9.8.8, 9.9.0->9.9.10-P1, 9.10.0->9.10.5-P1, 9.11.0->9.11.1-P1, 9.9.3-S1->9.9.10-S2, 9.10.5-S1->9.10.5-S2.",Released
20170629,CVE-2017-3143,7.5,5.9,1024130,bind,https://www.suse.com/security/cve/CVE-2017-3143,"An attacker who is able to send and receive messages to an authoritative DNS server and who has knowledge of a valid TSIG key name for the zone and service being targeted may be able to manipulate BIND into accepting an unauthorized dynamic update. Affects BIND 9.4.0->9.8.8, 9.9.0->9.9.10-P1, 9.10.0->9.10.5-P1, 9.11.0->9.11.1-P1, 9.9.3-S1->9.9.10-S2, 9.10.5-S1->9.10.5-S2.",Released
20170629,CVE-2017-7526,2.9,6.8,1046607,libgcrypt,https://www.suse.com/security/cve/CVE-2017-7526,"libgcrypt before version 1.7.8 is vulnerable to a cache side-channel attack resulting into a complete break of RSA-1024 while using the left-to-right method for computing the sliding-window expansion. The same attack is believed to work on RSA-2048 with moderately more computation. This side-channel requires that attacker can run arbitrary software on the hardware where the private RSA key is used.",Released
20170629,CVE-2017-9984,4.7,7.8,1046599,kernel-source,https://www.suse.com/security/cve/CVE-2017-9984,"The snd_msnd_interrupt function in sound/isa/msnd/msnd_pinnacle.c in the Linux kernel through 4.11.7 allows local users to cause a denial of service (over-boundary access) or possibly have unspecified other impact by changing the value of a message queue head pointer between two kernel reads of that value, aka a \"double fetch\" vulnerability.",Unsupported
20170629,CVE-2017-9985,4.7,7.8,1046601,kernel-source,https://www.suse.com/security/cve/CVE-2017-9985,"The snd_msndmidi_input_read function in sound/isa/msnd/msnd_midi.c in the Linux kernel through 4.11.7 allows local users to cause a denial of service (over-boundary access) or possibly have unspecified other impact by changing the value of a message queue head pointer between two kernel reads of that value, aka a \"double fetch\" vulnerability.",Unsupported
20170629,CVE-2017-9986,4.7,7.8,1046600,kernel-source,https://www.suse.com/security/cve/CVE-2017-9986,"The intr function in sound/oss/msnd_pinnacle.c in the Linux kernel through 4.11.7 allows local users to cause a denial of service (over-boundary access) or possibly have unspecified other impact by changing the value of a message queue head pointer between two kernel reads of that value, aka a \"double fetch\" vulnerability.",Ignore
20170630,CVE-2017-10672,7,9.8,1046848,perl-XML-LibXML,https://www.suse.com/security/cve/CVE-2017-10672,"Use-after-free in the XML-LibXML module through 2.0129 for Perl allows remote attackers to execute arbitrary code by controlling the arguments to a replaceChild call.",Released
20170630,CVE-2017-10684,5.6,9.8,1046858,ncurses,https://www.suse.com/security/cve/CVE-2017-10684,"In ncurses 6.0, there is a stack-based buffer overflow in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack.",Released
20170630,CVE-2017-10685,5.6,9.8,1046853,ncurses,https://www.suse.com/security/cve/CVE-2017-10685,"In ncurses 6.0, there is a format string vulnerability in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack.",Released
20170630,CVE-2017-10688,5.3,7.5,1046770,tiff,https://www.suse.com/security/cve/CVE-2017-10688,"In LibTIFF 4.0.8, there is a assertion abort in the TIFFWriteDirectoryTagCheckedLong8Array function in tif_dirwrite.c. A crafted input will lead to a remote denial of service attack.",Already fixed
20170630,CVE-2017-7506,7.6,8.8,1046779,spice,https://www.suse.com/security/cve/CVE-2017-7506,"spice versions though 0.13 are vulnerable to out-of-bounds memory access when processing specially crafted messages from authenticated attacker to the spice server resulting into crash and/or server memory leak.",Released
20170703,CVE-2017-10788,5.9,9.8,1047095,perl-DBD-mysql,https://www.suse.com/security/cve/CVE-2017-10788,"The DBD::mysql module through 4.043 for Perl allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly have unspecified other impact by triggering (1) certain error responses from a MySQL server or (2) a loss of a network connection to a MySQL server. The use-after-free defect was introduced by relying on incorrect Oracle mysql_stmt_close documentation and code examples.",Released
20170703,CVE-2017-10789,4.8,5.9,1047059,perl-DBD-mysql,https://www.suse.com/security/cve/CVE-2017-10789,"The DBD::mysql module through 4.043 for Perl uses the mysql_ssl=1 setting to mean that SSL is optional (even though this setting's documentation has a \"your communication with the server will be encrypted\" statement), which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack, a related issue to CVE-2015-3152.",Released
20170703,CVE-2017-10790,5.9,7.5,1047002,gnutls,https://www.suse.com/security/cve/CVE-2017-10790,"The _asn1_check_identifier function in GNU Libtasn1 through 4.12 causes a NULL pointer dereference and crash when reading crafted input that triggers assignment of a NULL value within an asn1_node structure. It may lead to a remote denial of service attack.",Released
20170703,CVE-2017-10799,3.7,5.5,1047054,ImageMagick,https://www.suse.com/security/cve/CVE-2017-10799,"When GraphicsMagick 1.3.25 processes a DPX image (with metadata indicating a large width) in coders/dpx.c, a denial of service (OOM) can occur in ReadDPXImage().",Released
20170703,CVE-2017-10800,5.3,5.5,1047044,ImageMagick,https://www.suse.com/security/cve/CVE-2017-10800,"When GraphicsMagick 1.3.25 processes a MATLAB image in coders/mat.c, it can lead to a denial of service (OOM) in ReadMATImage() if the size specified for a MAT Object is larger than the actual amount of data.",Released
20170704,CVE-2017-6512,5.1,5.9,1042218,perl,https://www.suse.com/security/cve/CVE-2017-6512,"Race condition in the rmtree and remove_tree functions in the File-Path module before 2.13 for Perl allows attackers to set the mode on arbitrary files via vectors involving directory-permission loosening logic.",Released
20170705,CVE-2017-10810,5.1,7.5,1047277,kernel-source,https://www.suse.com/security/cve/CVE-2017-10810,"Memory leak in the virtio_gpu_object_create function in drivers/gpu/drm/virtio/virtgpu_object.c in the Linux kernel through 4.11.8 allows attackers to cause a denial of service (memory consumption) by triggering object-initialization failures.",Unsupported
20170705,CVE-2017-10911,4.3,6.5,1042863,kernel-source,https://www.suse.com/security/cve/CVE-2017-10911,"The make_response function in drivers/block/xen-blkback/blkback.c in the Linux kernel before 4.11.8 allows guest OS users to obtain sensitive information from host OS (or other guest OS) kernel memory by leveraging the copying of uninitialized padding fields in Xen block-interface response structures, aka XSA-216.",Released
20170705,CVE-2017-10911,4.3,6.5,1042863,xen,https://www.suse.com/security/cve/CVE-2017-10911,"The make_response function in drivers/block/xen-blkback/blkback.c in the Linux kernel before 4.11.8 allows guest OS users to obtain sensitive information from host OS (or other guest OS) kernel memory by leveraging the copying of uninitialized padding fields in Xen block-interface response structures, aka XSA-216.",Released
20170705,CVE-2017-10912,8.1,10,1042882,xen,https://www.suse.com/security/cve/CVE-2017-10912,"Xen through 4.8.x mishandles page transfer, which allows guest OS users to obtain privileged host OS access, aka XSA-217.",Released
20170705,CVE-2017-10913,8.1,9.8,1042893,xen,https://www.suse.com/security/cve/CVE-2017-10913,"The grant-table feature in Xen through 4.8.x provides false mapping information in certain cases of concurrent unmap calls, which allows backend attackers to obtain sensitive information or gain privileges, aka XSA-218 bug 1.",Released
20170705,CVE-2017-10914,8.1,8.1,1042893,xen,https://www.suse.com/security/cve/CVE-2017-10914,"The grant-table feature in Xen through 4.8.x has a race condition leading to a double free, which allows guest OS users to cause a denial of service (memory consumption), or possibly obtain sensitive information or gain privileges, aka XSA-218 bug 2.",Released
20170705,CVE-2017-10915,8.1,9,1042915,xen,https://www.suse.com/security/cve/CVE-2017-10915,"The shadow-paging feature in Xen through 4.8.x mismanages page references and consequently introduces a race condition, which allows guest OS users to obtain Xen privileges, aka XSA-219.",Released
20170705,CVE-2017-10917,7.9,9.1,1042924,xen,https://www.suse.com/security/cve/CVE-2017-10917,"Xen through 4.8.x does not validate the port numbers of polled event channel ports, which allows guest OS users to cause a denial of service (NULL pointer dereference and host OS crash) or possibly obtain sensitive information, aka XSA-221.",Released
20170705,CVE-2017-10918,8.1,10,1042931,xen,https://www.suse.com/security/cve/CVE-2017-10918,"Xen through 4.8.x does not validate memory allocations during certain P2M operations, which allows guest OS users to obtain privileged host OS access, aka XSA-222.",Released
20170705,CVE-2017-10920,8.1,10,1042938,xen,https://www.suse.com/security/cve/CVE-2017-10920,"The grant-table feature in Xen through 4.8.x mishandles a GNTMAP_device_map and GNTMAP_host_map mapping, when followed by only a GNTMAP_host_map unmapping, which allows guest OS users to cause a denial of service (count mismanagement and memory corruption) or obtain privileged host OS access, aka XSA-224 bug 1.",Released
20170705,CVE-2017-10921,8.1,10,1042938,xen,https://www.suse.com/security/cve/CVE-2017-10921,"The grant-table feature in Xen through 4.8.x does not ensure sufficient type counts for a GNTMAP_device_map and GNTMAP_host_map mapping, which allows guest OS users to cause a denial of service (count mismanagement and memory corruption) or obtain privileged host OS access, aka XSA-224 bug 2.",Released
20170705,CVE-2017-10928,5.3,8.8,1047356,ImageMagick,https://www.suse.com/security/cve/CVE-2017-10928,"In ImageMagick 7.0.6-0, a heap-based buffer over-read in the GetNextToken function in token.c allows remote attackers to obtain sensitive information from process memory or possibly have unspecified other impact via a crafted SVG document that is mishandled in the GetUserSpaceCoordinateValue function in coders/svg.c.",Released
20170706,CVE-2016-10396,5.9,7.5,1047443,ipsec-tools,https://www.suse.com/security/cve/CVE-2016-10396,"The racoon daemon in IPsec-Tools 0.8.2 contains a remotely exploitable computational-complexity attack when parsing and storing ISAKMP fragments. The implementation permits a remote attacker to exhaust computational resources on the remote endpoint by repeatedly sending ISAKMP fragment packets in a particular order such that the worst-case computational complexity is realized in the algorithm utilized to determine if reassembly of the fragments can take place.",Released
20170706,CVE-2017-10971,,8.8,1035283,xorg-x11-server,https://www.suse.com/security/cve/CVE-2017-10971,"In the X.Org X server before 2017-06-19, a user authenticated to an X Session could crash or execute code in the context of the X Server by exploiting a stack overflow in the endianness conversion of X Events.",Released
20170706,CVE-2017-10972,,6.5,1035283,xorg-x11-server,https://www.suse.com/security/cve/CVE-2017-10972,"Uninitialized data in endianness conversion in the XEvent handling of the X.Org X Server before 2017-06-19 allowed authenticated malicious users to access potentially privileged data from the X server.",Released
20170707,CVE-2017-10806,5.9,5.5,1047674,kvm,https://www.suse.com/security/cve/CVE-2017-10806,"Stack-based buffer overflow in hw/usb/redirect.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (QEMU process crash) via vectors related to logging debug messages.",Released
20170707,CVE-2017-10806,5.9,5.5,1047674,xen,https://www.suse.com/security/cve/CVE-2017-10806,"Stack-based buffer overflow in hw/usb/redirect.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (QEMU process crash) via vectors related to logging debug messages.",Released
20170710,CVE-2016-10397,6.5,7.5,1047454,php53,https://www.suse.com/security/cve/CVE-2016-10397,"In PHP before 5.6.28 and 7.x before 7.0.13, incorrect handling of various URI components in the URL parser could be used by attackers to bypass hostname-specific URL checks, as demonstrated by evil.example.com:80#@good.example.com/ and evil.example.com:80?@good.example.com/ inputs to the parse_url function (implemented in the php_url_parse_ex function in ext/standard/url.c).",Released
20170710,CVE-2017-1000050,5.3,7.5,1047958,jasper,https://www.suse.com/security/cve/CVE-2017-1000050,"JasPer 2.0.12 is vulnerable to a NULL pointer exception in the function jp2_encode which failed to check to see if the image contained at least one component resulting in a denial-of-service.",Released
20170710,CVE-2017-10686,6.5,7.8,1047936,firefox-atk,https://www.suse.com/security/cve/CVE-2017-10686,"In Netwide Assembler (NASM) 2.14rc0, there are multiple heap use after free vulnerabilities in the tool nasm. The related heap is allocated in the token() function and freed in the detoken() function (called by pp_getline()) - it is used again at multiple positions later that could cause multiple damages. For example, it causes a corrupted double-linked list in detoken(), a double free or corruption in delete_Token(), and an out-of-bounds write in detoken(). It has a high possibility to lead to a remote code execution attack.",Released
20170710,CVE-2017-10686,6.5,7.8,1047936,firefox-cairo,https://www.suse.com/security/cve/CVE-2017-10686,"In Netwide Assembler (NASM) 2.14rc0, there are multiple heap use after free vulnerabilities in the tool nasm. The related heap is allocated in the token() function and freed in the detoken() function (called by pp_getline()) - it is used again at multiple positions later that could cause multiple damages. For example, it causes a corrupted double-linked list in detoken(), a double free or corruption in delete_Token(), and an out-of-bounds write in detoken(). It has a high possibility to lead to a remote code execution attack.",Released
20170710,CVE-2017-10686,6.5,7.8,1047936,firefox-gcc8,https://www.suse.com/security/cve/CVE-2017-10686,"In Netwide Assembler (NASM) 2.14rc0, there are multiple heap use after free vulnerabilities in the tool nasm. The related heap is allocated in the token() function and freed in the detoken() function (called by pp_getline()) - it is used again at multiple positions later that could cause multiple damages. For example, it causes a corrupted double-linked list in detoken(), a double free or corruption in delete_Token(), and an out-of-bounds write in detoken(). It has a high possibility to lead to a remote code execution attack.",Released
20170710,CVE-2017-10686,6.5,7.8,1047936,firefox-gdk-pixbuf,https://www.suse.com/security/cve/CVE-2017-10686,"In Netwide Assembler (NASM) 2.14rc0, there are multiple heap use after free vulnerabilities in the tool nasm. The related heap is allocated in the token() function and freed in the detoken() function (called by pp_getline()) - it is used again at multiple positions later that could cause multiple damages. For example, it causes a corrupted double-linked list in detoken(), a double free or corruption in delete_Token(), and an out-of-bounds write in detoken(). It has a high possibility to lead to a remote code execution attack.",Released
20170710,CVE-2017-10686,6.5,7.8,1047936,firefox-glib2,https://www.suse.com/security/cve/CVE-2017-10686,"In Netwide Assembler (NASM) 2.14rc0, there are multiple heap use after free vulnerabilities in the tool nasm. The related heap is allocated in the token() function and freed in the detoken() function (called by pp_getline()) - it is used again at multiple positions later that could cause multiple damages. For example, it causes a corrupted double-linked list in detoken(), a double free or corruption in delete_Token(), and an out-of-bounds write in detoken(). It has a high possibility to lead to a remote code execution attack.",Released
20170710,CVE-2017-10686,6.5,7.8,1047936,firefox-gtk3,https://www.suse.com/security/cve/CVE-2017-10686,"In Netwide Assembler (NASM) 2.14rc0, there are multiple heap use after free vulnerabilities in the tool nasm. The related heap is allocated in the token() function and freed in the detoken() function (called by pp_getline()) - it is used again at multiple positions later that could cause multiple damages. For example, it causes a corrupted double-linked list in detoken(), a double free or corruption in delete_Token(), and an out-of-bounds write in detoken(). It has a high possibility to lead to a remote code execution attack.",Released
20170710,CVE-2017-10686,6.5,7.8,1047936,firefox-harfbuzz,https://www.suse.com/security/cve/CVE-2017-10686,"In Netwide Assembler (NASM) 2.14rc0, there are multiple heap use after free vulnerabilities in the tool nasm. The related heap is allocated in the token() function and freed in the detoken() function (called by pp_getline()) - it is used again at multiple positions later that could cause multiple damages. For example, it causes a corrupted double-linked list in detoken(), a double free or corruption in delete_Token(), and an out-of-bounds write in detoken(). It has a high possibility to lead to a remote code execution attack.",Released
20170710,CVE-2017-10686,6.5,7.8,1047936,firefox-libffi-gcc5,https://www.suse.com/security/cve/CVE-2017-10686,"In Netwide Assembler (NASM) 2.14rc0, there are multiple heap use after free vulnerabilities in the tool nasm. The related heap is allocated in the token() function and freed in the detoken() function (called by pp_getline()) - it is used again at multiple positions later that could cause multiple damages. For example, it causes a corrupted double-linked list in detoken(), a double free or corruption in delete_Token(), and an out-of-bounds write in detoken(). It has a high possibility to lead to a remote code execution attack.",Released
20170710,CVE-2017-10686,6.5,7.8,1047936,firefox-libffi,https://www.suse.com/security/cve/CVE-2017-10686,"In Netwide Assembler (NASM) 2.14rc0, there are multiple heap use after free vulnerabilities in the tool nasm. The related heap is allocated in the token() function and freed in the detoken() function (called by pp_getline()) - it is used again at multiple positions later that could cause multiple damages. For example, it causes a corrupted double-linked list in detoken(), a double free or corruption in delete_Token(), and an out-of-bounds write in detoken(). It has a high possibility to lead to a remote code execution attack.",Released
20170710,CVE-2017-10686,6.5,7.8,1047936,firefox-pango,https://www.suse.com/security/cve/CVE-2017-10686,"In Netwide Assembler (NASM) 2.14rc0, there are multiple heap use after free vulnerabilities in the tool nasm. The related heap is allocated in the token() function and freed in the detoken() function (called by pp_getline()) - it is used again at multiple positions later that could cause multiple damages. For example, it causes a corrupted double-linked list in detoken(), a double free or corruption in delete_Token(), and an out-of-bounds write in detoken(). It has a high possibility to lead to a remote code execution attack.",Released
20170710,CVE-2017-10995,5.3,5.5,1047908,ImageMagick,https://www.suse.com/security/cve/CVE-2017-10995,"The mng_get_long function in coders/png.c in ImageMagick 7.0.6-0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted MNG image.",Released
20170710,CVE-2017-11102,5.3,7.5,1047910,ImageMagick,https://www.suse.com/security/cve/CVE-2017-11102,"The ReadOneJNGImage function in coders/png.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (application crash) during JNG reading via a zero-length color_image data structure.",Affected
20170710,CVE-2017-11108,7.5,7.5,1047873,tcpdump,https://www.suse.com/security/cve/CVE-2017-11108,"tcpdump 4.9.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via crafted packet data. The crash occurs in the EXTRACT_16BITS function, called from the stp_print function for the Spanning Tree Protocol.",Released
20170710,CVE-2017-11109,8.8,7.8,1047959,vim,https://www.suse.com/security/cve/CVE-2017-11109,"Vim 8.0 allows attackers to cause a denial of service (invalid free) or possibly have unspecified other impact via a crafted source (aka -S) file. NOTE: there might be a limited number of scenarios in which this has security relevance.",Ignore
20170710,CVE-2017-11111,4.3,7.8,1047925,firefox-atk,https://www.suse.com/security/cve/CVE-2017-11111,"In Netwide Assembler (NASM) 2.14rc0, preproc.c allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file.",Released
20170710,CVE-2017-11111,4.3,7.8,1047925,firefox-cairo,https://www.suse.com/security/cve/CVE-2017-11111,"In Netwide Assembler (NASM) 2.14rc0, preproc.c allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file.",Released
20170710,CVE-2017-11111,4.3,7.8,1047925,firefox-gcc8,https://www.suse.com/security/cve/CVE-2017-11111,"In Netwide Assembler (NASM) 2.14rc0, preproc.c allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file.",Released
20170710,CVE-2017-11111,4.3,7.8,1047925,firefox-gdk-pixbuf,https://www.suse.com/security/cve/CVE-2017-11111,"In Netwide Assembler (NASM) 2.14rc0, preproc.c allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file.",Released
20170710,CVE-2017-11111,4.3,7.8,1047925,firefox-glib2,https://www.suse.com/security/cve/CVE-2017-11111,"In Netwide Assembler (NASM) 2.14rc0, preproc.c allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file.",Released
20170710,CVE-2017-11111,4.3,7.8,1047925,firefox-gtk3,https://www.suse.com/security/cve/CVE-2017-11111,"In Netwide Assembler (NASM) 2.14rc0, preproc.c allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file.",Released
20170710,CVE-2017-11111,4.3,7.8,1047925,firefox-harfbuzz,https://www.suse.com/security/cve/CVE-2017-11111,"In Netwide Assembler (NASM) 2.14rc0, preproc.c allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file.",Released
20170710,CVE-2017-11111,4.3,7.8,1047925,firefox-libffi-gcc5,https://www.suse.com/security/cve/CVE-2017-11111,"In Netwide Assembler (NASM) 2.14rc0, preproc.c allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file.",Released
20170710,CVE-2017-11111,4.3,7.8,1047925,firefox-libffi,https://www.suse.com/security/cve/CVE-2017-11111,"In Netwide Assembler (NASM) 2.14rc0, preproc.c allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file.",Released
20170710,CVE-2017-11111,4.3,7.8,1047925,firefox-pango,https://www.suse.com/security/cve/CVE-2017-11111,"In Netwide Assembler (NASM) 2.14rc0, preproc.c allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file.",Released
20170710,CVE-2017-11112,5.3,7.5,1046853,ncurses,https://www.suse.com/security/cve/CVE-2017-11112,"In ncurses 6.0, there is an attempted 0xffffffffffffffff access in the append_acs function of tinfo/parse_entry.c. It could lead to a remote denial of service attack if the terminfo library code is used to process untrusted terminfo data.",Released
20170710,CVE-2017-11113,5.3,7.5,1046853,ncurses,https://www.suse.com/security/cve/CVE-2017-11113,"In ncurses 6.0, there is a NULL Pointer Dereference in the _nc_parse_entry function of tinfo/parse_entry.c. It could lead to a remote denial of service attack if the terminfo library code is used to process untrusted terminfo data.",Released
20170710,CVE-2017-11140,7.5,5.5,1047900,ImageMagick,https://www.suse.com/security/cve/CVE-2017-11140,"The ReadJPEGImage function in coders/jpeg.c in GraphicsMagick 1.3.26 creates a pixel cache before a successful read of a scanline, which allows remote attackers to cause a denial of service (resource consumption) via crafted JPEG files.",Affected
20170710,CVE-2017-11141,7.5,6.5,1047898,ImageMagick,https://www.suse.com/security/cve/CVE-2017-11141,"The ReadMATImage function in coders\mat.c in ImageMagick 7.0.5-6 has a memory leak vulnerability that can cause memory exhaustion via a crafted MAT file, related to incorrect ordering of a SetImageExtent call.",Released
20170711,CVE-2017-11144,4.8,7.5,1048096,php53,https://www.suse.com/security/cve/CVE-2017-11144,"In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, the openssl extension PEM sealing code did not check the return value of the OpenSSL sealing function, which could lead to a crash of the PHP interpreter, related to an interpretation conflict for a negative number in ext/openssl/openssl.c, and an OpenSSL documentation omission.",Released
20170711,CVE-2017-11145,,7.5,1048111,php53,https://www.suse.com/security/cve/CVE-2017-11145,"In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, an error in the date extension's timelib_meridian parsing code could be used by attackers able to supply date strings to leak information from the interpreter, related to ext/date/lib/parse_date.c out-of-bounds reads affecting the php_parse_date function. NOTE: the correct fix is in the e8b7698f5ee757ce2c8bd10a192a491a498f891c commit, not the bd77ac90d3bdf31ce2a5251ad92e9e75 gist.",Released
20170711,CVE-2017-11146,-1,-1,1048111,php53,https://www.suse.com/security/cve/CVE-2017-11146,"** REJECT **  DO NOT USE THIS CANDIDATE NUMBER.  ConsultIDs: none.  Reason: This candidate was withdrawn by its CNA.  Further investigation showed that it was not an independently fixable security issue relative to CVE-2017-11145.  Notes: none.",Released
20170711,CVE-2017-11147,4.8,9.1,1048094,php53,https://www.suse.com/security/cve/CVE-2017-11147,"In PHP before 5.6.30 and 7.x before 7.0.15, the PHAR archive handler could be used by attackers supplying malicious archive files to crash the PHP interpreter or potentially disclose information due to a buffer over-read in the phar_parse_pharfile function in ext/phar/phar.c.",Released
20170711,CVE-2017-11166,7.5,6.5,1048110,ImageMagick,https://www.suse.com/security/cve/CVE-2017-11166,"The ReadXWDImage function in coders\xwd.c in ImageMagick 7.0.5-6 has a memory leak vulnerability that can cause memory exhaustion via a crafted length (number of color-map entries) field in the header of an XWD file.",Released
20170712,CVE-2017-11164,3.3,7.5,1048266,pcre,https://www.suse.com/security/cve/CVE-2017-11164,"In PCRE 8.41, the OP_KETRMAX feature in the match function in pcre_exec.c allows stack exhaustion (uncontrolled recursion) when processing a crafted regular expression.",Ignore
20170712,CVE-2017-11171,4,5.5,1025068,gnome-session,https://www.suse.com/security/cve/CVE-2017-11171,"Bad reference counting in the context of accept_ice_connection() in gsm-xsmp-server.c in old versions of gnome-session up until version 2.29.92 allows a local attacker to establish ICE connections to gnome-session with invalid authentication data (an invalid magic cookie). Each failed authentication attempt will leak a file descriptor in gnome-session. When the maximum number of file descriptors is exhausted in the gnome-session process, it will enter an infinite loop trying to communicate without success, consuming 100% of the CPU. The graphical session associated with the gnome-session process will stop working correctly, because communication with gnome-session is no longer possible.",Released
20170712,CVE-2017-11171,4,5.5,1025068,xorg-x11-libICE,https://www.suse.com/security/cve/CVE-2017-11171,"Bad reference counting in the context of accept_ice_connection() in gsm-xsmp-server.c in old versions of gnome-session up until version 2.29.92 allows a local attacker to establish ICE connections to gnome-session with invalid authentication data (an invalid magic cookie). Each failed authentication attempt will leak a file descriptor in gnome-session. When the maximum number of file descriptors is exhausted in the gnome-session process, it will enter an infinite loop trying to communicate without success, consuming 100% of the CPU. The graphical session associated with the gnome-session process will stop working correctly, because communication with gnome-session is no longer possible.",Released
20170712,CVE-2017-11176,7.3,7.8,1048275,kernel-source,https://www.suse.com/security/cve/CVE-2017-11176,"The mq_notify function in the Linux kernel through 4.11.9 does not set the sock pointer to NULL upon entry into the retry logic. During a user-space close of a Netlink socket, it allows attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact.",Released
20170712,CVE-2017-2862,7.5,7.8,1048289,firefox-gdk-pixbuf,https://www.suse.com/security/cve/CVE-2017-2862,"An exploitable heap overflow vulnerability exists in the gdk_pixbuf__jpeg_image_load_increment functionality of Gdk-Pixbuf 2.36.6. A specially crafted jpeg file can cause a heap overflow resulting in remote code execution. An attacker can send a file or url to trigger this vulnerability.",Released
20170712,CVE-2017-2862,7.5,7.8,1048289,gtk2,https://www.suse.com/security/cve/CVE-2017-2862,"An exploitable heap overflow vulnerability exists in the gdk_pixbuf__jpeg_image_load_increment functionality of Gdk-Pixbuf 2.36.6. A specially crafted jpeg file can cause a heap overflow resulting in remote code execution. An attacker can send a file or url to trigger this vulnerability.",Released
20170713,CVE-2017-11188,5.3,7.5,1048457,ImageMagick,https://www.suse.com/security/cve/CVE-2017-11188,"The ReadDPXImage function in coders\dpx.c in ImageMagick 7.0.6-0 has a large loop vulnerability that can cause CPU exhaustion via a crafted DPX file, related to lack of an EOF check.",Released
20170713,CVE-2017-2870,7.3,7.8,1048289,firefox-gdk-pixbuf,https://www.suse.com/security/cve/CVE-2017-2870,"An exploitable integer overflow vulnerability exists in the tiff_image_parse functionality of Gdk-Pixbuf 2.36.6 when compiled with Clang. A specially crafted tiff file can cause a heap-overflow resulting in remote code execution. An attacker can send a file or a URL to trigger this vulnerability.",Ignore
20170713,CVE-2017-2870,7.3,7.8,1048289,gtk2,https://www.suse.com/security/cve/CVE-2017-2870,"An exploitable integer overflow vulnerability exists in the tiff_image_parse functionality of Gdk-Pixbuf 2.36.6 when compiled with Clang. A specially crafted tiff file can cause a heap-overflow resulting in remote code execution. An attacker can send a file or a URL to trigger this vulnerability.",Released
20170713,CVE-2017-9788,4.8,9.1,1048576,apache2,https://www.suse.com/security/cve/CVE-2017-9788,"In Apache httpd before 2.2.34 and 2.4.x before 2.4.27, the value placeholder in [Proxy-]Authorization headers of type 'Digest' was not initialized or reset before or between successive key=value assignments by mod_auth_digest. Providing an initial key with no '=' assignment could reflect the stale value of uninitialized pool memory used by the prior request, leading to leakage of potentially confidential information, and a segfault in other cases resulting in denial of service.",Released
20170717,CVE-2017-11334,6.2,4.4,1048902,kvm,https://www.suse.com/security/cve/CVE-2017-11334,"The address_space_write_continue function in exec.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (out-of-bounds access and guest instance crash) by leveraging use of qemu_map_ram_ptr to access guest ram block area.",Released
20170717,CVE-2017-11334,6.2,4.4,1048902,xen,https://www.suse.com/security/cve/CVE-2017-11334,"The address_space_write_continue function in exec.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (out-of-bounds access and guest instance crash) by leveraging use of qemu_map_ram_ptr to access guest ram block area.",Released
20170717,CVE-2017-11335,8.6,8.8,1048937,tiff,https://www.suse.com/security/cve/CVE-2017-11335,"There is a heap based buffer overflow in tools/tiff2pdf.c of LibTIFF 4.0.8 via a PlanarConfig=Contig image, which causes a more than one hundred bytes out-of-bounds write (related to the ZIPDecode function in tif_zip.c). A crafted input may lead to a remote denial of service attack or an arbitrary code execution attack.",Released
20170718,CVE-2017-10978,,7.5,1049086,freeradius-server,https://www.suse.com/security/cve/CVE-2017-10978,"An FR-GV-201 issue in FreeRADIUS 2.x before 2.2.10 and 3.x before 3.0.15 allows \"Read / write overflow in make_secret()\" and a denial of service.",Released
20170718,CVE-2017-10979,,9.8,1049086,freeradius-server,https://www.suse.com/security/cve/CVE-2017-10979,"An FR-GV-202 issue in FreeRADIUS 2.x before 2.2.10 allows \"Write overflow in rad_coalesce()\" - this allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code.",Released
20170718,CVE-2017-10980,,7.5,1049086,freeradius-server,https://www.suse.com/security/cve/CVE-2017-10980,"An FR-GV-203 issue in FreeRADIUS 2.x before 2.2.10 allows \"DHCP - Memory leak in decode_tlv()\" and a denial of service.",Released
20170718,CVE-2017-10981,,7.5,1049086,freeradius-server,https://www.suse.com/security/cve/CVE-2017-10981,"An FR-GV-204 issue in FreeRADIUS 2.x before 2.2.10 allows \"DHCP - Memory leak in fr_dhcp_decode()\" and a denial of service.",Released
20170718,CVE-2017-10982,,7.5,1049086,freeradius-server,https://www.suse.com/security/cve/CVE-2017-10982,"An FR-GV-205 issue in FreeRADIUS 2.x before 2.2.10 allows \"DHCP - Buffer over-read in fr_dhcp_decode_options()\" and a denial of service.",Released
20170718,CVE-2017-10983,,7.5,1049086,freeradius-server,https://www.suse.com/security/cve/CVE-2017-10983,"An FR-GV-206 issue in FreeRADIUS 2.x before 2.2.10 and 3.x before 3.0.15 allows \"DHCP - Read overflow when decoding option 63\" and a denial of service.",Released
20170718,CVE-2017-10984,8.1,9.8,1049086,freeradius-server,https://www.suse.com/security/cve/CVE-2017-10984,"An FR-GV-301 issue in FreeRADIUS 3.x before 3.0.15 allows \"Write overflow in data2vp_wimax()\" - this allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code.",Released
20170718,CVE-2017-10985,,7.5,1049086,freeradius-server,https://www.suse.com/security/cve/CVE-2017-10985,"An FR-GV-302 issue in FreeRADIUS 3.x before 3.0.15 allows \"Infinite loop and memory exhaustion with 'concat' attributes\" and a denial of service.",Released
20170718,CVE-2017-10986,,7.5,1049086,freeradius-server,https://www.suse.com/security/cve/CVE-2017-10986,"An FR-GV-303 issue in FreeRADIUS 3.x before 3.0.15 allows \"DHCP - Infinite read in dhcp_attr2vp()\" and a denial of service.",Released
20170718,CVE-2017-10987,,7.5,1049086,freeradius-server,https://www.suse.com/security/cve/CVE-2017-10987,"An FR-GV-304 issue in FreeRADIUS 3.x before 3.0.15 allows \"DHCP - Buffer over-read in fr_dhcp_decode_suboptions()\" and a denial of service.",Released
20170718,CVE-2017-10988,,,1049086,freeradius-server,https://www.suse.com/security/cve/CVE-2017-10988,"** REJECT **  DO NOT USE THIS CANDIDATE NUMBER.  ConsultIDs: none.  Reason: This candidate was withdrawn by its CNA.  Further investigation showed that it was not a security issue.  Notes: none.",Released
20170718,CVE-2017-11403,8.1,8.8,1049072,ImageMagick,https://www.suse.com/security/cve/CVE-2017-11403,"The ReadMNGImage function in coders/png.c in GraphicsMagick 1.3.26 has an out-of-order CloseBlob call, resulting in a use-after-free via a crafted file.",Released
20170718,CVE-2017-11406,,7.5,1049255,wireshark,https://www.suse.com/security/cve/CVE-2017-11406,"In Wireshark 2.2.0 to 2.2.7 and 2.0.0 to 2.0.13, the DOCSIS dissector could go into an infinite loop. This was addressed in plugins/docsis/packet-docsis.c by rejecting invalid Frame Control parameter values.",Released
20170718,CVE-2017-11407,,7.5,1049255,wireshark,https://www.suse.com/security/cve/CVE-2017-11407,"In Wireshark 2.2.0 to 2.2.7 and 2.0.0 to 2.0.13, the MQ dissector could crash. This was addressed in epan/dissectors/packet-mq.c by validating the fragment length before a reassembly attempt.",Released
20170718,CVE-2017-11408,,7.5,1049255,wireshark,https://www.suse.com/security/cve/CVE-2017-11408,"In Wireshark 2.2.0 to 2.2.7 and 2.0.0 to 2.0.13, the AMQP dissector could crash. This was addressed in epan/dissectors/packet-amqp.c by checking for successful list dissection.",Released
20170718,CVE-2017-11409,,7.5,1049255,wireshark,https://www.suse.com/security/cve/CVE-2017-11409,"In Wireshark 2.0.0 to 2.0.13, the GPRS LLC dissector could go into a large loop. This was addressed in epan/dissectors/packet-gprs-llc.c by using a different integer data type.",Released
20170718,CVE-2017-11410,,7.5,1033938,wireshark,https://www.suse.com/security/cve/CVE-2017-11410,"In Wireshark through 2.0.13 and 2.2.x through 2.2.7, the WBXML dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-wbxml.c by adding validation of the relationships between indexes and lengths. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-7702.",Released
20170718,CVE-2017-11411,7.5,7.5,1049255,wireshark,https://www.suse.com/security/cve/CVE-2017-11411,"In Wireshark through 2.0.13 and 2.2.x through 2.2.7, the openSAFETY dissector could crash or exhaust system memory. This was addressed in epan/dissectors/packet-opensafety.c by adding length validation. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-9350.",Released
20170718,CVE-2017-9814,3.3,7.5,1049092,cairo,https://www.suse.com/security/cve/CVE-2017-9814,"cairo-truetype-subset.c in cairo 1.15.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) because of mishandling of an unexpected malloc(0) call.",Released
20170719,CVE-2017-10053,5.3,5.3,1049305,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2017-10053,"Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: 2D). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).",Released
20170719,CVE-2017-10067,7.5,7.5,1049306,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2017-10067,"Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H).",Released
20170719,CVE-2017-10074,8.3,8.3,1049307,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2017-10074,"Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).",Released
20170719,CVE-2017-10081,4.3,4.3,1049309,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2017-10081,"Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N).",Released
20170719,CVE-2017-10087,9.6,9.6,1049311,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2017-10087,"Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).",Released
20170719,CVE-2017-10089,9.6,9.6,1049312,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2017-10089,"Vulnerability in the Java SE component of Oracle Java SE (subcomponent: ImageIO). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).",Released
20170719,CVE-2017-10090,9.6,9.6,1049313,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2017-10090,"Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).",Released
20170719,CVE-2017-10096,9.6,9.6,1049314,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2017-10096,"Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JAXP). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).",Released
20170719,CVE-2017-10101,9.6,9.6,1049315,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2017-10101,"Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JAXP). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).",Released
20170719,CVE-2017-10102,9,9,1049316,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2017-10102,"Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. While the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 9.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H).",Released
20170719,CVE-2017-10105,4.3,4.3,1049317,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2017-10105,"Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N).",Released
20170719,CVE-2017-10107,9.6,9.6,1049318,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2017-10107,"Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).",Released
20170719,CVE-2017-10108,5.3,5.3,1049319,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2017-10108,"Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).",Released
20170719,CVE-2017-10109,5.3,5.3,1049320,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2017-10109,"Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).",Released
20170719,CVE-2017-10110,9.6,9.6,1049321,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2017-10110,"Vulnerability in the Java SE component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).",Released
20170719,CVE-2017-10111,9.6,9.6,1049322,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2017-10111,"Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). The supported version that is affected is Java SE: 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).",Released
20170719,CVE-2017-10115,,7.5,1049324,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2017-10115,"Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JCE). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).",Released
20170719,CVE-2017-10116,8.3,8.3,1049325,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2017-10116,"Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).",Released
20170719,CVE-2017-10125,7.1,7.1,1049327,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2017-10125,"Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java SE: 7u141 and 8u131. Difficult to exploit vulnerability allows physical access to compromise Java SE. While the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: Applies to deployment of Java where the Java Auto Update is enabled. CVSS 3.0 Base Score 7.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H).",Released
20170719,CVE-2017-10243,6.5,6.5,1049332,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2017-10243,"Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JAX-WS). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded, JRockit accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 6.5 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L).",Released
20170719,CVE-2017-11360,,6.5,1019611,tiff,https://www.suse.com/security/cve/CVE-2017-11360,"The ReadRLEImage function in coders\rle.c in ImageMagick 7.0.6-1 has a large loop vulnerability via a crafted rle file that triggers a huge number_pixels value.",Released
20170719,CVE-2017-11423,5.5,5.5,1049423,clamav,https://www.suse.com/security/cve/CVE-2017-11423,"The cabd_read_string function in mspack/cabd.c in libmspack 0.5alpha, as used in ClamAV 0.99.2 and other products, allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a crafted CAB file.",Released
20170719,CVE-2017-11434,8.6,5.5,1049381,kvm,https://www.suse.com/security/cve/CVE-2017-11434,"The dhcp_decode function in slirp/bootp.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (out-of-bounds read and QEMU process crash) via a crafted DHCP options string.",Released
20170719,CVE-2017-11434,8.6,5.5,1049381,xen,https://www.suse.com/security/cve/CVE-2017-11434,"The dhcp_decode function in slirp/bootp.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (out-of-bounds read and QEMU process crash) via a crafted DHCP options string.",Affected
20170719,CVE-2017-11448,5.3,6.5,1049375,ImageMagick,https://www.suse.com/security/cve/CVE-2017-11448,"The ReadJPEGImage function in coders/jpeg.c in ImageMagick before 7.0.6-1 allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted file.",Released
20170719,CVE-2017-11449,5.6,8.8,1049373,ImageMagick,https://www.suse.com/security/cve/CVE-2017-11449,"coders/mpc.c in ImageMagick before 7.0.6-1 does not enable seekable streams and thus cannot validate blob sizes, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via an image received from stdin.",Released
20170719,CVE-2017-11450,5.6,8.8,1049374,ImageMagick,https://www.suse.com/security/cve/CVE-2017-11450,"coders/jpeg.c in ImageMagick before 7.0.6-1 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via JPEG data that is too short.",Released
20170720,CVE-2017-1000036,-1,-1,1010675,libxml2,https://www.suse.com/security/cve/CVE-2017-1000036,"** REJECT **  DO NOT USE THIS CANDIDATE NUMBER.  ConsultIDs: none.  Reason: This candidate was withdrawn by its CNA due to lack of a reference providing provenance. Notes: none.",Released
20170720,CVE-2017-1000036,-1,-1,1010675,libxml2-python,https://www.suse.com/security/cve/CVE-2017-1000036,"** REJECT **  DO NOT USE THIS CANDIDATE NUMBER.  ConsultIDs: none.  Reason: This candidate was withdrawn by its CNA due to lack of a reference providing provenance. Notes: none.",Released
20170720,CVE-2017-11473,6.4,7.8,1049603,kernel-source,https://www.suse.com/security/cve/CVE-2017-11473,"Buffer overflow in the mp_override_legacy_irq() function in arch/x86/kernel/acpi/boot.c in the Linux kernel through 3.2 allows local users to gain privileges via a crafted ACPI table.",Released
20170721,CVE-2017-11478,7.5,6.5,1049796,ImageMagick,https://www.suse.com/security/cve/CVE-2017-11478,"The ReadOneDJVUImage function in coders/djvu.c in ImageMagick through 6.9.9-0 and 7.x through 7.0.6-1 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a malformed DJVU image.",Released
20170721,CVE-2017-7542,6.2,5.5,1049882,kernel-source,https://www.suse.com/security/cve/CVE-2017-7542,"The ip6_find_1stfragopt function in net/ipv6/output_core.c in the Linux kernel through 4.12.3 allows local users to cause a denial of service (integer overflow and infinite loop) by leveraging the ability to open a raw socket.",Released
20170724,CVE-2017-11505,5.3,6.5,1050072,ImageMagick,https://www.suse.com/security/cve/CVE-2017-11505,"The ReadOneJNGImage function in coders/png.c in ImageMagick through 6.9.9-0 and 7.x through 7.0.6-1 allows remote attackers to cause a denial of service (large loop and CPU consumption) via a malformed JNG file.",Released
20170724,CVE-2017-11524,7.5,6.5,1050087,ImageMagick,https://www.suse.com/security/cve/CVE-2017-11524,"The WriteBlob function in MagickCore/blob.c in ImageMagick before 6.9.8-10 and 7.x before 7.6.0-0 allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted file.",Released
20170724,CVE-2017-11525,5.3,6.5,1050098,ImageMagick,https://www.suse.com/security/cve/CVE-2017-11525,"The ReadCINImage function in coders/cin.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1 allows remote attackers to cause a denial of service (memory consumption) via a crafted file.",Released
20170724,CVE-2017-11526,,6.5,1050072,ImageMagick,https://www.suse.com/security/cve/CVE-2017-11526,"The ReadOneMNGImage function in coders/png.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1 allows remote attackers to cause a denial of service (large loop and CPU consumption) via a crafted file.",Released
20170724,CVE-2017-11527,5.3,6.5,1047054,ImageMagick,https://www.suse.com/security/cve/CVE-2017-11527,"The ReadDPXImage function in coders/dpx.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1 allows remote attackers to cause a denial of service (memory consumption) via a crafted file.",Released
20170724,CVE-2017-11528,5.3,6.5,1050119,ImageMagick,https://www.suse.com/security/cve/CVE-2017-11528,"The ReadDIBImage function in coders/dib.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1 allows remote attackers to cause a denial of service (memory leak) via a crafted file.",Released
20170724,CVE-2017-11529,5.3,6.5,1050120,ImageMagick,https://www.suse.com/security/cve/CVE-2017-11529,"The ReadMATImage function in coders/mat.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1 allows remote attackers to cause a denial of service (memory leak) via a crafted file.",Released
20170724,CVE-2017-11530,5.3,6.5,1050122,ImageMagick,https://www.suse.com/security/cve/CVE-2017-11530,"The ReadEPTImage function in coders/ept.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1 allows remote attackers to cause a denial of service (memory consumption) via a crafted file.",Released
20170724,CVE-2017-11532,5.3,6.5,1050129,ImageMagick,https://www.suse.com/security/cve/CVE-2017-11532,"When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Memory Leak in the WriteMPCImage() function in coders/mpc.c.",Released
20170724,CVE-2017-11533,5.3,6.5,1050132,ImageMagick,https://www.suse.com/security/cve/CVE-2017-11533,"When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a heap-based buffer over-read in the WriteUILImage() function in coders/uil.c.",Released
20170724,CVE-2017-11534,5.3,6.5,1050135,ImageMagick,https://www.suse.com/security/cve/CVE-2017-11534,"When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Memory Leak in the lite_font_map() function in coders/wmf.c.",Released
20170724,CVE-2017-11535,7.5,6.5,1050139,ImageMagick,https://www.suse.com/security/cve/CVE-2017-11535,"When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a heap-based buffer over-read in the WritePSImage() function in coders/ps.c.",Released
20170724,CVE-2017-11537,7.5,6.5,1050048,ImageMagick,https://www.suse.com/security/cve/CVE-2017-11537,"When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Floating Point Exception (FPE) in the WritePALMImage() function in coders/palm.c, related to an incorrect bits-per-pixel calculation.",Released
20170724,CVE-2017-11539,7.5,6.5,1050037,ImageMagick,https://www.suse.com/security/cve/CVE-2017-11539,"When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Memory Leak in the ReadOnePNGImage() function in coders/png.c.",Released
20170724,CVE-2017-11541,7.5,9.8,1050219,tcpdump,https://www.suse.com/security/cve/CVE-2017-11541,"tcpdump 4.9.0 has a heap-based buffer over-read in the lldp_print function in print-lldp.c, related to util-print.c.",Released
20170724,CVE-2017-11542,5.3,9.8,1050219,tcpdump,https://www.suse.com/security/cve/CVE-2017-11542,"tcpdump 4.9.0 has a heap-based buffer over-read in the pimv1_print function in print-pim.c.",Released
20170724,CVE-2017-11543,7.3,9.8,1050219,tcpdump,https://www.suse.com/security/cve/CVE-2017-11543,"tcpdump 4.9.0 has a buffer overflow in the sliplink_print function in print-sl.c.",Released
20170724,CVE-2017-11591,4.3,7.5,1050257,exiv2,https://www.suse.com/security/cve/CVE-2017-11591,"There is a Floating point exception in the Exiv2::ValueType function in Exiv2 0.26 that will lead to a remote denial of service attack via crafted input.",Released
20170724,CVE-2017-11600,7.3,7,1050231,kernel-source,https://www.suse.com/security/cve/CVE-2017-11600,"net/xfrm/xfrm_policy.c in the Linux kernel through 4.12.3, when CONFIG_XFRM_MIGRATE is enabled, does not ensure that the dir value of xfrm_userpolicy_id is XFRM_POLICY_MAX or less, which allows local users to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via an XFRM_MSG_MIGRATE xfrm Netlink message.",Released
20170724,CVE-2017-7890,5.3,6.5,1050241,gd,https://www.suse.com/security/cve/CVE-2017-7890,"The GIF decoding function gdImageCreateFromGifCtx in gd_gif_in.c in the GD Graphics Library (aka libgd), as used in PHP before 5.6.31 and 7.x before 7.1.7, does not zero colorMap arrays before use. A specially crafted GIF image could use the uninitialized tables to read ~700 bytes from the top of the stack, potentially disclosing sensitive information.",Released
20170724,CVE-2017-7890,5.3,6.5,1050241,php53,https://www.suse.com/security/cve/CVE-2017-7890,"The GIF decoding function gdImageCreateFromGifCtx in gd_gif_in.c in the GD Graphics Library (aka libgd), as used in PHP before 5.6.31 and 7.x before 7.1.7, does not zero colorMap arrays before use. A specially crafted GIF image could use the uninitialized tables to read ~700 bytes from the top of the stack, potentially disclosing sensitive information.",Released
20170725,CVE-2017-11544,,,1047873,tcpdump,https://www.suse.com/security/cve/CVE-2017-11544,"** REJECT **  DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-11543. Reason: This candidate is a duplicate of CVE-2017-11543. Notes: All CVE users should reference CVE-2017-11543 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.",Released
20170726,CVE-2017-11628,7,7.8,1050726,php53,https://www.suse.com/security/cve/CVE-2017-11628,"In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, a stack-based buffer overflow in the zend_ini_do_op() function in Zend/zend_ini_parser.c could cause a denial of service or potentially allow executing code. NOTE: this is only relevant for PHP applications that accept untrusted input (instead of the system's php.ini file) for the parse_ini_string or parse_ini_file function, e.g., a web application for syntax validation of php.ini directives.",Released
20170726,CVE-2017-11636,7,9.8,1050674,ImageMagick,https://www.suse.com/security/cve/CVE-2017-11636,"GraphicsMagick 1.3.26 has a heap overflow in the WriteRGBImage() function in coders/rgb.c when processing multiple frames that have non-identical widths.",Affected
20170726,CVE-2017-11637,7.5,9.8,1050669,ImageMagick,https://www.suse.com/security/cve/CVE-2017-11637,"GraphicsMagick 1.3.26 has a NULL pointer dereference in the WritePCLImage() function in coders/pcl.c during writes of monochrome images.",Released
20170726,CVE-2017-11638,7.5,8.8,1050617,ImageMagick,https://www.suse.com/security/cve/CVE-2017-11638,"GraphicsMagick 1.3.26 has a segmentation violation in the WriteMAPImage() function in coders/map.c when processing a non-colormapped image, a different vulnerability than CVE-2017-11642.",Released
20170726,CVE-2017-11639,6.5,6.5,1050635,ImageMagick,https://www.suse.com/security/cve/CVE-2017-11639,"When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a heap-based buffer over-read in the WriteCIPImage() function in coders/cip.c, related to the GetPixelLuma function in MagickCore/pixel-accessor.h.",Released
20170726,CVE-2017-11640,7.5,6.5,1050632,ImageMagick,https://www.suse.com/security/cve/CVE-2017-11640,"When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to an address access exception in the WritePTIFImage() function in coders/tiff.c.",Released
20170726,CVE-2017-11641,5.3,9.8,1050129,ImageMagick,https://www.suse.com/security/cve/CVE-2017-11641,"GraphicsMagick 1.3.26 has a Memory Leak in the PersistCache function in magick/pixel_cache.c during writing of Magick Persistent Cache (MPC) files.",Affected
20170726,CVE-2017-11642,7.5,8.8,1050617,ImageMagick,https://www.suse.com/security/cve/CVE-2017-11642,"GraphicsMagick 1.3.26 has a NULL pointer dereference in the WriteMAPImage() function in coders/map.c when processing a non-colormapped image, a different vulnerability than CVE-2017-11638.",Released
20170726,CVE-2017-11643,7,9.8,1050611,ImageMagick,https://www.suse.com/security/cve/CVE-2017-11643,"GraphicsMagick 1.3.26 has a heap overflow in the WriteCMYKImage() function in coders/cmyk.c when processing multiple frames that have non-identical widths.",Affected
20170726,CVE-2017-11644,3.3,6.5,1050606,ImageMagick,https://www.suse.com/security/cve/CVE-2017-11644,"When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Memory Leak in the ReadMATImage() function in coders/mat.c.",Released
20170726,CVE-2017-3224,7,8.2,1039315,quagga,https://www.suse.com/security/cve/CVE-2017-3224,"Open Shortest Path First (OSPF) protocol implementations may improperly determine Link State Advertisement (LSA) recency for LSAs with MaxSequenceNumber. According to RFC 2328 section 13.1, for two instances of the same LSA, recency is determined by first comparing sequence numbers, then checksums, and finally MaxAge. In a case where the sequence numbers are the same, the LSA with the larger checksum is considered more recent, and will not be flushed from the Link State Database (LSDB). Since the RFC does not explicitly state that the values of links carried by a LSA must be the same when prematurely aging a self-originating LSA with MaxSequenceNumber, it is possible in vulnerable OSPF implementations for an attacker to craft a LSA with MaxSequenceNumber and invalid links that will result in a larger checksum and thus a 'newer' LSA that will not be flushed from the LSDB. Propagation of the crafted LSA can result in the erasure or alteration of the routing tables of routers within the routing domain, creating a denial of service condition or the re-routing of traffic on the network. CVE-2017-3224 has been reserved for Quagga and downstream implementations (SUSE, openSUSE, and Red Hat packages).",Won't fix
20170726,CVE-2017-7533,7.4,7,1049483,kernel-source,https://www.suse.com/security/cve/CVE-2017-7533,"Race condition in the fsnotify implementation in the Linux kernel through 4.12.4 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that leverages simultaneous execution of the inotify_handle_event and vfs_rename functions.",Released
20170726,CVE-2017-9271,4,3.3,1050625,libzypp,https://www.suse.com/security/cve/CVE-2017-9271,"The commandline package update tool zypper writes HTTP proxy credentials into its logfile, allowing local attackers to gain access to proxies used.",Ignore
20170726,CVE-2017-9271,4,3.3,1050625,zypper,https://www.suse.com/security/cve/CVE-2017-9271,"The commandline package update tool zypper writes HTTP proxy credentials into its logfile, allowing local attackers to gain access to proxies used.",Ignore
20170727,CVE-2017-11671,4.8,4,1050947,gcc5,https://www.suse.com/security/cve/CVE-2017-11671,"Under certain circumstances, the ix86_expand_builtin function in i386.c in GNU Compiler Collection (GCC) version 4.6, 4.7, 4.8, 4.9, 5 before 5.5, and 6 before 6.4 will generate instruction sequences that clobber the status flag of the RDRAND and RDSEED intrinsics before it can be read, potentially causing failures of these instructions to go unreported. This could potentially lead to less randomness in random number generation.",Ignore
20170727,CVE-2017-9611,8.1,7.8,1050893,ghostscript-library,https://www.suse.com/security/cve/CVE-2017-9611,"The Ins_MIRP function in base/ttinterp.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document.",Released
20170727,CVE-2017-9612,8.1,7.8,1050891,ghostscript-library,https://www.suse.com/security/cve/CVE-2017-9612,"The Ins_IP function in base/ttinterp.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly have unspecified other impact via a crafted document.",Released
20170727,CVE-2017-9726,8.1,7.8,1050889,ghostscript-library,https://www.suse.com/security/cve/CVE-2017-9726,"The Ins_MDRP function in base/ttinterp.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document.",Released
20170727,CVE-2017-9727,8.1,7.8,1050888,ghostscript-library,https://www.suse.com/security/cve/CVE-2017-9727,"The gx_ttfReader__Read function in base/gxttfb.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document.",Released
20170727,CVE-2017-9739,8.1,7.8,1050887,ghostscript-library,https://www.suse.com/security/cve/CVE-2017-9739,"The Ins_JMPR function in base/ttinterp.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document.",Released
20170727,CVE-2017-9835,8.1,7.8,1050879,ghostscript-library,https://www.suse.com/security/cve/CVE-2017-9835,"The gs_alloc_ref_array function in psi/ialloc.c in Artifex Ghostscript 9.21 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted PostScript document. This is related to a lack of an integer overflow check in base/gsalloc.c.",Released
20170728,CVE-2017-11185,6.5,7.5,1051222,strongswan,https://www.suse.com/security/cve/CVE-2017-11185,"The gmp plugin in strongSwan before 5.6.0 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted RSA signature.",Released
20170728,CVE-2017-11683,4.3,6.5,1051188,exiv2,https://www.suse.com/security/cve/CVE-2017-11683,"There is a reachable assertion in the Internal::TiffReader::visitDirectory function in tiffvisitor.cpp of Exiv2 0.26 that will lead to a remote denial of service attack via crafted input.",Ignore
20170728,CVE-2017-11714,8.1,7.8,1051184,ghostscript-library,https://www.suse.com/security/cve/CVE-2017-11714,"psi/ztoken.c in Artifex Ghostscript 9.21 mishandles references to the scanner state structure, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PostScript document, related to an out-of-bounds read in the igc_reloc_struct_ptr function in psi/igc.c.",Released
20170731,CVE-2017-11724,7.5,6.5,1051446,ImageMagick,https://www.suse.com/security/cve/CVE-2017-11724,"The ReadMATImage function in coders/mat.c in ImageMagick through 6.9.9-3 and 7.x through 7.0.6-3 has memory leaks involving the quantum_info and clone_info data structures.",Released
20170731,CVE-2017-11750,7.5,6.5,1047910,ImageMagick,https://www.suse.com/security/cve/CVE-2017-11750,"The ReadOneJNGImage function in coders/png.c in ImageMagick 6.9.9-4 and 7.0.6-4 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file.",Released
20170731,CVE-2017-11751,7.5,6.5,1051412,ImageMagick,https://www.suse.com/security/cve/CVE-2017-11751,"The WritePICONImage function in coders/xpm.c in ImageMagick 7.0.6-4 allows remote attackers to cause a denial of service (memory leak) via a crafted file.",Released
20170731,CVE-2017-11752,7.5,6.5,1051441,ImageMagick,https://www.suse.com/security/cve/CVE-2017-11752,"The ReadMAGICKImage function in coders/magick.c in ImageMagick 7.0.6-4 allows remote attackers to cause a denial of service (memory leak) via a crafted file.",Released
20170731,CVE-2017-11754,7.5,6.5,1051412,ImageMagick,https://www.suse.com/security/cve/CVE-2017-11754,"The WritePICONImage function in coders/xpm.c in ImageMagick 7.0.6-4 allows remote attackers to cause a denial of service (memory leak) via a crafted file that is mishandled in an OpenPixelCache call.",Released
20170731,CVE-2017-11755,7.5,6.5,1051412,ImageMagick,https://www.suse.com/security/cve/CVE-2017-11755,"The WritePICONImage function in coders/xpm.c in ImageMagick 7.0.6-4 allows remote attackers to cause a denial of service (memory leak) via a crafted file that is mishandled in an AcquireSemaphoreInfo call.",Ignore
20170801,CVE-2017-1000100,3.3,6.5,1051644,curl,https://www.suse.com/security/cve/CVE-2017-1000100,"When doing a TFTP transfer and curl/libcurl is given a URL that contains a very long file name (longer than about 515 bytes), the file name is truncated to fit within the buffer boundaries, but the buffer size is still wrongly updated to use the untruncated length. This too large value is then used in the sendto() call, making curl attempt to send more data than what is actually put into the buffer. The endto() function will then read beyond the end of the heap based buffer. A malicious HTTP(S) server could redirect a vulnerable libcurl-using client to a crafted TFTP URL (if the client hasn't restricted which protocols it allows redirects to) and trick it to send private memory contents to a remote server over UDP. Limit curl's redirect protocols with --proto-redir and libcurl's with CURLOPT_REDIR_PROTOCOLS.",Released
20170801,CVE-2017-7546,6.5,9.8,1051684,postgresql94,https://www.suse.com/security/cve/CVE-2017-7546,"PostgreSQL versions before 9.2.22, 9.3.18, 9.4.13, 9.5.8 and 9.6.4 are vulnerable to incorrect authentication flaw allowing remote attackers to gain access to database accounts with an empty password.",Released
20170801,CVE-2017-7547,5.4,8.8,1051685,postgresql94,https://www.suse.com/security/cve/CVE-2017-7547,"PostgreSQL versions before 9.2.22, 9.3.18, 9.4.13, 9.5.8 and 9.6.4 are vulnerable to authorization flaw allowing remote authenticated attackers to retrieve passwords from the user mappings defined by the foreign server owners without actually having the privileges to do so.",Released
20170802,CVE-2017-12132,,5.9,1051791,glibc,https://www.suse.com/security/cve/CVE-2017-12132,"The DNS stub resolver in the GNU C Library (aka glibc or libc6) before version 2.26, when EDNS support is enabled, will solicit large UDP responses from name servers, potentially simplifying off-path DNS spoofing attacks due to IP fragmentation.",Released
20170802,CVE-2017-12140,7.5,6.5,1051847,ImageMagick,https://www.suse.com/security/cve/CVE-2017-12140,"The ReadDCMImage function in coders\dcm.c in ImageMagick 7.0.6-1 has an integer signedness error leading to excessive memory consumption via a crafted DCM file.",Released
20170803,CVE-2017-12134,8.1,8.8,1051790,kernel-source,https://www.suse.com/security/cve/CVE-2017-12134,"The xen_biovec_phys_mergeable function in drivers/xen/biomerge.c in Xen might allow local OS guest users to corrupt block device data streams and consequently obtain sensitive memory information, cause a denial of service, or gain host OS privileges by leveraging incorrect block IO merge-ability calculation.",Unsupported
20170803,CVE-2017-12135,7.3,8.8,1051787,xen,https://www.suse.com/security/cve/CVE-2017-12135,"Xen allows local OS guest users to cause a denial of service (crash) or possibly obtain sensitive information or gain privileges via vectors involving transitive grants.",Released
20170803,CVE-2017-12137,8.1,8.8,1051788,xen,https://www.suse.com/security/cve/CVE-2017-12137,"arch/x86/mm.c in Xen allows local PV guest OS users to gain host OS privileges via vectors related to map_grant_ref.",Released
20170804,CVE-2017-1000111,7.4,7.8,1052365,kernel-source,https://www.suse.com/security/cve/CVE-2017-1000111,"Linux kernel: heap out-of-bounds in AF_PACKET sockets. This new issue is analogous to previously disclosed CVE-2016-8655. In both cases, a socket option that changes socket state may race with safety checks in packet_set_ring. Previously with PACKET_VERSION. This time with PACKET_RESERVE. The solution is similar: lock the socket for the update. This issue may be exploitable, we did not investigate further. As this issue affects PF_PACKET sockets, it requires CAP_NET_RAW in the process namespace. But note that with user namespaces enabled, any process can create a namespace in which it has CAP_NET_RAW.",Released
20170804,CVE-2017-1000112,7.4,7,1052311,kernel-source,https://www.suse.com/security/cve/CVE-2017-1000112,"Linux kernel: Exploitable memory corruption due to UFO to non-UFO path switch. When building a UFO packet with MSG_MORE __ip_append_data() calls ip_ufo_append_data() to append. However in between two send() calls, the append path can be switched from UFO to non-UFO one, which leads to a memory corruption. In case UFO packet lengths exceeds MTU, copy = maxfraglen - skb->len becomes negative on the non-UFO path and the branch to allocate new skb is taken. This triggers fragmentation and computation of fraggap = skb_prev->len - maxfraglen. Fraggap can exceed MTU, causing copy = datalen - transhdrlen - fraggap to become negative. Subsequently skb_copy_and_csum_bits() writes out-of-bounds. A similar issue is present in IPv6 code. The bug was introduced in e89e9cf539a2 (\"[IPv4/IPv6]: UFO Scatter-gather approach\") on Oct 18 2005.",Released
20170804,CVE-2017-12133,3.7,5.9,1081556,glibc,https://www.suse.com/security/cve/CVE-2017-12133,"Use-after-free vulnerability in the clntudp_call function in sunrpc/clnt_udp.c in the GNU C Library (aka glibc or libc6) before 2.26 allows remote attackers to have unspecified impact via vectors related to error path.",Released
20170804,CVE-2017-12418,3.7,7.5,1052207,ImageMagick,https://www.suse.com/security/cve/CVE-2017-12418,"ImageMagick 7.0.6-5 has memory leaks in the parse8BIMW and format8BIM functions in coders/meta.c, related to the WriteImage function in MagickCore/constitute.c.",Released
20170804,CVE-2017-12427,7.5,6.5,1052248,ImageMagick,https://www.suse.com/security/cve/CVE-2017-12427,"The ProcessMSLScript function in coders/msl.c in ImageMagick before 6.9.9-5 and 7.x before 7.0.6-5 allows remote attackers to cause a denial of service (memory leak) via a crafted file, related to the WriteMSLImage function.",Released
20170804,CVE-2017-12429,7.5,7.5,1052251,ImageMagick,https://www.suse.com/security/cve/CVE-2017-12429,"In ImageMagick 7.0.6-1, a memory exhaustion vulnerability was found in the function ReadMIFFImage in coders/miff.c, which allows attackers to cause a denial of service.",Released
20170804,CVE-2017-12430,7.5,7.5,1052251,ImageMagick,https://www.suse.com/security/cve/CVE-2017-12430,"In ImageMagick 7.0.6-1, a memory exhaustion vulnerability was found in the function ReadMPCImage in coders/mpc.c, which allows attackers to cause a denial of service.",Released
20170804,CVE-2017-12431,8.6,6.5,1052249,ImageMagick,https://www.suse.com/security/cve/CVE-2017-12431,"In ImageMagick 7.0.6-1, a use-after-free vulnerability was found in the function ReadWMFImage in coders/wmf.c, which allows attackers to cause a denial of service.",Released
20170804,CVE-2017-12432,7.5,6.5,1052254,ImageMagick,https://www.suse.com/security/cve/CVE-2017-12432,"In ImageMagick 7.0.6-1, a memory exhaustion vulnerability was found in the function ReadPCXImage in coders/pcx.c, which allows attackers to cause a denial of service.",Released
20170807,CVE-2017-12434,7.5,6.5,1052550,ImageMagick,https://www.suse.com/security/cve/CVE-2017-12434,"In ImageMagick 7.0.6-1, a missing NULL check vulnerability was found in the function ReadMATImage in coders/mat.c, which allows attackers to cause a denial of service (assertion failure) in DestroyImageInfo in image.c.",Released
20170807,CVE-2017-12435,7.5,7.5,1052553,ImageMagick,https://www.suse.com/security/cve/CVE-2017-12435,"In ImageMagick 7.0.6-1, a memory exhaustion vulnerability was found in the function ReadSUNImage in coders/sun.c, which allows attackers to cause a denial of service.",Released
20170807,CVE-2017-12448,5.9,7.8,1052518,binutils,https://www.suse.com/security/cve/CVE-2017-12448,"The bfd_cache_close function in bfd/cache.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause a heap use after free and possibly achieve code execution via a crafted nested archive file. This issue occurs because incorrect functions are called during an attempt to release memory. The issue can be addressed by better input validation in the bfd_generic_archive_p function in bfd/archive.c.",Unsupported
20170807,CVE-2017-12449,4,7.8,1052515,binutils,https://www.suse.com/security/cve/CVE-2017-12449,"The _bfd_vms_save_sized_string function in vms-misc.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap read via a crafted vms file.",Ignore
20170807,CVE-2017-12450,5.9,7.8,1052514,binutils,https://www.suse.com/security/cve/CVE-2017-12450,"The alpha_vms_object_p function in bfd/vms-alpha.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap write and possibly achieve code execution via a crafted vms alpha file.",Unsupported
20170807,CVE-2017-12451,4,7.8,1052512,binutils,https://www.suse.com/security/cve/CVE-2017-12451,"The _bfd_xcoff_read_ar_hdr function in bfd/coff-rs6000.c and bfd/coff64-rs6000.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds stack read via a crafted COFF image file.",Ignore
20170807,CVE-2017-12452,4,7.8,1052511,binutils,https://www.suse.com/security/cve/CVE-2017-12452,"The bfd_mach_o_i386_canonicalize_one_reloc function in bfd/mach-o-i386.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap read via a crafted mach-o file.",Ignore
20170807,CVE-2017-12453,4,7.8,1052509,binutils,https://www.suse.com/security/cve/CVE-2017-12453,"The _bfd_vms_slurp_eeom function in libbfd.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap read via a crafted vms alpha file.",Ignore
20170807,CVE-2017-12454,4,7.8,1052507,binutils,https://www.suse.com/security/cve/CVE-2017-12454,"The _bfd_vms_slurp_egsd function in bfd/vms-alpha.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an arbitrary memory read via a crafted vms alpha file.",Ignore
20170807,CVE-2017-12455,4,7.8,1052505,binutils,https://www.suse.com/security/cve/CVE-2017-12455,"The evax_bfd_print_emh function in vms-alpha.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap read via a crafted vms alpha file.",Ignore
20170807,CVE-2017-12456,4,7.8,1052503,binutils,https://www.suse.com/security/cve/CVE-2017-12456,"The read_symbol_stabs_debugging_info function in rddbg.c in GNU Binutils 2.29 and earlier allows remote attackers to cause an out of bounds heap read via a crafted binary file.",Ignore
20170807,CVE-2017-12457,4,7.8,1052501,binutils,https://www.suse.com/security/cve/CVE-2017-12457,"The bfd_make_section_with_flags function in section.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause a NULL dereference via a crafted file.",Ignore
20170807,CVE-2017-12458,4,7.8,1052499,binutils,https://www.suse.com/security/cve/CVE-2017-12458,"The nlm_swap_auxiliary_headers_in function in bfd/nlmcode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap read via a crafted nlm file.",Ignore
20170807,CVE-2017-12459,5.9,7.8,1052496,binutils,https://www.suse.com/security/cve/CVE-2017-12459,"The bfd_mach_o_read_symtab_strtab function in bfd/mach-o.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap write and possibly achieve code execution via a crafted mach-o file.",Unsupported
20170807,CVE-2017-12563,5.3,6.5,1052460,ImageMagick,https://www.suse.com/security/cve/CVE-2017-12563,"In ImageMagick 7.0.6-2, a memory exhaustion vulnerability was found in the function ReadPSDImage in coders/psd.c, which allows attackers to cause a denial of service.",Released
20170807,CVE-2017-12564,5.3,6.5,1052468,ImageMagick,https://www.suse.com/security/cve/CVE-2017-12564,"In ImageMagick 7.0.6-2, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allows attackers to cause a denial of service.",Released
20170807,CVE-2017-12565,5.3,6.5,1047910,ImageMagick,https://www.suse.com/security/cve/CVE-2017-12565,"In ImageMagick 7.0.6-2, a memory leak vulnerability was found in the function ReadOneJNGImage in coders/png.c, which allows attackers to cause a denial of service.",Released
20170807,CVE-2017-12566,5.3,6.5,1052472,ImageMagick,https://www.suse.com/security/cve/CVE-2017-12566,"In ImageMagick 7.0.6-2, a memory leak vulnerability was found in the function ReadMVGImage in coders/mvg.c, which allows attackers to cause a denial of service, related to the function ReadSVGImage in svg.c.",Released
20170807,CVE-2017-12587,5.3,8.8,1052450,ImageMagick,https://www.suse.com/security/cve/CVE-2017-12587,"ImageMagick 7.0.6-1 has a large loop vulnerability in the ReadPWPImage function in coders\pwp.c.",Released
20170807,CVE-2017-12596,5.3,7.8,1052522,OpenEXR,https://www.suse.com/security/cve/CVE-2017-12596,"In OpenEXR 2.2.0, a crafted image causes a heap-based buffer over-read in the hufDecode function in IlmImf/ImfHuf.cpp during exrmaketiled execution; it may result in denial of service or possibly unspecified other impact.",Released
20170807,CVE-2017-6418,5.3,5.5,1052466,clamav,https://www.suse.com/security/cve/CVE-2017-6418,"libclamav/message.c in ClamAV 0.99.2 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted e-mail message.",Released
20170807,CVE-2017-6419,8.1,7.8,1052449,clamav,https://www.suse.com/security/cve/CVE-2017-6419,"mspack/lzxd.c in libmspack 0.5alpha, as used in ClamAV 0.99.2, allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted CHM file.",Released
20170807,CVE-2017-6420,7.5,5.5,1052448,clamav,https://www.suse.com/security/cve/CVE-2017-6420,"The wwunpack function in libclamav/wwunpack.c in ClamAV 0.99.2 allows remote attackers to cause a denial of service (use-after-free) via a crafted PE file with WWPack compression.",Released
20170808,CVE-2017-12640,6.5,8.8,1052781,ImageMagick,https://www.suse.com/security/cve/CVE-2017-12640,"ImageMagick 7.0.6-1 has an out-of-bounds read vulnerability in ReadOneMNGImage in coders/png.c.",Released
20170808,CVE-2017-12641,7.5,8.8,1052777,ImageMagick,https://www.suse.com/security/cve/CVE-2017-12641,"ImageMagick 7.0.6-1 has a memory leak vulnerability in ReadOneJNGImage in coders\png.c.",Released
20170808,CVE-2017-12642,5.3,8.8,1052771,ImageMagick,https://www.suse.com/security/cve/CVE-2017-12642,"ImageMagick 7.0.6-1 has a memory leak vulnerability in ReadMPCImage in coders\mpc.c.",Released
20170808,CVE-2017-12643,7.5,6.5,1052768,ImageMagick,https://www.suse.com/security/cve/CVE-2017-12643,"ImageMagick 7.0.6-1 has a memory exhaustion vulnerability in ReadOneJNGImage in coders\png.c.",Released
20170808,CVE-2017-12644,5.3,8.8,1051847,ImageMagick,https://www.suse.com/security/cve/CVE-2017-12644,"ImageMagick 7.0.6-1 has a memory leak vulnerability in ReadDCMImage in coders\dcm.c.",Released
20170808,CVE-2017-12654,5.3,6.5,1052761,ImageMagick,https://www.suse.com/security/cve/CVE-2017-12654,"The ReadPICTImage function in coders/pict.c in ImageMagick 7.0.6-3 allows attackers to cause a denial of service (memory leak) via a crafted file.",Released
20170808,CVE-2017-12662,5.3,8.8,1052758,ImageMagick,https://www.suse.com/security/cve/CVE-2017-12662,"ImageMagick 7.0.6-2 has a memory leak vulnerability in WritePDFImage in coders/pdf.c.",Released
20170808,CVE-2017-12663,5.3,8.8,1052754,ImageMagick,https://www.suse.com/security/cve/CVE-2017-12663,"ImageMagick 7.0.6-2 has a memory leak vulnerability in WriteMAPImage in coders/map.c.",Released
20170808,CVE-2017-12664,5.3,8.8,1052750,ImageMagick,https://www.suse.com/security/cve/CVE-2017-12664,"ImageMagick 7.0.6-2 has a memory leak vulnerability in WritePALMImage in coders/palm.c.",Released
20170808,CVE-2017-12665,5.3,8.8,1052747,ImageMagick,https://www.suse.com/security/cve/CVE-2017-12665,"ImageMagick 7.0.6-2 has a memory leak vulnerability in WritePICTImage in coders/pict.c.",Released
20170808,CVE-2017-12667,5.3,8.8,1052732,ImageMagick,https://www.suse.com/security/cve/CVE-2017-12667,"ImageMagick 7.0.6-1 has a memory leak vulnerability in ReadMATImage in coders\mat.c.",Released
20170808,CVE-2017-12668,5.3,8.8,1052688,ImageMagick,https://www.suse.com/security/cve/CVE-2017-12668,"ImageMagick 7.0.6-2 has a memory leak vulnerability in WritePCXImage in coders/pcx.c.",Released
20170808,CVE-2017-12669,5.3,8.8,1052689,ImageMagick,https://www.suse.com/security/cve/CVE-2017-12669,"ImageMagick 7.0.6-2 has a memory leak vulnerability in WriteCALSImage in coders/cals.c.",Released
20170808,CVE-2017-12670,7.5,6.5,1052731,ImageMagick,https://www.suse.com/security/cve/CVE-2017-12670,"In ImageMagick 7.0.6-3, missing validation was found in coders/mat.c, leading to an assertion failure in the function DestroyImage in MagickCore/image.c, which allows attackers to cause a denial of service.",Released
20170808,CVE-2017-12671,7.5,6.5,1052721,ImageMagick,https://www.suse.com/security/cve/CVE-2017-12671,"In ImageMagick 7.0.6-3, a missing NULL assignment was found in coders/png.c, leading to an invalid free in the function RelinquishMagickMemory in MagickCore/memory.c, which allows attackers to cause a denial of service.",Released
20170808,CVE-2017-12672,5.3,6.5,1052720,ImageMagick,https://www.suse.com/security/cve/CVE-2017-12672,"In ImageMagick 7.0.6-3, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allows attackers to cause a denial of service.",Released
20170808,CVE-2017-12673,5.3,6.5,1052717,ImageMagick,https://www.suse.com/security/cve/CVE-2017-12673,"In ImageMagick 7.0.6-3, a memory leak vulnerability was found in the function ReadOneMNGImage in coders/png.c, which allows attackers to cause a denial of service.",Released
20170808,CVE-2017-12674,7.5,6.5,1052711,ImageMagick,https://www.suse.com/security/cve/CVE-2017-12674,"In ImageMagick 7.0.6-2, a CPU exhaustion vulnerability was found in the function ReadPDBImage in coders/pdb.c, which allows attackers to cause a denial of service.",Released
20170808,CVE-2017-12675,5.3,6.5,1052710,ImageMagick,https://www.suse.com/security/cve/CVE-2017-12675,"In ImageMagick 7.0.6-3, a missing check for multidimensional data was found in coders/mat.c, leading to a memory leak in the function ReadImage in MagickCore/constitute.c, which allows attackers to cause a denial of service.",Released
20170808,CVE-2017-12676,5.3,6.5,1052708,ImageMagick,https://www.suse.com/security/cve/CVE-2017-12676,"In ImageMagick 7.0.6-3, a memory leak vulnerability was found in the function ReadOneJNGImage in coders/png.c, which allows attackers to cause a denial of service.",Released
20170808,CVE-2017-9614,,8.8,1050231,kernel-source,https://www.suse.com/security/cve/CVE-2017-9614,"** DISPUTED ** The fill_input_buffer function in jdatasrc.c in libjpeg-turbo 1.5.1 allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly have unspecified other impact via a crafted jpg file. NOTE: Maintainer asserts the issue is due to a bug in downstream code caused by misuse of the libjpeg API.",Released
20170810,CVE-2017-10661,7.4,7,1053152,kernel-source,https://www.suse.com/security/cve/CVE-2017-10661,"Race condition in fs/timerfd.c in the Linux kernel before 4.10.15 allows local users to gain privileges or cause a denial of service (list corruption or use-after-free) via simultaneous file-descriptor operations that leverage improper might_cancel queueing.",Released
20170810,CVE-2017-10662,,7.8,1053154,kernel-source,https://www.suse.com/security/cve/CVE-2017-10662,"The sanity_check_raw_super function in fs/f2fs/super.c in the Linux kernel before 4.11.1 does not validate the segment count, which allows local users to gain privileges via unspecified vectors.",Analysis
20170810,CVE-2017-10663,,7.8,1053155,kernel-source,https://www.suse.com/security/cve/CVE-2017-10663,"The sanity_check_ckpt function in fs/f2fs/super.c in the Linux kernel before 4.12.4 does not validate the blkoff and segno arrays, which allows local users to gain privileges via unspecified vectors.",Analysis
20170810,CVE-2017-12762,7.8,9.8,1053148,kernel-source,https://www.suse.com/security/cve/CVE-2017-12762,"In /drivers/isdn/i4l/isdn_net.c: A user-controlled buffer is copied into a local buffer of constant size using strcpy without a length check which can cause a buffer overflow. This affects the Linux kernel 4.9-stable tree, 4.12-stable tree, 3.18-stable tree, and 4.4-stable tree.",Released
20170810,CVE-2017-7548,8.1,7.5,1053259,postgresql94,https://www.suse.com/security/cve/CVE-2017-7548,"PostgreSQL versions before 9.4.13, 9.5.8 and 9.6.4 are vulnerable to authorization flaw allowing remote authenticated attackers with no privileges on a large object to overwrite the entire contents of the object, resulting in a denial of service.",Released
20170811,CVE-2017-11695,7.8,7.8,1053418,mozilla-nss,https://www.suse.com/security/cve/CVE-2017-11695,"Heap-based buffer overflow in the alloc_segs function in lib/dbm/src/hash.c in Mozilla Network Security Services (NSS) allows context-dependent attackers to have unspecified impact using a crafted cert8.db file.",Already fixed
20170811,CVE-2017-11696,5.5,7.8,1053418,mozilla-nss,https://www.suse.com/security/cve/CVE-2017-11696,"Heap-based buffer overflow in the __hash_open function in lib/dbm/src/hash.c in Mozilla Network Security Services (NSS) allows context-dependent attackers to have unspecified impact using a crafted cert8.db file.",Already fixed
20170811,CVE-2017-11698,4.2,7.8,1053418,mozilla-nss,https://www.suse.com/security/cve/CVE-2017-11698,"Heap-based buffer overflow in the __get_page function in lib/dbm/src/h_page.c in Mozilla Network Security Services (NSS) allows context-dependent attackers to have unspecified impact using a crafted cert8.db file.",Already fixed
20170811,CVE-2017-12799,4.4,7.8,1053347,binutils,https://www.suse.com/security/cve/CVE-2017-12799,"The elf_read_notesfunction in bfd/elf.c in GNU Binutils 2.29 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file.",Unsupported
20170812,CVE-2017-12836,5,7.5,1052481,cvs,https://www.suse.com/security/cve/CVE-2017-12836,"CVS 1.12.x, when configured to use SSH for remote repositories, might allow remote attackers to execute arbitrary code via a repository URL with a crafted hostname, as demonstrated by \"-oProxyCommand=id;localhost:/bar.\"",Released
20170814,CVE-2014-8183,7.4,7.4,1053752,puppet,https://www.suse.com/security/cve/CVE-2014-8183,"It was found that foreman, versions 1.x.x before 1.15.6, in Satellite 6 did not properly enforce access controls on certain resources. An attacker with access to the API and knowledge of the resource name can access resources in other organizations.",Released
20170814,CVE-2014-9900,4,,1053751,kernel-source,https://www.suse.com/security/cve/CVE-2014-9900,"The ethtool_get_wol function in net/core/ethtool.c in the Linux kernel through 4.7, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does not initialize a certain data structure, which allows local users to obtain sensitive information via a crafted application, aka Android internal bug 28803952 and Qualcomm internal bug CR570754.",Ignore
20170814,CVE-2017-10140,5.1,7.8,1043886,libdb-4_5,https://www.suse.com/security/cve/CVE-2017-10140,"Postfix before 2.11.10, 3.0.x before 3.0.10, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 might allow local users to gain privileges by leveraging undocumented functionality in Berkeley DB 2.x and later, related to reading settings from DB_CONFIG in the current directory.",Released
20170815,CVE-2017-12855,,6.5,1052686,xen,https://www.suse.com/security/cve/CVE-2017-12855,"Xen maintains the _GTF_{read,writ}ing bits as appropriate, to inform the guest that a grant is in use. A guest is expected not to modify the grant details while it is in use, whereas the guest is free to modify/reuse the grant entry when it is not in use. Under some circumstances, Xen will clear the status bits too early, incorrectly informing the guest that the grant is no longer in use. A guest may prematurely believe that a granted frame is safely private again, and reuse it in a way which contains sensitive information, while the domain on the far end of the grant is still using the grant. Xen 4.9, 4.8, 4.7, 4.6, and 4.5 are affected.",Released
20170817,CVE-2017-12847,5.5,6.3,1054163,nagios,https://www.suse.com/security/cve/CVE-2017-12847,"Nagios Core before 4.3.3 creates a nagios.lock PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for nagios.lock modification before a root script executes a \"kill `cat /pathname/nagios.lock`\" command.",Released
20170817,CVE-2017-7555,6.3,9.8,1054171,augeas,https://www.suse.com/security/cve/CVE-2017-7555,"Augeas versions up to and including 1.8.0 are vulnerable to heap-based buffer overflow due to improper handling of escaped strings. Attacker could send crafted strings that would cause the application using augeas to copy past the end of a buffer, leading to a crash or possible code execution.",Released
20170818,CVE-2017-12933,4.8,9.8,1054430,php53,https://www.suse.com/security/cve/CVE-2017-12933,"The finish_nested_data function in ext/standard/var_unserializer.re in PHP before 5.6.31, 7.0.x before 7.0.21, and 7.1.x before 7.1.7 is prone to a buffer over-read while unserializing untrusted data. Exploitation of this issue can have an unspecified impact on the integrity of PHP.",Released
20170818,CVE-2017-12938,6.5,7.5,1054038,unrar,https://www.suse.com/security/cve/CVE-2017-12938,"UnRAR before 5.5.7 allows remote attackers to bypass a directory-traversal protection mechanism via vectors involving a symlink to the . directory, a symlink to the .. directory, and a regular file.",Released
20170818,CVE-2017-12940,5.3,9.8,1054038,unrar,https://www.suse.com/security/cve/CVE-2017-12940,"libunrar.a in UnRAR before 5.5.7 has an out-of-bounds read in the EncodeFileName::Decode call within the Archive::ReadHeader15 function.",Released
20170818,CVE-2017-12941,5.3,9.8,1054038,unrar,https://www.suse.com/security/cve/CVE-2017-12941,"libunrar.a in UnRAR before 5.5.7 has an out-of-bounds read in the Unpack::Unpack20 function.",Released
20170818,CVE-2017-12942,5.6,9.8,1054038,ImageMagick,https://www.suse.com/security/cve/CVE-2017-12942,"libunrar.a in UnRAR before 5.5.7 has a buffer overflow in the Unpack::LongLZ function.",Released
20170818,CVE-2017-12942,5.6,9.8,1054038,unrar,https://www.suse.com/security/cve/CVE-2017-12942,"libunrar.a in UnRAR before 5.5.7 has a buffer overflow in the Unpack::LongLZ function.",Released
20170819,CVE-2017-12935,5.3,8.8,1054598,ImageMagick,https://www.suse.com/security/cve/CVE-2017-12935,"The ReadMNGImage function in coders/png.c in GraphicsMagick 1.3.26 mishandles large MNG images, leading to an invalid memory read in the SetImageColorCallBack function in magick/image.c.",Released
20170819,CVE-2017-12936,5.3,8.8,1054598,ImageMagick,https://www.suse.com/security/cve/CVE-2017-12936,"The ReadWMFImage function in coders/wmf.c in GraphicsMagick 1.3.26 has a use-after-free issue for data associated with exception reporting.",Affected
20170819,CVE-2017-12937,6.5,8.8,1054596,ImageMagick,https://www.suse.com/security/cve/CVE-2017-12937,"The ReadSUNImage function in coders/sun.c in GraphicsMagick 1.3.26 has a colormap heap-based buffer over-read.",Affected
20170820,CVE-2017-12955,,8.8,1054593,exiv2,https://www.suse.com/security/cve/CVE-2017-12955,"There is a heap-based buffer overflow in basicio.cpp of Exiv2 0.26. The vulnerability causes an out-of-bounds write in Exiv2::Image::printIFDStructure(), which may lead to remote denial of service or possibly unspecified other impact.",Ignore
20170821,CVE-2017-12967,5.3,6.5,1054665,binutils,https://www.suse.com/security/cve/CVE-2017-12967,"The getsym function in tekhex.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a malformed tekhex binary.",Unsupported
20170821,CVE-2017-12983,7.5,8.8,1054757,ImageMagick,https://www.suse.com/security/cve/CVE-2017-12983,"Heap-based buffer overflow in the ReadSFWImage function in coders/sfw.c in ImageMagick 7.0.6-8 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file.",Released
20170822,CVE-2017-13058,5.3,6.5,1055069,ImageMagick,https://www.suse.com/security/cve/CVE-2017-13058,"In ImageMagick 7.0.6-6, a memory leak vulnerability was found in the function WritePCXImage in coders/pcx.c, which allows attackers to cause a denial of service via a crafted file.",Released
20170822,CVE-2017-13060,5.3,6.5,1055065,ImageMagick,https://www.suse.com/security/cve/CVE-2017-13060,"In ImageMagick 7.0.6-5, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allows attackers to cause a denial of service via a crafted file.",Released
20170822,CVE-2017-13061,5.3,6.5,1055063,ImageMagick,https://www.suse.com/security/cve/CVE-2017-13061,"In ImageMagick 7.0.6-5, a length-validation vulnerability was found in the function ReadPSDLayersInternal in coders/psd.c, which allows attackers to cause a denial of service (ReadPSDImage memory exhaustion) via a crafted file.",Released
20170822,CVE-2017-13062,5.3,6.5,1055053,ImageMagick,https://www.suse.com/security/cve/CVE-2017-13062,"In ImageMagick 7.0.6-6, a memory leak vulnerability was found in the function formatIPTC in coders/meta.c, which allows attackers to cause a denial of service (WriteMETAImage memory consumption) via a crafted file.",Released
20170822,CVE-2017-13063,9.8,6.5,1054598,ImageMagick,https://www.suse.com/security/cve/CVE-2017-13063,"GraphicsMagick 1.3.26 has a heap-based buffer overflow vulnerability in the function GetStyleTokens in coders/svg.c:314:12.",Affected
20170822,CVE-2017-13064,9.8,6.5,1054598,ImageMagick,https://www.suse.com/security/cve/CVE-2017-13064,"GraphicsMagick 1.3.26 has a heap-based buffer overflow vulnerability in the function GetStyleTokens in coders/svg.c:311:12.",Affected
20170822,CVE-2017-13065,5.3,6.5,1054598,ImageMagick,https://www.suse.com/security/cve/CVE-2017-13065,"GraphicsMagick 1.3.26 has a NULL pointer dereference vulnerability in the function SVGStartElement in coders/svg.c.",Affected
20170822,CVE-2017-13066,5.3,6.5,1036988,ImageMagick,https://www.suse.com/security/cve/CVE-2017-13066,"GraphicsMagick 1.3.26 has a memory leak vulnerability in the function CloneImage in magick/image.c.",Affected
20170822,CVE-2017-1376,8.8,9.8,1053431,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2017-1376,"A flaw in the IBM J9 VM class verifier allows untrusted code to disable the security manager and elevate its privileges. IBM X-Force ID: 126873.",Released
20170823,CVE-2017-13131,4.3,6.5,1055229,ImageMagick,https://www.suse.com/security/cve/CVE-2017-13131,"In ImageMagick 7.0.6-8, a memory leak vulnerability was found in the function ReadMIFFImage in coders/miff.c, which allows attackers to cause a denial of service (memory consumption in NewLinkedList in MagickCore/linked-list.c) via a crafted file.",Released
20170823,CVE-2017-13133,6.5,6.5,1055219,ImageMagick,https://www.suse.com/security/cve/CVE-2017-13133,"In ImageMagick 7.0.6-8, the load_level function in coders/xcf.c lacks offset validation, which allows attackers to cause a denial of service (load_tile memory exhaustion) via a crafted file.",Released
20170823,CVE-2017-13134,4.3,6.5,1055214,ImageMagick,https://www.suse.com/security/cve/CVE-2017-13134,"In ImageMagick 7.0.6-6 and GraphicsMagick 1.3.26, a heap-based buffer over-read was found in the function SFWScan in coders/sfw.c, which allows attackers to cause a denial of service via a crafted file.",Released
20170823,CVE-2017-13146,5.3,8.8,1055323,ImageMagick,https://www.suse.com/security/cve/CVE-2017-13146,"In ImageMagick before 6.9.8-5 and 7.x before 7.0.5-6, there is a memory leak in the ReadMATImage function in coders/mat.c.",Released
20170823,CVE-2017-13147,5.3,8.8,1055374,ImageMagick,https://www.suse.com/security/cve/CVE-2017-13147,"In GraphicsMagick 1.3.26, an allocation failure vulnerability was found in the function ReadMNGImage in coders/png.c when a small MNG file has a MEND chunk with a large length value.",Released
20170823,CVE-2017-7558,,5.1,1053919,kernel-source,https://www.suse.com/security/cve/CVE-2017-7558,"A kernel data leak due to an out-of-bound read was found in the Linux kernel in inet_diag_msg_sctp{,l}addr_fill() and sctp_get_sctp_info() functions present since version 4.7-rc1 through version 4.13. A data leak happens when these functions fill in sockaddr data structures used to export socket's diagnostic information. As a result, up to 100 bytes of the slab data could be leaked to a userspace.",Analysis
20170824,CVE-2017-13139,7.5,9.8,1055430,ImageMagick,https://www.suse.com/security/cve/CVE-2017-13139,"In ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1, the ReadOneMNGImage function in coders/png.c has an out-of-bounds read with the MNG CLIP chunk.",Released
20170824,CVE-2017-13141,5.3,6.5,1055456,ImageMagick,https://www.suse.com/security/cve/CVE-2017-13141,"In ImageMagick before 6.9.9-4 and 7.x before 7.0.6-4, a crafted file could trigger a memory leak in ReadOnePNGImage in coders/png.c.",Released
20170824,CVE-2017-13142,5.3,6.5,1055455,ImageMagick,https://www.suse.com/security/cve/CVE-2017-13142,"In ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1, a crafted PNG file could trigger a crash because there was an insufficient check for short files.",Released
20170824,CVE-2017-13143,5.3,7.5,1017326,ImageMagick,https://www.suse.com/security/cve/CVE-2017-13143,"In ImageMagick before 6.9.7-6 and 7.x before 7.0.4-6, the ReadMATImage function in coders/mat.c uses uninitialized data, which might allow remote attackers to obtain sensitive information from process memory.",Already fixed
20170824,CVE-2017-13648,5.3,6.5,1054598,ImageMagick,https://www.suse.com/security/cve/CVE-2017-13648,"In GraphicsMagick 1.3.26, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c.",Released
20170825,CVE-2017-13686,,7.8,1053919,kernel-source,https://www.suse.com/security/cve/CVE-2017-13686,"net/ipv4/route.c in the Linux kernel 4.13-rc1 through 4.13-rc6 is too late to check for a NULL fi field when RTM_F_FIB_MATCH is set, which allows local users to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via crafted system calls. NOTE: this does not affect any stable release.",Analysis
20170825,CVE-2017-13695,4,5.5,1055710,kernel-bigmem,https://www.suse.com/security/cve/CVE-2017-13695,"The acpi_ns_evaluate() function in drivers/acpi/acpica/nseval.c in the Linux kernel through 4.12.9 does not flush the operand cache and causes a kernel stack dump, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism (in the kernel through 4.9) via a crafted ACPI table.",Released
20170825,CVE-2017-13695,4,5.5,1055710,kernel-default,https://www.suse.com/security/cve/CVE-2017-13695,"The acpi_ns_evaluate() function in drivers/acpi/acpica/nseval.c in the Linux kernel through 4.12.9 does not flush the operand cache and causes a kernel stack dump, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism (in the kernel through 4.9) via a crafted ACPI table.",Released
20170825,CVE-2017-13695,4,5.5,1055710,kernel-ec2,https://www.suse.com/security/cve/CVE-2017-13695,"The acpi_ns_evaluate() function in drivers/acpi/acpica/nseval.c in the Linux kernel through 4.12.9 does not flush the operand cache and causes a kernel stack dump, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism (in the kernel through 4.9) via a crafted ACPI table.",Released
20170825,CVE-2017-13695,4,5.5,1055710,kernel-pae,https://www.suse.com/security/cve/CVE-2017-13695,"The acpi_ns_evaluate() function in drivers/acpi/acpica/nseval.c in the Linux kernel through 4.12.9 does not flush the operand cache and causes a kernel stack dump, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism (in the kernel through 4.9) via a crafted ACPI table.",Released
20170825,CVE-2017-13695,4,5.5,1055710,kernel-ppc64,https://www.suse.com/security/cve/CVE-2017-13695,"The acpi_ns_evaluate() function in drivers/acpi/acpica/nseval.c in the Linux kernel through 4.12.9 does not flush the operand cache and causes a kernel stack dump, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism (in the kernel through 4.9) via a crafted ACPI table.",Released
20170825,CVE-2017-13695,4,5.5,1055710,kernel-source,https://www.suse.com/security/cve/CVE-2017-13695,"The acpi_ns_evaluate() function in drivers/acpi/acpica/nseval.c in the Linux kernel through 4.12.9 does not flush the operand cache and causes a kernel stack dump, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism (in the kernel through 4.9) via a crafted ACPI table.",Released
20170825,CVE-2017-13695,4,5.5,1055710,kernel-syms,https://www.suse.com/security/cve/CVE-2017-13695,"The acpi_ns_evaluate() function in drivers/acpi/acpica/nseval.c in the Linux kernel through 4.12.9 does not flush the operand cache and causes a kernel stack dump, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism (in the kernel through 4.9) via a crafted ACPI table.",Released
20170825,CVE-2017-13695,4,5.5,1055710,kernel-trace,https://www.suse.com/security/cve/CVE-2017-13695,"The acpi_ns_evaluate() function in drivers/acpi/acpica/nseval.c in the Linux kernel through 4.12.9 does not flush the operand cache and causes a kernel stack dump, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism (in the kernel through 4.9) via a crafted ACPI table.",Released
20170825,CVE-2017-13695,4,5.5,1055710,kernel-xen,https://www.suse.com/security/cve/CVE-2017-13695,"The acpi_ns_evaluate() function in drivers/acpi/acpica/nseval.c in the Linux kernel through 4.12.9 does not flush the operand cache and causes a kernel stack dump, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism (in the kernel through 4.9) via a crafted ACPI table.",Released
20170828,CVE-2017-13658,5.3,6.5,1055855,ImageMagick,https://www.suse.com/security/cve/CVE-2017-13658,"In ImageMagick before 6.9.9-3 and 7.x before 7.0.6-3, there is a missing NULL check in the ReadMATImage function in coders/mat.c, leading to a denial of service (assertion failure and application exit) in the DestroyImageInfo function in MagickCore/image.c.",Released
20170828,CVE-2017-13710,4,7.5,1055864,binutils,https://www.suse.com/security/cve/CVE-2017-13710,"The setup_group function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a group section that is too small.",Ignore
20170829,CVE-2017-13077,8.1,6.8,1056061,kernel-source,https://www.suse.com/security/cve/CVE-2017-13077,"Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Pairwise Transient Key (PTK) Temporal Key (TK) during the four-way handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames.",Released
20170829,CVE-2017-13077,8.1,6.8,1056061,wpa_supplicant,https://www.suse.com/security/cve/CVE-2017-13077,"Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Pairwise Transient Key (PTK) Temporal Key (TK) during the four-way handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames.",Released
20170829,CVE-2017-13078,8.1,5.3,1056061,kernel-source,https://www.suse.com/security/cve/CVE-2017-13078,"Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during the four-way handshake, allowing an attacker within radio range to replay frames from access points to clients.",Released
20170829,CVE-2017-13078,8.1,5.3,1056061,wpa_supplicant,https://www.suse.com/security/cve/CVE-2017-13078,"Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during the four-way handshake, allowing an attacker within radio range to replay frames from access points to clients.",Released
20170829,CVE-2017-13079,8.1,5.3,1056061,kernel-source,https://www.suse.com/security/cve/CVE-2017-13079,"Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the Integrity Group Temporal Key (IGTK) during the four-way handshake, allowing an attacker within radio range to spoof frames from access points to clients.",Released
20170829,CVE-2017-13079,8.1,5.3,1056061,wpa_supplicant,https://www.suse.com/security/cve/CVE-2017-13079,"Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the Integrity Group Temporal Key (IGTK) during the four-way handshake, allowing an attacker within radio range to spoof frames from access points to clients.",Released
20170829,CVE-2017-13080,8.1,5.3,1056061,kernel-source,https://www.suse.com/security/cve/CVE-2017-13080,"Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during the group key handshake, allowing an attacker within radio range to replay frames from access points to clients.",Released
20170829,CVE-2017-13080,8.1,5.3,1056061,wpa_supplicant,https://www.suse.com/security/cve/CVE-2017-13080,"Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during the group key handshake, allowing an attacker within radio range to replay frames from access points to clients.",Released
20170829,CVE-2017-13081,8.1,5.3,1056061,kernel-source,https://www.suse.com/security/cve/CVE-2017-13081,"Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the Integrity Group Temporal Key (IGTK) during the group key handshake, allowing an attacker within radio range to spoof frames from access points to clients.",Released
20170829,CVE-2017-13081,8.1,5.3,1056061,wpa_supplicant,https://www.suse.com/security/cve/CVE-2017-13081,"Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the Integrity Group Temporal Key (IGTK) during the group key handshake, allowing an attacker within radio range to spoof frames from access points to clients.",Released
20170829,CVE-2017-13082,8.1,8.1,1056061,kernel-source,https://www.suse.com/security/cve/CVE-2017-13082,"Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11r allows reinstallation of the Pairwise Transient Key (PTK) Temporal Key (TK) during the fast BSS transmission (FT) handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames.",Released
20170829,CVE-2017-13082,8.1,8.1,1056061,wpa_supplicant,https://www.suse.com/security/cve/CVE-2017-13082,"Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11r allows reinstallation of the Pairwise Transient Key (PTK) Temporal Key (TK) during the fast BSS transmission (FT) handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames.",Released
20170829,CVE-2017-13716,5.3,5.5,1056044,binutils,https://www.suse.com/security/cve/CVE-2017-13716,"The C++ symbol demangler routine in cplus-dem.c in libiberty, as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted file, as demonstrated by a call from the Binary File Descriptor (BFD) library (aka libbfd).",Ignore
20170829,CVE-2017-13720,3.3,7.1,1054285,xorg-x11-libs,https://www.suse.com/security/cve/CVE-2017-13720,"In the PatternMatch function in fontfile/fontdir.c in libXfont through 1.5.2 and 2.x before 2.0.2, an attacker with access to an X connection can cause a buffer over-read during pattern matching of fonts, leading to information disclosure or a crash (denial of service). This occurs because '\0' characters are incorrectly skipped in situations involving ? characters.",Released
20170829,CVE-2017-13722,4.4,7.1,1049692,xorg-x11-libs,https://www.suse.com/security/cve/CVE-2017-13722,"In the pcfGetProperties function in bitmap/pcfread.c in libXfont through 1.5.2 and 2.x before 2.0.2, a missing boundary check (for PCF files) could be used by local attackers authenticated to an Xserver for a buffer over-read, for information disclosure or a crash of the X server.",Released
20170829,CVE-2017-13723,4.7,7.8,1051150,xorg-x11-server,https://www.suse.com/security/cve/CVE-2017-13723,"In X.Org Server (aka xserver and xorg-server) before 1.19.4, a local attacker authenticated to the X server could overflow a global buffer, causing crashes of the X server or potentially other problems by injecting large or malformed XKB related atoms and accessing them via xkbcomp.",Released
20170829,CVE-2017-13728,5.3,7.5,1056136,ncurses,https://www.suse.com/security/cve/CVE-2017-13728,"There is an infinite loop in the next_char function in comp_scan.c in ncurses 6.0, related to libtic. A crafted input will lead to a remote denial of service attack.",Released
20170829,CVE-2017-13729,5.3,6.5,1056132,ncurses,https://www.suse.com/security/cve/CVE-2017-13729,"There is an illegal address access in the _nc_save_str function in alloc_entry.c in ncurses 6.0. It will lead to a remote denial of service attack.",Released
20170829,CVE-2017-13730,5.3,6.5,1056131,ncurses,https://www.suse.com/security/cve/CVE-2017-13730,"There is an illegal address access in the function _nc_read_entry_source() in progs/tic.c in ncurses 6.0 that might lead to a remote denial of service attack.",Released
20170829,CVE-2017-13731,5.3,6.5,1056129,ncurses,https://www.suse.com/security/cve/CVE-2017-13731,"There is an illegal address access in the function postprocess_termcap() in parse_entry.c in ncurses 6.0 that will lead to a remote denial of service attack.",Released
20170829,CVE-2017-13732,5.3,6.5,1056128,ncurses,https://www.suse.com/security/cve/CVE-2017-13732,"There is an illegal address access in the function dump_uses() in progs/dump_entry.c in ncurses 6.0 that might lead to a remote denial of service attack.",Released
20170829,CVE-2017-13733,5.3,6.5,1056127,ncurses,https://www.suse.com/security/cve/CVE-2017-13733,"There is an illegal address access in the fmt_entry function in progs/dump_entry.c in ncurses 6.0 that might lead to a remote denial of service attack.",Released
20170829,CVE-2017-13734,5.3,6.5,1056126,ncurses,https://www.suse.com/security/cve/CVE-2017-13734,"There is an illegal address access in the _nc_safe_strcat function in strings.c in ncurses 6.0 that will lead to a remote denial of service attack.",Released
20170829,CVE-2017-13738,5.3,8.8,1056105,liblouis,https://www.suse.com/security/cve/CVE-2017-13738,"There is an illegal address access in the _lou_getALine function in compileTranslationTable.c:346 in Liblouis 3.2.0.",Released
20170829,CVE-2017-13739,5.3,8.8,1056101,liblouis,https://www.suse.com/security/cve/CVE-2017-13739,"There is a heap-based buffer overflow that causes a more than two thousand bytes out-of-bounds write in Liblouis 3.2.0, triggered in the function resolveSubtable() in compileTranslationTable.c. It will lead to denial of service or remote code execution.",Released
20170829,CVE-2017-13740,5.3,8.8,1056097,liblouis,https://www.suse.com/security/cve/CVE-2017-13740,"There is a stack-based buffer overflow in Liblouis 3.2.0, triggered in the function parseChars() in compileTranslationTable.c, that will lead to denial of service or possibly unspecified other impact.",Released
20170829,CVE-2017-13741,5.3,6.5,1056095,liblouis,https://www.suse.com/security/cve/CVE-2017-13741,"There is a use-after-free in the function compileBrailleIndicator() in compileTranslationTable.c in Liblouis 3.2.0 that will lead to a remote denial of service attack.",Released
20170829,CVE-2017-13742,5.3,6.5,1056093,liblouis,https://www.suse.com/security/cve/CVE-2017-13742,"There is a stack-based buffer overflow in Liblouis 3.2.0, triggered in the function includeFile() in compileTranslationTable.c, that will lead to a remote denial of service attack.",Released
20170829,CVE-2017-13743,5.3,6.5,1056090,liblouis,https://www.suse.com/security/cve/CVE-2017-13743,"There is a buffer overflow in Liblouis 3.2.0, triggered in the function _lou_showString() in utils.c, that will lead to a remote denial of service attack.",Released
20170829,CVE-2017-13744,5.3,6.5,1056088,liblouis,https://www.suse.com/security/cve/CVE-2017-13744,"There is an illegal address access in the function _lou_getALine() in compileTranslationTable.c:343 in Liblouis 3.2.0.",Released
20170830,CVE-2017-13672,3,5.5,1056334,kvm,https://www.suse.com/security/cve/CVE-2017-13672,"QEMU (aka Quick Emulator), when built with the VGA display emulator support, allows local guest OS privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) via vectors involving display update.",Released
20170830,CVE-2017-13672,3,5.5,1056334,xen,https://www.suse.com/security/cve/CVE-2017-13672,"QEMU (aka Quick Emulator), when built with the VGA display emulator support, allows local guest OS privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) via vectors involving display update.",Released
20170830,CVE-2017-13711,4,7.5,1056291,xen,https://www.suse.com/security/cve/CVE-2017-13711,"Use-after-free vulnerability in the sofree function in slirp/socket.c in QEMU (aka Quick Emulator) allows attackers to cause a denial of service (QEMU instance crash) by leveraging failure to properly clear ifq_so from pending packets.",Ignore
20170830,CVE-2017-13757,5.3,5.5,1056312,binutils,https://www.suse.com/security/cve/CVE-2017-13757,"The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, does not validate the PLT section size, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file, related to elf_i386_get_synthetic_symtab in elf32-i386.c and elf_x86_64_get_synthetic_symtab in elf64-x86-64.c.",Ignore
20170830,CVE-2017-13758,9.8,6.5,1056277,ImageMagick,https://www.suse.com/security/cve/CVE-2017-13758,"In ImageMagick 7.0.6-10, there is a heap-based buffer overflow in the TracePoint() function in MagickCore/draw.c.",Released
20170830,CVE-2017-13765,,7.5,1056251,libsmi,https://www.suse.com/security/cve/CVE-2017-13765,"In Wireshark 2.4.0, 2.2.0 to 2.2.8, and 2.0.0 to 2.0.14, the IrCOMM dissector has a buffer over-read and application crash. This was addressed in plugins/irda/packet-ircomm.c by adding length validation.",Released
20170830,CVE-2017-13765,,7.5,1056251,portaudio,https://www.suse.com/security/cve/CVE-2017-13765,"In Wireshark 2.4.0, 2.2.0 to 2.2.8, and 2.0.0 to 2.0.14, the IrCOMM dissector has a buffer over-read and application crash. This was addressed in plugins/irda/packet-ircomm.c by adding length validation.",Released
20170830,CVE-2017-13765,,7.5,1056251,wireshark,https://www.suse.com/security/cve/CVE-2017-13765,"In Wireshark 2.4.0, 2.2.0 to 2.2.8, and 2.0.0 to 2.0.14, the IrCOMM dissector has a buffer over-read and application crash. This was addressed in plugins/irda/packet-ircomm.c by adding length validation.",Released
20170830,CVE-2017-13766,,7.5,1056249,libsmi,https://www.suse.com/security/cve/CVE-2017-13766,"In Wireshark 2.4.0 and 2.2.0 to 2.2.8, the Profinet I/O dissector could crash with an out-of-bounds write. This was addressed in plugins/profinet/packet-dcerpc-pn-io.c by adding string validation.",Released
20170830,CVE-2017-13766,,7.5,1056249,portaudio,https://www.suse.com/security/cve/CVE-2017-13766,"In Wireshark 2.4.0 and 2.2.0 to 2.2.8, the Profinet I/O dissector could crash with an out-of-bounds write. This was addressed in plugins/profinet/packet-dcerpc-pn-io.c by adding string validation.",Released
20170830,CVE-2017-13766,,7.5,1056249,wireshark,https://www.suse.com/security/cve/CVE-2017-13766,"In Wireshark 2.4.0 and 2.2.0 to 2.2.8, the Profinet I/O dissector could crash with an out-of-bounds write. This was addressed in plugins/profinet/packet-dcerpc-pn-io.c by adding string validation.",Released
20170830,CVE-2017-13767,,7.5,1056248,libsmi,https://www.suse.com/security/cve/CVE-2017-13767,"In Wireshark 2.4.0, 2.2.0 to 2.2.8, and 2.0.0 to 2.0.14, the MSDP dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-msdp.c by adding length validation.",Released
20170830,CVE-2017-13767,,7.5,1056248,portaudio,https://www.suse.com/security/cve/CVE-2017-13767,"In Wireshark 2.4.0, 2.2.0 to 2.2.8, and 2.0.0 to 2.0.14, the MSDP dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-msdp.c by adding length validation.",Released
20170830,CVE-2017-13767,,7.5,1056248,wireshark,https://www.suse.com/security/cve/CVE-2017-13767,"In Wireshark 2.4.0, 2.2.0 to 2.2.8, and 2.0.0 to 2.0.14, the MSDP dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-msdp.c by adding length validation.",Released
20170830,CVE-2017-13768,7.5,6.5,1056434,ImageMagick,https://www.suse.com/security/cve/CVE-2017-13768,"Null Pointer Dereference in the IdentifyImage function in MagickCore/identify.c in ImageMagick through 7.0.6-10 allows an attacker to perform denial of service by sending a crafted image file.",Released
20170830,CVE-2017-13769,5.3,6.5,1056432,ImageMagick,https://www.suse.com/security/cve/CVE-2017-13769,"The WriteTHUMBNAILImage function in coders/thumbnail.c in ImageMagick through 7.0.6-10 allows an attacker to cause a denial of service (buffer over-read) by sending a crafted JPEG file.",Released
20170830,CVE-2017-13776,5.3,6.5,1056429,ImageMagick,https://www.suse.com/security/cve/CVE-2017-13776,"GraphicsMagick 1.3.26 has a denial of service issue in ReadXBMImage() in a coders/xbm.c \"Read hex image data\" version!=10 case that results in the reader not returning; it would cause large amounts of CPU and memory consumption although the crafted file itself does not request it.",Affected
20170830,CVE-2017-13777,5.3,6.5,1056426,ImageMagick,https://www.suse.com/security/cve/CVE-2017-13777,"GraphicsMagick 1.3.26 has a denial of service issue in ReadXBMImage() in a coders/xbm.c \"Read hex image data\" version==10 case that results in the reader not returning; it would cause large amounts of CPU and memory consumption although the crafted file itself does not request it.",Affected
20170831,CVE-2017-14042,5.3,6.5,1054598,ImageMagick,https://www.suse.com/security/cve/CVE-2017-14042,"A memory allocation failure was discovered in the ReadPNMImage function in coders/pnm.c in GraphicsMagick 1.3.26. The vulnerability causes a big memory allocation, which may lead to remote denial of service in the MagickRealloc function in magick/memory.c.",Released
20170831,CVE-2017-14051,6.4,4.4,1056588,kernel-source,https://www.suse.com/security/cve/CVE-2017-14051,"An integer overflow in the qla2x00_sysfs_write_optrom_ctl function in drivers/scsi/qla2xxx/qla_attr.c in the Linux kernel through 4.12.10 allows local users to cause a denial of service (memory corruption and system crash) by leveraging root access.",Released
20170901,CVE-2017-14062,5.4,9.8,1056450,libidn,https://www.suse.com/security/cve/CVE-2017-14062,"Integer overflow in the decode_digit function in puny_decode.c in Libidn2 before 2.0.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact.",Released
20170904,CVE-2017-11462,5.3,9.8,1056995,krb5,https://www.suse.com/security/cve/CVE-2017-11462,"Double free vulnerability in MIT Kerberos 5 (aka krb5) allows attackers to have unspecified impact via vectors involving automatic deletion of security contexts on error.",Released
20170904,CVE-2017-14103,5.3,8.8,1057000,ImageMagick,https://www.suse.com/security/cve/CVE-2017-14103,"The ReadJNGImage and ReadOneJNGImage functions in coders/png.c in GraphicsMagick 1.3.26 do not properly manage image pointers after certain error conditions, which allows remote attackers to conduct use-after-free attacks via a crafted file, related to a ReadMNGImage out-of-order CloseBlob call. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-11403.",Released
20170904,CVE-2017-14106,5.5,5.5,1056982,kernel-source,https://www.suse.com/security/cve/CVE-2017-14106,"The tcp_disconnect function in net/ipv4/tcp.c in the Linux kernel before 4.12 allows local users to cause a denial of service (__tcp_select_window divide-by-zero error and system crash) by triggering a disconnect within a certain tcp_recvmsg code path.",Released
20170904,CVE-2017-14121,,5.5,1057004,ImageMagick,https://www.suse.com/security/cve/CVE-2017-14121,"The DecodeNumber function in unrarlib.c in unrar 0.0.1 (aka unrar-free or unrar-gpl) suffers from a NULL pointer dereference flaw triggered by a crafted RAR archive. NOTE: this may be the same as one of the several test cases in the CVE-2017-11189 references.",Released
20170905,CVE-2017-12691,,6.5,1053955,ImageMagick,https://www.suse.com/security/cve/CVE-2017-12691,"The ReadOneLayer function in coders/xcf.c in ImageMagick 7.0.6-6 allows remote attackers to cause a denial of service (memory consumption) via a crafted file.",Released
20170905,CVE-2017-12692,,6.5,1053955,ImageMagick,https://www.suse.com/security/cve/CVE-2017-12692,"The ReadVIFFImage function in coders/viff.c in ImageMagick 7.0.6-6 allows remote attackers to cause a denial of service (memory consumption) via a crafted VIFF file.",Released
20170905,CVE-2017-12693,,6.5,1053955,ImageMagick,https://www.suse.com/security/cve/CVE-2017-12693,"The ReadBMPImage function in coders/bmp.c in ImageMagick 7.0.6-6 allows remote attackers to cause a denial of service (memory consumption) via a crafted BMP file.",Released
20170905,CVE-2017-12893,5.3,9.8,1050219,tcpdump,https://www.suse.com/security/cve/CVE-2017-12893,"The SMB/CIFS parser in tcpdump before 4.9.2 has a buffer over-read in smbutil.c:name_len().",Released
20170905,CVE-2017-12894,5.3,9.8,1050219,tcpdump,https://www.suse.com/security/cve/CVE-2017-12894,"Several protocol parsers in tcpdump before 4.9.2 could cause a buffer over-read in addrtoname.c:lookup_bytestring().",Released
20170905,CVE-2017-12895,5.3,9.8,1050219,tcpdump,https://www.suse.com/security/cve/CVE-2017-12895,"The ICMP parser in tcpdump before 4.9.2 has a buffer over-read in print-icmp.c:icmp_print().",Released
20170905,CVE-2017-12896,5.3,9.8,1050219,tcpdump,https://www.suse.com/security/cve/CVE-2017-12896,"The ISAKMP parser in tcpdump before 4.9.2 has a buffer over-read in print-isakmp.c:isakmp_rfc3948_print().",Released
20170905,CVE-2017-12897,5.3,9.8,1050219,tcpdump,https://www.suse.com/security/cve/CVE-2017-12897,"The ISO CLNS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c:isoclns_print().",Released
20170905,CVE-2017-12898,5.3,9.8,1050219,tcpdump,https://www.suse.com/security/cve/CVE-2017-12898,"The NFS parser in tcpdump before 4.9.2 has a buffer over-read in print-nfs.c:interp_reply().",Released
20170905,CVE-2017-12899,5.3,9.8,1050219,tcpdump,https://www.suse.com/security/cve/CVE-2017-12899,"The DECnet parser in tcpdump before 4.9.2 has a buffer over-read in print-decnet.c:decnet_print().",Released
20170905,CVE-2017-12900,5.3,9.8,1050219,tcpdump,https://www.suse.com/security/cve/CVE-2017-12900,"Several protocol parsers in tcpdump before 4.9.2 could cause a buffer over-read in util-print.c:tok2strbuf().",Released
20170905,CVE-2017-12901,5.3,9.8,1050219,tcpdump,https://www.suse.com/security/cve/CVE-2017-12901,"The EIGRP parser in tcpdump before 4.9.2 has a buffer over-read in print-eigrp.c:eigrp_print().",Released
20170905,CVE-2017-12902,5.3,9.8,1050219,tcpdump,https://www.suse.com/security/cve/CVE-2017-12902,"The Zephyr parser in tcpdump before 4.9.2 has a buffer over-read in print-zephyr.c, several functions.",Released
20170905,CVE-2017-12985,5.3,9.8,1050219,tcpdump,https://www.suse.com/security/cve/CVE-2017-12985,"The IPv6 parser in tcpdump before 4.9.2 has a buffer over-read in print-ip6.c:ip6_print().",Released
20170905,CVE-2017-12986,5.3,9.8,1050219,tcpdump,https://www.suse.com/security/cve/CVE-2017-12986,"The IPv6 routing header parser in tcpdump before 4.9.2 has a buffer over-read in print-rt6.c:rt6_print().",Released
20170905,CVE-2017-12987,5.3,9.8,1050219,tcpdump,https://www.suse.com/security/cve/CVE-2017-12987,"The IEEE 802.11 parser in tcpdump before 4.9.2 has a buffer over-read in print-802_11.c:parse_elements().",Released
20170905,CVE-2017-12988,5.3,9.8,1050219,tcpdump,https://www.suse.com/security/cve/CVE-2017-12988,"The telnet parser in tcpdump before 4.9.2 has a buffer over-read in print-telnet.c:telnet_parse().",Released
20170905,CVE-2017-12989,7.5,7.5,1050219,tcpdump,https://www.suse.com/security/cve/CVE-2017-12989,"The RESP parser in tcpdump before 4.9.2 could enter an infinite loop due to a bug in print-resp.c:resp_get_length().",Released
20170905,CVE-2017-12990,7.5,7.5,1050219,tcpdump,https://www.suse.com/security/cve/CVE-2017-12990,"The ISAKMP parser in tcpdump before 4.9.2 could enter an infinite loop due to bugs in print-isakmp.c, several functions.",Released
20170905,CVE-2017-12991,5.3,9.8,1050219,tcpdump,https://www.suse.com/security/cve/CVE-2017-12991,"The BGP parser in tcpdump before 4.9.2 has a buffer over-read in print-bgp.c:bgp_attr_print().",Released
20170905,CVE-2017-12992,5.3,9.8,1050219,tcpdump,https://www.suse.com/security/cve/CVE-2017-12992,"The RIPng parser in tcpdump before 4.9.2 has a buffer over-read in print-ripng.c:ripng_print().",Released
20170905,CVE-2017-12993,5.3,9.8,1050219,tcpdump,https://www.suse.com/security/cve/CVE-2017-12993,"The Juniper protocols parser in tcpdump before 4.9.2 has a buffer over-read in print-juniper.c, several functions.",Released
20170905,CVE-2017-12994,5.3,9.8,1050219,tcpdump,https://www.suse.com/security/cve/CVE-2017-12994,"The BGP parser in tcpdump before 4.9.2 has a buffer over-read in print-bgp.c:bgp_attr_print().",Released
20170905,CVE-2017-12995,7.5,7.5,1050219,tcpdump,https://www.suse.com/security/cve/CVE-2017-12995,"The DNS parser in tcpdump before 4.9.2 could enter an infinite loop due to a bug in print-domain.c:ns_print().",Released
20170905,CVE-2017-12996,5.3,9.8,1050219,tcpdump,https://www.suse.com/security/cve/CVE-2017-12996,"The PIMv2 parser in tcpdump before 4.9.2 has a buffer over-read in print-pim.c:pimv2_print().",Released
20170905,CVE-2017-12997,7.5,7.5,1050219,tcpdump,https://www.suse.com/security/cve/CVE-2017-12997,"The LLDP parser in tcpdump before 4.9.2 could enter an infinite loop due to a bug in print-lldp.c:lldp_private_8021_print().",Released
20170905,CVE-2017-12998,5.3,9.8,1050219,tcpdump,https://www.suse.com/security/cve/CVE-2017-12998,"The IS-IS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c:isis_print_extd_ip_reach().",Released
20170905,CVE-2017-12999,5.3,9.8,1050219,tcpdump,https://www.suse.com/security/cve/CVE-2017-12999,"The IS-IS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c:isis_print().",Released
20170905,CVE-2017-13000,5.3,9.8,1050219,tcpdump,https://www.suse.com/security/cve/CVE-2017-13000,"The IEEE 802.15.4 parser in tcpdump before 4.9.2 has a buffer over-read in print-802_15_4.c:ieee802_15_4_if_print().",Released
20170905,CVE-2017-13001,5.3,9.8,1050219,tcpdump,https://www.suse.com/security/cve/CVE-2017-13001,"The NFS parser in tcpdump before 4.9.2 has a buffer over-read in print-nfs.c:nfs_printfh().",Released
20170905,CVE-2017-13002,5.3,9.8,1050219,tcpdump,https://www.suse.com/security/cve/CVE-2017-13002,"The AODV parser in tcpdump before 4.9.2 has a buffer over-read in print-aodv.c:aodv_extension().",Released
20170905,CVE-2017-13003,5.3,9.8,1050219,tcpdump,https://www.suse.com/security/cve/CVE-2017-13003,"The LMP parser in tcpdump before 4.9.2 has a buffer over-read in print-lmp.c:lmp_print().",Released
20170905,CVE-2017-13004,5.3,9.8,1050219,tcpdump,https://www.suse.com/security/cve/CVE-2017-13004,"The Juniper protocols parser in tcpdump before 4.9.2 has a buffer over-read in print-juniper.c:juniper_parse_header().",Released
20170905,CVE-2017-13005,5.3,9.8,1050219,tcpdump,https://www.suse.com/security/cve/CVE-2017-13005,"The NFS parser in tcpdump before 4.9.2 has a buffer over-read in print-nfs.c:xid_map_enter().",Released
20170905,CVE-2017-13006,5.3,9.8,1050219,tcpdump,https://www.suse.com/security/cve/CVE-2017-13006,"The L2TP parser in tcpdump before 4.9.2 has a buffer over-read in print-l2tp.c, several functions.",Released
20170905,CVE-2017-13007,5.3,9.8,1050219,tcpdump,https://www.suse.com/security/cve/CVE-2017-13007,"The Apple PKTAP parser in tcpdump before 4.9.2 has a buffer over-read in print-pktap.c:pktap_if_print().",Released
20170905,CVE-2017-13008,5.3,9.8,1050219,tcpdump,https://www.suse.com/security/cve/CVE-2017-13008,"The IEEE 802.11 parser in tcpdump before 4.9.2 has a buffer over-read in print-802_11.c:parse_elements().",Released
20170905,CVE-2017-13009,5.3,9.8,1050219,tcpdump,https://www.suse.com/security/cve/CVE-2017-13009,"The IPv6 mobility parser in tcpdump before 4.9.2 has a buffer over-read in print-mobility.c:mobility_print().",Released
20170905,CVE-2017-13010,5.3,9.8,1050219,tcpdump,https://www.suse.com/security/cve/CVE-2017-13010,"The BEEP parser in tcpdump before 4.9.2 has a buffer over-read in print-beep.c:l_strnstart().",Released
20170905,CVE-2017-13011,9.8,9.8,1050219,tcpdump,https://www.suse.com/security/cve/CVE-2017-13011,"Several protocol parsers in tcpdump before 4.9.2 could cause a buffer overflow in util-print.c:bittok2str_internal().",Released
20170905,CVE-2017-13012,5.3,9.8,1050219,tcpdump,https://www.suse.com/security/cve/CVE-2017-13012,"The ICMP parser in tcpdump before 4.9.2 has a buffer over-read in print-icmp.c:icmp_print().",Released
20170905,CVE-2017-13013,5.3,9.8,1050219,tcpdump,https://www.suse.com/security/cve/CVE-2017-13013,"The ARP parser in tcpdump before 4.9.2 has a buffer over-read in print-arp.c, several functions.",Released
20170905,CVE-2017-13014,5.3,9.8,1050219,tcpdump,https://www.suse.com/security/cve/CVE-2017-13014,"The White Board protocol parser in tcpdump before 4.9.2 has a buffer over-read in print-wb.c:wb_prep(), several functions.",Released
20170905,CVE-2017-13015,5.3,9.8,1050219,tcpdump,https://www.suse.com/security/cve/CVE-2017-13015,"The EAP parser in tcpdump before 4.9.2 has a buffer over-read in print-eap.c:eap_print().",Released
20170905,CVE-2017-13016,5.3,9.8,1050219,tcpdump,https://www.suse.com/security/cve/CVE-2017-13016,"The ISO ES-IS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c:esis_print().",Released
20170905,CVE-2017-13017,5.3,9.8,1050219,tcpdump,https://www.suse.com/security/cve/CVE-2017-13017,"The DHCPv6 parser in tcpdump before 4.9.2 has a buffer over-read in print-dhcp6.c:dhcp6opt_print().",Released
20170905,CVE-2017-13018,5.3,9.8,1050219,tcpdump,https://www.suse.com/security/cve/CVE-2017-13018,"The PGM parser in tcpdump before 4.9.2 has a buffer over-read in print-pgm.c:pgm_print().",Released
20170905,CVE-2017-13019,5.3,9.8,1050219,tcpdump,https://www.suse.com/security/cve/CVE-2017-13019,"The PGM parser in tcpdump before 4.9.2 has a buffer over-read in print-pgm.c:pgm_print().",Released
20170905,CVE-2017-13020,5.3,9.8,1050219,tcpdump,https://www.suse.com/security/cve/CVE-2017-13020,"The VTP parser in tcpdump before 4.9.2 has a buffer over-read in print-vtp.c:vtp_print().",Released
20170905,CVE-2017-13021,5.3,9.8,1050219,tcpdump,https://www.suse.com/security/cve/CVE-2017-13021,"The ICMPv6 parser in tcpdump before 4.9.2 has a buffer over-read in print-icmp6.c:icmp6_print().",Released
20170905,CVE-2017-13022,5.3,9.8,1050219,tcpdump,https://www.suse.com/security/cve/CVE-2017-13022,"The IP parser in tcpdump before 4.9.2 has a buffer over-read in print-ip.c:ip_printroute().",Released
20170905,CVE-2017-13023,5.3,9.8,1050219,tcpdump,https://www.suse.com/security/cve/CVE-2017-13023,"The IPv6 mobility parser in tcpdump before 4.9.2 has a buffer over-read in print-mobility.c:mobility_opt_print().",Released
20170905,CVE-2017-13024,5.3,9.8,1050219,tcpdump,https://www.suse.com/security/cve/CVE-2017-13024,"The IPv6 mobility parser in tcpdump before 4.9.2 has a buffer over-read in print-mobility.c:mobility_opt_print().",Released
20170905,CVE-2017-13025,5.3,9.8,1050219,tcpdump,https://www.suse.com/security/cve/CVE-2017-13025,"The IPv6 mobility parser in tcpdump before 4.9.2 has a buffer over-read in print-mobility.c:mobility_opt_print().",Released
20170905,CVE-2017-13026,5.3,9.8,1050219,tcpdump,https://www.suse.com/security/cve/CVE-2017-13026,"The ISO IS-IS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c, several functions.",Released
20170905,CVE-2017-13027,5.3,9.8,1050219,tcpdump,https://www.suse.com/security/cve/CVE-2017-13027,"The LLDP parser in tcpdump before 4.9.2 has a buffer over-read in print-lldp.c:lldp_mgmt_addr_tlv_print().",Released
20170905,CVE-2017-13028,5.3,9.8,1050219,tcpdump,https://www.suse.com/security/cve/CVE-2017-13028,"The BOOTP parser in tcpdump before 4.9.2 has a buffer over-read in print-bootp.c:bootp_print().",Released
20170905,CVE-2017-13029,5.3,9.8,1050219,tcpdump,https://www.suse.com/security/cve/CVE-2017-13029,"The PPP parser in tcpdump before 4.9.2 has a buffer over-read in print-ppp.c:print_ccp_config_options().",Released
20170905,CVE-2017-13030,5.3,9.8,1050219,tcpdump,https://www.suse.com/security/cve/CVE-2017-13030,"The PIM parser in tcpdump before 4.9.2 has a buffer over-read in print-pim.c, several functions.",Released
20170905,CVE-2017-13031,5.3,9.8,1050219,tcpdump,https://www.suse.com/security/cve/CVE-2017-13031,"The IPv6 fragmentation header parser in tcpdump before 4.9.2 has a buffer over-read in print-frag6.c:frag6_print().",Released
20170905,CVE-2017-13032,5.3,9.8,1050219,tcpdump,https://www.suse.com/security/cve/CVE-2017-13032,"The RADIUS parser in tcpdump before 4.9.2 has a buffer over-read in print-radius.c:print_attr_string().",Released
20170905,CVE-2017-13033,5.3,9.8,1050219,tcpdump,https://www.suse.com/security/cve/CVE-2017-13033,"The VTP parser in tcpdump before 4.9.2 has a buffer over-read in print-vtp.c:vtp_print().",Released
20170905,CVE-2017-13034,5.3,9.8,1050219,tcpdump,https://www.suse.com/security/cve/CVE-2017-13034,"The PGM parser in tcpdump before 4.9.2 has a buffer over-read in print-pgm.c:pgm_print().",Released
20170905,CVE-2017-13035,5.3,9.8,1050219,tcpdump,https://www.suse.com/security/cve/CVE-2017-13035,"The ISO IS-IS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c:isis_print_id().",Released
20170905,CVE-2017-13036,5.3,9.8,1050219,tcpdump,https://www.suse.com/security/cve/CVE-2017-13036,"The OSPFv3 parser in tcpdump before 4.9.2 has a buffer over-read in print-ospf6.c:ospf6_decode_v3().",Released
20170905,CVE-2017-13037,5.3,9.8,1050219,tcpdump,https://www.suse.com/security/cve/CVE-2017-13037,"The IP parser in tcpdump before 4.9.2 has a buffer over-read in print-ip.c:ip_printts().",Released
20170905,CVE-2017-13038,5.3,9.8,1050219,tcpdump,https://www.suse.com/security/cve/CVE-2017-13038,"The PPP parser in tcpdump before 4.9.2 has a buffer over-read in print-ppp.c:handle_mlppp().",Released
20170905,CVE-2017-13039,5.3,9.8,1050219,tcpdump,https://www.suse.com/security/cve/CVE-2017-13039,"The ISAKMP parser in tcpdump before 4.9.2 has a buffer over-read in print-isakmp.c, several functions.",Released
20170905,CVE-2017-13040,5.3,9.8,1050219,tcpdump,https://www.suse.com/security/cve/CVE-2017-13040,"The MPTCP parser in tcpdump before 4.9.2 has a buffer over-read in print-mptcp.c, several functions.",Released
20170905,CVE-2017-13041,5.3,9.8,1050219,tcpdump,https://www.suse.com/security/cve/CVE-2017-13041,"The ICMPv6 parser in tcpdump before 4.9.2 has a buffer over-read in print-icmp6.c:icmp6_nodeinfo_print().",Released
20170905,CVE-2017-13042,5.3,9.8,1050219,tcpdump,https://www.suse.com/security/cve/CVE-2017-13042,"The HNCP parser in tcpdump before 4.9.2 has a buffer over-read in print-hncp.c:dhcpv6_print().",Released
20170905,CVE-2017-13043,5.3,9.8,1050219,tcpdump,https://www.suse.com/security/cve/CVE-2017-13043,"The BGP parser in tcpdump before 4.9.2 has a buffer over-read in print-bgp.c:decode_multicast_vpn().",Released
20170905,CVE-2017-13044,5.3,9.8,1050219,tcpdump,https://www.suse.com/security/cve/CVE-2017-13044,"The HNCP parser in tcpdump before 4.9.2 has a buffer over-read in print-hncp.c:dhcpv4_print().",Released
20170905,CVE-2017-13045,5.3,9.8,1050219,tcpdump,https://www.suse.com/security/cve/CVE-2017-13045,"The VQP parser in tcpdump before 4.9.2 has a buffer over-read in print-vqp.c:vqp_print().",Released
20170905,CVE-2017-13046,5.3,9.8,1050219,tcpdump,https://www.suse.com/security/cve/CVE-2017-13046,"The BGP parser in tcpdump before 4.9.2 has a buffer over-read in print-bgp.c:bgp_attr_print().",Released
20170905,CVE-2017-13047,5.3,9.8,1050219,tcpdump,https://www.suse.com/security/cve/CVE-2017-13047,"The ISO ES-IS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c:esis_print().",Released
20170905,CVE-2017-13048,5.3,9.8,1050219,tcpdump,https://www.suse.com/security/cve/CVE-2017-13048,"The RSVP parser in tcpdump before 4.9.2 has a buffer over-read in print-rsvp.c:rsvp_obj_print().",Released
20170905,CVE-2017-13049,5.3,9.8,1050219,tcpdump,https://www.suse.com/security/cve/CVE-2017-13049,"The Rx protocol parser in tcpdump before 4.9.2 has a buffer over-read in print-rx.c:ubik_print().",Released
20170905,CVE-2017-13050,5.3,9.8,1050219,tcpdump,https://www.suse.com/security/cve/CVE-2017-13050,"The RPKI-Router parser in tcpdump before 4.9.2 has a buffer over-read in print-rpki-rtr.c:rpki_rtr_pdu_print().",Released
20170905,CVE-2017-13051,5.3,9.8,1050219,tcpdump,https://www.suse.com/security/cve/CVE-2017-13051,"The RSVP parser in tcpdump before 4.9.2 has a buffer over-read in print-rsvp.c:rsvp_obj_print().",Released
20170905,CVE-2017-13052,5.3,9.8,1050219,tcpdump,https://www.suse.com/security/cve/CVE-2017-13052,"The CFM parser in tcpdump before 4.9.2 has a buffer over-read in print-cfm.c:cfm_print().",Released
20170905,CVE-2017-13053,5.3,9.8,1050219,tcpdump,https://www.suse.com/security/cve/CVE-2017-13053,"The BGP parser in tcpdump before 4.9.2 has a buffer over-read in print-bgp.c:decode_rt_routing_info().",Released
20170905,CVE-2017-13054,5.3,9.8,1050219,tcpdump,https://www.suse.com/security/cve/CVE-2017-13054,"The LLDP parser in tcpdump before 4.9.2 has a buffer over-read in print-lldp.c:lldp_private_8023_print().",Released
20170905,CVE-2017-13055,5.3,9.8,1050219,tcpdump,https://www.suse.com/security/cve/CVE-2017-13055,"The ISO IS-IS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c:isis_print_is_reach_subtlv().",Released
20170905,CVE-2017-13687,5.3,9.8,1050219,tcpdump,https://www.suse.com/security/cve/CVE-2017-13687,"The Cisco HDLC parser in tcpdump before 4.9.2 has a buffer over-read in print-chdlc.c:chdlc_print().",Released
20170905,CVE-2017-13688,5.3,9.8,1050219,tcpdump,https://www.suse.com/security/cve/CVE-2017-13688,"The OLSR parser in tcpdump before 4.9.2 has a buffer over-read in print-olsr.c:olsr_print().",Released
20170905,CVE-2017-13689,5.3,9.8,1050219,tcpdump,https://www.suse.com/security/cve/CVE-2017-13689,"The IKEv1 parser in tcpdump before 4.9.2 has a buffer over-read in print-isakmp.c:ikev1_id_print().",Released
20170905,CVE-2017-13690,5.3,9.8,1050219,tcpdump,https://www.suse.com/security/cve/CVE-2017-13690,"The IKEv2 parser in tcpdump before 4.9.2 has a buffer over-read in print-isakmp.c, several functions.",Released
20170905,CVE-2017-13725,5.3,9.8,1050219,tcpdump,https://www.suse.com/security/cve/CVE-2017-13725,"The IPv6 routing header parser in tcpdump before 4.9.2 has a buffer over-read in print-rt6.c:rt6_print().",Released
20170905,CVE-2017-14108,3.3,5.5,1057184,gedit,https://www.suse.com/security/cve/CVE-2017-14108,"libgedit.a in GNOME gedit through 3.22.1 allows remote attackers to cause a denial of service (CPU consumption) via a file that begins with many '\0' characters.",Affected
20170905,CVE-2017-14129,5.3,5.5,1057144,binutils,https://www.suse.com/security/cve/CVE-2017-14129,"The read_section function in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (parse_comp_unit heap-based buffer over-read and application crash) via a crafted ELF file.",Ignore
20170905,CVE-2017-14130,5.3,5.5,1057149,binutils,https://www.suse.com/security/cve/CVE-2017-14130,"The _bfd_elf_parse_attributes function in elf-attrs.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (_bfd_elf_attr_strdup heap-based buffer over-read and application crash) via a crafted ELF file.",Ignore
20170905,CVE-2017-14132,3.7,6.5,1057152,jasper,https://www.suse.com/security/cve/CVE-2017-14132,"JasPer 1.900.8, 1.900.9, 1.900.10, 1.900.11, 1.900.12, 1.900.13, 1.900.14, 1.900.15, 1.900.16, 1.900.17, 1.900.18, 1.900.19, 1.900.20, 1.900.21, 1.900.22, 1.900.23, 1.900.24, 1.900.25, 1.900.26, 1.900.27, 1.900.28, 1.900.29, 1.900.30, 1.900.31, 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, 2.0.6, 2.0.7, 2.0.8, 2.0.9, 2.0.10, 2.0.11, 2.0.12, 2.0.13, 2.0.14, 2.0.15, 2.0.16 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted image, related to the jas_image_ishomosamp function in libjasper/base/jas_image.c.",Released
20170905,CVE-2017-14140,3.3,5.5,1057179,kernel-source,https://www.suse.com/security/cve/CVE-2017-14140,"The move_pages system call in mm/migrate.c in the Linux kernel before 4.12.9 doesn't check the effective uid of the target process, enabling a local attacker to learn the memory layout of a setuid executable despite ASLR.",Released
20170906,CVE-2017-8281,8.1,4.7,1003077,kernel-source,https://www.suse.com/security/cve/CVE-2017-8281,"In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition can allow access to already freed memory while querying event status via DCI.",Already fixed
20170907,CVE-2017-14165,3.7,6.5,1052553,ImageMagick,https://www.suse.com/security/cve/CVE-2017-14165,"The ReadSUNImage function in coders/sun.c in GraphicsMagick 1.3.26 has an issue where memory allocation is excessive because it depends only on a length field in a header. This may lead to remote denial of service in the MagickMalloc function in magick/memory.c.",Affected
20170907,CVE-2017-14167,4,8.8,1057585,kvm,https://www.suse.com/security/cve/CVE-2017-14167,"Integer overflow in the load_multiboot function in hw/i386/multiboot.c in QEMU (aka Quick Emulator) allows local guest OS users to execute arbitrary code on the host via crafted multiboot header address values, which trigger an out-of-bounds write.",Released
20170908,CVE-2017-14172,5.3,6.5,1057730,ImageMagick,https://www.suse.com/security/cve/CVE-2017-14172,"In coders/ps.c in ImageMagick 7.0.7-0 Q16, a DoS in ReadPSImage() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted PSD file, which claims a large \"extent\" field in the header but does not contain sufficient backing data, is provided, the loop over \"length\" would consume huge CPU resources, since there is no EOF check inside the loop.",Released
20170908,CVE-2017-14173,3.7,6.5,1057729,ImageMagick,https://www.suse.com/security/cve/CVE-2017-14173,"In the function ReadTXTImage() in coders/txt.c in ImageMagick 7.0.6-10, an integer overflow might occur for the addition operation \"GetQuantumRange(depth)+1\" when \"depth\" is large, producing a smaller value than expected. As a result, an infinite loop would occur for a crafted TXT file that claims a very large \"max_value\" value.",Released
20170908,CVE-2017-14174,5.3,6.5,1057723,ImageMagick,https://www.suse.com/security/cve/CVE-2017-14174,"In coders/psd.c in ImageMagick 7.0.7-0 Q16, a DoS in ReadPSDLayersInternal() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted PSD file, which claims a large \"length\" field in the header but does not contain sufficient backing data, is provided, the loop over \"length\" would consume huge CPU resources, since there is no EOF check inside the loop.",Released
20170908,CVE-2017-14175,5.3,6.5,1056426,ImageMagick,https://www.suse.com/security/cve/CVE-2017-14175,"In coders/xbm.c in ImageMagick 7.0.6-1 Q16, a DoS in ReadXBMImage() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted XBM file, which claims large rows and columns fields in the header but does not contain sufficient backing data, is provided, the loop over the rows would consume huge CPU resources, since there is no EOF check inside the loop.",Released
20170909,CVE-2017-1000250,3.7,6.5,1057342,bluez,https://www.suse.com/security/cve/CVE-2017-1000250,"All versions of the SDP server in BlueZ 5.46 and earlier are vulnerable to an information disclosure vulnerability which allows remote attackers to obtain sensitive information from the bluetoothd process memory. This vulnerability lies in the processing of SDP search attribute requests.",Unsupported
20170909,CVE-2017-1000251,8.8,8,1057389,kernel-source,https://www.suse.com/security/cve/CVE-2017-1000251,"The native Bluetooth stack in the Linux Kernel (BlueZ), starting at the Linux kernel version 2.6.32 and up to and including 4.13.1, are vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space.",Released
20170911,CVE-2017-1000252,4.7,5.5,1058038,kernel-source,https://www.suse.com/security/cve/CVE-2017-1000252,"The KVM subsystem in the Linux kernel through 4.13.3 allows guest OS users to cause a denial of service (assertion failure, and hypervisor hang or crash) via an out-of bounds guest_irq value, related to arch/x86/kvm/vmx.c and virt/kvm/eventfd.c.",Unsupported
20170911,CVE-2017-14224,,8.8,1058009,ImageMagick,https://www.suse.com/security/cve/CVE-2017-14224,"A heap-based buffer overflow in WritePCXImage in coders/pcx.c in ImageMagick 7.0.6-8 Q16 allows remote attackers to cause a denial of service or code execution via a crafted file.",Released
20170911,CVE-2017-14230,4.3,9.1,1058021,cyrus-imapd,https://www.suse.com/security/cve/CVE-2017-14230,"In the mboxlist_do_find function in imap/mboxlist.c in Cyrus IMAP before 3.0.4, an off-by-one error in prefix calculation for the LIST command caused use of uninitialized memory, which might allow remote attackers to obtain sensitive information or cause a denial of service (daemon crash) via a 'LIST \"\" \"Other Users\"' command.",Released
20170911,CVE-2017-14249,5.3,6.5,1058082,ImageMagick,https://www.suse.com/security/cve/CVE-2017-14249,"ImageMagick 7.0.6-8 Q16 mishandles EOF checks in ReadMPCImage in coders/mpc.c, leading to division by zero in GetPixelCacheTileSize in MagickCore/cache.c, allowing remote attackers to cause a denial of service via a crafted file.",Released
20170911,CVE-2017-9798,5.9,7.5,1058058,apache2,https://www.suse.com/security/cve/CVE-2017-9798,"Apache httpd allows remote attackers to read secret data from process memory if the Limit directive can be set in a user's .htaccess file, or if httpd.conf has certain misconfigurations, aka Optionsbleed. This affects the Apache HTTP Server through 2.2.34 and 2.4.x through 2.4.27. The attacker sends an unauthenticated OPTIONS HTTP request when attempting to read secret data. This is a use-after-free issue and thus secret data is not always sent, and the specific data depends on many factors including configuration. Exploitation with .htaccess can be blocked with a patch to the ap_limit_section function in server/core.c.",Released
20170912,CVE-2017-11455,,8.8,968050,openssl,https://www.suse.com/security/cve/CVE-2017-11455,"diag.cgi in Pulse Connect Secure 8.2R1 through 8.2R5, 8.1R1 through 8.1R10 and Pulse Policy Secure 5.3R1 through 5.3R5, 5.2R1 through 5.2R8, and 5.1R1 through 5.1R10 allow remote attackers to hijack the authentication of administrators for requests to start tcpdump, related to the lack of anti-CSRF tokens.",Released
20170912,CVE-2017-14312,,7.8,1058222,nagios,https://www.suse.com/security/cve/CVE-2017-14312,"Nagios Core through 4.3.4 initially executes /usr/sbin/nagios as root but supports configuration options in which this file is owned by a non-root account (and similarly can have nagios.cfg owned by a non-root account), which allows local users to gain privileges by leveraging access to this non-root account.",Ignore
20170912,CVE-2017-14316,7.8,8.8,1056278,xen,https://www.suse.com/security/cve/CVE-2017-14316,"A parameter verification issue was discovered in Xen through 4.9.x. The function `alloc_heap_pages` allows callers to specify the first NUMA node that should be used for allocations through the `memflags` parameter; the node is extracted using the `MEMF_get_node` macro. While the function checks to see if the special constant `NUMA_NO_NODE` is specified, it otherwise does not handle the case where `node >= MAX_NUMNODES`. This allows an out-of-bounds access to an internal array.",Released
20170912,CVE-2017-14317,4.4,5.6,1056281,xen,https://www.suse.com/security/cve/CVE-2017-14317,"A domain cleanup issue was discovered in the C xenstore daemon (aka cxenstored) in Xen through 4.9.x. When shutting down a VM with a stubdomain, a race in cxenstored may cause a double-free. The xenstored daemon may crash, resulting in a DoS of any parts of the system relying on it (including domain creation / destruction, ballooning, device changes, etc.).",Released
20170912,CVE-2017-14319,7.8,8.8,1056282,xen,https://www.suse.com/security/cve/CVE-2017-14319,"A grant unmapping issue was discovered in Xen through 4.9.x. When removing or replacing a grant mapping, the x86 PV specific path needs to make sure page table entries remain in sync with other accounting done. Although the identity of the page frame was validated correctly, neither the presence of the mapping nor page writability were taken into account.",Released
20170913,CVE-2017-12153,4.4,4.4,1058410,kernel-source,https://www.suse.com/security/cve/CVE-2017-12153,"A security flaw was discovered in the nl80211_set_rekey_data() function in net/wireless/nl80211.c in the Linux kernel through 4.13.3. This function does not check whether the required attributes are present in a Netlink request. This request can be issued by a user with the CAP_NET_ADMIN capability and may result in a NULL pointer dereference and system crash.",Unsupported
20170913,CVE-2017-12154,5.6,7.1,1058038,kernel-source,https://www.suse.com/security/cve/CVE-2017-12154,"The prepare_vmcs02 function in arch/x86/kvm/vmx.c in the Linux kernel through 4.13.3 does not ensure that the \"CR8-load exiting\" and \"CR8-store exiting\" L0 vmcs02 controls exist in cases where L1 omits the \"use TPR shadow\" vmcs12 control, which allows KVM L2 guest OS users to obtain read and write access to the hardware CR8 register.",Unsupported
20170913,CVE-2017-14333,2.8,7.8,1058480,binutils,https://www.suse.com/security/cve/CVE-2017-14333,"The process_version_sections function in readelf.c in GNU Binutils 2.29 allows attackers to cause a denial of service (Integer Overflow, and hang because of a time-consuming loop) or possibly have unspecified other impact via a crafted binary file with invalid values of ent.vn_next, during \"readelf -a\" execution.",Ignore
20170913,CVE-2017-14340,5.5,5.5,1058524,kernel-source,https://www.suse.com/security/cve/CVE-2017-14340,"The XFS_IS_REALTIME_INODE macro in fs/xfs/xfs_linux.h in the Linux kernel before 4.13.2 does not verify that a filesystem has a realtime device, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) via vectors related to setting an RHINHERIT flag on a directory.",Released
20170913,CVE-2017-14342,5.3,6.5,1058485,ImageMagick,https://www.suse.com/security/cve/CVE-2017-14342,"ImageMagick 7.0.6-6 has a memory exhaustion vulnerability in ReadWPGImage in coders/wpg.c via a crafted wpg image file.",Released
20170913,CVE-2017-14343,5.3,6.5,1058422,ImageMagick,https://www.suse.com/security/cve/CVE-2017-14343,"ImageMagick 7.0.6-6 has a memory leak vulnerability in ReadXCFImage in coders/xcf.c via a crafted xcf image file.",Released
20170913,CVE-2017-7560,6.1,5.5,1049936,spacewalk-client-tools,https://www.suse.com/security/cve/CVE-2017-7560,"It was found that rhnsd PID files are created as world-writable that allows local attackers to fill the disks or to kill selected processes.",Released
20170913,CVE-2017-7560,6.1,5.5,1049936,spacewalksd,https://www.suse.com/security/cve/CVE-2017-7560,"It was found that rhnsd PID files are created as world-writable that allows local attackers to fill the disks or to kill selected processes.",Released
20170914,CVE-2017-0898,5.3,9.1,1058755,ruby,https://www.suse.com/security/cve/CVE-2017-0898,"Ruby before 2.4.2, 2.3.5, and 2.2.8 is vulnerable to a malicious format string which contains a precious specifier (*) with a huge minus value. Such situation can lead to a buffer overrun, resulting in a heap memory corruption or an information disclosure from the heap.",Won't fix
20170914,CVE-2017-10784,5.4,8.8,1058754,ruby,https://www.suse.com/security/cve/CVE-2017-10784,"The Basic authentication code in WEBrick library in Ruby before 2.2.8, 2.3.x before 2.3.5, and 2.4.x through 2.4.1 allows remote attackers to inject terminal emulator escape sequences into its log and possibly execute arbitrary commands via a crafted user name.",Won't fix
20170914,CVE-2017-12150,8,7.4,1058622,samba,https://www.suse.com/security/cve/CVE-2017-12150,"It was found that samba before 4.4.16, 4.5.x before 4.5.14, and 4.6.x before 4.6.8 did not enforce \"SMB signing\" when certain configuration options were enabled. A remote attacker could launch a man-in-the-middle attack and retrieve information in plain-text.",Released
20170914,CVE-2017-12163,5,4.1,1058410,samba,https://www.suse.com/security/cve/CVE-2017-12163,"An information leak flaw was found in the way SMB1 protocol was implemented by Samba before 4.4.16, 4.5.x before 4.5.14, and 4.6.x before 4.6.8. A malicious client could use this flaw to dump server memory contents to a file on the samba share or to a shared printer, though the exact area of server memory cannot be controlled by the attacker.",Released
20170914,CVE-2017-14033,5.3,7.5,1058757,ruby,https://www.suse.com/security/cve/CVE-2017-14033,"The decode method in the OpenSSL::ASN1 module in Ruby before 2.2.8, 2.3.x before 2.3.5, and 2.4.x through 2.4.1 allows attackers to cause a denial of service (interpreter crash) via a crafted string.",Won't fix
20170914,CVE-2017-14314,,6.5,1058630,ImageMagick,https://www.suse.com/security/cve/CVE-2017-14314,"Off-by-one error in the DrawImage function in magick/render.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (DrawDashPolygon heap-based buffer over-read and application crash) via a crafted file.",Released
20170914,CVE-2017-14326,5.3,6.5,1058640,ImageMagick,https://www.suse.com/security/cve/CVE-2017-14326,"In ImageMagick 7.0.7-1 Q16, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allows attackers to cause a denial of service via a crafted file.",Released
20170914,CVE-2017-14337,,8.1,1058637,ImageMagick,https://www.suse.com/security/cve/CVE-2017-14337,"When MISP before 2.4.80 is configured with X.509 certificate authentication (CertAuth) in conjunction with a non-MISP external user management ReST API, if an external user provides X.509 certificate authentication and this API returns an empty value, the unauthenticated user can be granted access as an arbitrary user.",Released
20170914,CVE-2017-14341,5.3,6.5,1058637,ImageMagick,https://www.suse.com/security/cve/CVE-2017-14341,"ImageMagick 7.0.6-6 has a large loop vulnerability in ReadWPGImage in coders/wpg.c, causing CPU exhaustion via a crafted wpg image file.",Released
20170914,CVE-2017-14431,3.8,5.5,1022871,xen,https://www.suse.com/security/cve/CVE-2017-14431,"Memory leak in Xen 3.3 through 4.8.x allows guest OS users to cause a denial of service (ARM or x86 AMD host OS memory consumption) by continually rebooting, because certain cleanup is skipped if no pass-through device was ever assigned, aka XSA-207.",Released
20170914,CVE-2017-14482,9.6,8.8,1058425,emacs,https://www.suse.com/security/cve/CVE-2017-14482,"GNU Emacs before 25.3 allows remote attackers to execute arbitrary code via email with crafted \"Content-Type: text/enriched\" data containing an x-display XML element that specifies execution of shell commands, related to an unsafe text/enriched extension in lisp/textmodes/enriched.el, and unsafe Gnus support for enriched and richtext inline MIME objects in lisp/gnus/mm-view.el. In particular, an Emacs user can be instantly compromised by reading a crafted email message (or Usenet news article).",Released
20170918,CVE-2017-14489,5.5,5.5,1059051,kernel-source,https://www.suse.com/security/cve/CVE-2017-14489,"The iscsi_if_rx function in drivers/scsi/scsi_transport_iscsi.c in the Linux kernel through 4.13.2 allows local users to cause a denial of service (panic) by leveraging incorrect length validation.",Released
20170918,CVE-2017-14501,4,6.5,1059139,bsdtar,https://www.suse.com/security/cve/CVE-2017-14501,"An out-of-bounds read flaw exists in parse_file_info in archive_read_support_format_iso9660.c in libarchive 3.3.2 when extracting a specially crafted iso9660 iso file, related to archive_read_format_iso9660_read_header.",Released
20170918,CVE-2017-14503,5.5,6.5,1059100,bsdtar,https://www.suse.com/security/cve/CVE-2017-14503,"libarchive 3.3.2 suffers from an out-of-bounds read within lha_read_data_none() in archive_read_support_format_lha.c when extracting a specially crafted lha archive, related to lha_crc16.",Released
20170918,CVE-2017-14519,5.3,7.5,1059152,poppler,https://www.suse.com/security/cve/CVE-2017-14519,"In Poppler 0.59.0, memory corruption occurs in a call to Object::streamGetChar in Object.h after a repeating series of Gfx::display, Gfx::go, Gfx::execOp, Gfx::opShowText, and Gfx::doShowText calls (aka a Gfx.cc infinite loop).",Ignore
20170918,CVE-2017-14529,5.3,5.5,1059050,binutils,https://www.suse.com/security/cve/CVE-2017-14529,"The pe_print_idata function in peXXigen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandles HintName vector entries, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted PE file, related to the bfd_getl16 function.",Ignore
20170918,CVE-2017-14529,5.3,5.5,1059050,firefox-atk,https://www.suse.com/security/cve/CVE-2017-14529,"The pe_print_idata function in peXXigen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandles HintName vector entries, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted PE file, related to the bfd_getl16 function.",Released
20170918,CVE-2017-14529,5.3,5.5,1059050,firefox-cairo,https://www.suse.com/security/cve/CVE-2017-14529,"The pe_print_idata function in peXXigen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandles HintName vector entries, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted PE file, related to the bfd_getl16 function.",Released
20170918,CVE-2017-14529,5.3,5.5,1059050,firefox-gcc8,https://www.suse.com/security/cve/CVE-2017-14529,"The pe_print_idata function in peXXigen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandles HintName vector entries, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted PE file, related to the bfd_getl16 function.",Released
20170918,CVE-2017-14529,5.3,5.5,1059050,firefox-gdk-pixbuf,https://www.suse.com/security/cve/CVE-2017-14529,"The pe_print_idata function in peXXigen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandles HintName vector entries, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted PE file, related to the bfd_getl16 function.",Released
20170918,CVE-2017-14529,5.3,5.5,1059050,firefox-glib2,https://www.suse.com/security/cve/CVE-2017-14529,"The pe_print_idata function in peXXigen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandles HintName vector entries, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted PE file, related to the bfd_getl16 function.",Released
20170918,CVE-2017-14529,5.3,5.5,1059050,firefox-gtk3,https://www.suse.com/security/cve/CVE-2017-14529,"The pe_print_idata function in peXXigen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandles HintName vector entries, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted PE file, related to the bfd_getl16 function.",Released
20170918,CVE-2017-14529,5.3,5.5,1059050,firefox-harfbuzz,https://www.suse.com/security/cve/CVE-2017-14529,"The pe_print_idata function in peXXigen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandles HintName vector entries, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted PE file, related to the bfd_getl16 function.",Released
20170918,CVE-2017-14529,5.3,5.5,1059050,firefox-libffi-gcc5,https://www.suse.com/security/cve/CVE-2017-14529,"The pe_print_idata function in peXXigen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandles HintName vector entries, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted PE file, related to the bfd_getl16 function.",Released
20170918,CVE-2017-14529,5.3,5.5,1059050,firefox-libffi,https://www.suse.com/security/cve/CVE-2017-14529,"The pe_print_idata function in peXXigen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandles HintName vector entries, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted PE file, related to the bfd_getl16 function.",Released
20170918,CVE-2017-14529,5.3,5.5,1059050,firefox-pango,https://www.suse.com/security/cve/CVE-2017-14529,"The pe_print_idata function in peXXigen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandles HintName vector entries, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted PE file, related to the bfd_getl16 function.",Released
20170920,CVE-2017-1000253,8.4,7.8,1059525,kernel-source,https://www.suse.com/security/cve/CVE-2017-1000253,"Linux distributions that have not patched their long-term kernels with https://git.kernel.org/linus/a87938b2e246b81b4fb713edb371a9fa3c5c3c86 (committed on April 14, 2015). This kernel vulnerability was fixed in April 2015 by commit a87938b2e246b81b4fb713edb371a9fa3c5c3c86 (backported to Linux 3.10.77 in May 2015), but it was not recognized as a security threat. With CONFIG_ARCH_BINFMT_ELF_RANDOMIZE_PIE enabled, and a normal top-down address allocation strategy, load_elf_binary() will attempt to map a PIE binary into an address range immediately below mm->mmap_base. Unfortunately, load_elf_ binary() does not take account of the need to allocate sufficient space for the entire binary which means that, while the first PT_LOAD segment is mapped below mm->mmap_base, the subsequent PT_LOAD segment(s) end up being mapped above mm->mmap_base into the are that is supposed to be the \"gap\" between the stack and the binary.",Released
20170920,CVE-2017-12168,6.2,6,1059448,kernel-source,https://www.suse.com/security/cve/CVE-2017-12168,"The access_pmu_evcntr function in arch/arm64/kvm/sys_regs.c in the Linux kernel before 4.8.11 allows privileged KVM guest OS users to cause a denial of service (assertion failure and host OS crash) by accessing the Performance Monitors Cycle Count Register (PMCCNTR).",Analysis
20170920,CVE-2017-12615,8.1,8.1,1059554,tomcat6,https://www.suse.com/security/cve/CVE-2017-12615,"When running Apache Tomcat 7.0.0 to 7.0.79 on Windows with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server.",Released
20170921,CVE-2017-14160,5.3,8.8,1059812,libvorbis,https://www.suse.com/security/cve/CVE-2017-14160,"The bark_noise_hybridmp function in psy.c in Xiph.Org libvorbis 1.3.5 allows remote attackers to cause a denial of service (out-of-bounds access and application crash) or possibly have unspecified other impact via a crafted mp4 file.",Released
20170921,CVE-2017-14505,5.3,6.5,1059735,ImageMagick,https://www.suse.com/security/cve/CVE-2017-14505,"DrawGetStrokeDashArray in wand/drawing-wand.c in ImageMagick 7.0.7-1 mishandles certain NULL arrays, which allows attackers to perform Denial of Service (NULL pointer dereference and application crash in AcquireQuantumMemory within MagickCore/memory.c) by providing a crafted Image File as input.",Released
20170921,CVE-2017-14531,,6.5,1057508,ImageMagick,https://www.suse.com/security/cve/CVE-2017-14531,"ImageMagick 7.0.7-0 has a memory exhaustion issue in ReadSUNImage in coders/sun.c.",Released
20170921,CVE-2017-14533,5.3,6.5,1059751,ImageMagick,https://www.suse.com/security/cve/CVE-2017-14533,"ImageMagick 7.0.6-6 has a memory leak in ReadMATImage in coders/mat.c.",Released
20170921,CVE-2017-14607,,8.1,1059778,ImageMagick,https://www.suse.com/security/cve/CVE-2017-14607,"In ImageMagick 7.0.7-4 Q16, an out of bounds read flaw related to ReadTIFFImage has been reported in coders/tiff.c. An attacker could possibly exploit this flaw to disclose potentially sensitive memory or cause an application crash.",Released
20170921,CVE-2017-14632,7.3,9.8,1059809,libvorbis,https://www.suse.com/security/cve/CVE-2017-14632,"Xiph.Org libvorbis 1.3.5 allows Remote Code Execution upon freeing uninitialized memory in the function vorbis_analysis_headerout() in info.c when vi->channels<=0, a similar issue to Mozilla bug 550184.",Released
20170921,CVE-2017-14633,5.3,6.5,1059811,libvorbis,https://www.suse.com/security/cve/CVE-2017-14633,"In Xiph.Org libvorbis 1.3.5, an out-of-bounds array read vulnerability exists in the function mapping0_forward() in mapping0.c, which may lead to DoS when operating on a crafted audio file with vorbis_analysis().",Released
20170922,CVE-2017-12617,9.8,8.1,1059554,tomcat6,https://www.suse.com/security/cve/CVE-2017-12617,"When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81 with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default servlet to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server.",Released
20170922,CVE-2017-14245,5.3,8.1,1059912,libsndfile,https://www.suse.com/security/cve/CVE-2017-14245,"An out of bounds read in the function d2alaw_array() in alaw.c of libsndfile 1.0.28 may lead to a remote DoS attack or information disclosure, related to mishandling of the NAN and INFINITY floating-point values.",Released
20170922,CVE-2017-14246,5.3,8.1,1059913,libsndfile,https://www.suse.com/security/cve/CVE-2017-14246,"An out of bounds read in the function d2ulaw_array() in ulaw.c of libsndfile 1.0.28 may lead to a remote DoS attack or information disclosure, related to mishandling of the NAN and INFINITY floating-point values.",Released
20170922,CVE-2017-14604,4.8,6.5,1060031,nautilus,https://www.suse.com/security/cve/CVE-2017-14604,"GNOME Nautilus before 3.23.90 allows attackers to spoof a file type by using the .desktop file extension, as demonstrated by an attack in which a .desktop file's Name field ends in .pdf but this file's Exec field launches a malicious \"sh -c\" command. In other words, Nautilus provides no UI indication that a file actually has the potentially unsafe .desktop extension; instead, the UI only shows the .pdf extension. One (slightly) mitigating factor is that an attack requires the .desktop file to have execute permission. The solution is to ask the user to confirm that the file is supposed to be treated as a .desktop file, and then remember the user's answer in the metadata::trusted field.",Released
20170922,CVE-2017-14634,5.3,6.5,1059911,libsndfile,https://www.suse.com/security/cve/CVE-2017-14634,"In libsndfile 1.0.28, a divide-by-zero error exists in the function double64_init() in double64.c, which may lead to DoS when playing a crafted audio file.",Released
20170922,CVE-2017-7544,3.3,9.1,1059893,libexif,https://www.suse.com/security/cve/CVE-2017-7544,"libexif through 0.6.21 is vulnerable to out-of-bounds heap read vulnerability in exif_data_save_data_entry function in libexif/exif-data.c caused by improper length computation of the allocated data of an ExifMnote entry which can cause denial-of-service or possibly information disclosure.",Released
20170925,CVE-2017-14649,5.3,5.5,1060162,ImageMagick,https://www.suse.com/security/cve/CVE-2017-14649,"ReadOneJNGImage in coders/png.c in GraphicsMagick version 1.3.26 does not properly validate JNG data, leading to a denial of service (assertion failure in magick/pixel_cache.c, and application crash).",Released
20170926,CVE-2017-14491,6.5,9.8,1060354,dnsmasq,https://www.suse.com/security/cve/CVE-2017-14491,"Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response.",Released
20170926,CVE-2017-14492,5.4,9.8,1060355,dnsmasq,https://www.suse.com/security/cve/CVE-2017-14492,"Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted IPv6 router advertisement request.",Released
20170926,CVE-2017-14493,5.4,9.8,1060360,dnsmasq,https://www.suse.com/security/cve/CVE-2017-14493,"Stack-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DHCPv6 request.",Released
20170926,CVE-2017-14494,4.3,5.9,1060360,dnsmasq,https://www.suse.com/security/cve/CVE-2017-14494,"dnsmasq before 2.78, when configured as a relay, allows remote attackers to obtain sensitive memory information via vectors involving handling DHCPv6 forwarded requests.",Released
20170926,CVE-2017-14495,7.5,7.5,1060360,dnsmasq,https://www.suse.com/security/cve/CVE-2017-14495,"Memory leak in dnsmasq before 2.78, when the --add-mac, --add-cpe-id or --add-subnet option is specified, allows remote attackers to cause a denial of service (memory consumption) via vectors involving DNS response creation.",Released
20170926,CVE-2017-14496,,7.5,1060360,dnsmasq,https://www.suse.com/security/cve/CVE-2017-14496,"Integer underflow in the add_pseudoheader function in dnsmasq before 2.78 , when the --add-mac, --add-cpe-id or --add-subnet option is specified, allows remote attackers to cause a denial of service via a crafted DNS request.",Released
20170926,CVE-2017-14741,,6.5,1060381,ImageMagick,https://www.suse.com/security/cve/CVE-2017-14741,"The ReadCAPTIONImage function in coders/caption.c in ImageMagick 7.0.7-3 allows remote attackers to cause a denial of service (infinite loop) via a crafted font file.",Ignore
20170927,CVE-2017-14733,5.3,6.5,1060577,ImageMagick,https://www.suse.com/security/cve/CVE-2017-14733,"ReadRLEImage in coders/rle.c in GraphicsMagick 1.3.26 mishandles RLE headers that specify too few colors, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file.",Released
20170928,CVE-2017-12166,10,9.8,1060877,openvpn,https://www.suse.com/security/cve/CVE-2017-12166,"OpenVPN versions before 2.3.3 and 2.4.x before 2.4.4 are vulnerable to a buffer overflow vulnerability when key-method 1 is used, possibly resulting in code execution.",Released
20170928,CVE-2017-14849,,7.5,1060820,firefox-atk,https://www.suse.com/security/cve/CVE-2017-14849,"Node.js 8.5.0 before 8.6.0 allows remote attackers to access unintended files, because a change to \"..\" handling was incompatible with the pathname validation used by unspecified community modules.",Released
20170928,CVE-2017-14849,,7.5,1060820,firefox-cairo,https://www.suse.com/security/cve/CVE-2017-14849,"Node.js 8.5.0 before 8.6.0 allows remote attackers to access unintended files, because a change to \"..\" handling was incompatible with the pathname validation used by unspecified community modules.",Released
20170928,CVE-2017-14849,,7.5,1060820,firefox-gcc8,https://www.suse.com/security/cve/CVE-2017-14849,"Node.js 8.5.0 before 8.6.0 allows remote attackers to access unintended files, because a change to \"..\" handling was incompatible with the pathname validation used by unspecified community modules.",Released
20170928,CVE-2017-14849,,7.5,1060820,firefox-gdk-pixbuf,https://www.suse.com/security/cve/CVE-2017-14849,"Node.js 8.5.0 before 8.6.0 allows remote attackers to access unintended files, because a change to \"..\" handling was incompatible with the pathname validation used by unspecified community modules.",Released
20170928,CVE-2017-14849,,7.5,1060820,firefox-glib2,https://www.suse.com/security/cve/CVE-2017-14849,"Node.js 8.5.0 before 8.6.0 allows remote attackers to access unintended files, because a change to \"..\" handling was incompatible with the pathname validation used by unspecified community modules.",Released
20170928,CVE-2017-14849,,7.5,1060820,firefox-gtk3,https://www.suse.com/security/cve/CVE-2017-14849,"Node.js 8.5.0 before 8.6.0 allows remote attackers to access unintended files, because a change to \"..\" handling was incompatible with the pathname validation used by unspecified community modules.",Released
20170928,CVE-2017-14849,,7.5,1060820,firefox-harfbuzz,https://www.suse.com/security/cve/CVE-2017-14849,"Node.js 8.5.0 before 8.6.0 allows remote attackers to access unintended files, because a change to \"..\" handling was incompatible with the pathname validation used by unspecified community modules.",Released
20170928,CVE-2017-14849,,7.5,1060820,firefox-libffi-gcc5,https://www.suse.com/security/cve/CVE-2017-14849,"Node.js 8.5.0 before 8.6.0 allows remote attackers to access unintended files, because a change to \"..\" handling was incompatible with the pathname validation used by unspecified community modules.",Released
20170928,CVE-2017-14849,,7.5,1060820,firefox-libffi,https://www.suse.com/security/cve/CVE-2017-14849,"Node.js 8.5.0 before 8.6.0 allows remote attackers to access unintended files, because a change to \"..\" handling was incompatible with the pathname validation used by unspecified community modules.",Released
20170928,CVE-2017-14849,,7.5,1060820,firefox-pango,https://www.suse.com/security/cve/CVE-2017-14849,"Node.js 8.5.0 before 8.6.0 allows remote attackers to access unintended files, because a change to \"..\" handling was incompatible with the pathname validation used by unspecified community modules.",Released
20170929,CVE-2017-14862,,5.5,1060996,exiv2,https://www.suse.com/security/cve/CVE-2017-14862,"An Invalid memory address dereference was discovered in Exiv2::DataValue::read in value.cpp in Exiv2 0.26. The vulnerability causes a segmentation fault and application crash, which leads to denial of service.",Ignore
20170929,CVE-2017-14864,,5.5,1060995,exiv2,https://www.suse.com/security/cve/CVE-2017-14864,"An Invalid memory address dereference was discovered in Exiv2::getULong in types.cpp in Exiv2 0.26. The vulnerability causes a segmentation fault and application crash, which leads to denial of service.",Ignore
20171002,CVE-2017-14930,5.3,5.5,1061223,binutils,https://www.suse.com/security/cve/CVE-2017-14930,"Memory leak in decode_line_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file.",Ignore
20171002,CVE-2017-14932,5.3,5.5,1061224,binutils,https://www.suse.com/security/cve/CVE-2017-14932,"decode_line_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (infinite loop) via a crafted ELF file.",Ignore
20171002,CVE-2017-14933,5.3,5.5,1061225,binutils,https://www.suse.com/security/cve/CVE-2017-14933,"read_formatted_entries in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (infinite loop) via a crafted ELF file.",Ignore
20171002,CVE-2017-14934,5.3,5.5,1061227,binutils,https://www.suse.com/security/cve/CVE-2017-14934,"process_debug_info in dwarf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (infinite loop) via a crafted ELF file that contains a negative size value in a CU structure.",Ignore
20171002,CVE-2017-14940,5.3,5.5,1061234,binutils,https://www.suse.com/security/cve/CVE-2017-14940,"scan_unit_for_symbols in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ELF file.",Ignore
20171002,CVE-2017-14954,5.3,5.5,1061284,kernel-source,https://www.suse.com/security/cve/CVE-2017-14954,"The waitid implementation in kernel/exit.c in the Linux kernel through 4.13.4 accesses rusage data structures in unintended cases, which allows local users to obtain sensitive information, and bypass the KASLR protection mechanism, via a crafted system call.",Analysis
20171002,CVE-2017-14974,5.3,5.5,1061241,binutils,https://www.suse.com/security/cve/CVE-2017-14974,"The *_get_synthetic_symtab functions in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandle the failure of a certain canonicalization step, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ELF file, related to elf32-i386.c and elf64-x86-64.c.",Ignore
20171002,CVE-2017-14977,5.3,7.5,1061265,poppler,https://www.suse.com/security/cve/CVE-2017-14977,"The FoFiTrueType::getCFFBlock function in FoFiTrueType.cc in Poppler 0.59.0 has a NULL pointer dereference vulnerability due to lack of validation of a table pointer, which allows an attacker to launch a denial of service attack.",Released
20171002,CVE-2017-14988,5.3,5.5,1061305,OpenEXR,https://www.suse.com/security/cve/CVE-2017-14988,"** DISPUTED ** Header::readfrom in IlmImf/ImfHeader.cpp in OpenEXR 2.2.0 allows remote attackers to cause a denial of service (excessive memory allocation) via a crafted file that is accessed with the ImfOpenInputFile function in IlmImf/ImfCRgbaFile.cpp. NOTE: The maintainer and multiple third parties believe that this vulnerability isn't valid.",Released
20171004,CVE-2017-14994,5.3,6.5,1061587,ImageMagick,https://www.suse.com/security/cve/CVE-2017-14994,"ReadDCMImage in coders/dcm.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted DICOM image, related to the ability of DCM_ReadNonNativeImages to yield an image list with zero frames.",Affected
20171004,CVE-2017-15020,5.3,7.8,1061606,binutils,https://www.suse.com/security/cve/CVE-2017-15020,"dwarf1.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandles pointers, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted ELF file, related to parse_die and parse_line_table, as demonstrated by a parse_die heap-based buffer over-read.",Ignore
20171004,CVE-2017-15021,5.3,5.5,1061619,binutils,https://www.suse.com/security/cve/CVE-2017-15021,"bfd_get_debug_link_info_1 in opncls.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file, related to bfd_getl32.",Ignore
20171004,CVE-2017-15022,5.3,5.5,1061621,binutils,https://www.suse.com/security/cve/CVE-2017-15022,"dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, does not validate the DW_AT_name data type, which allows remote attackers to cause a denial of service (bfd_hash_hash NULL pointer dereference, or out-of-bounds access, and application crash) via a crafted ELF file, related to scan_unit_for_symbols and parse_comp_unit.",Ignore
20171004,CVE-2017-15024,5.3,5.5,1061626,binutils,https://www.suse.com/security/cve/CVE-2017-15024,"find_abstract_instance_name in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (infinite recursion and application crash) via a crafted ELF file.",Ignore
20171004,CVE-2017-15025,5.3,5.5,1061630,binutils,https://www.suse.com/security/cve/CVE-2017-15025,"decode_line_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted ELF file.",Ignore
20171005,CVE-2017-1000254,3.7,7.5,1061876,curl,https://www.suse.com/security/cve/CVE-2017-1000254,"libcurl may read outside of a heap allocated buffer when doing FTP. When libcurl connects to an FTP server and successfully logs in (anonymous or not), it asks the server for the current directory with the `PWD` command. The server then responds with a 257 response containing the path, inside double quotes. The returned path name is then kept by libcurl for subsequent uses. Due to a flaw in the string parser for this directory name, a directory name passed like this but without a closing double quote would lead to libcurl not adding a trailing NUL byte to the buffer holding the name. When libcurl would then later access the string, it could read beyond the allocated heap buffer and crash or wrongly access data beyond the buffer, thinking it was part of the path. A malicious server could abuse this fact and effectively prevent libcurl-based clients to work with it - the PWD command is always issued on new FTP connections and the mistake has a high chance of causing a segfault. The simple fact that this has issue remained undiscovered for this long could suggest that malformed PWD responses are rare in benign servers. We are not aware of any exploit of this flaw. This bug was introduced in commit [415d2e7cb7](https://github.com/curl/curl/commit/415d2e7cb7), March 2005. In libcurl version 7.56.0, the parser always zero terminates the string but also rejects it if not terminated properly with a final double quote.",Released
20171005,CVE-2017-15033,5.3,7.5,1061873,ImageMagick,https://www.suse.com/security/cve/CVE-2017-15033,"ImageMagick version 7.0.7-2 contains a memory leak in ReadYUVImage in coders/yuv.c.",Released
20171006,CVE-2017-14919,,7.5,1059050,binutils,https://www.suse.com/security/cve/CVE-2017-14919,"Node.js before 4.8.5, 6.x before 6.11.5, and 8.x before 8.8.0 allows remote attackers to cause a denial of service (uncaught exception and crash) by leveraging a change in the zlib module 1.2.9 making 8 an invalid value for the windowBits parameter.",Ignore
20171006,CVE-2017-14919,,7.5,1059050,firefox-atk,https://www.suse.com/security/cve/CVE-2017-14919,"Node.js before 4.8.5, 6.x before 6.11.5, and 8.x before 8.8.0 allows remote attackers to cause a denial of service (uncaught exception and crash) by leveraging a change in the zlib module 1.2.9 making 8 an invalid value for the windowBits parameter.",Released
20171006,CVE-2017-14919,,7.5,1059050,firefox-cairo,https://www.suse.com/security/cve/CVE-2017-14919,"Node.js before 4.8.5, 6.x before 6.11.5, and 8.x before 8.8.0 allows remote attackers to cause a denial of service (uncaught exception and crash) by leveraging a change in the zlib module 1.2.9 making 8 an invalid value for the windowBits parameter.",Released
20171006,CVE-2017-14919,,7.5,1059050,firefox-gcc8,https://www.suse.com/security/cve/CVE-2017-14919,"Node.js before 4.8.5, 6.x before 6.11.5, and 8.x before 8.8.0 allows remote attackers to cause a denial of service (uncaught exception and crash) by leveraging a change in the zlib module 1.2.9 making 8 an invalid value for the windowBits parameter.",Released
20171006,CVE-2017-14919,,7.5,1059050,firefox-gdk-pixbuf,https://www.suse.com/security/cve/CVE-2017-14919,"Node.js before 4.8.5, 6.x before 6.11.5, and 8.x before 8.8.0 allows remote attackers to cause a denial of service (uncaught exception and crash) by leveraging a change in the zlib module 1.2.9 making 8 an invalid value for the windowBits parameter.",Released
20171006,CVE-2017-14919,,7.5,1059050,firefox-glib2,https://www.suse.com/security/cve/CVE-2017-14919,"Node.js before 4.8.5, 6.x before 6.11.5, and 8.x before 8.8.0 allows remote attackers to cause a denial of service (uncaught exception and crash) by leveraging a change in the zlib module 1.2.9 making 8 an invalid value for the windowBits parameter.",Released
20171006,CVE-2017-14919,,7.5,1059050,firefox-gtk3,https://www.suse.com/security/cve/CVE-2017-14919,"Node.js before 4.8.5, 6.x before 6.11.5, and 8.x before 8.8.0 allows remote attackers to cause a denial of service (uncaught exception and crash) by leveraging a change in the zlib module 1.2.9 making 8 an invalid value for the windowBits parameter.",Released
20171006,CVE-2017-14919,,7.5,1059050,firefox-harfbuzz,https://www.suse.com/security/cve/CVE-2017-14919,"Node.js before 4.8.5, 6.x before 6.11.5, and 8.x before 8.8.0 allows remote attackers to cause a denial of service (uncaught exception and crash) by leveraging a change in the zlib module 1.2.9 making 8 an invalid value for the windowBits parameter.",Released
20171006,CVE-2017-14919,,7.5,1059050,firefox-libffi-gcc5,https://www.suse.com/security/cve/CVE-2017-14919,"Node.js before 4.8.5, 6.x before 6.11.5, and 8.x before 8.8.0 allows remote attackers to cause a denial of service (uncaught exception and crash) by leveraging a change in the zlib module 1.2.9 making 8 an invalid value for the windowBits parameter.",Released
20171006,CVE-2017-14919,,7.5,1059050,firefox-libffi,https://www.suse.com/security/cve/CVE-2017-14919,"Node.js before 4.8.5, 6.x before 6.11.5, and 8.x before 8.8.0 allows remote attackers to cause a denial of service (uncaught exception and crash) by leveraging a change in the zlib module 1.2.9 making 8 an invalid value for the windowBits parameter.",Released
20171006,CVE-2017-14919,,7.5,1059050,firefox-pango,https://www.suse.com/security/cve/CVE-2017-14919,"Node.js before 4.8.5, 6.x before 6.11.5, and 8.x before 8.8.0 allows remote attackers to cause a denial of service (uncaught exception and crash) by leveraging a change in the zlib module 1.2.9 making 8 an invalid value for the windowBits parameter.",Released
20171006,CVE-2017-15038,3,5.6,1062069,kvm,https://www.suse.com/security/cve/CVE-2017-15038,"Race condition in the v9fs_xattrwalk function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS users to obtain sensitive information from host heap memory via vectors related to reading extended attributes.",Released
20171010,CVE-2014-8184,7.8,7.8,1056088,liblouis,https://www.suse.com/security/cve/CVE-2014-8184,"A vulnerability was found in liblouis, versions 2.5.x before 2.5.4. A stack-based buffer overflow was found in findTable() in liblouis. An attacker could create a malicious file that would cause applications that use liblouis (such as Orca) to crash, or potentially execute arbitrary code when opened.",Released
20171010,CVE-2017-12190,6.2,6.5,1062568,kernel-source,https://www.suse.com/security/cve/CVE-2017-12190,"The bio_map_user_iov and bio_unmap_user functions in block/bio.c in the Linux kernel before 4.13.8 do unbalanced refcounting when a SCSI I/O vector has small consecutive buffers belonging to the same page. The bio_add_pc_page function merges them into one, but the page reference is never dropped. This causes a memory leak and possible system lockup (exploitable against the host OS by a guest OS user, if a SCSI disk is passed through to a virtual machine) due to an out-of-memory condition.",Released
20171010,CVE-2017-13084,8.1,6.8,1056061,kernel-source,https://www.suse.com/security/cve/CVE-2017-13084,"Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Station-To-Station-Link (STSL) Transient Key (STK) during the PeerKey handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames.",Released
20171010,CVE-2017-13084,8.1,6.8,1056061,wpa_supplicant,https://www.suse.com/security/cve/CVE-2017-13084,"Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Station-To-Station-Link (STSL) Transient Key (STK) during the PeerKey handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames.",Released
20171010,CVE-2017-13086,8.1,6.8,1056061,kernel-source,https://www.suse.com/security/cve/CVE-2017-13086,"Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Tunneled Direct-Link Setup (TDLS) Peer Key (TPK) during the TDLS handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames.",Released
20171010,CVE-2017-13086,8.1,6.8,1056061,wpa_supplicant,https://www.suse.com/security/cve/CVE-2017-13086,"Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Tunneled Direct-Link Setup (TDLS) Peer Key (TPK) during the TDLS handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames.",Released
20171010,CVE-2017-13087,8.1,5.3,1056061,kernel-source,https://www.suse.com/security/cve/CVE-2017-13087,"Wi-Fi Protected Access (WPA and WPA2) that support 802.11v allows reinstallation of the Group Temporal Key (GTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame, allowing an attacker within radio range to replay frames from access points to clients.",Released
20171010,CVE-2017-13087,8.1,5.3,1056061,wpa_supplicant,https://www.suse.com/security/cve/CVE-2017-13087,"Wi-Fi Protected Access (WPA and WPA2) that support 802.11v allows reinstallation of the Group Temporal Key (GTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame, allowing an attacker within radio range to replay frames from access points to clients.",Released
20171010,CVE-2017-13088,8.1,5.3,1056061,kernel-source,https://www.suse.com/security/cve/CVE-2017-13088,"Wi-Fi Protected Access (WPA and WPA2) that support 802.11v allows reinstallation of the Integrity Group Temporal Key (IGTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame, allowing an attacker within radio range to replay frames from access points to clients.",Released
20171010,CVE-2017-13088,8.1,5.3,1056061,wpa_supplicant,https://www.suse.com/security/cve/CVE-2017-13088,"Wi-Fi Protected Access (WPA and WPA2) that support 802.11v allows reinstallation of the Integrity Group Temporal Key (IGTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame, allowing an attacker within radio range to replay frames from access points to clients.",Released
20171010,CVE-2017-15189,7.5,7.5,1062645,libsmi,https://www.suse.com/security/cve/CVE-2017-15189,"In Wireshark 2.4.0 to 2.4.1, the DOCSIS dissector could go into an infinite loop. This was addressed in plugins/docsis/packet-docsis.c by adding decrements.",Released
20171010,CVE-2017-15189,7.5,7.5,1062645,portaudio,https://www.suse.com/security/cve/CVE-2017-15189,"In Wireshark 2.4.0 to 2.4.1, the DOCSIS dissector could go into an infinite loop. This was addressed in plugins/docsis/packet-docsis.c by adding decrements.",Released
20171010,CVE-2017-15189,7.5,7.5,1062645,wireshark,https://www.suse.com/security/cve/CVE-2017-15189,"In Wireshark 2.4.0 to 2.4.1, the DOCSIS dissector could go into an infinite loop. This was addressed in plugins/docsis/packet-docsis.c by adding decrements.",Released
20171010,CVE-2017-15190,7.5,7.5,1062645,libsmi,https://www.suse.com/security/cve/CVE-2017-15190,"In Wireshark 2.4.0 to 2.4.1, the RTSP dissector could crash. This was addressed in epan/dissectors/packet-rtsp.c by correcting the scope of a variable.",Released
20171010,CVE-2017-15190,7.5,7.5,1062645,portaudio,https://www.suse.com/security/cve/CVE-2017-15190,"In Wireshark 2.4.0 to 2.4.1, the RTSP dissector could crash. This was addressed in epan/dissectors/packet-rtsp.c by correcting the scope of a variable.",Released
20171010,CVE-2017-15190,7.5,7.5,1062645,wireshark,https://www.suse.com/security/cve/CVE-2017-15190,"In Wireshark 2.4.0 to 2.4.1, the RTSP dissector could crash. This was addressed in epan/dissectors/packet-rtsp.c by correcting the scope of a variable.",Released
20171010,CVE-2017-15191,7.5,7.5,1062645,libsmi,https://www.suse.com/security/cve/CVE-2017-15191,"In Wireshark 2.4.0 to 2.4.1, 2.2.0 to 2.2.9, and 2.0.0 to 2.0.15, the DMP dissector could crash. This was addressed in epan/dissectors/packet-dmp.c by validating a string length.",Released
20171010,CVE-2017-15191,7.5,7.5,1062645,portaudio,https://www.suse.com/security/cve/CVE-2017-15191,"In Wireshark 2.4.0 to 2.4.1, 2.2.0 to 2.2.9, and 2.0.0 to 2.0.15, the DMP dissector could crash. This was addressed in epan/dissectors/packet-dmp.c by validating a string length.",Released
20171010,CVE-2017-15191,7.5,7.5,1062645,wireshark,https://www.suse.com/security/cve/CVE-2017-15191,"In Wireshark 2.4.0 to 2.4.1, 2.2.0 to 2.2.9, and 2.0.0 to 2.0.15, the DMP dissector could crash. This was addressed in epan/dissectors/packet-dmp.c by validating a string length.",Released
20171010,CVE-2017-15192,7.5,7.5,1062645,libsmi,https://www.suse.com/security/cve/CVE-2017-15192,"In Wireshark 2.4.0 to 2.4.1 and 2.2.0 to 2.2.9, the BT ATT dissector could crash. This was addressed in epan/dissectors/packet-btatt.c by considering a case where not all of the BTATT packets have the same encapsulation level.",Released
20171010,CVE-2017-15192,7.5,7.5,1062645,portaudio,https://www.suse.com/security/cve/CVE-2017-15192,"In Wireshark 2.4.0 to 2.4.1 and 2.2.0 to 2.2.9, the BT ATT dissector could crash. This was addressed in epan/dissectors/packet-btatt.c by considering a case where not all of the BTATT packets have the same encapsulation level.",Released
20171010,CVE-2017-15192,7.5,7.5,1062645,wireshark,https://www.suse.com/security/cve/CVE-2017-15192,"In Wireshark 2.4.0 to 2.4.1 and 2.2.0 to 2.2.9, the BT ATT dissector could crash. This was addressed in epan/dissectors/packet-btatt.c by considering a case where not all of the BTATT packets have the same encapsulation level.",Released
20171010,CVE-2017-15193,7.5,7.5,1062645,libsmi,https://www.suse.com/security/cve/CVE-2017-15193,"In Wireshark 2.4.0 to 2.4.1 and 2.2.0 to 2.2.9, the MBIM dissector could crash or exhaust system memory. This was addressed in epan/dissectors/packet-mbim.c by changing the memory-allocation approach.",Released
20171010,CVE-2017-15193,7.5,7.5,1062645,portaudio,https://www.suse.com/security/cve/CVE-2017-15193,"In Wireshark 2.4.0 to 2.4.1 and 2.2.0 to 2.2.9, the MBIM dissector could crash or exhaust system memory. This was addressed in epan/dissectors/packet-mbim.c by changing the memory-allocation approach.",Released
20171010,CVE-2017-15193,7.5,7.5,1062645,wireshark,https://www.suse.com/security/cve/CVE-2017-15193,"In Wireshark 2.4.0 to 2.4.1 and 2.2.0 to 2.2.9, the MBIM dissector could crash or exhaust system memory. This was addressed in epan/dissectors/packet-mbim.c by changing the memory-allocation approach.",Released
20171011,CVE-2017-12192,5.5,5.5,1062840,kernel-source,https://www.suse.com/security/cve/CVE-2017-12192,"The keyctl_read_key function in security/keys/keyctl.c in the Key Management subcomponent in the Linux kernel before 4.13.5 does not properly consider that a key may be possessed but negatively instantiated, which allows local users to cause a denial of service (OOPS and system crash) via a crafted KEYCTL_READ operation.",Released
20171011,CVE-2017-14798,7.8,7,1062722,postgresql-init,https://www.suse.com/security/cve/CVE-2017-14798,"A race condition in the postgresql init script could be used by attackers able to access the postgresql account to escalate their privileges to root.",Released
20171011,CVE-2017-15218,5.3,6.5,1047910,ImageMagick,https://www.suse.com/security/cve/CVE-2017-15218,"ImageMagick 7.0.7-2 has a memory leak in ReadOneJNGImage in coders/png.c.",Released
20171011,CVE-2017-15225,5.3,5.5,1062830,binutils,https://www.suse.com/security/cve/CVE-2017-15225,"_bfd_dwarf2_cleanup_debug_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (memory leak) via a crafted ELF file.",Ignore
20171011,CVE-2017-15265,5.5,7,1062520,kernel-source,https://www.suse.com/security/cve/CVE-2017-15265,"Race condition in the ALSA subsystem in the Linux kernel before 4.13.8 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted /dev/snd/seq ioctl calls, related to sound/core/seq/seq_clientmgr.c and sound/core/seq/seq_ports.c.",Released
20171012,CVE-2017-12176,5,9.8,1063041,xorg-x11-server,https://www.suse.com/security/cve/CVE-2017-12176,"xorg-x11-server before 1.19.5 was missing extra length validation in ProcEstablishConnection function allowing malicious X client to cause X server to crash or possibly execute arbitrary code.",Released
20171012,CVE-2017-12177,5.6,9.8,1063040,xorg-x11-server,https://www.suse.com/security/cve/CVE-2017-12177,"xorg-x11-server before 1.19.5 was vulnerable to integer overflow in ProcDbeGetVisualInfo function allowing malicious X client to cause X server to crash or possibly execute arbitrary code.",Released
20171012,CVE-2017-12178,5,9.8,1063039,xorg-x11-server,https://www.suse.com/security/cve/CVE-2017-12178,"xorg-x11-server before 1.19.5 had wrong extra length check in ProcXIChangeHierarchy function allowing malicious X client to cause X server to crash or possibly execute arbitrary code.",Released
20171012,CVE-2017-12179,5,9.8,1063038,xorg-x11-server,https://www.suse.com/security/cve/CVE-2017-12179,"xorg-x11-server before 1.19.5 was vulnerable to integer overflow in (S)ProcXIBarrierReleasePointer functions allowing malicious X client to cause X server to crash or possibly execute arbitrary code.",Released
20171012,CVE-2017-12180,5,9.8,1063037,xorg-x11-server,https://www.suse.com/security/cve/CVE-2017-12180,"xorg-x11-server before 1.19.5 was missing length validation in XFree86 VidModeExtension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.",Released
20171012,CVE-2017-12181,5,9.8,1063037,xorg-x11-server,https://www.suse.com/security/cve/CVE-2017-12181,"xorg-x11-server before 1.19.5 was missing length validation in XFree86 DGA extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.",Released
20171012,CVE-2017-12182,5,9.8,1063037,xorg-x11-server,https://www.suse.com/security/cve/CVE-2017-12182,"xorg-x11-server before 1.19.5 was missing length validation in XFree86 DRI extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.",Released
20171012,CVE-2017-12183,5,9.8,1063035,xorg-x11-server,https://www.suse.com/security/cve/CVE-2017-12183,"xorg-x11-server before 1.19.5 was missing length validation in XFIXES extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.",Released
20171012,CVE-2017-12184,5,9.8,1063034,xorg-x11-server,https://www.suse.com/security/cve/CVE-2017-12184,"xorg-x11-server before 1.19.5 was missing length validation in XINERAMA extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.",Released
20171012,CVE-2017-12185,5,9.8,1063034,xorg-x11-server,https://www.suse.com/security/cve/CVE-2017-12185,"xorg-x11-server before 1.19.5 was missing length validation in MIT-SCREEN-SAVER extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.",Released
20171012,CVE-2017-12186,5,9.8,1063034,xorg-x11-server,https://www.suse.com/security/cve/CVE-2017-12186,"xorg-x11-server before 1.19.5 was missing length validation in X-Resource extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.",Released
20171012,CVE-2017-12187,5,9.8,1063034,xorg-x11-server,https://www.suse.com/security/cve/CVE-2017-12187,"xorg-x11-server before 1.19.5 was missing length validation in RENDER extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.",Released
20171012,CVE-2017-15232,5.3,6.5,1062937,jpeg,https://www.suse.com/security/cve/CVE-2017-15232,"libjpeg-turbo 1.5.2 has a NULL Pointer Dereference in jdpostct.c and jquant1.c via a crafted JPEG file.",Released
20171012,CVE-2017-15274,5.5,5.5,1045327,kernel-source,https://www.suse.com/security/cve/CVE-2017-15274,"security/keys/keyctl.c in the Linux kernel before 4.11.5 does not consider the case of a NULL payload in conjunction with a nonzero length value, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafted add_key or keyctl system call, a different vulnerability than CVE-2017-12192.",Released
20171012,CVE-2017-15275,5.3,7.5,1063008,samba,https://www.suse.com/security/cve/CVE-2017-15275,"Samba before 4.7.3 might allow remote attackers to obtain sensitive information by leveraging failure of the server to clear allocated heap memory.",Released
20171012,CVE-2017-15277,5.3,6.5,1063050,ImageMagick,https://www.suse.com/security/cve/CVE-2017-15277,"ReadGIFImage in coders/gif.c in ImageMagick 7.0.6-1 and GraphicsMagick 1.3.26 leaves the palette uninitialized when processing a GIF file that has neither a global nor local palette. If the affected product is used as a library loaded into a process that operates on interesting data, this data sometimes can be leaked via the uninitialized palette.",Released
20171012,CVE-2017-15281,7.3,8.8,1063049,ImageMagick,https://www.suse.com/security/cve/CVE-2017-15281,"ReadPSDImage in coders/psd.c in ImageMagick 7.0.7-6 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to \"Conditional jump or move depends on uninitialised value(s).\"",Released
20171013,CVE-2017-1000256,,8.1,1062563,libvirt,https://www.suse.com/security/cve/CVE-2017-1000256,"libvirt version 2.3.0 and later is vulnerable to a bad default configuration of \"verify-peer=no\" passed to QEMU by libvirt resulting in a failure to validate SSL/TLS certificates by default.",Ignore
20171013,CVE-2017-15289,6,6,1063122,kvm,https://www.suse.com/security/cve/CVE-2017-15289,"The mode4and5 write functions in hw/display/cirrus_vga.c in Qemu allow local OS guest privileged users to cause a denial of service (out-of-bounds write access and Qemu process crash) via vectors related to dst calculation.",Released
20171013,CVE-2017-15289,6,6,1063122,xen,https://www.suse.com/security/cve/CVE-2017-15289,"The mode4and5 write functions in hw/display/cirrus_vga.c in Qemu allow local OS guest privileged users to cause a denial of service (out-of-bounds write access and Qemu process crash) via vectors related to dst calculation.",Affected
20171016,CVE-2017-15299,6.2,5.5,1063416,kernel-source,https://www.suse.com/security/cve/CVE-2017-15299,"The KEYS subsystem in the Linux kernel through 4.13.7 mishandles use of add_key for a key that already exists but is uninstantiated, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted system call.",Released
20171018,CVE-2017-10281,5.3,5.3,1064072,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2017-10281,"Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).",Unsupported
20171018,CVE-2017-10285,8.8,9.6,1064073,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2017-10285,"Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).",Released
20171018,CVE-2017-10293,6.1,6.1,1064074,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2017-10293,"Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Javadoc). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE accessible data as well as unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",Ignore
20171018,CVE-2017-10295,3.7,4,1064075,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2017-10295,"Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Java SE, Java SE Embedded, JRockit. While the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 4.0 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N).",Released
20171018,CVE-2017-10345,3.1,3.1,1064077,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2017-10345,"Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.1 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L).",Released
20171018,CVE-2017-10346,8.8,9.6,1064078,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2017-10346,"Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).",Released
20171018,CVE-2017-10347,5.3,5.3,1064079,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2017-10347,"Vulnerability in the Java SE, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, JRockit. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).",Released
20171018,CVE-2017-10355,5.3,5.3,1064083,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2017-10355,"Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).",Released
20171018,CVE-2017-10356,6.2,6.2,1064084,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2017-10356,"Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Java SE, Java SE Embedded, JRockit executes to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 6.2 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).",Released
20171018,CVE-2017-10357,5.3,5.3,1064085,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2017-10357,"Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).",Released
20171018,CVE-2017-10388,6.8,7.5,1064086,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2017-10388,"Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: Applies to the Java SE Kerberos client. CVSS 3.0 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H).",Released
20171018,CVE-2017-15386,,6.5,1064066,libxml2,https://www.suse.com/security/cve/CVE-2017-15386,"Incorrect implementation in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.",Released
20171018,CVE-2017-15386,,6.5,1064066,libxml2-python,https://www.suse.com/security/cve/CVE-2017-15386,"Incorrect implementation in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.",Released
20171018,CVE-2017-15387,,8.8,1064066,libxml2,https://www.suse.com/security/cve/CVE-2017-15387,"Insufficient enforcement of Content Security Policy in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to open javascript: URL windows when they should not be allowed to via a crafted HTML page.",Released
20171018,CVE-2017-15387,,8.8,1064066,libxml2-python,https://www.suse.com/security/cve/CVE-2017-15387,"Insufficient enforcement of Content Security Policy in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to open javascript: URL windows when they should not be allowed to via a crafted HTML page.",Released
20171018,CVE-2017-15388,,8.8,1064066,libxml2,https://www.suse.com/security/cve/CVE-2017-15388,"Iteration through non-finite points in Skia in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.",Released
20171018,CVE-2017-15388,,8.8,1064066,libxml2-python,https://www.suse.com/security/cve/CVE-2017-15388,"Iteration through non-finite points in Skia in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.",Released
20171018,CVE-2017-15389,,6.5,1064066,libxml2,https://www.suse.com/security/cve/CVE-2017-15389,"An insufficient watchdog timer in navigation in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.",Released
20171018,CVE-2017-15389,,6.5,1064066,libxml2-python,https://www.suse.com/security/cve/CVE-2017-15389,"An insufficient watchdog timer in navigation in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.",Released
20171018,CVE-2017-15390,,6.5,1064066,libxml2,https://www.suse.com/security/cve/CVE-2017-15390,"Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name.",Released
20171018,CVE-2017-15390,,6.5,1064066,libxml2-python,https://www.suse.com/security/cve/CVE-2017-15390,"Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name.",Released
20171018,CVE-2017-15391,,6.5,1064066,libxml2,https://www.suse.com/security/cve/CVE-2017-15391,"Insufficient Policy Enforcement in Extensions in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to access Extension pages without authorisation via a crafted HTML page.",Released
20171018,CVE-2017-15391,,6.5,1064066,libxml2-python,https://www.suse.com/security/cve/CVE-2017-15391,"Insufficient Policy Enforcement in Extensions in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to access Extension pages without authorisation via a crafted HTML page.",Released
20171018,CVE-2017-15392,,4.3,1064066,libxml2,https://www.suse.com/security/cve/CVE-2017-15392,"Insufficient data validation in V8 in Google Chrome prior to 62.0.3202.62 allowed an attacker who can write to the Windows Registry to potentially exploit heap corruption via a crafted Windows Registry entry, related to PlatformIntegration.",Released
20171018,CVE-2017-15392,,4.3,1064066,libxml2-python,https://www.suse.com/security/cve/CVE-2017-15392,"Insufficient data validation in V8 in Google Chrome prior to 62.0.3202.62 allowed an attacker who can write to the Windows Registry to potentially exploit heap corruption via a crafted Windows Registry entry, related to PlatformIntegration.",Released
20171018,CVE-2017-15393,,8.8,1064066,libxml2,https://www.suse.com/security/cve/CVE-2017-15393,"Insufficient Policy Enforcement in Devtools remote debugging in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to obtain access to remote debugging functionality via a crafted HTML page, aka a Referer leak.",Released
20171018,CVE-2017-15393,,8.8,1064066,libxml2-python,https://www.suse.com/security/cve/CVE-2017-15393,"Insufficient Policy Enforcement in Devtools remote debugging in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to obtain access to remote debugging functionality via a crafted HTML page, aka a Referer leak.",Released
20171018,CVE-2017-15394,,6.5,1064066,libxml2,https://www.suse.com/security/cve/CVE-2017-15394,"Insufficient Policy Enforcement in Extensions in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to perform domain spoofing in permission dialogs via IDN homographs in a crafted Chrome Extension.",Released
20171018,CVE-2017-15394,,6.5,1064066,libxml2-python,https://www.suse.com/security/cve/CVE-2017-15394,"Insufficient Policy Enforcement in Extensions in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to perform domain spoofing in permission dialogs via IDN homographs in a crafted Chrome Extension.",Released
20171018,CVE-2017-15395,,6.5,1064066,libxml2,https://www.suse.com/security/cve/CVE-2017-15395,"A use after free in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page, aka an ImageCapture NULL pointer dereference.",Released
20171018,CVE-2017-15395,,6.5,1064066,libxml2-python,https://www.suse.com/security/cve/CVE-2017-15395,"A use after free in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page, aka an ImageCapture NULL pointer dereference.",Released
20171018,CVE-2017-15588,8.1,7.8,1061082,xen,https://www.suse.com/security/cve/CVE-2017-15588,"An issue was discovered in Xen through 4.9.x allowing x86 PV guest OS users to execute arbitrary code on the host OS because of a race condition that can cause a stale TLB entry.",Released
20171018,CVE-2017-15589,3.2,6.5,1061080,xen,https://www.suse.com/security/cve/CVE-2017-15589,"An issue was discovered in Xen through 4.9.x allowing x86 HVM guest OS users to obtain sensitive information from the host OS (or an arbitrary guest OS) because intercepted I/O operations can cause a write of data from uninitialized hypervisor stack memory.",Released
20171018,CVE-2017-15590,8.1,8.8,1061076,xen,https://www.suse.com/security/cve/CVE-2017-15590,"An issue was discovered in Xen through 4.9.x allowing x86 guest OS users to cause a denial of service (hypervisor crash) or possibly gain privileges because MSI mapping was mishandled.",Released
20171018,CVE-2017-15592,8.1,8.8,1061086,xen,https://www.suse.com/security/cve/CVE-2017-15592,"An issue was discovered in Xen through 4.9.x allowing x86 HVM guest OS users to cause a denial of service (hypervisor crash) or possibly gain privileges because self-linear shadow mappings are mishandled for translated guests.",Released
20171018,CVE-2017-15593,5.9,6.5,1061084,xen,https://www.suse.com/security/cve/CVE-2017-15593,"An issue was discovered in Xen through 4.9.x allowing x86 PV guest OS users to cause a denial of service (memory leak) because reference counts are mishandled.",Released
20171018,CVE-2017-15594,8.1,8.8,1061087,xen,https://www.suse.com/security/cve/CVE-2017-15594,"An issue was discovered in Xen through 4.9.x allowing x86 SVM PV guest OS users to cause a denial of service (hypervisor crash) or gain privileges because IDT settings are mishandled during CPU hotplugging.",Released
20171018,CVE-2017-15595,8.1,8.8,1061081,xen,https://www.suse.com/security/cve/CVE-2017-15595,"An issue was discovered in Xen through 4.9.x allowing x86 PV guest OS users to cause a denial of service (unbounded recursion, stack consumption, and hypervisor crash) or possibly gain privileges via crafted page-table stacking.",Released
20171018,CVE-2017-15596,,6,1042882,xen,https://www.suse.com/security/cve/CVE-2017-15596,"An issue was discovered in Xen 4.4.x through 4.9.x allowing ARM guest OS users to cause a denial of service (prevent physical CPU usage) because of lock mishandling upon detection of an add-to-physmap error.",Ignore
20171018,CVE-2017-5124,,6.1,1064066,libxml2,https://www.suse.com/security/cve/CVE-2017-5124,"Incorrect application of sandboxing in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted MHTML page.",Released
20171018,CVE-2017-5124,,6.1,1064066,libxml2-python,https://www.suse.com/security/cve/CVE-2017-5124,"Incorrect application of sandboxing in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted MHTML page.",Released
20171018,CVE-2017-5125,,8.8,1064066,libxml2,https://www.suse.com/security/cve/CVE-2017-5125,"Heap buffer overflow in Skia in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",Released
20171018,CVE-2017-5125,,8.8,1064066,libxml2-python,https://www.suse.com/security/cve/CVE-2017-5125,"Heap buffer overflow in Skia in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",Released
20171018,CVE-2017-5126,,8.8,1064066,libxml2,https://www.suse.com/security/cve/CVE-2017-5126,"A use after free in PDFium in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.",Released
20171018,CVE-2017-5126,,8.8,1064066,libxml2-python,https://www.suse.com/security/cve/CVE-2017-5126,"A use after free in PDFium in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.",Released
20171018,CVE-2017-5127,,8.8,1064066,libxml2,https://www.suse.com/security/cve/CVE-2017-5127,"Use after free in PDFium in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.",Released
20171018,CVE-2017-5127,,8.8,1064066,libxml2-python,https://www.suse.com/security/cve/CVE-2017-5127,"Use after free in PDFium in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.",Released
20171018,CVE-2017-5128,,8.8,1064066,libxml2,https://www.suse.com/security/cve/CVE-2017-5128,"Heap buffer overflow in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page, related to WebGL.",Released
20171018,CVE-2017-5128,,8.8,1064066,libxml2-python,https://www.suse.com/security/cve/CVE-2017-5128,"Heap buffer overflow in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page, related to WebGL.",Released
20171018,CVE-2017-5129,,8.8,1064066,libxml2,https://www.suse.com/security/cve/CVE-2017-5129,"A use after free in WebAudio in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.",Released
20171018,CVE-2017-5129,,8.8,1064066,libxml2-python,https://www.suse.com/security/cve/CVE-2017-5129,"A use after free in WebAudio in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.",Released
20171018,CVE-2017-5130,8.8,8.8,1064066,libxml2,https://www.suse.com/security/cve/CVE-2017-5130,"An integer overflow in xmlmemory.c in libxml2 before 2.9.5, as used in Google Chrome prior to 62.0.3202.62 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted XML file.",Released
20171018,CVE-2017-5130,8.8,8.8,1064066,libxml2-python,https://www.suse.com/security/cve/CVE-2017-5130,"An integer overflow in xmlmemory.c in libxml2 before 2.9.5, as used in Google Chrome prior to 62.0.3202.62 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted XML file.",Released
20171018,CVE-2017-5131,,8.8,1064066,libxml2,https://www.suse.com/security/cve/CVE-2017-5131,"An integer overflow in Skia in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page, aka an out-of-bounds write.",Released
20171018,CVE-2017-5131,,8.8,1064066,libxml2-python,https://www.suse.com/security/cve/CVE-2017-5131,"An integer overflow in Skia in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page, aka an out-of-bounds write.",Released
20171018,CVE-2017-5132,,8.8,1064066,libxml2,https://www.suse.com/security/cve/CVE-2017-5132,"Inappropriate implementation in V8 in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page, aka incorrect WebAssembly stack manipulation.",Released
20171018,CVE-2017-5132,,8.8,1064066,libxml2-python,https://www.suse.com/security/cve/CVE-2017-5132,"Inappropriate implementation in V8 in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page, aka incorrect WebAssembly stack manipulation.",Released
20171018,CVE-2017-5133,,8.8,1064066,libxml2,https://www.suse.com/security/cve/CVE-2017-5133,"Off-by-one read/write on the heap in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to corrupt memory and possibly leak information and potentially execute code via a crafted PDF file.",Released
20171018,CVE-2017-5133,,8.8,1064066,libxml2-python,https://www.suse.com/security/cve/CVE-2017-5133,"Off-by-one read/write on the heap in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to corrupt memory and possibly leak information and potentially execute code via a crafted PDF file.",Released
20171020,CVE-2017-15597,8.1,9.1,1061075,xen,https://www.suse.com/security/cve/CVE-2017-15597,"An issue was discovered in Xen through 4.9.x. Grant copying code made an implication that any grant pin would be accompanied by a suitable page reference. Other portions of code, however, did not match up with that assumption. When such a grant copy operation is being done on a grant of a dying domain, the assumption turns out wrong. A malicious guest administrator can cause hypervisor memory corruption, most likely resulting in host crash and a Denial of Service. Privilege escalation and information leaks cannot be ruled out.",Released
20171020,CVE-2017-15638,6.5,6.5,1064127,SuSEfirewall2,https://www.suse.com/security/cve/CVE-2017-15638,"The SuSEfirewall2 package before 3.6.312-2.13.1 in SUSE Linux Enterprise (SLE) Desktop 12 SP2, Server 12 SP2, and Server for Raspberry Pi 12 SP2; before 3.6.312.333-3.10.1 in SLE Desktop 12 SP3 and Server 12 SP3; before 3.6_SVNr208-2.18.3.1 in SLE Server 11 SP4; before 3.6.312-5.9.1 in openSUSE Leap 42.2; and before 3.6.312.333-7.1 in openSUSE Leap 42.3 might allow remote attackers to bypass intended access restrictions on the portmap service by leveraging a missing source net restriction for _rpc_ services.",Released
20171023,CVE-2017-15565,,8.8,1064593,poppler,https://www.suse.com/security/cve/CVE-2017-15565,"In Poppler 0.59.0, a NULL Pointer Dereference exists in the GfxImageColorMap::getGrayLine() function in GfxState.cc via a crafted PDF document.",Released
20171023,CVE-2017-15670,7.8,9.8,1064583,glibc,https://www.suse.com/security/cve/CVE-2017-15670,"The GNU C Library (aka glibc or libc6) before 2.27 contains an off-by-one error leading to a heap-based buffer overflow in the glob function in glob.c, related to the processing of home directories using the ~ operator followed by a long string.",Released
20171023,CVE-2017-15671,4,5.9,1064569,glibc,https://www.suse.com/security/cve/CVE-2017-15671,"The glob function in glob.c in the GNU C Library (aka glibc or libc6) before 2.27, when invoked with GLOB_TILDE, could skip freeing allocated memory when processing the ~ operator with a long user name, potentially leading to a denial of service (memory leak).",Released
20171023,CVE-2017-15804,5.9,9.8,1064580,glibc,https://www.suse.com/security/cve/CVE-2017-15804,"The glob function in glob.c in the GNU C Library (aka glibc or libc6) before 2.27 contains a buffer overflow during unescaping of user names with the ~ operator.",Released
20171024,CVE-2017-15085,,5.9,1058622,samba,https://www.suse.com/security/cve/CVE-2017-15085,"It was discovered that the fix for CVE-2017-12150 was not properly shipped in erratum RHSA-2017:2858 for Red Hat Gluster Storage 3.3 for RHEL 6.",Released
20171024,CVE-2017-15087,,7.5,1058410,kernel-source,https://www.suse.com/security/cve/CVE-2017-15087,"It was discovered that the fix for CVE-2017-12163 was not properly shipped in erratum RHSA-2017:2858 for Red Hat Gluster Storage 3.3 for RHEL 6.",Unsupported
20171025,CVE-2017-12613,3.4,7.1,1064982,libapr1,https://www.suse.com/security/cve/CVE-2017-12613,"When apr_time_exp*() or apr_os_exp_time*() functions are invoked with an invalid month field value in Apache Portable Runtime APR 1.6.2 and prior, out of bounds memory may be accessed in converting this value to an apr_time_exp_t value, potentially revealing the contents of a different static heap value or resulting in program termination, and may represent an information disclosure or denial of service vulnerability to applications which call these APR functions with unvalidated external input.",Released
20171025,CVE-2017-12618,2.3,4.7,1064990,libapr-util1,https://www.suse.com/security/cve/CVE-2017-12618,"Apache Portable Runtime Utility (APR-util) 1.6.0 and prior fail to validate the integrity of SDBM database files used by apr_sdbm*() functions, resulting in a possible out of bound read access. A local user with write access to the database can make a program or process using these functions crash, and cause a denial of service.",Released
20171025,CVE-2017-15873,7.8,5.5,1064976,busybox,https://www.suse.com/security/cve/CVE-2017-15873,"The get_next_block function in archival/libarchive/decompress_bunzip2.c in BusyBox 1.27.2 has an Integer Overflow that may lead to a write access violation.",Won't fix
20171026,CVE-2017-15906,4.3,5.3,1064285,openssh,https://www.suse.com/security/cve/CVE-2017-15906,"The process_open function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files.",Released
20171030,CVE-2017-15938,,7.5,1065693,binutils,https://www.suse.com/security/cve/CVE-2017-15938,"dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, miscalculates DW_FORM_ref_addr die refs in the case of a relocatable object file, which allows remote attackers to cause a denial of service (find_abstract_instance_name invalid memory read, segmentation fault, and application crash).",Ignore
20171030,CVE-2017-15939,,5.5,1061623,binutils,https://www.suse.com/security/cve/CVE-2017-15939,"dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandles NULL files in a .debug_line file table, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ELF file, related to concat_filename. NOTE: this issue is caused by an incomplete fix for CVE-2017-15023.",Ignore
20171030,CVE-2017-15996,3.3,7.8,1065643,binutils,https://www.suse.com/security/cve/CVE-2017-15996,"elfcomm.c in readelf in GNU Binutils 2.29 allows remote attackers to cause a denial of service (excessive memory allocation) or possibly have unspecified other impact via a crafted ELF file that triggers a \"buffer overflow on fuzzed archive header,\" related to an uninitialized variable, an improper conditional jump, and the get_archive_member_name, process_archive_index_and_symbols, and setup_archive functions.",Unsupported
20171030,CVE-2017-16227,,7.5,1065641,quagga,https://www.suse.com/security/cve/CVE-2017-16227,"The aspath_put function in bgpd/bgp_aspath.c in Quagga before 1.2.2 allows remote attackers to cause a denial of service (session drop) via BGP UPDATE messages, because AS_PATH size calculation for long paths counts certain bytes twice and consequently constructs an invalid message.",Released
20171101,CVE-2017-1000382,5.5,5.5,1065958,vim,https://www.suse.com/security/cve/CVE-2017-1000382,"VIM version 8.0.1187 (and other versions most likely) ignores umask when creating a swap file (\"[ORIGINAL_FILENAME].swp\") resulting in files that may be world readable or otherwise accessible in ways not intended by the user running the vi binary.",Affected
20171101,CVE-2017-1000383,5.5,5.5,1065957,emacs,https://www.suse.com/security/cve/CVE-2017-1000383,"GNU Emacs version 25.3.1 (and other versions most likely) ignores umask when creating a backup save file (\"[ORIGINAL_FILENAME]~\") resulting in files that may be world readable or otherwise accessible in ways not intended by the user running the emacs binary.",Ignore
20171101,CVE-2017-15930,5.3,8.8,1066003,ImageMagick,https://www.suse.com/security/cve/CVE-2017-15930,"In ReadOneJNGImage in coders/png.c in GraphicsMagick 1.3.26, a Null Pointer Dereference occurs while transferring JPEG scanlines, related to a PixelPacket pointer.",Released
20171102,CVE-2017-12193,6.2,5.5,1066192,kernel-source,https://www.suse.com/security/cve/CVE-2017-12193,"The assoc_array_insert_into_terminal_node function in lib/assoc_array.c in the Linux kernel before 4.13.11 mishandles node splitting, which allows local users to cause a denial of service (NULL pointer dereference and panic) via a crafted application, as demonstrated by the keyring key type, and key addition and link creation operations.",Unsupported
20171102,CVE-2017-16352,5.6,8.8,1066168,ImageMagick,https://www.suse.com/security/cve/CVE-2017-16352,"GraphicsMagick 1.3.26 is vulnerable to a heap-based buffer overflow vulnerability found in the \"Display visual image directory\" feature of the DescribeImage() function of the magick/describe.c file. One possible way to trigger the vulnerability is to run the identify command on a specially crafted MIFF format file with the verbose flag.",Released
20171102,CVE-2017-16353,5.3,6.5,1066170,ImageMagick,https://www.suse.com/security/cve/CVE-2017-16353,"GraphicsMagick 1.3.26 is vulnerable to a memory information disclosure vulnerability found in the DescribeImage function of the magick/describe.c file, because of a heap-based buffer over-read. The portion of the code containing the vulnerability is responsible for printing the IPTC Profile information contained in the image. This vulnerability can be triggered with a specially crafted MIFF file. There is an out-of-bounds buffer dereference because certain increments are never checked.",Released
20171103,CVE-2017-10862,,5.3,1063050,ImageMagick,https://www.suse.com/security/cve/CVE-2017-10862,"jwt-scala 1.2.2 and earlier fails to verify token signatures correctly which may lead to an attacker being able to pass specially crafted JWT data as a correctly signed token.",Released
20171106,CVE-2017-15102,4.6,6.3,1066705,kernel-source,https://www.suse.com/security/cve/CVE-2017-15102,"The tower_probe function in drivers/usb/misc/legousbtower.c in the Linux kernel before 4.8.1 allows local users (who are physically proximate for inserting a crafted USB device) to gain privileges by leveraging a write-what-where condition that occurs after a race condition and a NULL pointer dereference.",Released
20171106,CVE-2017-15306,,5.5,1066707,kernel-source,https://www.suse.com/security/cve/CVE-2017-15306,"The kvm_vm_ioctl_check_extension function in arch/powerpc/kvm/powerpc.c in the Linux kernel before 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) via a KVM_CHECK_EXTENSION KVM_CAP_PPC_HTM ioctl call to /dev/kvm.",Analysis
20171106,CVE-2017-16231,4.3,5.5,1066649,pcre,https://www.suse.com/security/cve/CVE-2017-16231,"** DISPUTED ** In PCRE 8.41, after compiling, a pcretest load test PoC produces a crash overflow in the function match() in pcre_exec.c because of a self-recursive call. NOTE: third parties dispute the relevance of this report, noting that there are options that can be used to limit the amount of stack that is used.",Ignore
20171106,CVE-2017-16525,4.6,6.6,1066618,kernel-source,https://www.suse.com/security/cve/CVE-2017-16525,"The usb_serial_console_disconnect function in drivers/usb/serial/console.c in the Linux kernel before 4.13.8 allows local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other impact via a crafted USB device, related to disconnection and failed setup.",Released
20171106,CVE-2017-16527,4.6,6.6,1066625,kernel-source,https://www.suse.com/security/cve/CVE-2017-16527,"sound/usb/mixer.c in the Linux kernel before 4.13.8 allows local users to cause a denial of service (snd_usb_mixer_interrupt use-after-free and system crash) or possibly have unspecified other impact via a crafted USB device.",Released
20171106,CVE-2017-16528,4.6,6.6,1066629,kernel-source,https://www.suse.com/security/cve/CVE-2017-16528,"sound/core/seq_device.c in the Linux kernel before 4.13.4 allows local users to cause a denial of service (snd_rawmidi_dev_seq_free use-after-free and system crash) or possibly have unspecified other impact via a crafted USB device.",Released
20171106,CVE-2017-16529,4.6,6.6,1066650,kernel-source,https://www.suse.com/security/cve/CVE-2017-16529,"The snd_usb_create_streams function in sound/usb/card.c in the Linux kernel before 4.13.6 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device.",Released
20171106,CVE-2017-16530,4.6,6.6,1066668,kernel-source,https://www.suse.com/security/cve/CVE-2017-16530,"The uas driver in the Linux kernel before 4.13.6 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device, related to drivers/usb/storage/uas-detect.h and drivers/usb/storage/uas.c.",Released
20171106,CVE-2017-16531,4.6,6.6,1066671,kernel-source,https://www.suse.com/security/cve/CVE-2017-16531,"drivers/usb/core/config.c in the Linux kernel before 4.13.6 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device, related to the USB_DT_INTERFACE_ASSOCIATION descriptor.",Released
20171106,CVE-2017-16532,4.6,6.6,1066673,kernel-source,https://www.suse.com/security/cve/CVE-2017-16532,"The get_endpoints function in drivers/usb/misc/usbtest.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB device.",Released
20171106,CVE-2017-16533,4.6,6.6,1066674,kernel-source,https://www.suse.com/security/cve/CVE-2017-16533,"The usbhid_parse function in drivers/hid/usbhid/hid-core.c in the Linux kernel before 4.13.8 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device.",Released
20171106,CVE-2017-16534,4.6,6.8,1066693,kernel-source,https://www.suse.com/security/cve/CVE-2017-16534,"The cdc_parse_cdc_header function in drivers/usb/core/message.c in the Linux kernel before 4.13.6 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device.",Released
20171106,CVE-2017-16535,4.6,6.6,1066700,kernel-source,https://www.suse.com/security/cve/CVE-2017-16535,"The usb_get_bos_descriptor function in drivers/usb/core/config.c in the Linux kernel before 4.13.10 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device.",Released
20171106,CVE-2017-16536,4.6,6.6,1066606,kernel-source,https://www.suse.com/security/cve/CVE-2017-16536,"The cx231xx_usb_probe function in drivers/media/usb/cx231xx/cx231xx-cards.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB device.",Released
20171106,CVE-2017-16537,4.6,6.6,1066573,kernel-source,https://www.suse.com/security/cve/CVE-2017-16537,"The imon_probe function in drivers/media/rc/imon.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB device.",Released
20171106,CVE-2017-16538,4.6,6.6,1066569,kernel-source,https://www.suse.com/security/cve/CVE-2017-16538,"drivers/media/usb/dvb-usb-v2/lmedm04.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (general protection fault and system crash) or possibly have unspecified other impact via a crafted USB device, related to a missing warm-start check and incorrect attach timing (dm04_lme2510_frontend_attach versus dm04_lme2510_tuner).",Released
20171106,CVE-2017-16548,3.5,9.8,1066644,rsync,https://www.suse.com/security/cve/CVE-2017-16548,"The receive_xattr function in xattrs.c in rsync 3.1.2 and 3.1.3-development does not check for a trailing '\0' character in an xattr name, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact by sending crafted data to the daemon.",Released
20171106,CVE-2017-16611,3.3,5.5,1050459,xorg-x11-libs,https://www.suse.com/security/cve/CVE-2017-16611,"In libXfont before 1.5.4 and libXfont2 before 2.0.3, a local attacker can open (but not read) files on the system as root, triggering tape rewinds, watchdogs, or similar mechanisms that can be triggered by opening files.",Released
20171106,CVE-2017-16612,7.8,7.5,1065386,xorg-x11-libs,https://www.suse.com/security/cve/CVE-2017-16612,"libXcursor before 1.1.15 has various integer overflows that could lead to heap buffer overflows when processing malicious cursors, e.g., with programs like GIMP. It is also possible that an attack vector exists against the related code in cursor/xcursor.c in Wayland through 1.14.0.",Released
20171108,CVE-2015-4025,7.4,,1067090,php53,https://www.suse.com/security/cve/CVE-2015-4025,"PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 truncates a pathname upon encountering a \x00 character in certain situations, which allows remote attackers to bypass intended extension restrictions and access files or directories with unexpected names via a crafted argument to (1) set_include_path, (2) tempnam, (3) rmdir, or (4) readlink.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2006-7243.",Already fixed
20171108,CVE-2017-14952,5.3,9.8,1067203,icu,https://www.suse.com/security/cve/CVE-2017-14952,"Double free in i18n/zonemeta.cpp in International Components for Unicode (ICU) for C/C++ through 59.1 allows remote attackers to execute arbitrary code via a crafted string, aka a \"redundant UVector entry clean up function call\" issue.",Released
20171108,CVE-2017-15238,5.3,8.8,1067198,ImageMagick,https://www.suse.com/security/cve/CVE-2017-15238,"ReadOneJNGImage in coders/png.c in GraphicsMagick 1.3.26 has a use-after-free issue when the height or width is zero, related to ReadJNGImage.",Affected
20171108,CVE-2017-16545,,8.8,1067184,ImageMagick,https://www.suse.com/security/cve/CVE-2017-16545,"The ReadWPGImage function in coders/wpg.c in GraphicsMagick 1.3.26 does not properly validate colormapped images, which allows remote attackers to cause a denial of service (ImportIndexQuantumType invalid write and application crash) or possibly have unspecified other impact via a malformed WPG image.",Released
20171108,CVE-2017-16546,5.9,8.8,1067181,ImageMagick,https://www.suse.com/security/cve/CVE-2017-16546,"The ReadWPGImage function in coders/wpg.c in ImageMagick 7.0.7-9 does not properly validate the colormap index in a WPG palette, which allows remote attackers to cause a denial of service (use of uninitialized data or invalid memory allocation) or possibly have unspecified other impact via a malformed WPG file.",Released
20171108,CVE-2017-16547,3.7,8.8,1067177,ImageMagick,https://www.suse.com/security/cve/CVE-2017-16547,"The DrawImage function in magick/render.c in GraphicsMagick 1.3.26 does not properly look for pop keywords that are associated with push keywords, which allows remote attackers to cause a denial of service (negative strncpy and application crash) or possibly have unspecified other impact via a crafted file.",Affected
20171108,CVE-2017-16643,4.6,6.6,1067115,kernel-source,https://www.suse.com/security/cve/CVE-2017-16643,"The parse_hid_report_descriptor function in drivers/input/tablet/gtco.c in the Linux kernel before 4.13.11 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device.",Released
20171108,CVE-2017-16644,4.6,6.6,1067118,kernel-source,https://www.suse.com/security/cve/CVE-2017-16644,"The hdpvr_probe function in drivers/media/usb/hdpvr/hdpvr-core.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (improper error handling and system crash) or possibly have unspecified other impact via a crafted USB device.",Released
20171108,CVE-2017-16645,4.6,6.6,1067132,kernel-source,https://www.suse.com/security/cve/CVE-2017-16645,"The ims_pcu_get_cdc_union_desc function in drivers/input/misc/ims-pcu.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (ims_pcu_parse_cdc_data out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device.",Released
20171108,CVE-2017-16646,4.6,6.6,1067105,kernel-source,https://www.suse.com/security/cve/CVE-2017-16646,"drivers/media/usb/dvb-usb/dib0700_devices.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (BUG and system crash) or possibly have unspecified other impact via a crafted USB device.",Released
20171108,CVE-2017-16647,4.6,6.6,1067102,kernel-source,https://www.suse.com/security/cve/CVE-2017-16647,"drivers/net/usb/asix_devices.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB device.",Released
20171108,CVE-2017-16648,4.6,6.6,1067087,kernel-source,https://www.suse.com/security/cve/CVE-2017-16648,"The dvb_frontend_free function in drivers/media/dvb-core/dvb_frontend.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other impact via a crafted USB device. NOTE: the function was later renamed __dvb_frontend_free.",Released
20171108,CVE-2017-16649,4.6,6.6,1067085,kernel-source,https://www.suse.com/security/cve/CVE-2017-16649,"The usbnet_generic_cdc_bind function in drivers/net/usb/cdc_ether.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (divide-by-zero error and system crash) or possibly have unspecified other impact via a crafted USB device.",Released
20171108,CVE-2017-16650,4.6,6.6,1067086,kernel-source,https://www.suse.com/security/cve/CVE-2017-16650,"The qmi_wwan_bind function in drivers/net/usb/qmi_wwan.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (divide-by-zero error and system crash) or possibly have unspecified other impact via a crafted USB device.",Released
20171109,CVE-2017-15101,7.8,9.8,1067336,liblouis,https://www.suse.com/security/cve/CVE-2017-15101,"A missing patch for a stack-based buffer overflow in findTable() was found in Red Hat version of liblouis before 2.5.4. An attacker could cause a denial of service condition or potentially even arbitrary code execution.",Released
20171109,CVE-2017-16642,4.3,7.5,1048112,php53,https://www.suse.com/security/cve/CVE-2017-16642,"In PHP before 5.6.32, 7.x before 7.0.25, and 7.1.x before 7.1.11, an error in the date extension's timelib_meridian handling of 'front of' and 'back of' directives could be used by attackers able to supply date strings to leak information from the interpreter, related to ext/date/lib/parse_date.c out-of-bounds reads affecting the php_parse_date function. NOTE: this is a different issue than CVE-2017-11145.",Released
20171109,CVE-2017-16669,,8.8,1067409,ImageMagick,https://www.suse.com/security/cve/CVE-2017-16669,"coders/wpg.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file, related to the AcquireCacheNexus function in magick/pixel_cache.c.",Affected
20171113,CVE-2011-5174,7,,1069754,intel-SINIT,https://www.suse.com/security/cve/CVE-2011-5174,"Buffer overflow in Intel Trusted Execution Technology (TXT) SINIT Authenticated Code Modules (ACM) in Intel Q67 Express, C202, C204, C206 Chipsets, and Mobile Intel QM67, and QS67 Chipset before 2nd_gen_i5_i7_SINIT_51.BIN Express; Intel Q57, 3450 Chipsets and Mobile Intel QM57 and QS57 Express Chipset before i5_i7_DUAL_SINIT_51.BIN and i7_QUAD_SINIT_51.BIN; Mobile Intel GM45, GS45, and PM45 Express Chipset before GM45_GS45_PM45_SINIT_51.BIN; Intel Q35 Express Chipsets before Q35_SINIT_51.BIN; and Intel 5520, 5500, X58, and 7500 Chipsets before SINIT ACM 1.1 allows local users to bypass the Trusted Execution Technology protection mechanism and perform other unspecified SINIT ACM functions via unspecified vectors.",Released
20171113,CVE-2011-5174,7,,1069754,microcode_ctl,https://www.suse.com/security/cve/CVE-2011-5174,"Buffer overflow in Intel Trusted Execution Technology (TXT) SINIT Authenticated Code Modules (ACM) in Intel Q67 Express, C202, C204, C206 Chipsets, and Mobile Intel QM67, and QS67 Chipset before 2nd_gen_i5_i7_SINIT_51.BIN Express; Intel Q57, 3450 Chipsets and Mobile Intel QM57 and QS57 Express Chipset before i5_i7_DUAL_SINIT_51.BIN and i7_QUAD_SINIT_51.BIN; Mobile Intel GM45, GS45, and PM45 Express Chipset before GM45_GS45_PM45_SINIT_51.BIN; Intel Q35 Express Chipsets before Q35_SINIT_51.BIN; and Intel 5520, 5500, X58, and 7500 Chipsets before SINIT ACM 1.1 allows local users to bypass the Trusted Execution Technology protection mechanism and perform other unspecified SINIT ACM functions via unspecified vectors.",Already fixed
20171113,CVE-2017-15098,7.1,8.1,1067844,postgresql94,https://www.suse.com/security/cve/CVE-2017-15098,"Invalid json_populate_recordset or jsonb_populate_recordset function calls in PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, 9.5.x before 9.5.10, 9.4.x before 9.4.15, and 9.3.x before 9.3.20 can crash the server or disclose a few bytes of server memory.",Released
20171117,CVE-2017-1000158,8.1,9.8,1068664,python,https://www.suse.com/security/cve/CVE-2017-1000158,"CPython (aka Python) up to 2.7.13 is vulnerable to an integer overflow in the PyString_DecodeEscape function in stringobject.c, resulting in heap-based buffer overflow (and possible arbitrary code execution)",Released
20171117,CVE-2017-15115,5.5,7.8,1068671,kernel-source,https://www.suse.com/security/cve/CVE-2017-15115,"The sctp_do_peeloff function in net/sctp/socket.c in the Linux kernel before 4.14 does not check whether the intended netns is used in a peel-off action, which allows local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other impact via crafted system calls.",Released
20171117,CVE-2017-16826,3.7,7.8,1068640,binutils,https://www.suse.com/security/cve/CVE-2017-16826,"The coff_slurp_line_table function in coffcode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly have unspecified other impact via a crafted PE file.",Unsupported
20171117,CVE-2017-16832,4,7.8,1068643,binutils,https://www.suse.com/security/cve/CVE-2017-16832,"The pe_bfd_read_buildid function in peicode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not validate size and offset values in the data dictionary, which allows remote attackers to cause a denial of service (segmentation violation and application crash) or possibly have unspecified other impact via a crafted PE file.",Ignore
20171117,CVE-2017-16844,7.1,9.8,1068648,procmail,https://www.suse.com/security/cve/CVE-2017-16844,"Heap-based buffer overflow in the loadbuf function in formisc.c in formail in procmail 3.22 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted e-mail message because of a hardcoded realloc size, a different vulnerability than CVE-2014-3618.",Released
20171120,CVE-2017-1000126,5.3,5.5,1068873,exiv2,https://www.suse.com/security/cve/CVE-2017-1000126,"exiv2 0.26 contains a Stack out of bounds read in webp parser",Ignore
20171120,CVE-2017-1000127,3.3,5.5,1068872,exiv2,https://www.suse.com/security/cve/CVE-2017-1000127,"Exiv2 0.26 contains a heap buffer overflow in tiff parser",Ignore
20171120,CVE-2017-1000128,3.3,5.5,1068871,exiv2,https://www.suse.com/security/cve/CVE-2017-1000128,"Exiv2 0.26 contains a stack out of bounds read in JPEG2000 parser",Ignore
20171120,CVE-2017-16829,3.3,7.8,1068950,gdb,https://www.suse.com/security/cve/CVE-2017-16829,"The _bfd_elf_parse_gnu_properties function in elf-properties.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not prevent negative pointers, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) or possibly have unspecified other impact via a crafted ELF file.",Unsupported
20171120,CVE-2017-16830,,7.8,1068888,binutils,https://www.suse.com/security/cve/CVE-2017-16830,"The print_gnu_property_note function in readelf.c in GNU Binutils 2.29.1 does not have integer-overflow protection on 32-bit platforms, which allows remote attackers to cause a denial of service (segmentation violation and application crash) or possibly have unspecified other impact via a crafted ELF file.",Ignore
20171120,CVE-2017-16831,3.3,7.8,1068887,binutils,https://www.suse.com/security/cve/CVE-2017-16831,"coffgen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not validate the symbol count, which allows remote attackers to cause a denial of service (integer overflow and application crash, or excessive memory allocation) or possibly have unspecified other impact via a crafted PE file.",Unsupported
20171121,CVE-2017-16232,2.8,7.5,1069213,tiff,https://www.suse.com/security/cve/CVE-2017-16232,"** DISPUTED ** LibTIFF 4.0.8 has multiple memory leak vulnerabilities, which allow attackers to cause a denial of service (memory consumption), as demonstrated by tif_open.c, tif_lzw.c, and tif_aux.c. NOTE: Third parties were unable to reproduce the issue.",Ignore
20171121,CVE-2017-16827,3.3,7.8,1069202,binutils,https://www.suse.com/security/cve/CVE-2017-16827,"The aout_get_external_symbols function in aoutx.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, allows remote attackers to cause a denial of service (slurp_symtab invalid free and application crash) or possibly have unspecified other impact via a crafted ELF file.",Unsupported
20171121,CVE-2017-16828,,7.8,1069176,binutils,https://www.suse.com/security/cve/CVE-2017-16828,"The display_debug_frames function in dwarf.c in GNU Binutils 2.29.1 allows remote attackers to cause a denial of service (integer overflow and heap-based buffer over-read, and application crash) or possibly have unspecified other impact via a crafted ELF file, related to print_debug_frame.",Ignore
20171121,CVE-2017-16899,6.5,7.1,1069257,transfig,https://www.suse.com/security/cve/CVE-2017-16899,"An array index error in the fig2dev program in Xfig 3.2.6a allows remote attackers to cause a denial-of-service attack or information disclosure with a maliciously crafted Fig format file, related to a negative font value in dev/gentikz.c, and the read_textobject functions in read.c and read1_3.c.",Released
20171121,CVE-2017-9228,6.4,9.8,1068376,php53,https://www.suse.com/security/cve/CVE-2017-9228,"An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write occurs in bitset_set_range() during regular expression compilation due to an uninitialized variable from an incorrect state transition. An incorrect state transition in parse_char_class() could create an execution path that leaves a critical local variable uninitialized until it's used as an index, resulting in an out-of-bounds write memory corruption.",Released
20171121,CVE-2017-9229,6.5,7.5,1068376,php53,https://www.suse.com/security/cve/CVE-2017-9229,"An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A SIGSEGV occurs in left_adjust_char_head() during regular expression compilation. Invalid handling of reg->dmax in forward_search_range() could result in an invalid pointer dereference, normally as an immediate denial-of-service condition.",Released
20171122,CVE-2017-16544,7.8,8.8,1069412,busybox,https://www.suse.com/security/cve/CVE-2017-16544,"In the add_match function in libbb/lineedit.c in BusyBox through 1.27.2, the tab autocomplete feature of the shell, used to get a list of filenames in a directory, does not sanitize filenames and results in executing any escape sequence in the terminal. This could potentially result in code execution, arbitrary file writes, or other attacks.",Won't fix
20171123,CVE-2017-16879,7.8,7.8,1069530,ncurses,https://www.suse.com/security/cve/CVE-2017-16879,"Stack-based buffer overflow in the _nc_write_entry function in tinfo/write_entry.c in ncurses 6.0 allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted terminfo file, as demonstrated by tic.",Released
20171123,CVE-2017-16927,5.5,8.4,1069591,xrdp,https://www.suse.com/security/cve/CVE-2017-16927,"The scp_v0s_accept function in sesman/libscp/libscp_v0.c in the session manager in xrdp through 0.9.4 uses an untrusted integer as a write length, which allows local users to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted input stream.",Unsupported
20171124,CVE-2017-16931,7.5,9.8,1039661,libxml2,https://www.suse.com/security/cve/CVE-2017-16931,"parser.c in libxml2 before 2.9.5 mishandles parameter-entity references because the NEXTL macro calls the xmlParserHandlePEReference function in the case of a '%' character in a DTD name.",Released
20171124,CVE-2017-16932,7.5,7.5,1069689,libxml2,https://www.suse.com/security/cve/CVE-2017-16932,"parser.c in libxml2 before 2.9.5 does not prevent infinite recursion in parameter entities.",Released
20171124,CVE-2017-16932,7.5,7.5,1069689,libxml2-python,https://www.suse.com/security/cve/CVE-2017-16932,"parser.c in libxml2 before 2.9.5 does not prevent infinite recursion in parameter entities.",Released
20171124,CVE-2017-16939,7.8,7.8,1069702,kernel-source,https://www.suse.com/security/cve/CVE-2017-16939,"The XFRM dump policy implementation in net/xfrm/xfrm_user.c in the Linux kernel before 4.13.11 allows local users to gain privileges or cause a denial of service (use-after-free) via a crafted SO_RCVBUF setsockopt system call in conjunction with XFRM_MSG_GETPOLICY Netlink messages.",Released
20171127,CVE-2017-16942,6.2,6.5,1069874,libsndfile,https://www.suse.com/security/cve/CVE-2017-16942,"In libsndfile 1.0.25 (fixed in 1.0.26), a divide-by-zero error exists in the function wav_w64_read_fmt_chunk() in wav_w64.c, which may lead to DoS when playing a crafted audio file.",Released
20171127,CVE-2017-16994,4,5.5,1069996,kernel-source,https://www.suse.com/security/cve/CVE-2017-16994,"The walk_hugetlb_range function in mm/pagewalk.c in the Linux kernel before 4.14.2 mishandles holes in hugetlb ranges, which allows local users to obtain sensitive information from uninitialized kernel memory via crafted use of the mincore() system call.",Unsupported
20171128,CVE-2017-1000159,5.3,7.8,1070046,evince,https://www.suse.com/security/cve/CVE-2017-1000159,"Command injection in evince via filename when printing to PDF. This affects versions earlier than 3.25.91.",Released
20171129,CVE-2017-17044,5.9,6.5,1068187,xen,https://www.suse.com/security/cve/CVE-2017-17044,"An issue was discovered in Xen through 4.9.x allowing HVM guest OS users to cause a denial of service (infinite loop and host OS hang) by leveraging the mishandling of Populate on Demand (PoD) errors.",Released
20171129,CVE-2017-17045,,8.8,1068191,xen,https://www.suse.com/security/cve/CVE-2017-17045,"An issue was discovered in Xen through 4.9.x allowing HVM guest OS users to gain privileges on the host OS, obtain sensitive information, or cause a denial of service (BUG and host OS crash) by leveraging the mishandling of Populate on Demand (PoD) Physical-to-Machine (P2M) errors.",Released
20171129,CVE-2017-17052,,7.8,1069496,kernel-source,https://www.suse.com/security/cve/CVE-2017-17052,"The mm_init function in kernel/fork.c in the Linux kernel before 4.12.10 does not clear the ->exe_file member of a new process's mm_struct, allowing a local attacker to achieve a use-after-free or possibly have unspecified other impact by running a specially crafted program.",Analysis
20171201,CVE-2017-17080,,5.5,1070764,binutils,https://www.suse.com/security/cve/CVE-2017-17080,"elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not validate sizes of core notes, which allows remote attackers to cause a denial of service (bfd_getl32 heap-based buffer over-read and application crash) via a crafted object file, related to elfcore_grok_netbsd_procinfo, elfcore_grok_openbsd_procinfo, and elfcore_grok_nto_status.",Ignore
20171201,CVE-2017-17083,5.3,7.5,1070727,libsmi,https://www.suse.com/security/cve/CVE-2017-17083,"In Wireshark 2.4.0 to 2.4.2 and 2.2.0 to 2.2.10, the NetBIOS dissector could crash. This was addressed in epan/dissectors/packet-netbios.c by ensuring that write operations are bounded by the beginning of a buffer.",Released
20171201,CVE-2017-17083,5.3,7.5,1070727,portaudio,https://www.suse.com/security/cve/CVE-2017-17083,"In Wireshark 2.4.0 to 2.4.2 and 2.2.0 to 2.2.10, the NetBIOS dissector could crash. This was addressed in epan/dissectors/packet-netbios.c by ensuring that write operations are bounded by the beginning of a buffer.",Released
20171201,CVE-2017-17083,5.3,7.5,1070727,wireshark,https://www.suse.com/security/cve/CVE-2017-17083,"In Wireshark 2.4.0 to 2.4.2 and 2.2.0 to 2.2.10, the NetBIOS dissector could crash. This was addressed in epan/dissectors/packet-netbios.c by ensuring that write operations are bounded by the beginning of a buffer.",Released
20171201,CVE-2017-17084,5.3,7.5,1070727,libsmi,https://www.suse.com/security/cve/CVE-2017-17084,"In Wireshark 2.4.0 to 2.4.2 and 2.2.0 to 2.2.10, the IWARP_MPA dissector could crash. This was addressed in epan/dissectors/packet-iwarp-mpa.c by validating a ULPDU length.",Released
20171201,CVE-2017-17084,5.3,7.5,1070727,portaudio,https://www.suse.com/security/cve/CVE-2017-17084,"In Wireshark 2.4.0 to 2.4.2 and 2.2.0 to 2.2.10, the IWARP_MPA dissector could crash. This was addressed in epan/dissectors/packet-iwarp-mpa.c by validating a ULPDU length.",Released
20171201,CVE-2017-17084,5.3,7.5,1070727,wireshark,https://www.suse.com/security/cve/CVE-2017-17084,"In Wireshark 2.4.0 to 2.4.2 and 2.2.0 to 2.2.10, the IWARP_MPA dissector could crash. This was addressed in epan/dissectors/packet-iwarp-mpa.c by validating a ULPDU length.",Released
20171201,CVE-2017-17085,5.3,7.5,1070727,libsmi,https://www.suse.com/security/cve/CVE-2017-17085,"In Wireshark 2.4.0 to 2.4.2 and 2.2.0 to 2.2.10, the CIP Safety dissector could crash. This was addressed in epan/dissectors/packet-cipsafety.c by validating the packet length.",Released
20171201,CVE-2017-17085,5.3,7.5,1070727,portaudio,https://www.suse.com/security/cve/CVE-2017-17085,"In Wireshark 2.4.0 to 2.4.2 and 2.2.0 to 2.2.10, the CIP Safety dissector could crash. This was addressed in epan/dissectors/packet-cipsafety.c by validating the packet length.",Released
20171201,CVE-2017-17085,5.3,7.5,1070727,wireshark,https://www.suse.com/security/cve/CVE-2017-17085,"In Wireshark 2.4.0 to 2.4.2 and 2.2.0 to 2.2.10, the CIP Safety dissector could crash. This was addressed in epan/dissectors/packet-cipsafety.c by validating the packet length.",Released
20171201,CVE-2017-8813,6.7,,1070849,kernel-source,https://www.suse.com/security/cve/CVE-2017-8813,"** REJECT **  DO NOT USE THIS CANDIDATE NUMBER.  ConsultIDs: CVE-2017-8831.  Reason: This candidate is a duplicate of CVE-2017-8831.  A typo caused the wrong ID to be used.  Notes: All CVE users should reference CVE-2017-8831 instead of this candidate.  All references and descriptions in this candidate have been removed to prevent accidental usage.",Released
20171204,CVE-2017-1000407,5.9,7.4,1071021,kernel-source,https://www.suse.com/security/cve/CVE-2017-1000407,"The Linux Kernel 2.6.32 and later are affected by a denial of service, by flooding the diagnostic port 0x80 an exception can be triggered leading to a kernel panic.",Released
20171204,CVE-2017-17087,4,5.5,1065958,vim,https://www.suse.com/security/cve/CVE-2017-17087,"fileio.c in Vim prior to 8.0.1263 sets the group ownership of a .swp file to the editor's primary group (which may be different from the group ownership of the original file), which allows local users to obtain sensitive information by leveraging an applicable group membership, as demonstrated by /etc/shadow owned by root:shadow mode 0640, but /etc/.shadow.swp owned by root:users mode 0640, a different vulnerability than CVE-2017-1000382.",Unsupported
20171204,CVE-2017-17123,5.3,5.5,1071081,binutils,https://www.suse.com/security/cve/CVE-2017-17123,"The coff_slurp_reloc_table function in coffcode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted COFF based file.",Ignore
20171204,CVE-2017-17124,5.3,7.8,1071078,binutils,https://www.suse.com/security/cve/CVE-2017-17124,"The _bfd_coff_read_string_table function in coffgen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not properly validate the size of the external string table, which allows remote attackers to cause a denial of service (excessive memory consumption, or heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted COFF binary.",Ignore
20171204,CVE-2017-5715,7.1,5.6,1068032,iscsitarget,https://www.suse.com/security/cve/CVE-2017-5715,"Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.",Released
20171204,CVE-2017-5715,7.1,5.6,1068032,kernel-source,https://www.suse.com/security/cve/CVE-2017-5715,"Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.",Released
20171204,CVE-2017-5715,7.1,5.6,1068032,kvm,https://www.suse.com/security/cve/CVE-2017-5715,"Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.",Released
20171204,CVE-2017-5715,7.1,5.6,1068032,libvirt,https://www.suse.com/security/cve/CVE-2017-5715,"Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.",Released
20171204,CVE-2017-5715,7.1,5.6,1068032,microcode_ctl,https://www.suse.com/security/cve/CVE-2017-5715,"Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.",Released
20171204,CVE-2017-5715,7.1,5.6,1068032,ofed,https://www.suse.com/security/cve/CVE-2017-5715,"Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.",Released
20171204,CVE-2017-5715,7.1,5.6,1068032,xen,https://www.suse.com/security/cve/CVE-2017-5715,"Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.",Released
20171204,CVE-2017-5753,5.6,5.6,1068032,kernel-bigmem,https://www.suse.com/security/cve/CVE-2017-5753,"Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.",Released
20171204,CVE-2017-5753,5.6,5.6,1068032,kernel-default,https://www.suse.com/security/cve/CVE-2017-5753,"Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.",Released
20171204,CVE-2017-5753,5.6,5.6,1068032,kernel-ec2,https://www.suse.com/security/cve/CVE-2017-5753,"Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.",Released
20171204,CVE-2017-5753,5.6,5.6,1068032,kernel-pae,https://www.suse.com/security/cve/CVE-2017-5753,"Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.",Released
20171204,CVE-2017-5753,5.6,5.6,1068032,kernel-ppc64,https://www.suse.com/security/cve/CVE-2017-5753,"Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.",Released
20171204,CVE-2017-5753,5.6,5.6,1068032,kernel-source,https://www.suse.com/security/cve/CVE-2017-5753,"Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.",Released
20171204,CVE-2017-5753,5.6,5.6,1068032,kernel-syms,https://www.suse.com/security/cve/CVE-2017-5753,"Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.",Released
20171204,CVE-2017-5753,5.6,5.6,1068032,kernel-trace,https://www.suse.com/security/cve/CVE-2017-5753,"Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.",Released
20171204,CVE-2017-5753,5.6,5.6,1068032,kernel-xen,https://www.suse.com/security/cve/CVE-2017-5753,"Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.",Released
20171204,CVE-2017-5753,5.6,5.6,1068032,wireshark,https://www.suse.com/security/cve/CVE-2017-5753,"Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.",Released
20171204,CVE-2017-5753,5.6,5.6,1068032,xen,https://www.suse.com/security/cve/CVE-2017-5753,"Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.",Released
20171204,CVE-2017-5754,5.5,5.6,1068032,kernel-source,https://www.suse.com/security/cve/CVE-2017-5754,"Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis of the data cache.",Released
20171204,CVE-2017-5754,5.5,5.6,1068032,xen,https://www.suse.com/security/cve/CVE-2017-5754,"Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis of the data cache.",Released
20171204,CVE-2017-8824,8.4,7.8,1070771,kernel-source,https://www.suse.com/security/cve/CVE-2017-8824,"The dccp_disconnect function in net/dccp/proto.c in the Linux kernel through 4.14.3 allows local users to gain privileges or cause a denial of service (use-after-free) via an AF_UNSPEC connect system call during the DCCP_LISTEN state.",Released
20171205,CVE-2017-1000,-1,-1,1071319,kernel-source,https://www.suse.com/security/cve/CVE-2017-1000,"** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none.",Released
20171206,CVE-2017-15868,8.4,7.8,1071470,kernel-source,https://www.suse.com/security/cve/CVE-2017-15868,"The bnep_add_connection function in net/bluetooth/bnep/core.c in the Linux kernel before 3.19 does not ensure that an l2cap socket is available, which allows local users to gain privileges via a crafted application.",Released
20171206,CVE-2017-17121,4,7.8,1071544,binutils,https://www.suse.com/security/cve/CVE-2017-17121,"The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, allows remote attackers to cause a denial of service (memory access violation) or possibly have unspecified other impact via a COFF binary in which a relocation refers to a location after the end of the to-be-relocated section.",Unsupported
20171206,CVE-2017-17433,5.4,3.7,1071459,rsync,https://www.suse.com/security/cve/CVE-2017-17433,"The recv_files function in receiver.c in the daemon in rsync 3.1.2, and 3.1.3-development before 2017-12-03, proceeds with certain file metadata updates before checking for a filename in the daemon_filter_list data structure, which allows remote attackers to bypass intended access restrictions.",Released
20171206,CVE-2017-17434,5.4,9.8,1071460,rsync,https://www.suse.com/security/cve/CVE-2017-17434,"The daemon in rsync 3.1.2, and 3.1.3-development before 2017-12-03, does not check for fnamecmp filenames in the daemon_filter_list data structure (in the recv_files function in receiver.c) and also does not apply the sanitize_paths protection mechanism to pathnames found in \"xname follows\" strings (in the read_ndx_and_attrs function in rsync.c), which allows remote attackers to bypass intended access restrictions.",Released
20171207,CVE-2017-15121,6.2,5.5,1071726,kernel-source,https://www.suse.com/security/cve/CVE-2017-15121,"A non-privileged user is able to mount a fuse filesystem on RHEL 6 or 7 and crash a system if an application punches a hole in a file that does not end aligned to a page boundary.",Ignore
20171207,CVE-2017-15407,,8.8,1071691,icu,https://www.suse.com/security/cve/CVE-2017-15407,"Out-of-bounds Write in the QUIC networking stack in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to gain code execution via a malicious server.",Released
20171207,CVE-2017-15407,,8.8,1071691,libxml2,https://www.suse.com/security/cve/CVE-2017-15407,"Out-of-bounds Write in the QUIC networking stack in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to gain code execution via a malicious server.",Released
20171207,CVE-2017-15407,,8.8,1071691,libxml2-python,https://www.suse.com/security/cve/CVE-2017-15407,"Out-of-bounds Write in the QUIC networking stack in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to gain code execution via a malicious server.",Released
20171207,CVE-2017-15408,,8.8,1071691,icu,https://www.suse.com/security/cve/CVE-2017-15408,"Heap buffer overflow in Omnibox in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file that is mishandled by PDFium.",Released
20171207,CVE-2017-15408,,8.8,1071691,libxml2,https://www.suse.com/security/cve/CVE-2017-15408,"Heap buffer overflow in Omnibox in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file that is mishandled by PDFium.",Released
20171207,CVE-2017-15408,,8.8,1071691,libxml2-python,https://www.suse.com/security/cve/CVE-2017-15408,"Heap buffer overflow in Omnibox in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file that is mishandled by PDFium.",Released
20171207,CVE-2017-15409,,8.8,1071691,icu,https://www.suse.com/security/cve/CVE-2017-15409,"Heap buffer overflow in Skia in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",Released
20171207,CVE-2017-15409,,8.8,1071691,libxml2,https://www.suse.com/security/cve/CVE-2017-15409,"Heap buffer overflow in Skia in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",Released
20171207,CVE-2017-15409,,8.8,1071691,libxml2-python,https://www.suse.com/security/cve/CVE-2017-15409,"Heap buffer overflow in Skia in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",Released
20171207,CVE-2017-15410,,8.8,1071691,icu,https://www.suse.com/security/cve/CVE-2017-15410,"Use after free in PDFium in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.",Released
20171207,CVE-2017-15410,,8.8,1071691,libxml2,https://www.suse.com/security/cve/CVE-2017-15410,"Use after free in PDFium in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.",Released
20171207,CVE-2017-15410,,8.8,1071691,libxml2-python,https://www.suse.com/security/cve/CVE-2017-15410,"Use after free in PDFium in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.",Released
20171207,CVE-2017-15411,,8.8,1071691,icu,https://www.suse.com/security/cve/CVE-2017-15411,"Use after free in PDFium in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.",Released
20171207,CVE-2017-15411,,8.8,1071691,libxml2,https://www.suse.com/security/cve/CVE-2017-15411,"Use after free in PDFium in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.",Released
20171207,CVE-2017-15411,,8.8,1071691,libxml2-python,https://www.suse.com/security/cve/CVE-2017-15411,"Use after free in PDFium in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.",Released
20171207,CVE-2017-15412,8.8,8.8,1071691,icu,https://www.suse.com/security/cve/CVE-2017-15412,"Use after free in libxml2 before 2.9.5, as used in Google Chrome prior to 63.0.3239.84 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",Released
20171207,CVE-2017-15412,8.8,8.8,1071691,libxml2,https://www.suse.com/security/cve/CVE-2017-15412,"Use after free in libxml2 before 2.9.5, as used in Google Chrome prior to 63.0.3239.84 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",Released
20171207,CVE-2017-15412,8.8,8.8,1071691,libxml2-python,https://www.suse.com/security/cve/CVE-2017-15412,"Use after free in libxml2 before 2.9.5, as used in Google Chrome prior to 63.0.3239.84 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",Released
20171207,CVE-2017-15413,,8.8,1071691,icu,https://www.suse.com/security/cve/CVE-2017-15413,"Type confusion in WebAssembly in V8 in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",Released
20171207,CVE-2017-15413,,8.8,1071691,libxml2,https://www.suse.com/security/cve/CVE-2017-15413,"Type confusion in WebAssembly in V8 in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",Released
20171207,CVE-2017-15413,,8.8,1071691,libxml2-python,https://www.suse.com/security/cve/CVE-2017-15413,"Type confusion in WebAssembly in V8 in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",Released
20171207,CVE-2017-15415,,6.5,1071691,icu,https://www.suse.com/security/cve/CVE-2017-15415,"Incorrect serialization in IPC in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to leak the value of a pointer via a crafted HTML page.",Released
20171207,CVE-2017-15415,,6.5,1071691,libxml2,https://www.suse.com/security/cve/CVE-2017-15415,"Incorrect serialization in IPC in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to leak the value of a pointer via a crafted HTML page.",Released
20171207,CVE-2017-15415,,6.5,1071691,libxml2-python,https://www.suse.com/security/cve/CVE-2017-15415,"Incorrect serialization in IPC in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to leak the value of a pointer via a crafted HTML page.",Released
20171207,CVE-2017-15416,,6.5,1071691,icu,https://www.suse.com/security/cve/CVE-2017-15416,"Heap buffer overflow in Blob API in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page, aka a Blink out-of-bounds read.",Released
20171207,CVE-2017-15416,,6.5,1071691,libxml2,https://www.suse.com/security/cve/CVE-2017-15416,"Heap buffer overflow in Blob API in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page, aka a Blink out-of-bounds read.",Released
20171207,CVE-2017-15416,,6.5,1071691,libxml2-python,https://www.suse.com/security/cve/CVE-2017-15416,"Heap buffer overflow in Blob API in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page, aka a Blink out-of-bounds read.",Released
20171207,CVE-2017-15417,,5.3,1071691,icu,https://www.suse.com/security/cve/CVE-2017-15417,"Inappropriate implementation in Skia canvas composite operations in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to leak cross-origin data via a crafted HTML page.",Released
20171207,CVE-2017-15417,,5.3,1071691,libxml2,https://www.suse.com/security/cve/CVE-2017-15417,"Inappropriate implementation in Skia canvas composite operations in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to leak cross-origin data via a crafted HTML page.",Released
20171207,CVE-2017-15417,,5.3,1071691,libxml2-python,https://www.suse.com/security/cve/CVE-2017-15417,"Inappropriate implementation in Skia canvas composite operations in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to leak cross-origin data via a crafted HTML page.",Released
20171207,CVE-2017-15418,,4.3,1071691,icu,https://www.suse.com/security/cve/CVE-2017-15418,"Use of uninitialized memory in Skia in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.",Released
20171207,CVE-2017-15418,,4.3,1071691,libxml2,https://www.suse.com/security/cve/CVE-2017-15418,"Use of uninitialized memory in Skia in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.",Released
20171207,CVE-2017-15418,,4.3,1071691,libxml2-python,https://www.suse.com/security/cve/CVE-2017-15418,"Use of uninitialized memory in Skia in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.",Released
20171207,CVE-2017-15419,,6.5,1071691,icu,https://www.suse.com/security/cve/CVE-2017-15419,"Insufficient policy enforcement in Resource Timing API in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to infer browsing history by triggering a leaked cross-origin URL via a crafted HTML page.",Released
20171207,CVE-2017-15419,,6.5,1071691,libxml2,https://www.suse.com/security/cve/CVE-2017-15419,"Insufficient policy enforcement in Resource Timing API in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to infer browsing history by triggering a leaked cross-origin URL via a crafted HTML page.",Released
20171207,CVE-2017-15419,,6.5,1071691,libxml2-python,https://www.suse.com/security/cve/CVE-2017-15419,"Insufficient policy enforcement in Resource Timing API in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to infer browsing history by triggering a leaked cross-origin URL via a crafted HTML page.",Released
20171207,CVE-2017-15420,,6.5,1071691,icu,https://www.suse.com/security/cve/CVE-2017-15420,"Incorrect handling of back navigations in error pages in Navigation in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.",Released
20171207,CVE-2017-15420,,6.5,1071691,libxml2,https://www.suse.com/security/cve/CVE-2017-15420,"Incorrect handling of back navigations in error pages in Navigation in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.",Released
20171207,CVE-2017-15420,,6.5,1071691,libxml2-python,https://www.suse.com/security/cve/CVE-2017-15420,"Incorrect handling of back navigations in error pages in Navigation in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.",Released
20171207,CVE-2017-15422,6.5,6.5,1071691,icu,https://www.suse.com/security/cve/CVE-2017-15422,"Integer overflow in international date handling in International Components for Unicode (ICU) for C/C++ before 60.1, as used in V8 in Google Chrome prior to 63.0.3239.84 and other products, allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.",Released
20171207,CVE-2017-15422,6.5,6.5,1071691,libxml2,https://www.suse.com/security/cve/CVE-2017-15422,"Integer overflow in international date handling in International Components for Unicode (ICU) for C/C++ before 60.1, as used in V8 in Google Chrome prior to 63.0.3239.84 and other products, allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.",Released
20171207,CVE-2017-15422,6.5,6.5,1071691,libxml2-python,https://www.suse.com/security/cve/CVE-2017-15422,"Integer overflow in international date handling in International Components for Unicode (ICU) for C/C++ before 60.1, as used in V8 in Google Chrome prior to 63.0.3239.84 and other products, allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.",Released
20171207,CVE-2017-15423,,5.3,1071691,icu,https://www.suse.com/security/cve/CVE-2017-15423,"Inappropriate implementation in BoringSSL SPAKE2 in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to leak the low-order bits of SHA512(password) by inspecting protocol traffic.",Released
20171207,CVE-2017-15423,,5.3,1071691,libxml2,https://www.suse.com/security/cve/CVE-2017-15423,"Inappropriate implementation in BoringSSL SPAKE2 in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to leak the low-order bits of SHA512(password) by inspecting protocol traffic.",Released
20171207,CVE-2017-15423,,5.3,1071691,libxml2-python,https://www.suse.com/security/cve/CVE-2017-15423,"Inappropriate implementation in BoringSSL SPAKE2 in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to leak the low-order bits of SHA512(password) by inspecting protocol traffic.",Released
20171207,CVE-2017-15424,,6.5,1071691,icu,https://www.suse.com/security/cve/CVE-2017-15424,"Insufficient policy enforcement in Omnibox in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name.",Released
20171207,CVE-2017-15424,,6.5,1071691,libxml2,https://www.suse.com/security/cve/CVE-2017-15424,"Insufficient policy enforcement in Omnibox in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name.",Released
20171207,CVE-2017-15424,,6.5,1071691,libxml2-python,https://www.suse.com/security/cve/CVE-2017-15424,"Insufficient policy enforcement in Omnibox in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name.",Released
20171207,CVE-2017-15425,,6.5,1071691,icu,https://www.suse.com/security/cve/CVE-2017-15425,"Insufficient policy enforcement in Omnibox in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name.",Released
20171207,CVE-2017-15425,,6.5,1071691,libxml2,https://www.suse.com/security/cve/CVE-2017-15425,"Insufficient policy enforcement in Omnibox in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name.",Released
20171207,CVE-2017-15425,,6.5,1071691,libxml2-python,https://www.suse.com/security/cve/CVE-2017-15425,"Insufficient policy enforcement in Omnibox in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name.",Released
20171207,CVE-2017-15426,,6.5,1071691,icu,https://www.suse.com/security/cve/CVE-2017-15426,"Insufficient policy enforcement in Omnibox in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name.",Released
20171207,CVE-2017-15426,,6.5,1071691,libxml2,https://www.suse.com/security/cve/CVE-2017-15426,"Insufficient policy enforcement in Omnibox in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name.",Released
20171207,CVE-2017-15426,,6.5,1071691,libxml2-python,https://www.suse.com/security/cve/CVE-2017-15426,"Insufficient policy enforcement in Omnibox in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name.",Released
20171207,CVE-2017-15427,,6.1,1071691,icu,https://www.suse.com/security/cve/CVE-2017-15427,"Insufficient policy enforcement in Omnibox in Google Chrome prior to 63.0.3239.84 allowed a socially engineered user to XSS themselves by dragging and dropping a javascript: URL into the URL bar.",Released
20171207,CVE-2017-15427,,6.1,1071691,libxml2,https://www.suse.com/security/cve/CVE-2017-15427,"Insufficient policy enforcement in Omnibox in Google Chrome prior to 63.0.3239.84 allowed a socially engineered user to XSS themselves by dragging and dropping a javascript: URL into the URL bar.",Released
20171207,CVE-2017-15427,,6.1,1071691,libxml2-python,https://www.suse.com/security/cve/CVE-2017-15427,"Insufficient policy enforcement in Omnibox in Google Chrome prior to 63.0.3239.84 allowed a socially engineered user to XSS themselves by dragging and dropping a javascript: URL into the URL bar.",Released
20171207,CVE-2017-17448,5.7,7.8,1071693,kernel-source,https://www.suse.com/security/cve/CVE-2017-17448,"net/netfilter/nfnetlink_cthelper.c in the Linux kernel through 4.14.4 does not require the CAP_NET_ADMIN capability for new, get, and del operations, which allows local users to bypass intended access restrictions because the nfnl_cthelper_list data structure is shared across all net namespaces.",Unsupported
20171207,CVE-2017-17450,4.4,7.8,1071695,kernel-source,https://www.suse.com/security/cve/CVE-2017-17450,"net/netfilter/xt_osf.c in the Linux kernel through 4.14.4 does not require the CAP_NET_ADMIN capability for add_callback and remove_callback operations, which allows local users to bypass intended access restrictions because the xt_osf_fingers data structure is shared across all net namespaces.",Released
20171207,CVE-2017-17456,3.3,6.5,1059912,libsndfile,https://www.suse.com/security/cve/CVE-2017-17456,"** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-14245. Reason: This candidate is a duplicate of CVE-2017-14245. Notes: All CVE users should reference CVE-2017-14245 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.",Released
20171207,CVE-2017-17457,3.3,6.5,1059913,libsndfile,https://www.suse.com/security/cve/CVE-2017-17457,"** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-14246. Reason: This candidate is a duplicate of CVE-2017-14246. Notes: All CVE users should reference CVE-2017-14246 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.",Released
20171211,CVE-2017-17484,7.3,9.8,1072193,icu,https://www.suse.com/security/cve/CVE-2017-17484,"The ucnv_UTF8FromUTF8 function in ucnv_u8.cpp in International Components for Unicode (ICU) for C/C++ through 60.1 mishandles ucnv_convertEx calls for UTF-8 to UTF-8 conversion, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted string, as demonstrated by ZNC.",Released
20171212,CVE-2017-15897,,3.1,1072320,firefox-atk,https://www.suse.com/security/cve/CVE-2017-15897,"Node.js had a bug in versions 8.X and 9.X which caused buffers to not be initialized when the encoding for the fill value did not match the encoding specified. For example, 'Buffer.alloc(0x100, \"This is not correctly encoded\", \"hex\");' The buffer implementation was updated such that the buffer will be initialized to all zeros in these cases.",Released
20171212,CVE-2017-15897,,3.1,1072320,firefox-cairo,https://www.suse.com/security/cve/CVE-2017-15897,"Node.js had a bug in versions 8.X and 9.X which caused buffers to not be initialized when the encoding for the fill value did not match the encoding specified. For example, 'Buffer.alloc(0x100, \"This is not correctly encoded\", \"hex\");' The buffer implementation was updated such that the buffer will be initialized to all zeros in these cases.",Released
20171212,CVE-2017-15897,,3.1,1072320,firefox-gcc8,https://www.suse.com/security/cve/CVE-2017-15897,"Node.js had a bug in versions 8.X and 9.X which caused buffers to not be initialized when the encoding for the fill value did not match the encoding specified. For example, 'Buffer.alloc(0x100, \"This is not correctly encoded\", \"hex\");' The buffer implementation was updated such that the buffer will be initialized to all zeros in these cases.",Released
20171212,CVE-2017-15897,,3.1,1072320,firefox-gdk-pixbuf,https://www.suse.com/security/cve/CVE-2017-15897,"Node.js had a bug in versions 8.X and 9.X which caused buffers to not be initialized when the encoding for the fill value did not match the encoding specified. For example, 'Buffer.alloc(0x100, \"This is not correctly encoded\", \"hex\");' The buffer implementation was updated such that the buffer will be initialized to all zeros in these cases.",Released
20171212,CVE-2017-15897,,3.1,1072320,firefox-glib2,https://www.suse.com/security/cve/CVE-2017-15897,"Node.js had a bug in versions 8.X and 9.X which caused buffers to not be initialized when the encoding for the fill value did not match the encoding specified. For example, 'Buffer.alloc(0x100, \"This is not correctly encoded\", \"hex\");' The buffer implementation was updated such that the buffer will be initialized to all zeros in these cases.",Released
20171212,CVE-2017-15897,,3.1,1072320,firefox-gtk3,https://www.suse.com/security/cve/CVE-2017-15897,"Node.js had a bug in versions 8.X and 9.X which caused buffers to not be initialized when the encoding for the fill value did not match the encoding specified. For example, 'Buffer.alloc(0x100, \"This is not correctly encoded\", \"hex\");' The buffer implementation was updated such that the buffer will be initialized to all zeros in these cases.",Released
20171212,CVE-2017-15897,,3.1,1072320,firefox-harfbuzz,https://www.suse.com/security/cve/CVE-2017-15897,"Node.js had a bug in versions 8.X and 9.X which caused buffers to not be initialized when the encoding for the fill value did not match the encoding specified. For example, 'Buffer.alloc(0x100, \"This is not correctly encoded\", \"hex\");' The buffer implementation was updated such that the buffer will be initialized to all zeros in these cases.",Released
20171212,CVE-2017-15897,,3.1,1072320,firefox-libffi-gcc5,https://www.suse.com/security/cve/CVE-2017-15897,"Node.js had a bug in versions 8.X and 9.X which caused buffers to not be initialized when the encoding for the fill value did not match the encoding specified. For example, 'Buffer.alloc(0x100, \"This is not correctly encoded\", \"hex\");' The buffer implementation was updated such that the buffer will be initialized to all zeros in these cases.",Released
20171212,CVE-2017-15897,,3.1,1072320,firefox-libffi,https://www.suse.com/security/cve/CVE-2017-15897,"Node.js had a bug in versions 8.X and 9.X which caused buffers to not be initialized when the encoding for the fill value did not match the encoding specified. For example, 'Buffer.alloc(0x100, \"This is not correctly encoded\", \"hex\");' The buffer implementation was updated such that the buffer will be initialized to all zeros in these cases.",Released
20171212,CVE-2017-15897,,3.1,1072320,firefox-pango,https://www.suse.com/security/cve/CVE-2017-15897,"Node.js had a bug in versions 8.X and 9.X which caused buffers to not be initialized when the encoding for the fill value did not match the encoding specified. For example, 'Buffer.alloc(0x100, \"This is not correctly encoded\", \"hex\");' The buffer implementation was updated such that the buffer will be initialized to all zeros in these cases.",Released
20171212,CVE-2017-17504,5.3,6.5,1072362,ImageMagick,https://www.suse.com/security/cve/CVE-2017-17504,"ImageMagick before 7.0.7-12 has a coders/png.c Magick_png_read_raw_profile heap-based buffer over-read via a crafted file, related to ReadOneMNGImage.",Released
20171213,CVE-2017-17558,4.6,6.6,1072561,kernel-source,https://www.suse.com/security/cve/CVE-2017-17558,"The usb_destroy_configuration function in drivers/usb/core/config.c in the USB core subsystem in the Linux kernel through 4.14.5 does not consider the maximum number of configurations and interfaces before attempting to release resources, which allows local users to cause a denial of service (out-of-bounds write access) or possibly have unspecified other impact via a crafted USB device.",Released
20171213,CVE-2017-17563,6.5,7.8,1070159,xen,https://www.suse.com/security/cve/CVE-2017-17563,"An issue was discovered in Xen through 4.9.x allowing guest OS users to cause a denial of service (host OS crash) or gain host OS privileges by leveraging an incorrect mask for reference-count overflow checking in shadow mode.",Released
20171213,CVE-2017-17564,6.5,7.8,1070160,xen,https://www.suse.com/security/cve/CVE-2017-17564,"An issue was discovered in Xen through 4.9.x allowing guest OS users to cause a denial of service (host OS crash) or gain host OS privileges by leveraging incorrect error handling for reference counting in shadow mode.",Released
20171213,CVE-2017-17565,4.1,5.6,1070163,xen,https://www.suse.com/security/cve/CVE-2017-17565,"An issue was discovered in Xen through 4.9.x allowing PV guest OS users to cause a denial of service (host OS crash) if shadow mode and log-dirty mode are in place, because of an incorrect assertion related to M2P.",Released
20171213,CVE-2017-17566,6.5,7.8,1070158,xen,https://www.suse.com/security/cve/CVE-2017-17566,"An issue was discovered in Xen through 4.9.x allowing PV guest OS users to cause a denial of service (host OS crash) or gain host OS privileges in shadow mode by mapping a certain auxiliary page.",Released
20171214,CVE-2017-13166,7.8,7.8,1072865,kernel-source,https://www.suse.com/security/cve/CVE-2017-13166,"An elevation of privilege vulnerability in the kernel v4l2 video driver. Product: Android. Versions: Android kernel. Android ID A-34624167.",Released
20171214,CVE-2017-13167,4,7.8,1072876,kernel-source,https://www.suse.com/security/cve/CVE-2017-13167,"An elevation of privilege vulnerability in the kernel sound timer. Product: Android. Versions: Android kernel. Android ID A-37240993.",Released
20171214,CVE-2017-17503,4,8.8,1072934,ImageMagick,https://www.suse.com/security/cve/CVE-2017-17503,"ReadGRAYImage in coders/gray.c in GraphicsMagick 1.3.26 has a magick/import.c ImportGrayQuantumType heap-based buffer over-read via a crafted file.",Affected
20171214,CVE-2017-17680,5.3,6.5,1072902,ImageMagick,https://www.suse.com/security/cve/CVE-2017-17680,"In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadXPMImage in coders/xpm.c, which allows attackers to cause a denial of service via a crafted xpm image file.",Released
20171214,CVE-2017-17681,5.3,6.5,1072901,ImageMagick,https://www.suse.com/security/cve/CVE-2017-17681,"In ImageMagick 7.0.7-12 Q16, an infinite loop vulnerability was found in the function ReadPSDChannelZip in coders/psd.c, which allows attackers to cause a denial of service (CPU exhaustion) via a crafted psd image file.",Unsupported
20171214,CVE-2017-17682,5.3,6.5,1072898,ImageMagick,https://www.suse.com/security/cve/CVE-2017-17682,"In ImageMagick 7.0.7-12 Q16, a large loop vulnerability was found in the function ExtractPostscript in coders/wpg.c, which allows attackers to cause a denial of service (CPU exhaustion) via a crafted wpg image file that triggers a ReadWPGImage call.",Released
20171215,CVE-2017-15127,,5.5,1073113,kernel-source,https://www.suse.com/security/cve/CVE-2017-15127,"A flaw was found in the hugetlb_mcopy_atomic_pte function in mm/hugetlb.c in the Linux kernel before 4.13. A superfluous implicit page unlock for VM_SHARED hugetlbfs mapping could trigger a local denial of service (BUG).",Analysis
20171215,CVE-2017-15128,,5.5,1073112,kernel-source,https://www.suse.com/security/cve/CVE-2017-15128,"A flaw was found in the hugetlb_mcopy_atomic_pte function in mm/hugetlb.c in the Linux kernel before 4.13.12. A lack of size check could cause a denial of service (BUG).",Analysis
20171215,CVE-2017-17405,8.3,8.8,1073002,ruby,https://www.suse.com/security/cve/CVE-2017-17405,"Ruby before 2.4.3 allows Net::FTP command injection. Net::FTP#get, getbinaryfile, gettextfile, put, putbinaryfile, and puttextfile use Kernel#open to open a local file. If the localfile argument starts with the \"|\" pipe character, the command following the pipe character is executed. The default value of localfile is File.basename(remotefile), so malicious FTP servers could cause arbitrary command execution.",Won't fix
20171215,CVE-2017-17502,,8.8,1073081,ImageMagick,https://www.suse.com/security/cve/CVE-2017-17502,"ReadCMYKImage in coders/cmyk.c in GraphicsMagick 1.3.26 has a magick/import.c ImportCMYKQuantumType heap-based buffer over-read via a crafted file.",Affected
20171215,CVE-2017-17522,5.3,8.8,1073018,python,https://www.suse.com/security/cve/CVE-2017-17522,"** DISPUTED ** Lib/webbrowser.py in Python through 3.6.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. NOTE: a software maintainer indicates that exploitation is impossible because the code relies on subprocess.Popen and the default shell=False setting.",Ignore
20171218,CVE-2017-17712,8,7,1073229,kernel-source,https://www.suse.com/security/cve/CVE-2017-17712,"The raw_sendmsg() function in net/ipv4/raw.c in the Linux kernel through 4.14.6 has a race condition in inet->hdrincl that leads to uninitialized stack pointer usage; this allows a local user to execute code and gain privileges.",Unsupported
20171218,CVE-2017-17740,5.9,7.5,1073313,openldap2,https://www.suse.com/security/cve/CVE-2017-17740,"contrib/slapd-modules/nops/nops.c in OpenLDAP through 2.4.45, when both the nops module and the memberof overlay are enabled, attempts to free a buffer that was allocated on the stack, which allows remote attackers to cause a denial of service (slapd crash) via a member MODDN operation.",Already fixed
20171218,CVE-2017-17741,7.1,6.5,1073311,kernel-source,https://www.suse.com/security/cve/CVE-2017-17741,"The KVM implementation in the Linux kernel through 4.14.7 allows attackers to obtain potentially sensitive information from kernel memory, aka a write_mmio stack-based out-of-bounds read, related to arch/x86/kvm/x86.c and include/trace/events/kvm.h.",Released
20171220,CVE-2017-17782,5.3,8.8,1073690,ImageMagick,https://www.suse.com/security/cve/CVE-2017-17782,"In GraphicsMagick 1.3.27a, there is a heap-based buffer over-read in ReadOneJNGImage in coders/png.c, related to oFFs chunk allocation.",Affected
20171221,CVE-2015-4100,-1,-1,1073914,puppet,https://www.suse.com/security/cve/CVE-2015-4100,"Puppet Enterprise 3.7.x and 3.8.0 might allow remote authenticated users to manage certificates for arbitrary nodes by leveraging a client certificate trusted by the master, aka a \"Certificate Authority Reverse Proxy Vulnerability.\"",Already fixed
20171221,CVE-2017-16995,,7.8,1073928,kernel-source,https://www.suse.com/security/cve/CVE-2017-16995,"The check_alu_op function in kernel/bpf/verifier.c in the Linux kernel through 4.4 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging incorrect sign extension.",Unsupported
20171221,CVE-2017-16996,,7.8,1073928,kernel-source,https://www.suse.com/security/cve/CVE-2017-16996,"kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging register truncation mishandling.",Unsupported
20171221,CVE-2017-17790,5.3,9.8,1073002,ruby,https://www.suse.com/security/cve/CVE-2017-17790,"The lazy_initialize function in lib/resolv.rb in Ruby through 2.4.3 uses Kernel#open, which might allow Command Injection attacks, as demonstrated by a Resolv::Hosts::new argument beginning with a '|' character, a different vulnerability than CVE-2017-17405. NOTE: situations with untrusted input may be highly unlikely.",Won't fix
20171221,CVE-2017-17805,7.1,7.8,1073792,kernel-source,https://www.suse.com/security/cve/CVE-2017-17805,"The Salsa20 encryption algorithm in the Linux kernel before 4.14.8 does not correctly handle zero-length inputs, allowing a local attacker able to use the AF_ALG-based skcipher interface (CONFIG_CRYPTO_USER_API_SKCIPHER) to cause a denial of service (uninitialized-memory free and kernel crash) or have unspecified other impact by executing a crafted sequence of system calls that use the blkcipher_walk API. Both the generic implementation (crypto/salsa20_generic.c) and x86 implementation (arch/x86/crypto/salsa20_glue.c) of Salsa20 were vulnerable.",Released
20171221,CVE-2017-17806,3.6,7.8,1073874,kernel-source,https://www.suse.com/security/cve/CVE-2017-17806,"The HMAC implementation (crypto/hmac.c) in the Linux kernel before 4.14.8 does not validate that the underlying cryptographic hash algorithm is unkeyed, allowing a local attacker able to use the AF_ALG-based hash interface (CONFIG_CRYPTO_USER_API_HASH) and the SHA-3 hash algorithm (CONFIG_CRYPTO_SHA3) to cause a kernel stack buffer overflow by executing a crafted sequence of system calls that encounter a missing SHA-3 initialization.",Released
20171221,CVE-2017-17807,5.1,3.3,1073860,kernel-source,https://www.suse.com/security/cve/CVE-2017-17807,"The KEYS subsystem in the Linux kernel before 4.14.6 omitted an access-control check when adding a key to the current task's \"default request-key keyring\" via the request_key() system call, allowing a local user to use a sequence of crafted system calls to add keys to a keyring with only Search permission (not Write permission) to that keyring, related to construct_get_dest_keyring() in security/keys/request_key.c.",Ignore
20171221,CVE-2017-17811,3.3,5.5,1073798,firefox-atk,https://www.suse.com/security/cve/CVE-2017-17811,"In Netwide Assembler (NASM) 2.14rc0, there is a heap-based buffer overflow that will cause a remote denial of service attack, related to a strcpy in paste_tokens in asm/preproc.c, a similar issue to CVE-2017-11111.",Released
20171221,CVE-2017-17811,3.3,5.5,1073798,firefox-cairo,https://www.suse.com/security/cve/CVE-2017-17811,"In Netwide Assembler (NASM) 2.14rc0, there is a heap-based buffer overflow that will cause a remote denial of service attack, related to a strcpy in paste_tokens in asm/preproc.c, a similar issue to CVE-2017-11111.",Released
20171221,CVE-2017-17811,3.3,5.5,1073798,firefox-gcc8,https://www.suse.com/security/cve/CVE-2017-17811,"In Netwide Assembler (NASM) 2.14rc0, there is a heap-based buffer overflow that will cause a remote denial of service attack, related to a strcpy in paste_tokens in asm/preproc.c, a similar issue to CVE-2017-11111.",Released
20171221,CVE-2017-17811,3.3,5.5,1073798,firefox-gdk-pixbuf,https://www.suse.com/security/cve/CVE-2017-17811,"In Netwide Assembler (NASM) 2.14rc0, there is a heap-based buffer overflow that will cause a remote denial of service attack, related to a strcpy in paste_tokens in asm/preproc.c, a similar issue to CVE-2017-11111.",Released
20171221,CVE-2017-17811,3.3,5.5,1073798,firefox-glib2,https://www.suse.com/security/cve/CVE-2017-17811,"In Netwide Assembler (NASM) 2.14rc0, there is a heap-based buffer overflow that will cause a remote denial of service attack, related to a strcpy in paste_tokens in asm/preproc.c, a similar issue to CVE-2017-11111.",Released
20171221,CVE-2017-17811,3.3,5.5,1073798,firefox-gtk3,https://www.suse.com/security/cve/CVE-2017-17811,"In Netwide Assembler (NASM) 2.14rc0, there is a heap-based buffer overflow that will cause a remote denial of service attack, related to a strcpy in paste_tokens in asm/preproc.c, a similar issue to CVE-2017-11111.",Released
20171221,CVE-2017-17811,3.3,5.5,1073798,firefox-harfbuzz,https://www.suse.com/security/cve/CVE-2017-17811,"In Netwide Assembler (NASM) 2.14rc0, there is a heap-based buffer overflow that will cause a remote denial of service attack, related to a strcpy in paste_tokens in asm/preproc.c, a similar issue to CVE-2017-11111.",Released
20171221,CVE-2017-17811,3.3,5.5,1073798,firefox-libffi-gcc5,https://www.suse.com/security/cve/CVE-2017-17811,"In Netwide Assembler (NASM) 2.14rc0, there is a heap-based buffer overflow that will cause a remote denial of service attack, related to a strcpy in paste_tokens in asm/preproc.c, a similar issue to CVE-2017-11111.",Released
20171221,CVE-2017-17811,3.3,5.5,1073798,firefox-libffi,https://www.suse.com/security/cve/CVE-2017-17811,"In Netwide Assembler (NASM) 2.14rc0, there is a heap-based buffer overflow that will cause a remote denial of service attack, related to a strcpy in paste_tokens in asm/preproc.c, a similar issue to CVE-2017-11111.",Released
20171221,CVE-2017-17811,3.3,5.5,1073798,firefox-pango,https://www.suse.com/security/cve/CVE-2017-17811,"In Netwide Assembler (NASM) 2.14rc0, there is a heap-based buffer overflow that will cause a remote denial of service attack, related to a strcpy in paste_tokens in asm/preproc.c, a similar issue to CVE-2017-11111.",Released
20171221,CVE-2017-17813,5.3,5.5,1073803,firefox-atk,https://www.suse.com/security/cve/CVE-2017-17813,"In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in the pp_list_one_macro function in asm/preproc.c that will cause a remote denial of service attack, related to mishandling of line-syntax errors.",Released
20171221,CVE-2017-17813,5.3,5.5,1073803,firefox-cairo,https://www.suse.com/security/cve/CVE-2017-17813,"In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in the pp_list_one_macro function in asm/preproc.c that will cause a remote denial of service attack, related to mishandling of line-syntax errors.",Released
20171221,CVE-2017-17813,5.3,5.5,1073803,firefox-gcc8,https://www.suse.com/security/cve/CVE-2017-17813,"In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in the pp_list_one_macro function in asm/preproc.c that will cause a remote denial of service attack, related to mishandling of line-syntax errors.",Released
20171221,CVE-2017-17813,5.3,5.5,1073803,firefox-gdk-pixbuf,https://www.suse.com/security/cve/CVE-2017-17813,"In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in the pp_list_one_macro function in asm/preproc.c that will cause a remote denial of service attack, related to mishandling of line-syntax errors.",Released
20171221,CVE-2017-17813,5.3,5.5,1073803,firefox-glib2,https://www.suse.com/security/cve/CVE-2017-17813,"In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in the pp_list_one_macro function in asm/preproc.c that will cause a remote denial of service attack, related to mishandling of line-syntax errors.",Released
20171221,CVE-2017-17813,5.3,5.5,1073803,firefox-gtk3,https://www.suse.com/security/cve/CVE-2017-17813,"In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in the pp_list_one_macro function in asm/preproc.c that will cause a remote denial of service attack, related to mishandling of line-syntax errors.",Released
20171221,CVE-2017-17813,5.3,5.5,1073803,firefox-harfbuzz,https://www.suse.com/security/cve/CVE-2017-17813,"In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in the pp_list_one_macro function in asm/preproc.c that will cause a remote denial of service attack, related to mishandling of line-syntax errors.",Released
20171221,CVE-2017-17813,5.3,5.5,1073803,firefox-libffi-gcc5,https://www.suse.com/security/cve/CVE-2017-17813,"In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in the pp_list_one_macro function in asm/preproc.c that will cause a remote denial of service attack, related to mishandling of line-syntax errors.",Released
20171221,CVE-2017-17813,5.3,5.5,1073803,firefox-libffi,https://www.suse.com/security/cve/CVE-2017-17813,"In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in the pp_list_one_macro function in asm/preproc.c that will cause a remote denial of service attack, related to mishandling of line-syntax errors.",Released
20171221,CVE-2017-17813,5.3,5.5,1073803,firefox-pango,https://www.suse.com/security/cve/CVE-2017-17813,"In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in the pp_list_one_macro function in asm/preproc.c that will cause a remote denial of service attack, related to mishandling of line-syntax errors.",Released
20171221,CVE-2017-17817,5.3,5.5,1073829,firefox-atk,https://www.suse.com/security/cve/CVE-2017-17817,"In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in pp_verror in asm/preproc.c that will cause a remote denial of service attack.",Released
20171221,CVE-2017-17817,5.3,5.5,1073829,firefox-cairo,https://www.suse.com/security/cve/CVE-2017-17817,"In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in pp_verror in asm/preproc.c that will cause a remote denial of service attack.",Released
20171221,CVE-2017-17817,5.3,5.5,1073829,firefox-gcc8,https://www.suse.com/security/cve/CVE-2017-17817,"In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in pp_verror in asm/preproc.c that will cause a remote denial of service attack.",Released
20171221,CVE-2017-17817,5.3,5.5,1073829,firefox-gdk-pixbuf,https://www.suse.com/security/cve/CVE-2017-17817,"In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in pp_verror in asm/preproc.c that will cause a remote denial of service attack.",Released
20171221,CVE-2017-17817,5.3,5.5,1073829,firefox-glib2,https://www.suse.com/security/cve/CVE-2017-17817,"In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in pp_verror in asm/preproc.c that will cause a remote denial of service attack.",Released
20171221,CVE-2017-17817,5.3,5.5,1073829,firefox-gtk3,https://www.suse.com/security/cve/CVE-2017-17817,"In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in pp_verror in asm/preproc.c that will cause a remote denial of service attack.",Released
20171221,CVE-2017-17817,5.3,5.5,1073829,firefox-harfbuzz,https://www.suse.com/security/cve/CVE-2017-17817,"In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in pp_verror in asm/preproc.c that will cause a remote denial of service attack.",Released
20171221,CVE-2017-17817,5.3,5.5,1073829,firefox-libffi-gcc5,https://www.suse.com/security/cve/CVE-2017-17817,"In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in pp_verror in asm/preproc.c that will cause a remote denial of service attack.",Released
20171221,CVE-2017-17817,5.3,5.5,1073829,firefox-libffi,https://www.suse.com/security/cve/CVE-2017-17817,"In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in pp_verror in asm/preproc.c that will cause a remote denial of service attack.",Released
20171221,CVE-2017-17817,5.3,5.5,1073829,firefox-pango,https://www.suse.com/security/cve/CVE-2017-17817,"In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in pp_verror in asm/preproc.c that will cause a remote denial of service attack.",Released
20171221,CVE-2017-17819,3.3,5.5,1073832,firefox-atk,https://www.suse.com/security/cve/CVE-2017-17819,"In Netwide Assembler (NASM) 2.14rc0, there is an illegal address access in the function find_cc() in asm/preproc.c that will cause a remote denial of service attack, because pointers associated with skip_white_ calls are not validated.",Released
20171221,CVE-2017-17819,3.3,5.5,1073832,firefox-cairo,https://www.suse.com/security/cve/CVE-2017-17819,"In Netwide Assembler (NASM) 2.14rc0, there is an illegal address access in the function find_cc() in asm/preproc.c that will cause a remote denial of service attack, because pointers associated with skip_white_ calls are not validated.",Released
20171221,CVE-2017-17819,3.3,5.5,1073832,firefox-gcc8,https://www.suse.com/security/cve/CVE-2017-17819,"In Netwide Assembler (NASM) 2.14rc0, there is an illegal address access in the function find_cc() in asm/preproc.c that will cause a remote denial of service attack, because pointers associated with skip_white_ calls are not validated.",Released
20171221,CVE-2017-17819,3.3,5.5,1073832,firefox-gdk-pixbuf,https://www.suse.com/security/cve/CVE-2017-17819,"In Netwide Assembler (NASM) 2.14rc0, there is an illegal address access in the function find_cc() in asm/preproc.c that will cause a remote denial of service attack, because pointers associated with skip_white_ calls are not validated.",Released
20171221,CVE-2017-17819,3.3,5.5,1073832,firefox-glib2,https://www.suse.com/security/cve/CVE-2017-17819,"In Netwide Assembler (NASM) 2.14rc0, there is an illegal address access in the function find_cc() in asm/preproc.c that will cause a remote denial of service attack, because pointers associated with skip_white_ calls are not validated.",Released
20171221,CVE-2017-17819,3.3,5.5,1073832,firefox-gtk3,https://www.suse.com/security/cve/CVE-2017-17819,"In Netwide Assembler (NASM) 2.14rc0, there is an illegal address access in the function find_cc() in asm/preproc.c that will cause a remote denial of service attack, because pointers associated with skip_white_ calls are not validated.",Released
20171221,CVE-2017-17819,3.3,5.5,1073832,firefox-harfbuzz,https://www.suse.com/security/cve/CVE-2017-17819,"In Netwide Assembler (NASM) 2.14rc0, there is an illegal address access in the function find_cc() in asm/preproc.c that will cause a remote denial of service attack, because pointers associated with skip_white_ calls are not validated.",Released
20171221,CVE-2017-17819,3.3,5.5,1073832,firefox-libffi-gcc5,https://www.suse.com/security/cve/CVE-2017-17819,"In Netwide Assembler (NASM) 2.14rc0, there is an illegal address access in the function find_cc() in asm/preproc.c that will cause a remote denial of service attack, because pointers associated with skip_white_ calls are not validated.",Released
20171221,CVE-2017-17819,3.3,5.5,1073832,firefox-libffi,https://www.suse.com/security/cve/CVE-2017-17819,"In Netwide Assembler (NASM) 2.14rc0, there is an illegal address access in the function find_cc() in asm/preproc.c that will cause a remote denial of service attack, because pointers associated with skip_white_ calls are not validated.",Released
20171221,CVE-2017-17819,3.3,5.5,1073832,firefox-pango,https://www.suse.com/security/cve/CVE-2017-17819,"In Netwide Assembler (NASM) 2.14rc0, there is an illegal address access in the function find_cc() in asm/preproc.c that will cause a remote denial of service attack, because pointers associated with skip_white_ calls are not validated.",Released
20171222,CVE-2017-17501,4,8.8,1074023,ImageMagick,https://www.suse.com/security/cve/CVE-2017-17501,"WriteOnePNGImage in coders/png.c in GraphicsMagick 1.3.26 has a heap-based buffer over-read via a crafted file.",Affected
20171222,CVE-2017-17840,7.3,7.8,1072312,open-iscsi,https://www.suse.com/security/cve/CVE-2017-17840,"An issue was discovered in Open-iSCSI through 2.0.875. A local attacker can cause the iscsiuio server to abort or potentially execute code by sending messages with incorrect lengths, which (due to lack of checking) can lead to buffer overflows, and result in aborts (with overflow checking enabled) or code execution. The process_iscsid_broadcast function in iscsiuio/src/unix/iscsid_ipc.c does not validate the payload length before a write operation.",Released
20171223,CVE-2017-17852,,7.8,1073928,kernel-source,https://www.suse.com/security/cve/CVE-2017-17852,"kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging mishandling of 32-bit ALU ops.",Unsupported
20171223,CVE-2017-17853,,7.8,1073928,kernel-source,https://www.suse.com/security/cve/CVE-2017-17853,"kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging incorrect BPF_RSH signed bounds calculations.",Unsupported
20171223,CVE-2017-17854,6.2,7.8,1073928,kernel-source,https://www.suse.com/security/cve/CVE-2017-17854,"kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (integer overflow and memory corruption) or possibly have unspecified other impact by leveraging unrestricted integer values for pointer arithmetic.",Unsupported
20171223,CVE-2017-17855,,7.8,1073928,kernel-source,https://www.suse.com/security/cve/CVE-2017-17855,"kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging improper use of pointers in place of scalars.",Unsupported
20171223,CVE-2017-17856,,7.8,1073928,kernel-source,https://www.suse.com/security/cve/CVE-2017-17856,"kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging the lack of stack-pointer alignment enforcement.",Unsupported
20171223,CVE-2017-17857,,7.8,1073928,kernel-source,https://www.suse.com/security/cve/CVE-2017-17857,"The check_stack_boundary function in kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging mishandling of invalid variable stack read operations.",Unsupported
20171226,CVE-2017-17862,,5.5,1073928,kernel-source,https://www.suse.com/security/cve/CVE-2017-17862,"kernel/bpf/verifier.c in the Linux kernel through 4.14.8 ignores unreachable code, even though it would still be processed by JIT compilers. This behavior, also considered an improper branch-pruning logic issue, could possibly be used by local users for denial of service.",Unsupported
20171226,CVE-2017-17863,,7.8,1073928,kernel-source,https://www.suse.com/security/cve/CVE-2017-17863,"kernel/bpf/verifier.c in the Linux kernel 4.9.x through 4.9.71 does not check the relationship between pointer values and the BPF stack, which allows local users to cause a denial of service (integer overflow or invalid memory access) or possibly have unspecified other impact.",Unsupported
20171226,CVE-2017-17864,,3.3,1073928,kernel-source,https://www.suse.com/security/cve/CVE-2017-17864,"kernel/bpf/verifier.c in the Linux kernel through 4.14.8 mishandles states_equal comparisons between the pointer data type and the UNKNOWN_VALUE data type, which allows local users to obtain potentially sensitive address information, aka a \"pointer leak.\"",Unsupported
20171227,CVE-2017-17879,,8.8,1074125,ImageMagick,https://www.suse.com/security/cve/CVE-2017-17879,"In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-21, there is a heap-based buffer over-read in ReadOneMNGImage in coders/png.c, related to length calculation and caused by an off-by-one error.",Released
20171227,CVE-2017-17881,,6.5,1074123,ImageMagick,https://www.suse.com/security/cve/CVE-2017-17881,"In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allows attackers to cause a denial of service via a crafted MAT image file.",Released
20171227,CVE-2017-17882,,6.5,1074122,ImageMagick,https://www.suse.com/security/cve/CVE-2017-17882,"In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadXPMImage in coders/xpm.c, which allows attackers to cause a denial of service via a crafted XPM image file.",Released
20171227,CVE-2017-17884,,6.5,1074120,ImageMagick,https://www.suse.com/security/cve/CVE-2017-17884,"In ImageMagick 7.0.7-16 Q16, a memory leak vulnerability was found in the function WriteOnePNGImage in coders/png.c, which allows attackers to cause a denial of service via a crafted PNG image file.",Released
20171227,CVE-2017-17885,,6.5,1074119,ImageMagick,https://www.suse.com/security/cve/CVE-2017-17885,"In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadPICTImage in coders/pict.c, which allows attackers to cause a denial of service via a crafted PICT image file.",Released
20171227,CVE-2017-17886,,6.5,1074118,ImageMagick,https://www.suse.com/security/cve/CVE-2017-17886,"In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadPSDChannelZip in coders/psd.c, which allows attackers to cause a denial of service via a crafted psd image file.",Ignore
20171228,CVE-2017-17914,,6.5,1074185,ImageMagick,https://www.suse.com/security/cve/CVE-2017-17914,"In ImageMagick 7.0.7-16 Q16, a vulnerability was found in the function ReadOnePNGImage in coders/png.c, which allows attackers to cause a denial of service (ReadOneMNGImage large loop) via a crafted mng image file.",Released
20171228,CVE-2017-17915,,8.8,1074125,ImageMagick,https://www.suse.com/security/cve/CVE-2017-17915,"In GraphicsMagick 1.4 snapshot-20171217 Q8, there is a heap-based buffer over-read in ReadMNGImage in coders/png.c, related to accessing one byte before testing whether a limit has been reached.",Affected
20171228,CVE-2017-17934,,6.5,1074170,ImageMagick,https://www.suse.com/security/cve/CVE-2017-17934,"ImageMagick 7.0.7-17 Q16 x86_64 has memory leaks in coders/msl.c, related to MSLPopImage and ProcessMSLScript, and associated with mishandling of MSLPushImage calls.",Released
20171228,CVE-2017-17935,,7.5,1074171,wireshark,https://www.suse.com/security/cve/CVE-2017-17935,"The File_read_line function in epan/wslua/wslua_file.c in Wireshark through 2.2.11 does not properly strip '\n' characters, which allows remote attackers to cause a denial of service (buffer underflow and application crash) via a crafted packet that triggers the attempted processing of an empty line.",Released
20171228,CVE-2017-17942,4.4,8.8,1074186,tiff,https://www.suse.com/security/cve/CVE-2017-17942,"In LibTIFF 4.0.9, there is a heap-based buffer over-read in the function PackBitsEncode in tif_packbits.c.",Released
20180102,CVE-2017-17912,5.3,8.8,1074307,ImageMagick,https://www.suse.com/security/cve/CVE-2017-17912,"In GraphicsMagick 1.4 snapshot-20171217 Q8, there is a heap-based buffer over-read in ReadNewsProfile in coders/tiff.c, in which LocaleNCompare reads heap data beyond the allocated region.",Affected
20180102,CVE-2017-17973,7.5,8.8,1074318,tiff,https://www.suse.com/security/cve/CVE-2017-17973,"** DISPUTED ** In LibTIFF 4.0.8, there is a heap-based use-after-free in the t2p_writeproc function in tiff2pdf.c. NOTE: there is a third-party report of inability to reproduce this issue.",Released
20180102,CVE-2017-18008,5.3,6.5,1074309,ImageMagick,https://www.suse.com/security/cve/CVE-2017-18008,"In ImageMagick 7.0.7-17 Q16, there is a Memory Leak in ReadPWPImage in coders/pwp.c.",Released
20180102,CVE-2017-18013,7.5,6.5,1074317,tiff,https://www.suse.com/security/cve/CVE-2017-18013,"In LibTIFF 4.0.9, there is a Null-Pointer Dereference in the tif_print.c TIFFPrintDirectory function, as demonstrated by a tiffinfo crash.",Released
20180103,CVE-2017-1000422,5.3,8.8,1074462,gtk2,https://www.suse.com/security/cve/CVE-2017-1000422,"Gnome gdk-pixbuf 2.36.8 and older is vulnerable to several integer overflow in the gif_get_lzw function resulting in memory corruption and potential code execution",Ignore
20180103,CVE-2017-1000445,5.3,6.5,1074425,ImageMagick,https://www.suse.com/security/cve/CVE-2017-1000445,"ImageMagick 7.0.7-1 and older version are vulnerable to null pointer dereference in the MagickCore component and might lead to denial of service",Released
20180103,CVE-2017-1000456,7.3,8.8,1074453,poppler,https://www.suse.com/security/cve/CVE-2017-1000456,"freedesktop.org libpoppler 0.60.1 fails to validate boundaries in TextPool::addWord, leading to overflow in subsequent calculations.",Released
20180103,CVE-2017-18017,5.4,9.8,1074488,kernel-source,https://www.suse.com/security/cve/CVE-2017-18017,"The tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c in the Linux kernel before 4.11, and 4.9.x before 4.9.36, allows remote attackers to cause a denial of service (use-after-free and memory corruption) or possibly have unspecified other impact by leveraging the presence of xt_TCPMSS in an iptables action.",Released
20180104,CVE-2017-1000476,,6.5,1074610,ImageMagick,https://www.suse.com/security/cve/CVE-2017-1000476,"ImageMagick 7.0.7-12 Q16, a CPU exhaustion vulnerability was found in the function ReadDDSInfo in coders/dds.c, which allows attackers to cause a denial of service.",Released
20180104,CVE-2017-18018,4.2,4.7,1074599,coreutils,https://www.suse.com/security/cve/CVE-2017-18018,"In GNU Coreutils through 8.29, chown-core.c in chown and chgrp does not prevent replacement of a plain file with a symlink during use of the POSIX \"-R -L\" options, which allows local users to modify the ownership of arbitrary files by leveraging a race condition.",Ignore
20180108,CVE-2017-18022,5.3,6.5,1074969,ImageMagick,https://www.suse.com/security/cve/CVE-2017-18022,"In ImageMagick 7.0.7-12 Q16, there are memory leaks in MontageImageCommand in MagickWand/montage.c.",Released
20180108,CVE-2018-5246,,6.5,1074973,ImageMagick,https://www.suse.com/security/cve/CVE-2018-5246,"In ImageMagick 7.0.7-17 Q16, there are memory leaks in ReadPATTERNImage in coders/pattern.c.",Released
20180108,CVE-2018-5247,6.5,6.5,1074969,ImageMagick,https://www.suse.com/security/cve/CVE-2018-5247,"In ImageMagick 7.0.7-17 Q16, there are memory leaks in ReadRLAImage in coders/rla.c.",Released
20180110,CVE-2018-1000001,,7.8,1074293,glibc,https://www.suse.com/security/cve/CVE-2018-1000001,"In glibc 2.26 and earlier there is confusion in the usage of getcwd() by realpath() which can be used to write before the destination buffer leading to a buffer underflow and potential code execution.",Released
20180111,CVE-2018-5332,3.6,7.8,1075621,kernel-source,https://www.suse.com/security/cve/CVE-2018-5332,"In the Linux kernel through 3.2, the rds_message_alloc_sgs() function does not validate a value that is used during DMA page allocation, leading to a heap-based out-of-bounds write (related to the rds_rdma_extra_size function in net/rds/rdma.c).",Released
20180111,CVE-2018-5333,2.9,5.5,1075617,kernel-source,https://www.suse.com/security/cve/CVE-2018-5333,"In the Linux kernel through 4.14.13, the rds_cmsg_atomic function in net/rds/rdma.c mishandles cases where page pinning fails or an invalid address is supplied, leading to an rds_atomic_free_op NULL pointer dereference.",Released
20180112,CVE-2018-5334,4.3,6.5,1075737,wireshark,https://www.suse.com/security/cve/CVE-2018-5334,"In Wireshark 2.4.0 to 2.4.3 and 2.2.0 to 2.2.11, the IxVeriWave file parser could crash. This was addressed in wiretap/vwr.c by correcting the signature timestamp bounds checks.",Released
20180112,CVE-2018-5335,4.3,6.5,1075738,wireshark,https://www.suse.com/security/cve/CVE-2018-5335,"In Wireshark 2.4.0 to 2.4.3 and 2.2.0 to 2.2.11, the WCP dissector could crash. This was addressed in epan/dissectors/packet-wcp.c by validating the available buffer length.",Released
20180112,CVE-2018-5336,4.3,7.5,1075739,wireshark,https://www.suse.com/security/cve/CVE-2018-5336,"In Wireshark 2.4.0 to 2.4.3 and 2.2.0 to 2.2.11, the JSON, XML, NTP, XMPP, and GDB dissectors could crash. This was addressed in epan/tvbparse.c by limiting the recursion depth.",Released
20180112,CVE-2018-5357,5.3,6.5,1075821,ImageMagick,https://www.suse.com/security/cve/CVE-2018-5357,"ImageMagick 7.0.7-22 Q16 has memory leaks in the ReadDCMImage function in coders/dcm.c.",Unsupported
20180114,CVE-2017-13215,5.3,7.8,1075908,kernel-source,https://www.suse.com/security/cve/CVE-2017-13215,"A elevation of privilege vulnerability in the Upstream kernel skcipher. Product: Android. Versions: Android kernel. Android ID: A-64386293. References: Upstream kernel.",Released
20180115,CVE-2017-18027,6.5,6.5,1076051,ImageMagick,https://www.suse.com/security/cve/CVE-2017-18027,"In ImageMagick 7.0.7-1 Q16, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allow remote attackers to cause a denial of service via a crafted file.",Released
20180115,CVE-2017-18029,5.3,6.5,1076021,ImageMagick,https://www.suse.com/security/cve/CVE-2017-18029,"In ImageMagick 7.0.6-10 Q16, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allow remote attackers to cause a denial of service via a crafted file.",Released
20180115,CVE-2018-5360,4.8,8.8,1075944,tiff,https://www.suse.com/security/cve/CVE-2018-5360,"LibTIFF before 4.0.6 mishandles the reading of TIFF files, as demonstrated by a heap-based buffer over-read in the ReadTIFFImage function in coders/tiff.c in GraphicsMagick 1.3.27.",Already fixed
20180115,CVE-2018-5685,7.5,6.5,1075939,ImageMagick,https://www.suse.com/security/cve/CVE-2018-5685,"In GraphicsMagick 1.3.27, there is an infinite loop and application hang in the ReadBMPImage function (coders/bmp.c). Remote attackers could leverage this vulnerability to cause a denial of service via an image file with a crafted bit-field mask value.",Released
20180116,CVE-2017-18028,,6.5,1076182,ImageMagick,https://www.suse.com/security/cve/CVE-2017-18028,"In ImageMagick 7.0.7-1 Q16, a memory exhaustion vulnerability was found in the function ReadTIFFImage in coders/tiff.c, which allow remote attackers to cause a denial of service via a crafted file.",Released
20180116,CVE-2017-18030,2.8,4.4,1076179,kvm,https://www.suse.com/security/cve/CVE-2017-18030,"The cirrus_invalidate_region function in hw/display/cirrus_vga.c in Qemu allows local OS guest privileged users to cause a denial of service (out-of-bounds array access and QEMU process crash) via vectors related to negative pitch.",Released
20180116,CVE-2017-3144,5.3,7.5,1076118,dhcp,https://www.suse.com/security/cve/CVE-2017-3144,"A vulnerability stemming from failure to properly clean up closed OMAPI connections can lead to exhaustion of the pool of socket descriptors available to the DHCP server. Affects ISC DHCP 4.1.0 to 4.1-ESV-R15, 4.2.0 to 4.2.8, 4.3.0 to 4.3.6. Older versions may also be affected but are well beyond their end-of-life (EOL). Releases prior to 4.1.0 have not been tested.",Released
20180116,CVE-2017-3145,7.5,7.5,1076118,bind,https://www.suse.com/security/cve/CVE-2017-3145,"BIND was improperly sequencing cleanup operations on upstream recursion fetch contexts, leading in some cases to a use-after-free error that can trigger an assertion failure and crash in named. Affects BIND 9.0.0 to 9.8.x, 9.9.0 to 9.9.11, 9.10.0 to 9.10.6, 9.11.0 to 9.11.2, 9.9.3-S1 to 9.9.11-S1, 9.10.5-S1 to 9.10.6-S1, 9.12.0a1 to 9.12.0rc1.",Released
20180116,CVE-2018-1000004,5.5,5.9,1076017,kernel-source,https://www.suse.com/security/cve/CVE-2018-1000004,"In the Linux kernel 4.12, 3.10, 2.6 and possibly earlier versions a race condition vulnerability exists in the sound system, this can lead to a deadlock and denial of service condition.",Released
20180116,CVE-2018-5683,4.2,6,1076114,kvm,https://www.suse.com/security/cve/CVE-2018-5683,"The vga_draw_text function in Qemu allows local OS guest privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) by leveraging improper memory address validation.",Released
20180116,CVE-2018-5712,6.3,6.1,1076220,php53,https://www.suse.com/security/cve/CVE-2018-5712,"An issue was discovered in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1. There is Reflected XSS on the PHAR 404 error page via the URI of a request for a .phar file.",Released
20180117,CVE-2018-2579,3.7,3.7,1076366,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2018-2579,"Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).",Unsupported
20180117,CVE-2018-2582,6.5,6.5,1076366,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2018-2582,"Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 8u152 and 9.0.1; Java SE Embedded: 8u151. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 6.5 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N).",Released
20180117,CVE-2018-2588,4.3,4.3,1076366,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2018-2588,"Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: LDAP). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).",Unsupported
20180117,CVE-2018-2599,4.8,4.8,1076366,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2018-2599,"Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JNDI). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded, JRockit accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 4.8 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L).",Released
20180117,CVE-2018-2602,4.5,4.5,1076366,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2018-2602,"Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: I18n). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Java SE, Java SE Embedded executes to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 4.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L).",Released
20180117,CVE-2018-2603,5.3,5.3,1076366,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2018-2603,"Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).",Unsupported
20180117,CVE-2018-2618,5.9,5.9,1076366,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2018-2618,"Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JCE). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).",Unsupported
20180117,CVE-2018-2633,8.3,8.3,1076366,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2018-2633,"Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JNDI). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).",Unsupported
20180117,CVE-2018-2634,6.8,6.8,1076366,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2018-2634,"Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JGSS). Supported versions that are affected are Java SE: 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. While the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 6.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N).",Unsupported
20180117,CVE-2018-2637,7.4,7.4,1076366,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2018-2637,"Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JMX). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, JRockit accessible data as well as unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).",Unsupported
20180117,CVE-2018-2641,6.1,6.1,1076366,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2018-2641,"Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 6.1 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N).",Unsupported
20180117,CVE-2018-2663,4.3,4.3,1076366,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2018-2663,"Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L).",Unsupported
20180117,CVE-2018-2677,4.3,4.3,1076366,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2018-2677,"Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L).",Unsupported
20180117,CVE-2018-2678,4.3,4.3,1076366,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2018-2678,"Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JNDI). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L).",Unsupported
20180117,CVE-2018-5711,5.3,5.5,1076391,gd,https://www.suse.com/security/cve/CVE-2018-5711,"gd_gif_in.c in the GD Graphics Library (aka libgd), as used in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1, has an integer signedness error that leads to an infinite loop via a crafted GIF file, as demonstrated by a call to the imagecreatefromgif or imagecreatefromstring PHP function. This is related to GetCode_ and gdImageCreateFromGifCtx.",Released
20180117,CVE-2018-5711,5.3,5.5,1076391,php53,https://www.suse.com/security/cve/CVE-2018-5711,"gd_gif_in.c in the GD Graphics Library (aka libgd), as used in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1, has an integer signedness error that leads to an infinite loop via a crafted GIF file, as demonstrated by a call to the imagecreatefromgif or imagecreatefromstring PHP function. This is related to GetCode_ and gdImageCreateFromGifCtx.",Released
20180118,CVE-2018-2657,5.3,5.3,1076366,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2018-2657,"Vulnerability in the Java SE, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u171 and 7u161; JRockit: R28.3.16. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, JRockit. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).",Unsupported
20180118,CVE-2018-5748,2.8,7.5,1076500,libvirt,https://www.suse.com/security/cve/CVE-2018-5748,"qemu/qemu_monitor.c in libvirt allows attackers to cause a denial of service (memory consumption) via a large QEMU reply.",Released
20180118,CVE-2018-5764,3.3,7.5,1076503,rsync,https://www.suse.com/security/cve/CVE-2018-5764,"The parse_arguments function in options.c in rsyncd in rsync before 3.1.3 does not prevent multiple --protect-args uses, which allows remote attackers to bypass an argument-sanitization protection mechanism.",Released
20180122,CVE-2016-10708,5.3,7.5,1076957,openssh-askpass-gnome,https://www.suse.com/security/cve/CVE-2016-10708,"sshd in OpenSSH before 7.4 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence NEWKEYS message, as demonstrated by Honggfuzz, related to kex.c and packet.c.",Released
20180122,CVE-2016-10708,5.3,7.5,1076957,openssh,https://www.suse.com/security/cve/CVE-2016-10708,"sshd in OpenSSH before 7.4 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence NEWKEYS message, as demonstrated by Honggfuzz, related to kex.c and packet.c.",Released
20180122,CVE-2017-15107,5.4,7.5,1076958,dnsmasq,https://www.suse.com/security/cve/CVE-2017-15107,"A vulnerability was found in the implementation of DNSSEC in Dnsmasq up to and including 2.78. Wildcard synthesized NSEC records could be improperly interpreted to prove the non-existence of hostnames that actually exist.",Released
20180122,CVE-2017-17997,5.9,7.5,1077080,wireshark,https://www.suse.com/security/cve/CVE-2017-17997,"In Wireshark before 2.2.12, the MRDISC dissector misuses a NULL pointer and crashes. This was addressed in epan/dissectors/packet-mrdisc.c by validating an IPv4 address. This vulnerability is similar to CVE-2017-9343.",Released
20180123,CVE-2018-1000007,4.4,9.8,1077001,curl,https://www.suse.com/security/cve/CVE-2018-1000007,"libcurl 7.1 through 7.57.0 might accidentally leak authentication data to third parties. When asked to send custom headers in its HTTP requests, libcurl will send that set of headers first to the host in the initial URL but also, if asked to follow redirects and a 30X HTTP response code is returned, to the host mentioned in URL in the `Location:` response header value. Sending the same set of headers to subsequent hosts is in particular a problem for applications that pass on custom `Authorization:` headers, as this header often contains privacy sensitive information or data that could allow others to impersonate the libcurl-using client's request.",Released
20180124,CVE-2015-1142857,4.8,,1077355,kernel-firmware,https://www.suse.com/security/cve/CVE-2015-1142857,"On multiple SR-IOV cars it is possible for VF's assigned to guests to send ethernet flow control pause frames via the PF. This includes Linux kernel ixgbe driver before commit f079fa005aae08ee0e1bc32699874ff4f02e11c1, the Linux Kernel i40e/i40evf driver before e7358f54a3954df16d4f87e3cad35063f1c17de5 and the DPDK before commit 3f12b9f23b6499ff66ec8b0de941fb469297e5d0, additionally Multiple vendor NIC firmware is affected.",Released
20180124,CVE-2015-1142857,4.8,,1077355,kernel-source,https://www.suse.com/security/cve/CVE-2015-1142857,"On multiple SR-IOV cars it is possible for VF's assigned to guests to send ethernet flow control pause frames via the PF. This includes Linux kernel ixgbe driver before commit f079fa005aae08ee0e1bc32699874ff4f02e11c1, the Linux Kernel i40e/i40evf driver before e7358f54a3954df16d4f87e3cad35063f1c17de5 and the DPDK before commit 3f12b9f23b6499ff66ec8b0de941fb469297e5d0, additionally Multiple vendor NIC firmware is affected.",Released
20180124,CVE-2018-5950,,6.1,1077358,mailman,https://www.suse.com/security/cve/CVE-2018-5950,"Cross-site scripting (XSS) vulnerability in the web UI in Mailman before 2.1.26 allows remote attackers to inject arbitrary web script or HTML via a user-options URL.",Released
20180125,CVE-2017-18005,5.5,5.5,1077620,exiv2,https://www.suse.com/security/cve/CVE-2017-18005,"Exiv2 0.26 has a Null Pointer Dereference in the Exiv2::DataValue::toLong function in value.cpp, related to crafted metadata in a TIFF file.",Ignore
20180125,CVE-2018-6196,6.5,7.5,1077559,w3m,https://www.suse.com/security/cve/CVE-2018-6196,"w3m through 0.5.3 is prone to an infinite recursion flaw in HTMLlineproc0 because the feed_table_block_tag function in table.c does not prevent a negative indent value.",Released
20180125,CVE-2018-6197,6.5,7.5,1077559,w3m,https://www.suse.com/security/cve/CVE-2018-6197,"w3m through 0.5.3 is prone to a NULL pointer dereference flaw in formUpdateBuffer in form.c.",Released
20180125,CVE-2018-6198,3.3,4.7,1077559,w3m,https://www.suse.com/security/cve/CVE-2018-6198,"w3m through 0.5.3 does not properly handle temporary files when the ~/.w3m directory is unwritable, which allows a local attacker to craft a symlink attack to overwrite arbitrary files.",Released
20180126,CVE-2017-12374,7.5,7.5,1077732,clamav,https://www.suse.com/security/cve/CVE-2017-12374,"The ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a lack of input validation checking mechanisms during certain mail parsing operations (mbox.c operations on bounce messages). If successfully exploited, the ClamAV software could allow a variable pointing to the mail body which could cause a used after being free (use-after-free) instance which may lead to a disruption of services on an affected device to include a denial of service condition.",Released
20180126,CVE-2017-12375,5.3,7.5,1077732,clamav,https://www.suse.com/security/cve/CVE-2017-12375,"The ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a lack of input validation checking mechanisms during certain mail parsing functions (the rfc2047 function in mbox.c). An unauthenticated, remote attacker could exploit this vulnerability by sending a crafted email to the affected device. This action could cause a buffer overflow condition when ClamAV scans the malicious email, allowing the attacker to potentially cause a DoS condition on an affected device.",Released
20180126,CVE-2017-12376,9.8,7.8,1077732,clamav,https://www.suse.com/security/cve/CVE-2017-12376,"ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or potentially execute arbitrary code on an affected device. The vulnerability is due to improper input validation checking mechanisms when handling Portable Document Format (.pdf) files sent to an affected device. An unauthenticated, remote attacker could exploit this vulnerability by sending a crafted .pdf file to an affected device. This action could cause a handle_pdfname (in pdf.c) buffer overflow when ClamAV scans the malicious file, allowing the attacker to cause a DoS condition or potentially execute arbitrary code.",Released
20180126,CVE-2017-12377,5.3,9.8,1077732,clamav,https://www.suse.com/security/cve/CVE-2017-12377,"ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or potentially execute arbitrary code on an affected device. The vulnerability is due to improper input validation checking mechanisms in mew packet files sent to an affected device. A successful exploit could cause a heap-based buffer over-read condition in mew.c when ClamAV scans the malicious file, allowing the attacker to cause a DoS condition or potentially execute arbitrary code on the affected device.",Released
20180126,CVE-2017-12378,5.3,5.5,1077732,clamav,https://www.suse.com/security/cve/CVE-2017-12378,"ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper input validation checking mechanisms of .tar (Tape Archive) files sent to an affected device. A successful exploit could cause a checksum buffer over-read condition when ClamAV scans the malicious .tar file, potentially allowing the attacker to cause a DoS condition on the affected device.",Released
20180126,CVE-2017-12379,7.3,9.8,1077732,clamav,https://www.suse.com/security/cve/CVE-2017-12379,"ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or potentially execute arbitrary code on an affected device. The vulnerability is due to improper input validation checking mechanisms in the message parsing function on an affected system. An unauthenticated, remote attacker could exploit this vulnerability by sending a crafted email to the affected device. This action could cause a messageAddArgument (in message.c) buffer overflow condition when ClamAV scans the malicious email, allowing the attacker to potentially cause a DoS condition or execute arbitrary code on an affected device.",Released
20180126,CVE-2017-12380,7.5,7.5,1077732,clamav,https://www.suse.com/security/cve/CVE-2017-12380,"ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper input validation checking mechanisms in mbox.c during certain mail parsing functions of the ClamAV software. An unauthenticated, remote attacker could exploit this vulnerability by sending a crafted email to the affected device. An exploit could trigger a NULL pointer dereference condition when ClamAV scans the malicious email, which may result in a DoS condition.",Released
20180126,CVE-2017-17500,5.3,8.8,1077737,ImageMagick,https://www.suse.com/security/cve/CVE-2017-17500,"ReadRGBImage in coders/rgb.c in GraphicsMagick 1.3.26 has a magick/import.c ImportRGBQuantumType heap-based buffer over-read via a crafted file.",Affected
20180126,CVE-2018-6323,5.5,7.8,1077745,binutils,https://www.suse.com/security/cve/CVE-2018-6323,"The elf_object_p function in elfcode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, has an unsigned integer overflow because bfd_size_type multiplication is not used. A crafted ELF file allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.",Unsupported
20180129,CVE-2017-18079,2.5,7.8,1077922,kernel-source,https://www.suse.com/security/cve/CVE-2017-18079,"drivers/input/serio/i8042.c in the Linux kernel before 4.12.4 allows attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact because the port->exists value can change after it is validated.",Released
20180129,CVE-2018-1000024,6.5,7.5,1077003,squid3,https://www.suse.com/security/cve/CVE-2018-1000024,"The Squid Software Foundation Squid HTTP Caching Proxy version 3.0 to 3.5.27, 4.0 to 4.0.22 contains a Incorrect Pointer Handling vulnerability in ESI Response Processing that can result in Denial of Service for all clients using the proxy.. This attack appear to be exploitable via Remote server delivers an HTTP response payload containing valid but unusual ESI syntax.. This vulnerability appears to have been fixed in 4.0.23 and later.",Released
20180129,CVE-2018-1000024,6.5,7.5,1077003,squid,https://www.suse.com/security/cve/CVE-2018-1000024,"The Squid Software Foundation Squid HTTP Caching Proxy version 3.0 to 3.5.27, 4.0 to 4.0.22 contains a Incorrect Pointer Handling vulnerability in ESI Response Processing that can result in Denial of Service for all clients using the proxy.. This attack appear to be exploitable via Remote server delivers an HTTP response payload containing valid but unusual ESI syntax.. This vulnerability appears to have been fixed in 4.0.23 and later.",Ignore
20180129,CVE-2018-1000027,5.4,7.5,1077006,squid3,https://www.suse.com/security/cve/CVE-2018-1000027,"The Squid Software Foundation Squid HTTP Caching Proxy version prior to version 4.0.23 contains a NULL Pointer Dereference vulnerability in HTTP Response X-Forwarded-For header processing that can result in Denial of Service to all clients of the proxy. This attack appear to be exploitable via Remote HTTP server responding with an X-Forwarded-For header to certain types of HTTP request. This vulnerability appears to have been fixed in 4.0.23 and later.",Released
20180129,CVE-2018-1000027,5.4,7.5,1077006,squid,https://www.suse.com/security/cve/CVE-2018-1000027,"The Squid Software Foundation Squid HTTP Caching Proxy version prior to version 4.0.23 contains a NULL Pointer Dereference vulnerability in HTTP Response X-Forwarded-For header processing that can result in Denial of Service to all clients of the proxy. This attack appear to be exploitable via Remote HTTP server responding with an X-Forwarded-For header to certain types of HTTP request. This vulnerability appears to have been fixed in 4.0.23 and later.",Already fixed
20180129,CVE-2018-1053,4,7,1077983,postgresql94,https://www.suse.com/security/cve/CVE-2018-1053,"In postgresql 9.3.x before 9.3.21, 9.4.x before 9.4.16, 9.5.x before 9.5.11, 9.6.x before 9.6.7 and 10.x before 10.2, pg_upgrade creates file in current working directory containing the output of `pg_dumpall -g` under umask which was in effect when the user invoked pg_upgrade, and not under 0077 which is normally used for other temporary files. This can allow an authenticated attacker to read or modify the one file, which may contain encrypted or unencrypted database passwords. The attack is infeasible if a directory mode blocks the attacker searching the current working directory or if the prevailing umask blocks the attacker opening the file.",Released
20180129,CVE-2018-1053,4,7,1077983,postgresql94-libs,https://www.suse.com/security/cve/CVE-2018-1053,"In postgresql 9.3.x before 9.3.21, 9.4.x before 9.4.16, 9.5.x before 9.5.11, 9.6.x before 9.6.7 and 10.x before 10.2, pg_upgrade creates file in current working directory containing the output of `pg_dumpall -g` under umask which was in effect when the user invoked pg_upgrade, and not under 0077 which is normally used for other temporary files. This can allow an authenticated attacker to read or modify the one file, which may contain encrypted or unencrypted database passwords. The attack is infeasible if a directory mode blocks the attacker searching the current working directory or if the prevailing umask blocks the attacker opening the file.",Released
20180131,CVE-2018-6405,4.3,6.5,1078433,ImageMagick,https://www.suse.com/security/cve/CVE-2018-6405,"In the ReadDCMImage function in coders/dcm.c in ImageMagick before 7.0.7-23, each redmap, greenmap, and bluemap variable can be overwritten by a new pointer. The previous pointer is lost, which leads to a memory leak. This allows remote attackers to cause a denial of service.",Released
20180131,CVE-2018-6412,4,7.5,1078500,kernel-source,https://www.suse.com/security/cve/CVE-2018-6412,"In the function sbusfb_ioctl_helper() in drivers/video/fbdev/sbuslib.c in the Linux kernel through 4.15, an integer signedness error allows arbitrary information leakage for the FBIOPUTCMAP_SPARC and FBIOGETCMAP_SPARC commands.",Analysis
20180201,CVE-2017-15698,5.4,5.9,1078679,libtcnative-1-0,https://www.suse.com/security/cve/CVE-2017-15698,"When parsing the AIA-Extension field of a client certificate, Apache Tomcat Native Connector 1.2.0 to 1.2.14 and 1.1.23 to 1.1.34 did not correctly handle fields longer than 127 bytes. The result of the parsing error was to skip the OCSP check. It was therefore possible for client certificates that should have been rejected (if the OCSP check had been made) to be accepted. Users not using OCSP checks are not affected by this vulnerability.",Released
20180201,CVE-2017-16911,4,4.7,1078674,kernel-source,https://www.suse.com/security/cve/CVE-2017-16911,"The vhci_hcd driver in the Linux Kernel before version 4.14.8 and 4.4.114 allows allows local attackers to disclose kernel memory addresses. Successful exploitation requires that a USB device is attached over IP.",Released
20180201,CVE-2017-16912,6.2,5.9,1078673,kernel-source,https://www.suse.com/security/cve/CVE-2017-16912,"The \"get_pipe()\" function (drivers/usb/usbip/stub_rx.c) in the Linux Kernel before version 4.14.8, 4.9.71, and 4.4.114 allows attackers to cause a denial of service (out-of-bounds read) via a specially crafted USB over IP packet.",Released
20180201,CVE-2017-16913,6.2,5.9,1078672,kernel-source,https://www.suse.com/security/cve/CVE-2017-16913,"The \"stub_recv_cmd_submit()\" function (drivers/usb/usbip/stub_rx.c) in the Linux Kernel before version 4.14.8, 4.9.71, and 4.4.114 when handling CMD_SUBMIT packets allows attackers to cause a denial of service (arbitrary memory allocation) via a specially crafted USB over IP packet.",Released
20180201,CVE-2017-16914,3.3,5.9,1078669,kernel-source,https://www.suse.com/security/cve/CVE-2017-16914,"The \"stub_send_ret_submit()\" function (drivers/usb/usbip/stub_tx.c) in the Linux Kernel before version 4.14.8, 4.9.71, 4.1.49, and 4.4.107 allows attackers to cause a denial of service (NULL pointer dereference) via a specially crafted USB over IP packet.",Released
20180202,CVE-2018-6485,5.6,9.8,1079036,glibc,https://www.suse.com/security/cve/CVE-2018-6485,"An integer overflow in the implementation of the posix_memalign in memalign functions in the GNU C Library (aka glibc or libc6) 2.26 and earlier could cause these functions to return a pointer to a heap area that is too small, potentially leading to heap corruption.",Released
20180205,CVE-2018-1000030,7,3.6,1079300,python,https://www.suse.com/security/cve/CVE-2018-1000030,"Python 2.7.14 is vulnerable to a Heap-Buffer-Overflow as well as a Heap-Use-After-Free. Python versions prior to 2.7.14 may also be vulnerable and it appears that Python 2.7.17 and prior may also be vulnerable however this has not been confirmed. The vulnerability lies when multiply threads are handling large amounts of data. In both cases there is essentially a race condition that occurs. For the Heap-Buffer-Overflow, Thread 2 is creating the size for a buffer, but Thread1 is already writing to the buffer without knowing how much to write. So when a large amount of data is being processed, it is very easy to cause memory corruption using a Heap-Buffer-Overflow. As for the Use-After-Free, Thread3->Malloc->Thread1->Free's->Thread2-Re-uses-Free'd Memory. The PSRT has stated that this is not a security vulnerability due to the fact that the attacker must be able to run code, however in some situations, such as function as a service, this vulnerability can potentially be used by an attacker to violate a trust boundary, as such the DWF feels this issue deserves a CVE.",Ignore
20180205,CVE-2018-6551,,9.8,1079036,glibc,https://www.suse.com/security/cve/CVE-2018-6551,"The malloc implementation in the GNU C Library (aka glibc or libc6), from version 2.24 to 2.26 on powerpc, and only in version 2.26 on i386, did not properly handle malloc calls with arguments close to SIZE_MAX and could return a pointer to a heap region that is smaller than requested, eventually leading to heap corruption.",Released
20180206,CVE-2018-6459,7.5,5.3,1079548,strongswan,https://www.suse.com/security/cve/CVE-2018-6459,"The rsa_pss_params_parse function in libstrongswan/credentials/keys/signature_params.c in strongSwan 5.6.1 allows remote attackers to cause a denial of service via a crafted RSASSA-PSS signature that lacks a mask generation function parameter.",Unsupported
20180207,CVE-2018-1000035,7.8,7.8,1076531,unzip,https://www.suse.com/security/cve/CVE-2018-1000035,"A heap-based buffer overflow exists in Info-Zip UnZip version <= 6.00 in the processing of password-protected archives that allows an attacker to perform a denial of service or to possibly achieve code execution.",Released
20180207,CVE-2018-6644,7.5,7.5,1079937,sblim-sfcb,https://www.suse.com/security/cve/CVE-2018-6644,"SBLIM Small Footprint CIM Broker (SFCB) 1.4.9 has a null pointer (DoS) vulnerability via a crafted POST request to the /cimom URI.",Already fixed
20180207,CVE-2018-6759,5.3,5.5,1079741,binutils,https://www.suse.com/security/cve/CVE-2018-6759,"The bfd_get_debug_link_info_1 function in opncls.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, has an unchecked strnlen operation. Remote attackers could leverage this vulnerability to cause a denial of service (segmentation fault) via a crafted ELF file.",Ignore
20180207,CVE-2018-6767,,7.8,1079746,wavpack,https://www.suse.com/security/cve/CVE-2018-6767,"A stack-based buffer over-read in the ParseRiffHeaderConfig function of cli/riff.c file of WavPack 5.1.0 allows a remote attacker to cause a denial-of-service attack or possibly have unspecified other impact via a maliciously crafted RF64 file.",Analysis
20180209,CVE-2016-10712,9.4,7.5,1080234,php53,https://www.suse.com/security/cve/CVE-2016-10712,"In PHP before 5.5.32, 5.6.x before 5.6.18, and 7.x before 7.0.3, all of the return values of stream_get_meta_data can be controlled if the input can be controlled (e.g., during file uploads). For example, a \"$uri = stream_get_meta_data(fopen($file, \"r\"))['uri']\" call mishandles the case where $file is data:text/plain;uri=eviluri, -- in other words, metadata can be set by an attacker.",Released
20180209,CVE-2018-1052,,6.5,1077983,postgresql94,https://www.suse.com/security/cve/CVE-2018-1052,"Memory disclosure vulnerability in table partitioning was found in postgresql 10.x before 10.2, allowing an authenticated attacker to read arbitrary bytes of server memory via purpose-crafted insert to a partitioned table.",Already fixed
20180212,CVE-2018-1000063,-1,-1,1079799,quagga,https://www.suse.com/security/cve/CVE-2018-1000063,"** REJECT **  DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-5379. Reason: This candidate is a reservation duplicate of CVE-2018-5379. Notes: All CVE users should reference CVE-2018-5379 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.",Released
20180212,CVE-2018-6508,,8,1080523,puppet,https://www.suse.com/security/cve/CVE-2018-6508,"Puppet Enterprise 2017.3.x prior to 2017.3.3 are vulnerable to a remote execution bug when a specially crafted string was passed into the facter_task or puppet_conf tasks. This vulnerability only affects tasks in the affected modules, if you are not using puppet tasks you are not affected by this vulnerability.",Analysis
20180213,CVE-2017-17722,5.5,6.5,1080746,exiv2,https://www.suse.com/security/cve/CVE-2017-17722,"In Exiv2 0.26, there is a reachable assertion in the readHeader function in bigtiffimage.cpp, which will lead to a remote denial of service attack via a crafted TIFF file.",Ignore
20180213,CVE-2017-17723,5.5,8.1,1080755,exiv2,https://www.suse.com/security/cve/CVE-2017-17723,"In Exiv2 0.26, there is a heap-based buffer over-read in the Exiv2::Image::byteSwap4 function in image.cpp. Remote attackers can exploit this vulnerability to disclose memory data or cause a denial of service via a crafted TIFF file.",Ignore
20180213,CVE-2017-17724,5.5,6.5,1080736,exiv2,https://www.suse.com/security/cve/CVE-2017-17724,"In Exiv2 0.26, there is a heap-based buffer over-read in the Exiv2::IptcData::printStructure function in iptc.cpp, related to the \"!= 0x1c\" case. Remote attackers can exploit this vulnerability to cause a denial of service via a crafted TIFF file.",Ignore
20180213,CVE-2018-6927,5.5,7.8,1080757,kernel-source,https://www.suse.com/security/cve/CVE-2018-6927,"The futex_requeue function in kernel/futex.c in the Linux kernel before 4.14.15 might allow attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact by triggering a negative wake or requeue value.",Released
20180214,CVE-2016-10713,4.3,5.5,1080918,patch,https://www.suse.com/security/cve/CVE-2016-10713,"An issue was discovered in GNU patch before 2.7.6. Out-of-bounds access within pch_write_line() in pch.c can possibly lead to DoS via a crafted input file.",Released
20180214,CVE-2018-6952,3.3,7.5,1080985,patch,https://www.suse.com/security/cve/CVE-2018-6952,"A double free exists in the another_hunk function in pch.c in GNU patch through 2.7.6.",Affected
20180215,CVE-2018-5378,,5.9,1079798,quagga,https://www.suse.com/security/cve/CVE-2018-5378,"The Quagga BGP daemon (bgpd) prior to version 1.2.3 does not properly bounds check the data sent with a NOTIFY to a peer, if an attribute length is invalid. Arbitrary data from the bgpd process may be sent over the network to a peer and/or bgpd may crash.",Released
20180215,CVE-2018-5379,,9.8,1079799,quagga,https://www.suse.com/security/cve/CVE-2018-5379,"The Quagga BGP daemon (bgpd) prior to version 1.2.3 can double-free memory when processing certain forms of UPDATE message, containing cluster-list and/or unknown attributes. A successful attack could cause a denial of service or potentially allow an attacker to execute arbitrary code.",Released
20180215,CVE-2018-5380,,4.3,1079800,quagga,https://www.suse.com/security/cve/CVE-2018-5380,"The Quagga BGP daemon (bgpd) prior to version 1.2.3 can overrun internal BGP code-to-string conversion tables used for debug by 1 pointer value, based on input.",Released
20180215,CVE-2018-5381,,7.5,1079801,quagga,https://www.suse.com/security/cve/CVE-2018-5381,"The Quagga BGP daemon (bgpd) prior to version 1.2.3 has a bug in its parsing of \"Capabilities\" in BGP OPEN messages, in the bgp_packet.c:bgp_capability_msg_parse function. The parser can enter an infinite loop on invalid capabilities if a Multi-Protocol capability does not have a recognized AFI/SAFI, causing a denial of service.",Released
20180219,CVE-2018-5735,7.5,7.5,1018700,bind,https://www.suse.com/security/cve/CVE-2018-5735,"The Debian backport of the fix for CVE-2017-3137 leads to assertion failure in validator.c:1858; Affects Debian versions 9.9.5.dfsg-9+deb8u15; 9.9.5.dfsg-9+deb8u18; 9.10.3.dfsg.P4-12.3+deb9u5; 9.11.5.P4+dfsg-5.1 No ISC releases are affected. Other packages from other distributions who did similar backports for the fix for 2017-3137 may also be affected.",Already fixed
20180219,CVE-2018-7225,7.1,9.8,1081493,LibVNCServer,https://www.suse.com/security/cve/CVE-2018-7225,"An issue was discovered in LibVNCServer through 0.9.11. rfbProcessClientNormalMessage() in rfbserver.c does not sanitize msg.cct.length, leading to access to uninitialized and potentially sensitive data or possibly unspecified other impact (e.g., an integer overflow) via specially crafted VNC packets.",Released
20180220,CVE-2015-9253,6.5,6.5,1081790,php53,https://www.suse.com/security/cve/CVE-2015-9253,"An issue was discovered in PHP 7.3.x before 7.3.0alpha3, 7.2.x before 7.2.8, and before 7.1.20. The php-fpm master process restarts a child process in an endless loop when using program execution functions (e.g., passthru, exec, shell_exec, or system) with a non-blocking STDIN stream, causing this master process to consume 100% of the CPU, and consume disk space with a large volume of error logs, as demonstrated by an attack by a customer of a shared-hosting facility.",Released
20180220,CVE-2017-11735,3.3,,1081829,libvorbis,https://www.suse.com/security/cve/CVE-2017-11735,"** REJECT **  DO NOT USE THIS CANDIDATE NUMBER.  ConsultIDs: none.  Reason: This candidate was withdrawn by its CNA.  Further investigation showed that it was not a security issue in the originally named product.  Notes: none.",Ignore
20180220,CVE-2018-1050,6.5,4.3,1081741,samba-doc,https://www.suse.com/security/cve/CVE-2018-1050,"All versions of Samba from 4.0.0 onwards are vulnerable to a denial of service attack when the RPC spoolss service is configured to be run as an external daemon. Missing input sanitization checks on some of the input parameters to spoolss RPC calls could cause the print spooler service to crash.",Released
20180220,CVE-2018-1050,6.5,4.3,1081741,samba,https://www.suse.com/security/cve/CVE-2018-1050,"All versions of Samba from 4.0.0 onwards are vulnerable to a denial of service attack when the RPC spoolss service is configured to be run as an external daemon. Missing input sanitization checks on some of the input parameters to spoolss RPC calls could cause the print spooler service to crash.",Released
20180220,CVE-2018-5784,4.3,6.5,1081690,tiff,https://www.suse.com/security/cve/CVE-2018-5784,"In LibTIFF 4.0.9, there is an uncontrolled resource consumption in the TIFFSetDirectory function of tif_dir.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted tif file. This occurs because the declared number of directory entries is not validated against the actual number of directory entries.",Ignore
20180221,CVE-2015-4041,,7.8,928749,coreutils,https://www.suse.com/security/cve/CVE-2015-4041,"The keycompare_mb function in sort.c in sort in GNU Coreutils through 8.23 on 64-bit platforms performs a size calculation without considering the number of bytes occupied by multibyte characters, which allows attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via long UTF-8 strings.",Released
20180221,CVE-2015-4042,,9.8,1167100,coreutils,https://www.suse.com/security/cve/CVE-2015-4042,"Integer overflow in the keycompare_mb function in sort.c in sort in GNU Coreutils through 8.23 might allow attackers to cause a denial of service (application crash) or possibly have unspecified other impact via long strings.",Released
20180221,CVE-2018-1000077,5.5,5.3,1082010,ruby,https://www.suse.com/security/cve/CVE-2018-1000077,"RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Improper Input Validation vulnerability in ruby gems specification homepage attribute that can result in a malicious gem could set an invalid homepage URL. This vulnerability appears to have been fixed in 2.7.6.",Unsupported
20180221,CVE-2018-1058,6.5,8.8,1081925,postgresql94,https://www.suse.com/security/cve/CVE-2018-1058,"A flaw was found in the way Postgresql allowed a user to modify the behavior of a query for other users. An attacker with a user account could use this flaw to execute code with the permissions of superuser in the database. Versions 9.3 through 10 are affected.",Released
20180221,CVE-2018-7273,4,5.5,1081972,kernel-source,https://www.suse.com/security/cve/CVE-2018-7273,"In the Linux kernel through 4.15.4, the floppy driver reveals the addresses of kernel functions and global variables using printk calls within the function show_floppy in drivers/block/floppy.c. An attacker can read this information from dmesg and use the addresses to find the locations of kernel code and data and bypass kernel security protections such as KASLR.",Ignore
20180222,CVE-2017-11613,3.3,6.5,1082332,tiff,https://www.suse.com/security/cve/CVE-2017-11613,"In LibTIFF 4.0.8, there is a denial of service vulnerability in the TIFFOpen function. A crafted input will lead to a denial of service attack. During the TIFFOpen process, td_imagelength is not checked. The value of td_imagelength can be directly controlled by an input file. In the ChopUpSingleUncompressedStrip function, the _TIFFCheckMalloc function is called based on td_imagelength. If we set the value of td_imagelength close to the amount of system memory, it will hang the system or trigger the OOM killer.",Released
20180222,CVE-2017-15016,5.3,8.8,1082291,ImageMagick,https://www.suse.com/security/cve/CVE-2017-15016,"ImageMagick 7.0.7-0 Q16 has a NULL pointer dereference vulnerability in ReadEnhMetaFile in coders/emf.c.",Released
20180222,CVE-2017-15017,5.3,8.8,1082283,ImageMagick,https://www.suse.com/security/cve/CVE-2017-15017,"ImageMagick 7.0.7-0 Q16 has a NULL pointer dereference vulnerability in ReadOneMNGImage in coders/png.c.",Released
20180222,CVE-2018-6797,4,9.8,1082234,perl,https://www.suse.com/security/cve/CVE-2018-6797,"An issue was discovered in Perl 5.18 through 5.26. A crafted regular expression can cause a heap-based buffer overflow, with control over the bytes written.",Ignore
20180222,CVE-2018-6798,,7.5,1082233,perl,https://www.suse.com/security/cve/CVE-2018-6798,"An issue was discovered in Perl 5.22 through 5.26. Matching a crafted locale dependent regular expression can cause a heap-based buffer over-read and potentially information disclosure.",Released
20180222,CVE-2018-6913,,9.8,1082216,perl,https://www.suse.com/security/cve/CVE-2018-6913,"Heap-based buffer overflow in the pack function in Perl before 5.26.2 allows context-dependent attackers to execute arbitrary code via a large item count.",Released
20180223,CVE-2018-1304,4.8,5.9,1082480,tomcat6,https://www.suse.com/security/cve/CVE-2018-1304,"The URL pattern of \"\" (the empty string) which exactly maps to the context root was not correctly handled in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 when used as part of a security constraint definition. This caused the constraint to be ignored. It was, therefore, possible for unauthorised users to gain access to web application resources that should have been protected. Only security constraints with a URL pattern of the empty string were affected.",Released
20180224,CVE-2018-7320,5.3,7.5,1082692,wireshark,https://www.suse.com/security/cve/CVE-2018-7320,"In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, the SIGCOMP protocol dissector could crash. This was addressed in epan/dissectors/packet-sigcomp.c by validating operand offsets.",Released
20180224,CVE-2018-7321,5.3,7.5,1082692,wireshark,https://www.suse.com/security/cve/CVE-2018-7321,"In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-thrift.c had a large loop that was addressed by not proceeding with dissection after encountering an unexpected type.",Released
20180224,CVE-2018-7322,5.3,7.5,1082692,wireshark,https://www.suse.com/security/cve/CVE-2018-7322,"In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-dcm.c had an infinite loop that was addressed by checking for integer wraparound.",Released
20180224,CVE-2018-7323,5.3,7.5,1082692,wireshark,https://www.suse.com/security/cve/CVE-2018-7323,"In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-wccp.c had a large loop that was addressed by ensuring that a calculated length was monotonically increasing.",Released
20180224,CVE-2018-7324,5.3,7.5,1082692,wireshark,https://www.suse.com/security/cve/CVE-2018-7324,"In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-sccp.c had an infinite loop that was addressed by using a correct integer data type.",Released
20180224,CVE-2018-7325,5.3,7.5,1082692,wireshark,https://www.suse.com/security/cve/CVE-2018-7325,"In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-rpki-rtr.c had an infinite loop that was addressed by validating a length field.",Released
20180224,CVE-2018-7326,5.3,7.5,1082692,wireshark,https://www.suse.com/security/cve/CVE-2018-7326,"In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-lltd.c had an infinite loop that was addressed by using a correct integer data type.",Released
20180224,CVE-2018-7327,4.3,7.5,1082692,wireshark,https://www.suse.com/security/cve/CVE-2018-7327,"In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-openflow_v6.c had an infinite loop that was addressed by validating property lengths.",Released
20180224,CVE-2018-7328,5.3,7.5,1082692,wireshark,https://www.suse.com/security/cve/CVE-2018-7328,"In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-usb.c had an infinite loop that was addressed by rejecting short frame header lengths.",Released
20180224,CVE-2018-7329,4.3,7.5,1082692,wireshark,https://www.suse.com/security/cve/CVE-2018-7329,"In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-s7comm.c had an infinite loop that was addressed by correcting off-by-one errors.",Released
20180224,CVE-2018-7330,5.3,7.5,1082692,wireshark,https://www.suse.com/security/cve/CVE-2018-7330,"In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-thread.c had an infinite loop that was addressed by using a correct integer data type.",Released
20180224,CVE-2018-7331,5.3,7.5,1082692,wireshark,https://www.suse.com/security/cve/CVE-2018-7331,"In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-ber.c had an infinite loop that was addressed by validating a length.",Released
20180224,CVE-2018-7332,5.3,7.5,1082692,wireshark,https://www.suse.com/security/cve/CVE-2018-7332,"In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-reload.c had an infinite loop that was addressed by validating a length.",Released
20180224,CVE-2018-7333,5.3,7.5,1082692,wireshark,https://www.suse.com/security/cve/CVE-2018-7333,"In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-rpcrdma.c had an infinite loop that was addressed by validating a chunk size.",Released
20180224,CVE-2018-7334,5.3,7.5,1082692,wireshark,https://www.suse.com/security/cve/CVE-2018-7334,"In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, the UMTS MAC dissector could crash. This was addressed in epan/dissectors/packet-umts_mac.c by rejecting a certain reserved value.",Released
20180224,CVE-2018-7335,5.3,7.5,1082692,wireshark,https://www.suse.com/security/cve/CVE-2018-7335,"In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, the IEEE 802.11 dissector could crash. This was addressed in epan/crypt/airpdcap.c by rejecting lengths that are too small.",Released
20180224,CVE-2018-7336,5.3,7.5,1082692,wireshark,https://www.suse.com/security/cve/CVE-2018-7336,"In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, the FCP protocol dissector could crash. This was addressed in epan/dissectors/packet-fcp.c by checking for a NULL pointer.",Released
20180224,CVE-2018-7337,5.3,7.5,1082692,wireshark,https://www.suse.com/security/cve/CVE-2018-7337,"In Wireshark 2.4.0 to 2.4.4, the DOCSIS protocol dissector could crash. This was addressed in plugins/docsis/packet-docsis.c by removing the recursive algorithm that had been used for concatenated PDUs.",Released
20180224,CVE-2018-7417,5.3,7.5,1082692,wireshark,https://www.suse.com/security/cve/CVE-2018-7417,"In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the IPMI dissector could crash. This was addressed in epan/dissectors/packet-ipmi-picmg.c by adding support for crafted packets that lack an IPMI header.",Released
20180224,CVE-2018-7418,5.3,7.5,1082692,wireshark,https://www.suse.com/security/cve/CVE-2018-7418,"In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the SIGCOMP dissector could crash. This was addressed in epan/dissectors/packet-sigcomp.c by correcting the extraction of the length value.",Released
20180224,CVE-2018-7419,5.3,7.5,1082692,wireshark,https://www.suse.com/security/cve/CVE-2018-7419,"In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the NBAP dissector could crash. This was addressed in epan/dissectors/asn1/nbap/nbap.cnf by ensuring DCH ID initialization.",Released
20180224,CVE-2018-7420,5.3,7.5,1082692,wireshark,https://www.suse.com/security/cve/CVE-2018-7420,"In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the pcapng file parser could crash. This was addressed in wiretap/pcapng.c by adding a block-size check for sysdig event blocks.",Released
20180224,CVE-2018-7421,5.3,7.5,1082692,wireshark,https://www.suse.com/security/cve/CVE-2018-7421,"In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the DMP dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-dmp.c by correctly supporting a bounded number of Security Categories for a DMP Security Classification.",Released
20180226,CVE-2014-7947,-1,-1,914468,icu,https://www.suse.com/security/cve/CVE-2014-7947,"OpenJPEG before r2944, as used in PDFium in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PDF document, related to j2k.c, jp2.c, pi.c, t1.c, t2.c, and tcd.c.",Analysis
20180226,CVE-2017-18198,3.9,8.8,1082819,libcdio,https://www.suse.com/security/cve/CVE-2017-18198,"print_iso9660_recurse in iso-info.c in GNU libcdio before 1.0.0 allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted iso file.",Ignore
20180226,CVE-2017-18199,3.3,6.5,1082821,libcdio,https://www.suse.com/security/cve/CVE-2017-18199,"realloc_symlink in rock.c in GNU libcdio before 1.0.0 allows remote attackers to cause a denial of service (NULL Pointer Dereference) via a crafted iso file.",Released
20180226,CVE-2017-18200,,5.5,1082754,kernel-source,https://www.suse.com/security/cve/CVE-2017-18200,"The f2fs implementation in the Linux kernel before 4.14 mishandles reference counts associated with f2fs_wait_discard_bios calls, which allows local users to cause a denial of service (BUG), as demonstrated by fstrim.",Analysis
20180226,CVE-2018-1000085,7.5,5.5,1082858,clamav,https://www.suse.com/security/cve/CVE-2018-1000085,"ClamAV version version 0.99.3 contains a Out of bounds heap memory read vulnerability in XAR parser, function xar_hash_check() that can result in Leaking of memory, may help in developing exploit chains.. This attack appear to be exploitable via The victim must scan a crafted XAR file. This vulnerability appears to have been fixed in after commit d96a6b8bcc7439fa7e3876207aa0a8e79c8451b6.",Released
20180226,CVE-2018-7443,2.9,6.5,1075944,ImageMagick,https://www.suse.com/security/cve/CVE-2018-7443,"The ReadTIFFImage function in coders/tiff.c in ImageMagick 7.0.7-23 Q16 does not properly validate the amount of image data in a file, which allows remote attackers to cause a denial of service (memory allocation failure in the AcquireMagickMemory function in MagickCore/memory.c).",Released
20180226,CVE-2018-7456,5.5,6.5,1074317,tiff,https://www.suse.com/security/cve/CVE-2018-7456,"A NULL Pointer Dereference occurs in the function TIFFPrintDirectory in tif_print.c in LibTIFF 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6, 4.0.7, 4.0.8 and 4.0.9 when using the tiffinfo tool to print crafted TIFF information, a different vulnerability than CVE-2017-18013. (This affects an earlier part of the TIFFPrintDirectory function that was not addressed by the CVE-2017-18013 patch.)",Released
20180227,CVE-2017-18202,,7,1083088,kernel-source,https://www.suse.com/security/cve/CVE-2017-18202,"The __oom_reap_task_mm function in mm/oom_kill.c in the Linux kernel before 4.14.4 mishandles gather operations, which allows attackers to cause a denial of service (TLB entry leak or use-after-free) or possibly have unspecified other impact by triggering a copy_to_user call within a certain time window.",Analysis
20180227,CVE-2018-7492,6.2,5.5,1082962,kernel-source,https://www.suse.com/security/cve/CVE-2018-7492,"A NULL pointer dereference was found in the net/rds/rdma.c __rds_rdma_map() function in the Linux kernel before 4.14.7 allowing local attackers to cause a system panic and a denial-of-service, related to RDS_GET_MR and RDS_GET_MR_FOR_DEST.",Released
20180228,CVE-2014-10070,8.6,,1082885,zsh,https://www.suse.com/security/cve/CVE-2014-10070,"zsh before 5.0.7 allows evaluation of the initial values of integer variables imported from the environment (instead of treating them as literal numbers). That could allow local privilege escalation, under some specific and atypical conditions where zsh is being invoked in privilege-elevation contexts when the environment has not been properly sanitized, such as when zsh is invoked by sudo on systems where \"env_reset\" has been disabled.",Released
20180228,CVE-2014-10071,5.3,9.8,1082977,zsh,https://www.suse.com/security/cve/CVE-2014-10071,"In exec.c in zsh before 5.0.7, there is a buffer overflow for very long fds in the \">& fd\" syntax.",Released
20180228,CVE-2016-10714,5.3,9.8,1083250,zsh,https://www.suse.com/security/cve/CVE-2016-10714,"In zsh before 5.3, an off-by-one error resulted in undersized buffers that were intended to support PATH_MAX characters.",Released
20180228,CVE-2017-18203,6.5,4.7,1083242,kernel-source,https://www.suse.com/security/cve/CVE-2017-18203,"The dm_get_from_kobject function in drivers/md/dm.c in the Linux kernel before 4.14.3 allow local users to cause a denial of service (BUG) by leveraging a race condition with __dm_destroy during creation and removal of DM devices.",Released
20180228,CVE-2017-18205,2.5,8.1,1082998,zsh,https://www.suse.com/security/cve/CVE-2017-18205,"In builtin.c in zsh before 5.4, when sh compatibility mode is used, there is a NULL pointer dereference during processing of the cd command with no argument if HOME is not set.",Released
20180228,CVE-2017-18206,5.3,9.8,1083002,zsh,https://www.suse.com/security/cve/CVE-2017-18206,"In utils.c in zsh before 5.4, symlink expansion had a buffer overflow.",Released
20180228,CVE-2018-1000041,,8.8,1083232,libcroco,https://www.suse.com/security/cve/CVE-2018-1000041,"GNOME librsvg version before commit c6ddf2ed4d768fd88adbea2b63f575cd523022ea contains a Improper input validation vulnerability in rsvg-io.c that can result in the victim's Windows username and NTLM password hash being leaked to remote attackers through SMB. This attack appear to be exploitable via The victim must process a specially crafted SVG file containing an UNC path on Windows.",Released
20180228,CVE-2018-1000041,,8.8,1083232,librsvg,https://www.suse.com/security/cve/CVE-2018-1000041,"GNOME librsvg version before commit c6ddf2ed4d768fd88adbea2b63f575cd523022ea contains a Improper input validation vulnerability in rsvg-io.c that can result in the victim's Windows username and NTLM password hash being leaked to remote attackers through SMB. This attack appear to be exploitable via The victim must process a specially crafted SVG file containing an UNC path on Windows.",Released
20180228,CVE-2018-5732,7.5,7.5,1083302,dhcp,https://www.suse.com/security/cve/CVE-2018-5732,"Failure to properly bounds-check a buffer used for processing DHCP options allows a malicious server (or an entity masquerading as a server) to cause a buffer overflow (and resulting crash) in dhclient by sending a response containing a specially constructed options section. Affects ISC DHCP versions 4.1.0 -> 4.1-ESV-R15, 4.2.0 -> 4.2.8, 4.3.0 -> 4.3.6, 4.4.0",Released
20180228,CVE-2018-5733,5.9,7.5,1083303,dhcp,https://www.suse.com/security/cve/CVE-2018-5733,"A malicious client which is allowed to send very large amounts of traffic (billions of packets) to a DHCP server can eventually overflow a 32-bit reference counter, potentially causing dhcpd to crash. Affects ISC DHCP 4.1.0 -> 4.1-ESV-R15, 4.2.0 -> 4.2.8, 4.3.0 -> 4.3.6, 4.4.0.",Released
20180228,CVE-2018-7540,6.5,6.5,1080635,xen,https://www.suse.com/security/cve/CVE-2018-7540,"An issue was discovered in Xen through 4.10.x allowing x86 PV guest OS users to cause a denial of service (host OS CPU hang) via non-preemptable L3/L4 pagetable freeing.",Released
20180228,CVE-2018-7541,8.5,8.8,1080662,xen,https://www.suse.com/security/cve/CVE-2018-7541,"An issue was discovered in Xen through 4.10.x allowing guest OS users to cause a denial of service (hypervisor crash) or gain privileges by triggering a grant-table transition from v2 to v1.",Released
20180228,CVE-2018-7549,3.3,7.5,1082991,zsh,https://www.suse.com/security/cve/CVE-2018-7549,"In params.c in zsh through 5.4.2, there is a crash during a copy of an empty hash table, as demonstrated by typeset -p.",Released
20180228,CVE-2018-7550,8.1,8.8,1083291,kvm,https://www.suse.com/security/cve/CVE-2018-7550,"The load_multiboot function in hw/i386/multiboot.c in Quick Emulator (aka QEMU) allows local guest OS users to execute arbitrary code on the QEMU host via a mh_load_end_addr value greater than mh_bss_end_addr, which triggers an out-of-bounds read or write memory access.",Released
20180301,CVE-2017-18207,3.3,6.5,1083507,firefox-atk,https://www.suse.com/security/cve/CVE-2017-18207,"** DISPUTED ** The Wave_read._read_fmt_chunk function in Lib/wave.py in Python through 3.6.4 does not ensure a nonzero channel value, which allows attackers to cause a denial of service (divide-by-zero and exception) via a crafted wav format audio file. NOTE: the vendor disputes this issue because Python applications \"need to be prepared to handle a wide variety of exceptions.\"",Released
20180301,CVE-2017-18207,3.3,6.5,1083507,firefox-cairo,https://www.suse.com/security/cve/CVE-2017-18207,"** DISPUTED ** The Wave_read._read_fmt_chunk function in Lib/wave.py in Python through 3.6.4 does not ensure a nonzero channel value, which allows attackers to cause a denial of service (divide-by-zero and exception) via a crafted wav format audio file. NOTE: the vendor disputes this issue because Python applications \"need to be prepared to handle a wide variety of exceptions.\"",Released
20180301,CVE-2017-18207,3.3,6.5,1083507,firefox-gcc8,https://www.suse.com/security/cve/CVE-2017-18207,"** DISPUTED ** The Wave_read._read_fmt_chunk function in Lib/wave.py in Python through 3.6.4 does not ensure a nonzero channel value, which allows attackers to cause a denial of service (divide-by-zero and exception) via a crafted wav format audio file. NOTE: the vendor disputes this issue because Python applications \"need to be prepared to handle a wide variety of exceptions.\"",Released
20180301,CVE-2017-18207,3.3,6.5,1083507,firefox-gdk-pixbuf,https://www.suse.com/security/cve/CVE-2017-18207,"** DISPUTED ** The Wave_read._read_fmt_chunk function in Lib/wave.py in Python through 3.6.4 does not ensure a nonzero channel value, which allows attackers to cause a denial of service (divide-by-zero and exception) via a crafted wav format audio file. NOTE: the vendor disputes this issue because Python applications \"need to be prepared to handle a wide variety of exceptions.\"",Released
20180301,CVE-2017-18207,3.3,6.5,1083507,firefox-glib2,https://www.suse.com/security/cve/CVE-2017-18207,"** DISPUTED ** The Wave_read._read_fmt_chunk function in Lib/wave.py in Python through 3.6.4 does not ensure a nonzero channel value, which allows attackers to cause a denial of service (divide-by-zero and exception) via a crafted wav format audio file. NOTE: the vendor disputes this issue because Python applications \"need to be prepared to handle a wide variety of exceptions.\"",Released
20180301,CVE-2017-18207,3.3,6.5,1083507,firefox-gtk3,https://www.suse.com/security/cve/CVE-2017-18207,"** DISPUTED ** The Wave_read._read_fmt_chunk function in Lib/wave.py in Python through 3.6.4 does not ensure a nonzero channel value, which allows attackers to cause a denial of service (divide-by-zero and exception) via a crafted wav format audio file. NOTE: the vendor disputes this issue because Python applications \"need to be prepared to handle a wide variety of exceptions.\"",Released
20180301,CVE-2017-18207,3.3,6.5,1083507,firefox-harfbuzz,https://www.suse.com/security/cve/CVE-2017-18207,"** DISPUTED ** The Wave_read._read_fmt_chunk function in Lib/wave.py in Python through 3.6.4 does not ensure a nonzero channel value, which allows attackers to cause a denial of service (divide-by-zero and exception) via a crafted wav format audio file. NOTE: the vendor disputes this issue because Python applications \"need to be prepared to handle a wide variety of exceptions.\"",Released
20180301,CVE-2017-18207,3.3,6.5,1083507,firefox-libffi-gcc5,https://www.suse.com/security/cve/CVE-2017-18207,"** DISPUTED ** The Wave_read._read_fmt_chunk function in Lib/wave.py in Python through 3.6.4 does not ensure a nonzero channel value, which allows attackers to cause a denial of service (divide-by-zero and exception) via a crafted wav format audio file. NOTE: the vendor disputes this issue because Python applications \"need to be prepared to handle a wide variety of exceptions.\"",Released
20180301,CVE-2017-18207,3.3,6.5,1083507,firefox-libffi,https://www.suse.com/security/cve/CVE-2017-18207,"** DISPUTED ** The Wave_read._read_fmt_chunk function in Lib/wave.py in Python through 3.6.4 does not ensure a nonzero channel value, which allows attackers to cause a denial of service (divide-by-zero and exception) via a crafted wav format audio file. NOTE: the vendor disputes this issue because Python applications \"need to be prepared to handle a wide variety of exceptions.\"",Released
20180301,CVE-2017-18207,3.3,6.5,1083507,firefox-pango,https://www.suse.com/security/cve/CVE-2017-18207,"** DISPUTED ** The Wave_read._read_fmt_chunk function in Lib/wave.py in Python through 3.6.4 does not ensure a nonzero channel value, which allows attackers to cause a denial of service (divide-by-zero and exception) via a crafted wav format audio file. NOTE: the vendor disputes this issue because Python applications \"need to be prepared to handle a wide variety of exceptions.\"",Released
20180301,CVE-2017-18207,3.3,6.5,1083507,python,https://www.suse.com/security/cve/CVE-2017-18207,"** DISPUTED ** The Wave_read._read_fmt_chunk function in Lib/wave.py in Python through 3.6.4 does not ensure a nonzero channel value, which allows attackers to cause a denial of service (divide-by-zero and exception) via a crafted wav format audio file. NOTE: the vendor disputes this issue because Python applications \"need to be prepared to handle a wide variety of exceptions.\"",Released
20180301,CVE-2017-18208,6.2,5.5,1083494,kernel-source,https://www.suse.com/security/cve/CVE-2017-18208,"The madvise_willneed function in mm/madvise.c in the Linux kernel before 4.14.4 allows local users to cause a denial of service (infinite loop) by triggering use of MADVISE_WILLNEED for a DAX mapping.",Released
20180301,CVE-2018-7170,3.1,5.3,1082210,ntp,https://www.suse.com/security/cve/CVE-2018-7170,"ntpd in ntp 4.2.x before 4.2.8p7 and 4.3.x before 4.3.92 allows authenticated users that know the private symmetric key to create arbitrarily-many ephemeral associations in order to win the clock selection of ntpd and modify a victim's clock via a Sybil attack. This issue exists because of an incomplete fix for CVE-2016-1549.",Released
20180301,CVE-2018-7182,5.3,7.5,1082210,ntp,https://www.suse.com/security/cve/CVE-2018-7182,"The ctl_getitem method in ntpd in ntp-4.2.8p6 before 4.2.8p11 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mode 6 packet with a ntpd instance from 4.2.8p6 through 4.2.8p10.",Released
20180301,CVE-2018-7183,5,9.8,1082210,ntp,https://www.suse.com/security/cve/CVE-2018-7183,"Buffer overflow in the decodearr function in ntpq in ntp 4.2.8p6 through 4.2.8p10 allows remote attackers to execute arbitrary code by leveraging an ntpq query and sending a response with a crafted array.",Released
20180301,CVE-2018-7184,3.1,7.5,1082210,ntp,https://www.suse.com/security/cve/CVE-2018-7184,"ntpd in ntp 4.2.8p4 before 4.2.8p11 drops bad packets before updating the \"received\" timestamp, which allows remote attackers to cause a denial of service (disruption) by sending a packet with a zero-origin timestamp causing the association to reset and setting the contents of the packet as the most recent timestamp. This issue is a result of an incomplete fix for CVE-2015-7704.",Released
20180301,CVE-2018-7185,3.1,7.5,1082210,ntp,https://www.suse.com/security/cve/CVE-2018-7185,"The protocol engine in ntp 4.2.6 before 4.2.8p11 allows a remote attackers to cause a denial of service (disruption) by continually sending a packet with a zero-origin timestamp and source IP address of the \"other side\" of an interleaved association causing the victim ntpd to reset its association.",Released
20180301,CVE-2018-7566,7.3,7.8,1083483,kernel-source,https://www.suse.com/security/cve/CVE-2018-7566,"The Linux kernel 4.15 has a Buffer Overflow via an SNDRV_SEQ_IOCTL_SET_CLIENT_POOL ioctl write operation to /dev/snd/seq by a local user.",Released
20180301,CVE-2018-7569,2.5,5.5,1083532,binutils,https://www.suse.com/security/cve/CVE-2018-7569,"dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (integer underflow or overflow, and application crash) via an ELF file with a corrupt DWARF FORM block, as demonstrated by nm.",Ignore
20180301,CVE-2018-7570,2.5,5.5,1083528,binutils,https://www.suse.com/security/cve/CVE-2018-7570,"The assign_file_positions_for_non_load_sections function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an ELF file with a RELRO segment that lacks a matching LOAD segment, as demonstrated by objcopy.",Ignore
20180302,CVE-2018-1063,5.3,4.4,1083624,policycoreutils,https://www.suse.com/security/cve/CVE-2018-1063,"Context relabeling of filesystems is vulnerable to symbolic link attack, allowing a local, unprivileged malicious entity to change the SELinux context of an arbitrary file to a context with few restrictions. This only happens when the relabeling process is done, usually when taking SELinux state from disabled to enable (permissive or enforcing). The issue was found in policycoreutils 2.5-11.",Released
20180302,CVE-2018-1064,5.5,7.5,1076500,libvirt,https://www.suse.com/security/cve/CVE-2018-1064,"libvirt version before 4.2.0-rc1 is vulnerable to a resource exhaustion as a result of an incomplete fix for CVE-2018-5748 that affects QEMU monitor but now also triggered via QEMU guest agent.",Released
20180302,CVE-2018-7584,6.5,9.8,1083639,php53,https://www.suse.com/security/cve/CVE-2018-7584,"In PHP through 5.6.33, 7.0.x before 7.0.28, 7.1.x through 7.1.14, and 7.2.x through 7.2.2, there is a stack-based buffer under-read while parsing an HTTP response in the php_stream_url_wrap_http_ex function in ext/standard/http_fopen_wrapper.c. This subsequently results in copying a large string.",Released
20180305,CVE-2017-3139,7.5,7.5,1018700,bind,https://www.suse.com/security/cve/CVE-2017-3139,"A denial of service flaw was found in the way BIND handled DNSSEC validation. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS response.",Released
20180305,CVE-2018-0202,5.6,5.5,1083915,clamav,https://www.suse.com/security/cve/CVE-2018-0202,"clamscan in ClamAV before 0.99.4 contains a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper input validation checking mechanisms when handling Portable Document Format (.pdf) files sent to an affected device. An unauthenticated, remote attacker could exploit this vulnerability by sending a crafted .pdf file to an affected device. This action could cause an out-of-bounds read when ClamAV scans the malicious file, allowing the attacker to cause a DoS condition. This concerns pdf_parse_array and pdf_parse_string in libclamav/pdfng.c. Cisco Bug IDs: CSCvh91380, CSCvh91400.",Released
20180305,CVE-2018-5729,7.2,4.7,1076211,krb5,https://www.suse.com/security/cve/CVE-2018-5729,"MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to cause a denial of service (NULL pointer dereference) or bypass a DN container check by supplying tagged data that is internal to the database module.",Released
20180305,CVE-2018-5730,6.5,3.8,1076211,krb5,https://www.suse.com/security/cve/CVE-2018-5730,"MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to circumvent a DN containership check by supplying both a \"linkdn\" and \"containerdn\" database argument, or by supplying a DN string which is a left extension of a container DN string but is not hierarchically within the container DN.",Released
20180305,CVE-2018-5803,5.5,5.5,1083900,kernel-source,https://www.suse.com/security/cve/CVE-2018-5803,"In the Linux Kernel before version 4.15.8, 4.14.25, 4.9.87, 4.4.121, 4.1.51, and 3.2.102, an error in the \"_sctp_make_chunk()\" function (net/sctp/sm_make_chunk.c) when handling SCTP packets length can be exploited to cause a kernel crash.",Released
20180306,CVE-2017-18216,6.2,5.5,1084058,kernel-source,https://www.suse.com/security/cve/CVE-2017-18216,"In fs/ocfs2/cluster/nodemanager.c in the Linux kernel before 4.15, local users can cause a denial of service (NULL pointer dereference and BUG) because a required mutex is not used.",Ignore
20180306,CVE-2017-18218,6.6,7.8,1084055,kernel-source,https://www.suse.com/security/cve/CVE-2017-18218,"In drivers/net/ethernet/hisilicon/hns/hns_enet.c in the Linux kernel before 4.13, local users can cause a denial of service (use-after-free and BUG) or possibly have unspecified other impact by leveraging differences in skb handling between hns_nic_net_xmit_hw and hns_nic_net_xmit.",Already fixed
20180306,CVE-2017-18219,3.3,6.5,1084060,ImageMagick,https://www.suse.com/security/cve/CVE-2017-18219,"An issue was discovered in GraphicsMagick 1.3.26. An allocation failure vulnerability was found in the function ReadOnePNGImage in coders/png.c, which allows attackers to cause a denial of service via a crafted file that triggers an attempt at a large png_pixels array allocation.",Released
20180306,CVE-2017-18220,4.8,8.8,1084062,ImageMagick,https://www.suse.com/security/cve/CVE-2017-18220,"The ReadOneJNGImage and ReadJNGImage functions in coders/png.c in GraphicsMagick 1.3.26 allow remote attackers to cause a denial of service (magick/blob.c CloseBlob use-after-free) or possibly have unspecified other impact via a crafted file, a related issue to CVE-2017-11403.",Unsupported
20180308,CVE-2018-1000116,6.5,9.8,1084430,net-snmp,https://www.suse.com/security/cve/CVE-2018-1000116,"NET-SNMP version 5.7.2 contains a heap corruption vulnerability in the UDP protocol handler that can result in command execution.",Already fixed
20180308,CVE-2018-7755,4,5.5,1084513,kernel-bigmem,https://www.suse.com/security/cve/CVE-2018-7755,"An issue was discovered in the fd_locked_ioctl function in drivers/block/floppy.c in the Linux kernel through 4.15.7. The floppy driver will copy a kernel pointer to user memory in response to the FDGETPRM ioctl. An attacker can send the FDGETPRM ioctl and use the obtained kernel pointer to discover the location of kernel code and data and bypass kernel security protections such as KASLR.",Released
20180308,CVE-2018-7755,4,5.5,1084513,kernel-default,https://www.suse.com/security/cve/CVE-2018-7755,"An issue was discovered in the fd_locked_ioctl function in drivers/block/floppy.c in the Linux kernel through 4.15.7. The floppy driver will copy a kernel pointer to user memory in response to the FDGETPRM ioctl. An attacker can send the FDGETPRM ioctl and use the obtained kernel pointer to discover the location of kernel code and data and bypass kernel security protections such as KASLR.",Released
20180308,CVE-2018-7755,4,5.5,1084513,kernel-ec2,https://www.suse.com/security/cve/CVE-2018-7755,"An issue was discovered in the fd_locked_ioctl function in drivers/block/floppy.c in the Linux kernel through 4.15.7. The floppy driver will copy a kernel pointer to user memory in response to the FDGETPRM ioctl. An attacker can send the FDGETPRM ioctl and use the obtained kernel pointer to discover the location of kernel code and data and bypass kernel security protections such as KASLR.",Released
20180308,CVE-2018-7755,4,5.5,1084513,kernel-pae,https://www.suse.com/security/cve/CVE-2018-7755,"An issue was discovered in the fd_locked_ioctl function in drivers/block/floppy.c in the Linux kernel through 4.15.7. The floppy driver will copy a kernel pointer to user memory in response to the FDGETPRM ioctl. An attacker can send the FDGETPRM ioctl and use the obtained kernel pointer to discover the location of kernel code and data and bypass kernel security protections such as KASLR.",Released
20180308,CVE-2018-7755,4,5.5,1084513,kernel-ppc64,https://www.suse.com/security/cve/CVE-2018-7755,"An issue was discovered in the fd_locked_ioctl function in drivers/block/floppy.c in the Linux kernel through 4.15.7. The floppy driver will copy a kernel pointer to user memory in response to the FDGETPRM ioctl. An attacker can send the FDGETPRM ioctl and use the obtained kernel pointer to discover the location of kernel code and data and bypass kernel security protections such as KASLR.",Released
20180308,CVE-2018-7755,4,5.5,1084513,kernel-source,https://www.suse.com/security/cve/CVE-2018-7755,"An issue was discovered in the fd_locked_ioctl function in drivers/block/floppy.c in the Linux kernel through 4.15.7. The floppy driver will copy a kernel pointer to user memory in response to the FDGETPRM ioctl. An attacker can send the FDGETPRM ioctl and use the obtained kernel pointer to discover the location of kernel code and data and bypass kernel security protections such as KASLR.",Released
20180308,CVE-2018-7755,4,5.5,1084513,kernel-syms,https://www.suse.com/security/cve/CVE-2018-7755,"An issue was discovered in the fd_locked_ioctl function in drivers/block/floppy.c in the Linux kernel through 4.15.7. The floppy driver will copy a kernel pointer to user memory in response to the FDGETPRM ioctl. An attacker can send the FDGETPRM ioctl and use the obtained kernel pointer to discover the location of kernel code and data and bypass kernel security protections such as KASLR.",Released
20180308,CVE-2018-7755,4,5.5,1084513,kernel-trace,https://www.suse.com/security/cve/CVE-2018-7755,"An issue was discovered in the fd_locked_ioctl function in drivers/block/floppy.c in the Linux kernel through 4.15.7. The floppy driver will copy a kernel pointer to user memory in response to the FDGETPRM ioctl. An attacker can send the FDGETPRM ioctl and use the obtained kernel pointer to discover the location of kernel code and data and bypass kernel security protections such as KASLR.",Released
20180308,CVE-2018-7755,4,5.5,1084513,kernel-xen,https://www.suse.com/security/cve/CVE-2018-7755,"An issue was discovered in the fd_locked_ioctl function in drivers/block/floppy.c in the Linux kernel through 4.15.7. The floppy driver will copy a kernel pointer to user memory in response to the FDGETPRM ioctl. An attacker can send the FDGETPRM ioctl and use the obtained kernel pointer to discover the location of kernel code and data and bypass kernel security protections such as KASLR.",Released
20180308,CVE-2018-7757,5.5,5.5,1084536,kernel-source,https://www.suse.com/security/cve/CVE-2018-7757,"Memory leak in the sas_smp_get_phy_events function in drivers/scsi/libsas/sas_expander.c in the Linux kernel through 4.15.7 allows local users to cause a denial of service (memory consumption) via many read accesses to files in the /sys/class/sas_phy directory, as demonstrated by the /sys/class/sas_phy/phy-1:0:12/invalid_dword_count file.",Released
20180309,CVE-2018-1000120,6.5,9.8,1084521,curl,https://www.suse.com/security/cve/CVE-2018-1000120,"A buffer overflow exists in curl 7.12.3 to and including curl 7.58.0 in the FTP URL handling that allows an attacker to cause a denial of service or worse.",Released
20180309,CVE-2018-1000122,5.4,9.1,1084532,curl,https://www.suse.com/security/cve/CVE-2018-1000122,"A buffer over-read exists in curl 7.20.0 to and including curl 7.58.0 in the RTSP+RTP handling code that allows an attacker to cause a denial of service or information leakage",Released
20180309,CVE-2018-1071,3.3,5.5,1084656,zsh,https://www.suse.com/security/cve/CVE-2018-1071,"zsh through version 5.4.2 is vulnerable to a stack-based buffer overflow in the exec.c:hashcmd() function. A local attacker could exploit this to cause a denial of service.",Released
20180309,CVE-2018-7858,5,5.5,1084604,kvm,https://www.suse.com/security/cve/CVE-2018-7858,"Quick Emulator (aka QEMU), when built with the Cirrus CLGD 54xx VGA Emulator support, allows local guest OS privileged users to cause a denial of service (out-of-bounds access and QEMU process crash) by leveraging incorrect region calculation when updating VGA display.",Unsupported
20180309,CVE-2018-7995,5.5,4.7,1084755,kernel-source,https://www.suse.com/security/cve/CVE-2018-7995,"** DISPUTED ** Race condition in the store_int_with_restart() function in arch/x86/kernel/cpu/mcheck/mce.c in the Linux kernel through 4.15.7 allows local users to cause a denial of service (panic) by leveraging root access to write to the check_interval file in a /sys/devices/system/machinecheck/machinecheck<cpu number> directory. NOTE: a third party has indicated that this report is not security relevant.",Released
20180312,CVE-2018-8043,0,5.5,1084829,kernel-source,https://www.suse.com/security/cve/CVE-2018-8043,"The unimac_mdio_probe function in drivers/net/phy/mdio-bcm-unimac.c in the Linux kernel through 4.15.8 does not validate certain resource availability, which allows local users to cause a denial of service (NULL pointer dereference).",Unsupported
20180313,CVE-2018-1068,8.4,6.7,1085107,kernel-source,https://www.suse.com/security/cve/CVE-2018-1068,"A flaw was found in the Linux 4.x kernel's implementation of 32-bit syscall interface for bridging. This allowed a privileged user to arbitrarily write to a limited range of kernel memory.",Released
20180314,CVE-2017-18229,4,6.5,1076182,ImageMagick,https://www.suse.com/security/cve/CVE-2017-18229,"An issue was discovered in GraphicsMagick 1.3.26. An allocation failure vulnerability was found in the function ReadTIFFImage in coders/tiff.c, which allows attackers to cause a denial of service via a crafted file, because file size is not properly used to restrict scanline, strip, and tile allocations.",Affected
20180314,CVE-2017-18230,4,6.5,1085233,ImageMagick,https://www.suse.com/security/cve/CVE-2017-18230,"An issue was discovered in GraphicsMagick 1.3.26. A NULL pointer dereference vulnerability was found in the function ReadCINEONImage in coders/cineon.c, which allows attackers to cause a denial of service via a crafted file.",Affected
20180314,CVE-2018-1000121,4,7.5,1084524,curl,https://www.suse.com/security/cve/CVE-2018-1000121,"A NULL pointer dereference exists in curl 7.21.0 to and including curl 7.58.0 in the LDAP code that allows an attacker to cause a denial of service",Released
20180315,CVE-2017-18232,3.1,5.5,1085413,kernel-source,https://www.suse.com/security/cve/CVE-2017-18232,"The Serial Attached SCSI (SAS) implementation in the Linux kernel through 4.15.9 mishandles a mutex within libsas, which allows local users to cause a denial of service (deadlock) by triggering certain error-handling code.",Ignore
20180316,CVE-2017-18234,5.3,7.8,1085585,exempi,https://www.suse.com/security/cve/CVE-2017-18234,"An issue was discovered in Exempi before 2.4.3. It allows remote attackers to cause a denial of service (invalid memcpy with resultant use-after-free) or possibly have unspecified other impact via a .pdf file containing JPEG data, related to XMPFiles/source/FormatSupport/ReconcileTIFF.cpp, XMPFiles/source/FormatSupport/TIFF_MemoryReader.cpp, and XMPFiles/source/FormatSupport/TIFF_Support.hpp.",Released
20180319,CVE-2018-7544,5.3,9.1,1085803,openvpn,https://www.suse.com/security/cve/CVE-2018-7544,"** DISPUTED ** A cross-protocol scripting issue was discovered in the management interface in OpenVPN through 2.4.5. When this interface is enabled over TCP without a password, and when no other clients are connected to this interface, attackers can execute arbitrary management commands, obtain sensitive information, or cause a denial of service (SIGTERM) by triggering XMLHttpRequest actions in a web browser. This is demonstrated by a multipart/form-data POST to http://localhost:23000 with a \"signal SIGTERM\" command in a TEXTAREA element. NOTE: The vendor disputes that this is a vulnerability. They state that this is the result of improper configuration of the OpenVPN instance rather than an intrinsic vulnerability, and now more explicitly warn against such configurations in both the management-interface documentation, and with a runtime warning.",Affected
20180319,CVE-2018-8740,4,7.5,1085790,sqlite3,https://www.suse.com/security/cve/CVE-2018-8740,"In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c.",Released
20180320,CVE-2018-7730,3.3,5.5,1085295,exempi,https://www.suse.com/security/cve/CVE-2018-7730,"An issue was discovered in Exempi through 2.4.4. A certain case of a 0xffffffff length is mishandled in XMPFiles/source/FormatSupport/PSIR_FileWriter.cpp, leading to a heap-based buffer over-read in the PSD_MetaHandler::CacheFileData() function.",Released
20180320,CVE-2018-8804,3.3,8.8,1086011,ImageMagick,https://www.suse.com/security/cve/CVE-2018-8804,"WriteEPTImage in coders/ept.c in ImageMagick 7.0.7-25 Q16 allows remote attackers to cause a denial of service (MagickCore/memory.c double free and application crash) or possibly have unspecified other impact via a crafted file.",Released
20180321,CVE-2018-8822,6.4,7.8,1086162,kernel-source,https://www.suse.com/security/cve/CVE-2018-8822,"Incorrect buffer length handling in the ncp_read_kernel function in fs/ncpfs/ncplib_kernel.c in the Linux kernel through 4.15.11, and in drivers/staging/ncpfs/ncplib_kernel.c in the Linux kernel 4.16-rc through 4.16-rc6, could be exploited by malicious NCPFS servers to crash the kernel or execute code.",Released
20180322,CVE-2017-18241,,5.5,1086400,kernel-source,https://www.suse.com/security/cve/CVE-2017-18241,"fs/f2fs/segment.c in the Linux kernel before 4.13 allows local users to cause a denial of service (NULL pointer dereference and panic) by using a noflush_merge option that triggers a NULL value for a flush_cmd_control data structure.",Unsupported
20180322,CVE-2018-8905,5.3,8.8,1086408,tiff,https://www.suse.com/security/cve/CVE-2018-8905,"In LibTIFF 4.0.9, a heap-based buffer overflow occurs in the function LZWDecodeCompat in tif_lzw.c via a crafted TIFF file, as demonstrated by tiff2ps.",Released
20180323,CVE-2018-8945,3.3,5.5,1086608,binutils,https://www.suse.com/security/cve/CVE-2018-8945,"The bfd_section_from_shdr function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (segmentation fault) via a large attribute section.",Unsupported
20180326,CVE-2017-15710,5.3,7.5,1086776,apache2,https://www.suse.com/security/cve/CVE-2017-15710,"In Apache httpd 2.0.23 to 2.0.65, 2.2.0 to 2.2.34, and 2.4.0 to 2.4.29, mod_authnz_ldap, if configured with AuthLDAPCharsetConfig, uses the Accept-Language header value to lookup the right charset encoding when verifying the user's credentials. If the header value is not present in the charset conversion table, a fallback mechanism is used to truncate it to a two characters value to allow a quick retry (for example, 'en-US' is truncated to 'en'). A header value of less than two characters forces an out of bound write of one NUL byte to a memory location that is not part of the string. In the worst case, quite unlikely, the process would crash which could be used as a Denial of Service attack. In the more likely case, this memory is already reserved for future use and the issue has no effect at all.",Released
20180326,CVE-2018-1301,7.5,5.9,1086817,apache2,https://www.suse.com/security/cve/CVE-2018-1301,"A specially crafted request could have crashed the Apache HTTP Server prior to version 2.4.30, due to an out of bound access after a size limit is reached by reading the HTTP header. This vulnerability is considered very hard if not impossible to trigger in non-debug mode (both log and build level), so it is classified as low risk for common server usage.",Released
20180326,CVE-2018-1312,5.9,9.8,1086775,apache2,https://www.suse.com/security/cve/CVE-2018-1312,"In Apache httpd 2.2.0 to 2.4.29, when generating an HTTP Digest authentication challenge, the nonce sent to prevent reply attacks was not correctly generated using a pseudo-random seed. In a cluster of servers using a common Digest authentication configuration, HTTP requests could be replayed across servers by an attacker without detection.",Released
20180326,CVE-2018-7568,3.3,5.5,1086788,binutils,https://www.suse.com/security/cve/CVE-2018-7568,"The parse_die function in dwarf1.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (integer overflow and application crash) via an ELF file with corrupt dwarf1 debug information, as demonstrated by nm.",Ignore
20180326,CVE-2018-7642,3.3,5.5,1086786,binutils,https://www.suse.com/security/cve/CVE-2018-7642,"The swap_std_reloc_in function in aoutx.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (aout_32_swap_std_reloc_out NULL pointer dereference and application crash) via a crafted ELF file, as demonstrated by objcopy.",Ignore
20180326,CVE-2018-7643,3.3,7.8,1086784,binutils,https://www.suse.com/security/cve/CVE-2018-7643,"The display_debug_ranges function in dwarf.c in GNU Binutils 2.30 allows remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact via a crafted ELF file, as demonstrated by objdump.",Ignore
20180326,CVE-2018-8960,4,8.8,1086782,ImageMagick,https://www.suse.com/security/cve/CVE-2018-8960,"The ReadTIFFImage function in coders/tiff.c in ImageMagick 7.0.7-26 Q16 does not properly restrict memory allocation, leading to a heap-based buffer over-read.",Released
20180326,CVE-2018-8977,3.3,6.5,1086798,exiv2,https://www.suse.com/security/cve/CVE-2018-8977,"In Exiv2 0.26, the Exiv2::Internal::printCsLensFFFF function in canonmn_int.cpp allows remote attackers to cause a denial of service (invalid memory access) via a crafted file.",Ignore
20180326,CVE-2018-9018,4,6.5,1086773,ImageMagick,https://www.suse.com/security/cve/CVE-2018-9018,"In GraphicsMagick 1.3.28, there is a divide-by-zero in the ReadMNGImage function of coders/png.c. Remote attackers could leverage this vulnerability to cause a crash and denial of service via a crafted mng file.",Released
20180327,CVE-2017-18251,3.3,6.5,1087037,ImageMagick,https://www.suse.com/security/cve/CVE-2017-18251,"An issue was discovered in ImageMagick 7.0.7. A memory leak vulnerability was found in the function ReadPCDImage in coders/pcd.c, which allow remote attackers to cause a denial of service via a crafted file.",Released
20180327,CVE-2017-18252,5.5,6.5,1087033,ImageMagick,https://www.suse.com/security/cve/CVE-2017-18252,"An issue was discovered in ImageMagick 7.0.7. The MogrifyImageList function in MagickWand/mogrify.c allows attackers to cause a denial of service (assertion failure and application exit in ReplaceImageInList) via a crafted file.",Released
20180327,CVE-2017-18254,3.3,6.5,1087027,ImageMagick,https://www.suse.com/security/cve/CVE-2017-18254,"An issue was discovered in ImageMagick 7.0.7. A memory leak vulnerability was found in the function WriteGIFImage in coders/gif.c, which allow remote attackers to cause a denial of service via a crafted file.",Released
20180327,CVE-2018-0739,7.5,6.5,1087102,openssl,https://www.suse.com/security/cve/CVE-2018-0739,"Constructed ASN.1 types with a recursive definition (such as can be found in PKCS7) could eventually exceed the stack given malicious input with excessive recursion. This could result in a Denial Of Service attack. There are no such structures used within SSL/TLS that come from untrusted sources so this is considered safe. Fixed in OpenSSL 1.1.0h (Affected 1.1.0-1.1.0g). Fixed in OpenSSL 1.0.2o (Affected 1.0.2b-1.0.2n).",Released
20180327,CVE-2018-1083,7.5,7.8,1087026,zsh,https://www.suse.com/security/cve/CVE-2018-1083,"Zsh before version 5.4.2-test-1 is vulnerable to a buffer overflow in the shell autocomplete functionality. A local unprivileged user can create a specially crafted directory path which leads to code execution in the context of the user who tries to use autocomplete to traverse the before mentioned path. If the user affected is privileged, this leads to privilege escalation.",Released
20180327,CVE-2018-1092,4.4,5.5,1087012,kernel-source,https://www.suse.com/security/cve/CVE-2018-1092,"The ext4_iget function in fs/ext4/inode.c in the Linux kernel through 4.15.15 mishandles the case of a root directory with a zero i_links_count, which allows attackers to cause a denial of service (ext4_process_freed_data NULL pointer dereference and OOPS) via a crafted ext4 image.",Ignore
20180327,CVE-2018-1093,4.4,5.5,1087082,kernel-source,https://www.suse.com/security/cve/CVE-2018-1093,"The ext4_valid_block_bitmap function in fs/ext4/balloc.c in the Linux kernel through 4.15.15 allows attackers to cause a denial of service (out-of-bounds read and system crash) via a crafted ext4 image because balloc.c and ialloc.c do not validate bitmap block numbers.",Ignore
20180327,CVE-2018-1094,4.4,5.5,1087007,kernel-source,https://www.suse.com/security/cve/CVE-2018-1094,"The ext4_fill_super function in fs/ext4/super.c in the Linux kernel through 4.15.15 does not always initialize the crc32c checksum driver, which allows attackers to cause a denial of service (ext4_xattr_inode_hash NULL pointer dereference and system crash) via a crafted ext4 image.",Ignore
20180327,CVE-2018-3620,5.6,5.6,1087078,kernel-source,https://www.suse.com/security/cve/CVE-2018-3620,"Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a terminal page fault and a side-channel analysis.",Released
20180327,CVE-2018-3639,4.3,5.5,1074701,kernel-bigmem,https://www.suse.com/security/cve/CVE-2018-3639,"Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4.",Released
20180327,CVE-2018-3639,4.3,5.5,1074701,kernel-default,https://www.suse.com/security/cve/CVE-2018-3639,"Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4.",Released
20180327,CVE-2018-3639,4.3,5.5,1074701,kernel-ec2,https://www.suse.com/security/cve/CVE-2018-3639,"Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4.",Released
20180327,CVE-2018-3639,4.3,5.5,1074701,kernel-pae,https://www.suse.com/security/cve/CVE-2018-3639,"Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4.",Released
20180327,CVE-2018-3639,4.3,5.5,1074701,kernel-ppc64,https://www.suse.com/security/cve/CVE-2018-3639,"Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4.",Released
20180327,CVE-2018-3639,4.3,5.5,1074701,kernel-source,https://www.suse.com/security/cve/CVE-2018-3639,"Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4.",Released
20180327,CVE-2018-3639,4.3,5.5,1074701,kernel-syms,https://www.suse.com/security/cve/CVE-2018-3639,"Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4.",Released
20180327,CVE-2018-3639,4.3,5.5,1074701,kernel-trace,https://www.suse.com/security/cve/CVE-2018-3639,"Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4.",Released
20180327,CVE-2018-3639,4.3,5.5,1074701,kernel-xen,https://www.suse.com/security/cve/CVE-2018-3639,"Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4.",Released
20180327,CVE-2018-3639,4.3,5.5,1074701,kvm,https://www.suse.com/security/cve/CVE-2018-3639,"Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4.",Released
20180327,CVE-2018-3639,4.3,5.5,1074701,libvirt,https://www.suse.com/security/cve/CVE-2018-3639,"Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4.",Released
20180327,CVE-2018-3639,4.3,5.5,1074701,microcode_ctl,https://www.suse.com/security/cve/CVE-2018-3639,"Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4.",Released
20180327,CVE-2018-3639,4.3,5.5,1074701,xen,https://www.suse.com/security/cve/CVE-2018-3639,"Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4.",Released
20180327,CVE-2018-3690,7.1,,1087084,kernel-source,https://www.suse.com/security/cve/CVE-2018-3690,"** REJECT **  DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-3693. Reason: This issue was MERGED into CVE-2018-3693 in accordance with CVE content decisions. Notes: All CVE users should reference CVE-2018-3693 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.",Ignore
20180327,CVE-2018-3691,6,4.7,1087082,kernel-source,https://www.suse.com/security/cve/CVE-2018-3691,"Some implementations in Intel Integrated Performance Primitives Cryptography Library before version 2018 U3.1 do not properly ensure constant execution time.",Released
20180327,CVE-2018-3691,6,4.7,1087082,xen,https://www.suse.com/security/cve/CVE-2018-3691,"Some implementations in Intel Integrated Performance Primitives Cryptography Library before version 2018 U3.1 do not properly ensure constant execution time.",Released
20180327,CVE-2018-3694,5.5,,1087088,kernel-source,https://www.suse.com/security/cve/CVE-2018-3694,"** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none.",Released
20180327,CVE-2018-3694,5.5,,1087088,xen,https://www.suse.com/security/cve/CVE-2018-3694,"** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none.",Unsupported
20180327,CVE-2018-9055,3.3,5.5,1087020,jasper,https://www.suse.com/security/cve/CVE-2018-9055,"JasPer 2.0.14 allows denial of service via a reachable assertion in the function jpc_firstone in libjasper/jpc/jpc_math.c.",Released
20180328,CVE-2018-3640,4.3,5.6,1074701,microcode_ctl,https://www.suse.com/security/cve/CVE-2018-3640,"Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may allow unauthorized disclosure of system parameters to an attacker with local user access via a side-channel analysis, aka Rogue System Register Read (RSRE), Variant 3a.",Released
20180329,CVE-2017-17742,4.7,5.3,1087434,ruby,https://www.suse.com/security/cve/CVE-2017-17742,"Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1 allows an HTTP Response Splitting attack. An attacker can inject a crafted key and value into an HTTP response for the HTTP server of WEBrick.",Affected
20180329,CVE-2018-6914,3.7,7.5,1087441,ruby,https://www.suse.com/security/cve/CVE-2018-6914,"Directory traversal vulnerability in the Dir.mktmpdir method in the tmpdir library in Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1 might allow attackers to create arbitrary directories or files via a .. (dot dot) in the prefix argument.",Affected
20180329,CVE-2018-8777,7.5,7.5,1087436,ruby,https://www.suse.com/security/cve/CVE-2018-8777,"In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, an attacker can pass a large HTTP request with a crafted header to WEBrick server or a crafted body to WEBrick server/handler and cause a denial of service (memory consumption).",Affected
20180329,CVE-2018-8778,6.5,7.5,1087433,ruby,https://www.suse.com/security/cve/CVE-2018-8778,"In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, an attacker controlling the unpacking format (similar to format string vulnerabilities) can trigger a buffer under-read in the String#unpack method, resulting in a massive and controlled information disclosure.",Affected
20180329,CVE-2018-8779,3.7,7.5,1087440,ruby,https://www.suse.com/security/cve/CVE-2018-8779,"In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, the UNIXServer.open and UNIXSocket.open methods are not checked for null characters. It may be connected to an unintended socket.",Affected
20180329,CVE-2018-8780,3.7,9.1,1087437,ruby,https://www.suse.com/security/cve/CVE-2018-8780,"In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, the Dir.open, Dir.new, Dir.entries and Dir.empty? methods do not check NULL characters. When using the corresponding method, unintentional directory traversal may be performed.",Affected
20180403,CVE-2018-9146,,8.1,1080736,exiv2,https://www.suse.com/security/cve/CVE-2018-9146,"** REJECT **  DO NOT USE THIS CANDIDATE NUMBER.  ConsultIDs: CVE-2017-17724.  Reason: This candidate is a reservation duplicate of CVE-2017-17724.  Notes: All CVE users should reference CVE-2017-17724 instead of this candidate.  All references and descriptions in this candidate have been removed to prevent accidental usage.",Ignore
20180404,CVE-2018-1060,3.3,7.5,1088009,python,https://www.suse.com/security/cve/CVE-2018-1060,"python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in pop3lib's apop() method. An attacker could use this flaw to cause denial of service.",Released
20180404,CVE-2018-1061,5.5,7.5,1088004,python,https://www.suse.com/security/cve/CVE-2018-1061,"python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in the difflib.IS_LINE_JUNK method.  An attacker could use this flaw to cause denial of service.",Released
20180404,CVE-2018-9138,3.3,5.5,1088016,binutils,https://www.suse.com/security/cve/CVE-2018-9138,"An issue was discovered in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.29 and 2.30. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there are recursive stack frames: demangle_nested_args, demangle_args, do_arg, and do_type.",Unsupported
20180405,CVE-2017-0861,7,7.8,1088260,kernel-source,https://www.suse.com/security/cve/CVE-2017-0861,"Use-after-free vulnerability in the snd_pcm_info function in the ALSA subsystem in the Linux kernel allows attackers to gain privileges via unspecified vectors.",Released
20180405,CVE-2017-18257,,5.5,1088241,kernel-source,https://www.suse.com/security/cve/CVE-2017-18257,"The __get_data_block function in fs/f2fs/data.c in the Linux kernel before 4.11 allows local users to cause a denial of service (integer overflow and loop) via crafted use of the open and fallocate system calls with an FS_IOC_FIEMAP ioctl.",Unsupported
20180405,CVE-2018-9252,3.3,6.5,1088278,jasper,https://www.suse.com/security/cve/CVE-2018-9252,"JasPer 2.0.14 allows denial of service via a reachable assertion in the function jpc_abstorelstepsize in libjasper/jpc/jpc_enc.c.",Released
20180405,CVE-2018-9256,5.3,7.5,1088200,wireshark,https://www.suse.com/security/cve/CVE-2018-9256,"In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the LWAPP dissector could crash. This was addressed in epan/dissectors/packet-lwapp.c by limiting the encapsulation levels to restrict the recursion depth.",Released
20180405,CVE-2018-9257,5.3,7.5,1088200,wireshark,https://www.suse.com/security/cve/CVE-2018-9257,"In Wireshark 2.4.0 to 2.4.5, the CQL dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-cql.c by checking for a nonzero number of columns.",Released
20180405,CVE-2018-9258,5.3,7.5,1088200,wireshark,https://www.suse.com/security/cve/CVE-2018-9258,"In Wireshark 2.4.0 to 2.4.5, the TCP dissector could crash. This was addressed in epan/dissectors/packet-tcp.c by preserving valid data sources.",Released
20180405,CVE-2018-9259,5.3,7.5,1088200,wireshark,https://www.suse.com/security/cve/CVE-2018-9259,"In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the MP4 dissector could crash. This was addressed in epan/dissectors/file-mp4.c by restricting the box recursion depth.",Released
20180405,CVE-2018-9260,5.3,7.5,1088200,wireshark,https://www.suse.com/security/cve/CVE-2018-9260,"In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the IEEE 802.15.4 dissector could crash. This was addressed in epan/dissectors/packet-ieee802154.c by ensuring that an allocation step occurs.",Released
20180405,CVE-2018-9261,5.3,7.5,1088200,wireshark,https://www.suse.com/security/cve/CVE-2018-9261,"In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the NBAP dissector could crash with a large loop that ends with a heap-based buffer overflow. This was addressed in epan/dissectors/packet-nbap.c by prohibiting the self-linking of DCH-IDs.",Released
20180405,CVE-2018-9262,5.3,7.5,1088200,wireshark,https://www.suse.com/security/cve/CVE-2018-9262,"In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the VLAN dissector could crash. This was addressed in epan/dissectors/packet-vlan.c by limiting VLAN tag nesting to restrict the recursion depth.",Released
20180405,CVE-2018-9263,5.3,7.5,1088200,wireshark,https://www.suse.com/security/cve/CVE-2018-9263,"In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the Kerberos dissector could crash. This was addressed in epan/dissectors/packet-kerberos.c by ensuring a nonzero key length.",Released
20180405,CVE-2018-9264,5.3,7.5,1088200,wireshark,https://www.suse.com/security/cve/CVE-2018-9264,"In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the ADB dissector could crash with a heap-based buffer overflow. This was addressed in epan/dissectors/packet-adb.c by checking for a length inconsistency.",Released
20180405,CVE-2018-9265,5.3,7.5,1088200,wireshark,https://www.suse.com/security/cve/CVE-2018-9265,"In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-tn3270.c has a memory leak.",Released
20180405,CVE-2018-9266,5.3,7.5,1088200,wireshark,https://www.suse.com/security/cve/CVE-2018-9266,"In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-isup.c has a memory leak.",Released
20180405,CVE-2018-9267,5.3,7.5,1088200,wireshark,https://www.suse.com/security/cve/CVE-2018-9267,"In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-lapd.c has a memory leak.",Released
20180405,CVE-2018-9268,5.3,7.5,1088200,wireshark,https://www.suse.com/security/cve/CVE-2018-9268,"In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-smb2.c has a memory leak.",Released
20180405,CVE-2018-9269,5.3,7.5,1088200,wireshark,https://www.suse.com/security/cve/CVE-2018-9269,"In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-giop.c has a memory leak.",Released
20180405,CVE-2018-9270,5.3,7.5,1088200,wireshark,https://www.suse.com/security/cve/CVE-2018-9270,"In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/oids.c has a memory leak.",Released
20180405,CVE-2018-9271,5.3,7.5,1088200,wireshark,https://www.suse.com/security/cve/CVE-2018-9271,"In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-multipart.c has a memory leak.",Released
20180405,CVE-2018-9272,5.3,7.5,1088200,wireshark,https://www.suse.com/security/cve/CVE-2018-9272,"In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-h223.c has a memory leak.",Released
20180405,CVE-2018-9273,5.3,7.5,1088200,wireshark,https://www.suse.com/security/cve/CVE-2018-9273,"In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-pcp.c has a memory leak.",Released
20180405,CVE-2018-9274,5.3,7.5,1088200,wireshark,https://www.suse.com/security/cve/CVE-2018-9274,"In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, ui/failure_message.c has a memory leak.",Released
20180406,CVE-2018-1000156,7.8,7.8,1088420,patch,https://www.suse.com/security/cve/CVE-2018-1000156,"GNU Patch version 2.7.6 contains an input validation vulnerability when processing patch files, specifically the EDITOR_PROGRAM invocation (using ed) can result in code execution. This attack appear to be exploitable via a patch file processed via the patch utility. This is similar to FreeBSD's CVE-2015-1418 however although they share a common ancestry the code bases have diverged over time.",Released
20180406,CVE-2018-9303,3.3,6.5,1088421,exiv2,https://www.suse.com/security/cve/CVE-2018-9303,"In Exiv2 0.26, an assertion failure in BigTiffImage::readData in bigtiffimage.cpp results in an abort.",Ignore
20180406,CVE-2018-9304,3.3,6.5,1088422,exiv2,https://www.suse.com/security/cve/CVE-2018-9304,"In Exiv2 0.26, a divide by zero in BigTiffImage::printIFD in bigtiffimage.cpp could result in denial of service.",Ignore
20180411,CVE-2018-1100,7.5,7.8,1089030,zsh,https://www.suse.com/security/cve/CVE-2018-1100,"zsh through version 5.4.2 is vulnerable to a stack-based buffer overflow in the utils.c:checkmailpath function. A local attacker could exploit this to execute arbitrary code in the context of another user.",Released
20180411,CVE-2018-9996,3.3,5.5,1089050,binutils,https://www.suse.com/security/cve/CVE-2018-9996,"An issue was discovered in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there are recursive stack frames: demangle_template_value_parm, demangle_integral_value, and demangle_expression.",Unsupported
20180412,CVE-2018-10021,4.7,5.5,1087082,kernel-source,https://www.suse.com/security/cve/CVE-2018-10021,"** DISPUTED ** drivers/scsi/libsas/sas_scsi_host.c in the Linux kernel before 4.16 allows local users to cause a denial of service (ata qc leak) by triggering certain failure conditions. NOTE: a third party disputes the relevance of this report because the failure can only occur for physically proximate attackers who unplug SAS Host Bus Adapter cables.",Released
20180414,CVE-2018-10087,4,5.5,1087082,kernel-source,https://www.suse.com/security/cve/CVE-2018-10087,"The kernel_wait4 function in kernel/exit.c in the Linux kernel before 4.13, when an unspecified architecture and compiler is used, might allow local users to cause a denial of service by triggering an attempted use of the -INT_MIN value.",Released
20180416,CVE-2018-0737,4.7,5.9,1089039,openssl,https://www.suse.com/security/cve/CVE-2018-0737,"The OpenSSL RSA Key generation algorithm has been shown to be vulnerable to a cache timing side channel attack. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could recover the private key. Fixed in OpenSSL 1.1.0i-dev (Affected 1.1.0-1.1.0h). Fixed in OpenSSL 1.0.2p-dev (Affected 1.0.2b-1.0.2o).",Released
20180416,CVE-2018-10074,,5.5,1089674,kernel-source,https://www.suse.com/security/cve/CVE-2018-10074,"The hi3660_stub_clk_probe function in drivers/clk/hisilicon/clk-hi3660-stub.c in the Linux kernel before 4.16 allows local users to cause a denial of service (NULL pointer dereference) by triggering a failure of resource retrieval.",Analysis
20180416,CVE-2018-10124,4,5.5,1087082,kernel-source,https://www.suse.com/security/cve/CVE-2018-10124,"The kill_something_info function in kernel/signal.c in the Linux kernel before 4.13, when an unspecified architecture and compiler is used, might allow local users to cause a denial of service via an INT_MIN argument.",Released
20180417,CVE-2018-1000199,7.1,5.5,1089895,kernel-source,https://www.suse.com/security/cve/CVE-2018-1000199,"The Linux Kernel version 3.18 contains a dangerous feature vulnerability in modify_user_hw_breakpoint() that can result in crash and possibly memory corruption. This attack appear to be exploitable via local code execution and the ability to use ptrace. This vulnerability appears to have been fixed in git commit f67b15037a7a50c57f72e69a6d59941ad90a0f0f.",Released
20180417,CVE-2018-10177,5.5,6.5,1089781,ImageMagick,https://www.suse.com/security/cve/CVE-2018-10177,"In ImageMagick 7.0.7-28, there is an infinite loop in the ReadOneMNGImage function of the coders/png.c file. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted mng file.",Released
20180417,CVE-2018-1087,7.8,7.8,1087088,kernel-source,https://www.suse.com/security/cve/CVE-2018-1087,"kernel KVM before versions kernel 4.16, kernel 4.16-rc7, kernel 4.17-rc1, kernel 4.17-rc2 and kernel 4.17-rc3 is vulnerable to a flaw in the way the Linux kernel's KVM hypervisor handled exceptions delivered after a stack switch operation via Mov SS or Pop SS instructions. During the stack switch operation, the processor did not deliver interrupts and exceptions, rather they are delivered once the first instruction after the stack switch is executed. An unprivileged KVM guest user could use this flaw to crash the guest or, potentially, escalate their privileges in the guest.",Released
20180417,CVE-2018-1087,7.8,7.8,1087088,xen,https://www.suse.com/security/cve/CVE-2018-1087,"kernel KVM before versions kernel 4.16, kernel 4.16-rc7, kernel 4.17-rc1, kernel 4.17-rc2 and kernel 4.17-rc3 is vulnerable to a flaw in the way the Linux kernel's KVM hypervisor handled exceptions delivered after a stack switch operation via Mov SS or Pop SS instructions. During the stack switch operation, the processor did not deliver interrupts and exceptions, rather they are delivered once the first instruction after the stack switch is executed. An unprivileged KVM guest user could use this flaw to crash the guest or, potentially, escalate their privileges in the guest.",Unsupported
20180417,CVE-2018-8897,7,7.8,1087078,kernel-source,https://www.suse.com/security/cve/CVE-2018-8897,"A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for #DB exceptions that are deferred by MOV SS or POP SS, as demonstrated by (for example) privilege escalation in Windows, macOS, some Xen configurations, or FreeBSD, or a Linux kernel crash. The MOV to SS and POP SS instructions inhibit interrupts (including NMIs), data breakpoints, and single step trap exceptions until the instruction boundary following the next instruction (SDM Vol. 3A; section 6.8.3). (The inhibited data breakpoints are those on memory accessed by the MOV to SS or POP to SS instruction itself.) Note that debug exceptions are not inhibited by the interrupt enable (EFLAGS.IF) system flag (SDM Vol. 3A; section 2.3). If the instruction following the MOV to SS or POP to SS instruction is an instruction like SYSCALL, SYSENTER, INT 3, etc. that transfers control to the operating system at CPL < 3, the debug exception is delivered after the transfer to CPL < 3 is complete. OS kernels may not expect this order of events and may therefore experience unexpected behavior when it occurs.",Released
20180417,CVE-2018-8897,7,7.8,1087078,xen,https://www.suse.com/security/cve/CVE-2018-8897,"A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for #DB exceptions that are deferred by MOV SS or POP SS, as demonstrated by (for example) privilege escalation in Windows, macOS, some Xen configurations, or FreeBSD, or a Linux kernel crash. The MOV to SS and POP SS instructions inhibit interrupts (including NMIs), data breakpoints, and single step trap exceptions until the instruction boundary following the next instruction (SDM Vol. 3A; section 6.8.3). (The inhibited data breakpoints are those on memory accessed by the MOV to SS or POP to SS instruction itself.) Note that debug exceptions are not inhibited by the interrupt enable (EFLAGS.IF) system flag (SDM Vol. 3A; section 2.3). If the instruction following the MOV to SS or POP to SS instruction is an instruction like SYSCALL, SYSENTER, INT 3, etc. that transfers control to the operating system at CPL < 3, the debug exception is delivered after the transfer to CPL < 3 is complete. OS kernels may not expect this order of events and may therefore experience unexpected behavior when it occurs.",Unsupported
20180418,CVE-2018-10194,7,7.8,1090099,ghostscript-library,https://www.suse.com/security/cve/CVE-2018-10194,"The set_text_distance function in devices/vector/gdevpdts.c in the pdfwrite component in Artifex Ghostscript through 9.22 does not prevent overflows in text-positioning calculation, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document.",Released
20180418,CVE-2018-10195,4.4,7.1,1090051,rzsz,https://www.suse.com/security/cve/CVE-2018-10195,"lrzsz before version 0.12.21~rc can leak information to the receiving side due to an incorrect length check in the function zsdata that causes a size_t to wrap around.",Released
20180418,CVE-2018-1172,7.5,5.9,1090089,squid3,https://www.suse.com/security/cve/CVE-2018-1172,"This vulnerability allows remote attackers to deny service on vulnerable installations of The Squid Software Foundation Squid 3.5.27-20180318. Authentication is not required to exploit this vulnerability. The specific flaw exists within ClientRequestContext::sslBumpAccessCheck(). A crafted request can trigger the dereference of a null pointer. An attacker can leverage this vulnerability to create a denial-of-service condition to users of the system. Was ZDI-CAN-6088.",Released
20180418,CVE-2018-2783,7.4,7.4,1090022,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2018-2783,"Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u181, 7u161 and 8u152; Java SE Embedded: 8u152; JRockit: R28.3.17. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, JRockit accessible data as well as unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).",Released
20180418,CVE-2018-2790,,3.1,1090023,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2018-2790,"Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N).",Released
20180418,CVE-2018-2794,7,7.7,1090024,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2018-2794,"Vulnerability in the Java SE, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162, 10 and JRockit: R28.3.17. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Java SE, JRockit executes to compromise Java SE, JRockit. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 7.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).",Released
20180418,CVE-2018-2795,5.3,5.3,1090025,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2018-2795,"Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).",Released
20180418,CVE-2018-2796,5.3,5.3,1090026,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2018-2796,"Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Concurrency). Supported versions that are affected are Java SE: 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).",Released
20180418,CVE-2018-2797,5.3,5.3,1090027,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2018-2797,"Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JMX). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).",Released
20180418,CVE-2018-2798,5.3,5.3,1090028,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2018-2798,"Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).",Unsupported
20180418,CVE-2018-2799,5.3,5.3,1090029,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2018-2799,"Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JAXP). Supported versions that are affected are Java SE: 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).",Released
20180418,CVE-2018-2800,4.2,4.2,1090030,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2018-2800,"Vulnerability in the Java SE, JRockit component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 6u181, 7u171 and 8u162; JRockit: R28.3.17. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, JRockit. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, JRockit accessible data as well as unauthorized read access to a subset of Java SE, JRockit accessible data. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 4.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N).",Released
20180418,CVE-2018-2814,7.5,8.3,1090032,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2018-2814,"Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).",Released
20180418,CVE-2018-2815,5.3,5.3,1090033,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2018-2815,"Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).",Released
20180419,CVE-2017-18261,,5.5,1090225,kernel-source,https://www.suse.com/security/cve/CVE-2017-18261,"The arch_timer_reg_read_stable macro in arch/arm64/include/asm/arch_timer.h in the Linux kernel before 4.13 allows local users to cause a denial of service (infinite recursion) by writing to a file under /sys/kernel/debug in certain circumstances, as demonstrated by a scenario involving debugfs, ftrace, PREEMPT_TRACER, and FUNCTION_GRAPH_TRACER.",Unsupported
20180419,CVE-2018-2825,,8.3,1090196,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2018-2825,"Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Libraries). The supported version that is affected is Java SE: 10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).",Released
20180424,CVE-2017-17833,7,9.8,1090638,openslp,https://www.suse.com/security/cve/CVE-2017-17833,"OpenSLP releases in the 1.0.2 and 1.1.0 code streams have a heap-related memory corruption issue which may manifest itself as a denial-of-service or a remote code-execution vulnerability.",Released
20180426,CVE-2017-6888,4,5.5,1091045,flac,https://www.suse.com/security/cve/CVE-2017-6888,"An error in the \"read_metadata_vorbiscomment_()\" function (src/libFLAC/stream_decoder.c) in FLAC version 1.3.2 can be exploited to cause a memory leak via a specially crafted FLAC file.",Affected
20180426,CVE-2018-10372,3.3,5.5,1091015,binutils,https://www.suse.com/security/cve/CVE-2018-10372,"process_cu_tu_index in dwarf.c in GNU Binutils 2.30 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted binary file, as demonstrated by readelf.",Unsupported
20180426,CVE-2018-10373,3.3,6.5,1090997,binutils,https://www.suse.com/security/cve/CVE-2018-10373,"concat_filename in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted binary file, as demonstrated by nm-new.",Unsupported
20180426,CVE-2018-10392,5.5,8.8,1091070,libvorbis,https://www.suse.com/security/cve/CVE-2018-10392,"mapping0_forward in mapping0.c in Xiph.Org libvorbis 1.3.6 does not validate the number of channels, which allows remote attackers to cause a denial of service (heap-based buffer overflow or over-read) or possibly have unspecified other impact via a crafted file.",Released
20180426,CVE-2018-10393,6.1,7.5,1091072,libvorbis,https://www.suse.com/security/cve/CVE-2018-10393,"bark_noise_hybridmp in psy.c in Xiph.Org libvorbis 1.3.6 has a stack-based buffer over-read.",Released
20180426,CVE-2018-3646,5.6,5.6,1087078,kernel-source,https://www.suse.com/security/cve/CVE-2018-3646,"Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access with guest OS privilege via a terminal page fault and a side-channel analysis.",Released
20180426,CVE-2018-3646,5.6,5.6,1087078,microcode_ctl,https://www.suse.com/security/cve/CVE-2018-3646,"Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access with guest OS privilege via a terminal page fault and a side-channel analysis.",Released
20180426,CVE-2018-3646,5.6,5.6,1087078,xen,https://www.suse.com/security/cve/CVE-2018-3646,"Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access with guest OS privilege via a terminal page fault and a side-channel analysis.",Released
20180430,CVE-2018-10471,,6.5,1089635,xen,https://www.suse.com/security/cve/CVE-2018-10471,"An issue was discovered in Xen through 4.10.x allowing x86 PV guest OS users to cause a denial of service (out-of-bounds zero write and hypervisor crash) via unexpected INT 80 processing, because of an incorrect fix for CVE-2017-5754.",Released
20180430,CVE-2018-10472,,5.6,1089152,xen,https://www.suse.com/security/cve/CVE-2018-10472,"An issue was discovered in Xen through 4.10.x allowing x86 HVM guest OS users (in certain configurations) to read arbitrary dom0 files via QMP live insertion of a CDROM, in conjunction with specifying the target file as the backing file of a snapshot.",Released
20180430,CVE-2018-10535,3.3,5.5,1091365,binutils,https://www.suse.com/security/cve/CVE-2018-10535,"The ignore_section_sym function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, does not validate the output_section pointer in the case of a symtab entry with a \"SECTION\" type that has a \"0\" value, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file, as demonstrated by objcopy.",Unsupported
20180430,CVE-2018-10545,6.5,4.7,1091367,php53,https://www.suse.com/security/cve/CVE-2018-10545,"An issue was discovered in PHP before 5.6.35, 7.0.x before 7.0.29, 7.1.x before 7.1.16, and 7.2.x before 7.2.4. Dumpable FPM child processes allow bypassing opcache access controls because fpm_unix.c makes a PR_SET_DUMPABLE prctl call, allowing one user (in a multiuser environment) to obtain sensitive information from the process memory of a second user's PHP applications by running gcore on the PID of the PHP-FPM worker process.",Released
20180430,CVE-2018-10546,5.3,7.5,1091363,php53,https://www.suse.com/security/cve/CVE-2018-10546,"An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. An infinite loop exists in ext/iconv/iconv.c because the iconv stream filter does not reject invalid multibyte sequences.",Released
20180430,CVE-2018-10547,6.3,6.1,1091362,php53,https://www.suse.com/security/cve/CVE-2018-10547,"An issue was discovered in ext/phar/phar_object.c in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. There is Reflected XSS on the PHAR 403 and 404 error pages via request data of a request for a .phar file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2018-5712.",Released
20180430,CVE-2018-10548,5.9,7.5,1091355,php53,https://www.suse.com/security/cve/CVE-2018-10548,"An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. ext/ldap/ldap.c allows remote LDAP servers to cause a denial of service (NULL pointer dereference and application crash) because of mishandling of the ldap_get_dn return value.",Released
20180502,CVE-2018-7685,7,7.8,1045735,libzypp,https://www.suse.com/security/cve/CVE-2018-7685,"The decoupled download and installation steps in libzypp before 17.5.0 could lead to a corrupted RPM being left in the cache, where a later call would not display the corrupted RPM warning and allow installation, a problem caused by malicious warnings only displayed during download.",Affected
20180503,CVE-2018-10675,5.5,7.8,1087082,kernel-source,https://www.suse.com/security/cve/CVE-2018-10675,"The do_get_mempolicy function in mm/mempolicy.c in the Linux kernel before 4.12.9 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted system calls.",Released
20180504,CVE-2018-10689,5.3,5.5,1091942,blktrace,https://www.suse.com/security/cve/CVE-2018-10689,"blktrace (aka Block IO Tracing) 1.2.0, as used with the Linux kernel and Android, has a buffer overflow in the dev_map_read function in btt/devmap.c because the device and devno arrays are too small, as demonstrated by an invalid free when using the btt program with a crafted file.",Affected
20180506,CVE-2018-0494,5.4,6.5,1092061,wget,https://www.suse.com/security/cve/CVE-2018-0494,"GNU Wget before 1.19.5 is prone to a cookie injection vulnerability in the resp_new function in http.c via a \r\n sequence in a continuation line.",Released
20180507,CVE-2018-9154,4,7.5,1092115,jasper,https://www.suse.com/security/cve/CVE-2018-9154,"There is a reachable abort in the function jpc_dec_process_sot in libjasper/jpc/jpc_dec.c of JasPer 2.0.14 that will lead to a remote denial of service attack by triggering an unexpected jas_alloc2 return value, a different vulnerability than CVE-2017-13745.",Released
20180508,CVE-2018-1000301,,9.1,1092098,curl,https://www.suse.com/security/cve/CVE-2018-1000301,"curl version curl 7.20.0 to and including curl 7.59.0 contains a CWE-126: Buffer Over-read vulnerability in denial of service that can result in curl can be tricked into reading data beyond the end of a heap based buffer used to store downloaded RTSP content.. This vulnerability appears to have been fixed in curl < 7.20.0 and curl >= 7.60.0.",Released
20180508,CVE-2018-1120,3.3,5.3,1087082,kernel-source,https://www.suse.com/security/cve/CVE-2018-1120,"A flaw was found affecting the Linux kernel before version 4.17. By mmap()ing a FUSE-backed file onto a process's memory containing command line arguments (or environment strings), an attacker can cause utilities from psutils or procps (such as ps, w) or any other program which makes a read() call to the /proc/<pid>/cmdline (or /proc/<pid>/environ) files to block indefinitely (denial of service) or for some controlled time (as a synchronization primitive for other attacks).",Ignore
20180508,CVE-2018-1121,3.9,5.9,1087082,kernel-source,https://www.suse.com/security/cve/CVE-2018-1121,"procps-ng, procps is vulnerable to a process hiding through race condition. Since the kernel's proc_pid_readdir() returns PID entries in ascending numeric order, a process occupying a high PID can use inotify events to determine when the process list is being scanned, and fork/exec to obtain a lower PID, thus avoiding enumeration. An unprivileged attacker can hide a process from procps-ng's utilities by exploiting a race condition in reading /proc/PID entries. This vulnerability affects procps and procps-ng up to version 3.3.15, newer versions might be affected also.",Won't fix
20180509,CVE-2018-10779,3.3,6.5,1092480,tiff,https://www.suse.com/security/cve/CVE-2018-10779,"TIFFWriteScanline in tif_write.c in LibTIFF 3.8.2 has a heap-based buffer over-read, as demonstrated by bmp2tiff.",Released
20180509,CVE-2018-10801,3.3,6.5,1092480,tiff,https://www.suse.com/security/cve/CVE-2018-10801,"TIFFClientOpen in tif_unix.c in LibTIFF 3.8.2 has memory leaks, as demonstrated by bmp2tiff.",Ignore
20180511,CVE-2017-18267,3.3,5.5,1092945,poppler,https://www.suse.com/security/cve/CVE-2017-18267,"The FoFiType1C::cvtGlyph function in fofi/FoFiType1C.cc in Poppler through 0.64.0 allows remote attackers to cause a denial of service (infinite recursion) via a crafted PDF file, as demonstrated by pdftops.",Unsupported
20180511,CVE-2018-10940,6.2,5.5,1087082,kernel-source,https://www.suse.com/security/cve/CVE-2018-10940,"The cdrom_ioctl_media_changed function in drivers/cdrom/cdrom.c in the Linux kernel before 4.16.6 allows local attackers to use a incorrect bounds check in the CDROM driver CDROM_MEDIA_CHANGED ioctl to read out kernel memory.",Released
20180511,CVE-2018-10958,3.3,6.5,1092952,exiv2,https://www.suse.com/security/cve/CVE-2018-10958,"In types.cpp in Exiv2 0.26, a large size value may lead to a SIGABRT during an attempt at memory allocation for an Exiv2::Internal::PngChunk::zlibUncompress call.",Ignore
20180511,CVE-2018-10981,,6.5,1090823,xen,https://www.suse.com/security/cve/CVE-2018-10981,"An issue was discovered in Xen through 4.10.x allowing x86 HVM guest OS users to cause a denial of service (host OS infinite loop) in situations where a QEMU device model attempts to make invalid transitions between states of a request.",Released
20180511,CVE-2018-10982,,8.8,1090822,xen,https://www.suse.com/security/cve/CVE-2018-10982,"An issue was discovered in Xen through 4.10.x allowing x86 HVM guest OS users to cause a denial of service (unexpectedly high interrupt number, array overrun, and hypervisor crash) or possibly gain hypervisor privileges by setting up an HPET timer to deliver interrupts in IO-APIC mode, aka vHPET interrupt injection.",Released
20180511,CVE-2018-1130,5.5,5.5,1092904,kernel-source,https://www.suse.com/security/cve/CVE-2018-1130,"Linux kernel before version 4.16-rc7 is vulnerable to a null pointer dereference in dccp_write_xmit() function in net/dccp/output.c in that allows a local user to cause a denial of service by a number of certain crafted system calls.",Released
20180516,CVE-2018-10196,3.3,5.5,1093447,graphviz,https://www.suse.com/security/cve/CVE-2018-10196,"NULL pointer dereference vulnerability in the rebuild_vlists function in lib/dotgen/conc.c in the dotgen library in Graphviz 2.40.1 allows remote attackers to cause a denial of service (application crash) via a crafted file.",Released
20180516,CVE-2018-10196,3.3,5.5,1093447,graphviz-plugins,https://www.suse.com/security/cve/CVE-2018-10196,"NULL pointer dereference vulnerability in the rebuild_vlists function in lib/dotgen/conc.c in the dotgen library in Graphviz 2.40.1 allows remote attackers to cause a denial of service (application crash) via a crafted file.",Released
20180516,CVE-2018-10999,4.4,6.5,1093474,exiv2,https://www.suse.com/security/cve/CVE-2018-10999,"An issue was discovered in Exiv2 0.26. The Exiv2::Internal::PngChunk::parseTXTChunk function has a heap-based buffer over-read.",Ignore
20180518,CVE-2018-11232,,5.5,1093846,kernel-source,https://www.suse.com/security/cve/CVE-2018-11232,"The etm_setup_aux function in drivers/hwtracing/coresight/coresight-etm-perf.c in the Linux kernel before 4.10.2 allows attackers to cause a denial of service (panic) because a parameter is incorrectly used as a local variable.",Analysis
20180522,CVE-2017-18270,4.4,7.1,1065999,kernel-source,https://www.suse.com/security/cve/CVE-2017-18270,"In the Linux kernel before 4.13.5, a local user could create keyrings for other users via keyctl commands, setting unwanted defaults or causing a denial of service.",Released
20180522,CVE-2017-18271,3.3,6.5,1094204,ImageMagick,https://www.suse.com/security/cve/CVE-2017-18271,"In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-22, an infinite loop vulnerability was found in the function ReadMIFFImage in coders/miff.c, which allows attackers to cause a denial of service (CPU exhaustion) via a crafted MIFF image file.",Released
20180522,CVE-2018-11236,7.8,9.8,1094161,glibc,https://www.suse.com/security/cve/CVE-2018-11236,"stdlib/canonicalize.c in the GNU C Library (aka glibc or libc6) 2.27 and earlier, when processing very long pathname arguments to the realpath function, could encounter an integer overflow on 32-bit architectures, leading to a stack-based buffer overflow and, potentially, arbitrary code execution.",Released
20180522,CVE-2018-11251,4.4,6.5,1094237,ImageMagick,https://www.suse.com/security/cve/CVE-2018-11251,"In ImageMagick 7.0.7-23 Q16 x86_64 2018-01-24, there is a heap-based buffer over-read in ReadSUNImage in coders/sun.c, which allows attackers to cause a denial of service (application crash in SetGrayscaleImage in MagickCore/quantize.c) via a crafted SUN image file.",Released
20180523,CVE-2017-13305,4,7.1,1094353,kernel-source,https://www.suse.com/security/cve/CVE-2017-13305,"A information disclosure vulnerability in the Upstream kernel encrypted-keys. Product: Android. Versions: Android kernel. Android ID: A-70526974.",Released
20180523,CVE-2018-11354,5.3,7.5,1094301,wireshark,https://www.suse.com/security/cve/CVE-2018-11354,"In Wireshark 2.6.0, the IEEE 1905.1a dissector could crash. This was addressed in epan/dissectors/packet-ieee1905.c by making a certain correction to string handling.",Released
20180523,CVE-2018-11355,5.3,7.5,1094301,wireshark,https://www.suse.com/security/cve/CVE-2018-11355,"In Wireshark 2.6.0, the RTCP dissector could crash. This was addressed in epan/dissectors/packet-rtcp.c by avoiding a buffer overflow for packet status chunks.",Released
20180523,CVE-2018-11356,5.3,7.5,1094301,wireshark,https://www.suse.com/security/cve/CVE-2018-11356,"In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the DNS dissector could crash. This was addressed in epan/dissectors/packet-dns.c by avoiding a NULL pointer dereference for an empty name in an SRV record.",Released
20180523,CVE-2018-11357,5.3,7.5,1094301,wireshark,https://www.suse.com/security/cve/CVE-2018-11357,"In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the LTP dissector and other dissectors could consume excessive memory. This was addressed in epan/tvbuff.c by rejecting negative lengths.",Released
20180523,CVE-2018-11358,5.3,7.5,1094301,wireshark,https://www.suse.com/security/cve/CVE-2018-11358,"In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the Q.931 dissector could crash. This was addressed in epan/dissectors/packet-q931.c by avoiding a use-after-free after a malformed packet prevented certain cleanup.",Released
20180523,CVE-2018-11359,5.3,7.5,1094301,wireshark,https://www.suse.com/security/cve/CVE-2018-11359,"In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the RRC dissector and other dissectors could crash. This was addressed in epan/proto.c by avoiding a NULL pointer dereference.",Released
20180523,CVE-2018-11360,5.3,7.5,1094301,wireshark,https://www.suse.com/security/cve/CVE-2018-11360,"In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the GSM A DTAP dissector could crash. This was addressed in epan/dissectors/packet-gsm_a_dtap.c by fixing an off-by-one error that caused a buffer overflow.",Released
20180523,CVE-2018-11361,5.3,7.5,1094301,wireshark,https://www.suse.com/security/cve/CVE-2018-11361,"In Wireshark 2.6.0, the IEEE 802.11 protocol dissector could crash. This was addressed in epan/crypt/dot11decrypt.c by avoiding a buffer overflow during FTE processing in Dot11DecryptTDLSDeriveKey.",Released
20180523,CVE-2018-11362,5.3,7.5,1094301,wireshark,https://www.suse.com/security/cve/CVE-2018-11362,"In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the LDSS dissector could crash. This was addressed in epan/dissectors/packet-ldss.c by avoiding a buffer over-read upon encountering a missing '\0' character.",Released
20180528,CVE-2018-11489,4,8.8,1094829,giflib,https://www.suse.com/security/cve/CVE-2018-11489,"The DGifDecompressLine function in dgif_lib.c in GIFLIB (possibly version 3.0.x), as later shipped in cgif.c in sam2p 0.49.4, has a heap-based buffer overflow because a certain CrntCode array index is not checked. This will lead to a denial of service or possibly unspecified other impact.",Unsupported
20180528,CVE-2018-11490,8.8,8.8,1094832,giflib,https://www.suse.com/security/cve/CVE-2018-11490,"The DGifDecompressLine function in dgif_lib.c in GIFLIB (possibly version 3.0.x), as later shipped in cgif.c in sam2p 0.49.4, has a heap-based buffer overflow because a certain \"Private->RunningCode - 2\" array index is not checked. This will lead to a denial of service or possibly unspecified other impact.",Unsupported
20180601,CVE-2018-11645,5.3,5.3,1095610,ghostscript-library,https://www.suse.com/security/cve/CVE-2018-11645,"psi/zfile.c in Artifex Ghostscript before 9.21rc1 permits the status command even if -dSAFER is used, which might allow remote attackers to determine the existence and size of arbitrary files, a similar issue to CVE-2016-7977.",Won't fix
20180604,CVE-2018-10805,3.3,6.5,1095812,ImageMagick,https://www.suse.com/security/cve/CVE-2018-10805,"ImageMagick version 7.0.7-28 contains a memory leak in ReadYCBCRImage in coders/ycbcr.c.",Released
20180604,CVE-2018-11683,5.3,8.8,1095827,liblouis,https://www.suse.com/security/cve/CVE-2018-11683,"Liblouis 3.5.0 has a stack-based Buffer Overflow in the function parseChars in compileTranslationTable.c, a different vulnerability than CVE-2018-11440.",Released
20180604,CVE-2018-11684,5.3,8.8,1095826,liblouis,https://www.suse.com/security/cve/CVE-2018-11684,"Liblouis 3.5.0 has a stack-based Buffer Overflow in the function includeFile in compileTranslationTable.c.",Released
20180604,CVE-2018-11685,5.3,8.8,1095825,liblouis,https://www.suse.com/security/cve/CVE-2018-11685,"Liblouis 3.5.0 has a stack-based Buffer Overflow in the function compileHyphenation in compileTranslationTable.c.",Released
20180606,CVE-2018-11439,3.3,6.5,1096180,taglib,https://www.suse.com/security/cve/CVE-2018-11439,"The TagLib::Ogg::FLAC::File::scan function in oggflacfile.cpp in TagLib 1.11.1 allows remote attackers to cause information disclosure (heap-based buffer over-read) via a crafted audio file.",Affected
20180606,CVE-2018-11806,5,8.2,1096223,kvm,https://www.suse.com/security/cve/CVE-2018-11806,"m_cat in slirp/mbuf.c in Qemu has a heap-based buffer overflow via incoming fragmented datagrams.",Released
20180606,CVE-2018-11806,5,8.2,1096223,xen,https://www.suse.com/security/cve/CVE-2018-11806,"m_cat in slirp/mbuf.c in Qemu has a heap-based buffer overflow via incoming fragmented datagrams.",Already fixed
20180606,CVE-2018-11813,3.3,7.5,1096209,jpeg,https://www.suse.com/security/cve/CVE-2018-11813,"libjpeg 9c has a large loop because read_pixel in rdtarga.c mishandles EOF.",Released
20180607,CVE-2018-3665,4.3,5.6,1087078,kernel-source,https://www.suse.com/security/cve/CVE-2018-3665,"System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially allow a local process to infer data from another process through a speculative execution side channel.",Released
20180607,CVE-2018-3665,4.3,5.6,1087078,xen,https://www.suse.com/security/cve/CVE-2018-3665,"System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially allow a local process to infer data from another process through a speculative execution side channel.",Released
20180607,CVE-2018-4180,7.8,7.8,1096405,cups,https://www.suse.com/security/cve/CVE-2018-4180,"In macOS High Sierra before 10.13.5, an issue existed in CUPS. This issue was addressed with improved access restrictions.",Released
20180607,CVE-2018-4181,3.3,5.5,1096406,cups,https://www.suse.com/security/cve/CVE-2018-4181,"In macOS High Sierra before 10.13.5, an issue existed in CUPS. This issue was addressed with improved access restrictions.",Released
20180607,CVE-2018-4182,7.8,8.2,1096407,cups,https://www.suse.com/security/cve/CVE-2018-4182,"In macOS High Sierra before 10.13.5, an access issue was addressed with additional sandbox restrictions on CUPS.",Released
20180607,CVE-2018-4183,6.7,8.2,1096407,cups,https://www.suse.com/security/cve/CVE-2018-4183,"In macOS High Sierra before 10.13.5, an access issue was addressed with additional sandbox restrictions.",Released
20180607,CVE-2018-5388,6.5,6.5,1094462,strongswan,https://www.suse.com/security/cve/CVE-2018-5388,"In stroke_socket.c in strongSwan before 5.6.3, a missing packet length check could allow a buffer underflow, which may lead to resource exhaustion and denial of service while reading from the socket.",Released
20180607,CVE-2018-5814,5.3,7,1087082,kernel-source,https://www.suse.com/security/cve/CVE-2018-5814,"In the Linux Kernel before version 4.16.11, 4.14.43, 4.9.102, and 4.4.133, multiple race condition errors when handling probe, disconnect, and rebind operations can be exploited to trigger a use-after-free condition or a NULL pointer dereference by sending multiple USB over IP packets.",Released
20180608,CVE-2018-1000204,6.2,5.3,1096728,kernel-source,https://www.suse.com/security/cve/CVE-2018-1000204,"** DISPUTED ** Linux Kernel version 3.18 to 4.16 incorrectly handles an SG_IO ioctl on /dev/sg0 with dxfer_direction=SG_DXFER_FROM_DEV and an empty 6-byte cmdp. This may lead to copying up to 1000 kernel heap pages to the userspace. This has been fixed upstream in https://github.com/torvalds/linux/commit/a45b599ad808c3c982fdcdc12b0b8611c2f92824 already. The problem has limited scope, as users don't usually have permissions to access SCSI devices. On the other hand, e.g. the Nero user manual suggests doing `chmod o+r+w /dev/sg*` to make the devices accessible. NOTE: third parties dispute the relevance of this report, noting that the requirement for an attacker to have both the CAP_SYS_ADMIN and CAP_SYS_RAWIO capabilities makes it \"virtually impossible to exploit.\"",Released
20180608,CVE-2018-12015,3.3,7.5,1096718,perl,https://www.suse.com/security/cve/CVE-2018-12015,"In Perl through 5.26.2, the Archive::Tar module allows remote attackers to bypass a directory-traversal protection mechanism, and overwrite arbitrary files, via an archive file containing a symlink and a regular file with the same name.",Released
20180608,CVE-2018-12020,7.3,7.5,1096745,gpg2,https://www.suse.com/security/cve/CVE-2018-12020,"mainproc.c in GnuPG before 2.2.8 mishandles the original filename during decryption and verification actions, which allows remote attackers to spoof the output that GnuPG sends on file descriptor 2 to other programs that use the \"--status-fd 2\" option. For example, the OpenPGP data might represent an original filename that contains line feed characters in conjunction with GOODSIG or VALIDSIG status codes.",Released
20180611,CVE-2018-10360,3.3,6.5,1096974,file,https://www.suse.com/security/cve/CVE-2018-10360,"The do_core_note function in readelf.c in libmagic.a in file 5.33 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted ELF file.",Unsupported
20180611,CVE-2018-10360,3.3,6.5,1096974,php53,https://www.suse.com/security/cve/CVE-2018-10360,"The do_core_note function in readelf.c in libmagic.a in file 5.33 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted ELF file.",Released
20180612,CVE-2018-0732,5.3,7.5,1077628,openssl,https://www.suse.com/security/cve/CVE-2018-0732,"During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server can send a very large prime value to the client. This will cause the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This could be exploited in a Denial Of Service attack. Fixed in OpenSSL 1.1.0i-dev (Affected 1.1.0-1.1.0h). Fixed in OpenSSL 1.0.2p-dev (Affected 1.0.2-1.0.2o).",Released
20180612,CVE-2018-12085,2.8,8.8,1097103,liblouis,https://www.suse.com/security/cve/CVE-2018-12085,"Liblouis 3.6.0 has a stack-based Buffer Overflow in the function parseChars in compileTranslationTable.c, a different vulnerability than CVE-2018-11440.",Released
20180612,CVE-2018-12085,2.8,8.8,1097103,python-louis,https://www.suse.com/security/cve/CVE-2018-12085,"Liblouis 3.6.0 has a stack-based Buffer Overflow in the function parseChars in compileTranslationTable.c, a different vulnerability than CVE-2018-11440.",Released
20180612,CVE-2018-12233,4.4,7.8,1087082,kernel-source,https://www.suse.com/security/cve/CVE-2018-12233,"In the ea_get function in fs/jfs/xattr.c in the Linux kernel through 4.17.1, a memory corruption bug in JFS can be triggered by calling setxattr twice with two different extended attribute names on the same file. This vulnerability can be triggered by an unprivileged user with the ability to create files and execute programs. A kmalloc call is incorrect, leading to slab-out-of-bounds in jfs_xattr.",Released
20180613,CVE-2018-0495,5.1,4.7,1097410,libgcrypt,https://www.suse.com/security/cve/CVE-2018-0495,"Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.",Won't fix
20180614,CVE-2018-12264,4,8.8,1097600,exiv2,https://www.suse.com/security/cve/CVE-2018-12264,"Exiv2 0.26 has integer overflows in LoaderTiff::getData() in preview.cpp, leading to an out-of-bounds read in Exiv2::ValueType::setDataArea in value.hpp.",Won't fix
20180615,CVE-2018-12434,,4.7,1097779,clamav,https://www.suse.com/security/cve/CVE-2018-12434,"LibreSSL before 2.6.5 and 2.7.x before 2.7.4 allows a memory-cache side-channel attack on DSA and ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover a key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.",Released
20180615,CVE-2018-12437,,4.9,1097783,clamav,https://www.suse.com/security/cve/CVE-2018-12437,"LibTomCrypt through 1.18.1 allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.",Released
20180618,CVE-2018-12422,5.3,9.8,1097964,evolution-data-server,https://www.suse.com/security/cve/CVE-2018-12422,"** DISPUTED ** addressbook/backends/ldap/e-book-backend-ldap.c in Evolution-Data-Server in GNOME Evolution through 3.29.2 might allow attackers to trigger a Buffer Overflow via a long query that is processed by the strcat function. NOTE: the software maintainer disputes this because \"the code had computed the required string length first, and then allocated a large-enough buffer on the heap.\"",Ignore
20180619,CVE-2018-1152,3.3,6.5,1098155,jpeg,https://www.suse.com/security/cve/CVE-2018-1152,"libjpeg-turbo 1.5.90 is vulnerable to a denial of service vulnerability caused by a divide by zero when processing a crafted BMP image.",Released
20180619,CVE-2018-1417,,8.1,1093311,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2018-1417,"Under certain circumstances, a flaw in the J9 JVM (IBM SDK, Java Technology Edition 7.1 and 8.0) allows untrusted code running under a security manager to elevate its privileges. IBM X-Force ID: 138823.",Released
20180621,CVE-2018-12327,4,9.8,1098531,ntp,https://www.suse.com/security/cve/CVE-2018-12327,"Stack-based buffer overflow in ntpq and ntpdc of NTP version 4.2.8p11 allows an attacker to achieve code execution or escalate to higher privileges via a long string as the argument for an IPv4 or IPv6 command-line parameter. NOTE: It is unclear whether there are any common situations in which ntpq or ntpdc is used with a command line from an untrusted source.",Released
20180621,CVE-2018-12599,6.5,8.8,1098546,ImageMagick,https://www.suse.com/security/cve/CVE-2018-12599,"In ImageMagick 7.0.8-3 Q16, ReadBMPImage and WriteBMPImage in coders/bmp.c allow attackers to cause an out of bounds write via a crafted file.",Released
20180621,CVE-2018-12600,6.5,8.8,1098545,ImageMagick,https://www.suse.com/security/cve/CVE-2018-12600,"In ImageMagick 7.0.8-3 Q16, ReadDIBImage and WriteDIBImage in coders/dib.c allow attackers to cause an out of bounds write via a crafted file.",Released
20180622,CVE-2016-10723,3.3,5.5,1098725,kernel-source,https://www.suse.com/security/cve/CVE-2016-10723,"** DISPUTED ** An issue was discovered in the Linux kernel through 4.17.2. Since the page allocator does not yield CPU resources to the owner of the oom_lock mutex, a local unprivileged user can trivially lock up the system forever by wasting CPU resources from the page allocator (e.g., via concurrent page fault events) when the global OOM killer is invoked. NOTE: the software maintainer has not accepted certain proposed patches, in part because of a viewpoint that \"the underlying problem is non-trivial to handle.\"",Analysis
20180622,CVE-2018-12613,,8.8,1098735,kvm,https://www.suse.com/security/cve/CVE-2018-12613,"An issue was discovered in phpMyAdmin 4.8.x before 4.8.2, in which an attacker can include (view and potentially execute) files on the server. The vulnerability comes from a portion of code where pages are redirected and loaded within phpMyAdmin, and an improper test for whitelisted pages. An attacker must be authenticated, except in the \"$cfg['AllowArbitraryServer'] = true\" case (where an attacker can specify any host he/she is already in control of, and execute arbitrary code on phpMyAdmin) and the \"$cfg['ServerDefault'] = 0\" case (which bypasses the login requirement and runs the vulnerable code without any authentication).",Released
20180622,CVE-2018-12613,,8.8,1098735,xen,https://www.suse.com/security/cve/CVE-2018-12613,"An issue was discovered in phpMyAdmin 4.8.x before 4.8.2, in which an attacker can include (view and potentially execute) files on the server. The vulnerability comes from a portion of code where pages are redirected and loaded within phpMyAdmin, and an improper test for whitelisted pages. An attacker must be authenticated, except in the \"$cfg['AllowArbitraryServer'] = true\" case (where an attacker can specify any host he/she is already in control of, and execute arbitrary code on phpMyAdmin) and the \"$cfg['ServerDefault'] = 0\" case (which bypasses the login requirement and runs the vulnerable code without any authentication).",Released
20180622,CVE-2018-12617,6.2,7.5,1098735,kvm,https://www.suse.com/security/cve/CVE-2018-12617,"qmp_guest_file_read in qga/commands-posix.c and qga/commands-win32.c in qemu-ga (aka QEMU Guest Agent) in QEMU 2.12.50 has an integer overflow causing a g_malloc0() call to trigger a segmentation fault when trying to allocate a large memory chunk. The vulnerability can be exploited by sending a crafted QMP command (including guest-file-read with a large count value) to the agent via the listening socket.",Released
20180622,CVE-2018-12617,6.2,7.5,1098735,xen,https://www.suse.com/security/cve/CVE-2018-12617,"qmp_guest_file_read in qga/commands-posix.c and qga/commands-win32.c in qemu-ga (aka QEMU Guest Agent) in QEMU 2.12.50 has an integer overflow causing a g_malloc0() call to trigger a segmentation fault when trying to allocate a large memory chunk. The vulnerability can be exploited by sending a crafted QMP command (including guest-file-read with a large count value) to the agent via the listening socket.",Released
20180622,CVE-2018-12633,,6.3,1098726,kernel-source,https://www.suse.com/security/cve/CVE-2018-12633,"An issue was discovered in the Linux kernel through 4.17.2. vbg_misc_device_ioctl() in drivers/virt/vboxguest/vboxguest_linux.c reads the same user data twice with copy_from_user. The header part of the user data is double-fetched, and a malicious user thread can tamper with the critical variables (hdr.size_in and hdr.size_out) in the header between the two fetches because of a race condition, leading to severe kernel errors, such as buffer over-accesses. This bug can cause a local denial of service and information leakage.",Analysis
20180625,CVE-2018-12641,3.3,5.5,1098937,binutils,https://www.suse.com/security/cve/CVE-2018-12641,"An issue was discovered in arm_pt in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there are recursive stack frames: demangle_arm_hp_template, demangle_class_name, demangle_fund_type, do_type, do_arg, demangle_args, and demangle_nested_args. This can occur during execution of nm-new.",Ignore
20180625,CVE-2018-12697,3.3,7.5,1098940,binutils,https://www.suse.com/security/cve/CVE-2018-12697,"A NULL pointer dereference (aka SEGV on unknown address 0x000000000000) was discovered in work_stuff_copy_to_from in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. This can occur during execution of objdump.",Ignore
20180625,CVE-2018-12698,3.3,7.5,1098943,binutils,https://www.suse.com/security/cve/CVE-2018-12698,"demangle_template in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30, allows attackers to trigger excessive memory consumption (aka OOM) during the \"Create an array for saving the template argument values\" XNEWVEC call. This can occur during execution of objdump.",Ignore
20180625,CVE-2018-12699,3.3,9.8,1098941,binutils,https://www.suse.com/security/cve/CVE-2018-12699,"finish_stab in stabs.c in GNU Binutils 2.30 allows attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact, as demonstrated by an out-of-bounds write of 8 bytes. This can occur during execution of objdump.",Unsupported
20180625,CVE-2018-12700,3.3,7.5,1098939,binutils,https://www.suse.com/security/cve/CVE-2018-12700,"** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.",Ignore
20180625,CVE-2018-12714,,9.8,1098933,kernel-source,https://www.suse.com/security/cve/CVE-2018-12714,"An issue was discovered in the Linux kernel through 4.17.2. The filter parsing in kernel/trace/trace_events_filter.c could be called with no filter, which is an N=0 case when it expected at least one line to have been read, thus making the N-1 index invalid. This allows attackers to cause a denial of service (slab out-of-bounds write) or possibly have unspecified other impact via crafted perf_event_open and mmap system calls.",Analysis
20180626,CVE-2018-12882,6.3,9.8,1099098,php53,https://www.suse.com/security/cve/CVE-2018-12882,"exif_read_from_impl in ext/exif/exif.c in PHP 7.2.x through 7.2.7 allows attackers to trigger a use-after-free (in exif_read_from_file) because it closes a stream that it is not responsible for closing. The vulnerable code is reachable through the PHP exif_read_data function.",Released
20180627,CVE-2018-1000500,7.5,8.1,1099263,busybox,https://www.suse.com/security/cve/CVE-2018-1000500,"Busybox contains a Missing SSL certificate validation vulnerability in The \"busybox wget\" applet that can result in arbitrary code execution. This attack appear to be exploitable via Simply download any file over HTTPS using \"busybox wget https://compromised-domain.com/important-file\".",Ignore
20180627,CVE-2018-1000517,5.6,9.8,1099260,busybox,https://www.suse.com/security/cve/CVE-2018-1000517,"BusyBox project BusyBox wget version prior to commit 8e2174e9bd836e53c8b9c6e00d1bc6e2a718686e contains a Buffer Overflow vulnerability in Busybox wget that can result in heap buffer overflow. This attack appear to be exploitable via network connectivity. This vulnerability appears to have been fixed in after commit 8e2174e9bd836e53c8b9c6e00d1bc6e2a718686e.",Won't fix
20180627,CVE-2018-12891,2.5,6.5,1097521,xen,https://www.suse.com/security/cve/CVE-2018-12891,"An issue was discovered in Xen through 4.10.x. Certain PV MMU operations may take a long time to process. For that reason Xen explicitly checks for the need to preempt the current vCPU at certain points. A few rarely taken code paths did bypass such checks. By suitably enforcing the conditions through its own page table contents, a malicious guest may cause such bypasses to be used for an unbounded number of iterations. A malicious or buggy PV guest may cause a Denial of Service (DoS) affecting the entire host. Specifically, it may prevent use of a physical CPU for an indeterminate period of time. All Xen versions from 3.4 onwards are vulnerable. Xen versions 3.3 and earlier are vulnerable to an even wider class of attacks, due to them lacking preemption checks altogether in the affected code paths. Only x86 systems are affected. ARM systems are not affected. Only multi-vCPU x86 PV guests can leverage the vulnerability. x86 HVM or PVH guests as well as x86 single-vCPU PV ones cannot leverage the vulnerability.",Released
20180627,CVE-2018-12893,5.5,6.5,1097522,xen,https://www.suse.com/security/cve/CVE-2018-12893,"An issue was discovered in Xen through 4.10.x. One of the fixes in XSA-260 added some safety checks to help prevent Xen livelocking with debug exceptions. Unfortunately, due to an oversight, at least one of these safety checks can be triggered by a guest. A malicious PV guest can crash Xen, leading to a Denial of Service. All Xen systems which have applied the XSA-260 fix are vulnerable. Only x86 systems are vulnerable. ARM systems are not vulnerable. Only x86 PV guests can exploit the vulnerability. x86 HVM and PVH guests cannot exploit the vulnerability. An attacker needs to be able to control hardware debugging facilities to exploit the vulnerability, but such permissions are typically available to unprivileged users.",Released
20180627,CVE-2018-12900,3.3,8.8,1099257,tiff,https://www.suse.com/security/cve/CVE-2018-12900,"Heap-based buffer overflow in the cpSeparateBufToContigBuf function in tiffcp.c in LibTIFF 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0beta7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6, 4.0.7, 4.0.8 and 4.0.9 allows remote attackers to cause a denial of service (crash) or possibly have unspecified other impact via a crafted TIFF file.",Released
20180628,CVE-2018-0618,4.4,5.4,1099510,mailman,https://www.suse.com/security/cve/CVE-2018-0618,"Cross-site scripting vulnerability in Mailman 2.1.26 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.",Released
20180628,CVE-2018-10860,4.4,7.5,1099497,perl-Archive-Zip,https://www.suse.com/security/cve/CVE-2018-10860,"perl-archive-zip is vulnerable to a directory traversal in Archive::Zip. It was found that the Archive::Zip module did not properly sanitize paths while extracting zip files. An attacker able to provide a specially crafted archive for processing could use this flaw to write or overwrite arbitrary files in the context of the perl interpreter.",Released
20180629,CVE-2018-12929,5.3,5.5,1099614,kernel-source,https://www.suse.com/security/cve/CVE-2018-12929,"ntfs_read_locked_inode in the ntfs.ko filesystem driver in the Linux kernel 4.15.0 allows attackers to trigger a use-after-free read and possibly cause a denial of service (kernel oops or panic) via a crafted ntfs filesystem.",Analysis
20180629,CVE-2018-12931,,7.8,1099612,kernel-source,https://www.suse.com/security/cve/CVE-2018-12931,"ntfs_attr_find in the ntfs.ko filesystem driver in the Linux kernel 4.15.0 allows attackers to trigger a stack-based out-of-bounds write and cause a denial of service (kernel oops or panic) or possibly have unspecified other impact via a crafted ntfs filesystem.",Analysis
20180629,CVE-2018-12934,5.5,7.5,1099615,binutils,https://www.suse.com/security/cve/CVE-2018-12934,"remember_Ktype in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30, allows attackers to trigger excessive memory consumption (aka OOM). This can occur during execution of cxxfilt.",Unsupported
20180629,CVE-2018-12938,8.6,,1090638,openslp,https://www.suse.com/security/cve/CVE-2018-12938,"** REJECT **  DO NOT USE THIS CANDIDATE NUMBER.  ConsultIDs: CVE-2017-17833.  Reason: This candidate is a duplicate of CVE-2017-17833.  Notes: All CVE users should reference CVE-2017-17833 instead of this candidate.  All references and descriptions in this candidate have been removed to prevent accidental usage.",Released
20180702,CVE-2018-10880,5.6,5.5,1087082,kernel-source,https://www.suse.com/security/cve/CVE-2018-10880,"Linux kernel is vulnerable to a stack-out-of-bounds write in the ext4 filesystem code when mounting and writing to a crafted ext4 image in ext4_update_inline_data(). An attacker could use this to cause a system crash and a denial of service.",Released
20180702,CVE-2018-10880,5.6,5.5,1087082,procps,https://www.suse.com/security/cve/CVE-2018-10880,"Linux kernel is vulnerable to a stack-out-of-bounds write in the ext4 filesystem code when mounting and writing to a crafted ext4 image in ext4_update_inline_data(). An attacker could use this to cause a system crash and a denial of service.",Released
20180702,CVE-2018-10882,5,4.8,1087082,kernel-source,https://www.suse.com/security/cve/CVE-2018-10882,"A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bound write in in fs/jbd2/transaction.c code, a denial of service, and a system crash by unmounting a crafted ext4 filesystem image.",Released
20180703,CVE-2016-8405,,4.7,1099942,kernel-source,https://www.suse.com/security/cve/CVE-2016-8405,"An information disclosure vulnerability in kernel components including the ION subsystem, Binder, USB driver and networking subsystem could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31651010.",Released
20180703,CVE-2018-12896,3.3,5.5,1099922,kernel-source,https://www.suse.com/security/cve/CVE-2018-12896,"An issue was discovered in the Linux kernel through 4.17.3. An Integer Overflow in kernel/time/posix-timers.c in the POSIX timer code is caused by the way the overrun accounting works. Depending on interval and expiry time values, the overrun can be larger than INT_MAX, but the accounting is int based. This basically makes the accounting values, which are visible to user space via timer_getoverrun(2) and siginfo::si_overrun, random. For example, a local user can cause a denial of service (signed integer overflow) via crafted mmap, futex, timer_create, and timer_settime system calls.",Released
20180703,CVE-2018-13033,3.3,5.5,1099929,binutils,https://www.suse.com/security/cve/CVE-2018-13033,"The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted ELF file, as demonstrated by _bfd_elf_parse_attributes in elf-attrs.c and bfd_malloc in libbfd.c. This can occur during execution of nm.",Ignore
20180703,CVE-2018-13053,3.3,3.3,1099924,kernel-source,https://www.suse.com/security/cve/CVE-2018-13053,"The alarm_timer_nsleep function in kernel/time/alarmtimer.c in the Linux kernel through 4.17.3 has an integer overflow via a large relative timeout because ktime_add_safe is not used.",Released
20180704,CVE-2018-10886,5.3,,1100053,ant,https://www.suse.com/security/cve/CVE-2018-10886,"** REJECT **  DO NOT USE THIS CANDIDATE NUMBER.  ConsultIDs: none.  Reason: this candidate is not about any specific product, protocol, or design, that falls into the scope of the assigning CNA. Notes: None.",Released
20180704,CVE-2018-12910,5.3,9.8,1100097,libsoup,https://www.suse.com/security/cve/CVE-2018-12910,"The get_cookies function in soup-cookie-jar.c in libsoup 2.63.2 allows attackers to have unspecified impact via an empty hostname.",Released
20180704,CVE-2018-13096,,5.5,1100062,kernel-source,https://www.suse.com/security/cve/CVE-2018-13096,"An issue was discovered in fs/f2fs/super.c in the Linux kernel through 4.14. A denial of service (out-of-bounds memory access and BUG) can occur upon encountering an abnormal bitmap size when mounting a crafted f2fs image.",Analysis
20180704,CVE-2018-13097,,5.5,1100061,kernel-source,https://www.suse.com/security/cve/CVE-2018-13097,"An issue was discovered in fs/f2fs/super.c in the Linux kernel through 4.17.3. There is an out-of-bounds read or a divide-by-zero error for an incorrect user_block_count in a corrupted f2fs image, leading to a denial of service (BUG).",Analysis
20180704,CVE-2018-13098,,5.5,1100060,kernel-source,https://www.suse.com/security/cve/CVE-2018-13098,"An issue was discovered in fs/f2fs/inode.c in the Linux kernel through 4.17.3. A denial of service (slab out-of-bounds read and BUG) can occur for a modified f2fs filesystem image in which FI_EXTRA_ATTR is set in an inode.",Analysis
20180704,CVE-2018-13099,,5.5,1100059,kernel-source,https://www.suse.com/security/cve/CVE-2018-13099,"An issue was discovered in fs/f2fs/inline.c in the Linux kernel through 4.4. A denial of service (out-of-bounds memory access and BUG) can occur for a modified f2fs filesystem image in which an inline inode contains an invalid reserved blkaddr.",Analysis
20180704,CVE-2018-13100,,5.5,1100056,kernel-source,https://www.suse.com/security/cve/CVE-2018-13100,"An issue was discovered in fs/f2fs/super.c in the Linux kernel through 4.17.3, which does not properly validate secs_per_zone in a corrupted f2fs image, as demonstrated by a divide-by-zero error.",Analysis
20180705,CVE-2018-13153,,6.5,1100175,ImageMagick,https://www.suse.com/security/cve/CVE-2018-13153,"In ImageMagick 7.0.8-4, there is a memory leak in the XMagickCommand function in MagickCore/animate.c.",Ignore
20180706,CVE-2018-13405,4.4,7.8,1087082,kernel-source,https://www.suse.com/security/cve/CVE-2018-13405,"The inode_init_owner function in fs/inode.c in the Linux kernel through 3.16 allows local users to create files with an unintended group ownership, in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of that group. Here, the non-member can trigger creation of a plain file whose group ownership is that group. The intended behavior was that the non-member can trigger creation of a directory (but not a plain file) whose group ownership is that group. The non-member can escalate privileges by making the plain file executable and SGID.",Released
20180706,CVE-2018-13406,5.5,7.8,1098016,kernel-source,https://www.suse.com/security/cve/CVE-2018-13406,"An integer overflow in the uvesafb_setcmap function in drivers/video/fbdev/uvesafb.c in the Linux kernel before 4.17.4 could result in local attackers being able to crash the kernel or potentially elevate privileges because kmalloc_array is not used.",Released
20180707,CVE-2018-3693,7.1,5.6,1087078,kernel-source,https://www.suse.com/security/cve/CVE-2018-3693,"Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a speculative buffer overflow and side-channel analysis.",Ignore
20180716,CVE-2018-10893,7.6,7.6,1101295,spice,https://www.suse.com/security/cve/CVE-2018-10893,"Multiple integer overflow and buffer overflow issues were discovered in spice-client's handling of LZ compressed frames. A malicious server could cause the client to crash or, potentially, execute arbitrary code.",Released
20180716,CVE-2018-13796,4.3,6.5,1101288,mailman,https://www.suse.com/security/cve/CVE-2018-13796,"An issue was discovered in GNU Mailman before 2.1.28. A crafted URL can cause arbitrary text to be displayed on a web page from a trusted site.",Released
20180717,CVE-2018-0360,7.5,5.5,1101410,clamav,https://www.suse.com/security/cve/CVE-2018-0360,"ClamAV before 0.100.1 has an HWP integer overflow with a resultant infinite loop via a crafted Hangul Word Processor file. This is in parsehwp3_paragraph() in libclamav/hwp.c.",Released
20180717,CVE-2018-0361,5.3,3.3,1101410,clamav,https://www.suse.com/security/cve/CVE-2018-0361,"ClamAV before 0.100.1 lacks a PDF object length check, resulting in an unreasonably long time to parse a relatively small file.",Released
20180717,CVE-2018-14326,,8.8,1101415,check,https://www.suse.com/security/cve/CVE-2018-14326,"In MP4v2 2.0.0, there is an integer overflow (with resultant memory corruption) when resizing MP4Array for the ftyp atom in mp4array.h.",Analysis
20180717,CVE-2018-14348,5.1,8.1,1100365,libcgroup1,https://www.suse.com/security/cve/CVE-2018-14348,"libcgroup up to and including 0.41 creates /var/log/cgred with mode 0666 regardless of the configured umask, leading to disclosure of information.",Released
20180718,CVE-2018-14349,6.5,9.8,1101428,mutt,https://www.suse.com/security/cve/CVE-2018-14349,"An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/command.c mishandles a NO response without a message.",Released
20180718,CVE-2018-14350,6.3,9.8,1101428,mutt,https://www.suse.com/security/cve/CVE-2018-14350,"An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/message.c has a stack-based buffer overflow for a FETCH response with a long INTERNALDATE field.",Released
20180718,CVE-2018-14352,6.3,9.8,1101428,mutt,https://www.suse.com/security/cve/CVE-2018-14352,"An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap_quote_string in imap/util.c does not leave room for quote characters, leading to a stack-based buffer overflow.",Released
20180718,CVE-2018-14353,6.3,9.8,1101428,mutt,https://www.suse.com/security/cve/CVE-2018-14353,"An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap_quote_string in imap/util.c has an integer underflow.",Released
20180718,CVE-2018-14354,9.6,9.8,1101428,mutt,https://www.suse.com/security/cve/CVE-2018-14354,"An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. They allow remote IMAP servers to execute arbitrary commands via backquote characters, related to the mailboxes command associated with a manual subscription or unsubscription.",Released
20180718,CVE-2018-14355,5.4,5.3,1101428,mutt,https://www.suse.com/security/cve/CVE-2018-14355,"An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/util.c mishandles \"..\" directory traversal in a mailbox name.",Released
20180718,CVE-2018-14356,5.3,9.8,1101428,mutt,https://www.suse.com/security/cve/CVE-2018-14356,"An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. pop.c mishandles a zero-length UID.",Released
20180718,CVE-2018-14357,7.1,9.8,1101428,mutt,https://www.suse.com/security/cve/CVE-2018-14357,"An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. They allow remote IMAP servers to execute arbitrary commands via backquote characters, related to the mailboxes command associated with an automatic subscription.",Released
20180718,CVE-2018-14358,6.3,9.8,1101428,mutt,https://www.suse.com/security/cve/CVE-2018-14358,"An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/message.c has a stack-based buffer overflow for a FETCH response with a long RFC822.SIZE field.",Released
20180718,CVE-2018-14359,6.3,9.8,1101428,mutt,https://www.suse.com/security/cve/CVE-2018-14359,"An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. They have a buffer overflow via base64 data.",Released
20180718,CVE-2018-14362,8.1,9.8,1101428,mutt,https://www.suse.com/security/cve/CVE-2018-14362,"An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. pop.c does not forbid characters that may have unsafe interaction with message-cache pathnames, as demonstrated by a '/' character.",Released
20180718,CVE-2018-14373,3.3,,1101695,tiff,https://www.suse.com/security/cve/CVE-2018-14373,"** REJECT **  DO NOT USE THIS CANDIDATE NUMBER.  ConsultIDs: none.  Reason: This candidate was withdrawn by its CNA.  Further investigation showed that it was not a security issue.  Notes: none.",Ignore
20180718,CVE-2018-14374,3.3,,1101694,tiff,https://www.suse.com/security/cve/CVE-2018-14374,"** REJECT **  DO NOT USE THIS CANDIDATE NUMBER.  ConsultIDs: none.  Reason: This candidate was withdrawn by its CNA.  Further investigation showed that it was not a security issue.  Notes: none.",Ignore
20180718,CVE-2018-14375,3.3,,1101693,tiff,https://www.suse.com/security/cve/CVE-2018-14375,"** REJECT **  DO NOT USE THIS CANDIDATE NUMBER.  ConsultIDs: none.  Reason: This candidate was withdrawn by its CNA.  Further investigation showed that it was not a security issue.  Notes: none.",Ignore
20180718,CVE-2018-14378,3.3,,1101692,tiff,https://www.suse.com/security/cve/CVE-2018-14378,"** REJECT **  DO NOT USE THIS CANDIDATE NUMBER.  ConsultIDs: none.  Reason: This candidate was withdrawn by its CNA.  Further investigation showed that it was not a security issue.  Notes: none.",Ignore
20180719,CVE-2018-14339,4.3,7.5,1101810,wireshark,https://www.suse.com/security/cve/CVE-2018-14339,"In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the MMSE dissector could go into an infinite loop. This was addressed in epan/proto.c by adding offset and length validation.",Released
20180719,CVE-2018-14340,5.3,7.5,1101804,wireshark,https://www.suse.com/security/cve/CVE-2018-14340,"In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, dissectors that support zlib decompression could crash. This was addressed in epan/tvbuff_zlib.c by rejecting negative lengths to avoid a buffer over-read.",Released
20180719,CVE-2018-14341,5.3,7.5,1101776,wireshark,https://www.suse.com/security/cve/CVE-2018-14341,"In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the DICOM dissector could go into a large or infinite loop. This was addressed in epan/dissectors/packet-dcm.c by preventing an offset overflow.",Released
20180719,CVE-2018-14342,5.3,7.5,1101777,wireshark,https://www.suse.com/security/cve/CVE-2018-14342,"In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the BGP protocol dissector could go into a large loop. This was addressed in epan/dissectors/packet-bgp.c by validating Path Attribute lengths.",Released
20180719,CVE-2018-14343,5.3,7.5,1101786,wireshark,https://www.suse.com/security/cve/CVE-2018-14343,"In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the ASN.1 BER dissector could crash. This was addressed in epan/dissectors/packet-ber.c by ensuring that length values do not exceed the maximum signed integer.",Released
20180719,CVE-2018-14344,5.3,7.5,1101788,wireshark,https://www.suse.com/security/cve/CVE-2018-14344,"In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the ISMP dissector could crash. This was addressed in epan/dissectors/packet-ismp.c by validating the IPX address length to avoid a buffer over-read.",Released
20180719,CVE-2018-14367,5.3,7.5,1101791,wireshark,https://www.suse.com/security/cve/CVE-2018-14367,"In Wireshark 2.6.0 to 2.6.1 and 2.4.0 to 2.4.7, the CoAP protocol dissector could crash. This was addressed in epan/dissectors/packet-coap.c by properly checking for a NULL condition.",Released
20180719,CVE-2018-14368,5.3,7.5,1101794,wireshark,https://www.suse.com/security/cve/CVE-2018-14368,"In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the Bazaar protocol dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-bzr.c by properly handling items that are too long.",Released
20180719,CVE-2018-14369,5.3,7.5,1101800,wireshark,https://www.suse.com/security/cve/CVE-2018-14369,"In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the HTTP2 dissector could crash. This was addressed in epan/dissectors/packet-http2.c by verifying that header data was found before proceeding to header decompression.",Released
20180719,CVE-2018-14370,5.3,7.5,1101802,wireshark,https://www.suse.com/security/cve/CVE-2018-14370,"In Wireshark 2.6.0 to 2.6.1 and 2.4.0 to 2.4.7, the IEEE 802.11 protocol dissector could crash. This was addressed in epan/crypt/airpdcap.c via bounds checking that prevents a buffer over-read.",Released
20180719,CVE-2018-5389,6.7,5.9,1101792,strongswan,https://www.suse.com/security/cve/CVE-2018-5389,"The Internet Key Exchange v1 main mode is vulnerable to offline dictionary or brute force attacks. Reusing a key pair across different versions and modes of IKE could lead to cross-protocol authentication bypasses. It is well known, that the aggressive mode of IKEv1 PSK is vulnerable to offline dictionary or brute force attacks. For the main mode, however, only an online attack against PSK authentication was thought to be feasible. This vulnerability could allow an attacker to recover a weak Pre-Shared Key or enable the impersonation of a victim host or network.",Released
20180720,CVE-2018-10906,5.3,7.8,1101797,fuse,https://www.suse.com/security/cve/CVE-2018-10906,"In fuse before versions 2.9.8 and 3.x before 3.2.5, fusermount is vulnerable to a restriction bypass when SELinux is active. This allows non-root users to mount a FUSE file system with the 'allow_other' mount option regardless of whether 'user_allow_other' is set in the fuse configuration. An attacker may use this flaw to mount a FUSE file system, accessible by other users, and trick them into accessing files on that file system, possibly causing Denial of Service or other unspecified effects.",Released
20180720,CVE-2018-14404,5.3,7.5,1102046,libxml2,https://www.suse.com/security/cve/CVE-2018-14404,"A NULL pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval() function of libxml2 through 2.9.8 when parsing an invalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR case. Applications processing untrusted XSL format inputs with the use of the libxml2 library may be vulnerable to a denial of service attack due to a crash of the application.",Released
20180720,CVE-2018-14404,5.3,7.5,1102046,libxml2-python,https://www.suse.com/security/cve/CVE-2018-14404,"A NULL pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval() function of libxml2 through 2.9.8 when parsing an invalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR case. Applications processing untrusted XSL format inputs with the use of the libxml2 library may be vulnerable to a denial of service attack due to a crash of the application.",Released
20180720,CVE-2018-14434,3.3,6.5,1102003,ImageMagick,https://www.suse.com/security/cve/CVE-2018-14434,"ImageMagick 7.0.8-4 has a memory leak for a colormap in WriteMPCImage in coders/mpc.c.",Released
20180720,CVE-2018-14435,3.3,6.5,1102007,ImageMagick,https://www.suse.com/security/cve/CVE-2018-14435,"ImageMagick 7.0.8-4 has a memory leak in DecodeImage in coders/pcd.c.",Released
20180720,CVE-2018-14436,3.3,6.5,1102005,ImageMagick,https://www.suse.com/security/cve/CVE-2018-14436,"ImageMagick 7.0.8-4 has a memory leak in ReadMIFFImage in coders/miff.c.",Released
20180720,CVE-2018-14437,3.3,6.5,1102004,ImageMagick,https://www.suse.com/security/cve/CVE-2018-14437,"ImageMagick 7.0.8-4 has a memory leak in parse8BIM in coders/meta.c.",Released
20180724,CVE-2018-5390,7.5,7.5,1087082,kernel-source,https://www.suse.com/security/cve/CVE-2018-5390,"Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service.",Released
20180725,CVE-2018-13988,5.3,6.5,1102531,poppler,https://www.suse.com/security/cve/CVE-2018-13988,"Poppler through 0.62 contains an out of bounds read vulnerability due to an incorrect memory access that is not mapped in its memory space, as demonstrated by pdfunite. This can result in memory corruption and denial of service. This may be exploitable when a victim opens a specially crafted PDF file.",Affected
20180727,CVE-2015-9261,5.5,5.5,1102912,busybox,https://www.suse.com/security/cve/CVE-2015-9261,"huft_build in archival/libarchive/decompress_gunzip.c in BusyBox before 1.27.2 misuses a pointer, causing segfaults and an application crash during an unzip operation on a specially crafted ZIP file.",Ignore
20180727,CVE-2017-18344,7.1,5.5,1087082,kernel-bigmem,https://www.suse.com/security/cve/CVE-2017-18344,"The timer_create syscall implementation in kernel/time/posix-timers.c in the Linux kernel before 4.14.8 doesn't properly validate the sigevent->sigev_notify field, which leads to out-of-bounds access in the show_timer function (called when /proc/$PID/timers is read). This allows userspace applications to read arbitrary kernel memory (on a kernel built with CONFIG_POSIX_TIMERS and CONFIG_CHECKPOINT_RESTORE).",Released
20180727,CVE-2017-18344,7.1,5.5,1087082,kernel-default,https://www.suse.com/security/cve/CVE-2017-18344,"The timer_create syscall implementation in kernel/time/posix-timers.c in the Linux kernel before 4.14.8 doesn't properly validate the sigevent->sigev_notify field, which leads to out-of-bounds access in the show_timer function (called when /proc/$PID/timers is read). This allows userspace applications to read arbitrary kernel memory (on a kernel built with CONFIG_POSIX_TIMERS and CONFIG_CHECKPOINT_RESTORE).",Released
20180727,CVE-2017-18344,7.1,5.5,1087082,kernel-ec2,https://www.suse.com/security/cve/CVE-2017-18344,"The timer_create syscall implementation in kernel/time/posix-timers.c in the Linux kernel before 4.14.8 doesn't properly validate the sigevent->sigev_notify field, which leads to out-of-bounds access in the show_timer function (called when /proc/$PID/timers is read). This allows userspace applications to read arbitrary kernel memory (on a kernel built with CONFIG_POSIX_TIMERS and CONFIG_CHECKPOINT_RESTORE).",Released
20180727,CVE-2017-18344,7.1,5.5,1087082,kernel-pae,https://www.suse.com/security/cve/CVE-2017-18344,"The timer_create syscall implementation in kernel/time/posix-timers.c in the Linux kernel before 4.14.8 doesn't properly validate the sigevent->sigev_notify field, which leads to out-of-bounds access in the show_timer function (called when /proc/$PID/timers is read). This allows userspace applications to read arbitrary kernel memory (on a kernel built with CONFIG_POSIX_TIMERS and CONFIG_CHECKPOINT_RESTORE).",Released
20180727,CVE-2017-18344,7.1,5.5,1087082,kernel-ppc64,https://www.suse.com/security/cve/CVE-2017-18344,"The timer_create syscall implementation in kernel/time/posix-timers.c in the Linux kernel before 4.14.8 doesn't properly validate the sigevent->sigev_notify field, which leads to out-of-bounds access in the show_timer function (called when /proc/$PID/timers is read). This allows userspace applications to read arbitrary kernel memory (on a kernel built with CONFIG_POSIX_TIMERS and CONFIG_CHECKPOINT_RESTORE).",Released
20180727,CVE-2017-18344,7.1,5.5,1087082,kernel-source,https://www.suse.com/security/cve/CVE-2017-18344,"The timer_create syscall implementation in kernel/time/posix-timers.c in the Linux kernel before 4.14.8 doesn't properly validate the sigevent->sigev_notify field, which leads to out-of-bounds access in the show_timer function (called when /proc/$PID/timers is read). This allows userspace applications to read arbitrary kernel memory (on a kernel built with CONFIG_POSIX_TIMERS and CONFIG_CHECKPOINT_RESTORE).",Released
20180727,CVE-2017-18344,7.1,5.5,1087082,kernel-syms,https://www.suse.com/security/cve/CVE-2017-18344,"The timer_create syscall implementation in kernel/time/posix-timers.c in the Linux kernel before 4.14.8 doesn't properly validate the sigevent->sigev_notify field, which leads to out-of-bounds access in the show_timer function (called when /proc/$PID/timers is read). This allows userspace applications to read arbitrary kernel memory (on a kernel built with CONFIG_POSIX_TIMERS and CONFIG_CHECKPOINT_RESTORE).",Released
20180727,CVE-2017-18344,7.1,5.5,1087082,kernel-trace,https://www.suse.com/security/cve/CVE-2017-18344,"The timer_create syscall implementation in kernel/time/posix-timers.c in the Linux kernel before 4.14.8 doesn't properly validate the sigevent->sigev_notify field, which leads to out-of-bounds access in the show_timer function (called when /proc/$PID/timers is read). This allows userspace applications to read arbitrary kernel memory (on a kernel built with CONFIG_POSIX_TIMERS and CONFIG_CHECKPOINT_RESTORE).",Released
20180727,CVE-2017-18344,7.1,5.5,1087082,kernel-xen,https://www.suse.com/security/cve/CVE-2017-18344,"The timer_create syscall implementation in kernel/time/posix-timers.c in the Linux kernel before 4.14.8 doesn't properly validate the sigevent->sigev_notify field, which leads to out-of-bounds access in the show_timer function (called when /proc/$PID/timers is read). This allows userspace applications to read arbitrary kernel memory (on a kernel built with CONFIG_POSIX_TIMERS and CONFIG_CHECKPOINT_RESTORE).",Released
20180727,CVE-2018-14598,6.5,7.5,1102073,xorg-x11-libX11,https://www.suse.com/security/cve/CVE-2018-14598,"An issue was discovered in XListExtensions in ListExt.c in libX11 through 1.6.5. A malicious server can send a reply in which the first string overflows, causing a variable to be set to NULL that will be freed later on, leading to DoS (segmentation fault).",Released
20180727,CVE-2018-14599,6.5,9.8,1102062,xorg-x11-libX11,https://www.suse.com/security/cve/CVE-2018-14599,"An issue was discovered in libX11 through 1.6.5. The function XListExtensions in ListExt.c is vulnerable to an off-by-one error caused by malicious server responses, leading to DoS or possibly unspecified other impact.",Released
20180727,CVE-2018-14600,8.8,9.8,1102068,xorg-x11-libX11,https://www.suse.com/security/cve/CVE-2018-14600,"An issue was discovered in libX11 through 1.6.5. The function XListExtensions in ListExt.c interprets a variable as signed instead of unsigned, resulting in an out-of-bounds write (of up to 128 bytes), leading to DoS or remote code execution.",Released
20180727,CVE-2018-14614,,5.5,1102864,kernel-source,https://www.suse.com/security/cve/CVE-2018-14614,"An issue was discovered in the Linux kernel through 4.17.10. There is an out-of-bounds access in __remove_dirty_segment() in fs/f2fs/segment.c when mounting an f2fs image.",Analysis
20180727,CVE-2018-14615,,5.5,1102865,kernel-source,https://www.suse.com/security/cve/CVE-2018-14615,"An issue was discovered in the Linux kernel through 4.17.10. There is a buffer overflow in truncate_inline_inode() in fs/f2fs/inline.c when umounting an f2fs image, because a length value may be negative.",Analysis
20180727,CVE-2018-14616,,5.5,1102862,kernel-source,https://www.suse.com/security/cve/CVE-2018-14616,"An issue was discovered in the Linux kernel through 4.17.10. There is a NULL pointer dereference in fscrypt_do_page_crypto() in fs/crypto/crypto.c when operating on a file in a corrupted f2fs image.",Analysis
20180727,CVE-2018-14617,5.5,5.5,1102870,kernel-source,https://www.suse.com/security/cve/CVE-2018-14617,"An issue was discovered in the Linux kernel through 4.17.10. There is a NULL pointer dereference and panic in hfsplus_lookup() in fs/hfsplus/dir.c when opening a file (that is purportedly a hard link) in an hfs+ filesystem that has malformed catalog data, and is mounted read-only without a metadata directory.",Released
20180730,CVE-2018-14679,4.4,6.5,1102922,clamav,https://www.suse.com/security/cve/CVE-2018-14679,"An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the CHM PMGI/PMGL chunk number validity checks, which could lead to denial of service (uninitialized data dereference and application crash).",Released
20180730,CVE-2018-14680,4.4,6.5,1102922,clamav,https://www.suse.com/security/cve/CVE-2018-14680,"An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. It does not reject blank CHM filenames.",Released
20180730,CVE-2018-14681,4.4,8.8,1102922,clamav,https://www.suse.com/security/cve/CVE-2018-14681,"An issue was discovered in kwajd_read_headers in mspack/kwajd.c in libmspack before 0.7alpha. Bad KWAJ file header extensions could cause a one or two byte overwrite.",Released
20180730,CVE-2018-14682,4.4,8.8,1102922,clamav,https://www.suse.com/security/cve/CVE-2018-14682,"An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the TOLOWER() macro for CHM decompression.",Released
20180730,CVE-2018-14734,7,7.8,1103119,kernel-source,https://www.suse.com/security/cve/CVE-2018-14734,"drivers/infiniband/core/ucma.c in the Linux kernel through 4.17.11 allows ucma_leave_multicast to access a certain data structure after a cleanup step in ucma_process_join, which allows attackers to cause a denial of service (use-after-free).",Released
20180801,CVE-2018-10858,5.9,8.8,1103411,samba-doc,https://www.suse.com/security/cve/CVE-2018-10858,"A heap-buffer overflow was found in the way samba clients processed extra long filename in a directory listing. A malicious samba server could use this flaw to cause arbitrary code execution on a samba client. Samba versions before 4.6.16, 4.7.9 and 4.8.4 are vulnerable.",Released
20180801,CVE-2018-10858,5.9,8.8,1103411,samba,https://www.suse.com/security/cve/CVE-2018-10858,"A heap-buffer overflow was found in the way samba clients processed extra long filename in a directory listing. A malicious samba server could use this flaw to cause arbitrary code execution on a samba client. Samba versions before 4.6.16, 4.7.9 and 4.8.4 are vulnerable.",Released
20180801,CVE-2018-8019,5.9,7.4,1103348,libtcnative-1-0,https://www.suse.com/security/cve/CVE-2018-8019,"When using an OCSP responder Apache Tomcat Native 1.2.0 to 1.2.16 and 1.1.23 to 1.1.34 did not correctly handle invalid responses. This allowed for revoked client certificates to be incorrectly identified. It was therefore possible for users to authenticate with revoked certificates when using mutual TLS. Users not using OCSP checks are not affected by this vulnerability.",Released
20180801,CVE-2018-8020,7.1,7.4,1103347,libtcnative-1-0,https://www.suse.com/security/cve/CVE-2018-8020,"Apache Tomcat Native 1.2.0 to 1.2.16 and 1.1.23 to 1.1.34 has a flaw that does not properly check OCSP pre-produced responses, which are lists (multiple entries) of certificate statuses. Subsequently, revoked client certificates may not be properly identified, allowing for users to authenticate with revoked certificates to connections that require mutual TLS. Users not using OCSP checks are not affected by this vulnerability.",Released
20180802,CVE-2015-9262,4.4,9.8,1103511,xorg-x11-libs,https://www.suse.com/security/cve/CVE-2015-9262,"_XcursorThemeInherits in library.c in libXcursor before 1.1.15 allows remote attackers to cause denial of service or potentially code execution via a one-byte heap overflow.",Released
20180803,CVE-2018-14851,3.7,5.5,1103659,php53,https://www.suse.com/security/cve/CVE-2018-14851,"exif_process_IFD_in_MAKERNOTE in ext/exif/exif.c in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG file.",Released
20180803,CVE-2018-8032,5.4,6.1,1103658,axis,https://www.suse.com/security/cve/CVE-2018-8032,"Apache Axis 1.x up to and including 1.4 is vulnerable to a cross-site scripting (XSS) attack in the default servlet/services.",Released
20180806,CVE-2014-10072,5.3,,1082975,zsh,https://www.suse.com/security/cve/CVE-2014-10072,"In utils.c in zsh before 5.0.6, there is a buffer overflow when scanning very long directory paths for symbolic links.",Released
20180806,CVE-2018-14883,4.8,7.5,1103836,php53,https://www.suse.com/security/cve/CVE-2018-14883,"An issue was discovered in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8. An Integer Overflow leads to a heap-based buffer over-read in exif_thumbnail_extract of exif.c.",Released
20180808,CVE-2018-10915,8.5,7.5,1104199,postgresql94,https://www.suse.com/security/cve/CVE-2018-10915,"A vulnerability was found in libpq, the default PostgreSQL client library where libpq failed to properly reset its internal state between connections. If an affected version of libpq was used with \"host\" or \"hostaddr\" connection parameters from untrusted input, attackers could bypass client-side connection security features, obtain access to higher privileged connections or potentially cause other impact through SQL injection, by causing the PQescape() functions to malfunction. Postgresql versions before 10.5, 9.6.10, 9.5.14, 9.4.19, and 9.3.24 are affected.",Released
20180808,CVE-2018-10915,8.5,7.5,1104199,postgresql94-libs,https://www.suse.com/security/cve/CVE-2018-10915,"A vulnerability was found in libpq, the default PostgreSQL client library where libpq failed to properly reset its internal state between connections. If an affected version of libpq was used with \"host\" or \"hostaddr\" connection parameters from untrusted input, attackers could bypass client-side connection security features, obtain access to higher privileged connections or potentially cause other impact through SQL injection, by causing the PQescape() functions to malfunction. Postgresql versions before 10.5, 9.6.10, 9.5.14, 9.4.19, and 9.3.24 are affected.",Released
20180808,CVE-2018-10925,7.1,8.1,1104202,postgresql94,https://www.suse.com/security/cve/CVE-2018-10925,"It was discovered that PostgreSQL versions before 10.5, 9.6.10, 9.5.14, 9.4.19, and 9.3.24 failed to properly check authorization on certain statements involved with \"INSERT ... ON CONFLICT DO UPDATE\". An attacker with \"CREATE TABLE\" privileges could exploit this to read arbitrary bytes server memory. If the attacker also had certain \"INSERT\" and limited \"UPDATE\" privileges to a particular table, they could exploit this to update other columns in the same table.",Affected
20180808,CVE-2018-14526,5.9,6.5,1104205,wpa_supplicant,https://www.suse.com/security/cve/CVE-2018-14526,"An issue was discovered in rsn_supp/wpa.c in wpa_supplicant 2.0 through 2.6. Under certain conditions, the integrity of EAPOL-Key messages is not checked, leading to a decryption oracle. An attacker within range of the Access Point and client can abuse the vulnerability to recover sensitive information.",Affected
20180808,CVE-2018-15173,5.5,7.5,1104139,nmap,https://www.suse.com/security/cve/CVE-2018-15173,"Nmap through 7.70, when the -sV option is used, allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted TCP-based service.",Released
20180808,CVE-2018-5740,7.5,7.5,1104129,bind,https://www.suse.com/security/cve/CVE-2018-5740,"\"deny-answer-aliases\" is a little-used feature intended to help recursive server operators protect end users against DNS rebinding attacks, a potential method of circumventing the security model used by client browsers. However, a defect in this feature makes it easy, when the feature is in use, to experience an assertion failure in name.c. Affects BIND 9.7.0->9.8.8, 9.9.0->9.9.13, 9.10.0->9.10.8, 9.11.0->9.11.4, 9.12.0->9.12.2, 9.13.0->9.13.2.",Released
20180808,CVE-2018-5953,3.3,5.5,1104131,kernel-source,https://www.suse.com/security/cve/CVE-2018-5953,"The swiotlb_print_info function in lib/swiotlb.c in the Linux kernel through 4.14.14 allows local users to obtain sensitive address information by reading dmesg data from a \"software IO TLB\" printk call.",Ignore
20180808,CVE-2018-5995,3.3,5.5,1104130,kernel-source,https://www.suse.com/security/cve/CVE-2018-5995,"The pcpu_embed_first_chunk function in mm/percpu.c in the Linux kernel through 4.14.14 allows local users to obtain sensitive address information by reading dmesg data from a \"pages/cpu\" printk call.",Ignore
20180810,CVE-2018-10873,8.8,8.8,1104448,spice,https://www.suse.com/security/cve/CVE-2018-10873,"A vulnerability was discovered in SPICE before version 0.14.1 where the generated code used for demarshalling messages lacked sufficient bounds checks. A malicious client or server, after authentication, could send specially crafted messages to its peer which would result in a crash or, potentially, other impacts.",Released
20180813,CVE-2018-10932,4.3,4.3,1104624,lldpad,https://www.suse.com/security/cve/CVE-2018-10932,"lldptool version 1.0.1 and older can print a raw, unsanitized attacker controlled buffer when mngAddr information is displayed. This may allow an attacker to inject shell control characters into the buffer and impact the behavior of the terminal.",Unsupported
20180813,CVE-2018-7754,4,5.5,1104622,kernel-source,https://www.suse.com/security/cve/CVE-2018-7754,"The aoedisk_debugfs_show function in drivers/block/aoe/aoeblk.c in the Linux kernel through 4.16.4rc4 allows local users to obtain sensitive address information by reading \"ffree: \" lines in a debugfs file.",Analysis
20180814,CVE-2016-4975,3.9,6.1,1104826,apache2,https://www.suse.com/security/cve/CVE-2016-4975,"Possible CRLF injection allowing HTTP response splitting attacks for sites which use mod_userdir. This issue was mitigated by changes made in 2.4.25 and 2.2.32 which prohibit CR or LF injection into the \"Location\" or other outbound header key or value. Fixed in Apache HTTP Server 2.4.25 (Affected 2.4.1-2.4.23). Fixed in Apache HTTP Server 2.2.32 (Affected 2.2.0-2.2.31).",Already fixed
20180815,CVE-2018-10901,7.8,7.8,1104936,kernel-source,https://www.suse.com/security/cve/CVE-2018-10901,"A flaw was found in Linux kernel's KVM virtualization subsystem. The VMX code does not restore the GDT.LIMIT to the previous host value, but instead sets it to 64KB. With a corrupted GDT limit a host's userspace code has an ability to place malicious entries in the GDT, particularly to the per-cpu variables. An attacker can use this to escalate their privileges.",Already fixed
20180816,CVE-2018-12115,7.8,7.5,1105019,firefox-atk,https://www.suse.com/security/cve/CVE-2018-12115,"In all versions of Node.js prior to 6.14.4, 8.11.4 and 10.9.0 when used with UCS-2 encoding (recognized by Node.js under the names `'ucs2'`, `'ucs-2'`, `'utf16le'` and `'utf-16le'`), `Buffer#write()` can be abused to write outside of the bounds of a single `Buffer`. Writes that start from the second-to-last position of a buffer cause a miscalculation of the maximum length of the input bytes to be written.",Released
20180816,CVE-2018-12115,7.8,7.5,1105019,firefox-cairo,https://www.suse.com/security/cve/CVE-2018-12115,"In all versions of Node.js prior to 6.14.4, 8.11.4 and 10.9.0 when used with UCS-2 encoding (recognized by Node.js under the names `'ucs2'`, `'ucs-2'`, `'utf16le'` and `'utf-16le'`), `Buffer#write()` can be abused to write outside of the bounds of a single `Buffer`. Writes that start from the second-to-last position of a buffer cause a miscalculation of the maximum length of the input bytes to be written.",Released
20180816,CVE-2018-12115,7.8,7.5,1105019,firefox-gcc8,https://www.suse.com/security/cve/CVE-2018-12115,"In all versions of Node.js prior to 6.14.4, 8.11.4 and 10.9.0 when used with UCS-2 encoding (recognized by Node.js under the names `'ucs2'`, `'ucs-2'`, `'utf16le'` and `'utf-16le'`), `Buffer#write()` can be abused to write outside of the bounds of a single `Buffer`. Writes that start from the second-to-last position of a buffer cause a miscalculation of the maximum length of the input bytes to be written.",Released
20180816,CVE-2018-12115,7.8,7.5,1105019,firefox-gdk-pixbuf,https://www.suse.com/security/cve/CVE-2018-12115,"In all versions of Node.js prior to 6.14.4, 8.11.4 and 10.9.0 when used with UCS-2 encoding (recognized by Node.js under the names `'ucs2'`, `'ucs-2'`, `'utf16le'` and `'utf-16le'`), `Buffer#write()` can be abused to write outside of the bounds of a single `Buffer`. Writes that start from the second-to-last position of a buffer cause a miscalculation of the maximum length of the input bytes to be written.",Released
20180816,CVE-2018-12115,7.8,7.5,1105019,firefox-glib2,https://www.suse.com/security/cve/CVE-2018-12115,"In all versions of Node.js prior to 6.14.4, 8.11.4 and 10.9.0 when used with UCS-2 encoding (recognized by Node.js under the names `'ucs2'`, `'ucs-2'`, `'utf16le'` and `'utf-16le'`), `Buffer#write()` can be abused to write outside of the bounds of a single `Buffer`. Writes that start from the second-to-last position of a buffer cause a miscalculation of the maximum length of the input bytes to be written.",Released
20180816,CVE-2018-12115,7.8,7.5,1105019,firefox-gtk3,https://www.suse.com/security/cve/CVE-2018-12115,"In all versions of Node.js prior to 6.14.4, 8.11.4 and 10.9.0 when used with UCS-2 encoding (recognized by Node.js under the names `'ucs2'`, `'ucs-2'`, `'utf16le'` and `'utf-16le'`), `Buffer#write()` can be abused to write outside of the bounds of a single `Buffer`. Writes that start from the second-to-last position of a buffer cause a miscalculation of the maximum length of the input bytes to be written.",Released
20180816,CVE-2018-12115,7.8,7.5,1105019,firefox-harfbuzz,https://www.suse.com/security/cve/CVE-2018-12115,"In all versions of Node.js prior to 6.14.4, 8.11.4 and 10.9.0 when used with UCS-2 encoding (recognized by Node.js under the names `'ucs2'`, `'ucs-2'`, `'utf16le'` and `'utf-16le'`), `Buffer#write()` can be abused to write outside of the bounds of a single `Buffer`. Writes that start from the second-to-last position of a buffer cause a miscalculation of the maximum length of the input bytes to be written.",Released
20180816,CVE-2018-12115,7.8,7.5,1105019,firefox-libffi-gcc5,https://www.suse.com/security/cve/CVE-2018-12115,"In all versions of Node.js prior to 6.14.4, 8.11.4 and 10.9.0 when used with UCS-2 encoding (recognized by Node.js under the names `'ucs2'`, `'ucs-2'`, `'utf16le'` and `'utf-16le'`), `Buffer#write()` can be abused to write outside of the bounds of a single `Buffer`. Writes that start from the second-to-last position of a buffer cause a miscalculation of the maximum length of the input bytes to be written.",Released
20180816,CVE-2018-12115,7.8,7.5,1105019,firefox-libffi,https://www.suse.com/security/cve/CVE-2018-12115,"In all versions of Node.js prior to 6.14.4, 8.11.4 and 10.9.0 when used with UCS-2 encoding (recognized by Node.js under the names `'ucs2'`, `'ucs-2'`, `'utf16le'` and `'utf-16le'`), `Buffer#write()` can be abused to write outside of the bounds of a single `Buffer`. Writes that start from the second-to-last position of a buffer cause a miscalculation of the maximum length of the input bytes to be written.",Released
20180816,CVE-2018-12115,7.8,7.5,1105019,firefox-pango,https://www.suse.com/security/cve/CVE-2018-12115,"In all versions of Node.js prior to 6.14.4, 8.11.4 and 10.9.0 when used with UCS-2 encoding (recognized by Node.js under the names `'ucs2'`, `'ucs-2'`, `'utf16le'` and `'utf-16le'`), `Buffer#write()` can be abused to write outside of the bounds of a single `Buffer`. Writes that start from the second-to-last position of a buffer cause a miscalculation of the maximum length of the input bytes to be written.",Released
20180817,CVE-2018-15473,5.3,5.3,1105010,openssh,https://www.suse.com/security/cve/CVE-2018-15473,"OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c.",Released
20180820,CVE-2018-10902,7,7.8,1105322,kernel-source,https://www.suse.com/security/cve/CVE-2018-10902,"It was found that the raw midi kernel driver does not protect against concurrent access which leads to a double realloc (double free) in snd_rawmidi_input_params() and snd_rawmidi_output_status() which are part of snd_rawmidi_ioctl() handler in rawmidi.c file. A malicious local attacker could possibly use this for privilege escalation.",Released
20180820,CVE-2018-15572,4.7,6.5,1102517,kernel-source,https://www.suse.com/security/cve/CVE-2018-15572,"The spectre_v2_select_mitigation function in arch/x86/kernel/cpu/bugs.c in the Linux kernel before 4.18.1 does not always fill RSB upon a context switch, which makes it easier for attackers to conduct userspace-userspace spectreRSB attacks.",Released
20180820,CVE-2018-15594,5.5,5.5,1105348,kernel-source,https://www.suse.com/security/cve/CVE-2018-15594,"arch/x86/kernel/paravirt.c in the Linux kernel before 4.18.1 mishandles certain indirect calls, which makes it easier for attackers to conduct Spectre-v2 attacks against paravirtual guests.",Released
20180821,CVE-2017-9118,5.3,7.5,1105466,php53,https://www.suse.com/security/cve/CVE-2017-9118,"PHP 7.1.5 has an Out of bounds access in php_pcre_replace_impl via a crafted preg_replace call.",Released
20180821,CVE-2018-1000654,6.2,5.5,1105435,libtasn1,https://www.suse.com/security/cve/CVE-2018-1000654,"GNU Libtasn1-4.13 libtasn1-4.13 version libtasn1-4.13, libtasn1-4.12 contains a DoS, specifically CPU usage will reach 100% when running asn1Paser against the POC due to an issue in _asn1_expand_object_id(p_tree), after a long time, the program will be killed. This attack appears to be exploitable via parsing a crafted file.",Released
20180821,CVE-2018-10846,5.3,5.6,1105460,gnutls,https://www.suse.com/security/cve/CVE-2018-10846,"A cache-based side channel in GnuTLS implementation that leads to plain text recovery in cross-VM attack setting was found. An attacker could use a combination of \"Just in Time\" Prime+probe attack in combination with Lucky-13 attack to recover plain text using crafted packets.",Released
20180822,CVE-2018-15607,5.5,6.5,1105594,ImageMagick,https://www.suse.com/security/cve/CVE-2018-15607,"In ImageMagick 7.0.8-11 Q16, a tiny input file 0x50 0x36 0x36 0x36 0x36 0x4c 0x36 0x38 0x36 0x36 0x36 0x36 0x36 0x36 0x1f 0x35 0x50 0x00 can result in a hang of several minutes during which CPU and memory resources are consumed until ultimately an attempted large memory allocation fails. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted file.",Ignore
20180828,CVE-2018-14618,5.5,9.8,1106019,curl,https://www.suse.com/security/cve/CVE-2018-14618,"curl before version 7.61.1 is vulnerable to a buffer overrun in the NTLM authentication code. The internal function Curl_ntlm_core_mk_nt_hash multiplies the length of the password by two (SUM) to figure out how large temporary storage area to allocate from the heap. The length value is then subsequently used to iterate over the password and generate output into the allocated storage buffer. On systems with a 32 bit size_t, the math to calculate SUM triggers an integer overflow when the password length exceeds 2GB (2^31 bytes). This integer overflow usually causes a very small buffer to actually get allocated instead of the intended very huge one, making the use of that buffer end up in a heap buffer overflow. (This bug is almost identical to CVE-2017-8816.)",Released
20180828,CVE-2018-15746,5.3,5.5,1106222,kvm,https://www.suse.com/security/cve/CVE-2018-15746,"qemu-seccomp.c in QEMU might allow local OS guest users to cause a denial of service (guest crash) by leveraging mishandling of the seccomp policy for threads other than the main thread.",Released
20180828,CVE-2018-15908,7.3,7.8,1105464,ghostscript-library,https://www.suse.com/security/cve/CVE-2018-15908,"In Artifex Ghostscript 9.23 before 2018-08-23, attackers are able to supply malicious PostScript files to bypass .tempfile restrictions and write files.",Already fixed
20180828,CVE-2018-15909,7.3,7.8,1105464,ghostscript-library,https://www.suse.com/security/cve/CVE-2018-15909,"In Artifex Ghostscript 9.23 before 2018-08-24, a type confusion using the .shfill operator could be used by attackers able to supply crafted PostScript files to crash the interpreter or potentially execute code.",Already fixed
20180828,CVE-2018-15910,7.3,7.8,1105464,ghostscript-library,https://www.suse.com/security/cve/CVE-2018-15910,"In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use a type confusion in the LockDistillerParams parameter to crash the interpreter or execute code.",Released
20180828,CVE-2018-15919,5.3,5.3,1105010,openssh,https://www.suse.com/security/cve/CVE-2018-15919,"Remotely observable behaviour in auth-gss2.c in OpenSSH through 7.8 could be used by remote attackers to detect existence of users on a target system when GSS2 is in use. NOTE: the discoverer states 'We understand that the OpenSSH developers do not want to treat such a username enumeration (or \"oracle\") as a vulnerability.'",Ignore
20180829,CVE-2018-16062,5.4,5.5,1106390,elfutils,https://www.suse.com/security/cve/CVE-2018-16062,"dwarf_getaranges in dwarf_getaranges.c in libdw in elfutils before 2018-08-18 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file.",Released
20180830,CVE-2015-9265,5.3,,1106517,libtirpc,https://www.suse.com/security/cve/CVE-2015-9265,"** REJECT **  DO NOT USE THIS CANDIDATE NUMBER.  ConsultIDs: CVE-2018-14622.  Reason: This candidate is a reservation duplicate of CVE-2018-14622.  Notes: All CVE users should reference CVE-2018-14622 instead of this candidate.  All references and descriptions in this candidate have been removed to prevent accidental usage.",Released
20180830,CVE-2018-10936,8.1,8.1,1106539,postgresql-jdbc,https://www.suse.com/security/cve/CVE-2018-10936,"A weakness was found in postgresql-jdbc before version 42.2.5. It was possible to provide an SSL Factory and not check the host name if a host name verifier was not provided to the driver. This could lead to a condition where a man-in-the-middle attacker could masquerade as a trusted server by providing a certificate for the wrong host, as long as it was signed by a trusted CA.",Ignore
20180830,CVE-2018-14621,5.3,7.5,1106519,libtirpc,https://www.suse.com/security/cve/CVE-2018-14621,"An infinite loop vulnerability was found in libtirpc before version 1.0.2-rc2. With the port to using poll rather than select, exhaustion of file descriptors would cause the server to enter an infinite loop, consuming a large amount of CPU time and denying service to other clients until restarted.",Released
20180830,CVE-2018-14622,5.3,7.5,1106517,libtirpc,https://www.suse.com/security/cve/CVE-2018-14622,"A null-pointer dereference vulnerability was found in libtirpc before version 0.3.3-rc3. The return value of makefd_xprt() was not checked in all instances, which could lead to a crash when the server exhausted the maximum number of available file descriptors. A remote attacker could cause an rpc-based application to crash by flooding it with new connections.",Released
20180830,CVE-2018-16056,7.1,7.5,1106514,wireshark,https://www.suse.com/security/cve/CVE-2018-16056,"In Wireshark 2.6.0 to 2.6.2, 2.4.0 to 2.4.8, and 2.2.0 to 2.2.16, the Bluetooth Attribute Protocol dissector could crash. This was addressed in epan/dissectors/packet-btatt.c by verifying that a dissector for a specific UUID exists.",Released
20180830,CVE-2018-16057,7.1,7.5,1106514,wireshark,https://www.suse.com/security/cve/CVE-2018-16057,"In Wireshark 2.6.0 to 2.6.2, 2.4.0 to 2.4.8, and 2.2.0 to 2.2.16, the Radiotap dissector could crash. This was addressed in epan/dissectors/packet-ieee80211-radiotap-iter.c by validating iterator operations.",Released
20180830,CVE-2018-16058,7.1,7.5,1106514,wireshark,https://www.suse.com/security/cve/CVE-2018-16058,"In Wireshark 2.6.0 to 2.6.2, 2.4.0 to 2.4.8, and 2.2.0 to 2.2.16, the Bluetooth AVDTP dissector could crash. This was addressed in epan/dissectors/packet-btavdtp.c by properly initializing a data structure.",Released
20180830,CVE-2018-16140,3.3,7.8,1106531,transfig,https://www.suse.com/security/cve/CVE-2018-16140,"A buffer underwrite vulnerability in get_line() (read.c) in fig2dev 3.2.7a allows an attacker to write prior to the beginning of the buffer via a crafted .fig file.",Released
20180830,CVE-2018-6554,3.3,5.5,1106509,kernel-source,https://www.suse.com/security/cve/CVE-2018-6554,"Memory leak in the irda_bind function in net/irda/af_irda.c and later in drivers/staging/irda/net/af_irda.c in the Linux kernel before 4.17 allows local users to cause a denial of service (memory consumption) by repeatedly binding an AF_IRDA socket.",Released
20180830,CVE-2018-6555,4.4,7.8,1106509,kernel-source,https://www.suse.com/security/cve/CVE-2018-6555,"The irda_setsockopt function in net/irda/af_irda.c and later in drivers/staging/irda/net/af_irda.c in the Linux kernel before 4.17 allows local users to cause a denial of service (ias_object use-after-free and system crash) or possibly have unspecified other impact via an AF_IRDA socket.",Released
20180831,CVE-2018-16276,7.3,7.8,1106095,kernel-source,https://www.suse.com/security/cve/CVE-2018-16276,"An issue was discovered in yurex_read in drivers/usb/misc/yurex.c in the Linux kernel before 4.17.7. Local attackers could use user access read/writes with incorrect bounds checking in the yurex USB driver to crash the kernel or potentially escalate privileges.",Released
20180903,CVE-2018-12384,4.8,5.9,1106873,mozilla-nss,https://www.suse.com/security/cve/CVE-2018-12384,"When handling a SSLv2-compatible ClientHello request, the server doesn't generate a new random value but sends an all-zero value instead. This results in full malleability of the ClientHello for SSLv2 used for TLS 1.2 in all versions prior to NSS 3.39. This does not impact TLS 1.3.",Already fixed
20180903,CVE-2018-16323,4,6.5,1106855,ImageMagick,https://www.suse.com/security/cve/CVE-2018-16323,"ReadXBMImage in coders/xbm.c in ImageMagick before 7.0.8-9 leaves data uninitialized when processing an XBM file that has a negative pixel value. If the affected code is used as a library loaded into a process that includes sensitive information, that information sometimes can be leaked via the image data.",Released
20180903,CVE-2018-16329,4,9.8,1106858,ImageMagick,https://www.suse.com/security/cve/CVE-2018-16329,"In ImageMagick before 7.0.8-8, a NULL pointer dereference exists in the GetMagickProperty function in MagickCore/property.c.",Ignore
20180903,CVE-2018-16335,4.4,8.8,1106853,tiff,https://www.suse.com/security/cve/CVE-2018-16335,"newoffsets handling in ChopUpSingleUncompressedStrip in tif_dirread.c in LibTIFF 4.0.9 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file, as demonstrated by tiff2pdf. This is a different vulnerability than CVE-2018-15209.",Released
20180904,CVE-2018-16391,4.6,6.8,1106998,opensc,https://www.suse.com/security/cve/CVE-2018-16391,"Several buffer overflows when handling responses from a Muscle Card in muscle_list_files in libopensc/card-muscle.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.",Released
20180904,CVE-2018-16392,4.6,6.8,1106999,opensc,https://www.suse.com/security/cve/CVE-2018-16392,"Several buffer overflows when handling responses from a TCOS Card in tcos_select_file in libopensc/card-tcos.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.",Released
20180904,CVE-2018-16403,3.3,5.5,1107067,elfutils,https://www.suse.com/security/cve/CVE-2018-16403,"libdw in elfutils 0.173 checks the end of the attributes list incorrectly in dwarf_getabbrev in dwarf_getabbrev.c and dwarf_hasattr in dwarf_hasattr.c, leading to a heap-based buffer over-read and an application crash.",Released
20180904,CVE-2018-16412,3.3,8.8,1106989,ImageMagick,https://www.suse.com/security/cve/CVE-2018-16412,"ImageMagick 7.0.8-11 Q16 has a heap-based buffer over-read in the coders/psd.c ParseImageResourceBlocks function.",Released
20180904,CVE-2018-16413,3.3,8.8,1106989,ImageMagick,https://www.suse.com/security/cve/CVE-2018-16413,"ImageMagick 7.0.8-11 Q16 has a heap-based buffer over-read in the MagickCore/quantum-private.h PushShortPixel function when called from the coders/psd.c ParseImageResourceBlocks function.",Released
20180904,CVE-2018-16418,4.6,6.6,1107039,opensc,https://www.suse.com/security/cve/CVE-2018-16418,"A buffer overflow when handling string concatenation in util_acl_to_str in tools/util.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.",Released
20180904,CVE-2018-16419,4.3,6.6,1107107,opensc,https://www.suse.com/security/cve/CVE-2018-16419,"Several buffer overflows when handling responses from a Cryptoflex card in read_public_key in tools/cryptoflex-tool.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.",Released
20180904,CVE-2018-16422,4.6,6.6,1107038,opensc,https://www.suse.com/security/cve/CVE-2018-16422,"A single byte buffer overflow when handling responses from an esteid Card in sc_pkcs15emu_esteid_init in libopensc/pkcs15-esteid.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.",Released
20180904,CVE-2018-16423,4.6,6.6,1107037,opensc,https://www.suse.com/security/cve/CVE-2018-16423,"A double free when handling responses from a smartcard in sc_file_set_sec_attr in libopensc/sc.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.",Released
20180904,CVE-2018-16427,4.6,4.3,1107033,opensc,https://www.suse.com/security/cve/CVE-2018-16427,"Various out of bounds reads when handling responses in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to potentially crash the opensc library using programs.",Released
20180904,CVE-2018-16428,4,9.8,1107121,glib2,https://www.suse.com/security/cve/CVE-2018-16428,"In GNOME GLib 2.56.1, g_markup_parse_context_end_parse() in gmarkup.c has a NULL pointer dereference.",Released
20180904,CVE-2018-16429,4,7.5,1107116,glib2,https://www.suse.com/security/cve/CVE-2018-16429,"GNOME GLib 2.56.1 has an out-of-bounds read vulnerability in g_markup_parse_context_parse() in gmarkup.c, related to utf8_str().",Released
20180905,CVE-2018-0502,7.3,9.8,1107296,zsh,https://www.suse.com/security/cve/CVE-2018-0502,"An issue was discovered in zsh before 5.6. The beginning of a #! script file was mishandled, potentially leading to an execve call to a program named on the second line.",Released
20180905,CVE-2018-13259,7.3,9.8,1107294,zsh,https://www.suse.com/security/cve/CVE-2018-13259,"An issue was discovered in zsh before 5.6. Shebang lines exceeding 64 characters were truncated, potentially leading to an execve call to a program name that is a substring of the intended one.",Released
20180906,CVE-2018-16509,7.3,7.8,1107410,ghostscript-library,https://www.suse.com/security/cve/CVE-2018-16509,"An issue was discovered in Artifex Ghostscript before 9.24. Incorrect \"restoration of privilege\" checking during handling of /invalidaccess exceptions could be used by attackers able to supply crafted PostScript to execute code using the \"pipe\" instruction.",Released
20180906,CVE-2018-16511,7.1,7.8,1107426,ghostscript-library,https://www.suse.com/security/cve/CVE-2018-16511,"An issue was discovered in Artifex Ghostscript before 9.24. A type confusion in \"ztype\" could be used by remote attackers able to supply crafted PostScript to crash the interpreter or possibly have unspecified other impact.",Released
20180906,CVE-2018-16513,7.3,7.8,1107412,ghostscript-library,https://www.suse.com/security/cve/CVE-2018-16513,"In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use a type confusion in the setcolor function to crash the interpreter or possibly have unspecified other impact.",Released
20180906,CVE-2018-16539,5.3,5.5,1107422,ghostscript-library,https://www.suse.com/security/cve/CVE-2018-16539,"In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use incorrect access checking in temp file handling to disclose contents of files on the system otherwise not readable.",Already fixed
20180906,CVE-2018-16540,7.3,7.8,1107420,ghostscript-library,https://www.suse.com/security/cve/CVE-2018-16540,"In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files to the builtin PDF14 converter could use a use-after-free in copydevice handling to crash the interpreter or possibly have unspecified other impact.",Released
20180906,CVE-2018-16541,7.3,5.5,1107421,ghostscript-library,https://www.suse.com/security/cve/CVE-2018-16541,"In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use incorrect free logic in pagedevice replacement to crash the interpreter.",Released
20180906,CVE-2018-16542,7.3,5.5,1107413,ghostscript-library,https://www.suse.com/security/cve/CVE-2018-16542,"In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use insufficient interpreter stack-size checking during error handling to crash the interpreter.",Released
20180906,CVE-2018-16543,7.3,7.8,1107423,ghostscript-library,https://www.suse.com/security/cve/CVE-2018-16543,"In Artifex Ghostscript before 9.24, gssetresolution and gsgetresolution allow attackers to have an unspecified impact.",Unsupported
20180907,CVE-2018-16585,3.3,7.8,1107581,ghostscript-library,https://www.suse.com/security/cve/CVE-2018-16585,"** DISPUTED ** An issue was discovered in Artifex Ghostscript before 9.24. The .setdistillerkeys PostScript command is accepted even though it is not intended for use during document processing (e.g., after the startup phase). This leads to memory corruption, allowing remote attackers able to supply crafted PostScript to crash the interpreter or possibly have unspecified other impact. Note: A reputable source believes that the CVE is potentially a duplicate of CVE-2018-15910 as explained in Red Hat bugzilla (https://bugzilla.redhat.com/show_bug.cgi?id=1626193).",Already fixed
20180907,CVE-2018-16640,3.3,6.5,1107619,ImageMagick,https://www.suse.com/security/cve/CVE-2018-16640,"ImageMagick 7.0.8-5 has a memory leak vulnerability in the function ReadOneJNGImage in coders/png.c.",Affected
20180907,CVE-2018-16642,4.4,6.5,1107616,ImageMagick,https://www.suse.com/security/cve/CVE-2018-16642,"The function InsertRow in coders/cut.c in ImageMagick 7.0.7-37 allows remote attackers to cause a denial of service via a crafted image file due to an out-of-bounds write.",Released
20180907,CVE-2018-16643,3.3,6.5,1107612,ImageMagick,https://www.suse.com/security/cve/CVE-2018-16643,"The functions ReadDCMImage in coders/dcm.c, ReadPWPImage in coders/pwp.c, ReadCALSImage in coders/cals.c, and ReadPICTImage in coders/pict.c in ImageMagick 7.0.8-4 do not check the return value of the fputc function, which allows remote attackers to cause a denial of service via a crafted image file.",Released
20180907,CVE-2018-16644,3.3,6.5,1107609,ImageMagick,https://www.suse.com/security/cve/CVE-2018-16644,"There is a missing check for length in the functions ReadDCMImage of coders/dcm.c and ReadPICTImage of coders/pict.c in ImageMagick 7.0.8-11, which allows remote attackers to cause a denial of service via a crafted image.",Released
20180907,CVE-2018-16645,3.3,6.5,1107604,ImageMagick,https://www.suse.com/security/cve/CVE-2018-16645,"There is an excessive memory allocation issue in the functions ReadBMPImage of coders/bmp.c and ReadDIBImage of coders/dib.c in ImageMagick 7.0.8-11, which allows remote attackers to cause a denial of service via a crafted image file.",Released
20180907,CVE-2018-16646,3.3,6.5,1107597,poppler,https://www.suse.com/security/cve/CVE-2018-16646,"In Poppler 0.68.0, the Parser::getObj() function in Parser.cc may cause infinite recursion via a crafted file. A remote attacker can leverage this for a DoS attack.",Affected
20180907,CVE-2018-16658,4,6.1,1092903,kernel-source,https://www.suse.com/security/cve/CVE-2018-16658,"An issue was discovered in the Linux kernel before 4.18.6. An information leak in cdrom_ioctl_drive_status in drivers/cdrom/cdrom.c could be used by local attackers to read kernel memory because a cast from unsigned long to int interferes with bounds checking. This is similar to CVE-2018-10940.",Released
20180910,CVE-2018-14633,8.8,7,1107829,kernel-source,https://www.suse.com/security/cve/CVE-2018-14633,"A security flaw was found in the chap_server_compute_md5() function in the ISCSI target code in the Linux kernel in a way an authentication request from an ISCSI initiator is processed. An unauthenticated remote attacker can cause a stack buffer overflow and smash up to 17 bytes of the stack. The attack requires the iSCSI target to be enabled on the victim host. Depending on how the target's code was built (i.e. depending on a compiler, compile flags and hardware architecture) an attack may lead to a system crash and thus to a denial-of-service or possibly to a non-authorized access to data exported by an iSCSI target. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is highly unlikely. Kernel versions 4.18.x, 4.14.x and 3.10.x are believed to be vulnerable.",Released
20180910,CVE-2018-16151,4.8,7.5,1107874,strongswan,https://www.suse.com/security/cve/CVE-2018-16151,"In verify_emsa_pkcs1_signature() in gmp_rsa_public_key.c in the gmp plugin in strongSwan 4.x and 5.x before 5.7.0, the RSA implementation based on GMP does not reject excess data after the encoded algorithm OID during PKCS#1 v1.5 signature verification. Similar to the flaw in the same version of strongSwan regarding digestAlgorithm.parameters, a remote attacker can forge signatures when small public exponents are being used, which could lead to impersonation when only an RSA signature is used for IKEv2 authentication.",Released
20180910,CVE-2018-16152,4.8,7.5,1107874,strongswan,https://www.suse.com/security/cve/CVE-2018-16152,"In verify_emsa_pkcs1_signature() in gmp_rsa_public_key.c in the gmp plugin in strongSwan 4.x and 5.x before 5.7.0, the RSA implementation based on GMP does not reject excess data in the digestAlgorithm.parameters field during PKCS#1 v1.5 signature verification. Consequently, a remote attacker can forge signatures when small public exponents are being used, which could lead to impersonation when only an RSA signature is used for IKEv2 authentication. This is a variant of CVE-2006-4790 and CVE-2014-1568.",Released
20180911,CVE-2018-16802,8.8,7.8,1107410,ghostscript-library,https://www.suse.com/security/cve/CVE-2018-16802,"An issue was discovered in Artifex Ghostscript before 9.25. Incorrect \"restoration of privilege\" checking when running out of stack during exception handling could be used by attackers able to supply crafted PostScript to execute code using the \"pipe\" instruction. This is due to an incomplete fix for CVE-2018-16509.",Already fixed
20180913,CVE-2018-16393,4.3,6.8,1108318,opensc,https://www.suse.com/security/cve/CVE-2018-16393,"Several buffer overflows when handling responses from a Gemsafe V1 Smartcard in gemsafe_get_cert_len in libopensc/pkcs15-gemsafeV1.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.",Released
20180913,CVE-2018-16749,2.8,6.5,1108282,ImageMagick,https://www.suse.com/security/cve/CVE-2018-16749,"In ImageMagick 7.0.7-29 and earlier, a missing NULL check in ReadOneJNGImage in coders/png.c allows an attacker to cause a denial of service (WriteBlob assertion failure and application exit) via a crafted file.",Released
20180913,CVE-2018-16750,3.3,6.5,1108283,ImageMagick,https://www.suse.com/security/cve/CVE-2018-16750,"In ImageMagick 7.0.7-29 and earlier, a memory leak in the formatIPTCfromBuffer function in coders/meta.c was found.",Released
20180914,CVE-2018-9516,6.7,7.8,1108498,kernel-source,https://www.suse.com/security/cve/CVE-2018-9516,"In hid_debug_events_read of drivers/hid/hid-debug.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-71361580.",Released
20180914,CVE-2018-9517,2.5,6.7,1108488,kernel-bigmem,https://www.suse.com/security/cve/CVE-2018-9517,"In pppol2tp_connect, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-38159931.",Released
20180914,CVE-2018-9517,2.5,6.7,1108488,kernel-default,https://www.suse.com/security/cve/CVE-2018-9517,"In pppol2tp_connect, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-38159931.",Released
20180914,CVE-2018-9517,2.5,6.7,1108488,kernel-ec2,https://www.suse.com/security/cve/CVE-2018-9517,"In pppol2tp_connect, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-38159931.",Released
20180914,CVE-2018-9517,2.5,6.7,1108488,kernel-pae,https://www.suse.com/security/cve/CVE-2018-9517,"In pppol2tp_connect, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-38159931.",Released
20180914,CVE-2018-9517,2.5,6.7,1108488,kernel-ppc64,https://www.suse.com/security/cve/CVE-2018-9517,"In pppol2tp_connect, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-38159931.",Released
20180914,CVE-2018-9517,2.5,6.7,1108488,kernel-source,https://www.suse.com/security/cve/CVE-2018-9517,"In pppol2tp_connect, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-38159931.",Released
20180914,CVE-2018-9517,2.5,6.7,1108488,kernel-syms,https://www.suse.com/security/cve/CVE-2018-9517,"In pppol2tp_connect, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-38159931.",Released
20180914,CVE-2018-9517,2.5,6.7,1108488,kernel-trace,https://www.suse.com/security/cve/CVE-2018-9517,"In pppol2tp_connect, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-38159931.",Released
20180914,CVE-2018-9517,2.5,6.7,1108488,kernel-xen,https://www.suse.com/security/cve/CVE-2018-9517,"In pppol2tp_connect, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-38159931.",Released
20180917,CVE-2018-17100,3.3,8.8,1108637,tiff,https://www.suse.com/security/cve/CVE-2018-17100,"An issue was discovered in LibTIFF 4.0.9. There is a int32 overflow in multiply_ms in tools/ppm2tiff.c, which can cause a denial of service (crash) or possibly have unspecified other impact via a crafted image file.",Released
20180917,CVE-2018-17101,4.4,8.8,1108627,tiff,https://www.suse.com/security/cve/CVE-2018-17101,"An issue was discovered in LibTIFF 4.0.9. There are two out-of-bounds writes in cpTags in tools/tiff2bw.c and tools/pal2rgb.c, which can cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image file.",Released
20180918,CVE-2017-15705,7.5,5.3,1108745,spamassassin,https://www.suse.com/security/cve/CVE-2017-15705,"A denial of service vulnerability was identified that exists in Apache SpamAssassin before 3.4.2. The vulnerability arises with certain unclosed tags in emails that cause markup to be handled incorrectly leading to scan timeouts. In Apache SpamAssassin, using HTML::Parser, we setup an object and hook into the begin and end tag event handlers In both cases, the \"open\" event is immediately followed by a \"close\" event - even if the tag *does not* close in the HTML being parsed. Because of this, we are missing the \"text\" event to deal with the object normally. This can cause carefully crafted emails that might take more scan time than expected leading to a Denial of Service. The issue is possibly a bug or design decision in HTML::Parser that specifically impacts the way Apache SpamAssassin uses the module with poorly formed html. The exploit has been seen in the wild but not believed to have been purposefully part of a Denial of Service attempt. We are concerned that there may be attempts to abuse the vulnerability in the future.",Released
20180918,CVE-2018-11781,7.8,7.8,1108748,spamassassin,https://www.suse.com/security/cve/CVE-2018-11781,"Apache SpamAssassin 3.4.2 fixes a local user code injection in the meta rule syntax.",Released
20180918,CVE-2018-16741,7.3,7.8,1108752,mgetty,https://www.suse.com/security/cve/CVE-2018-16741,"An issue was discovered in mgetty before 1.2.1. In fax/faxq-helper.c, the function do_activate() does not properly sanitize shell metacharacters to prevent command injection. It is possible to use the ||, &&, or > characters within a file created by the \"faxq-helper activate <jobid>\" command.",Released
20180918,CVE-2018-16742,2.9,7.8,1108762,mgetty,https://www.suse.com/security/cve/CVE-2018-16742,"An issue was discovered in mgetty before 1.2.1. In contrib/scrts.c, a stack-based buffer overflow can be triggered via a command-line parameter.",Released
20180918,CVE-2018-16743,2.9,7.8,1108761,mgetty,https://www.suse.com/security/cve/CVE-2018-16743,"An issue was discovered in mgetty before 1.2.1. In contrib/next-login/login.c, the command-line parameter username is passed unsanitized to strcpy(), which can cause a stack-based buffer overflow.",Released
20180918,CVE-2018-16744,2.9,7.8,1108757,mgetty,https://www.suse.com/security/cve/CVE-2018-16744,"An issue was discovered in mgetty before 1.2.1. In fax_notify_mail() in faxrec.c, the mail_to parameter is not sanitized. It could allow for command injection if untrusted input can reach it, because popen is used.",Released
20180918,CVE-2018-16745,2.9,7.8,1108756,mgetty,https://www.suse.com/security/cve/CVE-2018-16745,"An issue was discovered in mgetty before 1.2.1. In fax_notify_mail() in faxrec.c, the mail_to parameter is not sanitized. It could allow a buffer overflow if long untrusted input can reach it.",Released
20180918,CVE-2018-17082,6.1,6.1,1108753,php53,https://www.suse.com/security/cve/CVE-2018-17082,"The Apache2 component in PHP before 5.6.38, 7.0.x before 7.0.32, 7.1.x before 7.1.22, and 7.2.x before 7.2.10 allows XSS via the body of a \"Transfer-Encoding: chunked\" request, because the bucket brigade is mishandled in the php_handler function in sapi/apache2handler/sapi_apache2.c.",Released
20180919,CVE-2018-14634,7.8,7.8,1108912,kernel-source,https://www.suse.com/security/cve/CVE-2018-14634,"An integer overflow flaw was found in the Linux kernel's create_elf_tables() function. An unprivileged local user with access to SUID (or otherwise privileged) binary could use this flaw to escalate their privileges on the system. Kernel versions 2.6.x, 3.10.x and 4.14.x are believed to be vulnerable.",Released
20180920,CVE-2018-5741,6.5,6.5,1109160,bind,https://www.suse.com/security/cve/CVE-2018-5741,"To provide fine-grained controls over the ability to use Dynamic DNS (DDNS) to update records in a zone, BIND 9 provides a feature called update-policy. Various rules can be configured to limit the types of updates that can be performed by a client, depending on the key used when sending the update request. Unfortunately, some rule types were not initially documented, and when documentation for them was added to the Administrator Reference Manual (ARM) in change #3112, the language that was added to the ARM at that time incorrectly described the behavior of two rule types, krb5-subdomain and ms-subdomain. This incorrect documentation could mislead operators into believing that policies they had configured were more restrictive than they actually were. This affects BIND versions prior to BIND 9.11.5 and BIND 9.12.3.",Released
20180921,CVE-2018-17294,3.3,6.5,1109319,liblouis,https://www.suse.com/security/cve/CVE-2018-17294,"The matchCurrentInput function inside lou_translateString.c of Liblouis prior to 3.7 does not check the input string's length, allowing attackers to cause a denial of service (application crash via out-of-bounds read) by crafting an input file with certain translation dictionaries.",Released
20180924,CVE-2018-17360,4,5.5,1109414,binutils,https://www.suse.com/security/cve/CVE-2018-17360,"An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. a heap-based buffer over-read in bfd_getl32 in libbfd.c allows an attacker to cause a denial of service through a crafted PE file. This vulnerability can be triggered by the executable objdump.",Unsupported
20180925,CVE-2018-1000802,5.3,9.8,1109663,python,https://www.suse.com/security/cve/CVE-2018-1000802,"Python Software Foundation Python (CPython) version 2.7 contains a CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in shutil module (make_archive function) that can result in Denial of service, Information gain via injection of arbitrary files on the system or entire drive. This attack appear to be exploitable via Passage of unfiltered user input to the function. This vulnerability appears to have been fixed in after commit add531a1e55b0a739b0f42582f1c9747e5649ace.",Unsupported
20180926,CVE-2018-14647,5.3,7.5,1109847,python,https://www.suse.com/security/cve/CVE-2018-14647,"Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. This could make it easy to conduct denial of service attacks against Expat by constructing an XML document that would cause pathological hash collisions in Expat's internal data structures, consuming large amounts CPU and RAM. The vulnerability exists in Python versions 3.7.0, 3.6.0 through 3.6.6, 3.5.0 through 3.5.6, 3.4.0 through 3.4.9, 2.7.0 through 2.7.15.",Released
20180926,CVE-2018-17540,7,7.5,1107874,strongswan,https://www.suse.com/security/cve/CVE-2018-17540,"The gmp plugin in strongSwan before 5.7.1 has a Buffer Overflow via a crafted certificate.",Released
20180929,CVE-2018-17182,7,7.8,1108399,kernel-source,https://www.suse.com/security/cve/CVE-2018-17182,"An issue was discovered in the Linux kernel through 4.18.8. The vmacache_flush_all function in mm/vmacache.c mishandles sequence number overflows. An attacker can trigger a use-after-free (and possibly gain privileges) via certain thread creation, map, unmap, invalidation, and dereference operations.",Released
20181001,CVE-2018-17581,3.3,6.5,1110282,exiv2,https://www.suse.com/security/cve/CVE-2018-17581,"CiffDirectory::readDirectory() at crwimage_int.cpp in Exiv2 0.26 has excessive stack consumption due to a recursive function, leading to Denial of service.",Affected
20181001,CVE-2018-17794,3.3,6.5,1110275,binutils,https://www.suse.com/security/cve/CVE-2018-17794,"An issue was discovered in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31. There is a NULL pointer dereference in work_stuff_copy_to_from when called from iterate_demangle_function.",Ignore
20181001,CVE-2018-17795,7.8,8.8,1046077,tiff,https://www.suse.com/security/cve/CVE-2018-17795,"The function t2p_write_pdf in tiff2pdf.c in LibTIFF 4.0.9 and earlier allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file, a similar issue to CVE-2017-9935.",Released
20181002,CVE-2017-16340,-1,-1,1102922,clamav,https://www.suse.com/security/cve/CVE-2017-16340,"An attacker could send an authenticated HTTP request to trigger this vulnerability in Insteon Hub running firmware version 1012. At 0x9d01c0e8 the value for the s_dport key is copied using strcpy to the buffer at 0xa000180c. This buffer is 6 bytes large, sending anything longer will cause a buffer overflow.",Released
20181004,CVE-2018-14656,,7,1110710,kernel-source,https://www.suse.com/security/cve/CVE-2018-14656,"A missing address check in the callers of the show_opcodes() in the Linux kernel allows an attacker to dump the kernel memory at an arbitrary kernel address into the dmesg log.",Analysis
20181004,CVE-2018-15378,7.5,5.5,1110723,clamav,https://www.suse.com/security/cve/CVE-2018-15378,"A vulnerability in ClamAV versions prior to 0.100.2 could allow an attacker to cause a denial of service (DoS) condition. The vulnerability is due to an error related to the MEW unpacker within the \"unmew11()\" function (libclamav/mew.c), which can be exploited to trigger an invalid read memory access via a specially crafted EXE file.",Released
20181004,CVE-2018-17965,3.3,6.5,1110747,ImageMagick,https://www.suse.com/security/cve/CVE-2018-17965,"ImageMagick 7.0.7-28 has a memory leak vulnerability in WriteSGIImage in coders/sgi.c.",Released
20181004,CVE-2018-17966,3.3,6.5,1110746,ImageMagick,https://www.suse.com/security/cve/CVE-2018-17966,"ImageMagick 7.0.7-28 has a memory leak vulnerability in WritePDBImage in coders/pdb.c.",Released
20181004,CVE-2018-17972,,5.5,1110785,kernel-source,https://www.suse.com/security/cve/CVE-2018-17972,"An issue was discovered in the proc_pid_stack function in fs/proc/base.c in the Linux kernel through 4.18.11. It does not ensure that only root may inspect the kernel stack of an arbitrary task, allowing a local attacker to exploit racy stack unwinding and leak kernel task stack contents.",Released
20181005,CVE-2018-10839,6.5,6.5,1110910,kvm,https://www.suse.com/security/cve/CVE-2018-10839,"Qemu emulator <= 3.0.0 built with the NE2000 NIC emulation support is vulnerable to an integer overflow, which could lead to buffer overflow issue. It could occur when receiving packets over the network. A user inside guest could use this flaw to crash the Qemu process resulting in DoS.",Released
20181005,CVE-2018-10839,6.5,6.5,1110910,xen,https://www.suse.com/security/cve/CVE-2018-10839,"Qemu emulator <= 3.0.0 built with the NE2000 NIC emulation support is vulnerable to an integer overflow, which could lead to buffer overflow issue. It could occur when receiving packets over the network. A user inside guest could use this flaw to crash the Qemu process resulting in DoS.",Released
20181005,CVE-2018-11784,6.1,4.3,1110850,tomcat6,https://www.suse.com/security/cve/CVE-2018-11784,"When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33 and 7.0.23 to 7.0.90 returned a redirect to a directory (e.g. redirecting to '/foo/' when the user requested '/foo') a specially crafted URL could be used to cause the redirect to be generated to any URI of the attackers choice.",Released
20181008,CVE-2018-17958,6.5,7.5,1111006,kvm,https://www.suse.com/security/cve/CVE-2018-17958,"Qemu has a Buffer Overflow in rtl8139_do_receive in hw/net/rtl8139.c because an incorrect integer data type is used.",Released
20181008,CVE-2018-17958,6.5,7.5,1111006,xen,https://www.suse.com/security/cve/CVE-2018-17958,"Qemu has a Buffer Overflow in rtl8139_do_receive in hw/net/rtl8139.c because an incorrect integer data type is used.",Released
20181008,CVE-2018-17962,6.5,7.5,1111010,kvm,https://www.suse.com/security/cve/CVE-2018-17962,"Qemu has a Buffer Overflow in pcnet_receive in hw/net/pcnet.c because an incorrect integer data type is used.",Released
20181008,CVE-2018-17962,6.5,7.5,1111010,xen,https://www.suse.com/security/cve/CVE-2018-17962,"Qemu has a Buffer Overflow in pcnet_receive in hw/net/pcnet.c because an incorrect integer data type is used.",Ignore
20181008,CVE-2018-17963,6.5,9.8,1111013,kvm,https://www.suse.com/security/cve/CVE-2018-17963,"qemu_deliver_packet_iov in net/net.c in Qemu accepts packet sizes greater than INT_MAX, which allows attackers to cause a denial of service or possibly have unspecified other impact.",Released
20181008,CVE-2018-17963,6.5,9.8,1111013,xen,https://www.suse.com/security/cve/CVE-2018-17963,"qemu_deliver_packet_iov in net/net.c in Qemu accepts packet sizes greater than INT_MAX, which allows attackers to cause a denial of service or possibly have unspecified other impact.",Ignore
20181008,CVE-2018-18016,3.3,6.5,1111072,ImageMagick,https://www.suse.com/security/cve/CVE-2018-18016,"ImageMagick 7.0.7-28 has a memory leak vulnerability in WritePCXImage in coders/pcx.c.",Released
20181008,CVE-2018-18024,3.3,6.5,1111069,ImageMagick,https://www.suse.com/security/cve/CVE-2018-18024,"In ImageMagick 7.0.8-13 Q16, there is an infinite loop in the ReadBMPImage function of the coders/bmp.c file. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file.",Released
20181010,CVE-2018-12126,3.8,5.6,1103186,kernel-source,https://www.suse.com/security/cve/CVE-2018-12126,"Microarchitectural Store Buffer Data Sampling (MSBDS): Store buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf",Released
20181010,CVE-2018-12126,3.8,5.6,1103186,kvm,https://www.suse.com/security/cve/CVE-2018-12126,"Microarchitectural Store Buffer Data Sampling (MSBDS): Store buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf",Unsupported
20181010,CVE-2018-12126,3.8,5.6,1103186,microcode_ctl,https://www.suse.com/security/cve/CVE-2018-12126,"Microarchitectural Store Buffer Data Sampling (MSBDS): Store buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf",Released
20181010,CVE-2018-12126,3.8,5.6,1103186,xen,https://www.suse.com/security/cve/CVE-2018-12126,"Microarchitectural Store Buffer Data Sampling (MSBDS): Store buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf",Unsupported
20181010,CVE-2018-12127,3.8,5.6,1103186,kernel-source,https://www.suse.com/security/cve/CVE-2018-12127,"Microarchitectural Load Port Data Sampling (MLPDS): Load ports on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf",Released
20181010,CVE-2018-12127,3.8,5.6,1103186,kvm,https://www.suse.com/security/cve/CVE-2018-12127,"Microarchitectural Load Port Data Sampling (MLPDS): Load ports on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf",Released
20181010,CVE-2018-12127,3.8,5.6,1103186,microcode_ctl,https://www.suse.com/security/cve/CVE-2018-12127,"Microarchitectural Load Port Data Sampling (MLPDS): Load ports on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf",Released
20181010,CVE-2018-12127,3.8,5.6,1103186,xen,https://www.suse.com/security/cve/CVE-2018-12127,"Microarchitectural Load Port Data Sampling (MLPDS): Load ports on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf",Released
20181010,CVE-2018-12128,3.8,,1111331,kernel-source,https://www.suse.com/security/cve/CVE-2018-12128,"** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues. Notes: none.",Released
20181010,CVE-2018-12128,3.8,,1111331,kvm,https://www.suse.com/security/cve/CVE-2018-12128,"** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues. Notes: none.",Released
20181010,CVE-2018-12128,3.8,,1111331,microcode_ctl,https://www.suse.com/security/cve/CVE-2018-12128,"** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues. Notes: none.",Released
20181010,CVE-2018-12128,3.8,,1111331,xen,https://www.suse.com/security/cve/CVE-2018-12128,"** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues. Notes: none.",Released
20181010,CVE-2018-12129,3.8,,1111331,kernel-source,https://www.suse.com/security/cve/CVE-2018-12129,"** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues. Notes: none.",Released
20181010,CVE-2018-12129,3.8,,1111331,kvm,https://www.suse.com/security/cve/CVE-2018-12129,"** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues. Notes: none.",Released
20181010,CVE-2018-12129,3.8,,1111331,microcode_ctl,https://www.suse.com/security/cve/CVE-2018-12129,"** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues. Notes: none.",Released
20181010,CVE-2018-12129,3.8,,1111331,xen,https://www.suse.com/security/cve/CVE-2018-12129,"** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues. Notes: none.",Released
20181010,CVE-2018-12130,6.5,5.6,1103186,kernel-source,https://www.suse.com/security/cve/CVE-2018-12130,"Microarchitectural Fill Buffer Data Sampling (MFBDS): Fill buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf",Released
20181010,CVE-2018-12130,6.5,5.6,1103186,kvm,https://www.suse.com/security/cve/CVE-2018-12130,"Microarchitectural Fill Buffer Data Sampling (MFBDS): Fill buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf",Released
20181010,CVE-2018-12130,6.5,5.6,1103186,microcode_ctl,https://www.suse.com/security/cve/CVE-2018-12130,"Microarchitectural Fill Buffer Data Sampling (MFBDS): Fill buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf",Released
20181010,CVE-2018-12130,6.5,5.6,1103186,xen,https://www.suse.com/security/cve/CVE-2018-12130,"Microarchitectural Fill Buffer Data Sampling (MFBDS): Fill buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf",Released
20181011,CVE-2018-17961,5.3,8.6,1108027,ghostscript-library,https://www.suse.com/security/cve/CVE-2018-17961,"Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving errorhandler setup. NOTE: this issue exists because of an incomplete fix for CVE-2018-17183.",Already fixed
20181012,CVE-2012-6708,6.8,6.1,1111661,ruby,https://www.suse.com/security/cve/CVE-2012-6708,"jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the '<' character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common.",Won't fix
20181012,CVE-2017-16011,6.8,,1111661,ruby,https://www.suse.com/security/cve/CVE-2017-16011,"** REJECT **  DO NOT USE THIS CANDIDATE NUMBER.  ConsultIDs: CVE-2012-6708.  Reason: This candidate is a duplicate of CVE-2012-6708.  Notes: All CVE users should reference CVE-2012-6708 instead of this candidate.  All references and descriptions in this candidate have been removed to prevent accidental usage.",Won't fix
20181012,CVE-2018-12086,7.5,7.5,1111647,wireshark,https://www.suse.com/security/cve/CVE-2018-12086,"Buffer overflow in OPC UA applications allows remote attackers to trigger a stack overflow with carefully structured requests.",Affected
20181012,CVE-2018-14665,8.4,6.6,1111697,xorg-x11-server,https://www.suse.com/security/cve/CVE-2018-14665,"A flaw was found in xorg-x11-server before 1.20.3. An incorrect permission check for -modulepath and -logfile options when starting Xorg. X server allows unprivileged users with the ability to log in to the system via physical console to escalate their privileges and run arbitrary code under root privileges.",Released
20181012,CVE-2018-17977,4.9,4.4,1111609,kernel-source,https://www.suse.com/security/cve/CVE-2018-17977,"The Linux kernel 4.14.67 mishandles certain interaction among XFRM Netlink messages, IPPROTO_AH packets, and IPPROTO_IP packets, which allows local users to cause a denial of service (memory consumption and system hang) by leveraging root access to execute crafted applications, as demonstrated on CentOS 7.",Unsupported
20181012,CVE-2018-18225,7.5,7.5,1111647,wireshark,https://www.suse.com/security/cve/CVE-2018-18225,"In Wireshark 2.6.0 to 2.6.3, the CoAP dissector could crash. This was addressed in epan/dissectors/packet-coap.c by ensuring that the piv length is correctly computed.",Affected
20181012,CVE-2018-18226,5.3,7.5,1111647,wireshark,https://www.suse.com/security/cve/CVE-2018-18226,"In Wireshark 2.6.0 to 2.6.3, the Steam IHS Discovery dissector could consume system memory. This was addressed in epan/dissectors/packet-steam-ihs-discovery.c by changing the memory-management approach.",Affected
20181012,CVE-2018-18227,7.5,7.5,1111647,wireshark,https://www.suse.com/security/cve/CVE-2018-18227,"In Wireshark 2.6.0 to 2.6.3 and 2.4.0 to 2.4.9, the MS-WSP protocol dissector could crash. This was addressed in epan/dissectors/packet-mswsp.c by properly handling NULL return values.",Affected
20181016,CVE-2018-18309,3.3,5.5,1111996,binutils,https://www.suse.com/security/cve/CVE-2018-18309,"An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. An invalid memory address dereference was discovered in read_reloc in reloc.c. The vulnerability causes a segmentation fault and application crash, which leads to denial of service, as demonstrated by objdump, because of missing _bfd_clear_contents bounds checking.",Unsupported
20181016,CVE-2018-18310,3.3,5.5,1111973,elfutils,https://www.suse.com/security/cve/CVE-2018-18310,"An invalid memory address dereference was discovered in dwfl_segment_report_module.c in libdwfl in elfutils through v0.174. The vulnerability allows attackers to cause a denial of service (application crash) with a crafted ELF file, as demonstrated by consider_notes.",Released
20181016,CVE-2018-18384,3.3,5.5,1110194,unzip,https://www.suse.com/security/cve/CVE-2018-18384,"Info-ZIP UnZip 6.0 has a buffer overflow in list.c, when a ZIP archive has a crafted relationship between the compressed-size value and the uncompressed-size value, because a buffer size is 10 and is supposed to be 12.",Released
20181016,CVE-2018-18386,6.2,3.3,1094825,kernel-source,https://www.suse.com/security/cve/CVE-2018-18386,"drivers/tty/n_tty.c in the Linux kernel before 4.14.11 allows local attackers (who are able to access pseudo terminals) to hang/block further usage of any pseudo terminal devices due to an EXTPROC versus ICANON confusion in TIOCINQ.",Released
20181017,CVE-2018-13785,3.3,6.5,1100687,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2018-13785,"In libpng 1.6.34, a wrong calculation of row_factor in the png_check_chunk_length function (pngrutil.c) may trigger an integer overflow and resultant divide-by-zero while processing a crafted PNG file, leading to a denial of service.",Unsupported
20181017,CVE-2018-18438,6.4,5.5,1112185,kvm,https://www.suse.com/security/cve/CVE-2018-18438,"Qemu has integer overflows because IOReadHandler and its associated functions use a signed integer data type for a size value.",Released
20181017,CVE-2018-18438,6.4,5.5,1112185,xen,https://www.suse.com/security/cve/CVE-2018-18438,"Qemu has integer overflows because IOReadHandler and its associated functions use a signed integer data type for a size value.",Ignore
20181018,CVE-2017-10794,6.1,5.5,1112392,ImageMagick,https://www.suse.com/security/cve/CVE-2017-10794,"When GraphicsMagick 1.3.25 processes an RGB TIFF picture (with metadata indicating a single sample per pixel) in coders/tiff.c, a buffer overflow occurs, related to QuantumTransferMode.",Affected
20181018,CVE-2017-14997,3.3,6.5,1112399,ImageMagick,https://www.suse.com/security/cve/CVE-2017-14997,"GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (excessive memory allocation) because of an integer underflow in ReadPICTImage in coders/pict.c.",Released
20181019,CVE-2018-16395,6.8,9.8,1112530,ruby,https://www.suse.com/security/cve/CVE-2018-16395,"An issue was discovered in the OpenSSL library in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. When two OpenSSL::X509::Name objects are compared using ==, depending on the ordering, non-equal objects may return true. When the first argument is one character longer than the second, or the second argument contains a character that is one less than a character in the same position of the first argument, the result of == will be true. This could be leveraged to create an illegitimate certificate that may be accepted as legitimate and then used in signing or encryption operations.",Released
20181019,CVE-2018-18483,4.3,7.8,1112535,binutils,https://www.suse.com/security/cve/CVE-2018-18483,"The get_count function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31, allows remote attackers to cause a denial of service (malloc called with the result of an integer-overflowing calculation) or possibly have unspecified other impact via a crafted string, as demonstrated by c++filt.",Ignore
20181019,CVE-2018-18484,4.3,5.5,1112534,binutils,https://www.suse.com/security/cve/CVE-2018-18484,"An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there is a stack consumption problem caused by recursive stack frames: cplus_demangle_type, d_bare_function_type, d_function_type.",Ignore
20181022,CVE-2018-18520,3.3,6.5,1112726,elfutils,https://www.suse.com/security/cve/CVE-2018-18520,"An Invalid Memory Address Dereference exists in the function elf_end in libelf in elfutils through v0.174. Although eu-size is intended to support ar files inside ar files, handle_ar in size.c closes the outer ar file before handling all inner entries. The vulnerability allows attackers to cause a denial of service (application crash) with a crafted ELF file.",Released
20181022,CVE-2018-18521,3.3,5.5,1112723,elfutils,https://www.suse.com/security/cve/CVE-2018-18521,"Divide-by-zero vulnerabilities in the function arlib_add_symbols() in arlib.c in elfutils 0.174 allow remote attackers to cause a denial of service (application crash) with a crafted ELF file, as demonstrated by eu-ranlib, because a zero sh_entsize is mishandled.",Released
20181024,CVE-2018-16839,4.3,9.8,1112758,curl,https://www.suse.com/security/cve/CVE-2018-16839,"Curl versions 7.33.0 through 7.61.1 are vulnerable to a buffer overrun in the SASL authentication code that may lead to denial of service.",Released
20181024,CVE-2018-16840,4.3,9.8,1112758,curl,https://www.suse.com/security/cve/CVE-2018-16840,"A heap use-after-free flaw was found in curl versions from 7.59.0 through 7.61.1 in the code related to closing an easy handle. When closing and cleaning up an 'easy' handle in the `Curl_close()` function, the library code first frees a struct (without nulling the pointer) and might then subsequently erroneously write to a struct field within that already freed struct.",Released
20181024,CVE-2018-18544,4,6.5,1113064,ImageMagick,https://www.suse.com/security/cve/CVE-2018-18544,"There is a memory leak in the function WriteMSLImage of coders/msl.c in ImageMagick 7.0.8-13 Q16, and the function ProcessMSLScript of coders/msl.c in GraphicsMagick before 1.3.31.",Released
20181024,CVE-2018-18584,,6.5,1113038,libmspack,https://www.suse.com/security/cve/CVE-2018-18584,"In mspack/cab.h in libmspack before 0.8alpha and cabextract before 1.8, the CAB block input buffer is one byte too small for the maximal Quantum block, leading to an out-of-bounds write.",Released
20181024,CVE-2018-18585,,4.3,1113038,libmspack,https://www.suse.com/security/cve/CVE-2018-18585,"chmd_read_headers in mspack/chmd.c in libmspack before 0.8alpha accepts a filename that has '\0' as its first or second character (such as the \"/\0\" name).",Released
20181024,CVE-2018-18586,,5.3,1113038,libmspack,https://www.suse.com/security/cve/CVE-2018-18586,"** DISPUTED ** chmextract.c in the chmextract sample program, as distributed with libmspack before 0.8alpha, does not protect against absolute/relative pathnames in CHM files, leading to Directory Traversal. NOTE: the vendor disputes that this is a libmspack vulnerability, because chmextract.c was only intended as a source-code example, not a supported application.",Released
20181025,CVE-2016-10729,6.7,7.8,1110797,amanda,https://www.suse.com/security/cve/CVE-2016-10729,"An issue was discovered in Amanda 3.3.1. A user with backup privileges can trivially compromise a client installation. The \"runtar\" setuid root binary does not check for additional arguments supplied after --create, allowing users to manipulate commands and perform command injection as root.",Released
20181025,CVE-2018-18605,4.4,5.5,1113255,binutils,https://www.suse.com/security/cve/CVE-2018-18605,"A heap-based buffer over-read issue was discovered in the function sec_merge_hash_lookup in merge.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31, because _bfd_add_merge_section mishandles section merges when size is not a multiple of entsize. A specially crafted ELF allows remote attackers to cause a denial of service, as demonstrated by ld.",Unsupported
20181025,CVE-2018-18606,3.3,5.5,1113252,binutils,https://www.suse.com/security/cve/CVE-2018-18606,"An issue was discovered in the merge_strings function in merge.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. There is a NULL pointer dereference in _bfd_add_merge_section when attempting to merge sections with large alignments. A specially crafted ELF allows remote attackers to cause a denial of service, as demonstrated by ld.",Unsupported
20181025,CVE-2018-18607,3.3,5.5,1113247,binutils,https://www.suse.com/security/cve/CVE-2018-18607,"An issue was discovered in elf_link_input_bfd in elflink.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. There is a NULL pointer dereference in elf_link_input_bfd when used for finding STT_TLS symbols without any TLS section. A specially crafted ELF allows remote attackers to cause a denial of service, as demonstrated by ld.",Unsupported
20181029,CVE-2018-0734,5.9,5.9,1113534,openssl,https://www.suse.com/security/cve/CVE-2018-0734,"The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p).",Released
20181029,CVE-2018-18661,3.3,6.5,1113672,tiff,https://www.suse.com/security/cve/CVE-2018-18661,"An issue was discovered in LibTIFF 4.0.9. There is a NULL pointer dereference in the function LZWDecode in the file tif_lzw.c.",Released
20181029,CVE-2018-18700,3.3,5.5,1113683,binutils,https://www.suse.com/security/cve/CVE-2018-18700,"An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. There is a stack consumption vulnerability resulting from infinite recursion in the functions d_name(), d_encoding(), and d_local_name() in cp-demangle.c. Remote attackers could leverage this vulnerability to cause a denial-of-service via an ELF file, as demonstrated by nm.",Ignore
20181029,CVE-2018-18701,3.3,5.5,1113684,binutils,https://www.suse.com/security/cve/CVE-2018-18701,"An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. There is a stack consumption vulnerability resulting from infinite recursion in the functions next_is_type_qual() and cplus_demangle_type() in cp-demangle.c. Remote attackers could leverage this vulnerability to cause a denial-of-service via an ELF file, as demonstrated by nm.",Ignore
20181029,CVE-2018-18710,5.5,5.5,1113751,kernel-source,https://www.suse.com/security/cve/CVE-2018-18710,"An issue was discovered in the Linux kernel through 4.19. An information leak in cdrom_ioctl_select_disc in drivers/cdrom/cdrom.c could be used by local attackers to read kernel memory because a cast from unsigned long to int interferes with bounds checking. This is similar to CVE-2018-10940 and CVE-2018-16658.",Released
20181030,CVE-2018-16842,4.4,9.1,1113660,curl,https://www.suse.com/security/cve/CVE-2018-16842,"Curl versions 7.14.1 through 7.61.1 are vulnerable to a heap-based buffer over-read in the tool_msgs.c:voutf() function that may result in information exposure and denial of service.",Released
20181030,CVE-2018-18650,3.3,5.5,1113899,poppler,https://www.suse.com/security/cve/CVE-2018-18650,"An issue was discovered in Xpdf 4.00. XRef::readXRefStream in XRef.cc allows attackers to launch a denial of service (Integer Overflow) via a crafted /Size value in a pdf file, as demonstrated by pdftohtml. This is mainly caused by the program attempting a malloc operation for a large amount of memory.",Unsupported
20181102,CVE-2018-16847,7,7.8,1114529,xen,https://www.suse.com/security/cve/CVE-2018-16847,"An OOB heap buffer r/w access issue was found in the NVM Express Controller emulation in QEMU. It could occur in nvme_cmb_ops routines in nvme device. A guest user/process could use this flaw to crash the QEMU process resulting in DoS or potentially run arbitrary code with privileges of the QEMU process.",Ignore
20181102,CVE-2018-18849,6.4,5.5,1114422,kvm,https://www.suse.com/security/cve/CVE-2018-18849,"In Qemu 3.0.0, lsi_do_msgin in hw/scsi/lsi53c895a.c allows out-of-bounds access by triggering an invalid msg_len value.",Released
20181102,CVE-2018-18849,6.4,5.5,1114422,xen,https://www.suse.com/security/cve/CVE-2018-18849,"In Qemu 3.0.0, lsi_do_msgin in hw/scsi/lsi53c895a.c allows out-of-bounds access by triggering an invalid msg_len value.",Ignore
20181102,CVE-2018-18873,3.3,5.5,1114495,jasper,https://www.suse.com/security/cve/CVE-2018-18873,"An issue was discovered in JasPer 2.0.14. There is a NULL pointer dereference in the function ras_putdatastd in ras/ras_enc.c.",Released
20181102,CVE-2018-5407,4.8,4.7,1113534,openssl,https://www.suse.com/security/cve/CVE-2018-5407,"Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'.",Released
20181105,CVE-2018-11759,7.5,7.5,1114612,apache2-mod_jk,https://www.suse.com/security/cve/CVE-2018-11759,"The Apache Web Server (httpd) specific code that normalised the requested path before matching it to the URI-worker map in Apache Tomcat JK (mod_jk) Connector 1.2.0 to 1.2.44 did not handle some edge cases correctly. If only a sub-set of the URLs supported by Tomcat were exposed via httpd, then it was possible for a specially constructed request to expose application functionality through the reverse proxy that was not intended for clients accessing the application via the reverse proxy. It was also possible in some configurations for a specially constructed request to bypass the access controls configured in httpd. While there is some overlap between this issue and CVE-2018-1323, they are not identical.",Released
20181105,CVE-2018-18311,7.4,9.8,1114674,perl,https://www.suse.com/security/cve/CVE-2018-18311,"Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations.",Released
20181106,CVE-2018-16850,,9.8,1114837,postgresql94,https://www.suse.com/security/cve/CVE-2018-16850,"postgresql before versions 11.1, 10.6 is vulnerable to a to SQL injection in pg_upgrade and pg_dump via CREATE TRIGGER ... REFERENCING. Using a purpose-crafted trigger definition, an attacker can cause arbitrary SQL statements to run, with superuser privileges.",Already fixed
20181107,CVE-2018-18897,3.3,6.5,1114966,poppler,https://www.suse.com/security/cve/CVE-2018-18897,"An issue was discovered in Poppler 0.71.0. There is a memory leak in GfxColorSpace::setDisplayProfile in GfxState.cc, as demonstrated by pdftocairo.",Affected
20181109,CVE-2018-19107,3.3,6.5,1115374,exiv2,https://www.suse.com/security/cve/CVE-2018-19107,"In Exiv2 0.26, Exiv2::IptcParser::decode in iptc.cpp (called from psdimage.cpp in the PSD image reader) may suffer from a denial of service (heap-based buffer over-read) caused by an integer overflow via a crafted PSD image file.",Affected
20181109,CVE-2018-19131,7.2,6.1,1113668,squid3,https://www.suse.com/security/cve/CVE-2018-19131,"Squid before 4.4 has XSS via a crafted X.509 certificate during HTTP(S) error page generation for certificate errors.",Released
20181112,CVE-2017-5737,-1,-1,1115633,kernel-source,https://www.suse.com/security/cve/CVE-2017-5737,"** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none.",Released
20181112,CVE-2018-19139,3.3,5.5,1115637,ghostscript-library,https://www.suse.com/security/cve/CVE-2018-19139,"An issue has been found in JasPer 2.0.14. There is a memory leak in jas_malloc.c when called from jpc_unk_getparms in jpc_cs.c.",Affected
20181112,CVE-2018-19139,3.3,5.5,1115637,jasper,https://www.suse.com/security/cve/CVE-2018-19139,"An issue has been found in JasPer 2.0.14. There is a memory leak in jas_malloc.c when called from jpc_unk_getparms in jpc_cs.c.",Released
20181112,CVE-2018-19149,3.3,6.5,1115626,poppler,https://www.suse.com/security/cve/CVE-2018-19149,"Poppler before 0.70.0 has a NULL pointer dereference in _poppler_attachment_new when called from poppler_annot_file_attachment_get_attachment.",Affected
20181113,CVE-2018-19218,,6.5,1115712,at,https://www.suse.com/security/cve/CVE-2018-19218,"In LibSass 3.5-stable, there is an illegal address access at Sass::Parser::parse_css_variable_value_token that will lead to a DoS attack.",Analysis
20181114,CVE-2018-19211,3.3,5.5,1115929,ncurses,https://www.suse.com/security/cve/CVE-2018-19211,"In ncurses 6.1, there is a NULL pointer dereference at function _nc_parse_entry in parse_entry.c that will lead to a denial of service attack. The product proceeds to the dereference code path even after a \"dubious character `*' in name or alias field\" detection.",Released
20181114,CVE-2018-19270,7,,1106095,kernel-source,https://www.suse.com/security/cve/CVE-2018-19270,"** REJECT **  DO NOT USE THIS CANDIDATE NUMBER.  ConsultIDs: CVE-2018-16276.  Reason: This candidate is a reservation duplicate of CVE-2018-16276.  Notes: All CVE users should reference CVE-2018-16276 instead of this candidate.  All references and descriptions in this candidate have been removed to prevent accidental usage.",Ignore
20181116,CVE-2018-18955,,7,1116303,kernel-source,https://www.suse.com/security/cve/CVE-2018-18955,"In the Linux kernel 4.15.x through 4.19.x before 4.19.2, map_write() in kernel/user_namespace.c allows privilege escalation because it mishandles nested user namespaces with more than 5 UID or GID ranges. A user who has CAP_SYS_ADMIN in an affected user namespace can bypass access controls on resources outside the namespace, as demonstrated by reading /etc/shadow. This occurs because an ID transformation takes place properly for the namespaced-to-kernel direction but not for the kernel-to-namespaced direction.",Analysis
20181119,CVE-2018-19358,4.3,7.8,1116588,gnome-keyring,https://www.suse.com/security/cve/CVE-2018-19358,"** DISPUTED ** GNOME Keyring through 3.28.2 allows local users to retrieve login credentials via a Secret Service API call and the D-Bus interface if the keyring is unlocked, a similar issue to CVE-2008-7320. One perspective is that this occurs because available D-Bus protection mechanisms (involving the busconfig and policy XML elements) are not used. NOTE: the vendor disputes this because, according to the security model, untrusted applications must not be allowed to access the user's session bus socket.",Ignore
20181120,CVE-2018-19364,5.3,5.5,1116717,kvm,https://www.suse.com/security/cve/CVE-2018-19364,"hw/9pfs/cofile.c and hw/9pfs/9p.c in QEMU can modify an fid path while it is being accessed by a second thread, leading to (for example) a use-after-free outcome.",Released
20181121,CVE-2018-17985,4.3,5.5,1116827,binutils,https://www.suse.com/security/cve/CVE-2018-17985,"An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. There is a stack consumption problem caused by the cplus_demangle_type function making recursive calls to itself in certain scenarios involving many 'P' characters.",Unsupported
20181121,CVE-2018-19407,5.5,5.5,1116841,kernel-source,https://www.suse.com/security/cve/CVE-2018-19407,"The vcpu_scan_ioapic function in arch/x86/kvm/x86.c in the Linux kernel through 4.19.2 allows local users to cause a denial of service (NULL pointer dereference and BUG) via crafted system calls that reach a situation where ioapic is uninitialized.",Released
20181122,CVE-2018-19432,5.3,6.5,1116993,libsndfile,https://www.suse.com/security/cve/CVE-2018-19432,"An issue was discovered in libsndfile 1.0.28. There is a NULL pointer dereference in the function sf_write_int in sndfile.c, which will lead to a denial of service.",Affected
20181126,CVE-2018-19489,2.8,4.7,1117275,kvm,https://www.suse.com/security/cve/CVE-2018-19489,"v9fs_wstat in hw/9pfs/9p.c in QEMU allows guest OS users to cause a denial of service (crash) because of a race condition during file renaming.",Released
20181126,CVE-2018-19518,5.3,7.5,1117107,php53,https://www.suse.com/security/cve/CVE-2018-19518,"University of Washington IMAP Toolkit 2007f on UNIX, as used in imap_open() in PHP and other products, launches an rsh command (by means of the imap_rimap function in c-client/imap4r1.c and the tcp_aopen function in osdep/unix/tcp_unix.c) without preventing argument injection, which might allow remote attackers to execute arbitrary OS commands if the IMAP server name is untrusted input (e.g., entered by a user of a web application) and if rsh has been replaced by a program with different argument semantics. For example, if rsh is a link to ssh (as seen on Debian and Ubuntu systems), then the attack can use an IMAP server name containing a \"-oProxyCommand\" argument.",Released
20181126,CVE-2018-19535,4.5,6.5,1117291,exiv2,https://www.suse.com/security/cve/CVE-2018-19535,"In Exiv2 0.26 and previous versions, PngChunk::readRawProfile in pngchunk_int.cpp may cause a denial of service (application crash due to a heap-based buffer over-read) via a crafted PNG file.",Affected
20181126,CVE-2018-19543,5.1,7.8,1045450,jasper,https://www.suse.com/security/cve/CVE-2018-19543,"An issue was discovered in JasPer 2.0.14. There is a heap-based buffer over-read of size 8 in the function jp2_decode in libjasper/jp2/jp2_dec.c.",Released
20181127,CVE-2018-19490,4.4,7.8,1117465,gnuplot,https://www.suse.com/security/cve/CVE-2018-19490,"An issue was discovered in datafile.c in Gnuplot 5.2.5. This issue allows an attacker to conduct a heap-based buffer overflow with an arbitrary amount of data in df_generate_ascii_array_entry. To exploit this vulnerability, an attacker must pass an overlong string as the right bound of the range argument that is passed to the plot function.",Released
20181127,CVE-2018-19491,4.4,7.8,1117464,gnuplot,https://www.suse.com/security/cve/CVE-2018-19491,"An issue was discovered in post.trm in Gnuplot 5.2.5. This issue allows an attacker to conduct a buffer overflow with an arbitrary amount of data in the PS_options function. This flaw is caused by a missing size check of an argument passed to the \"set font\" function. This issue occurs when the Gnuplot postscript terminal is used as a backend.",Released
20181127,CVE-2018-19492,4.4,7.8,1117463,gnuplot,https://www.suse.com/security/cve/CVE-2018-19492,"An issue was discovered in cairo.trm in Gnuplot 5.2.5. This issue allows an attacker to conduct a buffer overflow with an arbitrary amount of data in the cairotrm_options function. This flaw is caused by a missing size check of an argument passed to the \"set font\" function. This issue occurs when the Gnuplot pngcairo terminal is used as a backend.",Released
20181127,CVE-2018-19539,4,6.5,1117511,jasper,https://www.suse.com/security/cve/CVE-2018-19539,"An issue was discovered in JasPer 2.0.14. There is an access violation in the function jas_image_readcmpt in libjasper/base/jas_image.c, leading to a denial of service.",Released
20181127,CVE-2018-19540,5.9,8.8,1117508,jasper,https://www.suse.com/security/cve/CVE-2018-19540,"An issue was discovered in JasPer 1.900.8, 1.900.9, 1.900.10, 1.900.11, 1.900.12, 1.900.13, 1.900.14, 1.900.15, 1.900.16, 1.900.17, 1.900.18, 1.900.19, 1.900.20, 1.900.21, 1.900.22, 1.900.23, 1.900.24, 1.900.25, 1.900.26, 1.900.27, 1.900.28, 1.900.29, 1.900.30, 1.900.31, 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, 2.0.6, 2.0.7, 2.0.8, 2.0.9, 2.0.10, 2.0.11, 2.0.12, 2.0.13, 2.0.14, 2.0.15, 2.0.16. There is a heap-based buffer overflow of size 1 in the function jas_icctxtdesc_input in libjasper/base/jas_icc.c.",Released
20181127,CVE-2018-19541,5.1,8.8,1117507,jasper,https://www.suse.com/security/cve/CVE-2018-19541,"An issue was discovered in JasPer 1.900.8, 1.900.9, 1.900.10, 1.900.11, 1.900.12, 1.900.13, 1.900.14, 1.900.15, 1.900.16, 1.900.17, 1.900.18, 1.900.19, 1.900.20, 1.900.21, 1.900.22, 1.900.23, 1.900.24, 1.900.25, 1.900.26, 1.900.27, 1.900.28, 1.900.29, 1.900.30, 1.900.31, 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, 2.0.6, 2.0.7, 2.0.8, 2.0.9, 2.0.10, 2.0.11, 2.0.12, 2.0.13, 2.0.14, 2.0.15, 2.0.16. There is a heap-based buffer over-read of size 8 in the function jas_image_depalettize in libjasper/base/jas_image.c.",Released
20181127,CVE-2018-19542,6.2,6.5,1117505,jasper,https://www.suse.com/security/cve/CVE-2018-19542,"An issue was discovered in JasPer 2.0.14. There is a NULL pointer dereference in the function jp2_decode in libjasper/jp2/jp2_dec.c, leading to a denial of service.",Released
20181128,CVE-2018-12116,4.2,7.5,1117630,firefox-atk,https://www.suse.com/security/cve/CVE-2018-12116,"Node.js: All versions prior to Node.js 6.15.0 and 8.14.0: HTTP request splitting: If Node.js can be convinced to use unsanitized user-provided Unicode data for the `path` option of an HTTP request, then data can be provided which will trigger a second, unexpected, and user-defined HTTP request to made to the same server.",Released
20181128,CVE-2018-12116,4.2,7.5,1117630,firefox-cairo,https://www.suse.com/security/cve/CVE-2018-12116,"Node.js: All versions prior to Node.js 6.15.0 and 8.14.0: HTTP request splitting: If Node.js can be convinced to use unsanitized user-provided Unicode data for the `path` option of an HTTP request, then data can be provided which will trigger a second, unexpected, and user-defined HTTP request to made to the same server.",Released
20181128,CVE-2018-12116,4.2,7.5,1117630,firefox-gcc8,https://www.suse.com/security/cve/CVE-2018-12116,"Node.js: All versions prior to Node.js 6.15.0 and 8.14.0: HTTP request splitting: If Node.js can be convinced to use unsanitized user-provided Unicode data for the `path` option of an HTTP request, then data can be provided which will trigger a second, unexpected, and user-defined HTTP request to made to the same server.",Released
20181128,CVE-2018-12116,4.2,7.5,1117630,firefox-gdk-pixbuf,https://www.suse.com/security/cve/CVE-2018-12116,"Node.js: All versions prior to Node.js 6.15.0 and 8.14.0: HTTP request splitting: If Node.js can be convinced to use unsanitized user-provided Unicode data for the `path` option of an HTTP request, then data can be provided which will trigger a second, unexpected, and user-defined HTTP request to made to the same server.",Released
20181128,CVE-2018-12116,4.2,7.5,1117630,firefox-glib2,https://www.suse.com/security/cve/CVE-2018-12116,"Node.js: All versions prior to Node.js 6.15.0 and 8.14.0: HTTP request splitting: If Node.js can be convinced to use unsanitized user-provided Unicode data for the `path` option of an HTTP request, then data can be provided which will trigger a second, unexpected, and user-defined HTTP request to made to the same server.",Released
20181128,CVE-2018-12116,4.2,7.5,1117630,firefox-gtk3,https://www.suse.com/security/cve/CVE-2018-12116,"Node.js: All versions prior to Node.js 6.15.0 and 8.14.0: HTTP request splitting: If Node.js can be convinced to use unsanitized user-provided Unicode data for the `path` option of an HTTP request, then data can be provided which will trigger a second, unexpected, and user-defined HTTP request to made to the same server.",Released
20181128,CVE-2018-12116,4.2,7.5,1117630,firefox-harfbuzz,https://www.suse.com/security/cve/CVE-2018-12116,"Node.js: All versions prior to Node.js 6.15.0 and 8.14.0: HTTP request splitting: If Node.js can be convinced to use unsanitized user-provided Unicode data for the `path` option of an HTTP request, then data can be provided which will trigger a second, unexpected, and user-defined HTTP request to made to the same server.",Released
20181128,CVE-2018-12116,4.2,7.5,1117630,firefox-libffi-gcc5,https://www.suse.com/security/cve/CVE-2018-12116,"Node.js: All versions prior to Node.js 6.15.0 and 8.14.0: HTTP request splitting: If Node.js can be convinced to use unsanitized user-provided Unicode data for the `path` option of an HTTP request, then data can be provided which will trigger a second, unexpected, and user-defined HTTP request to made to the same server.",Released
20181128,CVE-2018-12116,4.2,7.5,1117630,firefox-libffi,https://www.suse.com/security/cve/CVE-2018-12116,"Node.js: All versions prior to Node.js 6.15.0 and 8.14.0: HTTP request splitting: If Node.js can be convinced to use unsanitized user-provided Unicode data for the `path` option of an HTTP request, then data can be provided which will trigger a second, unexpected, and user-defined HTTP request to made to the same server.",Released
20181128,CVE-2018-12116,4.2,7.5,1117630,firefox-pango,https://www.suse.com/security/cve/CVE-2018-12116,"Node.js: All versions prior to Node.js 6.15.0 and 8.14.0: HTTP request splitting: If Node.js can be convinced to use unsanitized user-provided Unicode data for the `path` option of an HTTP request, then data can be provided which will trigger a second, unexpected, and user-defined HTTP request to made to the same server.",Released
20181128,CVE-2018-12121,7.5,7.5,1117626,firefox-atk,https://www.suse.com/security/cve/CVE-2018-12121,"Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Denial of Service with large HTTP headers: By using a combination of many requests with maximum sized headers (almost 80 KB per connection), and carefully timed completion of the headers, it is possible to cause the HTTP server to abort from heap allocation failure. Attack potential is mitigated by the use of a load balancer or other proxy layer.",Released
20181128,CVE-2018-12121,7.5,7.5,1117626,firefox-cairo,https://www.suse.com/security/cve/CVE-2018-12121,"Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Denial of Service with large HTTP headers: By using a combination of many requests with maximum sized headers (almost 80 KB per connection), and carefully timed completion of the headers, it is possible to cause the HTTP server to abort from heap allocation failure. Attack potential is mitigated by the use of a load balancer or other proxy layer.",Released
20181128,CVE-2018-12121,7.5,7.5,1117626,firefox-gcc8,https://www.suse.com/security/cve/CVE-2018-12121,"Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Denial of Service with large HTTP headers: By using a combination of many requests with maximum sized headers (almost 80 KB per connection), and carefully timed completion of the headers, it is possible to cause the HTTP server to abort from heap allocation failure. Attack potential is mitigated by the use of a load balancer or other proxy layer.",Released
20181128,CVE-2018-12121,7.5,7.5,1117626,firefox-gdk-pixbuf,https://www.suse.com/security/cve/CVE-2018-12121,"Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Denial of Service with large HTTP headers: By using a combination of many requests with maximum sized headers (almost 80 KB per connection), and carefully timed completion of the headers, it is possible to cause the HTTP server to abort from heap allocation failure. Attack potential is mitigated by the use of a load balancer or other proxy layer.",Released
20181128,CVE-2018-12121,7.5,7.5,1117626,firefox-glib2,https://www.suse.com/security/cve/CVE-2018-12121,"Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Denial of Service with large HTTP headers: By using a combination of many requests with maximum sized headers (almost 80 KB per connection), and carefully timed completion of the headers, it is possible to cause the HTTP server to abort from heap allocation failure. Attack potential is mitigated by the use of a load balancer or other proxy layer.",Released
20181128,CVE-2018-12121,7.5,7.5,1117626,firefox-gtk3,https://www.suse.com/security/cve/CVE-2018-12121,"Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Denial of Service with large HTTP headers: By using a combination of many requests with maximum sized headers (almost 80 KB per connection), and carefully timed completion of the headers, it is possible to cause the HTTP server to abort from heap allocation failure. Attack potential is mitigated by the use of a load balancer or other proxy layer.",Released
20181128,CVE-2018-12121,7.5,7.5,1117626,firefox-harfbuzz,https://www.suse.com/security/cve/CVE-2018-12121,"Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Denial of Service with large HTTP headers: By using a combination of many requests with maximum sized headers (almost 80 KB per connection), and carefully timed completion of the headers, it is possible to cause the HTTP server to abort from heap allocation failure. Attack potential is mitigated by the use of a load balancer or other proxy layer.",Released
20181128,CVE-2018-12121,7.5,7.5,1117626,firefox-libffi-gcc5,https://www.suse.com/security/cve/CVE-2018-12121,"Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Denial of Service with large HTTP headers: By using a combination of many requests with maximum sized headers (almost 80 KB per connection), and carefully timed completion of the headers, it is possible to cause the HTTP server to abort from heap allocation failure. Attack potential is mitigated by the use of a load balancer or other proxy layer.",Released
20181128,CVE-2018-12121,7.5,7.5,1117626,firefox-libffi,https://www.suse.com/security/cve/CVE-2018-12121,"Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Denial of Service with large HTTP headers: By using a combination of many requests with maximum sized headers (almost 80 KB per connection), and carefully timed completion of the headers, it is possible to cause the HTTP server to abort from heap allocation failure. Attack potential is mitigated by the use of a load balancer or other proxy layer.",Released
20181128,CVE-2018-12121,7.5,7.5,1117626,firefox-pango,https://www.suse.com/security/cve/CVE-2018-12121,"Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Denial of Service with large HTTP headers: By using a combination of many requests with maximum sized headers (almost 80 KB per connection), and carefully timed completion of the headers, it is possible to cause the HTTP server to abort from heap allocation failure. Attack potential is mitigated by the use of a load balancer or other proxy layer.",Released
20181128,CVE-2018-12122,7.5,7.5,1117627,firefox-atk,https://www.suse.com/security/cve/CVE-2018-12122,"Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Slowloris HTTP Denial of Service: An attacker can cause a Denial of Service (DoS) by sending headers very slowly keeping HTTP or HTTPS connections and associated resources alive for a long period of time.",Released
20181128,CVE-2018-12122,7.5,7.5,1117627,firefox-cairo,https://www.suse.com/security/cve/CVE-2018-12122,"Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Slowloris HTTP Denial of Service: An attacker can cause a Denial of Service (DoS) by sending headers very slowly keeping HTTP or HTTPS connections and associated resources alive for a long period of time.",Released
20181128,CVE-2018-12122,7.5,7.5,1117627,firefox-gcc8,https://www.suse.com/security/cve/CVE-2018-12122,"Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Slowloris HTTP Denial of Service: An attacker can cause a Denial of Service (DoS) by sending headers very slowly keeping HTTP or HTTPS connections and associated resources alive for a long period of time.",Released
20181128,CVE-2018-12122,7.5,7.5,1117627,firefox-gdk-pixbuf,https://www.suse.com/security/cve/CVE-2018-12122,"Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Slowloris HTTP Denial of Service: An attacker can cause a Denial of Service (DoS) by sending headers very slowly keeping HTTP or HTTPS connections and associated resources alive for a long period of time.",Released
20181128,CVE-2018-12122,7.5,7.5,1117627,firefox-glib2,https://www.suse.com/security/cve/CVE-2018-12122,"Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Slowloris HTTP Denial of Service: An attacker can cause a Denial of Service (DoS) by sending headers very slowly keeping HTTP or HTTPS connections and associated resources alive for a long period of time.",Released
20181128,CVE-2018-12122,7.5,7.5,1117627,firefox-gtk3,https://www.suse.com/security/cve/CVE-2018-12122,"Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Slowloris HTTP Denial of Service: An attacker can cause a Denial of Service (DoS) by sending headers very slowly keeping HTTP or HTTPS connections and associated resources alive for a long period of time.",Released
20181128,CVE-2018-12122,7.5,7.5,1117627,firefox-harfbuzz,https://www.suse.com/security/cve/CVE-2018-12122,"Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Slowloris HTTP Denial of Service: An attacker can cause a Denial of Service (DoS) by sending headers very slowly keeping HTTP or HTTPS connections and associated resources alive for a long period of time.",Released
20181128,CVE-2018-12122,7.5,7.5,1117627,firefox-libffi-gcc5,https://www.suse.com/security/cve/CVE-2018-12122,"Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Slowloris HTTP Denial of Service: An attacker can cause a Denial of Service (DoS) by sending headers very slowly keeping HTTP or HTTPS connections and associated resources alive for a long period of time.",Released
20181128,CVE-2018-12122,7.5,7.5,1117627,firefox-libffi,https://www.suse.com/security/cve/CVE-2018-12122,"Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Slowloris HTTP Denial of Service: An attacker can cause a Denial of Service (DoS) by sending headers very slowly keeping HTTP or HTTPS connections and associated resources alive for a long period of time.",Released
20181128,CVE-2018-12122,7.5,7.5,1117627,firefox-pango,https://www.suse.com/security/cve/CVE-2018-12122,"Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Slowloris HTTP Denial of Service: An attacker can cause a Denial of Service (DoS) by sending headers very slowly keeping HTTP or HTTPS connections and associated resources alive for a long period of time.",Released
20181128,CVE-2018-12123,5.1,4.3,1117629,firefox-atk,https://www.suse.com/security/cve/CVE-2018-12123,"Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Hostname spoofing in URL parser for javascript protocol: If a Node.js application is using url.parse() to determine the URL hostname, that hostname can be spoofed by using a mixed case \"javascript:\" (e.g. \"javAscript:\") protocol (other protocols are not affected). If security decisions are made about the URL based on the hostname, they may be incorrect.",Released
20181128,CVE-2018-12123,5.1,4.3,1117629,firefox-cairo,https://www.suse.com/security/cve/CVE-2018-12123,"Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Hostname spoofing in URL parser for javascript protocol: If a Node.js application is using url.parse() to determine the URL hostname, that hostname can be spoofed by using a mixed case \"javascript:\" (e.g. \"javAscript:\") protocol (other protocols are not affected). If security decisions are made about the URL based on the hostname, they may be incorrect.",Released
20181128,CVE-2018-12123,5.1,4.3,1117629,firefox-gcc8,https://www.suse.com/security/cve/CVE-2018-12123,"Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Hostname spoofing in URL parser for javascript protocol: If a Node.js application is using url.parse() to determine the URL hostname, that hostname can be spoofed by using a mixed case \"javascript:\" (e.g. \"javAscript:\") protocol (other protocols are not affected). If security decisions are made about the URL based on the hostname, they may be incorrect.",Released
20181128,CVE-2018-12123,5.1,4.3,1117629,firefox-gdk-pixbuf,https://www.suse.com/security/cve/CVE-2018-12123,"Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Hostname spoofing in URL parser for javascript protocol: If a Node.js application is using url.parse() to determine the URL hostname, that hostname can be spoofed by using a mixed case \"javascript:\" (e.g. \"javAscript:\") protocol (other protocols are not affected). If security decisions are made about the URL based on the hostname, they may be incorrect.",Released
20181128,CVE-2018-12123,5.1,4.3,1117629,firefox-glib2,https://www.suse.com/security/cve/CVE-2018-12123,"Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Hostname spoofing in URL parser for javascript protocol: If a Node.js application is using url.parse() to determine the URL hostname, that hostname can be spoofed by using a mixed case \"javascript:\" (e.g. \"javAscript:\") protocol (other protocols are not affected). If security decisions are made about the URL based on the hostname, they may be incorrect.",Released
20181128,CVE-2018-12123,5.1,4.3,1117629,firefox-gtk3,https://www.suse.com/security/cve/CVE-2018-12123,"Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Hostname spoofing in URL parser for javascript protocol: If a Node.js application is using url.parse() to determine the URL hostname, that hostname can be spoofed by using a mixed case \"javascript:\" (e.g. \"javAscript:\") protocol (other protocols are not affected). If security decisions are made about the URL based on the hostname, they may be incorrect.",Released
20181128,CVE-2018-12123,5.1,4.3,1117629,firefox-harfbuzz,https://www.suse.com/security/cve/CVE-2018-12123,"Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Hostname spoofing in URL parser for javascript protocol: If a Node.js application is using url.parse() to determine the URL hostname, that hostname can be spoofed by using a mixed case \"javascript:\" (e.g. \"javAscript:\") protocol (other protocols are not affected). If security decisions are made about the URL based on the hostname, they may be incorrect.",Released
20181128,CVE-2018-12123,5.1,4.3,1117629,firefox-libffi-gcc5,https://www.suse.com/security/cve/CVE-2018-12123,"Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Hostname spoofing in URL parser for javascript protocol: If a Node.js application is using url.parse() to determine the URL hostname, that hostname can be spoofed by using a mixed case \"javascript:\" (e.g. \"javAscript:\") protocol (other protocols are not affected). If security decisions are made about the URL based on the hostname, they may be incorrect.",Released
20181128,CVE-2018-12123,5.1,4.3,1117629,firefox-libffi,https://www.suse.com/security/cve/CVE-2018-12123,"Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Hostname spoofing in URL parser for javascript protocol: If a Node.js application is using url.parse() to determine the URL hostname, that hostname can be spoofed by using a mixed case \"javascript:\" (e.g. \"javAscript:\") protocol (other protocols are not affected). If security decisions are made about the URL based on the hostname, they may be incorrect.",Released
20181128,CVE-2018-12123,5.1,4.3,1117629,firefox-pango,https://www.suse.com/security/cve/CVE-2018-12123,"Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Hostname spoofing in URL parser for javascript protocol: If a Node.js application is using url.parse() to determine the URL hostname, that hostname can be spoofed by using a mixed case \"javascript:\" (e.g. \"javAscript:\") protocol (other protocols are not affected). If security decisions are made about the URL based on the hostname, they may be incorrect.",Released
20181128,CVE-2018-12207,5.5,6.5,1117665,kernel-source,https://www.suse.com/security/cve/CVE-2018-12207,"Improper invalidation for page table updates by a virtual guest operating system for multiple Intel(R) Processors may allow an authenticated user to potentially enable denial of service of the host system via local access.",Released
20181128,CVE-2018-12207,5.5,6.5,1117665,xen,https://www.suse.com/security/cve/CVE-2018-12207,"Improper invalidation for page table updates by a virtual guest operating system for multiple Intel(R) Processors may allow an authenticated user to potentially enable denial of service of the host system via local access.",Released
20181129,CVE-2018-19622,6.5,7.5,1117740,wireshark,https://www.suse.com/security/cve/CVE-2018-19622,"In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the MMSE dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-mmse.c by preventing length overflows.",Ignore
20181129,CVE-2018-19623,6.8,7.5,1117740,wireshark,https://www.suse.com/security/cve/CVE-2018-19623,"In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the LBMPDM dissector could crash. In addition, a remote attacker could write arbitrary data to any memory locations before the packet-scoped memory. This was addressed in epan/dissectors/packet-lbmpdm.c by disallowing certain negative values.",Ignore
20181129,CVE-2018-19624,6.5,5.5,1117740,wireshark,https://www.suse.com/security/cve/CVE-2018-19624,"In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the PVFS dissector could crash. This was addressed in epan/dissectors/packet-pvfs2.c by preventing a NULL pointer dereference.",Ignore
20181129,CVE-2018-19625,6.5,5.5,1117740,wireshark,https://www.suse.com/security/cve/CVE-2018-19625,"In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the dissection engine could crash. This was addressed in epan/tvbuff_composite.c by preventing a heap-based buffer over-read.",Ignore
20181129,CVE-2018-19626,6.5,5.5,1117740,wireshark,https://www.suse.com/security/cve/CVE-2018-19626,"In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the DCOM dissector could crash. This was addressed in epan/dissectors/packet-dcom.c by adding '\0' termination.",Ignore
20181129,CVE-2018-19627,,7.5,1117740,wireshark,https://www.suse.com/security/cve/CVE-2018-19627,"In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the IxVeriWave file parser could crash. This was addressed in wiretap/vwr.c by adjusting a buffer boundary.",Ignore
20181129,CVE-2018-19636,7.3,7.8,1063385,supportutils,https://www.suse.com/security/cve/CVE-2018-19636,"Supportutils, before version 3.1-5.7.1, when run with command line argument -A searched the file system for a ndspath binary. If an attacker provides one at an arbitrary location it is executed with root privileges",Released
20181129,CVE-2018-19665,6.4,5.7,1117749,kvm,https://www.suse.com/security/cve/CVE-2018-19665,"The Bluetooth subsystem in QEMU mishandles negative values for length variables, leading to memory corruption.",Ignore
20181129,CVE-2018-19665,6.4,5.7,1117749,xen,https://www.suse.com/security/cve/CVE-2018-19665,"The Bluetooth subsystem in QEMU mishandles negative values for length variables, leading to memory corruption.",Released
20181130,CVE-2018-19758,5.5,6.5,1117954,libsndfile,https://www.suse.com/security/cve/CVE-2018-19758,"There is a heap-based buffer over-read at wav.c in wav_write_header in libsndfile 1.0.28 that will cause a denial of service.",Released
20181203,CVE-2018-16868,5.3,5.6,1117951,gnutls,https://www.suse.com/security/cve/CVE-2018-16868,"A Bleichenbacher type side-channel based padding oracle attack was found in the way gnutls handles verification of RSA decrypted PKCS#1 v1.5 data. An attacker who is able to run process on the same physical core as the victim process, could use this to extract plaintext or in some cases downgrade any TLS connections to a vulnerable server.",Ignore
20181203,CVE-2018-19787,5.4,6.1,1118088,python-lxml,https://www.suse.com/security/cve/CVE-2018-19787,"An issue was discovered in lxml before 4.2.5. lxml/html/clean.py in the lxml.html.clean module does not remove javascript: URLs that use escaping, allowing a remote attacker to conduct XSS attacks, as demonstrated by \"j a v a s c r i p t:\" in Internet Explorer. This is a similar issue to CVE-2014-3146.",Released
20181203,CVE-2018-19824,6.6,7.8,1118152,kernel-source,https://www.suse.com/security/cve/CVE-2018-19824,"In the Linux kernel through 4.19.6, a local user could exploit a use-after-free in the ALSA driver by supplying a malicious USB Sound device (with zero interfaces) that is mishandled in usb_audio_probe in sound/usb/card.c.",Released
20181204,CVE-2018-16863,7.3,7.3,1118318,ghostscript-library,https://www.suse.com/security/cve/CVE-2018-16863,"It was found that RHSA-2018:2918 did not fully fix CVE-2018-16509. An attacker could possibly exploit another variant of the flaw and bypass the -dSAFER protection to, for example, execute arbitrary shell commands via a specially crafted PostScript document. This only affects ghostscript 9.07 as shipped with Red Hat Enterprise Linux 7.",Already fixed
20181204,CVE-2018-9568,7.4,7.8,1118319,kernel-source,https://www.suse.com/security/cve/CVE-2018-9568,"In sk_clone_lock of sock.c, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-113509306. References: Upstream kernel.",Released
20181205,CVE-2018-19134,7.3,7.8,1108027,ghostscript-library,https://www.suse.com/security/cve/CVE-2018-19134,"In Artifex Ghostscript through 9.25, the setpattern operator did not properly validate certain types. A specially crafted PostScript document could exploit this to crash Ghostscript or, possibly, execute arbitrary code in the context of the Ghostscript process. This is a type confusion issue because of failure to check whether the Implementation of a pattern dictionary was a structure type.",Already fixed
20181205,CVE-2018-19638,3.3,4.7,1063385,supportutils,https://www.suse.com/security/cve/CVE-2018-19638,"In supportutils, before version 3.1-5.7.1 and if pacemaker is installed on the system, an unprivileged user could have overwritten arbitrary files in the directory that is used by supportutils to collect the log files.",Released
20181205,CVE-2018-19639,7.3,7.8,1063385,supportutils,https://www.suse.com/security/cve/CVE-2018-19639,"If supportutils before version 3.1-5.7.1 is run with -v to perform rpm verification and the attacker manages to manipulate the rpm listing (e.g. with CVE-2018-19638) he can execute arbitrary commands as root.",Released
20181205,CVE-2018-19640,5,5.5,1063385,supportutils,https://www.suse.com/security/cve/CVE-2018-19640,"If the attacker manages to create files in the directory used to collect log files in supportutils before version 3.1-5.7.1 (e.g. with CVE-2018-19638) he can kill arbitrary processes on the local machine.",Released
20181206,CVE-2018-15518,4,8.8,1118595,libqt4,https://www.suse.com/security/cve/CVE-2018-15518,"QXmlStream in Qt 5.x before 5.11.3 has a double-free or corruption during parsing of a specially crafted illegal XML document.",Released
20181206,CVE-2018-19869,4,6.5,1118599,libqt4,https://www.suse.com/security/cve/CVE-2018-19869,"An issue was discovered in Qt before 5.11.3. A malformed SVG image causes a segmentation fault in qsvghandler.cpp.",Released
20181206,CVE-2018-19873,4,9.8,1118596,libqt4,https://www.suse.com/security/cve/CVE-2018-19873,"An issue was discovered in Qt before 5.11.3. QBmpHandler has a buffer overflow via BMP data.",Released
20181207,CVE-2018-19931,4,7.8,1118830,binutils,https://www.suse.com/security/cve/CVE-2018-19931,"An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils through 2.31. There is a heap-based buffer overflow in bfd_elf32_swap_phdr_in in elfcode.h because the number of program headers is not restricted.",Unsupported
20181207,CVE-2018-19932,3.3,5.5,1118830,binutils,https://www.suse.com/security/cve/CVE-2018-19932,"An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils through 2.31. There is an integer overflow and infinite loop caused by the IS_CONTAINED_BY_LMA macro in elf.c.",Unsupported
20181208,CVE-2018-19961,7.8,7.8,1115040,xen,https://www.suse.com/security/cve/CVE-2018-19961,"An issue was discovered in Xen through 4.11.x on AMD x86 platforms, possibly allowing guest OS users to gain host OS privileges because TLB flushes do not always occur after IOMMU mapping changes.",Released
20181208,CVE-2018-19962,7.8,7.8,1115040,xen,https://www.suse.com/security/cve/CVE-2018-19962,"An issue was discovered in Xen through 4.11.x on AMD x86 platforms, possibly allowing guest OS users to gain host OS privileges because small IOMMU mappings are unsafely combined into larger ones.",Released
20181208,CVE-2018-19965,,5.6,1115045,xen,https://www.suse.com/security/cve/CVE-2018-19965,"An issue was discovered in Xen through 4.11.x allowing 64-bit PV guest OS users to cause a denial of service (host OS crash) because #GP[0] can occur after a non-canonical address is passed to the TLB flushing code. NOTE: this issue exists because of an incorrect CVE-2017-5754 (aka Meltdown) mitigation.",Released
20181208,CVE-2018-19966,5.3,8.8,1115047,xen,https://www.suse.com/security/cve/CVE-2018-19966,"An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service (host OS crash) or possibly gain host OS privileges because of an interpretation conflict for a union data structure associated with shadow paging. NOTE: this issue exists because of an incorrect fix for CVE-2017-15595.",Released
20181208,CVE-2018-19967,5.6,6.5,1114988,xen,https://www.suse.com/security/cve/CVE-2018-19967,"An issue was discovered in Xen through 4.11.x on Intel x86 platforms allowing guest OS users to cause a denial of service (host OS hang) because Xen does not work around Intel's mishandling of certain HLE transactions associated with the KACQUIRE instruction prefix.",Released
20181210,CVE-2018-11805,,6.7,1118987,spamassassin,https://www.suse.com/security/cve/CVE-2018-11805,"In Apache SpamAssassin before 3.4.3, nefarious CF files can be configured to run system commands without any output or errors. With this, exploits can be injected in a number of scenarios. In addition to upgrading to SA 3.4.3, we recommend that users should only use update channels or 3rd party .cf files from trusted places.",Won't fix
20181210,CVE-2018-20002,3.3,5.5,1118964,binutils,https://www.suse.com/security/cve/CVE-2018-20002,"The _bfd_generic_read_minisymbols function in syms.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31, has a memory leak via a crafted ELF file, leading to a denial of service (memory consumption), as demonstrated by nm.",Ignore
20181211,CVE-2018-12404,5.9,5.9,1119069,mozilla-nss,https://www.suse.com/security/cve/CVE-2018-12404,"A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of the Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) and affects all NSS versions prior to NSS 3.41.",Already fixed
20181214,CVE-2018-20096,4,6.5,1119513,exiv2,https://www.suse.com/security/cve/CVE-2018-20096,"There is a heap-based buffer over-read in the Exiv2::tEXtToDataBuf function of pngimage.cpp in Exiv2 0.27-RC3. A crafted input will lead to a remote denial of service attack.",Won't fix
20181214,CVE-2018-20099,4,6.5,1119559,exiv2,https://www.suse.com/security/cve/CVE-2018-20099,"There is an infinite loop in Exiv2::Jp2Image::encodeJp2Header of jp2image.cpp in Exiv2 0.27-RC3. A crafted input will lead to a remote denial of service attack.",Affected
20181217,CVE-2018-12539,8.4,7.8,1101645,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2018-12539,"In Eclipse OpenJ9 version 0.8, users other than the process owner may be able to use Java Attach API to connect to an Eclipse OpenJ9 or IBM JVM on the same machine and use Attach API operations, which includes the ability to execute untrusted native code. Attach API is enabled by default on Windows, Linux and AIX JVMs and can be disabled using the command line option -Dcom.ibm.tools.attach.enable=no.",Released
20181217,CVE-2018-1517,5.9,7.5,1101645,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2018-1517,"A flaw in the java.math component in IBM SDK, Java Technology Edition 6.0, 7.0, and 8.0 may allow an attacker to inflict a denial-of-service attack with specially crafted String data. IBM X-Force ID: 141681.",Released
20181217,CVE-2018-1656,7.4,6.5,1101645,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2018-1656,"The IBM Java Runtime Environment's Diagnostic Tooling Framework for Java (DTFJ) (IBM SDK, Java Technology Edition 6.0 , 7.0, and 8.0) does not protect against path traversal attacks when extracting compressed dump files. IBM X-Force ID: 144882.",Released
20181217,CVE-2018-20169,6.3,6.8,1119714,kernel-source,https://www.suse.com/security/cve/CVE-2018-20169,"An issue was discovered in the Linux kernel before 4.19.9. The USB subsystem mishandles size checks during the reading of an extra descriptor, related to __usb_get_extra_descriptor in drivers/usb/core/usb.c.",Released
20181217,CVE-2018-2952,-1,-1,1101645,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2018-2952,"Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Concurrency). Supported versions that are affected are Java SE: 6u191, 7u181, 8u172 and 10.0.1; Java SE Embedded: 8u171; JRockit: R28.3.18. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).",Released
20181218,CVE-2018-18245,4.7,5.4,1119832,nagios,https://www.suse.com/security/cve/CVE-2018-18245,"Nagios Core 4.4.2 has XSS via the alert summary reports of plugin results, as demonstrated by a SCRIPT element delivered by a modified check_load plugin to NRPE.",Released
20181218,CVE-2018-20184,3.3,6.5,1119822,ImageMagick,https://www.suse.com/security/cve/CVE-2018-20184,"In GraphicsMagick 1.4 snapshot-20181209 Q8, there is a heap-based buffer overflow in the WriteTGAImage function of tga.c, which allows attackers to cause a denial of service via a crafted image file, because the number of rows or columns can exceed the pixel-dimension restrictions of the TGA specification.",Affected
20181218,CVE-2018-20185,3.3,5.3,1119823,ImageMagick,https://www.suse.com/security/cve/CVE-2018-20185,"In GraphicsMagick 1.4 snapshot-20181209 Q8 on 32-bit platforms, there is a heap-based buffer over-read in the ReadBMPImage function of bmp.c, which allows attackers to cause a denial of service via a crafted bmp image file. This only affects GraphicsMagick installations with customized BMP limits.",Affected
20181220,CVE-2018-15126,9.8,9.8,1120114,LibVNCServer,https://www.suse.com/security/cve/CVE-2018-15126,"LibVNC before commit 73cb96fec028a576a5a24417b57723b55854ad7b contains heap use-after-free vulnerability in server code of file transfer extension that can result remote code execution",Released
20181220,CVE-2018-15127,9.8,9.8,1120117,LibVNCServer,https://www.suse.com/security/cve/CVE-2018-15127,"LibVNC before commit 502821828ed00b4a2c4bef90683d0fd88ce495de contains heap out-of-bound write vulnerability in server code of file transfer extension that can result remote code execution",Released
20181220,CVE-2018-20019,8.8,9.8,1120118,LibVNCServer,https://www.suse.com/security/cve/CVE-2018-20019,"LibVNC before commit a83439b9fbe0f03c48eb94ed05729cb016f8b72f contains multiple heap out-of-bound write vulnerabilities in VNC client code that can result remote code execution",Released
20181220,CVE-2018-20020,8.8,9.8,1120116,LibVNCServer,https://www.suse.com/security/cve/CVE-2018-20020,"LibVNC before commit 7b1ef0ffc4815cab9a96c7278394152bdc89dc4d contains heap out-of-bound write vulnerability inside structure in VNC client code that can result remote code execution",Released
20181220,CVE-2018-20021,6.5,7.5,1120122,LibVNCServer,https://www.suse.com/security/cve/CVE-2018-20021,"LibVNC before commit c3115350eb8bb635d0fdb4dbbb0d0541f38ed19c contains a CWE-835: Infinite loop vulnerability in VNC client code. Vulnerability allows attacker to consume excessive amount of resources like CPU and RAM",Released
20181220,CVE-2018-20022,5.4,7.5,1120120,LibVNCServer,https://www.suse.com/security/cve/CVE-2018-20022,"LibVNC before 2f5b2ad1c6c99b1ac6482c95844a84d66bb52838 contains multiple weaknesses CWE-665: Improper Initialization vulnerability in VNC client code that allows attacker to read stack memory and can be abuse for information disclosure. Combined with another vulnerability, it can be used to leak stack memory layout and in bypassing ASLR",Released
20181220,CVE-2018-20024,6.5,7.5,1120121,LibVNCServer,https://www.suse.com/security/cve/CVE-2018-20024,"LibVNC before commit 4a21bbd097ef7c44bb000c3bd0907f96a10e4ce7 contains null pointer dereference in VNC client code that can result DoS.",Released
20181220,CVE-2018-6307,9.8,8.1,1120115,LibVNCServer,https://www.suse.com/security/cve/CVE-2018-6307,"LibVNC before commit ca2a5ac02fbbadd0a21fabba779c1ea69173d10b contains heap use-after-free vulnerability in server code of file transfer extension that can result remote code execution.",Released
20181224,CVE-2018-1000845,5.3,,1120281,avahi,https://www.suse.com/security/cve/CVE-2018-1000845,"** REJECT **  DO NOT USE THIS CANDIDATE NUMBER.  ConsultID: CVE-2017-6519.  Reason: This candidate is a duplicate of CVE-2017-6519.  Notes: All CVE users should reference CVE-2017-6519 instead of this candidate.  All references and descriptions in this candidate have been removed to prevent accidental usage.",Released
20181227,CVE-2018-20346,7,8.1,1119687,sqlite3,https://www.suse.com/security/cve/CVE-2018-20346,"SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries that occur after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases), aka Magellan.",Released
20181228,CVE-2018-20467,3.3,6.5,1120381,ImageMagick,https://www.suse.com/security/cve/CVE-2018-20467,"In coders/bmp.c in ImageMagick before 7.0.8-16, an input file can result in an infinite loop and hang, with high CPU and memory consumption. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted file.",Released
20181228,CVE-2018-20511,3.3,5.5,1120388,kernel-source,https://www.suse.com/security/cve/CVE-2018-20511,"An issue was discovered in the Linux kernel before 4.18.11. The ipddp_ioctl function in drivers/net/appletalk/ipddp.c allows local users to obtain sensitive kernel address information by leveraging CAP_NET_ADMIN to read the ipddp_route dev and next fields via an SIOCFINDIPDDPRT ioctl call.",Unsupported
20190102,CVE-2018-20481,3.3,6.5,1120495,poppler,https://www.suse.com/security/cve/CVE-2018-20481,"XRef::getEntry in XRef.cc in Poppler 0.72.0 mishandles unallocated XRef entries, which allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted PDF document, when XRefEntry::setFlag in XRef.h is called from Parser::makeStream in Parser.cc.",Affected
20190102,CVE-2018-20544,4,6.5,1120502,libcaca,https://www.suse.com/security/cve/CVE-2018-20544,"There is floating point exception at caca/dither.c (function caca_dither_bitmap) in libcaca 0.99.beta19.",Affected
20190102,CVE-2018-20546,4,8.1,1120503,libcaca,https://www.suse.com/security/cve/CVE-2018-20546,"There is an illegal READ memory access at caca/dither.c (function get_rgba_default) in libcaca 0.99.beta19 for the default bpp case.",Affected
20190102,CVE-2018-20547,5.1,8.1,1120503,libcaca,https://www.suse.com/security/cve/CVE-2018-20547,"There is an illegal READ memory access at caca/dither.c (function get_rgba_default) in libcaca 0.99.beta19 for 24bpp data.",Affected
20190103,CVE-2018-1000876,5.3,7.8,1120640,binutils,https://www.suse.com/security/cve/CVE-2018-1000876,"binutils version 2.32 and earlier contains a Integer Overflow vulnerability in objdump, bfd_get_dynamic_reloc_upper_bound,bfd_canonicalize_dynamic_reloc that can result in Integer overflow trigger heap overflow. Successful exploitation allows execution of arbitrary code.. This attack appear to be exploitable via Local. This vulnerability appears to have been fixed in after commit 3a551c7a1b80fca579461774860574eabfd7f18f.",Unsupported
20190103,CVE-2018-20406,2.9,7.5,1120644,python,https://www.suse.com/security/cve/CVE-2018-20406,"Modules/_pickle.c in Python before 3.7.1 has an integer overflow via a large LONG_BINPUT value that is mishandled during a \"resize to twice the size\" attempt. This issue might cause memory exhaustion, but is only relevant if the pickle format is used for serializing tens or hundreds of gigabytes of data. This issue is fixed in: v3.4.10, v3.4.10rc1; v3.5.10, v3.5.10rc1, v3.5.7, v3.5.7rc1, v3.5.8, v3.5.8rc1, v3.5.8rc2, v3.5.9; v3.6.10, v3.6.10rc1, v3.6.11, v3.6.11rc1, v3.6.12, v3.6.7, v3.6.7rc1, v3.6.7rc2, v3.6.8, v3.6.8rc1, v3.6.9, v3.6.9rc1; v3.7.1, v3.7.1rc1, v3.7.1rc2, v3.7.2, v3.7.2rc1, v3.7.3, v3.7.3rc1, v3.7.4, v3.7.4rc1, v3.7.4rc2, v3.7.5, v3.7.5rc1, v3.7.6, v3.7.6rc1, v3.7.7, v3.7.7rc1, v3.7.8, v3.7.8rc1, v3.7.9.",Unsupported
20190103,CVE-2018-20482,5.5,4.7,1120610,tar,https://www.suse.com/security/cve/CVE-2018-20482,"GNU Tar through 1.30, when --sparse is used, mishandles file shrinkage during read access, which allows local users to cause a denial of service (infinite read loop in sparse_dump_region in sparse.c) by modifying a file that is supposed to be archived by a different user's process (e.g., a system backup running as root).",Released
20190103,CVE-2018-20545,4,8.8,1120470,libcaca,https://www.suse.com/security/cve/CVE-2018-20545,"There is an illegal WRITE memory access at common-image.c (function load_image) in libcaca 0.99.beta19 for 4bpp data.",Affected
20190103,CVE-2018-20548,4,8.8,1120470,libcaca,https://www.suse.com/security/cve/CVE-2018-20548,"There is an illegal WRITE memory access at common-image.c (function load_image) in libcaca 0.99.beta19 for 1bpp data.",Affected
20190104,CVE-2018-19985,4,4.6,1120743,kernel-source,https://www.suse.com/security/cve/CVE-2018-19985,"The function hso_get_config_data in drivers/net/usb/hso.c in the Linux kernel through 4.19.8 reads if_num from the USB device (as a u8) and uses it to index a small array, resulting in an object out-of-bounds (OOB) read that potentially allows arbitrary read in the kernel address space.",Released
20190104,CVE-2018-20570,4,6.5,1120807,jasper,https://www.suse.com/security/cve/CVE-2018-20570,"jp2_encode in jp2/jp2_enc.c in JasPer 2.0.14 has a heap-based buffer over-read.",Released
20190104,CVE-2018-20622,4,6.5,1115637,jasper,https://www.suse.com/security/cve/CVE-2018-20622,"JasPer 2.0.14 has a memory leak in base/jas_malloc.c in libjasper.a when \"--output-format jp2\" is used.",Released
20190104,CVE-2019-3459,2.6,6.5,1120758,kernel-source,https://www.suse.com/security/cve/CVE-2019-3459,"A heap address information leak while using L2CAP_GET_CONF_OPT was discovered in the Linux kernel before 5.1-rc1.",Released
20190104,CVE-2019-3460,2.6,6.5,1120758,kernel-source,https://www.suse.com/security/cve/CVE-2019-3460,"A heap data infoleak in multiple locations including L2CAP_PARSE_CONF_RSP was found in the Linux kernel before 5.1-rc1.",Released
20190107,CVE-2018-19840,3.3,5.5,1120930,wavpack,https://www.suse.com/security/cve/CVE-2018-19840,"The function WavpackPackInit in pack_utils.c in libwavpack.a in WavPack through 5.1.0 allows attackers to cause a denial-of-service (resource exhaustion caused by an infinite loop) via a crafted wav audio file because WavpackSetConfiguration64 mishandles a sample rate of zero.",Released
20190107,CVE-2018-20030,3.3,7.5,1120943,libexif,https://www.suse.com/security/cve/CVE-2018-20030,"An error when processing the EXIF_IFD_INTEROPERABILITY and EXIF_IFD_EXIF tags within libexif version 0.6.21 can be exploited to exhaust available CPU resources.",Released
20190107,CVE-2019-5489,5.6,5.5,1120843,kernel-source,https://www.suse.com/security/cve/CVE-2019-5489,"The mincore() implementation in mm/mincore.c in the Linux kernel through 4.19.13 allowed local attackers to observe page cache access patterns of other processes on the same system, potentially allowing sniffing of secret information. (Fixing this affects the output of the fincore program.) Limited remote exploitation may be possible, as demonstrated by latency differences in accessing public files from an Apache HTTP Server.",Released
20190108,CVE-2018-20623,5.9,5.5,1121035,binutils,https://www.suse.com/security/cve/CVE-2018-20623,"In GNU Binutils 2.31.1, there is a use-after-free in the error function in elfcomm.c when called from the process_archive function in readelf.c via a crafted ELF file.",Unsupported
20190108,CVE-2018-20651,4,5.5,1121034,binutils,https://www.suse.com/security/cve/CVE-2018-20651,"A NULL pointer dereference was discovered in elf_link_add_object_symbols in elflink.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31.1. This occurs for a crafted ET_DYN with no program headers. A specially crafted ELF file allows remote attackers to cause a denial of service, as demonstrated by ld.",Unsupported
20190108,CVE-2018-20657,4,7.5,1121033,binutils,https://www.suse.com/security/cve/CVE-2018-20657,"The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, has a memory leak via a crafted string, leading to a denial of service (memory consumption), as demonstrated by cxxfilt, a related issue to CVE-2018-12698.",Unsupported
20190110,CVE-2018-20673,5.3,5.5,1121386,binutils,https://www.suse.com/security/cve/CVE-2018-20673,"The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, contains an integer overflow vulnerability (for \"Create an array for saving the template argument values\") that can trigger a heap-based buffer overflow, as demonstrated by nm.",Unsupported
20190111,CVE-2018-20685,7.3,5.3,1121571,openssh,https://www.suse.com/security/cve/CVE-2018-20685,"In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side.",Released
20190111,CVE-2019-6128,3.3,8.8,1121626,tiff,https://www.suse.com/security/cve/CVE-2019-6128,"The TIFFFdOpen function in tif_unix.c in LibTIFF 4.0.10 has a memory leak, as demonstrated by pal2rgb.",Released
20190114,CVE-2019-3811,4.1,5.2,1121759,sssd,https://www.suse.com/security/cve/CVE-2019-3811,"A vulnerability was found in sssd. If a user was configured with no home directory set, sssd would return '/' (the root directory) instead of '' (the empty string / no home directory). This could impact services that restrict the user's filesystem access to within their home directory through chroot() etc. All versions before 2.1 are vulnerable.",Ignore
20190114,CVE-2019-6109,4.6,6.8,1121571,openssh,https://www.suse.com/security/cve/CVE-2019-6109,"An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicious server (or Man-in-The-Middle attacker) can employ crafted object names to manipulate the client output, e.g., by using ANSI control codes to hide additional files being transferred. This affects refresh_progress_meter() in progressmeter.c.",Released
20190114,CVE-2019-6110,4.6,6.8,1121571,openssh,https://www.suse.com/security/cve/CVE-2019-6110,"In OpenSSH 7.9, due to accepting and displaying arbitrary stderr output from the server, a malicious server (or Man-in-The-Middle attacker) can manipulate the client output, for example to use ANSI control codes to hide additional files being transferred.",Released
20190114,CVE-2019-6111,4.8,5.9,1121571,openssh-askpass-gnome,https://www.suse.com/security/cve/CVE-2019-6111,"An issue was discovered in OpenSSH 7.9. Due to the scp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the scp client only performs cursory validation of the object name returned (only directory traversal attacks are prevented). A malicious scp server (or Man-in-The-Middle attacker) can overwrite arbitrary files in the scp client target directory. If recursive operation (-r) is performed, the server can manipulate subdirectories as well (for example, to overwrite the .ssh/authorized_keys file).",Released
20190114,CVE-2019-6111,4.8,5.9,1121571,openssh,https://www.suse.com/security/cve/CVE-2019-6111,"An issue was discovered in OpenSSH 7.9. Due to the scp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the scp client only performs cursory validation of the object name returned (only directory traversal attacks are prevented). A malicious scp server (or Man-in-The-Middle attacker) can overwrite arbitrary files in the scp client target directory. If recursive operation (-r) is performed, the server can manipulate subdirectories as well (for example, to overwrite the .ssh/authorized_keys file).",Released
20190114,CVE-2019-6133,6.7,6.7,1070943,kernel-source,https://www.suse.com/security/cve/CVE-2019-6133,"In PolicyKit (aka polkit) 0.115, the \"start time\" protection mechanism can be bypassed because fork() is not atomic, and therefore authorization decisions are improperly cached. This is related to lack of uid checking in polkitbackend/polkitbackendinteractiveauthority.c.",Released
20190115,CVE-2018-20712,3.3,6.5,1121990,binutils,https://www.suse.com/security/cve/CVE-2018-20712,"A heap-based buffer over-read exists in the function d_expression_1 in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31.1. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by c++filt.",Unsupported
20190115,CVE-2019-6293,5.3,5.5,1122028,flex,https://www.suse.com/security/cve/CVE-2019-6293,"An issue was discovered in the function mark_beginning_as_normal in nfa.c in flex 2.6.4. There is a stack exhaustion problem caused by the mark_beginning_as_normal function making recursive calls to itself in certain scenarios involving lots of '*' characters. Remote attackers could leverage this vulnerability to cause a denial-of-service.",Unsupported
20190116,CVE-2017-14991,5.5,5.5,1087082,kernel-source,https://www.suse.com/security/cve/CVE-2017-14991,"The sg_ioctl function in drivers/scsi/sg.c in the Linux kernel before 4.13.4 allows local users to obtain sensitive information from uninitialized kernel heap-memory locations via an SG_GET_REQUEST_TABLE ioctl call for /dev/sg0.",Analysis
20190116,CVE-2017-15010,5.3,7.5,1087082,kernel-source,https://www.suse.com/security/cve/CVE-2017-15010,"A ReDoS (regular expression denial of service) flaw was found in the tough-cookie module before 2.3.3 for Node.js. An attacker that is able to make an HTTP request using a specially crafted cookie may cause the application to consume an excessive amount of CPU.",Analysis
20190116,CVE-2019-5010,7.5,7.5,1122191,python,https://www.suse.com/security/cve/CVE-2019-5010,"An exploitable denial-of-service vulnerability exists in the X509 certificate parser of Python.org Python 2.7.11 / 3.6.6. A specially crafted X509 certificate can cause a NULL pointer dereference, resulting in a denial of service. An attacker can initiate or accept TLS connections using crafted certificates to trigger this vulnerability.",Unsupported
20190116,CVE-2019-6446,7.8,9.8,1122208,python-numpy,https://www.suse.com/security/cve/CVE-2019-6446,"** DISPUTED **   An issue was discovered in NumPy 1.16.0 and earlier. It uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object, as demonstrated by a numpy.load call. NOTE: third parties dispute this issue because it is  a behavior that might have legitimate applications in (for example)  loading serialized Python object arrays from trusted and authenticated  sources.",Released
20190117,CVE-2018-11212,3.3,6.5,1122299,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2018-11212,"An issue was discovered in libjpeg 9a and 9d. The alloc_sarray function in jmemmgr.c allows remote attackers to cause a denial of service (divide-by-zero error) via a crafted file.",Released
20190117,CVE-2018-11212,3.3,6.5,1122299,jpeg,https://www.suse.com/security/cve/CVE-2018-11212,"An issue was discovered in libjpeg 9a and 9d. The alloc_sarray function in jmemmgr.c allows remote attackers to cause a denial of service (divide-by-zero error) via a crafted file.",Released
20190117,CVE-2019-6462,3.3,6.5,1122321,cairo,https://www.suse.com/security/cve/CVE-2019-6462,"An issue was discovered in cairo 1.16.0. There is an infinite loop in the function _arc_error_normalized in the file cairo-arc.c, related to _arc_max_angle_for_tolerance_normalized.",Released
20190121,CVE-2019-3816,7.5,7.5,1122623,openwsman,https://www.suse.com/security/cve/CVE-2019-3816,"Openwsman, versions up to and including 2.6.9, are vulnerable to arbitrary file disclosure because the working directory of openwsmand daemon was set to root directory. A remote, unauthenticated attacker can exploit this vulnerability by sending a specially crafted HTTP request to openwsman server.",Released
20190122,CVE-2016-10739,4.5,5.3,1122729,glibc,https://www.suse.com/security/cve/CVE-2016-10739,"In the GNU C Library (aka glibc or libc6) through 2.28, the getaddrinfo function would successfully parse a string that contained an IPv4 address followed by whitespace and arbitrary characters, which could lead applications to incorrectly assume that it had parsed a valid string, without the possibility of embedded HTTP headers or other potentially dangerous substrings.",Released
20190122,CVE-2019-3813,8,7.5,1122706,spice,https://www.suse.com/security/cve/CVE-2019-3813,"Spice, versions 0.5.2 through 0.14.1, are vulnerable to an out-of-bounds read due to an off-by-one error in memslot_get_virt. This may lead to a denial of service, or, in the worst case, code-execution by unauthenticated attackers.",Released
20190122,CVE-2019-6502,4,7.5,1122756,opensc,https://www.suse.com/security/cve/CVE-2019-6502,"sc_context_create in ctx.c in libopensc in OpenSC 0.19.0 has a memory leak, as demonstrated by a call from eidenv.",Released
20190125,CVE-2019-6778,7.8,7.8,1123156,kvm,https://www.suse.com/security/cve/CVE-2019-6778,"In QEMU 3.0.0, tcp_emu in slirp/tcp_subr.c has a heap-based buffer overflow.",Released
20190125,CVE-2019-6778,7.8,7.8,1123156,xen,https://www.suse.com/security/cve/CVE-2019-6778,"In QEMU 3.0.0, tcp_emu in slirp/tcp_subr.c has a heap-based buffer overflow.",Released
20190128,CVE-2019-6977,6.5,8.8,1123354,php53,https://www.suse.com/security/cve/CVE-2019-6977,"gdImageColorMatch in gd_color_match.c in the GD Graphics Library (aka LibGD) 2.2.5, as used in the imagecolormatch function in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1, has a heap-based buffer overflow. This can be exploited by an attacker who is able to trigger imagecolormatch calls with crafted image data.",Released
20190129,CVE-2018-12433,-1,-1,1112959,clamav,https://www.suse.com/security/cve/CVE-2018-12433,"** DISPUTED ** cryptlib through 3.4.4 allows a memory-cache side-channel attack on DSA and ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover a key, the attacker needs access to either the local machine or a different virtual machine on the same physical host. NOTE: the vendor does not include side-channel attacks within its threat model.",Released
20190129,CVE-2019-6978,4.8,9.8,1123522,gd,https://www.suse.com/security/cve/CVE-2019-6978,"The GD Graphics Library (aka LibGD) 2.2.5 has a double free in the gdImage*Ptr() functions in gd_gif_out.c, gd_jpeg.c, and gd_wbmp.c. NOTE: PHP is unaffected.",Released
20190129,CVE-2019-6978,4.8,9.8,1123522,php53,https://www.suse.com/security/cve/CVE-2019-6978,"The GD Graphics Library (aka LibGD) 2.2.5 has a double free in the gdImage*Ptr() functions in gd_gif_out.c, gd_jpeg.c, and gd_wbmp.c. NOTE: PHP is unaffected.",Released
20190130,CVE-2019-7148,,6.5,1123687,elfutils,https://www.suse.com/security/cve/CVE-2019-7148,"An attempted excessive memory allocation was discovered in the function read_long_names in elf_begin.c in libelf in elfutils 0.174. Remote attackers could leverage this vulnerability to cause a denial-of-service via crafted elf input, which leads to an out-of-memory exception. NOTE: The maintainers believe this is not a real issue, but instead a \"warning caused by ASAN because the allocation is big. By setting ASAN_OPTIONS=allocator_may_return_null=1 and running the reproducer, nothing happens.\"",Ignore
20190130,CVE-2019-7150,3.3,5.5,1123685,elfutils,https://www.suse.com/security/cve/CVE-2019-7150,"An issue was discovered in elfutils 0.175. A segmentation fault can occur in the function elf64_xlatetom in libelf/elf32_xlatetom.c, due to dwfl_segment_report_module not checking whether the dyn data read from a core file is truncated. A crafted input can cause a program crash, leading to denial-of-service, as demonstrated by eu-stack.",Released
20190131,CVE-2017-18360,5.5,5.5,1123706,kernel-source,https://www.suse.com/security/cve/CVE-2017-18360,"In change_port_settings in drivers/usb/serial/io_ti.c in the Linux kernel before 4.11.3, local users could cause a denial of service by division-by-zero in the serial device layer by trying to set very high baud rates.",Released
20190131,CVE-2018-20748,8.8,9.8,1120118,LibVNCServer,https://www.suse.com/security/cve/CVE-2018-20748,"LibVNC before 0.9.12 contains multiple heap out-of-bounds write vulnerabilities in libvncclient/rfbproto.c. The fix for CVE-2018-20019 was incomplete.",Released
20190131,CVE-2018-20749,9.8,9.8,1120117,LibVNCServer,https://www.suse.com/security/cve/CVE-2018-20749,"LibVNC before 0.9.12 contains a heap out-of-bounds write vulnerability in libvncserver/rfbserver.c. The fix for CVE-2018-15127 was incomplete.",Released
20190131,CVE-2018-20750,9.8,9.8,1120117,LibVNCServer,https://www.suse.com/security/cve/CVE-2018-20750,"LibVNC through 0.9.12 contains a heap out-of-bounds write vulnerability in libvncserver/rfbserver.c. The fix for CVE-2018-15127 was incomplete.",Released
20190201,CVE-2016-10741,6.1,4.7,1114920,kernel-source,https://www.suse.com/security/cve/CVE-2016-10741,"In the Linux kernel before 4.9.3, fs/xfs/xfs_aops.c allows local users to cause a denial of service (system crash) because there is a race condition between direct and memory-mapped I/O (associated with a hole) that is handled with BUG_ON instead of an I/O failure.",Released
20190204,CVE-2019-7310,5.3,7.8,1124150,poppler,https://www.suse.com/security/cve/CVE-2019-7310,"In Poppler 0.73.0, a heap-based buffer over-read (due to an integer signedness error in the XRef::getEntry function in XRef.cc) allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document, as demonstrated by pdftocairo.",Unsupported
20190204,CVE-2019-7317,5.5,5.3,1124211,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2019-7317,"png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute.",Released
20190205,CVE-2019-7397,3.3,7.5,1124366,ImageMagick,https://www.suse.com/security/cve/CVE-2019-7397,"In ImageMagick before 7.0.8-25 and GraphicsMagick through 1.3.31, several memory leaks exist in WritePDFImage in coders/pdf.c.",Released
20190205,CVE-2019-7398,3.3,7.5,1124365,ImageMagick,https://www.suse.com/security/cve/CVE-2019-7398,"In ImageMagick before 7.0.8-25, a memory leak exists in WriteDIBImage in coders/dib.c.",Released
20190207,CVE-2018-18508,6.5,6.5,1124571,mozilla-nss,https://www.suse.com/security/cve/CVE-2018-18508,"In Network Security Services (NSS) before 3.36.7 and before 3.41.1, a malformed signature can cause a crash due to a null dereference, resulting in a Denial of Service.",Already fixed
20190207,CVE-2019-3825,6.2,6.4,1124628,gdm,https://www.suse.com/security/cve/CVE-2019-3825,"A vulnerability was discovered in gdm before 3.31.4. When timed login is enabled in configuration, an attacker could bypass the lock screen by selecting the timed login user and waiting for the timer to expire, at which time they would gain access to the logged-in user's session.",Ignore
20190208,CVE-2019-7222,2.8,5.5,1124735,kernel-source,https://www.suse.com/security/cve/CVE-2019-7222,"The KVM implementation in the Linux kernel through 4.20.5 has an Information Leak.",Released
20190208,CVE-2019-7572,-1,-1,1124806,SDL,https://www.suse.com/security/cve/CVE-2019-7572,"SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a buffer over-read in IMA_ADPCM_nibble in audio/SDL_wave.c.",Released
20190208,CVE-2019-7573,4.4,8.8,1124805,SDL,https://www.suse.com/security/cve/CVE-2019-7573,"SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (inside the wNumCoef loop).",Released
20190208,CVE-2019-7574,4.4,8.8,1124803,SDL,https://www.suse.com/security/cve/CVE-2019-7574,"SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in IMA_ADPCM_decode in audio/SDL_wave.c.",Released
20190208,CVE-2019-7575,5.3,8.8,1124802,SDL,https://www.suse.com/security/cve/CVE-2019-7575,"SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow in MS_ADPCM_decode in audio/SDL_wave.c.",Released
20190208,CVE-2019-7576,4.4,8.8,1124799,SDL,https://www.suse.com/security/cve/CVE-2019-7576,"SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (outside the wNumCoef loop).",Released
20190208,CVE-2019-7577,4.4,8.8,1124800,SDL,https://www.suse.com/security/cve/CVE-2019-7577,"SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a buffer over-read in SDL_LoadWAV_RW in audio/SDL_wave.c.",Released
20190208,CVE-2019-7635,4.4,8.1,1124827,SDL,https://www.suse.com/security/cve/CVE-2019-7635,"SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c.",Released
20190208,CVE-2019-7636,4.4,8.1,1124826,SDL,https://www.suse.com/security/cve/CVE-2019-7636,"SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in SDL_GetRGB in video/SDL_pixels.c.",Released
20190208,CVE-2019-7637,5.3,8.8,1124825,SDL,https://www.suse.com/security/cve/CVE-2019-7637,"SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow in SDL_FillRect in video/SDL_surface.c.",Released
20190208,CVE-2019-7638,4.4,8.8,1124824,SDL,https://www.suse.com/security/cve/CVE-2019-7638,"SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in Map1toN in video/SDL_pixels.c.",Released
20190211,CVE-2019-7665,3.3,5.5,1125007,elfutils,https://www.suse.com/security/cve/CVE-2019-7665,"In elfutils 0.175, a heap-based buffer over-read was discovered in the function elf32_xlatetom in elf32_xlatetom.c in libelf. A crafted ELF input can cause a segmentation fault leading to denial of service (program crash) because ebl_core_note does not reject malformed core file notes.",Released
20190212,CVE-2019-7578,5.1,8.1,1125099,SDL,https://www.suse.com/security/cve/CVE-2019-7578,"SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitIMA_ADPCM in audio/SDL_wave.c.",Released
20190213,CVE-2018-20781,4.4,7.8,1125261,gnome-keyring,https://www.suse.com/security/cve/CVE-2018-20781,"In pam/gkr-pam-module.c in GNOME Keyring before 3.27.2, the user's password is kept in a session-child process spawned from the LightDM daemon. This can expose the credential in cleartext.",Affected
20190218,CVE-2019-3833,7.5,7.5,1122623,openwsman,https://www.suse.com/security/cve/CVE-2019-3833,"Openwsman, versions up to and including 2.6.9, are vulnerable to infinite loop in process_connection() when parsing specially crafted HTTP requests. A remote, unauthenticated attacker can exploit this vulnerability by sending malicious HTTP request to cause denial of service to openwsman server.",Released
20190220,CVE-2018-5745,4.9,,1126068,bind,https://www.suse.com/security/cve/CVE-2018-5745,"\"managed-keys\" is a feature which allows a BIND resolver to automatically maintain the keys used by trust anchors which operators configure for use in DNSSEC validation. Due to an error in the managed-keys feature it is possible for a BIND server which uses managed-keys to exit due to an assertion failure if, during key rollover, a trust anchor's keys are replaced with keys which use an unsupported algorithm. Versions affected: BIND 9.9.0 -> 9.10.8-P1, 9.11.0 -> 9.11.5-P1, 9.12.0 -> 9.12.3-P1, and versions 9.9.3-S1 -> 9.11.5-S3 of BIND 9 Supported Preview Edition. Versions 9.13.0 -> 9.13.6 of the 9.13 development branch are also affected. Versions prior to BIND 9.9.0 have not been evaluated for vulnerability to CVE-2018-5745.",Released
20190220,CVE-2019-6465,5.3,5.3,1126069,bind,https://www.suse.com/security/cve/CVE-2019-6465,"Controls for zone transfers may not be properly applied to Dynamically Loadable Zones (DLZs) if the zones are writable Versions affected: BIND 9.9.0 -> 9.10.8-P1, 9.11.0 -> 9.11.5-P2, 9.12.0 -> 9.12.3-P2, and versions 9.9.3-S1 -> 9.11.5-S3 of BIND 9 Supported Preview Edition. Versions 9.13.0 -> 9.13.6 of the 9.13 development branch are also affected. Versions prior to BIND 9.9.0 have not been evaluated for vulnerability to CVE-2019-6465.",Released
20190225,CVE-2018-20783,5.3,7.5,1126713,php53,https://www.suse.com/security/cve/CVE-2018-20783,"In PHP before 5.6.39, 7.x before 7.0.33, 7.1.x before 7.1.25, and 7.2.x before 7.2.13, a buffer over-read in PHAR reading functions may allow an attacker to read allocated or unallocated memory past the actual data when trying to parse a .phar file. This is related to phar_parse_pharfile in ext/phar/phar.c.",Released
20190225,CVE-2019-9020,4.8,9.8,1126711,php53,https://www.suse.com/security/cve/CVE-2019-9020,"An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. Invalid input to the function xmlrpc_decode() can lead to an invalid memory access (heap out of bounds read or read after free). This is related to xml_elem_parse_buf in ext/xmlrpc/libxmlrpc/xml_element.c.",Released
20190225,CVE-2019-9021,3.3,9.8,1126713,php53,https://www.suse.com/security/cve/CVE-2019-9021,"An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. A heap-based buffer over-read in PHAR reading functions in the PHAR extension may allow an attacker to read allocated or unallocated memory past the actual data when trying to parse the file name, a different vulnerability than CVE-2018-20783. This is related to phar_detect_phar_fname_ext in ext/phar/phar.c.",Released
20190225,CVE-2019-9022,6.5,7.5,1126827,php53,https://www.suse.com/security/cve/CVE-2019-9022,"An issue was discovered in PHP 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.2. dns_get_record misparses a DNS response, which can allow a hostile DNS server to cause PHP to misuse memcpy, leading to read operations going past the buffer allocated for DNS data. This affects php_parserr in ext/standard/dns.c for DNS_CAA and DNS_ANY queries.",Unsupported
20190225,CVE-2019-9023,5.1,9.8,1126823,php53,https://www.suse.com/security/cve/CVE-2019-9023,"An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. A number of heap-based buffer over-read instances are present in mbstring regular expression functions when supplied with invalid multibyte data. These occur in ext/mbstring/oniguruma/regcomp.c, ext/mbstring/oniguruma/regexec.c, ext/mbstring/oniguruma/regparse.c, ext/mbstring/oniguruma/enc/unicode.c, and ext/mbstring/oniguruma/src/utf32_be.c when a multibyte regular expression pattern contains invalid multibyte sequences.",Released
20190225,CVE-2019-9024,5.3,7.5,1126821,php53,https://www.suse.com/security/cve/CVE-2019-9024,"An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. xmlrpc_decode() can allow a hostile XMLRPC server to cause PHP to read memory outside of allocated areas in base64_decode_xmlrpc in ext/xmlrpc/libxmlrpc/base64.c.",Released
20190225,CVE-2019-9074,6.2,5.5,1126831,binutils,https://www.suse.com/security/cve/CVE-2019-9074,"An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an out-of-bounds read leading to a SEGV in bfd_getl32 in libbfd.c, when called from pex64_get_runtime_function in pei-x86_64.c.",Unsupported
20190225,CVE-2019-9075,3.3,7.8,1071544,binutils,https://www.suse.com/security/cve/CVE-2019-9075,"An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is a heap-based buffer overflow in _bfd_archive_64_bit_slurp_armap in archive64.c.",Unsupported
20190225,CVE-2019-9076,5.5,5.5,1126828,binutils,https://www.suse.com/security/cve/CVE-2019-9076,"An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an attempted excessive memory allocation in elf_read_notes in elf.c.",Ignore
20190225,CVE-2019-9077,5.3,7.8,1126826,binutils,https://www.suse.com/security/cve/CVE-2019-9077,"An issue was discovered in GNU Binutils 2.32. It is a heap-based buffer overflow in process_mips_specific in readelf.c via a malformed MIPS option section.",Unsupported
20190226,CVE-2019-1559,4,5.9,1127080,openssl,https://www.suse.com/security/cve/CVE-2019-1559,"If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable \"non-stitched\" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q).",Released
20190226,CVE-2019-9070,,7.8,1126925,binutils,https://www.suse.com/security/cve/CVE-2019-9070,"An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. It is a heap-based buffer over-read in d_expression_1 in cp-demangle.c after many recursive calls.",Ignore
20190226,CVE-2019-9072,,5.5,1126928,binutils,https://www.suse.com/security/cve/CVE-2019-9072,"An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an attempted excessive memory allocation in setup_group in elf.c.",Ignore
20190226,CVE-2019-9073,3.3,5.5,1126924,binutils,https://www.suse.com/security/cve/CVE-2019-9073,"An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an attempted excessive memory allocation in _bfd_elf_slurp_version_tables in elf.c.",Ignore
20190227,CVE-2009-5155,4,7.5,1127223,glibc,https://www.suse.com/security/cve/CVE-2009-5155,"In the GNU C Library (aka glibc or libc6) before 2.28, parse_reg_exp in posix/regcomp.c misparses alternatives, which allows attackers to cause a denial of service (assertion failure and application exit) or trigger an incorrect result by attempting a regular-expression match.",Released
20190228,CVE-2018-20796,5.3,7.5,1127311,glibc,https://www.suse.com/security/cve/CVE-2018-20796,"In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(\227|)(\\1\\1|t1|\\\2537)+' in grep.",Won't fix
20190228,CVE-2019-9169,5.1,9.8,1127308,glibc,https://www.suse.com/security/cve/CVE-2019-9169,"In the GNU C Library (aka glibc or libc6) through 2.29, proceed_next_node in posix/regexec.c has a heap-based buffer over-read via an attempted case-insensitive regular-expression match.",Released
20190306,CVE-2019-9213,5.5,5.5,1128166,kernel-source,https://www.suse.com/security/cve/CVE-2019-9213,"In the Linux kernel before 4.20.14, expand_downwards in mm/mmap.c lacks a check for the mmap minimum address, which makes it easier for attackers to exploit kernel NULL pointer dereferences on non-SMAP platforms. This is related to a capability check for the wrong task.",Released
20190308,CVE-2018-14038,3.3,,1086786,binutils,https://www.suse.com/security/cve/CVE-2018-14038,"** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-7642. Reason: This candidate is a reservation duplicate of CVE-2018-7642. Notes: All CVE users should reference CVE-2018-7642 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.",Ignore
20190308,CVE-2019-8936,5.3,7.5,1128525,ntp,https://www.suse.com/security/cve/CVE-2019-8936,"NTP through 4.2.8p12 has a NULL Pointer Dereference.",Released
20190311,CVE-2018-14498,3.3,6.5,1128712,jpeg,https://www.suse.com/security/cve/CVE-2018-14498,"get_8bit_row in rdbmp.c in libjpeg-turbo through 1.5.90 and MozJPEG through 3.3.1 allows attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted 8-bit BMP in which one or more of the color indices is out of range for the number of palette entries.",Released
20190311,CVE-2019-3855,3.5,8.8,1128471,libssh2_org,https://www.suse.com/security/cve/CVE-2019-3855,"An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.",Released
20190311,CVE-2019-3856,3.5,8.8,1128472,libssh2_org,https://www.suse.com/security/cve/CVE-2019-3856,"An integer overflow flaw, which could lead to an out of bounds write, was discovered in libssh2 before 1.8.1 in the way keyboard prompt requests are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.",Released
20190311,CVE-2019-3857,3.5,8.8,1128474,libssh2_org,https://www.suse.com/security/cve/CVE-2019-3857,"An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit signal are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.",Released
20190311,CVE-2019-3858,4.6,9.1,1128476,libssh2_org,https://www.suse.com/security/cve/CVE-2019-3858,"An out of bounds read flaw was discovered in libssh2 before 1.8.1 when a specially crafted SFTP packet is received from the server. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.",Released
20190311,CVE-2019-3859,3.5,9.1,1128480,libssh2_org,https://www.suse.com/security/cve/CVE-2019-3859,"An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the _libssh2_packet_require and _libssh2_packet_requirev functions. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.",Released
20190311,CVE-2019-3860,3.5,9.1,1128481,libssh2_org,https://www.suse.com/security/cve/CVE-2019-3860,"An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SFTP packets with empty payloads are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.",Released
20190311,CVE-2019-3861,3.5,9.1,1128490,libssh2_org,https://www.suse.com/security/cve/CVE-2019-3861,"An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SSH packets with a padding length value greater than the packet length are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.",Released
20190311,CVE-2019-3862,3.5,9.1,1128492,libssh2_org,https://www.suse.com/security/cve/CVE-2019-3862,"An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit status message and no payload are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.",Released
20190311,CVE-2019-3863,3.5,8.8,1128493,libssh2_org,https://www.suse.com/security/cve/CVE-2019-3863,"A flaw was found in libssh2 before 1.8.1. A server could send a multiple keyboard interactive response messages whose total length are greater than unsigned char max characters. This value is used as an index to copy memory causing in an out of bounds memory write error.",Released
20190311,CVE-2019-7175,3.3,7.5,1128649,ImageMagick,https://www.suse.com/security/cve/CVE-2019-7175,"In ImageMagick before 7.0.8-25, some memory leaks exist in DecodeImage in coders/pcd.c.",Released
20190311,CVE-2019-9641,4.4,9.8,1128722,php53,https://www.suse.com/security/cve/CVE-2019-9641,"An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_TIFF.",Released
20190312,CVE-2016-1000031,9.8,9.8,1128963,jakarta-commons-fileupload,https://www.suse.com/security/cve/CVE-2016-1000031,"Apache Commons FileUpload before 1.3.3 DiskFileItem File Manipulation Remote Code Execution",Released
20190312,CVE-2019-9637,3.1,7.5,1128892,php53,https://www.suse.com/security/cve/CVE-2019-9637,"An issue was discovered in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. Due to the way rename() across filesystems is implemented, it is possible that file being renamed is briefly available with wrong permissions while the rename is ongoing, thus enabling unauthorized users to access the data.",Released
20190312,CVE-2019-9638,5.3,7.5,1128889,php53,https://www.suse.com/security/cve/CVE-2019-9638,"An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_MAKERNOTE because of mishandling the maker_note->offset relationship to value_len.",Released
20190312,CVE-2019-9639,3.3,7.5,1128887,php53,https://www.suse.com/security/cve/CVE-2019-9639,"An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_MAKERNOTE because of mishandling the data_len variable.",Released
20190312,CVE-2019-9640,3.3,7.5,1128883,php53,https://www.suse.com/security/cve/CVE-2019-9640,"An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an Invalid Read in exif_process_SOFn.",Released
20190312,CVE-2019-9675,5.3,8.1,1128886,php53,https://www.suse.com/security/cve/CVE-2019-9675,"** DISPUTED ** An issue was discovered in PHP 7.x before 7.1.27 and 7.3.x before 7.3.3. phar_tar_writeheaders_int in ext/phar/tar.c has a buffer overflow via a long link value. NOTE: The vendor indicates that the link value is used only when an archive contains a symlink, which currently cannot happen: \"This issue allows theoretical compromise of security, but a practical attack is usually impossible.\"",Released
20190312,CVE-2019-9704,3.3,5.5,1128937,cron,https://www.suse.com/security/cve/CVE-2019-9704,"Vixie Cron before the 3.0pl1-133 Debian package allows local users to cause a denial of service (daemon crash) via a large crontab file because the calloc return value is not checked.",Released
20190312,CVE-2019-9705,3.3,5.5,1128935,cron,https://www.suse.com/security/cve/CVE-2019-9705,"Vixie Cron before the 3.0pl1-133 Debian package allows local users to cause a denial of service (memory consumption) via a large crontab file because an unlimited number of lines is accepted.",Released
20190313,CVE-2019-9740,5.4,6.1,1129071,python,https://www.suse.com/security/cve/CVE-2019-9740,"An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n (specifically in the query string after a ? character) followed by an HTTP header or a Redis command. This is fixed in: v2.7.17, v2.7.17rc1, v2.7.18, v2.7.18rc1; v3.5.10, v3.5.10rc1, v3.5.8, v3.5.8rc1, v3.5.8rc2, v3.5.9; v3.6.10, v3.6.10rc1, v3.6.11, v3.6.11rc1, v3.6.12, v3.6.9, v3.6.9rc1; v3.7.4, v3.7.4rc1, v3.7.4rc2, v3.7.5, v3.7.5rc1, v3.7.6, v3.7.6rc1, v3.7.7, v3.7.7rc1, v3.7.8, v3.7.8rc1, v3.7.9.",Already fixed
20190314,CVE-2019-3835,8.8,5.5,1129180,ghostscript-library,https://www.suse.com/security/cve/CVE-2019-3835,"It was found that the superexec operator was available in the internal dictionary in ghostscript before 9.27. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER.",Affected
20190314,CVE-2019-3838,8.8,5.5,1018128,ghostscript-library,https://www.suse.com/security/cve/CVE-2019-3838,"It was found that the forceput operator could be extracted from the DefineResource method in ghostscript before 9.27. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER.",Released
20190314,CVE-2019-9631,3.3,9.8,1129202,poppler,https://www.suse.com/security/cve/CVE-2019-9631,"Poppler 0.74.0 has a heap-based buffer over-read in the CairoRescaleBox.cc downsample_row_box_filter function.",Affected
20190315,CVE-2019-9636,7.5,9.8,1129346,firefox-atk,https://www.suse.com/security/cve/CVE-2019-9636,"Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. The impact is: Information disclosure (credentials, cookies, etc. that are cached against a given hostname). The components are: urllib.parse.urlsplit, urllib.parse.urlparse. The attack vector is: A specially crafted URL could be incorrectly parsed to locate cookies or authentication data and send that information to a different host than when parsed correctly. This is fixed in: v2.7.17, v2.7.17rc1, v2.7.18, v2.7.18rc1; v3.5.10, v3.5.10rc1, v3.5.7, v3.5.8, v3.5.8rc1, v3.5.8rc2, v3.5.9; v3.6.10, v3.6.10rc1, v3.6.11, v3.6.11rc1, v3.6.12, v3.6.9, v3.6.9rc1; v3.7.3, v3.7.3rc1, v3.7.4, v3.7.4rc1, v3.7.4rc2, v3.7.5, v3.7.5rc1, v3.7.6, v3.7.6rc1, v3.7.7, v3.7.7rc1, v3.7.8, v3.7.8rc1, v3.7.9.",Released
20190315,CVE-2019-9636,7.5,9.8,1129346,firefox-cairo,https://www.suse.com/security/cve/CVE-2019-9636,"Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. The impact is: Information disclosure (credentials, cookies, etc. that are cached against a given hostname). The components are: urllib.parse.urlsplit, urllib.parse.urlparse. The attack vector is: A specially crafted URL could be incorrectly parsed to locate cookies or authentication data and send that information to a different host than when parsed correctly. This is fixed in: v2.7.17, v2.7.17rc1, v2.7.18, v2.7.18rc1; v3.5.10, v3.5.10rc1, v3.5.7, v3.5.8, v3.5.8rc1, v3.5.8rc2, v3.5.9; v3.6.10, v3.6.10rc1, v3.6.11, v3.6.11rc1, v3.6.12, v3.6.9, v3.6.9rc1; v3.7.3, v3.7.3rc1, v3.7.4, v3.7.4rc1, v3.7.4rc2, v3.7.5, v3.7.5rc1, v3.7.6, v3.7.6rc1, v3.7.7, v3.7.7rc1, v3.7.8, v3.7.8rc1, v3.7.9.",Released
20190315,CVE-2019-9636,7.5,9.8,1129346,firefox-gcc8,https://www.suse.com/security/cve/CVE-2019-9636,"Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. The impact is: Information disclosure (credentials, cookies, etc. that are cached against a given hostname). The components are: urllib.parse.urlsplit, urllib.parse.urlparse. The attack vector is: A specially crafted URL could be incorrectly parsed to locate cookies or authentication data and send that information to a different host than when parsed correctly. This is fixed in: v2.7.17, v2.7.17rc1, v2.7.18, v2.7.18rc1; v3.5.10, v3.5.10rc1, v3.5.7, v3.5.8, v3.5.8rc1, v3.5.8rc2, v3.5.9; v3.6.10, v3.6.10rc1, v3.6.11, v3.6.11rc1, v3.6.12, v3.6.9, v3.6.9rc1; v3.7.3, v3.7.3rc1, v3.7.4, v3.7.4rc1, v3.7.4rc2, v3.7.5, v3.7.5rc1, v3.7.6, v3.7.6rc1, v3.7.7, v3.7.7rc1, v3.7.8, v3.7.8rc1, v3.7.9.",Released
20190315,CVE-2019-9636,7.5,9.8,1129346,firefox-gdk-pixbuf,https://www.suse.com/security/cve/CVE-2019-9636,"Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. The impact is: Information disclosure (credentials, cookies, etc. that are cached against a given hostname). The components are: urllib.parse.urlsplit, urllib.parse.urlparse. The attack vector is: A specially crafted URL could be incorrectly parsed to locate cookies or authentication data and send that information to a different host than when parsed correctly. This is fixed in: v2.7.17, v2.7.17rc1, v2.7.18, v2.7.18rc1; v3.5.10, v3.5.10rc1, v3.5.7, v3.5.8, v3.5.8rc1, v3.5.8rc2, v3.5.9; v3.6.10, v3.6.10rc1, v3.6.11, v3.6.11rc1, v3.6.12, v3.6.9, v3.6.9rc1; v3.7.3, v3.7.3rc1, v3.7.4, v3.7.4rc1, v3.7.4rc2, v3.7.5, v3.7.5rc1, v3.7.6, v3.7.6rc1, v3.7.7, v3.7.7rc1, v3.7.8, v3.7.8rc1, v3.7.9.",Released
20190315,CVE-2019-9636,7.5,9.8,1129346,firefox-glib2,https://www.suse.com/security/cve/CVE-2019-9636,"Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. The impact is: Information disclosure (credentials, cookies, etc. that are cached against a given hostname). The components are: urllib.parse.urlsplit, urllib.parse.urlparse. The attack vector is: A specially crafted URL could be incorrectly parsed to locate cookies or authentication data and send that information to a different host than when parsed correctly. This is fixed in: v2.7.17, v2.7.17rc1, v2.7.18, v2.7.18rc1; v3.5.10, v3.5.10rc1, v3.5.7, v3.5.8, v3.5.8rc1, v3.5.8rc2, v3.5.9; v3.6.10, v3.6.10rc1, v3.6.11, v3.6.11rc1, v3.6.12, v3.6.9, v3.6.9rc1; v3.7.3, v3.7.3rc1, v3.7.4, v3.7.4rc1, v3.7.4rc2, v3.7.5, v3.7.5rc1, v3.7.6, v3.7.6rc1, v3.7.7, v3.7.7rc1, v3.7.8, v3.7.8rc1, v3.7.9.",Released
20190315,CVE-2019-9636,7.5,9.8,1129346,firefox-gtk3,https://www.suse.com/security/cve/CVE-2019-9636,"Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. The impact is: Information disclosure (credentials, cookies, etc. that are cached against a given hostname). The components are: urllib.parse.urlsplit, urllib.parse.urlparse. The attack vector is: A specially crafted URL could be incorrectly parsed to locate cookies or authentication data and send that information to a different host than when parsed correctly. This is fixed in: v2.7.17, v2.7.17rc1, v2.7.18, v2.7.18rc1; v3.5.10, v3.5.10rc1, v3.5.7, v3.5.8, v3.5.8rc1, v3.5.8rc2, v3.5.9; v3.6.10, v3.6.10rc1, v3.6.11, v3.6.11rc1, v3.6.12, v3.6.9, v3.6.9rc1; v3.7.3, v3.7.3rc1, v3.7.4, v3.7.4rc1, v3.7.4rc2, v3.7.5, v3.7.5rc1, v3.7.6, v3.7.6rc1, v3.7.7, v3.7.7rc1, v3.7.8, v3.7.8rc1, v3.7.9.",Released
20190315,CVE-2019-9636,7.5,9.8,1129346,firefox-harfbuzz,https://www.suse.com/security/cve/CVE-2019-9636,"Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. The impact is: Information disclosure (credentials, cookies, etc. that are cached against a given hostname). The components are: urllib.parse.urlsplit, urllib.parse.urlparse. The attack vector is: A specially crafted URL could be incorrectly parsed to locate cookies or authentication data and send that information to a different host than when parsed correctly. This is fixed in: v2.7.17, v2.7.17rc1, v2.7.18, v2.7.18rc1; v3.5.10, v3.5.10rc1, v3.5.7, v3.5.8, v3.5.8rc1, v3.5.8rc2, v3.5.9; v3.6.10, v3.6.10rc1, v3.6.11, v3.6.11rc1, v3.6.12, v3.6.9, v3.6.9rc1; v3.7.3, v3.7.3rc1, v3.7.4, v3.7.4rc1, v3.7.4rc2, v3.7.5, v3.7.5rc1, v3.7.6, v3.7.6rc1, v3.7.7, v3.7.7rc1, v3.7.8, v3.7.8rc1, v3.7.9.",Released
20190315,CVE-2019-9636,7.5,9.8,1129346,firefox-libffi-gcc5,https://www.suse.com/security/cve/CVE-2019-9636,"Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. The impact is: Information disclosure (credentials, cookies, etc. that are cached against a given hostname). The components are: urllib.parse.urlsplit, urllib.parse.urlparse. The attack vector is: A specially crafted URL could be incorrectly parsed to locate cookies or authentication data and send that information to a different host than when parsed correctly. This is fixed in: v2.7.17, v2.7.17rc1, v2.7.18, v2.7.18rc1; v3.5.10, v3.5.10rc1, v3.5.7, v3.5.8, v3.5.8rc1, v3.5.8rc2, v3.5.9; v3.6.10, v3.6.10rc1, v3.6.11, v3.6.11rc1, v3.6.12, v3.6.9, v3.6.9rc1; v3.7.3, v3.7.3rc1, v3.7.4, v3.7.4rc1, v3.7.4rc2, v3.7.5, v3.7.5rc1, v3.7.6, v3.7.6rc1, v3.7.7, v3.7.7rc1, v3.7.8, v3.7.8rc1, v3.7.9.",Released
20190315,CVE-2019-9636,7.5,9.8,1129346,firefox-libffi,https://www.suse.com/security/cve/CVE-2019-9636,"Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. The impact is: Information disclosure (credentials, cookies, etc. that are cached against a given hostname). The components are: urllib.parse.urlsplit, urllib.parse.urlparse. The attack vector is: A specially crafted URL could be incorrectly parsed to locate cookies or authentication data and send that information to a different host than when parsed correctly. This is fixed in: v2.7.17, v2.7.17rc1, v2.7.18, v2.7.18rc1; v3.5.10, v3.5.10rc1, v3.5.7, v3.5.8, v3.5.8rc1, v3.5.8rc2, v3.5.9; v3.6.10, v3.6.10rc1, v3.6.11, v3.6.11rc1, v3.6.12, v3.6.9, v3.6.9rc1; v3.7.3, v3.7.3rc1, v3.7.4, v3.7.4rc1, v3.7.4rc2, v3.7.5, v3.7.5rc1, v3.7.6, v3.7.6rc1, v3.7.7, v3.7.7rc1, v3.7.8, v3.7.8rc1, v3.7.9.",Released
20190315,CVE-2019-9636,7.5,9.8,1129346,firefox-pango,https://www.suse.com/security/cve/CVE-2019-9636,"Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. The impact is: Information disclosure (credentials, cookies, etc. that are cached against a given hostname). The components are: urllib.parse.urlsplit, urllib.parse.urlparse. The attack vector is: A specially crafted URL could be incorrectly parsed to locate cookies or authentication data and send that information to a different host than when parsed correctly. This is fixed in: v2.7.17, v2.7.17rc1, v2.7.18, v2.7.18rc1; v3.5.10, v3.5.10rc1, v3.5.7, v3.5.8, v3.5.8rc1, v3.5.8rc2, v3.5.9; v3.6.10, v3.6.10rc1, v3.6.11, v3.6.11rc1, v3.6.12, v3.6.9, v3.6.9rc1; v3.7.3, v3.7.3rc1, v3.7.4, v3.7.4rc1, v3.7.4rc2, v3.7.5, v3.7.5rc1, v3.7.6, v3.7.6rc1, v3.7.7, v3.7.7rc1, v3.7.8, v3.7.8rc1, v3.7.9.",Released
20190315,CVE-2019-9636,7.5,9.8,1129346,python,https://www.suse.com/security/cve/CVE-2019-9636,"Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. The impact is: Information disclosure (credentials, cookies, etc. that are cached against a given hostname). The components are: urllib.parse.urlsplit, urllib.parse.urlparse. The attack vector is: A specially crafted URL could be incorrectly parsed to locate cookies or authentication data and send that information to a different host than when parsed correctly. This is fixed in: v2.7.17, v2.7.17rc1, v2.7.18, v2.7.18rc1; v3.5.10, v3.5.10rc1, v3.5.7, v3.5.8, v3.5.8rc1, v3.5.8rc2, v3.5.9; v3.6.10, v3.6.10rc1, v3.6.11, v3.6.11rc1, v3.6.12, v3.6.9, v3.6.9rc1; v3.7.3, v3.7.3rc1, v3.7.4, v3.7.4rc1, v3.7.4rc2, v3.7.5, v3.7.5rc1, v3.7.6, v3.7.6rc1, v3.7.7, v3.7.7rc1, v3.7.8, v3.7.8rc1, v3.7.9.",Released
20190318,CVE-2019-9824,2.8,5.5,1118900,kvm,https://www.suse.com/security/cve/CVE-2019-9824,"tcp_emu in slirp/tcp_subr.c (aka slirp/src/tcp_subr.c) in QEMU 3.0.0 uses uninitialized data in an snprintf call, leading to Information disclosure.",Released
20190318,CVE-2019-9824,2.8,5.5,1118900,xen,https://www.suse.com/security/cve/CVE-2019-9824,"tcp_emu in slirp/tcp_subr.c (aka slirp/src/tcp_subr.c) in QEMU 3.0.0 uses uninitialized data in an snprintf call, leading to Information disclosure.",Released
20190320,CVE-2019-3874,5.1,6.5,1129898,kernel-source,https://www.suse.com/security/cve/CVE-2019-3874,"The SCTP socket buffer used by a userspace application is not accounted by the cgroups subsystem. An attacker can use this flaw to cause a denial of service attack. Kernel 3.10.x and 4.18.x branches are believed to be vulnerable.",Unsupported
20190322,CVE-2019-9903,3.3,6.5,1130229,poppler,https://www.suse.com/security/cve/CVE-2019-9903,"PDFDoc::markObject in PDFDoc.cc in Poppler 0.74.0 mishandles dict marking, leading to stack consumption in the function Dict::find() located at Dict.cc, which can (for example) be triggered by passing a crafted pdf file to the pdfunite binary.",Unsupported
20190325,CVE-2019-9956,4.4,8.8,1130330,ImageMagick,https://www.suse.com/security/cve/CVE-2019-9956,"In ImageMagick 7.0.8-35 Q16, there is a stack-based buffer overflow in the function PopHexPixel of coders/ps.c, which allows an attacker to cause a denial of service or code execution via a crafted image file.",Released
20190326,CVE-2019-9923,3.3,7.5,1130496,tar,https://www.suse.com/security/cve/CVE-2019-9923,"pax_decode_header in sparse.c in GNU Tar before 1.32 had a NULL pointer dereference when parsing certain archives that have malformed extended headers.",Released
20190327,CVE-2018-20815,7,9.8,1118900,kvm,https://www.suse.com/security/cve/CVE-2018-20815,"In QEMU 3.1.0, load_device_tree in device_tree.c calls the deprecated load_image function, which has a buffer overflow risk.",Released
20190327,CVE-2018-20815,7,9.8,1118900,xen,https://www.suse.com/security/cve/CVE-2018-20815,"In QEMU 3.1.0, load_device_tree in device_tree.c calls the deprecated load_image function, which has a buffer overflow risk.",Released
20190327,CVE-2019-1787,5.3,5.5,1130721,clamav,https://www.suse.com/security/cve/CVE-2019-1787,"A vulnerability in the Portable Document Format (PDF) scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and prior could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a lack of proper data handling mechanisms within the device buffer while indexing remaining file data on an affected device. An attacker could exploit this vulnerability by sending crafted PDF files to an affected device. A successful exploit could allow the attacker to cause a heap buffer out-of-bounds read condition, resulting in a crash that could result in a denial of service condition on an affected device.",Released
20190327,CVE-2019-1788,8.2,5.5,1130721,clamav,https://www.suse.com/security/cve/CVE-2019-1788,"A vulnerability in the Object Linking & Embedding (OLE2) file scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and prior could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a lack of proper input and validation checking mechanisms for OLE2 files sent an affected device. An attacker could exploit this vulnerability by sending malformed OLE2 files to the device running an affected version ClamAV Software. An exploit could allow the attacker to cause an out-of-bounds write condition, resulting in a crash that could result in a denial of service condition on an affected device.",Released
20190327,CVE-2019-1789,5.3,7.5,1130721,clamav,https://www.suse.com/security/cve/CVE-2019-1789,"ClamAV versions prior to 0.101.2 are susceptible to a denial of service (DoS) vulnerability. An out-of-bounds heap read condition may occur when scanning PE files. An example is Windows EXE and DLL files that have been packed using Aspack as a result of inadequate bound-checking.",Released
20190328,CVE-2019-9947,5.4,6.1,1130840,firefox-atk,https://www.suse.com/security/cve/CVE-2019-9947,"An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n (specifically in the path component of a URL that lacks a ? character) followed by an HTTP header or a Redis command. This is similar to the CVE-2019-9740 query string issue. This is fixed in: v2.7.17, v2.7.17rc1, v2.7.18, v2.7.18rc1; v3.5.10, v3.5.10rc1, v3.5.8, v3.5.8rc1, v3.5.8rc2, v3.5.9; v3.6.10, v3.6.10rc1, v3.6.11, v3.6.11rc1, v3.6.12, v3.6.9, v3.6.9rc1; v3.7.4, v3.7.4rc1, v3.7.4rc2, v3.7.5, v3.7.5rc1, v3.7.6, v3.7.6rc1, v3.7.7, v3.7.7rc1, v3.7.8, v3.7.8rc1, v3.7.9.",Released
20190328,CVE-2019-9947,5.4,6.1,1130840,firefox-cairo,https://www.suse.com/security/cve/CVE-2019-9947,"An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n (specifically in the path component of a URL that lacks a ? character) followed by an HTTP header or a Redis command. This is similar to the CVE-2019-9740 query string issue. This is fixed in: v2.7.17, v2.7.17rc1, v2.7.18, v2.7.18rc1; v3.5.10, v3.5.10rc1, v3.5.8, v3.5.8rc1, v3.5.8rc2, v3.5.9; v3.6.10, v3.6.10rc1, v3.6.11, v3.6.11rc1, v3.6.12, v3.6.9, v3.6.9rc1; v3.7.4, v3.7.4rc1, v3.7.4rc2, v3.7.5, v3.7.5rc1, v3.7.6, v3.7.6rc1, v3.7.7, v3.7.7rc1, v3.7.8, v3.7.8rc1, v3.7.9.",Released
20190328,CVE-2019-9947,5.4,6.1,1130840,firefox-gcc8,https://www.suse.com/security/cve/CVE-2019-9947,"An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n (specifically in the path component of a URL that lacks a ? character) followed by an HTTP header or a Redis command. This is similar to the CVE-2019-9740 query string issue. This is fixed in: v2.7.17, v2.7.17rc1, v2.7.18, v2.7.18rc1; v3.5.10, v3.5.10rc1, v3.5.8, v3.5.8rc1, v3.5.8rc2, v3.5.9; v3.6.10, v3.6.10rc1, v3.6.11, v3.6.11rc1, v3.6.12, v3.6.9, v3.6.9rc1; v3.7.4, v3.7.4rc1, v3.7.4rc2, v3.7.5, v3.7.5rc1, v3.7.6, v3.7.6rc1, v3.7.7, v3.7.7rc1, v3.7.8, v3.7.8rc1, v3.7.9.",Released
20190328,CVE-2019-9947,5.4,6.1,1130840,firefox-gdk-pixbuf,https://www.suse.com/security/cve/CVE-2019-9947,"An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n (specifically in the path component of a URL that lacks a ? character) followed by an HTTP header or a Redis command. This is similar to the CVE-2019-9740 query string issue. This is fixed in: v2.7.17, v2.7.17rc1, v2.7.18, v2.7.18rc1; v3.5.10, v3.5.10rc1, v3.5.8, v3.5.8rc1, v3.5.8rc2, v3.5.9; v3.6.10, v3.6.10rc1, v3.6.11, v3.6.11rc1, v3.6.12, v3.6.9, v3.6.9rc1; v3.7.4, v3.7.4rc1, v3.7.4rc2, v3.7.5, v3.7.5rc1, v3.7.6, v3.7.6rc1, v3.7.7, v3.7.7rc1, v3.7.8, v3.7.8rc1, v3.7.9.",Released
20190328,CVE-2019-9947,5.4,6.1,1130840,firefox-glib2,https://www.suse.com/security/cve/CVE-2019-9947,"An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n (specifically in the path component of a URL that lacks a ? character) followed by an HTTP header or a Redis command. This is similar to the CVE-2019-9740 query string issue. This is fixed in: v2.7.17, v2.7.17rc1, v2.7.18, v2.7.18rc1; v3.5.10, v3.5.10rc1, v3.5.8, v3.5.8rc1, v3.5.8rc2, v3.5.9; v3.6.10, v3.6.10rc1, v3.6.11, v3.6.11rc1, v3.6.12, v3.6.9, v3.6.9rc1; v3.7.4, v3.7.4rc1, v3.7.4rc2, v3.7.5, v3.7.5rc1, v3.7.6, v3.7.6rc1, v3.7.7, v3.7.7rc1, v3.7.8, v3.7.8rc1, v3.7.9.",Released
20190328,CVE-2019-9947,5.4,6.1,1130840,firefox-gtk3,https://www.suse.com/security/cve/CVE-2019-9947,"An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n (specifically in the path component of a URL that lacks a ? character) followed by an HTTP header or a Redis command. This is similar to the CVE-2019-9740 query string issue. This is fixed in: v2.7.17, v2.7.17rc1, v2.7.18, v2.7.18rc1; v3.5.10, v3.5.10rc1, v3.5.8, v3.5.8rc1, v3.5.8rc2, v3.5.9; v3.6.10, v3.6.10rc1, v3.6.11, v3.6.11rc1, v3.6.12, v3.6.9, v3.6.9rc1; v3.7.4, v3.7.4rc1, v3.7.4rc2, v3.7.5, v3.7.5rc1, v3.7.6, v3.7.6rc1, v3.7.7, v3.7.7rc1, v3.7.8, v3.7.8rc1, v3.7.9.",Released
20190328,CVE-2019-9947,5.4,6.1,1130840,firefox-harfbuzz,https://www.suse.com/security/cve/CVE-2019-9947,"An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n (specifically in the path component of a URL that lacks a ? character) followed by an HTTP header or a Redis command. This is similar to the CVE-2019-9740 query string issue. This is fixed in: v2.7.17, v2.7.17rc1, v2.7.18, v2.7.18rc1; v3.5.10, v3.5.10rc1, v3.5.8, v3.5.8rc1, v3.5.8rc2, v3.5.9; v3.6.10, v3.6.10rc1, v3.6.11, v3.6.11rc1, v3.6.12, v3.6.9, v3.6.9rc1; v3.7.4, v3.7.4rc1, v3.7.4rc2, v3.7.5, v3.7.5rc1, v3.7.6, v3.7.6rc1, v3.7.7, v3.7.7rc1, v3.7.8, v3.7.8rc1, v3.7.9.",Released
20190328,CVE-2019-9947,5.4,6.1,1130840,firefox-libffi-gcc5,https://www.suse.com/security/cve/CVE-2019-9947,"An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n (specifically in the path component of a URL that lacks a ? character) followed by an HTTP header or a Redis command. This is similar to the CVE-2019-9740 query string issue. This is fixed in: v2.7.17, v2.7.17rc1, v2.7.18, v2.7.18rc1; v3.5.10, v3.5.10rc1, v3.5.8, v3.5.8rc1, v3.5.8rc2, v3.5.9; v3.6.10, v3.6.10rc1, v3.6.11, v3.6.11rc1, v3.6.12, v3.6.9, v3.6.9rc1; v3.7.4, v3.7.4rc1, v3.7.4rc2, v3.7.5, v3.7.5rc1, v3.7.6, v3.7.6rc1, v3.7.7, v3.7.7rc1, v3.7.8, v3.7.8rc1, v3.7.9.",Released
20190328,CVE-2019-9947,5.4,6.1,1130840,firefox-libffi,https://www.suse.com/security/cve/CVE-2019-9947,"An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n (specifically in the path component of a URL that lacks a ? character) followed by an HTTP header or a Redis command. This is similar to the CVE-2019-9740 query string issue. This is fixed in: v2.7.17, v2.7.17rc1, v2.7.18, v2.7.18rc1; v3.5.10, v3.5.10rc1, v3.5.8, v3.5.8rc1, v3.5.8rc2, v3.5.9; v3.6.10, v3.6.10rc1, v3.6.11, v3.6.11rc1, v3.6.12, v3.6.9, v3.6.9rc1; v3.7.4, v3.7.4rc1, v3.7.4rc2, v3.7.5, v3.7.5rc1, v3.7.6, v3.7.6rc1, v3.7.7, v3.7.7rc1, v3.7.8, v3.7.8rc1, v3.7.9.",Released
20190328,CVE-2019-9947,5.4,6.1,1130840,firefox-pango,https://www.suse.com/security/cve/CVE-2019-9947,"An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n (specifically in the path component of a URL that lacks a ? character) followed by an HTTP header or a Redis command. This is similar to the CVE-2019-9740 query string issue. This is fixed in: v2.7.17, v2.7.17rc1, v2.7.18, v2.7.18rc1; v3.5.10, v3.5.10rc1, v3.5.8, v3.5.8rc1, v3.5.8rc2, v3.5.9; v3.6.10, v3.6.10rc1, v3.6.11, v3.6.11rc1, v3.6.12, v3.6.9, v3.6.9rc1; v3.7.4, v3.7.4rc1, v3.7.4rc2, v3.7.5, v3.7.5rc1, v3.7.6, v3.7.6rc1, v3.7.7, v3.7.7rc1, v3.7.8, v3.7.8rc1, v3.7.9.",Released
20190328,CVE-2019-9947,5.4,6.1,1130840,python,https://www.suse.com/security/cve/CVE-2019-9947,"An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n (specifically in the path component of a URL that lacks a ? character) followed by an HTTP header or a Redis command. This is similar to the CVE-2019-9740 query string issue. This is fixed in: v2.7.17, v2.7.17rc1, v2.7.18, v2.7.18rc1; v3.5.10, v3.5.10rc1, v3.5.8, v3.5.8rc1, v3.5.8rc2, v3.5.9; v3.6.10, v3.6.10rc1, v3.6.11, v3.6.11rc1, v3.6.12, v3.6.9, v3.6.9rc1; v3.7.4, v3.7.4rc1, v3.7.4rc2, v3.7.5, v3.7.5rc1, v3.7.6, v3.7.6rc1, v3.7.7, v3.7.7rc1, v3.7.8, v3.7.8rc1, v3.7.9.",Released
20190328,CVE-2019-9948,3.3,9.1,1130847,python,https://www.suse.com/security/cve/CVE-2019-9948,"urllib in Python 2.x through 2.7.16 supports the local_file: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen('local_file:///etc/passwd') call.",Released
20190330,CVE-2019-3880,5.4,5.4,1131060,samba,https://www.suse.com/security/cve/CVE-2019-3880,"A flaw was found in the way samba implemented an RPC endpoint emulating the Windows registry service API. An unprivileged attacker could use this flaw to create a new registry hive file anywhere they have unix permissions which could lead to creation of a new file in the Samba share. Versions before 4.8.11, 4.9.6 and 4.10.2 are vulnerable.",Released
20190402,CVE-2019-0217,5.4,7.5,1131239,apache2,https://www.suse.com/security/cve/CVE-2019-0217,"In Apache HTTP Server 2.4 release 2.4.38 and prior, a race condition in mod_auth_digest when running in a threaded server could allow a user with valid credentials to authenticate using another username, bypassing configured access control restrictions.",Released
20190402,CVE-2019-0220,5.3,5.3,1131241,apache2,https://www.suse.com/security/cve/CVE-2019-0220,"A vulnerability was found in Apache HTTP Server 2.4.0 to 2.4.38. When the path component of a request URL contains multiple consecutive slashes ('/'), directives such as LocationMatch and RewriteRule must account for duplicates in regular expressions while other aspects of the servers processing will implicitly collapse them.",Released
20190402,CVE-2019-10650,4.4,8.1,1131317,ImageMagick,https://www.suse.com/security/cve/CVE-2019-10650,"In ImageMagick 7.0.8-36 Q16, there is a heap-based buffer over-read in the function WriteTIFFImage of coders/tiff.c, which allows an attacker to cause a denial of service or information disclosure via a crafted image file.",Released
20190402,CVE-2019-9193,8.8,7.2,1131315,postgresql94,https://www.suse.com/security/cve/CVE-2019-9193,"** DISPUTED ** In PostgreSQL 9.3 through 11.2, the \"COPY TO/FROM PROGRAM\" function allows superusers and users in the 'pg_execute_server_program' group to execute arbitrary code in the context of the database's operating system user. This functionality is enabled by default and can be abused to run arbitrary operating system commands on Windows, Linux, and macOS. NOTE: Third parties claim/state this is not an issue because PostgreSQL functionality for ‘COPY TO/FROM PROGRAM’ is acting as intended. References state that in PostgreSQL, a superuser can execute commands as the server user without using the ‘COPY FROM PROGRAM’.",Affected
20190403,CVE-2019-3837,6.1,6.1,1131430,kernel-bigmem,https://www.suse.com/security/cve/CVE-2019-3837,"It was found that the net_dma code in tcp_recvmsg() in the 2.6.32 kernel as shipped in RHEL6 is thread-unsafe. So an unprivileged multi-threaded userspace application calling recvmsg() for the same network socket in parallel executed on ioatdma-enabled hardware with net_dma enabled can leak the memory, crash the host leading to a denial-of-service or cause a random memory corruption.",Released
20190403,CVE-2019-3837,6.1,6.1,1131430,kernel-default,https://www.suse.com/security/cve/CVE-2019-3837,"It was found that the net_dma code in tcp_recvmsg() in the 2.6.32 kernel as shipped in RHEL6 is thread-unsafe. So an unprivileged multi-threaded userspace application calling recvmsg() for the same network socket in parallel executed on ioatdma-enabled hardware with net_dma enabled can leak the memory, crash the host leading to a denial-of-service or cause a random memory corruption.",Released
20190403,CVE-2019-3837,6.1,6.1,1131430,kernel-ec2,https://www.suse.com/security/cve/CVE-2019-3837,"It was found that the net_dma code in tcp_recvmsg() in the 2.6.32 kernel as shipped in RHEL6 is thread-unsafe. So an unprivileged multi-threaded userspace application calling recvmsg() for the same network socket in parallel executed on ioatdma-enabled hardware with net_dma enabled can leak the memory, crash the host leading to a denial-of-service or cause a random memory corruption.",Released
20190403,CVE-2019-3837,6.1,6.1,1131430,kernel-pae,https://www.suse.com/security/cve/CVE-2019-3837,"It was found that the net_dma code in tcp_recvmsg() in the 2.6.32 kernel as shipped in RHEL6 is thread-unsafe. So an unprivileged multi-threaded userspace application calling recvmsg() for the same network socket in parallel executed on ioatdma-enabled hardware with net_dma enabled can leak the memory, crash the host leading to a denial-of-service or cause a random memory corruption.",Released
20190403,CVE-2019-3837,6.1,6.1,1131430,kernel-ppc64,https://www.suse.com/security/cve/CVE-2019-3837,"It was found that the net_dma code in tcp_recvmsg() in the 2.6.32 kernel as shipped in RHEL6 is thread-unsafe. So an unprivileged multi-threaded userspace application calling recvmsg() for the same network socket in parallel executed on ioatdma-enabled hardware with net_dma enabled can leak the memory, crash the host leading to a denial-of-service or cause a random memory corruption.",Released
20190403,CVE-2019-3837,6.1,6.1,1131430,kernel-source,https://www.suse.com/security/cve/CVE-2019-3837,"It was found that the net_dma code in tcp_recvmsg() in the 2.6.32 kernel as shipped in RHEL6 is thread-unsafe. So an unprivileged multi-threaded userspace application calling recvmsg() for the same network socket in parallel executed on ioatdma-enabled hardware with net_dma enabled can leak the memory, crash the host leading to a denial-of-service or cause a random memory corruption.",Released
20190403,CVE-2019-3837,6.1,6.1,1131430,kernel-syms,https://www.suse.com/security/cve/CVE-2019-3837,"It was found that the net_dma code in tcp_recvmsg() in the 2.6.32 kernel as shipped in RHEL6 is thread-unsafe. So an unprivileged multi-threaded userspace application calling recvmsg() for the same network socket in parallel executed on ioatdma-enabled hardware with net_dma enabled can leak the memory, crash the host leading to a denial-of-service or cause a random memory corruption.",Released
20190403,CVE-2019-3837,6.1,6.1,1131430,kernel-trace,https://www.suse.com/security/cve/CVE-2019-3837,"It was found that the net_dma code in tcp_recvmsg() in the 2.6.32 kernel as shipped in RHEL6 is thread-unsafe. So an unprivileged multi-threaded userspace application calling recvmsg() for the same network socket in parallel executed on ioatdma-enabled hardware with net_dma enabled can leak the memory, crash the host leading to a denial-of-service or cause a random memory corruption.",Released
20190403,CVE-2019-3837,6.1,6.1,1131430,kernel-xen,https://www.suse.com/security/cve/CVE-2019-3837,"It was found that the net_dma code in tcp_recvmsg() in the 2.6.32 kernel as shipped in RHEL6 is thread-unsafe. So an unprivileged multi-threaded userspace application calling recvmsg() for the same network socket in parallel executed on ioatdma-enabled hardware with net_dma enabled can leak the memory, crash the host leading to a denial-of-service or cause a random memory corruption.",Released
20190404,CVE-2018-20506,7,8.1,1131560,sqlite3,https://www.suse.com/security/cve/CVE-2018-20506,"SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries in a \"merge\" operation that occurs after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases). This is a different vulnerability than CVE-2018-20346.",Already fixed
20190404,CVE-2018-4300,8.1,5.9,1131480,cups,https://www.suse.com/security/cve/CVE-2018-4300,"The session cookie generated by the CUPS web interface was easy to guess on Linux, allowing unauthorized scripted access to the web interface when the web interface is enabled. This issue affected versions prior to v2.2.10.",Already fixed
20190404,CVE-2019-3886,-1,-1,1131595,libvirt,https://www.suse.com/security/cve/CVE-2019-3886,"An incorrect permissions check was discovered in libvirt 4.8.0 and above. The readonly permission was allowed to invoke APIs depending on the guest agent, which could lead to potentially disclosing unintended information or denial of service by causing libvirt to block.",Released
20190405,CVE-2019-10871,4.4,6.5,1131696,poppler,https://www.suse.com/security/cve/CVE-2019-10871,"An issue was discovered in Poppler 0.74.0. There is a heap-based buffer over-read in the function PSOutputDev::checkPageSlice at PSOutputDev.cc.",Unsupported
20190405,CVE-2019-10872,4.4,8.8,1131722,poppler,https://www.suse.com/security/cve/CVE-2019-10872,"An issue was discovered in Poppler 0.74.0. There is a heap-based buffer over-read in the function Splash::blitTransparent at splash/Splash.cc.",Released
20190408,CVE-2018-10754,3.3,7.5,1131830,ncurses,https://www.suse.com/security/cve/CVE-2018-10754,"** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.",Released
20190410,CVE-2017-10989,3.6,9.8,1131919,sqlite3,https://www.suse.com/security/cve/CVE-2017-10989,"The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact.",Released
20190410,CVE-2019-11007,,8.1,1132060,ImageMagick,https://www.suse.com/security/cve/CVE-2019-11007,"In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer over-read in the ReadMNGImage function of coders/png.c, which allows attackers to cause a denial of service or information disclosure via an image colormap.",Released
20190410,CVE-2019-11009,4.4,8.1,1132053,ImageMagick,https://www.suse.com/security/cve/CVE-2019-11009,"In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer over-read in the function ReadXWDImage of coders/xwd.c, which allows attackers to cause a denial of service or information disclosure via a crafted image file.",Released
20190410,CVE-2019-11026,5.5,6.5,1132065,poppler,https://www.suse.com/security/cve/CVE-2019-11026,"FontInfoScanner::scanFonts in FontInfo.cc in Poppler 0.75.0 has infinite recursion, leading to a call to the error function in Error.cc.",Won't fix
20190411,CVE-2019-11068,6.6,9.8,1132160,libxslt,https://www.suse.com/security/cve/CVE-2019-11068,"libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL that is not actually invalid and is subsequently loaded.",Released
20190412,CVE-2019-11191,3.3,2.5,1131543,kernel-source,https://www.suse.com/security/cve/CVE-2019-11191,"** DISPUTED ** The Linux kernel through 5.0.7, when CONFIG_IA32_AOUT is enabled and ia32_aout is loaded, allows local users to bypass ASLR on setuid a.out programs (if any exist) because install_exec_creds() is called too late in load_aout_binary() in fs/binfmt_aout.c, and thus the ptrace_may_access() check has a race condition when reading /proc/pid/stat. NOTE: the software maintainer disputes that this is a vulnerability because ASLR for a.out format executables has never been supported.",Released
20190417,CVE-2019-2602,5.9,7.5,1132728,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2019-2602,"Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 7u211, 8u202, 11.0.2 and 12; Java SE Embedded: 8u201. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Java SE, Java SE Embedded. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).",Released
20190417,CVE-2019-2684,5.9,5.9,1132732,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2019-2684,"Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 7u211, 8u202, 11.0.2 and 12; Java SE Embedded: 8u201. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N).",Already fixed
20190418,CVE-2019-11034,4.8,9.1,1132838,php53,https://www.suse.com/security/cve/CVE-2019-11034,"When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.28, 7.2.x below 7.2.17 and 7.3.x below 7.3.4 can be caused to read past allocated buffer in exif_process_IFD_TAG function. This may lead to information disclosure or crash.",Released
20190418,CVE-2019-11035,4.8,9.1,1132837,php53,https://www.suse.com/security/cve/CVE-2019-11035,"When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.28, 7.2.x below 7.2.17 and 7.3.x below 7.3.4 can be caused to read past allocated buffer in exif_iif_add_value function. This may lead to information disclosure or crash.",Released
20190423,CVE-2015-3414,4.4,,1085790,sqlite3,https://www.suse.com/security/cve/CVE-2015-3414,"SQLite before 3.8.9 does not properly implement the dequoting of collation-sequence names, which allows context-dependent attackers to cause a denial of service (uninitialized memory access and application crash) or possibly have unspecified other impact via a crafted COLLATE clause, as demonstrated by COLLATE\"\"\"\"\"\"\"\" at the end of a SELECT statement.",Ignore
20190423,CVE-2016-10746,6.2,7.5,1133150,libvirt,https://www.suse.com/security/cve/CVE-2016-10746,"libvirt-domain.c in libvirt before 1.3.1 supports virDomainGetTime API calls by guest agents with an RO connection, even though an RW connection was supposed to be required, a different vulnerability than CVE-2019-3886.",Released
20190423,CVE-2016-10746,6.2,7.5,1133150,libvirt-python,https://www.suse.com/security/cve/CVE-2016-10746,"libvirt-domain.c in libvirt before 1.3.1 supports virDomainGetTime API calls by guest agents with an RO connection, even though an RW connection was supposed to be required, a different vulnerability than CVE-2019-3886.",Released
20190423,CVE-2019-11365,9.8,9.8,1133114,atftp,https://www.suse.com/security/cve/CVE-2019-11365,"An issue was discovered in atftpd in atftp 0.7.1. A remote attacker may send a crafted packet triggering a stack-based buffer overflow due to an insecurely implemented strncpy call. The vulnerability is triggered by sending an error packet of 3 bytes or fewer. There are multiple instances of this vulnerable strncpy pattern within the code base, specifically within tftpd_file.c, tftp_file.c, tftpd_mtftp.c, and tftp_mtftp.c.",Released
20190423,CVE-2019-11366,5.9,5.9,1133145,atftp,https://www.suse.com/security/cve/CVE-2019-11366,"An issue was discovered in atftpd in atftp 0.7.1. It does not lock the thread_list_mutex mutex before assigning the current thread data structure. As a result, the daemon is vulnerable to a denial of service attack due to a NULL pointer dereference. If thread_data is NULL when assigned to current, and modified by another thread before a certain tftpd_list.c check, there is a crash when dereferencing current->next.",Released
20190423,CVE-2019-11459,4.4,5.5,1133037,evince,https://www.suse.com/security/cve/CVE-2019-11459,"The tiff_document_render() and tiff_document_get_thumbnail() functions in the TIFF document backend in GNOME Evince through 3.32.0 did not handle errors from TIFFReadRGBAImageOriented(), leading to uninitialized memory use when processing certain TIFF image files.",Released
20190424,CVE-2018-5743,7.5,7.5,1133185,bind,https://www.suse.com/security/cve/CVE-2018-5743,"By design, BIND is intended to limit the number of TCP clients that can be connected at any given time. The number of allowed connections is a tunable parameter which, if unset, defaults to a conservative value for most servers. Unfortunately, the code which was intended to limit the number of simultaneous connections contained an error which could be exploited to grow the number of simultaneous connections beyond this limit. Versions affected: BIND 9.9.0 -> 9.10.8-P1, 9.11.0 -> 9.11.6, 9.12.0 -> 9.12.4, 9.14.0. BIND 9 Supported Preview Edition versions 9.9.3-S1 -> 9.11.5-S3, and 9.11.5-S5. Versions 9.13.0 -> 9.13.7 of the 9.13 development branch are also affected. Versions prior to BIND 9.9.0 have not been evaluated for vulnerability to CVE-2018-5743.",Released
20190424,CVE-2019-11470,5.5,6.5,1133205,ImageMagick,https://www.suse.com/security/cve/CVE-2019-11470,"The cineon parsing component in ImageMagick 7.0.8-26 Q16 allows attackers to cause a denial-of-service (uncontrolled resource consumption) by crafting a Cineon image with an incorrect claimed image size. This occurs because ReadCINImage in coders/cin.c lacks a check for insufficient image data in a file.",Released
20190424,CVE-2019-11472,5.5,6.5,1133202,ImageMagick,https://www.suse.com/security/cve/CVE-2019-11472,"ReadXWDImage in coders/xwd.c in the XWD image parsing component of ImageMagick 7.0.8-41 Q16 allows attackers to cause a denial-of-service (divide-by-zero error) by crafting an XWD image file in which the header indicates neither LSB first nor MSB first.",Released
20190424,CVE-2019-11486,7,7,1133188,kernel-source,https://www.suse.com/security/cve/CVE-2019-11486,"The Siemens R3964 line discipline driver in drivers/tty/n_r3964.c in the Linux kernel before 5.0.8 has multiple race conditions.",Released
20190424,CVE-2019-5805,-1,-1,1133313,libxslt,https://www.suse.com/security/cve/CVE-2019-5805,"Use-after-free in PDFium in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.",Ignore
20190424,CVE-2019-5815,,7.5,1133313,libxslt,https://www.suse.com/security/cve/CVE-2019-5815,"Type confusion in xsltNumberFormatGetMultipleLevel prior to libxslt 1.1.33 could allow attackers to potentially exploit heap corruption via crafted XML data.",Ignore
20190425,CVE-2019-3900,5.5,7.7,1133374,kernel-bigmem,https://www.suse.com/security/cve/CVE-2019-3900,"An infinite loop issue was found in the vhost_net kernel module in Linux Kernel up to and including v5.1-rc6, while handling incoming packets in handle_rx(). It could occur if one end sends packets faster than the other end can process them. A guest user, maybe remote one, could use this flaw to stall the vhost_net kernel thread, resulting in a DoS scenario.",Released
20190425,CVE-2019-3900,5.5,7.7,1133374,kernel-default,https://www.suse.com/security/cve/CVE-2019-3900,"An infinite loop issue was found in the vhost_net kernel module in Linux Kernel up to and including v5.1-rc6, while handling incoming packets in handle_rx(). It could occur if one end sends packets faster than the other end can process them. A guest user, maybe remote one, could use this flaw to stall the vhost_net kernel thread, resulting in a DoS scenario.",Released
20190425,CVE-2019-3900,5.5,7.7,1133374,kernel-ec2,https://www.suse.com/security/cve/CVE-2019-3900,"An infinite loop issue was found in the vhost_net kernel module in Linux Kernel up to and including v5.1-rc6, while handling incoming packets in handle_rx(). It could occur if one end sends packets faster than the other end can process them. A guest user, maybe remote one, could use this flaw to stall the vhost_net kernel thread, resulting in a DoS scenario.",Released
20190425,CVE-2019-3900,5.5,7.7,1133374,kernel-pae,https://www.suse.com/security/cve/CVE-2019-3900,"An infinite loop issue was found in the vhost_net kernel module in Linux Kernel up to and including v5.1-rc6, while handling incoming packets in handle_rx(). It could occur if one end sends packets faster than the other end can process them. A guest user, maybe remote one, could use this flaw to stall the vhost_net kernel thread, resulting in a DoS scenario.",Released
20190425,CVE-2019-3900,5.5,7.7,1133374,kernel-ppc64,https://www.suse.com/security/cve/CVE-2019-3900,"An infinite loop issue was found in the vhost_net kernel module in Linux Kernel up to and including v5.1-rc6, while handling incoming packets in handle_rx(). It could occur if one end sends packets faster than the other end can process them. A guest user, maybe remote one, could use this flaw to stall the vhost_net kernel thread, resulting in a DoS scenario.",Released
20190425,CVE-2019-3900,5.5,7.7,1133374,kernel-source,https://www.suse.com/security/cve/CVE-2019-3900,"An infinite loop issue was found in the vhost_net kernel module in Linux Kernel up to and including v5.1-rc6, while handling incoming packets in handle_rx(). It could occur if one end sends packets faster than the other end can process them. A guest user, maybe remote one, could use this flaw to stall the vhost_net kernel thread, resulting in a DoS scenario.",Released
20190425,CVE-2019-3900,5.5,7.7,1133374,kernel-syms,https://www.suse.com/security/cve/CVE-2019-3900,"An infinite loop issue was found in the vhost_net kernel module in Linux Kernel up to and including v5.1-rc6, while handling incoming packets in handle_rx(). It could occur if one end sends packets faster than the other end can process them. A guest user, maybe remote one, could use this flaw to stall the vhost_net kernel thread, resulting in a DoS scenario.",Released
20190425,CVE-2019-3900,5.5,7.7,1133374,kernel-trace,https://www.suse.com/security/cve/CVE-2019-3900,"An infinite loop issue was found in the vhost_net kernel module in Linux Kernel up to and including v5.1-rc6, while handling incoming packets in handle_rx(). It could occur if one end sends packets faster than the other end can process them. A guest user, maybe remote one, could use this flaw to stall the vhost_net kernel thread, resulting in a DoS scenario.",Released
20190425,CVE-2019-3900,5.5,7.7,1133374,kernel-xen,https://www.suse.com/security/cve/CVE-2019-3900,"An infinite loop issue was found in the vhost_net kernel module in Linux Kernel up to and including v5.1-rc6, while handling incoming packets in handle_rx(). It could occur if one end sends packets faster than the other end can process them. A guest user, maybe remote one, could use this flaw to stall the vhost_net kernel thread, resulting in a DoS scenario.",Released
20190425,CVE-2019-9928,8.8,8.8,1133375,gstreamer-0_10-plugins-base,https://www.suse.com/security/cve/CVE-2019-9928,"GStreamer before 1.16.0 has a heap-based buffer overflow in the RTSP connection parser via a crafted response from a server, potentially allowing remote code execution.",Released
20190426,CVE-2019-11505,7.8,8.8,1133501,ImageMagick,https://www.suse.com/security/cve/CVE-2019-11505,"In GraphicsMagick from version 1.3.8 to 1.4 snapshot-20190403 Q8, there is a heap-based buffer overflow in the function WritePDBImage of coders/pdb.c, which allows an attacker to cause a denial of service or possibly have unspecified other impact via a crafted image file. This is related to MagickBitStreamMSBWrite in magick/bit_stream.c.",Released
20190426,CVE-2019-11506,,8.8,1133498,ImageMagick,https://www.suse.com/security/cve/CVE-2019-11506,"In GraphicsMagick from version 1.3.30 to 1.4 snapshot-20190403 Q8, there is a heap-based buffer overflow in the function WriteMATLABImage of coders/mat.c, which allows an attacker to cause a denial of service or possibly have unspecified other impact via a crafted image file. This is related to ExportRedQuantumType in magick/export.c.",Released
20190430,CVE-2019-11599,6.1,7,1131645,kernel-source,https://www.suse.com/security/cve/CVE-2019-11599,"The coredump implementation in the Linux kernel before 5.0.10 does not use locking or other mechanisms to prevent vma layout or vma flags changes while it runs, which allows local users to obtain sensitive information, cause a denial of service, or possibly have unspecified other impact by triggering a race condition with mmget_not_zero or get_task_mm calls. This is related to fs/userfaultfd.c, mm/mmap.c, fs/proc/task_mmu.c, and drivers/infiniband/core/uverbs_main.c.",Ignore
20190503,CVE-2019-10131,5.1,7.1,1134075,ImageMagick,https://www.suse.com/security/cve/CVE-2019-10131,"An off-by-one read vulnerability was discovered in ImageMagick before version 7.0.7-28 in the formatIPTCfromBuffer function in coders/meta.c. A local attacker may use this flaw to read beyond the end of the buffer or to crash the program.",Released
20190503,CVE-2019-11091,6.5,5.6,1103186,kernel-source,https://www.suse.com/security/cve/CVE-2019-11091,"Microarchitectural Data Sampling Uncacheable Memory (MDSUM): Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf",Released
20190503,CVE-2019-11091,6.5,5.6,1103186,microcode_ctl,https://www.suse.com/security/cve/CVE-2019-11091,"Microarchitectural Data Sampling Uncacheable Memory (MDSUM): Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf",Released
20190506,CVE-2018-20510,,5.5,1134174,kernel-source,https://www.suse.com/security/cve/CVE-2018-20510,"The print_binder_transaction_ilocked function in drivers/android/binder.c in the Linux kernel 4.14.90 allows local users to obtain sensitive address information by reading \"*from *code *flags\" lines in a debugfs file.",Analysis
20190507,CVE-2019-11036,6.5,9.1,1134322,php53,https://www.suse.com/security/cve/CVE-2019-11036,"When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.29, 7.2.x below 7.2.18 and 7.3.x below 7.3.5 can be caused to read past allocated buffer in exif_process_IFD_TAG function. This may lead to information disclosure or crash.",Released
20190507,CVE-2019-2426,3.7,3.7,1134297,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2019-2426,"Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 7u201, 8u192 and 11.0.1; Java SE Embedded: 8u191. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).",Released
20190508,CVE-2018-20836,6.2,8.1,1134395,kernel-source,https://www.suse.com/security/cve/CVE-2018-20836,"An issue was discovered in the Linux kernel before 4.20. There is a race condition in smp_task_timedout() and smp_task_done() in drivers/scsi/libsas/sas_expander.c, leading to a use-after-free.",Released
20190508,CVE-2019-11810,3.9,7.5,1134399,kernel-source,https://www.suse.com/security/cve/CVE-2019-11810,"An issue was discovered in the Linux kernel before 5.0.7. A NULL pointer dereference can occur when megasas_create_frame_pool() fails in megasas_alloc_cmds() in drivers/scsi/megaraid/megaraid_sas_base.c. This causes a Denial of Service, related to a use-after-free.",Released
20190509,CVE-2012-5784,6.5,,1134598,axis,https://www.suse.com/security/cve/CVE-2012-5784,"Apache Axis 1.4 and earlier, as used in PayPal Payments Pro, PayPal Mass Pay, PayPal Transactional Information SOAP, the Java Message Service implementation in Apache ActiveMQ, and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.",Released
20190509,CVE-2014-3596,6.5,,1134598,axis,https://www.suse.com/security/cve/CVE-2014-3596,"The getCN function in Apache Axis 1.4 and earlier does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a certificate with a subject that specifies a common name in a field that is not the CN field. NOTE: this issue exists because of an incomplete fix for CVE-2012-5784.",Released
20190510,CVE-2019-10130,4.3,4.3,1134689,postgresql94,https://www.suse.com/security/cve/CVE-2019-10130,"A vulnerability was found in PostgreSQL versions 11.x up to excluding 11.3, 10.x up to excluding 10.8, 9.6.x up to, excluding 9.6.13, 9.5.x up to, excluding 9.5.17. PostgreSQL maintains column statistics for tables. Certain statistics, such as histograms and lists of most common values, contain values taken from the column. PostgreSQL does not evaluate row security policies before consulting those statistics during query planning; an attacker can exploit this to read the most common values of certain columns. Affected columns are those for which the attacker has SELECT privilege and for which, in an ordinary query, row-level security prunes the set of rows visible to the attacker.",Affected
20190513,CVE-2019-10245,6.5,7.5,1134718,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2019-10245,"In Eclipse OpenJ9 prior to the 0.14.0 release, the Java bytecode verifier incorrectly allows a method to execute past the end of bytecode array causing crashes. Eclipse OpenJ9 v0.14.0 correctly detects this case and rejects the attempted class load.",Affected
20190513,CVE-2019-11884,4,3.3,1134848,kernel-source,https://www.suse.com/security/cve/CVE-2019-11884,"The do_hidp_sock_ioctl function in net/bluetooth/hidp/sock.c in the Linux kernel before 5.0.15 allows a local user to obtain potentially sensitive information from kernel stack memory via a HIDPCONNADD command, because a name field may not end with a '\0' character.",Released
20190515,CVE-2016-4607,,9.8,1135231,libxslt,https://www.suse.com/security/cve/CVE-2016-4607,"libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4608, CVE-2016-4609, CVE-2016-4610, and CVE-2016-4612.",Ignore
20190515,CVE-2016-4608,,9.8,1135231,libxslt,https://www.suse.com/security/cve/CVE-2016-4608,"libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4607, CVE-2016-4609, CVE-2016-4610, and CVE-2016-4612.",Ignore
20190515,CVE-2016-4609,,9.8,1135231,libxslt,https://www.suse.com/security/cve/CVE-2016-4609,"libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4607, CVE-2016-4608, CVE-2016-4610, and CVE-2016-4612.",Ignore
20190515,CVE-2016-4610,,9.8,1135231,libxslt,https://www.suse.com/security/cve/CVE-2016-4610,"libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4607, CVE-2016-4608, CVE-2016-4609, and CVE-2016-4612.",Ignore
20190515,CVE-2016-4612,,9.8,1135231,libxslt,https://www.suse.com/security/cve/CVE-2016-4612,"** REJECT **  DO NOT USE THIS CANDIDATE NUMBER.  ConsultIDs: CVE-2016-1683.  Reason: This candidate is a reservation duplicate of CVE-2016-1683.  Notes: All CVE users should reference CVE-2016-1683 instead of this candidate.  All references and descriptions in this candidate have been removed to prevent accidental usage.",Ignore
20190515,CVE-2017-12805,3.3,7.5,1135236,ImageMagick,https://www.suse.com/security/cve/CVE-2017-12805,"In ImageMagick 7.0.6-6, a memory exhaustion vulnerability was found in the function ReadTIFFImage, which allows attackers to cause a denial of service.",Released
20190515,CVE-2017-12806,3.3,7.5,1135232,ImageMagick,https://www.suse.com/security/cve/CVE-2017-12806,"In ImageMagick 7.0.6-6, a memory exhaustion vulnerability was found in the function format8BIM, which allows attackers to cause a denial of service.",Released
20190515,CVE-2019-5436,7.1,7.8,1135170,curl,https://www.suse.com/security/cve/CVE-2019-5436,"A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1.",Released
20190516,CVE-2019-11833,5.5,5.5,1135281,kernel-source,https://www.suse.com/security/cve/CVE-2019-11833,"fs/ext4/extents.c in the Linux kernel through 5.1.2 does not zero out the unused memory region in the extent tree block, which might allow local users to obtain sensitive information by reading uninitialized data in the filesystem.",Ignore
20190522,CVE-2019-0155,7.8,7.8,1135966,xen,https://www.suse.com/security/cve/CVE-2019-0155,"Insufficient access control in a subsystem for Intel (R) processor graphics in 6th, 7th, 8th and 9th Generation Intel(R) Core(TM) Processor Families; Intel(R) Pentium(R) Processor J, N, Silver and Gold Series; Intel(R) Celeron(R) Processor J, N, G3900 and G4900 Series; Intel(R) Atom(R) Processor A and E3900 Series; Intel(R) Xeon(R) Processor E3-1500 v5 and v6, E-2100 and E-2200 Processor Families; Intel(R) Graphics Driver for Windows before 26.20.100.6813 (DCH) or 26.20.100.6812 and before 21.20.x.5077 (aka15.45.5077), i915 Linux Driver for Intel(R) Processor Graphics before versions 5.4-rc7, 5.3.11, 4.19.84, 4.14.154, 4.9.201, 4.4.201 may allow an authenticated user to potentially enable escalation of privilege via local access.",Released
20190522,CVE-2019-12155,3.8,7.5,1135902,kvm,https://www.suse.com/security/cve/CVE-2019-12155,"interface_release_resource in hw/display/qxl.c in QEMU 3.1.x through 4.0.0 has a NULL pointer dereference.",Released
20190522,CVE-2019-12155,3.8,7.5,1135902,xen,https://www.suse.com/security/cve/CVE-2019-12155,"interface_release_resource in hw/display/qxl.c in QEMU 3.1.x through 4.0.0 has a NULL pointer dereference.",Released
20190522,CVE-2019-12247,3.8,7.5,1135953,kvm,https://www.suse.com/security/cve/CVE-2019-12247,"** DISPUTED ** QEMU 3.0.0 has an Integer Overflow because the qga/commands*.c files do not check the length of the argument list or the number of environment variables. NOTE: This has been disputed as not exploitable.",Ignore
20190523,CVE-2019-0221,6.3,6.1,1136085,tomcat6,https://www.suse.com/security/cve/CVE-2019-0221,"The SSI printenv command in Apache Tomcat 9.0.0.M1 to 9.0.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 echoes user provided data without escaping and is, therefore, vulnerable to XSS. SSI is disabled by default. The printenv command is intended for debugging and is unlikely to be present in a production website.",Released
20190524,CVE-2019-10143,6.4,7,1136195,freeradius-server,https://www.suse.com/security/cve/CVE-2019-10143,"** DISPUTED ** It was discovered freeradius up to and including version 3.0.19 does not correctly configure logrotate, allowing a local attacker who already has control of the radiusd user to escalate his privileges to root, by tricking logrotate into writing a radiusd-writable file to a directory normally inaccessible by the radiusd user. NOTE: the upstream software maintainer has stated \"there is simply no way for anyone to gain privileges through this alleged issue.\"",Already fixed
20190527,CVE-2019-3846,7.5,8.8,1136424,kernel-source,https://www.suse.com/security/cve/CVE-2019-3846,"A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network.",Released
20190528,CVE-2019-12360,4.4,7.1,1136620,poppler,https://www.suse.com/security/cve/CVE-2019-12360,"A stack-based buffer over-read exists in FoFiTrueType::dumpString in fofi/FoFiTrueType.cc in Xpdf 4.01.01. It can, for example, be triggered by sending crafted TrueType data in a PDF document to the pdftops tool. It might allow an attacker to cause Denial of Service or leak memory data into dump content.",Unsupported
20190528,CVE-2019-12379,3.3,5.5,1136602,kernel-source,https://www.suse.com/security/cve/CVE-2019-12379,"** DISPUTED ** An issue was discovered in con_insert_unipair in drivers/tty/vt/consolemap.c in the Linux kernel through 5.1.5. There is a memory leak in a certain case of an ENOMEM outcome of kmalloc. NOTE: This id is disputed as not being an issue.",Ignore
20190528,CVE-2019-12382,2.5,5.5,1136586,kernel-source,https://www.suse.com/security/cve/CVE-2019-12382,"** DISPUTED ** An issue was discovered in drm_load_edid_firmware in drivers/gpu/drm/drm_edid_load.c in the Linux kernel through 5.1.5. There is an unchecked kstrdup of fwstr, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash). NOTE: The vendor disputes this issues as not being a vulnerability because kstrdup() returning NULL is handled sufficiently and there is no chance for a NULL pointer dereference.",Unsupported
20190529,CVE-2015-3415,6.7,,1190372,sqlite3,https://www.suse.com/security/cve/CVE-2015-3415,"The sqlite3VdbeExec function in vdbe.c in SQLite before 3.8.9 does not properly implement comparison operators, which allows context-dependent attackers to cause a denial of service (invalid free operation) or possibly have unspecified other impact via a crafted CHECK clause, as demonstrated by CHECK(0&O>O) in a CREATE TABLE statement.",Ignore
20190529,CVE-2019-11598,5.1,8.1,1136732,ImageMagick,https://www.suse.com/security/cve/CVE-2019-11598,"In ImageMagick 7.0.8-40 Q16, there is a heap-based buffer over-read in the function WritePNMImage of coders/pnm.c, which allows an attacker to cause a denial of service or possibly information disclosure via a crafted image file. This is related to SetGrayscaleImage in MagickCore/quantize.c.",Released
20190531,CVE-2019-12450,8.1,9.8,1137001,glib2,https://www.suse.com/security/cve/CVE-2019-12450,"file_copy_fallback in gio/gfile.c in GNOME GLib 2.15.0 through 2.61.1 does not properly restrict file permissions while a copy operation is in progress. Instead, default permissions are used.",Released
20190531,CVE-2019-12456,7.8,7.8,1136922,kernel-source,https://www.suse.com/security/cve/CVE-2019-12456,"** DISPUTED ** An issue was discovered in the MPT3COMMAND case in _ctl_ioctl_main in drivers/scsi/mpt3sas/mpt3sas_ctl.c in the Linux kernel through 5.1.5. It allows local users to cause a denial of service or possibly have unspecified other impact by changing the value of ioc_number between two kernel reads of that value, aka a \"double fetch\" vulnerability. NOTE: a third party reports that this is unexploitable because the doubly fetched value is not used.",Released
20190531,CVE-2019-12493,3.9,7.1,1136998,poppler,https://www.suse.com/security/cve/CVE-2019-12493,"A stack-based buffer over-read exists in PostScriptFunction::transform in Function.cc in Xpdf 4.01.01 because GfxSeparationColorSpace and GfxDeviceNColorSpace mishandle tint transform functions. It can, for example, be triggered by sending a crafted PDF document to the pdftops tool. It might allow an attacker to cause Denial of Service or leak memory data.",Unsupported
20190531,CVE-2019-8457,8.1,9.8,1136976,sqlite3,https://www.suse.com/security/cve/CVE-2019-8457,"SQLite3 from 3.6.0 to and including 3.27.2 is vulnerable to heap out-of-bound read in the rtreenode() function when handling invalid rtree tables.",Released
20190604,CVE-2019-12614,6.2,7.5,1137194,kernel-source,https://www.suse.com/security/cve/CVE-2019-12614,"An issue was discovered in dlpar_parse_cc_property in arch/powerpc/platforms/pseries/dlpar.c in the Linux kernel through 5.1.6. There is an unchecked kstrdup of prop->name, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash).",Released
20190604,CVE-2019-12615,6.2,7.5,1137195,kernel-source,https://www.suse.com/security/cve/CVE-2019-12615,"An issue was discovered in get_vdev_port_node_info in arch/sparc/kernel/mdesc.c in the Linux kernel through 5.1.6. There is an unchecked kstrdup_const of node_info->vdev_port.name, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash).",Analysis
20190606,CVE-2019-12735,7.8,8.6,1137443,vim,https://www.suse.com/security/cve/CVE-2019-12735,"getchar.c in Vim before 8.1.1365 and Neovim before 0.3.6 allows remote attackers to execute arbitrary OS commands via the :source! command in a modeline, as demonstrated by execute in Vim, and assert_fails or nvim_input in Neovim.",Released
20190608,CVE-2019-2422,3.1,3.1,1122293,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2019-2422,"Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 7u201, 8u192 and 11.0.1; Java SE Embedded: 8u191. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N).",Released
20190611,CVE-2019-11477,8.2,7.5,1132686,kernel-source,https://www.suse.com/security/cve/CVE-2019-11477,"Jonathan Looney discovered that the TCP_SKB_CB(skb)->tcp_gso_segs value was subject to an integer overflow in the Linux kernel when handling TCP Selective Acknowledgments (SACKs). A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commit 3b4929f65b0d8249f19a50245cd88ed1a2f78cff.",Released
20190611,CVE-2019-11478,5.3,7.5,1132686,kernel-source,https://www.suse.com/security/cve/CVE-2019-11478,"Jonathan Looney discovered that the TCP retransmission queue implementation in tcp_fragment in the Linux kernel could be fragmented when handling certain TCP Selective Acknowledgment (SACK) sequences. A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commit f070ef2ac66716357066b683fb0baf55f8191a2e.",Released
20190611,CVE-2019-11479,7.5,7.5,1132686,kernel-source,https://www.suse.com/security/cve/CVE-2019-11479,"Jonathan Looney discovered that the Linux kernel default MSS is hard-coded to 48 bytes. This allows a remote peer to fragment TCP resend queues significantly more than if a larger MSS were enforced. A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commits 967c05aee439e6e5d7d805e195b3a20ef5c433d6 and 5f3e2bf008c2221478101ee72f5cb4654b9fc363.",Released
20190611,CVE-2019-12749,7.1,7.1,1137832,dbus-1,https://www.suse.com/security/cve/CVE-2019-12749,"dbus before 1.10.28, 1.12.x before 1.12.16, and 1.13.x before 1.13.12, as used in DBusServer in Canonical Upstart in Ubuntu 14.04 (and in some, less common, uses of dbus-daemon), allows cookie spoofing because of symlink mishandling in the reference implementation of DBUS_COOKIE_SHA1 in the libdbus library. (This only affects the DBUS_COOKIE_SHA1 authentication mechanism.) A malicious client with write access to its own home directory could manipulate a ~/.dbus-keyrings symlink to cause a DBusServer with a different uid to read and write in unintended locations. In the worst case, this could result in the DBusServer reusing a cookie that is known to the malicious client, and treating that cookie as evidence that a subsequent client connection came from an attacker-chosen uid, allowing authentication bypass.",Released
20190611,CVE-2019-9506,6.4,8.1,1137865,kernel-source,https://www.suse.com/security/cve/CVE-2019-9506,"The Bluetooth BR/EDR specification up to and including version 5.1 permits sufficiently low encryption key length and does not prevent an attacker from influencing the key length negotiation. This allows practical brute-force attacks (aka \"KNOB\") that can decrypt traffic and inject arbitrary ciphertext without the victim noticing.",Ignore
20190612,CVE-2019-12795,5.9,7.8,1137930,gvfs,https://www.suse.com/security/cve/CVE-2019-12795,"daemon/gvfsdaemon.c in gvfsd from GNOME gvfs before 1.38.3, 1.40.x before 1.40.2, and 1.41.x before 1.41.3 opened a private D-Bus server socket without configuring an authorization rule. A local attacker could connect to this server socket and issue D-Bus method calls. (Note that the server socket only accepts a single connection, so the attacker would have to discover the server and connect to the socket before its owner does.)",Affected
20190613,CVE-2019-11039,4,9.1,1138173,php53,https://www.suse.com/security/cve/CVE-2019-11039,"Function iconv_mime_decode_headers() in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6 may perform out-of-buffer read due to integer overflow when parsing MIME headers. This may lead to information disclosure or crash.",Released
20190613,CVE-2019-11040,4.3,9.1,1138172,php53,https://www.suse.com/security/cve/CVE-2019-11040,"When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash.",Released
20190614,CVE-2019-10161,7.8,7.8,1138301,libvirt,https://www.suse.com/security/cve/CVE-2019-10161,"It was discovered that libvirtd before versions 4.10.1 and 5.4.1 would permit read-only clients to use the virDomainSaveImageGetXMLDesc() API, specifying an arbitrary path which would be accessed with the permissions of the libvirtd process. An attacker with access to the libvirtd socket could use this to probe the existence of arbitrary files, cause denial of service or cause libvirtd to execute arbitrary programs.",Released
20190617,CVE-2015-7557,-1,-1,1138468,libcroco,https://www.suse.com/security/cve/CVE-2015-7557,"The _rsvg_node_poly_build_path function in rsvg-shapes.c in librsvg before 2.40.7 allows context-dependent attackers to cause a denial of service (out-of-bounds heap read) via an odd number of elements in a coordinate pair in an SVG document.",Released
20190617,CVE-2015-7557,-1,-1,1138468,librsvg,https://www.suse.com/security/cve/CVE-2015-7557,"The _rsvg_node_poly_build_path function in rsvg-shapes.c in librsvg before 2.40.7 allows context-dependent attackers to cause a denial of service (out-of-bounds heap read) via an odd number of elements in a coordinate pair in an SVG document.",Released
20190617,CVE-2019-10160,9.8,9.8,1138459,firefox-atk,https://www.suse.com/security/cve/CVE-2019-10160,"A security regression of CVE-2019-9636 was discovered in python since commit d537ab0ff9767ef024f26246899728f0116b1ec3 affecting versions 2.7, 3.5, 3.6, 3.7 and from v3.8.0a4 through v3.8.0b1, which still allows an attacker to exploit CVE-2019-9636 by abusing the user and password parts of a URL. When an application parses user-supplied URLs to store cookies, authentication credentials, or other kind of information, it is possible for an attacker to provide specially crafted URLs to make the application locate host-related information (e.g. cookies, authentication data) and send them to a different host than where it should, unlike if the URLs had been correctly parsed. The result of an attack may vary based on the application.",Released
20190617,CVE-2019-10160,9.8,9.8,1138459,firefox-cairo,https://www.suse.com/security/cve/CVE-2019-10160,"A security regression of CVE-2019-9636 was discovered in python since commit d537ab0ff9767ef024f26246899728f0116b1ec3 affecting versions 2.7, 3.5, 3.6, 3.7 and from v3.8.0a4 through v3.8.0b1, which still allows an attacker to exploit CVE-2019-9636 by abusing the user and password parts of a URL. When an application parses user-supplied URLs to store cookies, authentication credentials, or other kind of information, it is possible for an attacker to provide specially crafted URLs to make the application locate host-related information (e.g. cookies, authentication data) and send them to a different host than where it should, unlike if the URLs had been correctly parsed. The result of an attack may vary based on the application.",Released
20190617,CVE-2019-10160,9.8,9.8,1138459,firefox-gcc8,https://www.suse.com/security/cve/CVE-2019-10160,"A security regression of CVE-2019-9636 was discovered in python since commit d537ab0ff9767ef024f26246899728f0116b1ec3 affecting versions 2.7, 3.5, 3.6, 3.7 and from v3.8.0a4 through v3.8.0b1, which still allows an attacker to exploit CVE-2019-9636 by abusing the user and password parts of a URL. When an application parses user-supplied URLs to store cookies, authentication credentials, or other kind of information, it is possible for an attacker to provide specially crafted URLs to make the application locate host-related information (e.g. cookies, authentication data) and send them to a different host than where it should, unlike if the URLs had been correctly parsed. The result of an attack may vary based on the application.",Released
20190617,CVE-2019-10160,9.8,9.8,1138459,firefox-gdk-pixbuf,https://www.suse.com/security/cve/CVE-2019-10160,"A security regression of CVE-2019-9636 was discovered in python since commit d537ab0ff9767ef024f26246899728f0116b1ec3 affecting versions 2.7, 3.5, 3.6, 3.7 and from v3.8.0a4 through v3.8.0b1, which still allows an attacker to exploit CVE-2019-9636 by abusing the user and password parts of a URL. When an application parses user-supplied URLs to store cookies, authentication credentials, or other kind of information, it is possible for an attacker to provide specially crafted URLs to make the application locate host-related information (e.g. cookies, authentication data) and send them to a different host than where it should, unlike if the URLs had been correctly parsed. The result of an attack may vary based on the application.",Released
20190617,CVE-2019-10160,9.8,9.8,1138459,firefox-glib2,https://www.suse.com/security/cve/CVE-2019-10160,"A security regression of CVE-2019-9636 was discovered in python since commit d537ab0ff9767ef024f26246899728f0116b1ec3 affecting versions 2.7, 3.5, 3.6, 3.7 and from v3.8.0a4 through v3.8.0b1, which still allows an attacker to exploit CVE-2019-9636 by abusing the user and password parts of a URL. When an application parses user-supplied URLs to store cookies, authentication credentials, or other kind of information, it is possible for an attacker to provide specially crafted URLs to make the application locate host-related information (e.g. cookies, authentication data) and send them to a different host than where it should, unlike if the URLs had been correctly parsed. The result of an attack may vary based on the application.",Released
20190617,CVE-2019-10160,9.8,9.8,1138459,firefox-gtk3,https://www.suse.com/security/cve/CVE-2019-10160,"A security regression of CVE-2019-9636 was discovered in python since commit d537ab0ff9767ef024f26246899728f0116b1ec3 affecting versions 2.7, 3.5, 3.6, 3.7 and from v3.8.0a4 through v3.8.0b1, which still allows an attacker to exploit CVE-2019-9636 by abusing the user and password parts of a URL. When an application parses user-supplied URLs to store cookies, authentication credentials, or other kind of information, it is possible for an attacker to provide specially crafted URLs to make the application locate host-related information (e.g. cookies, authentication data) and send them to a different host than where it should, unlike if the URLs had been correctly parsed. The result of an attack may vary based on the application.",Released
20190617,CVE-2019-10160,9.8,9.8,1138459,firefox-harfbuzz,https://www.suse.com/security/cve/CVE-2019-10160,"A security regression of CVE-2019-9636 was discovered in python since commit d537ab0ff9767ef024f26246899728f0116b1ec3 affecting versions 2.7, 3.5, 3.6, 3.7 and from v3.8.0a4 through v3.8.0b1, which still allows an attacker to exploit CVE-2019-9636 by abusing the user and password parts of a URL. When an application parses user-supplied URLs to store cookies, authentication credentials, or other kind of information, it is possible for an attacker to provide specially crafted URLs to make the application locate host-related information (e.g. cookies, authentication data) and send them to a different host than where it should, unlike if the URLs had been correctly parsed. The result of an attack may vary based on the application.",Released
20190617,CVE-2019-10160,9.8,9.8,1138459,firefox-libffi-gcc5,https://www.suse.com/security/cve/CVE-2019-10160,"A security regression of CVE-2019-9636 was discovered in python since commit d537ab0ff9767ef024f26246899728f0116b1ec3 affecting versions 2.7, 3.5, 3.6, 3.7 and from v3.8.0a4 through v3.8.0b1, which still allows an attacker to exploit CVE-2019-9636 by abusing the user and password parts of a URL. When an application parses user-supplied URLs to store cookies, authentication credentials, or other kind of information, it is possible for an attacker to provide specially crafted URLs to make the application locate host-related information (e.g. cookies, authentication data) and send them to a different host than where it should, unlike if the URLs had been correctly parsed. The result of an attack may vary based on the application.",Released
20190617,CVE-2019-10160,9.8,9.8,1138459,firefox-libffi,https://www.suse.com/security/cve/CVE-2019-10160,"A security regression of CVE-2019-9636 was discovered in python since commit d537ab0ff9767ef024f26246899728f0116b1ec3 affecting versions 2.7, 3.5, 3.6, 3.7 and from v3.8.0a4 through v3.8.0b1, which still allows an attacker to exploit CVE-2019-9636 by abusing the user and password parts of a URL. When an application parses user-supplied URLs to store cookies, authentication credentials, or other kind of information, it is possible for an attacker to provide specially crafted URLs to make the application locate host-related information (e.g. cookies, authentication data) and send them to a different host than where it should, unlike if the URLs had been correctly parsed. The result of an attack may vary based on the application.",Released
20190617,CVE-2019-10160,9.8,9.8,1138459,firefox-pango,https://www.suse.com/security/cve/CVE-2019-10160,"A security regression of CVE-2019-9636 was discovered in python since commit d537ab0ff9767ef024f26246899728f0116b1ec3 affecting versions 2.7, 3.5, 3.6, 3.7 and from v3.8.0a4 through v3.8.0b1, which still allows an attacker to exploit CVE-2019-9636 by abusing the user and password parts of a URL. When an application parses user-supplied URLs to store cookies, authentication credentials, or other kind of information, it is possible for an attacker to provide specially crafted URLs to make the application locate host-related information (e.g. cookies, authentication data) and send them to a different host than where it should, unlike if the URLs had been correctly parsed. The result of an attack may vary based on the application.",Released
20190617,CVE-2019-10160,9.8,9.8,1138459,python,https://www.suse.com/security/cve/CVE-2019-10160,"A security regression of CVE-2019-9636 was discovered in python since commit d537ab0ff9767ef024f26246899728f0116b1ec3 affecting versions 2.7, 3.5, 3.6, 3.7 and from v3.8.0a4 through v3.8.0b1, which still allows an attacker to exploit CVE-2019-9636 by abusing the user and password parts of a URL. When an application parses user-supplied URLs to store cookies, authentication credentials, or other kind of information, it is possible for an attacker to provide specially crafted URLs to make the application locate host-related information (e.g. cookies, authentication data) and send them to a different host than where it should, unlike if the URLs had been correctly parsed. The result of an attack may vary based on the application.",Released
20190617,CVE-2019-11597,5.1,8.1,1138464,ImageMagick,https://www.suse.com/security/cve/CVE-2019-11597,"In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer over-read in the function WriteTIFFImage of coders/tiff.c, which allows an attacker to cause a denial of service or possibly information disclosure via a crafted image file.",Released
20190618,CVE-2018-18281,5.6,7.8,1113769,kernel-source,https://www.suse.com/security/cve/CVE-2018-18281,"Since Linux kernel version 3.2, the mremap() syscall performs TLB flushes after dropping pagetable locks. If a syscall such as ftruncate() removes entries from the pagetables of a task that is in the middle of mremap(), a stale TLB entry can remain for a short time that permits access to a physical page after it has been released back to the page allocator and reused. This is fixed in the following kernel versions: 4.9.135, 4.14.78, 4.18.16, 4.19.",Released
20190619,CVE-2019-10164,,8.8,1138034,postgresql94,https://www.suse.com/security/cve/CVE-2019-10164,"PostgreSQL versions 10.x before 10.9 and versions 11.x before 11.4 are vulnerable to a stack-based buffer overflow. Any authenticated user can overflow a stack-based buffer by changing the user's own password to a purpose-crafted value. This often suffices to execute arbitrary code as the PostgreSQL operating system account.",Unsupported
20190621,CVE-2019-3896,7,7,1138943,kernel-source,https://www.suse.com/security/cve/CVE-2019-3896,"A double-free can happen in idr_remove_all() in lib/idr.c in the Linux kernel 2.6 branch. An unprivileged local attacker can use this flaw for a privilege escalation or for a system crash and a denial of service (DoS).",Released
20190624,CVE-2019-12900,8.4,9.8,1139083,bzip2,https://www.suse.com/security/cve/CVE-2019-12900,"BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.",Released
20190624,CVE-2019-12900,8.4,9.8,1139083,clamav,https://www.suse.com/security/cve/CVE-2019-12900,"BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.",Released
20190626,CVE-2019-9836,4.7,5.3,1139383,kernel-firmware,https://www.suse.com/security/cve/CVE-2019-9836,"Secure Encrypted Virtualization (SEV) on Advanced Micro Devices (AMD) Platform Security Processor (PSP; aka AMD Secure Processor or AMD-SP) 0.17 build 11 and earlier has an insecure cryptographic implementation.",Analysis
20190627,CVE-2019-10151,5.9,,1139519,samba,https://www.suse.com/security/cve/CVE-2019-10151,"** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none.",Won't fix
20190628,CVE-2019-12928,9.8,9.8,1139714,kvm,https://www.suse.com/security/cve/CVE-2019-12928,"** DISPUTED ** The QMP migrate command in QEMU version 4.0.0 and earlier is vulnerable to OS command injection, which allows the remote attacker to achieve code execution, denial of service, or information disclosure by sending a crafted QMP command to the listening server. Note: This has been disputed as a non-issue since QEMU's -qmp interface is meant to be used by trusted users. If one is able to access this interface via a tcp socket open to the internet, then it is an insecure configuration issue.",Ignore
20190701,CVE-2018-20843,5.3,7.5,1139937,expat,https://www.suse.com/security/cve/CVE-2018-20843,"In libexpat in Expat before 2.2.7, XML input including XML names that contain a large number of colons could make the XML parser consume a high amount of RAM and CPU resources while processing (enough to be usable for denial-of-service attacks).",Released
20190701,CVE-2019-1125,5.5,5.5,1139358,kernel-source,https://www.suse.com/security/cve/CVE-2019-1125,"An information disclosure vulnerability exists when certain central processing units (CPU) speculatively access memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1071, CVE-2019-1073.",Released
20190701,CVE-2019-12979,6.2,7.8,1139886,ImageMagick,https://www.suse.com/security/cve/CVE-2019-12979,"ImageMagick 7.0.8-34 has a \"use of uninitialized value\" vulnerability in the SyncImageSettings function in MagickCore/image.c. This is related to AcquireImage in magick/image.c.",Released
20190701,CVE-2019-12983,4,,1134848,kernel-source,https://www.suse.com/security/cve/CVE-2019-12983,"** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2019-11884. Reason: This candidate is a reservation duplicate of CVE-2019-11884. Notes: All CVE users should reference CVE-2019-11884 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.",Released
20190702,CVE-2019-11038,4,5.3,1140118,gd,https://www.suse.com/security/cve/CVE-2019-11038,"When using the gdImageCreateFromXbm() function in the GD Graphics Library (aka LibGD) 2.2.5, as used in the PHP GD extension in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6, it is possible to supply data that will cause the function to use the value of uninitialized variable. This may lead to disclosing contents of the stack that has been left there by previous code.",Released
20190702,CVE-2019-11038,4,5.3,1140118,php53,https://www.suse.com/security/cve/CVE-2019-11038,"When using the gdImageCreateFromXbm() function in the GD Graphics Library (aka LibGD) 2.2.5, as used in the PHP GD extension in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6, it is possible to supply data that will cause the function to use the value of uninitialized variable. This may lead to disclosing contents of the stack that has been left there by previous code.",Released
20190702,CVE-2019-12972,,5.5,1140126,binutils,https://www.suse.com/security/cve/CVE-2019-12972,"An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. There is a heap-based buffer over-read in _bfd_doprnt in bfd.c because elf_object_p in elfcode.h mishandles an e_shstrndx section of type SHT_GROUP by omitting a trailing '\0' character.",Unsupported
20190702,CVE-2019-12975,3.3,5.5,1140106,ImageMagick,https://www.suse.com/security/cve/CVE-2019-12975,"ImageMagick 7.0.8-34 has a memory leak vulnerability in the WriteDPXImage function in coders/dpx.c.",Released
20190702,CVE-2019-12976,5.5,5.5,1140110,ImageMagick,https://www.suse.com/security/cve/CVE-2019-12976,"ImageMagick 7.0.8-34 has a memory leak in the ReadPCLImage function in coders/pcl.c.",Released
20190702,CVE-2019-13117,4.3,5.3,1140095,libxslt,https://www.suse.com/security/cve/CVE-2019-13117,"In numbers.c in libxslt 1.1.33, an xsl:number with certain format strings could lead to a uninitialized read in xsltNumberFormatInsertNumbers. This could allow an attacker to discern whether a byte on the stack contains the characters A, a, I, i, or 0, or any other character.",Released
20190702,CVE-2019-13118,3.3,5.3,1140101,libxslt,https://www.suse.com/security/cve/CVE-2019-13118,"In numbers.c in libxslt 1.1.33, a type holding grouping characters of an xsl:number instruction was too narrow and an invalid character/length combination could be passed to xsltNumberFormatDecimal, leading to a read of uninitialized stack data.",Released
20190702,CVE-2019-13133,5.5,5.5,1140100,ImageMagick,https://www.suse.com/security/cve/CVE-2019-13133,"ImageMagick before 7.0.8-50 has a memory leak vulnerability in the function ReadBMPImage in coders/bmp.c.",Released
20190702,CVE-2019-13134,5.5,5.5,1140102,ImageMagick,https://www.suse.com/security/cve/CVE-2019-13134,"ImageMagick before 7.0.8-50 has a memory leak vulnerability in the function ReadVIFFImage in coders/viff.c.",Released
20190702,CVE-2019-13135,5.5,8.8,1140103,ImageMagick,https://www.suse.com/security/cve/CVE-2019-13135,"ImageMagick before 7.0.8-50 has a \"use of uninitialized value\" vulnerability in the function ReadCUTImage in coders/cut.c.",Released
20190703,CVE-2019-13173,7.3,7.5,1140290,firefox-atk,https://www.suse.com/security/cve/CVE-2019-13173,"fstream before 1.0.12 is vulnerable to Arbitrary File Overwrite. Extracting tarballs containing a hardlink to a file that already exists in the system, and a file that matches the hardlink, will overwrite the system's file with the contents of the extracted file. The fstream.DirWriter() function is vulnerable.",Released
20190703,CVE-2019-13173,7.3,7.5,1140290,firefox-cairo,https://www.suse.com/security/cve/CVE-2019-13173,"fstream before 1.0.12 is vulnerable to Arbitrary File Overwrite. Extracting tarballs containing a hardlink to a file that already exists in the system, and a file that matches the hardlink, will overwrite the system's file with the contents of the extracted file. The fstream.DirWriter() function is vulnerable.",Released
20190703,CVE-2019-13173,7.3,7.5,1140290,firefox-gcc8,https://www.suse.com/security/cve/CVE-2019-13173,"fstream before 1.0.12 is vulnerable to Arbitrary File Overwrite. Extracting tarballs containing a hardlink to a file that already exists in the system, and a file that matches the hardlink, will overwrite the system's file with the contents of the extracted file. The fstream.DirWriter() function is vulnerable.",Released
20190703,CVE-2019-13173,7.3,7.5,1140290,firefox-gdk-pixbuf,https://www.suse.com/security/cve/CVE-2019-13173,"fstream before 1.0.12 is vulnerable to Arbitrary File Overwrite. Extracting tarballs containing a hardlink to a file that already exists in the system, and a file that matches the hardlink, will overwrite the system's file with the contents of the extracted file. The fstream.DirWriter() function is vulnerable.",Released
20190703,CVE-2019-13173,7.3,7.5,1140290,firefox-glib2,https://www.suse.com/security/cve/CVE-2019-13173,"fstream before 1.0.12 is vulnerable to Arbitrary File Overwrite. Extracting tarballs containing a hardlink to a file that already exists in the system, and a file that matches the hardlink, will overwrite the system's file with the contents of the extracted file. The fstream.DirWriter() function is vulnerable.",Released
20190703,CVE-2019-13173,7.3,7.5,1140290,firefox-gtk3,https://www.suse.com/security/cve/CVE-2019-13173,"fstream before 1.0.12 is vulnerable to Arbitrary File Overwrite. Extracting tarballs containing a hardlink to a file that already exists in the system, and a file that matches the hardlink, will overwrite the system's file with the contents of the extracted file. The fstream.DirWriter() function is vulnerable.",Released
20190703,CVE-2019-13173,7.3,7.5,1140290,firefox-harfbuzz,https://www.suse.com/security/cve/CVE-2019-13173,"fstream before 1.0.12 is vulnerable to Arbitrary File Overwrite. Extracting tarballs containing a hardlink to a file that already exists in the system, and a file that matches the hardlink, will overwrite the system's file with the contents of the extracted file. The fstream.DirWriter() function is vulnerable.",Released
20190703,CVE-2019-13173,7.3,7.5,1140290,firefox-libffi-gcc5,https://www.suse.com/security/cve/CVE-2019-13173,"fstream before 1.0.12 is vulnerable to Arbitrary File Overwrite. Extracting tarballs containing a hardlink to a file that already exists in the system, and a file that matches the hardlink, will overwrite the system's file with the contents of the extracted file. The fstream.DirWriter() function is vulnerable.",Released
20190703,CVE-2019-13173,7.3,7.5,1140290,firefox-libffi,https://www.suse.com/security/cve/CVE-2019-13173,"fstream before 1.0.12 is vulnerable to Arbitrary File Overwrite. Extracting tarballs containing a hardlink to a file that already exists in the system, and a file that matches the hardlink, will overwrite the system's file with the contents of the extracted file. The fstream.DirWriter() function is vulnerable.",Released
20190703,CVE-2019-13173,7.3,7.5,1140290,firefox-pango,https://www.suse.com/security/cve/CVE-2019-13173,"fstream before 1.0.12 is vulnerable to Arbitrary File Overwrite. Extracting tarballs containing a hardlink to a file that already exists in the system, and a file that matches the hardlink, will overwrite the system's file with the contents of the extracted file. The fstream.DirWriter() function is vulnerable.",Released
20190704,CVE-2019-13164,4.7,7.8,1140402,kvm,https://www.suse.com/security/cve/CVE-2019-13164,"qemu-bridge-helper.c in QEMU 3.1 and 4.0.0 does not ensure that a network interface name (obtained from bridge.conf or a --br=bridge option) is limited to the IFNAMSIZ size, which can lead to an ACL bypass.",Released
20190705,CVE-2019-13301,,6.5,1140554,ImageMagick,https://www.suse.com/security/cve/CVE-2019-13301,"ImageMagick 7.0.8-50 Q16 has memory leaks in AcquireMagickMemory because of an AnnotateImage error.",Released
20190705,CVE-2019-13311,3.3,6.5,1140513,ImageMagick,https://www.suse.com/security/cve/CVE-2019-13311,"ImageMagick 7.0.8-50 Q16 has memory leaks at AcquireMagickMemory because of a wand/mogrify.c error.",Released
20190706,CVE-2019-10639,5.3,7.5,1140577,kernel-source,https://www.suse.com/security/cve/CVE-2019-10639,"The Linux kernel 4.x (starting from 4.1) and 5.x before 5.0.8 allows Information Exposure (partial kernel address disclosure), leading to a KASLR bypass. Specifically, it is possible to extract the KASLR kernel image offset using the IP ID values the kernel produces for connection-less protocols (e.g., UDP and ICMP). When such traffic is sent to multiple destination IP addresses, it is possible to obtain hash collisions (of indices to the counter array) and thereby obtain the hashing key (via enumeration). This key contains enough bits from a kernel address (of a static variable) so when the key is extracted (via enumeration), the offset of the kernel image is exposed. This attack can be carried out remotely, by the attacker forcing the target device to send UDP or ICMP (or certain other) traffic to attacker-controlled IP addresses. Forcing a server to send UDP traffic is trivial if the server is a DNS server. ICMP traffic is trivial if the server answers ICMP Echo requests (ping). For client targets, if the target visits the attacker's web page, then WebRTC or gQUIC can be used to force UDP traffic to attacker-controlled IP addresses. NOTE: this attack against KASLR became viable in 4.1 because IP ID generation was changed to have a dependency on an address associated with a network namespace.",Already fixed
20190708,CVE-2019-13232,4,7.5,1140748,unzip,https://www.suse.com/security/cve/CVE-2019-13232,"Info-ZIP UnZip 6.0 mishandles the overlapping of files inside a ZIP container, leading to denial of service (resource consumption), aka a \"better zip bomb\" issue.",Ignore
20190708,CVE-2019-13286,3.9,5.5,1140744,poppler,https://www.suse.com/security/cve/CVE-2019-13286,"In Xpdf 4.01.01, there is a heap-based buffer over-read in the function JBIG2Stream::readTextRegionSeg() located at JBIG2Stream.cc. It can, for example, be triggered by sending a crafted PDF document to the pdftoppm tool. It might allow an attacker to cause Information Disclosure.",Unsupported
20190708,CVE-2019-13295,5.1,8.8,1140664,ImageMagick,https://www.suse.com/security/cve/CVE-2019-13295,"ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read at MagickCore/threshold.c in AdaptiveThresholdImage because a width of zero is mishandled.",Released
20190708,CVE-2019-13297,5.1,8.8,1140666,ImageMagick,https://www.suse.com/security/cve/CVE-2019-13297,"ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read at MagickCore/threshold.c in AdaptiveThresholdImage because a height of zero is mishandled.",Released
20190708,CVE-2019-13345,5.4,6.1,1140738,squid3,https://www.suse.com/security/cve/CVE-2019-13345,"The cachemgr.cgi web module of Squid through 4.7 has XSS via the user_name or auth parameter.",Released
20190708,CVE-2019-13345,5.4,6.1,1140738,squid,https://www.suse.com/security/cve/CVE-2019-13345,"The cachemgr.cgi web module of Squid through 4.7 has XSS via the user_name or auth parameter.",Released
20190709,CVE-2019-13282,4.4,7.8,1140870,poppler,https://www.suse.com/security/cve/CVE-2019-13282,"In Xpdf 4.01.01, a heap-based buffer over-read could be triggered in SampledFunction::transform in Function.cc when using a large index for samples. It can, for example, be triggered by sending a crafted PDF document to the pdftotext tool. It allows an attacker to use a crafted pdf file to cause Denial of Service or an information leak, or possibly have unspecified other impact.",Released
20190709,CVE-2019-13288,5.5,5.5,1140882,poppler,https://www.suse.com/security/cve/CVE-2019-13288,"In Xpdf 4.01.01, the Parser::getObj() function in Parser.cc may cause infinite recursion via a crafted file. A remote attacker can leverage this for a DoS attack. This is similar to CVE-2018-16646.",Won't fix
20190710,CVE-2019-11135,6.5,6.5,1139073,kernel-source,https://www.suse.com/security/cve/CVE-2019-11135,"TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access.",Released
20190710,CVE-2019-11135,6.5,6.5,1139073,libvirt,https://www.suse.com/security/cve/CVE-2019-11135,"TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access.",Ignore
20190710,CVE-2019-11135,6.5,6.5,1139073,microcode_ctl,https://www.suse.com/security/cve/CVE-2019-11135,"TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access.",Released
20190710,CVE-2019-11135,6.5,6.5,1139073,xen,https://www.suse.com/security/cve/CVE-2019-11135,"TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access.",Released
20190710,CVE-2019-11139,,6,1141035,microcode_ctl,https://www.suse.com/security/cve/CVE-2019-11139,"Improper conditions check in the voltage modulation interface for some Intel(R) Xeon(R) Scalable Processors may allow a privileged user to potentially enable denial of service via local access.",Released
20190710,CVE-2019-7307,2.8,7,1140986,apport-crashdb-sle,https://www.suse.com/security/cve/CVE-2019-7307,"Apport before versions 2.14.1-0ubuntu3.29+esm1, 2.20.1-0ubuntu2.19, 2.20.9-0ubuntu7.7, 2.20.10-0ubuntu27.1, 2.20.11-0ubuntu5 contained a TOCTTOU vulnerability when reading the users ~/.apport-ignore.xml file, which allows a local attacker to replace this file with a symlink to any other file on the system and so cause Apport to include the contents of this other file in the resulting crash report. The crash report could then be read by that user either by causing it to be uploaded and reported to Launchpad, or by leveraging some other vulnerability to read the resulting crash report, and so allow the user to read arbitrary files on the system.",Released
20190710,CVE-2019-7307,2.8,7,1140986,apport,https://www.suse.com/security/cve/CVE-2019-7307,"Apport before versions 2.14.1-0ubuntu3.29+esm1, 2.20.1-0ubuntu2.19, 2.20.9-0ubuntu7.7, 2.20.10-0ubuntu27.1, 2.20.11-0ubuntu5 contained a TOCTTOU vulnerability when reading the users ~/.apport-ignore.xml file, which allows a local attacker to replace this file with a symlink to any other file on the system and so cause Apport to include the contents of this other file in the resulting crash report. The crash report could then be read by that user either by causing it to be uploaded and reported to Launchpad, or by leveraging some other vulnerability to read the resulting crash report, and so allow the user to read arbitrary files on the system.",Released
20190711,CVE-2019-13050,6.5,7.5,1141093,gpg2,https://www.suse.com/security/cve/CVE-2019-13050,"Interaction between the sks-keyserver code through 1.2.0 of the SKS keyserver network, and GnuPG through 2.2.16, makes it risky to have a GnuPG keyserver configuration line referring to a host on the SKS keyserver network. Retrieving data from this network may cause a persistent denial of service, because of a Certificate Spamming Attack.",Released
20190711,CVE-2019-13454,6.2,6.5,1141171,ImageMagick,https://www.suse.com/security/cve/CVE-2019-13454,"ImageMagick 7.0.8-54 Q16 allows Division by Zero in RemoveDuplicateLayers in MagickCore/layer.c.",Released
20190712,CVE-2019-12525,7.5,9.8,1141332,squid3,https://www.suse.com/security/cve/CVE-2019-12525,"An issue was discovered in Squid 3.3.9 through 3.5.28 and 4.x through 4.7. When Squid is configured to use Digest authentication, it parses the header Proxy-Authorization. It searches for certain tokens such as domain, uri, and qop. Squid checks if this token's value starts with a quote and ends with one. If so, it performs a memcpy of its length minus 2. Squid never checks whether the value is just a single quote (which would satisfy its requirements), leading to a memcpy of its length minus 1.",Released
20190712,CVE-2019-12529,4.3,5.9,1141329,squid3,https://www.suse.com/security/cve/CVE-2019-12529,"An issue was discovered in Squid 2.x through 2.7.STABLE9, 3.x through 3.5.28, and 4.x through 4.7. When Squid is configured to use Basic Authentication, the Proxy-Authorization header is parsed via uudecode. uudecode determines how many bytes will be decoded by iterating over the input and checking its table. The length is then used to start decoding the string. There are no checks to ensure that the length it calculates isn't greater than the input buffer. This leads to adjacent memory being decoded as well. An attacker would not be able to retrieve the decoded data unless the Squid maintainer had configured the display of usernames on error pages.",Released
20190712,CVE-2019-12529,4.3,5.9,1141329,squid,https://www.suse.com/security/cve/CVE-2019-12529,"An issue was discovered in Squid 2.x through 2.7.STABLE9, 3.x through 3.5.28, and 4.x through 4.7. When Squid is configured to use Basic Authentication, the Proxy-Authorization header is parsed via uudecode. uudecode determines how many bytes will be decoded by iterating over the input and checking its table. The length is then used to start decoding the string. There are no checks to ensure that the length it calculates isn't greater than the input buffer. This leads to adjacent memory being decoded as well. An attacker would not be able to retrieve the decoded data unless the Squid maintainer had configured the display of usernames on error pages.",Unsupported
20190715,CVE-2017-12652,4,9.8,1141493,libpng12-0,https://www.suse.com/security/cve/CVE-2017-12652,"libpng before 1.6.32 does not properly check the length of chunks against the user limit.",Released
20190715,CVE-2019-13504,4,6.5,1141472,exiv2,https://www.suse.com/security/cve/CVE-2019-13504,"There is an out-of-bounds read in Exiv2::MrwImage::readMetadata in mrwimage.cpp in Exiv2 through 0.27.2.",Won't fix
20190716,CVE-2019-1010006,7.3,7.8,1141619,evince,https://www.suse.com/security/cve/CVE-2019-1010006,"Evince 3.26.0 is affected by buffer overflow. The impact is: DOS / Possible code execution. The component is: backend/tiff/tiff-document.c. The attack vector is: Victim must open a crafted PDF file. The issue occurs because of an incorrect integer overflow protection mechanism in tiff_document_render and tiff_document_get_thumbnail.",Released
20190716,CVE-2019-1010305,2.5,5.5,1141680,libmspack,https://www.suse.com/security/cve/CVE-2019-1010305,"libmspack 0.9.1alpha is affected by: Buffer Overflow. The impact is: Information Disclosure. The component is: function chmd_read_headers() in libmspack(file libmspack/mspack/chmd.c). The attack vector is: the victim must open a specially crafted chm file. The fixed version is: after commit 2f084136cfe0d05e5bf5703f3e83c6d955234b4d.",Released
20190717,CVE-2018-20852,5.3,5.3,1141853,firefox-atk,https://www.suse.com/security/cve/CVE-2018-20852,"http.cookiejar.DefaultPolicy.domain_return_ok in Lib/http/cookiejar.py in Python before 3.7.3 does not correctly validate the domain: it can be tricked into sending existing cookies to the wrong server. An attacker may abuse this flaw by using a server with a hostname that has another valid hostname as a suffix (e.g., pythonicexample.com to steal cookies for example.com). When a program uses http.cookiejar.DefaultPolicy and tries to do an HTTP connection to an attacker-controlled server, existing cookies can be leaked to the attacker. This affects 2.x through 2.7.16, 3.x before 3.4.10, 3.5.x before 3.5.7, 3.6.x before 3.6.9, and 3.7.x before 3.7.3.",Released
20190717,CVE-2018-20852,5.3,5.3,1141853,firefox-cairo,https://www.suse.com/security/cve/CVE-2018-20852,"http.cookiejar.DefaultPolicy.domain_return_ok in Lib/http/cookiejar.py in Python before 3.7.3 does not correctly validate the domain: it can be tricked into sending existing cookies to the wrong server. An attacker may abuse this flaw by using a server with a hostname that has another valid hostname as a suffix (e.g., pythonicexample.com to steal cookies for example.com). When a program uses http.cookiejar.DefaultPolicy and tries to do an HTTP connection to an attacker-controlled server, existing cookies can be leaked to the attacker. This affects 2.x through 2.7.16, 3.x before 3.4.10, 3.5.x before 3.5.7, 3.6.x before 3.6.9, and 3.7.x before 3.7.3.",Released
20190717,CVE-2018-20852,5.3,5.3,1141853,firefox-gcc8,https://www.suse.com/security/cve/CVE-2018-20852,"http.cookiejar.DefaultPolicy.domain_return_ok in Lib/http/cookiejar.py in Python before 3.7.3 does not correctly validate the domain: it can be tricked into sending existing cookies to the wrong server. An attacker may abuse this flaw by using a server with a hostname that has another valid hostname as a suffix (e.g., pythonicexample.com to steal cookies for example.com). When a program uses http.cookiejar.DefaultPolicy and tries to do an HTTP connection to an attacker-controlled server, existing cookies can be leaked to the attacker. This affects 2.x through 2.7.16, 3.x before 3.4.10, 3.5.x before 3.5.7, 3.6.x before 3.6.9, and 3.7.x before 3.7.3.",Released
20190717,CVE-2018-20852,5.3,5.3,1141853,firefox-gdk-pixbuf,https://www.suse.com/security/cve/CVE-2018-20852,"http.cookiejar.DefaultPolicy.domain_return_ok in Lib/http/cookiejar.py in Python before 3.7.3 does not correctly validate the domain: it can be tricked into sending existing cookies to the wrong server. An attacker may abuse this flaw by using a server with a hostname that has another valid hostname as a suffix (e.g., pythonicexample.com to steal cookies for example.com). When a program uses http.cookiejar.DefaultPolicy and tries to do an HTTP connection to an attacker-controlled server, existing cookies can be leaked to the attacker. This affects 2.x through 2.7.16, 3.x before 3.4.10, 3.5.x before 3.5.7, 3.6.x before 3.6.9, and 3.7.x before 3.7.3.",Released
20190717,CVE-2018-20852,5.3,5.3,1141853,firefox-glib2,https://www.suse.com/security/cve/CVE-2018-20852,"http.cookiejar.DefaultPolicy.domain_return_ok in Lib/http/cookiejar.py in Python before 3.7.3 does not correctly validate the domain: it can be tricked into sending existing cookies to the wrong server. An attacker may abuse this flaw by using a server with a hostname that has another valid hostname as a suffix (e.g., pythonicexample.com to steal cookies for example.com). When a program uses http.cookiejar.DefaultPolicy and tries to do an HTTP connection to an attacker-controlled server, existing cookies can be leaked to the attacker. This affects 2.x through 2.7.16, 3.x before 3.4.10, 3.5.x before 3.5.7, 3.6.x before 3.6.9, and 3.7.x before 3.7.3.",Released
20190717,CVE-2018-20852,5.3,5.3,1141853,firefox-gtk3,https://www.suse.com/security/cve/CVE-2018-20852,"http.cookiejar.DefaultPolicy.domain_return_ok in Lib/http/cookiejar.py in Python before 3.7.3 does not correctly validate the domain: it can be tricked into sending existing cookies to the wrong server. An attacker may abuse this flaw by using a server with a hostname that has another valid hostname as a suffix (e.g., pythonicexample.com to steal cookies for example.com). When a program uses http.cookiejar.DefaultPolicy and tries to do an HTTP connection to an attacker-controlled server, existing cookies can be leaked to the attacker. This affects 2.x through 2.7.16, 3.x before 3.4.10, 3.5.x before 3.5.7, 3.6.x before 3.6.9, and 3.7.x before 3.7.3.",Released
20190717,CVE-2018-20852,5.3,5.3,1141853,firefox-harfbuzz,https://www.suse.com/security/cve/CVE-2018-20852,"http.cookiejar.DefaultPolicy.domain_return_ok in Lib/http/cookiejar.py in Python before 3.7.3 does not correctly validate the domain: it can be tricked into sending existing cookies to the wrong server. An attacker may abuse this flaw by using a server with a hostname that has another valid hostname as a suffix (e.g., pythonicexample.com to steal cookies for example.com). When a program uses http.cookiejar.DefaultPolicy and tries to do an HTTP connection to an attacker-controlled server, existing cookies can be leaked to the attacker. This affects 2.x through 2.7.16, 3.x before 3.4.10, 3.5.x before 3.5.7, 3.6.x before 3.6.9, and 3.7.x before 3.7.3.",Released
20190717,CVE-2018-20852,5.3,5.3,1141853,firefox-libffi-gcc5,https://www.suse.com/security/cve/CVE-2018-20852,"http.cookiejar.DefaultPolicy.domain_return_ok in Lib/http/cookiejar.py in Python before 3.7.3 does not correctly validate the domain: it can be tricked into sending existing cookies to the wrong server. An attacker may abuse this flaw by using a server with a hostname that has another valid hostname as a suffix (e.g., pythonicexample.com to steal cookies for example.com). When a program uses http.cookiejar.DefaultPolicy and tries to do an HTTP connection to an attacker-controlled server, existing cookies can be leaked to the attacker. This affects 2.x through 2.7.16, 3.x before 3.4.10, 3.5.x before 3.5.7, 3.6.x before 3.6.9, and 3.7.x before 3.7.3.",Released
20190717,CVE-2018-20852,5.3,5.3,1141853,firefox-libffi,https://www.suse.com/security/cve/CVE-2018-20852,"http.cookiejar.DefaultPolicy.domain_return_ok in Lib/http/cookiejar.py in Python before 3.7.3 does not correctly validate the domain: it can be tricked into sending existing cookies to the wrong server. An attacker may abuse this flaw by using a server with a hostname that has another valid hostname as a suffix (e.g., pythonicexample.com to steal cookies for example.com). When a program uses http.cookiejar.DefaultPolicy and tries to do an HTTP connection to an attacker-controlled server, existing cookies can be leaked to the attacker. This affects 2.x through 2.7.16, 3.x before 3.4.10, 3.5.x before 3.5.7, 3.6.x before 3.6.9, and 3.7.x before 3.7.3.",Released
20190717,CVE-2018-20852,5.3,5.3,1141853,firefox-pango,https://www.suse.com/security/cve/CVE-2018-20852,"http.cookiejar.DefaultPolicy.domain_return_ok in Lib/http/cookiejar.py in Python before 3.7.3 does not correctly validate the domain: it can be tricked into sending existing cookies to the wrong server. An attacker may abuse this flaw by using a server with a hostname that has another valid hostname as a suffix (e.g., pythonicexample.com to steal cookies for example.com). When a program uses http.cookiejar.DefaultPolicy and tries to do an HTTP connection to an attacker-controlled server, existing cookies can be leaked to the attacker. This affects 2.x through 2.7.16, 3.x before 3.4.10, 3.5.x before 3.5.7, 3.6.x before 3.6.9, and 3.7.x before 3.7.3.",Released
20190717,CVE-2018-20852,5.3,5.3,1141853,python,https://www.suse.com/security/cve/CVE-2018-20852,"http.cookiejar.DefaultPolicy.domain_return_ok in Lib/http/cookiejar.py in Python before 3.7.3 does not correctly validate the domain: it can be tricked into sending existing cookies to the wrong server. An attacker may abuse this flaw by using a server with a hostname that has another valid hostname as a suffix (e.g., pythonicexample.com to steal cookies for example.com). When a program uses http.cookiejar.DefaultPolicy and tries to do an HTTP connection to an attacker-controlled server, existing cookies can be leaked to the attacker. This affects 2.x through 2.7.16, 3.x before 3.4.10, 3.5.x before 3.5.7, 3.6.x before 3.6.9, and 3.7.x before 3.7.3.",Released
20190717,CVE-2019-1010022,4,9.8,1141866,glibc,https://www.suse.com/security/cve/CVE-2019-1010022,"** DISPUTED ** GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.\"",Ignore
20190717,CVE-2019-1010023,3.9,8.8,1141867,glibc,https://www.suse.com/security/cve/CVE-2019-1010023,"** DISPUTED ** GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.\"",Ignore
20190717,CVE-2019-1010025,,5.3,1141870,glibc,https://www.suse.com/security/cve/CVE-2019-1010025,"** DISPUTED ** GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is \"ASLR bypass itself is not a vulnerability.\"",Ignore
20190717,CVE-2019-13616,4.4,8.1,1141844,SDL,https://www.suse.com/security/cve/CVE-2019-13616,"SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in BlitNtoN in video/SDL_blit_N.c when called from SDL_SoftBlit in video/SDL_blit.c.",Released
20190717,CVE-2019-2762,5.3,5.3,1141782,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2019-2762,"Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Utilities). Supported versions that are affected are Java SE: 7u221, 8u212, 11.0.3 and 12.0.1; Java SE Embedded: 8u211. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).",Released
20190717,CVE-2019-2766,3.1,3.1,1141789,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2019-2766,"Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 7u221, 8u212, 11.0.3 and 12.0.1; Java SE Embedded: 8u211. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N).",Released
20190717,CVE-2019-2769,5.3,5.3,1141783,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2019-2769,"Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Utilities). Supported versions that are affected are Java SE: 7u221, 8u212, 11.0.3 and 12.0.1; Java SE Embedded: 8u211. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).",Released
20190717,CVE-2019-2786,3.1,3.4,1141787,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2019-2786,"Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 8u212, 11.0.3 and 12.0.1; Java SE Embedded: 8u211. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.4 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N).",Released
20190717,CVE-2019-2816,4.8,4.8,1141785,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2019-2816,"Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 7u221, 8u212, 11.0.3 and 12.0.1; Java SE Embedded: 8u211. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).",Released
20190718,CVE-2019-13619,5.3,7.5,1141980,wireshark,https://www.suse.com/security/cve/CVE-2019-13619,"In Wireshark 3.0.0 to 3.0.2, 2.6.0 to 2.6.9, and 2.4.0 to 2.4.15, the ASN.1 BER dissector and related dissectors could crash. This was addressed in epan/asn1.c by properly restricting buffer increments.",Ignore
20190718,CVE-2019-13631,5.9,6.8,1142023,kernel-source,https://www.suse.com/security/cve/CVE-2019-13631,"In parse_hid_report_descriptor in drivers/input/tablet/gtco.c in the Linux kernel through 5.2.1, a malicious USB device can send an HID report that triggers an out-of-bounds write during generation of debugging messages.",Released
20190719,CVE-2019-1010065,,6.5,1142201,crash,https://www.suse.com/security/cve/CVE-2019-1010065,"The Sleuth Kit 4.6.0 and earlier is affected by: Integer Overflow. The impact is: Opening crafted disk image triggers crash in tsk/fs/hfs_dent.c:237. The component is: Overflow in fls tool used on HFS image. Bug is in tsk/fs/hfs.c file in function hfs_cat_traverse() in lines: 952, 1062. The attack vector is: Victim must open a crafted HFS filesystem image.",Analysis
20190723,CVE-2019-13638,7.3,7.8,1088420,patch,https://www.suse.com/security/cve/CVE-2019-13638,"GNU patch through 2.7.6 is vulnerable to OS shell command injection that can be exploited by opening a crafted patch file that contains an ed style diff payload with shell metacharacters. The ed editor does not need to be present on the vulnerable system. This is different from CVE-2018-1000156.",Already fixed
20190723,CVE-2019-9959,3.3,6.5,1142465,poppler,https://www.suse.com/security/cve/CVE-2019-9959,"The JPXStream::init function in Poppler 0.78.0 and earlier doesn't check for negative values of stream length, leading to an Integer Overflow, thereby making it possible to allocate a large memory chunk on the heap, with a size controlled by an attacker, as demonstrated by pdftocairo.",Released
20190724,CVE-2019-1010204,4,5.5,1142579,binutils,https://www.suse.com/security/cve/CVE-2019-1010204,"GNU binutils gold gold v1.11-v1.16 (GNU binutils v2.21-v2.31.1) is affected by: Improper Input Validation, Signed/Unsigned Comparison, Out-of-bounds Read. The impact is: Denial of service. The component is: gold/fileread.cc:497, elfcpp/elfcpp_file.h:644. The attack vector is: An ELF file with an invalid e_shoff header field must be opened.",Unsupported
20190724,CVE-2019-13110,4.3,6.5,1142678,exiv2,https://www.suse.com/security/cve/CVE-2019-13110,"A CiffDirectory::readDirectory integer overflow and out-of-bounds read in Exiv2 through 0.27.1 allows an attacker to cause a denial of service (SIGSEGV) via a crafted CRW image file.",Released
20190724,CVE-2019-13112,4.3,6.5,1142681,exiv2,https://www.suse.com/security/cve/CVE-2019-13112,"A PngChunk::parseChunkContent uncontrolled memory allocation in Exiv2 through 0.27.1 allows an attacker to cause a denial of service (crash due to an std::bad_alloc exception) via a crafted PNG image file.",Released
20190724,CVE-2019-13113,4.3,6.5,1142683,exiv2,https://www.suse.com/security/cve/CVE-2019-13113,"Exiv2 through 0.27.1 allows an attacker to cause a denial of service (crash due to assertion failure) via an invalid data location in a CRW image file.",Released
20190724,CVE-2019-14250,5.3,5.5,1142649,gcc33,https://www.suse.com/security/cve/CVE-2019-14250,"An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. simple_object_elf_match in simple-object-elf.c does not check for a zero shstrndx value, leading to an integer overflow and resultant heap-based buffer overflow.",Unsupported
20190724,CVE-2019-14250,5.3,5.5,1142649,gcc5,https://www.suse.com/security/cve/CVE-2019-14250,"An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. simple_object_elf_match in simple-object-elf.c does not check for a zero shstrndx value, leading to an integer overflow and resultant heap-based buffer overflow.",Unsupported
20190725,CVE-2019-1010190,2.8,5.5,1142770,mgetty,https://www.suse.com/security/cve/CVE-2019-1010190,"mgetty prior to 1.2.1 is affected by: out-of-bounds read. The impact is: DoS, the program may crash if the memory is not mapped. The component is: putwhitespan() in g3/pbm2g3.c. The attack vector is: Local, the victim must open a specially crafted file. The fixed version is: 1.2.1.",Released
20190725,CVE-2019-10207,5.3,4.7,1123959,kernel-source,https://www.suse.com/security/cve/CVE-2019-10207,"A flaw was found in the Linux kernel's Bluetooth implementation of UART, all versions kernel 3.x.x before 4.18.0 and kernel 5.x.x. An attacker with local access and write permissions to the Bluetooth hardware could use this flaw to issue a specially crafted ioctl function call and cause the system to crash.",Unsupported
20190726,CVE-2018-20855,5.1,3.3,1143045,kernel-source,https://www.suse.com/security/cve/CVE-2018-20855,"An issue was discovered in the Linux kernel before 4.18.7. In create_qp_common in drivers/infiniband/hw/mlx5/qp.c, mlx5_ib_create_qp_resp was never initialized, resulting in a leak of stack memory to userspace.",Released
20190729,CVE-2011-5327,,9.8,1143175,kernel-source,https://www.suse.com/security/cve/CVE-2011-5327,"In the Linux kernel before 3.1, an off by one in the drivers/target/loopback/tcm_loop.c tcm_loop_make_naa_tpg() function could result in at least memory corruption.",Already fixed
20190729,CVE-2015-9289,,5.5,1143179,kernel-source,https://www.suse.com/security/cve/CVE-2015-9289,"In the Linux kernel before 4.1.4, a buffer overflow occurs when checking userspace params in drivers/media/dvb-frontends/cx24116.c. The maximum size for a DiSEqC command is 6, according to the userspace API. However, the code allows larger values such as 23.",Released
20190729,CVE-2019-13057,5.3,4.9,1143273,openldap2,https://www.suse.com/security/cve/CVE-2019-13057,"An issue was discovered in the server in OpenLDAP before 2.4.48. When the server administrator delegates rootDN (database admin) privileges for certain databases but wants to maintain isolation (e.g., for multi-tenant deployments), slapd does not properly stop a rootDN from requesting authorization as an identity from another database during a SASL bind or with a proxyAuthz (RFC 4370) control. (It is not a common configuration to deploy a system where the server administrator and a DB administrator enjoy different levels of trust.)",Released
20190729,CVE-2019-13565,6.5,7.5,1143194,openldap2,https://www.suse.com/security/cve/CVE-2019-13565,"An issue was discovered in OpenLDAP 2.x before 2.4.48. When using SASL authentication and session encryption, and relying on the SASL security layers in slapd access controls, it is possible to obtain access that would otherwise be denied via a simple bind for any identity covered in those ACLs. After the first SASL bind is completed, the sasl_ssf value is retained for all new non-SASL connections. Depending on the ACL configuration, this can affect different types of operations (searches, modifications, etc.). In other words, a successful authorization step completed by one user affects the authorization requirement for a different user.",Released
20190729,CVE-2019-14283,6.1,6.8,1143191,kernel-source,https://www.suse.com/security/cve/CVE-2019-14283,"In the Linux kernel before 5.2.3, set_geometry in drivers/block/floppy.c does not validate the sect and head fields, as demonstrated by an integer overflow and out-of-bounds read. It can be triggered by an unprivileged local user when a floppy disk has been inserted. NOTE: QEMU creates the floppy device by default.",Released
20190729,CVE-2019-14284,5.5,6.2,1143189,kernel-source,https://www.suse.com/security/cve/CVE-2019-14284,"In the Linux kernel before 5.2.3, drivers/block/floppy.c allows a denial of service by setup_format_params division-by-zero. Two consecutive ioctls can trigger the bug: the first one should set the drive geometry with .sect and .rate values that make F_SECT_PER_TRACK be zero. Next, the floppy format operation should be called. It can be triggered by an unprivileged local user even when a floppy disk has not been inserted. NOTE: QEMU creates the floppy device by default.",Released
20190731,CVE-2015-9290,3.3,9.8,1143564,freetype2,https://www.suse.com/security/cve/CVE-2015-9290,"In FreeType before 2.6.1, a buffer over-read occurs in type1/t1parse.c on function T1_Get_Private_Dict where there is no check that the new values of cur and limit are sensible before going to Again.",Unsupported
20190731,CVE-2019-14275,4.4,5.5,1143650,transfig,https://www.suse.com/security/cve/CVE-2019-14275,"Xfig fig2dev 3.2.7a has a stack-based buffer overflow in the calc_arrow function in bound.c.",Released
20190731,CVE-2019-14290,3.3,5.5,1143568,poppler,https://www.suse.com/security/cve/CVE-2019-14290,"An issue was discovered in Xpdf 4.01.01. There is an out of bounds read in the function GfxPatchMeshShading::parse at GfxState.cc for typeA==6 case 2.",Unsupported
20190731,CVE-2019-14294,5.5,5.5,1143572,poppler,https://www.suse.com/security/cve/CVE-2019-14294,"An issue was discovered in Xpdf 4.01.01. There is a use-after-free in the function JPXStream::fillReadBuf at JPXStream.cc, due to an out of bounds read.",Unsupported
20190731,CVE-2019-14444,3.3,5.5,1143609,binutils,https://www.suse.com/security/cve/CVE-2019-14444,"apply_relocations in readelf.c in GNU Binutils 2.32 contains an integer overflow that allows attackers to trigger a write access violation (in byte_put_little_endian function in elfcomm.c) via an ELF file, as demonstrated by readelf.",Unsupported
20190801,CVE-2019-14378,7.8,8.8,1143794,kvm,https://www.suse.com/security/cve/CVE-2019-14378,"ip_reass in ip_input.c in libslirp 4.0.0 has a heap-based buffer overflow via a large packet because it mishandles a case involving the first fragment.",Released
20190801,CVE-2019-14378,7.8,8.8,1143794,xen,https://www.suse.com/security/cve/CVE-2019-14378,"ip_reass in ip_input.c in libslirp 4.0.0 has a heap-based buffer overflow via a large packet because it mishandles a case involving the first fragment.",Released
20190808,CVE-2019-10218,5.3,5.3,1144902,samba,https://www.suse.com/security/cve/CVE-2019-10218,"A flaw was found in the samba client, all samba versions before samba 4.11.2, 4.10.10 and 4.9.15, where a malicious server can supply a pathname to the client with separators. This could allow the client to access files and folders outside of the SMB network pathnames. An attacker could use this vulnerability to create files outside of the current working directory using the privileges of the client user.",Released
20190809,CVE-2019-10208,7.5,,1145092,postgresql94,https://www.suse.com/security/cve/CVE-2019-10208,"A flaw was discovered in postgresql versions 9.4.x before 9.4.24, 9.5.x before 9.5.19, 9.6.x before 9.6.15, 10.x before 10.10 and 11.x before 11.5 where arbitrary SQL statements can be executed given a suitable SECURITY DEFINER function. An attacker, with EXECUTE permission on the function, can execute arbitrary SQL as the owner of the function.",Released
20190809,CVE-2019-10220,7.5,8.8,1144903,kernel-source,https://www.suse.com/security/cve/CVE-2019-10220,"Linux kernel CIFS implementation, version 4.9.0 is vulnerable to a relative paths injection in directory entry lists.",Released
20190809,CVE-2019-11042,5.4,7.1,1145095,php53,https://www.suse.com/security/cve/CVE-2019-11042,"When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash.",Released
20190813,CVE-2017-18509,5.5,7.8,1145477,kernel-source,https://www.suse.com/security/cve/CVE-2017-18509,"An issue was discovered in net/ipv6/ip6mr.c in the Linux kernel before 4.11. By setting a specific socket option, an attacker can control a pointer in kernel land and cause an inet_csk_listen_stop general protection fault, or potentially execute arbitrary code under certain circumstances. The issue can be triggered as root (e.g., inside a default LXC container or with the CAP_NET_ADMIN capability) or after namespace unsharing. This occurs because sk_type and protocol are not checked in the appropriate part of the ip6_mroute_* functions. NOTE: this affects Linux distributions that use 4.9.x longterm kernels before 4.9.187.",Released
20190814,CVE-2019-12067,3.3,6.5,1145642,xen,https://www.suse.com/security/cve/CVE-2019-12067,"The ahci_commit_buf function in ide/ahci.c in QEMU allows attackers to cause a denial of service (NULL dereference) when the command header 'ad->cur_cmd' is null.",Released
20190814,CVE-2019-9516,7.5,6.5,1145582,firefox-atk,https://www.suse.com/security/cve/CVE-2019-9516,"Some HTTP/2 implementations are vulnerable to a header leak, potentially leading to a denial of service. The attacker sends a stream of headers with a 0-length header name and 0-length header value, optionally Huffman encoded into 1-byte or greater headers. Some implementations allocate memory for these headers and keep the allocation alive until the session dies. This can consume excess memory.",Released
20190814,CVE-2019-9516,7.5,6.5,1145582,firefox-cairo,https://www.suse.com/security/cve/CVE-2019-9516,"Some HTTP/2 implementations are vulnerable to a header leak, potentially leading to a denial of service. The attacker sends a stream of headers with a 0-length header name and 0-length header value, optionally Huffman encoded into 1-byte or greater headers. Some implementations allocate memory for these headers and keep the allocation alive until the session dies. This can consume excess memory.",Released
20190814,CVE-2019-9516,7.5,6.5,1145582,firefox-gcc8,https://www.suse.com/security/cve/CVE-2019-9516,"Some HTTP/2 implementations are vulnerable to a header leak, potentially leading to a denial of service. The attacker sends a stream of headers with a 0-length header name and 0-length header value, optionally Huffman encoded into 1-byte or greater headers. Some implementations allocate memory for these headers and keep the allocation alive until the session dies. This can consume excess memory.",Released
20190814,CVE-2019-9516,7.5,6.5,1145582,firefox-gdk-pixbuf,https://www.suse.com/security/cve/CVE-2019-9516,"Some HTTP/2 implementations are vulnerable to a header leak, potentially leading to a denial of service. The attacker sends a stream of headers with a 0-length header name and 0-length header value, optionally Huffman encoded into 1-byte or greater headers. Some implementations allocate memory for these headers and keep the allocation alive until the session dies. This can consume excess memory.",Released
20190814,CVE-2019-9516,7.5,6.5,1145582,firefox-glib2,https://www.suse.com/security/cve/CVE-2019-9516,"Some HTTP/2 implementations are vulnerable to a header leak, potentially leading to a denial of service. The attacker sends a stream of headers with a 0-length header name and 0-length header value, optionally Huffman encoded into 1-byte or greater headers. Some implementations allocate memory for these headers and keep the allocation alive until the session dies. This can consume excess memory.",Released
20190814,CVE-2019-9516,7.5,6.5,1145582,firefox-gtk3,https://www.suse.com/security/cve/CVE-2019-9516,"Some HTTP/2 implementations are vulnerable to a header leak, potentially leading to a denial of service. The attacker sends a stream of headers with a 0-length header name and 0-length header value, optionally Huffman encoded into 1-byte or greater headers. Some implementations allocate memory for these headers and keep the allocation alive until the session dies. This can consume excess memory.",Released
20190814,CVE-2019-9516,7.5,6.5,1145582,firefox-harfbuzz,https://www.suse.com/security/cve/CVE-2019-9516,"Some HTTP/2 implementations are vulnerable to a header leak, potentially leading to a denial of service. The attacker sends a stream of headers with a 0-length header name and 0-length header value, optionally Huffman encoded into 1-byte or greater headers. Some implementations allocate memory for these headers and keep the allocation alive until the session dies. This can consume excess memory.",Released
20190814,CVE-2019-9516,7.5,6.5,1145582,firefox-libffi-gcc5,https://www.suse.com/security/cve/CVE-2019-9516,"Some HTTP/2 implementations are vulnerable to a header leak, potentially leading to a denial of service. The attacker sends a stream of headers with a 0-length header name and 0-length header value, optionally Huffman encoded into 1-byte or greater headers. Some implementations allocate memory for these headers and keep the allocation alive until the session dies. This can consume excess memory.",Released
20190814,CVE-2019-9516,7.5,6.5,1145582,firefox-libffi,https://www.suse.com/security/cve/CVE-2019-9516,"Some HTTP/2 implementations are vulnerable to a header leak, potentially leading to a denial of service. The attacker sends a stream of headers with a 0-length header name and 0-length header value, optionally Huffman encoded into 1-byte or greater headers. Some implementations allocate memory for these headers and keep the allocation alive until the session dies. This can consume excess memory.",Released
20190814,CVE-2019-9516,7.5,6.5,1145582,firefox-pango,https://www.suse.com/security/cve/CVE-2019-9516,"Some HTTP/2 implementations are vulnerable to a header leak, potentially leading to a denial of service. The attacker sends a stream of headers with a 0-length header name and 0-length header value, optionally Huffman encoded into 1-byte or greater headers. Some implementations allocate memory for these headers and keep the allocation alive until the session dies. This can consume excess memory.",Released
20190815,CVE-2019-10092,7.1,6.1,1145740,apache2,https://www.suse.com/security/cve/CVE-2019-10092,"In Apache HTTP Server 2.4.0-2.4.39, a limited cross-site scripting issue was reported affecting the mod_proxy error page. An attacker could cause the link on the error page to be malformed and instead point to a page of their choice. This would only be exploitable where a server was set up with proxying enabled but was misconfigured in such a way that the Proxy Error page was displayed.",Released
20190815,CVE-2019-10098,8.2,6.1,1145738,apache2,https://www.suse.com/security/cve/CVE-2019-10098,"In Apache HTTP server 2.4.0 to 2.4.39, Redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an unexpected URL within the request URL.",Released
20190816,CVE-2019-15118,5.5,5.5,1145922,kernel-source,https://www.suse.com/security/cve/CVE-2019-15118,"check_input_term in sound/usb/mixer.c in the Linux kernel through 5.2.9 mishandles recursion, leading to kernel stack exhaustion.",Released
20190819,CVE-2017-18551,4.7,6.7,1146163,kernel-source,https://www.suse.com/security/cve/CVE-2017-18551,"An issue was discovered in drivers/i2c/i2c-core-smbus.c in the Linux kernel before 4.14.15. There is an out of bounds write in the function i2c_smbus_xfer_emulated.",Released
20190819,CVE-2019-14980,3.3,6.5,1146068,ImageMagick,https://www.suse.com/security/cve/CVE-2019-14980,"In ImageMagick 7.x before 7.0.8-42 and 6.x before 6.9.10-42, there is a use after free vulnerability in the UnmapBlob function that allows an attacker to cause a denial of service by sending a crafted file.",Released
20190819,CVE-2019-15139,3.3,6.5,1146213,ImageMagick,https://www.suse.com/security/cve/CVE-2019-15139,"The XWD image (X Window System window dumping file) parsing component in ImageMagick 7.0.8-41 Q16 allows attackers to cause a denial-of-service (application crash resulting from an out-of-bounds Read) in ReadXWDImage in coders/xwd.c by crafting a corrupted XWD image file, a different vulnerability than CVE-2019-11472.",Released
20190819,CVE-2019-15140,3.3,8.8,1146212,ImageMagick,https://www.suse.com/security/cve/CVE-2019-15140,"coders/mat.c in ImageMagick 7.0.8-43 Q16 allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly have unspecified other impact by crafting a Matlab image file that is mishandled in ReadImage in MagickCore/constitute.c.",Released
20190819,CVE-2019-15141,3.3,6.5,1146211,ImageMagick,https://www.suse.com/security/cve/CVE-2019-15141,"WriteTIFFImage in coders/tiff.c in ImageMagick 7.0.8-43 Q16 allows attackers to cause a denial-of-service (application crash resulting from a heap-based buffer over-read) via a crafted TIFF image file, related to TIFFRewriteDirectory, TIFFWriteDirectory, TIFFWriteDirectorySec, and TIFFWriteDirectoryTagColormap in tif_dirwrite.c of LibTIFF. NOTE: this occurs because of an incomplete fix for CVE-2019-11597.",Released
20190820,CVE-2018-20976,4.4,7.8,1146285,kernel-source,https://www.suse.com/security/cve/CVE-2018-20976,"An issue was discovered in fs/xfs/xfs_super.c in the Linux kernel before 4.18. A use after free exists, related to xfs_fs_fill_super failure.",Released
20190820,CVE-2019-11041,8.8,7.1,1146360,php53,https://www.suse.com/security/cve/CVE-2019-11041,"When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash.",Released
20190820,CVE-2019-15133,6.5,6.5,1146299,giflib,https://www.suse.com/security/cve/CVE-2019-15133,"In GIFLIB before 2019-02-16, a malformed GIF file triggers a divide-by-zero exception in the decoder function DGifSlurp in dgif_lib.c if the height field of the ImageSize data structure is equal to zero.",Unsupported
20190820,CVE-2019-15212,5.7,4.6,1146391,kernel-source,https://www.suse.com/security/cve/CVE-2019-15212,"An issue was discovered in the Linux kernel before 5.1.8. There is a double-free caused by a malicious USB device in the drivers/usb/misc/rio500.c driver.",Released
20190820,CVE-2019-15216,4.9,4.6,1146361,kernel-source,https://www.suse.com/security/cve/CVE-2019-15216,"An issue was discovered in the Linux kernel before 5.0.14. There is a NULL pointer dereference caused by a malicious USB device in the drivers/usb/misc/yurex.c driver.",Released
20190820,CVE-2019-15218,4.6,4.6,1146413,kernel-source,https://www.suse.com/security/cve/CVE-2019-15218,"An issue was discovered in the Linux kernel before 5.1.8. There is a NULL pointer dereference caused by a malicious USB device in the drivers/media/usb/siano/smsusb.c driver.",Released
20190820,CVE-2019-8675,8.8,8.8,1146358,cups,https://www.suse.com/security/cve/CVE-2019-8675,"A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra. An attacker in a privileged network position may be able to execute arbitrary code.",Released
20190820,CVE-2019-8696,8.8,8.8,1146358,cups,https://www.suse.com/security/cve/CVE-2019-8696,"A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra. An attacker in a privileged network position may be able to execute arbitrary code.",Released
20190821,CVE-2019-15142,3.3,5.5,1146702,djvulibre,https://www.suse.com/security/cve/CVE-2019-15142,"In DjVuLibre 3.5.27, DjVmDir.cpp in the DJVU reader component allows attackers to cause a denial-of-service (application crash in GStringRep::strdup in libdjvu/GString.cpp caused by a heap-based buffer over-read) by crafting a DJVU file.",Released
20190821,CVE-2019-15143,5.5,5.5,1146569,djvulibre,https://www.suse.com/security/cve/CVE-2019-15143,"In DjVuLibre 3.5.27, the bitmap reader component allows attackers to cause a denial-of-service error (resource exhaustion caused by a GBitmap::read_rle_raw infinite loop) by crafting a corrupted image file, related to libdjvu/DjVmDir.cpp and libdjvu/GBitmap.cpp.",Released
20190821,CVE-2019-15144,5.5,5.5,1146571,djvulibre,https://www.suse.com/security/cve/CVE-2019-15144,"In DjVuLibre 3.5.27, the sorting functionality (aka GArrayTemplate<TYPE>::sort) allows attackers to cause a denial-of-service (application crash due to an Uncontrolled Recursion) by crafting a PBM image file that is mishandled in libdjvu/GContainer.h.",Released
20190821,CVE-2019-15145,5.5,5.5,1146572,djvulibre,https://www.suse.com/security/cve/CVE-2019-15145,"DjVuLibre 3.5.27 allows attackers to cause a denial-of-service attack (application crash via an out-of-bounds read) by crafting a corrupted JB2 image file that is mishandled in JB2Dict::JB2Codec::get_direct_context in libdjvu/JB2Image.h because of a missing zero-bytes check in libdjvu/GBitmap.h.",Released
20190821,CVE-2019-15211,4.6,4.6,1146519,kernel-source,https://www.suse.com/security/cve/CVE-2019-15211,"An issue was discovered in the Linux kernel before 5.2.6. There is a use-after-free caused by a malicious USB device in the drivers/media/v4l2-core/v4l2-dev.c driver because drivers/media/radio/radio-raremono.c does not properly allocate memory.",Released
20190821,CVE-2019-15213,5.2,4.6,1146519,kernel-source,https://www.suse.com/security/cve/CVE-2019-15213,"An issue was discovered in the Linux kernel before 5.2.3. There is a use-after-free caused by a malicious USB device in the drivers/media/usb/dvb-usb/dvb-usb-init.c driver.",Released
20190821,CVE-2019-15214,3.3,4.7,1146519,kernel-source,https://www.suse.com/security/cve/CVE-2019-15214,"An issue was discovered in the Linux kernel before 5.0.10. There is a use-after-free in the sound subsystem because card disconnection causes certain data structures to be deleted too early. This is related to sound/core/init.c and sound/core/info.c.",Released
20190821,CVE-2019-15217,4.6,4.6,1146519,kernel-source,https://www.suse.com/security/cve/CVE-2019-15217,"An issue was discovered in the Linux kernel before 5.2.3. There is a NULL pointer dereference caused by a malicious USB device in the drivers/media/usb/zr364xx/zr364xx.c driver.",Released
20190821,CVE-2019-15219,4.6,4.6,1146519,kernel-source,https://www.suse.com/security/cve/CVE-2019-15219,"An issue was discovered in the Linux kernel before 5.1.8. There is a NULL pointer dereference caused by a malicious USB device in the drivers/usb/misc/sisusbvga/sisusb.c driver.",Released
20190821,CVE-2019-15220,5.2,4.6,1146519,kernel-source,https://www.suse.com/security/cve/CVE-2019-15220,"An issue was discovered in the Linux kernel before 5.2.1. There is a use-after-free caused by a malicious USB device in the drivers/net/wireless/intersil/p54/p54usb.c driver.",Released
20190821,CVE-2019-15221,4.6,4.6,1146519,kernel-source,https://www.suse.com/security/cve/CVE-2019-15221,"An issue was discovered in the Linux kernel before 5.1.17. There is a NULL pointer dereference caused by a malicious USB device in the sound/usb/line6/pcm.c driver.",Released
20190821,CVE-2019-15222,4.6,4.6,1146519,kernel-source,https://www.suse.com/security/cve/CVE-2019-15222,"An issue was discovered in the Linux kernel before 5.2.8. There is a NULL pointer dereference caused by a malicious USB device in the sound/usb/helper.c (motu_microbookii) driver.",Released
20190821,CVE-2019-15223,4.6,4.6,1146519,kernel-source,https://www.suse.com/security/cve/CVE-2019-15223,"An issue was discovered in the Linux kernel before 5.1.8. There is a NULL pointer dereference caused by a malicious USB device in the sound/usb/line6/driver.c driver.",Released
20190821,CVE-2019-15239,7.5,7.8,1146589,kernel-source,https://www.suse.com/security/cve/CVE-2019-15239,"In the Linux kernel, a certain net/ipv4/tcp_output.c change, which was properly incorporated into 4.16.12, was incorrectly backported to the earlier longterm kernels, introducing a new vulnerability that was potentially more severe than the issue that was intended to be fixed by backporting. Specifically, by adding to a write queue between disconnection and re-connection, a local attacker can trigger multiple use-after-free conditions. This can result in a kernel crash, or potentially in privilege escalation. NOTE: this affects (for example) Linux distributions that use 4.9.x longterm kernels before 4.9.190 or 4.14.x longterm kernels before 4.14.139.",Unsupported
20190821,CVE-2019-15291,4.6,4.6,1146519,kernel-source,https://www.suse.com/security/cve/CVE-2019-15291,"An issue was discovered in the Linux kernel through 5.2.9. There is a NULL pointer dereference caused by a malicious USB device in the flexcop_usb_probe function in the drivers/media/usb/b2c2/flexcop-usb.c driver.",Released
20190821,CVE-2019-15292,8.1,4.7,1146678,kernel-source,https://www.suse.com/security/cve/CVE-2019-15292,"An issue was discovered in the Linux kernel before 5.0.9. There is a use-after-free in atalk_proc_exit, related to net/appletalk/atalk_proc.c, net/appletalk/ddp.c, and net/appletalk/sysctl_net_atalk.c.",Released
20190822,CVE-2019-12068,4.4,3.8,1146873,kvm,https://www.suse.com/security/cve/CVE-2019-12068,"In QEMU 1:4.1-1, 1:2.1+dfsg-12+deb8u6, 1:2.8+dfsg-6+deb9u8, 1:3.1+dfsg-8~deb10u1, 1:3.1+dfsg-8+deb10u2, and 1:2.1+dfsg-12+deb8u12 (fixed), when executing script in lsi_execute_script(), the LSI scsi adapter emulator advances 's->dsp' index to read next opcode. This can lead to an infinite loop if the next opcode is empty. Move the existing loop exit after 10k iterations so that it covers no-op opcodes as well.",Released
20190822,CVE-2019-12068,4.4,3.8,1146873,xen,https://www.suse.com/security/cve/CVE-2019-12068,"In QEMU 1:4.1-1, 1:2.1+dfsg-12+deb8u6, 1:2.8+dfsg-6+deb9u8, 1:3.1+dfsg-8~deb10u1, 1:3.1+dfsg-8+deb10u2, and 1:2.1+dfsg-12+deb8u12 (fixed), when executing script in lsi_execute_script(), the LSI scsi adapter emulator advances 's->dsp' index to read next opcode. This can lead to an infinite loop if the next opcode is empty. Move the existing loop exit after 10k iterations so that it covers no-op opcodes as well.",Released
20190823,CVE-2019-11771,,7.8,1147021,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2019-11771,"AIX builds of Eclipse OpenJ9 before 0.15.0 contain unused RPATHs which may facilitate code injection and privilege elevation by local users.",Released
20190823,CVE-2019-11772,8.8,9.8,1147021,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2019-11772,"In Eclipse OpenJ9 prior to 0.15, the String.getBytes(int, int, byte[], int) method does not verify that the provided byte array is non-null nor that the provided index is in bounds when compiled by the JIT. This allows arbitrary writes to any 32-bit address or beyond the end of a byte array within Java code run under a SecurityManager.",Released
20190823,CVE-2019-11775,8.8,7.4,1147021,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2019-11775,"All builds of Eclipse OpenJ9 prior to 0.15 contain a bug where the loop versioner may fail to privatize a value that is pulled out of the loop by versioning - for example if there is a condition that is moved out of the loop that reads a field we may not privatize the value of that field in the modified copy of the loop allowing the test to see one value of the field and subsequently the loop to see a modified field value without retesting the condition moved out of the loop. This can lead to a variety of different issues but read out of array bounds is one major consequence of these problems.",Released
20190823,CVE-2019-12625,7.5,7.5,1144504,clamav,https://www.suse.com/security/cve/CVE-2019-12625,"ClamAV versions prior to 0.101.3 are susceptible to a zip bomb vulnerability where an unauthenticated attacker can cause a denial of service condition by sending crafted messages to an affected system.",Released
20190823,CVE-2019-15505,6.1,9.8,1147122,kernel-source,https://www.suse.com/security/cve/CVE-2019-15505,"drivers/media/usb/dvb-usb/technisat-usb2.c in the Linux kernel through 5.2.9 has an out-of-bounds read via crafted USB device traffic (which may be remote via usbip or usbredir).",Released
20190823,CVE-2019-4473,7.8,7.8,1147021,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2019-4473,"Multiple binaries in IBM SDK, Java Technology Edition 7, 7R, and 8 on the AIX platform use insecure absolute RPATHs, which may facilitate code injection and privilege elevation by local users. IBM X-Force ID: 163984.",Released
20190830,CVE-2019-13627,5.5,6.3,1148987,libgcrypt,https://www.suse.com/security/cve/CVE-2019-13627,"It was discovered that there was a ECDSA timing attack in the libgcrypt20 cryptographic library. Version affected: 1.8.4-5, 1.7.6-2+deb9u3, and 1.6.3-2+deb8u4. Versions fixed: 1.8.5-2 and 1.6.3-2+deb8u7.",Released
20190830,CVE-2019-15807,5.9,4.7,1148938,kernel-source,https://www.suse.com/security/cve/CVE-2019-15807,"In the Linux kernel before 5.1.13, there is a memory leak in drivers/scsi/libsas/sas_expander.c when SAS expander discovery fails. This will cause a BUG and denial of service.",Released
20190903,CVE-2019-15847,6.2,7.5,1149145,gcc43,https://www.suse.com/security/cve/CVE-2019-15847,"The POWER9 backend in GNU Compiler Collection (GCC) before version 10 could optimize multiple calls of the __builtin_darn intrinsic into a single call, thus reducing the entropy of the random number generator. This occurred because a volatile operation was not specified. For example, within a single execution of a program, the output of every __builtin_darn() call may be the same.",Ignore
20190903,CVE-2019-15847,6.2,7.5,1149145,gcc,https://www.suse.com/security/cve/CVE-2019-15847,"The POWER9 backend in GNU Compiler Collection (GCC) before version 10 could optimize multiple calls of the __builtin_darn intrinsic into a single call, thus reducing the entropy of the random number generator. This occurred because a volatile operation was not specified. For example, within a single execution of a program, the output of every __builtin_darn() call may be the same.",Ignore
20190904,CVE-2015-9381,4.4,8.8,1149384,freetype2,https://www.suse.com/security/cve/CVE-2015-9381,"FreeType before 2.6.1 has a heap-based buffer over-read in T1_Get_Private_Dict in type1/t1parse.c.",Released
20190904,CVE-2015-9382,4.4,6.5,1149395,freetype2,https://www.suse.com/security/cve/CVE-2015-9382,"FreeType before 2.6.1 has a buffer over-read in skip_comment in psaux/psobjs.c because ps_parser_skip_PS_token is mishandled in an FT_New_Memory_Face operation.",Released
20190904,CVE-2015-9383,4.4,6.5,1149397,freetype2,https://www.suse.com/security/cve/CVE-2015-9383,"FreeType before 2.6.2 has a heap-based buffer over-read in tt_cmap14_validate in sfnt/ttcmap.c.",Released
20190904,CVE-2019-15860,4,5.5,1149340,poppler,https://www.suse.com/security/cve/CVE-2019-15860,"Xpdf 2.00 allows a SIGSEGV in XRef::constructXRef in XRef.cc. NOTE: 2.00 is a version from November 2002.",Already fixed
20190904,CVE-2019-15902,6.2,9.8,1149376,kernel-source,https://www.suse.com/security/cve/CVE-2019-15902,"A backporting error was discovered in the Linux stable/longterm kernel 4.4.x through 4.4.190, 4.9.x through 4.9.190, 4.14.x through 4.14.141, 4.19.x through 4.19.69, and 5.2.x through 5.2.11. Misuse of the upstream \"x86/ptrace: Fix possible spectre-v1 in ptrace_get_debugreg()\" commit reintroduced the Spectre vulnerability that it aimed to eliminate. This occurred because the backport process depends on cherry picking specific commits, and because two (correctly ordered) code lines were swapped.",Released
20190904,CVE-2019-15903,7.5,7.5,1149429,expat,https://www.suse.com/security/cve/CVE-2019-15903,"In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber) then resulted in a heap-based buffer over-read.",Released
20190904,CVE-2019-15903,7.5,7.5,1149429,firefox-atk,https://www.suse.com/security/cve/CVE-2019-15903,"In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber) then resulted in a heap-based buffer over-read.",Released
20190904,CVE-2019-15903,7.5,7.5,1149429,firefox-cairo,https://www.suse.com/security/cve/CVE-2019-15903,"In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber) then resulted in a heap-based buffer over-read.",Released
20190904,CVE-2019-15903,7.5,7.5,1149429,firefox-gcc8,https://www.suse.com/security/cve/CVE-2019-15903,"In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber) then resulted in a heap-based buffer over-read.",Released
20190904,CVE-2019-15903,7.5,7.5,1149429,firefox-gdk-pixbuf,https://www.suse.com/security/cve/CVE-2019-15903,"In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber) then resulted in a heap-based buffer over-read.",Released
20190904,CVE-2019-15903,7.5,7.5,1149429,firefox-glib2,https://www.suse.com/security/cve/CVE-2019-15903,"In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber) then resulted in a heap-based buffer over-read.",Released
20190904,CVE-2019-15903,7.5,7.5,1149429,firefox-gtk3,https://www.suse.com/security/cve/CVE-2019-15903,"In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber) then resulted in a heap-based buffer over-read.",Released
20190904,CVE-2019-15903,7.5,7.5,1149429,firefox-harfbuzz,https://www.suse.com/security/cve/CVE-2019-15903,"In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber) then resulted in a heap-based buffer over-read.",Released
20190904,CVE-2019-15903,7.5,7.5,1149429,firefox-libffi-gcc5,https://www.suse.com/security/cve/CVE-2019-15903,"In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber) then resulted in a heap-based buffer over-read.",Released
20190904,CVE-2019-15903,7.5,7.5,1149429,firefox-libffi,https://www.suse.com/security/cve/CVE-2019-15903,"In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber) then resulted in a heap-based buffer over-read.",Released
20190904,CVE-2019-15903,7.5,7.5,1149429,firefox-pango,https://www.suse.com/security/cve/CVE-2019-15903,"In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber) then resulted in a heap-based buffer over-read.",Released
20190904,CVE-2019-15916,3.7,7.5,1149448,kernel-source,https://www.suse.com/security/cve/CVE-2019-15916,"An issue was discovered in the Linux kernel before 5.0.1. There is a memory leak in register_queue_kobjects() in net/core/net-sysfs.c, which will cause denial of service.",Released
20190905,CVE-2018-21009,4,8.8,1149635,poppler,https://www.suse.com/security/cve/CVE-2018-21009,"Poppler before 0.66.0 has an integer overflow in Parser::makeStream in Parser.cc.",Unsupported
20190905,CVE-2019-15927,4.9,7.8,1149522,kernel-source,https://www.suse.com/security/cve/CVE-2019-15927,"An issue was discovered in the Linux kernel before 4.20.2. An out-of-bounds access exists in the function build_audio_procunit in the file sound/usb/mixer.c.",Released
20190905,CVE-2019-5482,7.1,9.8,1149496,curl,https://www.suse.com/security/cve/CVE-2019-5482,"Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3.",Released
20190906,CVE-2019-15890,5.8,,1149811,kvm,https://www.suse.com/security/cve/CVE-2019-15890,"libslirp 4.0.0, as used in QEMU 4.1.0, has a use-after-free in ip_reass in ip_input.c.",Released
20190906,CVE-2019-15890,5.8,,1149811,xen,https://www.suse.com/security/cve/CVE-2019-15890,"libslirp 4.0.0, as used in QEMU 4.1.0, has a use-after-free in ip_reass in ip_input.c.",Released
20190906,CVE-2019-15945,5.1,6.4,1149746,opensc,https://www.suse.com/security/cve/CVE-2019-15945,"OpenSC before 0.20.0-rc1 has an out-of-bounds access of an ASN.1 Bitstring in decode_bit_string in libopensc/asn1.c.",Released
20190906,CVE-2019-15946,5.1,6.4,1149747,opensc,https://www.suse.com/security/cve/CVE-2019-15946,"OpenSC before 0.20.0-rc1 has an out-of-bounds access of an ASN.1 Octet string in asn1_decode_entry in libopensc/asn1.c.",Released
20190909,CVE-2019-1547,5.5,4.7,1150003,openssl,https://www.suse.com/security/cve/CVE-2019-1547,"Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths. However, in some cases, it is possible to construct a group using explicit parameters (instead of using a named curve). In those cases it is possible that such a group does not have the cofactor present. This can occur even where all the parameters match a known named curve. If such a curve is used then OpenSSL falls back to non-side channel resistant code paths which may result in full key recovery during an ECDSA signature operation. In order to be vulnerable an attacker would have to have the ability to time the creation of a large number of signatures where explicit parameters with no co-factor present are in use by an application using libcrypto. For the avoidance of doubt libssl is not vulnerable because explicit parameters are never used. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s).",Released
20190909,CVE-2019-16056,6.5,7.5,1149955,python,https://www.suse.com/security/cve/CVE-2019-16056,"An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. The email module wrongly parses email addresses that contain multiple @ characters. An application that uses the email module and implements some kind of checks on the From/To headers of a message could be tricked into accepting an email address that should be denied. An attack may be the same as in CVE-2019-11340; however, this CVE applies to Python more generally.",Released
20190909,CVE-2019-9456,6.7,6.7,1150025,kernel-source,https://www.suse.com/security/cve/CVE-2019-9456,"In the Android kernel in Pixel C USB monitor driver there is a possible OOB write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.",Released
20190910,CVE-2019-14835,7.8,7.2,1150112,kernel-source,https://www.suse.com/security/cve/CVE-2019-14835,"A buffer overflow flaw was found, in versions from 2.6.34 to 5.2.x, in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid length to the host when migration is underway, could use this flaw to increase their privileges on the host.",Released
20190911,CVE-2019-1563,5.3,3.7,1150250,openssl,https://www.suse.com/security/cve/CVE-2019-1563,"In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message that was encrypted with the public RSA key, using a Bleichenbacher padding oracle attack. Applications are not affected if they use a certificate together with the private RSA key to the CMS_decrypt or PKCS7_decrypt functions to select the correct recipient info to decrypt. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s).",Released
20190912,CVE-2019-16230,4,,1150466,kernel-source,https://www.suse.com/security/cve/CVE-2019-16230,"** DISPUTED ** drivers/gpu/drm/radeon/radeon_display.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference. NOTE: A third-party software maintainer states that the work queue allocation is happening during device initialization, which for a graphics card occurs during boot. It is not attacker controllable and OOM at that time is highly unlikely.",Ignore
20190912,CVE-2019-16232,4,4.1,1150465,kernel-source,https://www.suse.com/security/cve/CVE-2019-16232,"drivers/net/wireless/marvell/libertas/if_sdio.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference.",Released
20190912,CVE-2019-16233,4,4.1,1150457,kernel-source,https://www.suse.com/security/cve/CVE-2019-16233,"drivers/scsi/qla2xxx/qla_os.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference.",Released
20190912,CVE-2019-16234,4,4.7,1150452,kernel-source,https://www.suse.com/security/cve/CVE-2019-16234,"drivers/net/wireless/intel/iwlwifi/pcie/trans.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference.",Released
20190916,CVE-2019-16275,4.3,6.5,1150934,wpa_supplicant,https://www.suse.com/security/cve/CVE-2019-16275,"hostapd before 2.10 and wpa_supplicant before 2.10 allow an incorrect indication of disconnection in certain situations because source address validation is mishandled. This is a denial of service that should have been prevented by PMF (aka management frame protection). The attacker must send a crafted 802.11 frame from a location that is within the 802.11 communications range.",Released
20190916,CVE-2019-3690,6.8,7.8,1148336,permissions,https://www.suse.com/security/cve/CVE-2019-3690,"The chkstat tool in the permissions package followed symlinks before commit a9e1d26cd49ef9ee0c2060c859321128a6dd4230 (please also check the additional hardenings after this fix). This allowed local attackers with control over a path that is traversed by chkstat to escalate privileges.",Released
20190919,CVE-2019-14821,6.8,7.5,1151350,kernel-source,https://www.suse.com/security/cve/CVE-2019-14821,"An out-of-bounds access issue was found in the Linux kernel, all versions through 5.3, in the way Linux kernel's KVM hypervisor implements the Coalesced MMIO write operation. It operates on an MMIO ring buffer 'struct kvm_coalesced_mmio' object, wherein write indices 'ring->first' and 'ring->last' value could be supplied by a host user-space process. An unprivileged host user or process with access to '/dev/kvm' device could use this flaw to crash the host kernel, resulting in a denial of service or potentially escalating privileges on the system.",Released
20190919,CVE-2019-16413,6.2,,1151347,kernel-source,https://www.suse.com/security/cve/CVE-2019-16413,"An issue was discovered in the Linux kernel before 5.0.4. The 9p filesystem did not protect i_size_write() properly, which causes an i_size_read() infinite loop and denial of service on SMP systems.",Released
20190924,CVE-2019-16707,3.3,6.5,1151867,hunspell,https://www.suse.com/security/cve/CVE-2019-16707,"Hunspell 1.7.0 has an invalid read operation in SuggestMgr::leftcommonsubstring in suggestmgr.cxx.",Released
20190924,CVE-2019-16708,5.3,6.5,1151781,ImageMagick,https://www.suse.com/security/cve/CVE-2019-16708,"ImageMagick 7.0.8-35 has a memory leak in magick/xwindow.c, related to XCreateImage.",Released
20190924,CVE-2019-16709,5.3,6.5,1151782,ImageMagick,https://www.suse.com/security/cve/CVE-2019-16709,"ImageMagick 7.0.8-35 has a memory leak in coders/dps.c, as demonstrated by XCreateImage.",Released
20190924,CVE-2019-16710,5.3,6.5,1151783,ImageMagick,https://www.suse.com/security/cve/CVE-2019-16710,"ImageMagick 7.0.8-35 has a memory leak in coders/dot.c, as demonstrated by AcquireMagickMemory in MagickCore/memory.c.",Released
20190924,CVE-2019-16713,5.3,6.5,1151786,ImageMagick,https://www.suse.com/security/cve/CVE-2019-16713,"ImageMagick 7.0.8-43 has a memory leak in coders/dot.c, as demonstrated by PingImage in MagickCore/constitute.c.",Released
20190926,CVE-2019-16746,7.3,9.8,1152107,kernel-source,https://www.suse.com/security/cve/CVE-2019-16746,"An issue was discovered in net/wireless/nl80211.c in the Linux kernel through 5.2.17. It does not check the length of variable elements in a beacon head, leading to a buffer overflow.",Released
20191002,CVE-2019-17052,5.1,3.3,1152779,kernel-source,https://www.suse.com/security/cve/CVE-2019-17052,"ax25_create in net/ax25/af_ax25.c in the AF_AX25 network module in the Linux kernel 3.16 through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-0614e2b73768.",Released
20191002,CVE-2019-17053,4,,1152789,kernel-source,https://www.suse.com/security/cve/CVE-2019-17053,"ieee802154_create in net/ieee802154/socket.c in the AF_IEEE802154 network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-e69dbd4619e7.",Released
20191002,CVE-2019-17054,3.3,,1152786,kernel-source,https://www.suse.com/security/cve/CVE-2019-17054,"atalk_create in net/appletalk/ddp.c in the AF_APPLETALK network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-6cc03e8aa36c.",Released
20191002,CVE-2019-17055,4,3.3,1152782,kernel-source,https://www.suse.com/security/cve/CVE-2019-17055,"base_sock_create in drivers/isdn/mISDN/socket.c in the AF_ISDN network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-b91ee4aa2a21.",Released
20191002,CVE-2019-17075,5.5,7.5,1152790,kernel-source,https://www.suse.com/security/cve/CVE-2019-17075,"An issue was discovered in write_tpt_entry in drivers/infiniband/hw/cxgb4/mem.c in the Linux kernel through 5.3.2. The cxgb4 driver is directly calling dma_map_single (a DMA function) from a stack variable. This could allow an attacker to trigger a Denial of Service, exploitable if this driver is used on an architecture for which this stack/DMA interaction has security relevance.",Ignore
20191004,CVE-2018-10103,5.3,9.8,1153098,tcpdump,https://www.suse.com/security/cve/CVE-2018-10103,"tcpdump before 4.9.3 mishandles the printing of SMB data (issue 1 of 2).",Released
20191004,CVE-2018-10105,5.3,9.8,1153098,tcpdump,https://www.suse.com/security/cve/CVE-2018-10105,"tcpdump before 4.9.3 mishandles the printing of SMB data (issue 2 of 2).",Released
20191004,CVE-2018-14461,5.3,7.5,1153098,tcpdump,https://www.suse.com/security/cve/CVE-2018-14461,"The LDP parser in tcpdump before 4.9.3 has a buffer over-read in print-ldp.c:ldp_tlv_print().",Released
20191004,CVE-2018-14462,5.3,7.5,1153098,tcpdump,https://www.suse.com/security/cve/CVE-2018-14462,"The ICMP parser in tcpdump before 4.9.3 has a buffer over-read in print-icmp.c:icmp_print().",Released
20191004,CVE-2018-14463,5.3,7.5,1153098,tcpdump,https://www.suse.com/security/cve/CVE-2018-14463,"The VRRP parser in tcpdump before 4.9.3 has a buffer over-read in print-vrrp.c:vrrp_print() for VRRP version 2, a different vulnerability than CVE-2019-15167.",Released
20191004,CVE-2018-14464,5.3,7.5,1153098,tcpdump,https://www.suse.com/security/cve/CVE-2018-14464,"The LMP parser in tcpdump before 4.9.3 has a buffer over-read in print-lmp.c:lmp_print_data_link_subobjs().",Released
20191004,CVE-2018-14465,5.3,7.5,1153098,tcpdump,https://www.suse.com/security/cve/CVE-2018-14465,"The RSVP parser in tcpdump before 4.9.3 has a buffer over-read in print-rsvp.c:rsvp_obj_print().",Released
20191004,CVE-2018-14466,5.3,7.5,1153098,tcpdump,https://www.suse.com/security/cve/CVE-2018-14466,"The Rx parser in tcpdump before 4.9.3 has a buffer over-read in print-rx.c:rx_cache_find() and rx_cache_insert().",Released
20191004,CVE-2018-14467,5.3,7.5,1153098,tcpdump,https://www.suse.com/security/cve/CVE-2018-14467,"The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_capabilities_print() (BGP_CAPCODE_MP).",Released
20191004,CVE-2018-14468,5.3,7.5,1153098,tcpdump,https://www.suse.com/security/cve/CVE-2018-14468,"The FRF.16 parser in tcpdump before 4.9.3 has a buffer over-read in print-fr.c:mfr_print().",Released
20191004,CVE-2018-14469,5.3,7.5,1153098,tcpdump,https://www.suse.com/security/cve/CVE-2018-14469,"The IKEv1 parser in tcpdump before 4.9.3 has a buffer over-read in print-isakmp.c:ikev1_n_print().",Released
20191004,CVE-2018-14470,5.3,7.5,1153098,tcpdump,https://www.suse.com/security/cve/CVE-2018-14470,"The Babel parser in tcpdump before 4.9.3 has a buffer over-read in print-babel.c:babel_print_v2().",Released
20191004,CVE-2018-14879,0,7,1153098,tcpdump,https://www.suse.com/security/cve/CVE-2018-14879,"The command-line argument parser in tcpdump before 4.9.3 has a buffer overflow in tcpdump.c:get_next_file().",Released
20191004,CVE-2018-14880,5.3,7.5,1153098,tcpdump,https://www.suse.com/security/cve/CVE-2018-14880,"The OSPFv3 parser in tcpdump before 4.9.3 has a buffer over-read in print-ospf6.c:ospf6_print_lshdr().",Released
20191004,CVE-2018-14881,5.3,7.5,1153098,tcpdump,https://www.suse.com/security/cve/CVE-2018-14881,"The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_capabilities_print() (BGP_CAPCODE_RESTART).",Released
20191004,CVE-2018-14882,5.3,7.5,1153098,tcpdump,https://www.suse.com/security/cve/CVE-2018-14882,"The ICMPv6 parser in tcpdump before 4.9.3 has a buffer over-read in print-icmp6.c.",Released
20191004,CVE-2018-16227,5.3,7.5,1153098,tcpdump,https://www.suse.com/security/cve/CVE-2018-16227,"The IEEE 802.11 parser in tcpdump before 4.9.3 has a buffer over-read in print-802_11.c for the Mesh Flags subfield.",Released
20191004,CVE-2018-16228,5.3,7.5,1153098,tcpdump,https://www.suse.com/security/cve/CVE-2018-16228,"The HNCP parser in tcpdump before 4.9.3 has a buffer over-read in print-hncp.c:print_prefix().",Released
20191004,CVE-2018-16229,5.3,7.5,1153098,tcpdump,https://www.suse.com/security/cve/CVE-2018-16229,"The DCCP parser in tcpdump before 4.9.3 has a buffer over-read in print-dccp.c:dccp_print_option().",Released
20191004,CVE-2018-16230,5.3,7.5,1153098,tcpdump,https://www.suse.com/security/cve/CVE-2018-16230,"The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_attr_print() (MP_REACH_NLRI).",Released
20191004,CVE-2018-16300,7.5,7.5,1153098,tcpdump,https://www.suse.com/security/cve/CVE-2018-16300,"The BGP parser in tcpdump before 4.9.3 allows stack consumption in print-bgp.c:bgp_attr_print() because of unlimited recursion.",Released
20191004,CVE-2018-16301,,7.8,1153098,tcpdump,https://www.suse.com/security/cve/CVE-2018-16301,"The command-line argument parser in tcpdump before 4.99.0 has a buffer overflow in tcpdump.c:read_infile(). To trigger this vulnerability the attacker needs to create a 4GB file on the local filesystem and to specify the file name as the value of the -F command-line argument of tcpdump.",Released
20191004,CVE-2018-16451,5.3,7.5,1153098,tcpdump,https://www.suse.com/security/cve/CVE-2018-16451,"The SMB parser in tcpdump before 4.9.3 has buffer over-reads in print-smb.c:print_trans() for \MAILSLOT\BROWSE and \PIPE\LANMAN.",Released
20191004,CVE-2018-16452,5.3,7.5,1153098,tcpdump,https://www.suse.com/security/cve/CVE-2018-16452,"The SMB parser in tcpdump before 4.9.3 has stack exhaustion in smbutil.c:smb_fdata() via recursion.",Released
20191004,CVE-2019-15166,5.3,7.5,1153098,tcpdump,https://www.suse.com/security/cve/CVE-2019-15166,"lmp_print_data_link_subobjs() in print-lmp.c in tcpdump before 4.9.3 lacks certain bounds checks.",Released
20191004,CVE-2019-15167,5.3,9.1,1153098,tcpdump,https://www.suse.com/security/cve/CVE-2019-15167,"The VRRP parser in tcpdump before 4.9.3 has a buffer over-read in print-vrrp.c:vrrp_print() for VRRP version 3, a different vulnerability than CVE-2018-14463.",Released
20191004,CVE-2019-15845,5.1,6.5,1152994,ruby,https://www.suse.com/security/cve/CVE-2019-15845,"Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 mishandles path checking within File.fnmatch functions.",Won't fix
20191004,CVE-2019-16201,6.5,7.5,1152995,ruby,https://www.suse.com/security/cve/CVE-2019-16201,"WEBrick::HTTPAuth::DigestAuth in Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 has a regular expression Denial of Service cause by looping/backtracking. A victim must expose a WEBrick server that uses DigestAuth to the Internet or a untrusted network.",Won't fix
20191004,CVE-2019-16254,6.8,5.3,1152992,ruby,https://www.suse.com/security/cve/CVE-2019-16254,"Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows HTTP Response Splitting. If a program using WEBrick inserts untrusted input into the response header, an attacker can exploit it to insert a newline character to split a header, and inject malicious content to deceive clients. NOTE: this issue exists because of an incomplete fix for CVE-2017-17742, which addressed the CRLF vector, but did not address an isolated CR or an isolated LF.",Won't fix
20191004,CVE-2019-16255,7.8,8.1,1152990,ruby,https://www.suse.com/security/cve/CVE-2019-16255,"Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows code injection if the first argument (aka the \"command\" argument) to Shell#[] or Shell#test in lib/shell.rb is untrusted data. An attacker can exploit this to call an arbitrary Ruby method.",Won't fix
20191007,CVE-2019-16935,5.4,6.1,1153238,python,https://www.suse.com/security/cve/CVE-2019-16935,"The documentation XML-RPC server in Python through 2.7.16, 3.x through 3.6.9, and 3.7.x through 3.7.4 has XSS via the server_title field. This occurs in Lib/DocXMLRPCServer.py in Python 2.x, and in Lib/xmlrpc/server.py in Python 3.x. If set_server_title is called with untrusted input, arbitrary JavaScript can be delivered to clients that visit the http URL for this server.",Ignore
20191007,CVE-2019-17133,8.8,9.8,1153158,kernel-source,https://www.suse.com/security/cve/CVE-2019-17133,"In the Linux kernel through 5.3.2, cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c does not reject a long SSID IE, leading to a Buffer Overflow.",Released
20191008,CVE-2019-15161,5.3,5.3,1153332,tcpdump,https://www.suse.com/security/cve/CVE-2019-15161,"rpcapd/daemon.c in libpcap before 1.9.1 mishandles certain length values because of reuse of a variable. This may open up an attack vector involving extra data at the end of a request.",Released
20191008,CVE-2019-15162,5.3,,1153332,tcpdump,https://www.suse.com/security/cve/CVE-2019-15162,"rpcapd/daemon.c in libpcap before 1.9.1 on non-Windows platforms provides details about why authentication failed, which might make it easier for attackers to enumerate valid usernames.",Released
20191008,CVE-2019-15163,5.3,,1153332,tcpdump,https://www.suse.com/security/cve/CVE-2019-15163,"rpcapd/daemon.c in libpcap before 1.9.1 allows attackers to cause a denial of service (NULL pointer dereference and daemon crash) if a crypt() call fails.",Released
20191008,CVE-2019-15164,3.3,,1153332,tcpdump,https://www.suse.com/security/cve/CVE-2019-15164,"rpcapd/daemon.c in libpcap before 1.9.1 allows SSRF because a URL may be provided as a capture source.",Released
20191008,CVE-2019-15165,5.3,5.3,1153332,tcpdump,https://www.suse.com/security/cve/CVE-2019-15165,"sf-pcapng.c in libpcap before 1.9.1 does not properly validate the PHB header length before allocating memory.",Released
20191008,CVE-2019-17340,7,8.8,1126140,xen,https://www.suse.com/security/cve/CVE-2019-17340,"An issue was discovered in Xen through 4.11.x allowing x86 guest OS users to cause a denial of service or gain privileges because grant-table transfer requests are mishandled.",Released
20191008,CVE-2019-17341,,7.8,1126141,xen,https://www.suse.com/security/cve/CVE-2019-17341,"An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges by leveraging a page-writability race condition during addition of a passed-through PCI device.",Released
20191008,CVE-2019-17342,,7,1126192,xen,https://www.suse.com/security/cve/CVE-2019-17342,"An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges by leveraging a race condition that arose when XENMEM_exchange was introduced.",Released
20191008,CVE-2019-17343,,6.8,1126195,xen,https://www.suse.com/security/cve/CVE-2019-17343,"An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges by leveraging incorrect use of the HVM physmap concept for PV domains.",Released
20191008,CVE-2019-17344,5.1,6.5,1126196,xen,https://www.suse.com/security/cve/CVE-2019-17344,"An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service by leveraging a long-running operation that exists to support restartability of PTE updates.",Released
20191008,CVE-2019-17346,6.5,8.8,1126198,xen,https://www.suse.com/security/cve/CVE-2019-17346,"An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges because of an incompatibility between Process Context Identifiers (PCID) and TLB flushes.",Released
20191008,CVE-2019-17347,7.8,7.8,1126201,xen,https://www.suse.com/security/cve/CVE-2019-17347,"An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges because a guest can manipulate its virtualised %cr4 in a way that is incompatible with Linux (and possibly other guest kernels).",Released
20191008,CVE-2019-17348,5.7,6.5,1127400,xen,https://www.suse.com/security/cve/CVE-2019-17348,"An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service because of an incompatibility between Process Context Identifiers (PCID) and shadow-pagetable switching.",Released
20191009,CVE-2019-17041,5.1,9.8,1153451,rsyslog,https://www.suse.com/security/cve/CVE-2019-17041,"An issue was discovered in Rsyslog v8.1908.0. contrib/pmaixforwardedfrom/pmaixforwardedfrom.c has a heap overflow in the parser for AIX log messages. The parser tries to locate a log message delimiter (in this case, a space or a colon) but fails to account for strings that do not satisfy this constraint. If the string does not match, then the variable lenMsg will reach the value zero and will skip the sanity check that detects invalid log messages. The message will then be considered valid, and the parser will eat up the nonexistent colon delimiter. In doing so, it will decrement lenMsg, a signed integer, whose value was zero and now becomes minus one. The following step in the parser is to shift left the contents of the message. To do this, it will call memmove with the right pointers to the target and destination strings, but the lenMsg will now be interpreted as a huge value, causing a heap overflow.",Released
20191009,CVE-2019-17042,5.1,9.8,1153459,rsyslog,https://www.suse.com/security/cve/CVE-2019-17042,"An issue was discovered in Rsyslog v8.1908.0. contrib/pmcisconames/pmcisconames.c has a heap overflow in the parser for Cisco log messages. The parser tries to locate a log message delimiter (in this case, a space or a colon), but fails to account for strings that do not satisfy this constraint. If the string does not match, then the variable lenMsg will reach the value zero and will skip the sanity check that detects invalid log messages. The message will then be considered valid, and the parser will eat up the nonexistent colon delimiter. In doing so, it will decrement lenMsg, a signed integer, whose value was zero and now becomes minus one. The following step in the parser is to shift left the contents of the message. To do this, it will call memmove with the right pointers to the target and destination strings, but the lenMsg will now be interpreted as a huge value, causing a heap overflow.",Released
20191010,CVE-2019-17402,3.3,6.5,1153577,exiv2,https://www.suse.com/security/cve/CVE-2019-17402,"Exiv2 0.27.2 allows attackers to trigger a crash in Exiv2::getULong in types.cpp when called from Exiv2::Internal::CiffDirectory::readDirectory in crwimage_int.cpp, because there is no validation of the relationship of the total size to the offset and size.",Won't fix
20191011,CVE-2019-14287,7,8.8,1153674,sudo,https://www.suse.com/security/cve/CVE-2019-14287,"In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account can bypass certain policy blacklists and session PAM modules, and can cause incorrect logging, by invoking sudo with a crafted user ID. For example, this allows bypass of !root configuration, and USER= logging, for a \"sudo -u \#$((0xffffffff))\" command.",Released
20191011,CVE-2019-17450,3.3,6.5,1153770,binutils,https://www.suse.com/security/cve/CVE-2019-17450,"find_abstract_instance in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32, allows remote attackers to cause a denial of service (infinite recursion and application crash) via a crafted ELF file.",Ignore
20191011,CVE-2019-17451,4,6.5,1153768,binutils,https://www.suse.com/security/cve/CVE-2019-17451,"An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an integer overflow leading to a SEGV in _bfd_dwarf2_find_nearest_line in dwarf2.c, as demonstrated by nm.",Ignore
20191014,CVE-2019-17540,5.1,,1153866,ImageMagick,https://www.suse.com/security/cve/CVE-2019-17540,"ImageMagick before 7.0.8-54 has a heap-based buffer overflow in ReadPSInfo in coders/ps.c.",Released
20191014,CVE-2019-17540,5.1,,1153866,tiff,https://www.suse.com/security/cve/CVE-2019-17540,"ImageMagick before 7.0.8-54 has a heap-based buffer overflow in ReadPSInfo in coders/ps.c.",Released
20191014,CVE-2019-17544,3.3,9.1,1153892,aspell,https://www.suse.com/security/cve/CVE-2019-17544,"libaspell.a in GNU Aspell before 0.60.8 has a stack-based buffer over-read in acommon::unescape in common/getdata.cpp via an isolated \ character.",Released
20191015,CVE-2019-17595,4,5.4,1154037,ncurses,https://www.suse.com/security/cve/CVE-2019-17595,"There is a heap-based buffer over-read in the fmt_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.",Released
20191016,CVE-2019-2933,3.1,3.1,1154212,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2019-2933,"Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N).",Released
20191016,CVE-2019-2945,3.1,3.1,1154212,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2019-2945,"Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.1 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L).",Released
20191016,CVE-2019-2949,6.8,6.8,1154212,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2019-2949,"Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Kerberos). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. While the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 6.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N).",Released
20191016,CVE-2019-2958,5.9,5.9,1154212,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2019-2958,"Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N).",Released
20191016,CVE-2019-2962,3.7,3.7,1154212,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2019-2962,"Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).",Released
20191016,CVE-2019-2964,3.7,3.7,1154212,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2019-2964,"Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Concurrency). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).",Released
20191016,CVE-2019-2973,3.7,3.7,1154212,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2019-2973,"Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JAXP). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).",Released
20191016,CVE-2019-2975,4.8,4.8,1154212,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2019-2975,"Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Scripting). Supported versions that are affected are Java SE: 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 4.8 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L).",Released
20191016,CVE-2019-2977,3.7,4.8,1154212,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2019-2977,"Vulnerability in the Java SE product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Java SE: 11.0.4 and 13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 4.8 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L).",Released
20191016,CVE-2019-2978,3.7,3.7,1154212,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2019-2978,"Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).",Released
20191016,CVE-2019-2981,3.7,3.7,1154212,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2019-2981,"Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JAXP). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).",Released
20191016,CVE-2019-2983,3.7,3.7,1154212,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2019-2983,"Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).",Released
20191016,CVE-2019-2987,3.7,3.7,1154212,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2019-2987,"Vulnerability in the Java SE product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 11.0.4 and 13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).",Released
20191016,CVE-2019-2988,3.7,3.7,1154212,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2019-2988,"Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).",Released
20191016,CVE-2019-2989,6.1,6.8,1154212,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2019-2989,"Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. While the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS v3.0 Base Score 6.8 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N).",Released
20191016,CVE-2019-2992,3.7,3.7,1154212,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2019-2992,"Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).",Released
20191016,CVE-2019-2996,4.2,4.2,1154212,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2019-2996,"Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Deployment). The supported version that is affected is Java SE: 8u221; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 4.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N).",Released
20191016,CVE-2019-2999,4.7,4.7,1154212,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2019-2999,"Vulnerability in the Java SE product of Oracle Java SE (component: Javadoc). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE accessible data as well as unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 4.7 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N).",Released
20191017,CVE-2019-17546,8.8,8.8,1154365,tiff,https://www.suse.com/security/cve/CVE-2019-17546,"tif_getimage.c in LibTIFF through 4.0.10, as used in GDAL through 3.0.1 and other products, has an integer overflow that potentially causes a heap-based buffer overflow via a crafted RGBA image, related to a \"Negative-size-param\" condition.",Released
20191017,CVE-2019-17624,6.6,7.8,1154325,xorg-x11-libX11,https://www.suse.com/security/cve/CVE-2019-17624,"\"\" In X.Org X Server 1.20.4, there is a stack-based buffer overflow in the function XQueryKeymap. For example, by sending ct.c_char 1000 times, an attacker can cause a denial of service (application crash) or possibly have unspecified other impact. Note: It is disputed if the X.Org X Server is involved or if there is a stack overflow.",Affected
20191021,CVE-2019-18197,7.5,7.5,1154609,libxslt,https://www.suse.com/security/cve/CVE-2019-18197,"In xsltCopyText in transform.c in libxslt 1.1.33, a pointer variable isn't reset under certain circumstances. If the relevant memory area happened to be freed and reused in a certain way, a bounds check could fail and memory outside a buffer could be written to, or uninitialized data could be disclosed.",Released
20191023,CVE-2019-14834,4.3,3.7,1154849,dnsmasq,https://www.suse.com/security/cve/CVE-2019-14834,"A vulnerability was found in dnsmasq before version 2.81, where the memory leak allows remote attackers to cause a denial of service (memory consumption) via vectors involving DHCP response creation.",Released
20191023,CVE-2019-17498,5.4,8.1,1154862,libssh2_org,https://www.suse.com/security/cve/CVE-2019-17498,"In libssh2 v1.9.0 and earlier versions, the SSH_MSG_DISCONNECT logic in packet.c has an integer overflow in a bounds check, enabling an attacker to specify an arbitrary (out-of-bounds) offset for a subsequent memory read. A crafted SSH server may be able to disclose sensitive information or cause a denial of service condition on the client system when a user connects to the server.",Released
20191024,CVE-2019-11043,8.1,9.8,1154999,php53,https://www.suse.com/security/cve/CVE-2019-11043,"In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code execution.",Released
20191025,CVE-2019-18348,6.1,6.1,1155094,python,https://www.suse.com/security/cve/CVE-2019-18348,"An issue was discovered in urllib2 in Python 2.x through 2.7.17 and urllib in Python 3.x through 3.8.0. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n (specifically in the host component of a URL) followed by an HTTP header. This is similar to the CVE-2019-9740 query string issue and the CVE-2019-9947 path string issue. (This is not exploitable when glibc has CVE-2016-10739 fixed.). This is fixed in: v2.7.18, v2.7.18rc1; v3.5.10, v3.5.10rc1; v3.6.11, v3.6.11rc1, v3.6.12; v3.7.8, v3.7.8rc1, v3.7.9; v3.8.3, v3.8.3rc1, v3.8.4, v3.8.4rc1, v3.8.5, v3.8.6, v3.8.6rc1.",Released
20191025,CVE-2019-3692,7,7.8,1154062,inn,https://www.suse.com/security/cve/CVE-2019-3692,"The packaging of inn on SUSE Linux Enterprise Server 11; openSUSE Factory, Leap 15.1 allows local attackers to escalate from user inn to root via symlink attacks. This issue affects: SUSE Linux Enterprise Server 11 inn version 2.4.2-170.21.3.1 and prior versions. openSUSE Factory inn version 2.6.2-2.2 and prior versions. openSUSE Leap 15.1 inn version 2.5.4-lp151.2.47 and prior versions.",Released
20191025,CVE-2019-3693,7,7.8,1154328,mailman,https://www.suse.com/security/cve/CVE-2019-3693,"A symlink following vulnerability in the packaging of mailman in SUSE Linux Enterprise Server 11, SUSE Linux Enterprise Server 12; openSUSE Leap 15.1 allowed local attackers to escalate their privileges from user wwwrun to root. Additionally arbitrary files could be changed to group mailman. This issue affects: SUSE Linux Enterprise Server 11 mailman versions prior to 2.1.15-9.6.15.1. SUSE Linux Enterprise Server 12 mailman versions prior to 2.1.17-3.11.1. openSUSE Leap 15.1 mailman version 2.1.29-lp151.2.14 and prior versions.",Released
20191028,CVE-2019-14866,5.1,6.7,1155199,cpio,https://www.suse.com/security/cve/CVE-2019-14866,"In all versions of cpio before 2.13 does not properly validate input files when generating TAR archives. When cpio is used to create TAR archives from paths an attacker can write to, the resulting archive may contain files with permissions the attacker did not have or in paths he did not have access to. Extracting those archives from a high-privilege user without carefully reviewing them may lead to the compromise of the system.",Released
20191029,CVE-2019-18420,6.5,6.5,1154448,xen,https://www.suse.com/security/cve/CVE-2019-18420,"An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to cause a denial of service via a VCPUOP_initialise hypercall. hypercall_create_continuation() is a variadic function which uses a printf-like format string to interpret its parameters. Error handling for a bad format character was done using BUG(), which crashes Xen. One path, via the VCPUOP_initialise hypercall, has a bad format character. The BUG() can be hit if VCPUOP_initialise executes for a sufficiently long period of time for a continuation to be created. Malicious guests may cause a hypervisor crash, resulting in a Denial of Service (DoS). Xen versions 4.6 and newer are vulnerable. Xen versions 4.5 and earlier are not vulnerable. Only x86 PV guests can exploit the vulnerability. HVM and PVH guests, and guests on ARM systems, cannot exploit the vulnerability.",Released
20191029,CVE-2019-18421,8.2,7.5,1154458,xen,https://www.suse.com/security/cve/CVE-2019-18421,"An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to gain host OS privileges by leveraging race conditions in pagetable promotion and demotion operations. There are issues with restartable PV type change operations. To avoid using shadow pagetables for PV guests, Xen exposes the actual hardware pagetables to the guest. In order to prevent the guest from modifying these page tables directly, Xen keeps track of how pages are used using a type system; pages must be \"promoted\" before being used as a pagetable, and \"demoted\" before being used for any other type. Xen also allows for \"recursive\" promotions: i.e., an operating system promoting a page to an L4 pagetable may end up causing pages to be promoted to L3s, which may in turn cause pages to be promoted to L2s, and so on. These operations may take an arbitrarily large amount of time, and so must be re-startable. Unfortunately, making recursive pagetable promotion and demotion operations restartable is incredibly complicated, and the code contains several races which, if triggered, can cause Xen to drop or retain extra type counts, potentially allowing guests to get write access to in-use pagetables. A malicious PV guest administrator may be able to escalate their privilege to that of the host. All x86 systems with untrusted PV guests are vulnerable. HVM and PVH guests cannot exercise this vulnerability.",Released
20191029,CVE-2019-18424,7.6,6.8,1154461,xen,https://www.suse.com/security/cve/CVE-2019-18424,"An issue was discovered in Xen through 4.12.x allowing attackers to gain host OS privileges via DMA in a situation where an untrusted domain has access to a physical device. This occurs because passed through PCI devices may corrupt host memory after deassignment. When a PCI device is assigned to an untrusted domain, it is possible for that domain to program the device to DMA to an arbitrary address. The IOMMU is used to protect the host from malicious DMA by making sure that the device addresses can only target memory assigned to the guest. However, when the guest domain is torn down, or the device is deassigned, the device is assigned back to dom0, thus allowing any in-flight DMA to potentially target critical host data. An untrusted domain with access to a physical device can DMA into host memory, leading to privilege escalation. Only systems where guests are given direct access to physical devices capable of DMA (PCI pass-through) are vulnerable. Systems which do not use PCI pass-through are not vulnerable.",Released
20191029,CVE-2019-18425,7.8,9.8,1154456,xen,https://www.suse.com/security/cve/CVE-2019-18425,"An issue was discovered in Xen through 4.12.x allowing 32-bit PV guest OS users to gain guest OS privileges by installing and using descriptors. There is missing descriptor table limit checking in x86 PV emulation. When emulating certain PV guest operations, descriptor table accesses are performed by the emulating code. Such accesses should respect the guest specified limits, unless otherwise guaranteed to fail in such a case. Without this, emulation of 32-bit guest user mode calls through call gates would allow guest user mode to install and then use descriptors of their choice, as long as the guest kernel did not itself install an LDT. (Most OSes don't install any LDT by default). 32-bit PV guest user mode can elevate its privileges to that of the guest kernel. Xen versions from at least 3.2 onwards are affected. Only 32-bit PV guest user mode can leverage this vulnerability. HVM, PVH, as well as 64-bit PV guests cannot leverage this vulnerability. Arm systems are unaffected.",Released
20191030,CVE-2019-11481,4.4,3.8,1155478,apport,https://www.suse.com/security/cve/CVE-2019-11481,"Kevin Backhouse discovered that apport would read a user-supplied configuration file with elevated privileges. By replacing the file with a symbolic link, a user could get apport to read any file on the system as root, with unknown consequences.",Affected
20191030,CVE-2019-11482,3.3,4.7,1155479,apport-crashdb-sle,https://www.suse.com/security/cve/CVE-2019-11482,"Sander Bos discovered a time of check to time of use (TOCTTOU) vulnerability in apport that allowed a user to cause core files to be written in arbitrary directories.",Released
20191030,CVE-2019-11482,3.3,4.7,1155479,apport,https://www.suse.com/security/cve/CVE-2019-11482,"Sander Bos discovered a time of check to time of use (TOCTTOU) vulnerability in apport that allowed a user to cause core files to be written in arbitrary directories.",Released
20191030,CVE-2019-11483,4.4,3.3,1155480,apport,https://www.suse.com/security/cve/CVE-2019-11483,"Sander Bos discovered Apport mishandled crash dumps originating from containers. This could be used by a local attacker to generate a crash report for a privileged process that is readable by an unprivileged user.",Affected
20191030,CVE-2019-11485,5.3,3.3,1155481,apport-crashdb-sle,https://www.suse.com/security/cve/CVE-2019-11485,"Sander Bos discovered Apport's lock file was in a world-writable directory which allowed all users to prevent crash handling.",Released
20191030,CVE-2019-11485,5.3,3.3,1155481,apport,https://www.suse.com/security/cve/CVE-2019-11485,"Sander Bos discovered Apport's lock file was in a world-writable directory which allowed all users to prevent crash handling.",Released
20191030,CVE-2019-15678,7.5,9.8,1155442,tightvnc,https://www.suse.com/security/cve/CVE-2019-15678,"TightVNC code version 1.3.10 contains heap buffer overflow in rfbServerCutText handler, which can potentially result code execution.. This attack appear to be exploitable via network connectivity.",Released
20191030,CVE-2019-15679,8.8,9.8,1155476,tightvnc,https://www.suse.com/security/cve/CVE-2019-15679,"TightVNC code version 1.3.10 contains heap buffer overflow in InitialiseRFBConnection function, which can potentially result code execution. This attack appear to be exploitable via network connectivity.",Released
20191030,CVE-2019-15680,4.3,7.5,1155442,tightvnc,https://www.suse.com/security/cve/CVE-2019-15680,"TightVNC code version 1.3.10 contains null pointer dereference in HandleZlibBPP function, which results Denial of System (DoS). This attack appear to be exploitable via network connectivity.",Released
20191030,CVE-2019-15681,4.8,7.5,1155419,LibVNCServer,https://www.suse.com/security/cve/CVE-2019-15681,"LibVNC commit before d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a contains a memory leak (CWE-655) in VNC server code, which allow an attacker to read stack memory and can be abused for information disclosure. Combined with another vulnerability, it can be used to leak stack memory and bypass ASLR. This attack appear to be exploitable via network connectivity. These vulnerabilities have been fixed in commit d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a.",Released
20191030,CVE-2019-15681,4.8,7.5,1155419,vino,https://www.suse.com/security/cve/CVE-2019-15681,"LibVNC commit before d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a contains a memory leak (CWE-655) in VNC server code, which allow an attacker to read stack memory and can be abused for information disclosure. Combined with another vulnerability, it can be used to leak stack memory and bypass ASLR. This attack appear to be exploitable via network connectivity. These vulnerabilities have been fixed in commit d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a.",Released
20191030,CVE-2019-15790,3.3,2.8,1155482,apport-crashdb-sle,https://www.suse.com/security/cve/CVE-2019-15790,"Apport reads and writes information on a crashed process to /proc/pid with elevated privileges. Apport then determines which user the crashed process belongs to by reading /proc/pid through get_pid_info() in data/apport. An unprivileged user could exploit this to read information about a privileged running process by exploiting PID recycling. This information could then be used to obtain ASLR offsets for a process with an existing memory corruption vulnerability. The initial fix introduced regressions in the Python Apport library due to a missing argument in Report.add_proc_environ in apport/report.py. It also caused an autopkgtest failure when reading /proc/pid and with Python 2 compatibility by reading /proc maps. The initial and subsequent regression fixes are in 2.20.11-0ubuntu16, 2.20.11-0ubuntu8.6, 2.20.9-0ubuntu7.12, 2.20.1-0ubuntu2.22 and 2.14.1-0ubuntu3.29+esm3.",Released
20191030,CVE-2019-15790,3.3,2.8,1155482,apport,https://www.suse.com/security/cve/CVE-2019-15790,"Apport reads and writes information on a crashed process to /proc/pid with elevated privileges. Apport then determines which user the crashed process belongs to by reading /proc/pid through get_pid_info() in data/apport. An unprivileged user could exploit this to read information about a privileged running process by exploiting PID recycling. This information could then be used to obtain ASLR offsets for a process with an existing memory corruption vulnerability. The initial fix introduced regressions in the Python Apport library due to a missing argument in Report.add_proc_environ in apport/report.py. It also caused an autopkgtest failure when reading /proc/pid and with Python 2 compatibility by reading /proc maps. The initial and subsequent regression fixes are in 2.20.11-0ubuntu16, 2.20.11-0ubuntu8.6, 2.20.9-0ubuntu7.12, 2.20.1-0ubuntu2.22 and 2.14.1-0ubuntu3.29+esm3.",Released
20191030,CVE-2019-8287,8.8,9.8,1155472,tightvnc,https://www.suse.com/security/cve/CVE-2019-8287,"TightVNC code version 1.3.10 contains global buffer overflow in HandleCoRREBBP macro function, which can potentially result code execution. This attack appear to be exploitable via network connectivity.",Released
20191031,CVE-2005-2349,-1,-1,62234,zoo,https://www.suse.com/security/cve/CVE-2005-2349,"Zoo 2.10 has Directory traversal",Already fixed
20191104,CVE-2017-2518,7.8,9.8,1155787,sqlite3,https://www.suse.com/security/cve/CVE-2017-2518,"An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the \"SQLite\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a crafted SQL statement.",Released
20191106,CVE-2019-5068,5.1,4.4,1156015,Mesa,https://www.suse.com/security/cve/CVE-2019-5068,"An exploitable shared memory permissions vulnerability exists in the functionality of X11 Mesa 3D Graphics Library 19.1.2. An attacker can access the shared memory without any specific permissions to trigger this vulnerability.",Released
20191107,CVE-2019-18804,3.3,7.5,1156188,djvulibre,https://www.suse.com/security/cve/CVE-2019-18804,"DjVuLibre 3.5.27 has a NULL pointer dereference in the function DJVU::filter_fv at IW44EncodeCodec.cpp.",Released
20191108,CVE-2019-12523,7.4,9.1,1156329,squid3,https://www.suse.com/security/cve/CVE-2019-12523,"An issue was discovered in Squid before 4.9. When handling a URN request, a corresponding HTTP request is made. This HTTP request doesn't go through the access checks that incoming HTTP requests go through. This causes all access checks to be bypassed and allows access to restricted HTTP servers, e.g., an attacker can connect to HTTP servers that only listen on localhost.",Released
20191108,CVE-2019-12523,7.4,9.1,1156329,squid,https://www.suse.com/security/cve/CVE-2019-12523,"An issue was discovered in Squid before 4.9. When handling a URN request, a corresponding HTTP request is made. This HTTP request doesn't go through the access checks that incoming HTTP requests go through. This causes all access checks to be bypassed and allows access to restricted HTTP servers, e.g., an attacker can connect to HTTP servers that only listen on localhost.",Released
20191108,CVE-2019-12526,8.1,9.8,1156326,squid3,https://www.suse.com/security/cve/CVE-2019-12526,"An issue was discovered in Squid before 4.9. URN response handling in Squid suffers from a heap-based buffer overflow. When receiving data from a remote server in response to an URN request, Squid fails to ensure that the response can fit within the buffer. This leads to attacker controlled data overflowing in the heap.",Released
20191108,CVE-2019-18676,5.9,7.5,1156329,squid3,https://www.suse.com/security/cve/CVE-2019-18676,"An issue was discovered in Squid 3.x and 4.x through 4.8. Due to incorrect input validation, there is a heap-based buffer overflow that can result in Denial of Service to all clients using the proxy. Severity is high due to this vulnerability occurring before normal security checks; any remote client that can reach the proxy port can trivially perform the attack via a crafted URI scheme.",Released
20191108,CVE-2019-18676,5.9,7.5,1156329,squid,https://www.suse.com/security/cve/CVE-2019-18676,"An issue was discovered in Squid 3.x and 4.x through 4.8. Due to incorrect input validation, there is a heap-based buffer overflow that can result in Denial of Service to all clients using the proxy. Severity is high due to this vulnerability occurring before normal security checks; any remote client that can reach the proxy port can trivially perform the attack via a crafted URI scheme.",Released
20191108,CVE-2019-18677,7.4,6.1,1156328,squid3,https://www.suse.com/security/cve/CVE-2019-18677,"An issue was discovered in Squid 3.x and 4.x through 4.8 when the append_domain setting is used (because the appended characters do not properly interact with hostname length restrictions). Due to incorrect message processing, it can inappropriately redirect traffic to origins it should not be delivered to.",Released
20191108,CVE-2019-18677,7.4,6.1,1156328,squid,https://www.suse.com/security/cve/CVE-2019-18677,"An issue was discovered in Squid 3.x and 4.x through 4.8 when the append_domain setting is used (because the appended characters do not properly interact with hostname length restrictions). Due to incorrect message processing, it can inappropriately redirect traffic to origins it should not be delivered to.",Unsupported
20191108,CVE-2019-18678,6.8,5.3,1156323,squid3,https://www.suse.com/security/cve/CVE-2019-18678,"An issue was discovered in Squid 3.x and 4.x through 4.8. It allows attackers to smuggle HTTP requests through frontend software to a Squid instance that splits the HTTP Request pipeline differently. The resulting Response messages corrupt caches (between a client and Squid) with attacker-controlled content at arbitrary URLs. Effects are isolated to software between the attacker client and Squid. There are no effects on Squid itself, nor on any upstream servers. The issue is related to a request header containing whitespace between a header name and a colon.",Released
20191108,CVE-2019-18678,6.8,5.3,1156323,squid,https://www.suse.com/security/cve/CVE-2019-18678,"An issue was discovered in Squid 3.x and 4.x through 4.8. It allows attackers to smuggle HTTP requests through frontend software to a Squid instance that splits the HTTP Request pipeline differently. The resulting Response messages corrupt caches (between a client and Squid) with attacker-controlled content at arbitrary URLs. Effects are isolated to software between the attacker client and Squid. There are no effects on Squid itself, nor on any upstream servers. The issue is related to a request header containing whitespace between a header name and a colon.",Unsupported
20191108,CVE-2019-18679,5.9,7.5,1156324,squid3,https://www.suse.com/security/cve/CVE-2019-18679,"An issue was discovered in Squid 2.x, 3.x, and 4.x through 4.8. Due to incorrect data management, it is vulnerable to information disclosure when processing HTTP Digest Authentication. Nonce tokens contain the raw byte value of a pointer that sits within heap memory allocation. This information reduces ASLR protections and may aid attackers isolating memory areas to target for remote code execution attacks.",Released
20191108,CVE-2019-18679,5.9,7.5,1156324,squid,https://www.suse.com/security/cve/CVE-2019-18679,"An issue was discovered in Squid 2.x, 3.x, and 4.x through 4.8. Due to incorrect data management, it is vulnerable to information disclosure when processing HTTP Digest Authentication. Nonce tokens contain the raw byte value of a pointer that sits within heap memory allocation. This information reduces ASLR protections and may aid attackers isolating memory areas to target for remote code execution attacks.",Unsupported
20191112,CVE-2019-3698,4.5,7,1150550,nagios,https://www.suse.com/security/cve/CVE-2019-3698,"UNIX Symbolic Link (Symlink) Following vulnerability in the cronjob shipped with nagios of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 11; openSUSE Factory allows local attackers to cause cause DoS or potentially escalate privileges by winning a race. This issue affects: SUSE Linux Enterprise Server 12 nagios version 3.5.1-5.27 and prior versions. SUSE Linux Enterprise Server 11 nagios version 3.0.6-1.25.36.3.1 and prior versions. openSUSE Factory nagios version 4.4.5-2.1 and prior versions.",Released
20191113,CVE-2019-18932,,7,1150554,cron,https://www.suse.com/security/cve/CVE-2019-18932,"log.c in Squid Analysis Report Generator (sarg) through 2.3.11 allows local privilege escalation. By default, it uses a fixed temporary directory /tmp/sarg. As the root user, sarg creates this directory or reuses an existing one in an insecure manner. An attacker can pre-create the directory, and place symlinks in it (after winning a /tmp/sarg/denied.int_unsort race condition). The outcome will be corrupted or newly created files in privileged file system locations.",Analysis
20191114,CVE-2015-8665,3.3,,1156749,tiff,https://www.suse.com/security/cve/CVE-2015-8665,"tif_getimage.c in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) via the SamplesPerPixel tag in a TIFF image.",Released
20191114,CVE-2015-8683,3.3,,1156749,tiff,https://www.suse.com/security/cve/CVE-2015-8683,"The putcontig8bitCIELab function in tif_getimage.c in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) via a packed TIFF image.",Released
20191116,CVE-2011-2767,6.3,9.8,1156944,apache2-mod_perl,https://www.suse.com/security/cve/CVE-2011-2767,"mod_perl 2.0 through 2.0.10 allows attackers to execute arbitrary Perl code by placing it in a user-owned .htaccess file, because (contrary to the documentation) there is no configuration option that permits Perl code for the administrator's control of HTTP request processing without also permitting unprivileged users to run Perl code in the context of the user account that runs Apache HTTP Server processes.",Released
20191118,CVE-2019-18660,4.7,4.7,1157038,kernel-source,https://www.suse.com/security/cve/CVE-2019-18660,"The Linux kernel before 5.4.1 on powerpc allows Information Exposure because the Spectre-RSB mitigation is not in place for all applicable CPUs, aka CID-39e72bf96f58. This is related to arch/powerpc/kernel/entry_64.S and arch/powerpc/kernel/security.c.",Released
20191118,CVE-2019-19073,4.4,4,1157070,kernel-source,https://www.suse.com/security/cve/CVE-2019-19073,"Memory leaks in drivers/net/wireless/ath/ath9k/htc_hst.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption) by triggering wait_for_completion_timeout() failures. This affects the htc_config_pipe_credits() function, the htc_setup_complete() function, and the htc_connect_service() function, aka CID-853acf7caf10.",Released
20191119,CVE-2019-19074,5.9,7.5,1157143,kernel-source,https://www.suse.com/security/cve/CVE-2019-19074,"A memory leak in the ath9k_wmi_cmd() function in drivers/net/wireless/ath/ath9k/wmi.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption), aka CID-728c1e2a05e4.",Released
20191120,CVE-2019-14896,8.1,7.8,1157157,kernel-source,https://www.suse.com/security/cve/CVE-2019-14896,"A heap-based buffer overflow vulnerability was found in the Linux kernel, version kernel-2.6.32, in Marvell WiFi chip driver. A remote attacker could cause a denial of service (system crash) or, possibly execute arbitrary code, when the lbs_ibss_join_existing function is called after a STA connects to an AP.",Released
20191120,CVE-2019-14897,8.1,6.6,1157155,kernel-source,https://www.suse.com/security/cve/CVE-2019-14897,"A stack-based buffer overflow was found in the Linux kernel, version kernel-2.6.32, in Marvell WiFi chip driver. An attacker is able to cause a denial of service (system crash) or, possibly execute arbitrary code, when a STA works in IBSS mode (allows connecting stations together without the use of an AP) and connects to another STA.",Released
20191120,CVE-2019-19062,6.2,4.7,1157333,kernel-source,https://www.suse.com/security/cve/CVE-2019-19062,"A memory leak in the crypto_report() function in crypto/crypto_user_base.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering crypto_report_alg() failures, aka CID-ffdde5932042.",Unsupported
20191120,CVE-2019-19066,4.4,4.7,1157303,kernel-source,https://www.suse.com/security/cve/CVE-2019-19066,"A memory leak in the bfad_im_get_stats() function in drivers/scsi/bfa/bfad_attr.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering bfa_port_get_stats() failures, aka CID-0e62395da2bd.",Released
20191125,CVE-2019-19227,4.8,5.5,1157678,kernel-source,https://www.suse.com/security/cve/CVE-2019-19227,"In the AppleTalk subsystem in the Linux kernel before 5.1, there is a potential NULL pointer dereference because register_snap_client may return NULL. This will lead to denial of service in net/appletalk/aarp.c and net/appletalk/ddp.c, as demonstrated by unregister_snap_client, aka CID-9804501fa122.",Released
20191126,CVE-2019-15961,7.5,6.5,1157763,clamav,https://www.suse.com/security/cve/CVE-2019-15961,"A vulnerability in the email parsing module Clam AntiVirus (ClamAV) Software versions 0.102.0, 0.101.4 and prior could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to inefficient MIME parsing routines that result in extremely long scan times of specially formatted email files. An attacker could exploit this vulnerability by sending a crafted email file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process to scan the crafted email file indefinitely, resulting in a denial of service condition.",Released
20191126,CVE-2019-18675,6.6,7.8,1157804,kernel-source,https://www.suse.com/security/cve/CVE-2019-18675,"The Linux kernel through 5.3.13 has a start_offset+size Integer Overflow in cpia2_remap_buffer in drivers/media/usb/cpia2/cpia2_core.c because cpia2 has its own mmap implementation. This allows local users (with /dev/video0 access) to obtain read and write permissions on kernel physical pages, which can possibly result in a privilege escalation.",Released
20191127,CVE-2019-14855,5.9,7.5,1157900,gpg2,https://www.suse.com/security/cve/CVE-2019-14855,"A flaw was found in the way certificate signatures could be forged using collisions found in the SHA-1 algorithm. An attacker could use this weakness to create forged certificate signatures. This issue affects GnuPG versions before 2.2.18.",Won't fix
20191128,CVE-2019-18276,3.6,7.8,1158028,bash,https://www.suse.com/security/cve/CVE-2019-18276,"An issue was discovered in disable_priv_mode in shell.c in GNU Bash through 5.0 patch 11. By default, if Bash is run with its effective UID not equal to its real UID, it will drop privileges by setting its effective UID to its real UID. However, it does so incorrectly. On Linux and other systems that support \"saved UID\" functionality, the saved UID is not dropped. An attacker with command execution in the shell can use \"enable -f\" for runtime loading of a new builtin, which can be a shared object that calls setuid() and therefore regains privileges. However, binaries running with an effective UID of 0 are unaffected.",Won't fix
20191203,CVE-2019-19479,4.3,5.5,1158256,opensc,https://www.suse.com/security/cve/CVE-2019-19479,"An issue was discovered in OpenSC through 0.19.0 and 0.20.x through 0.20.0-rc3. libopensc/card-setcos.c has an incorrect read operation during parsing of a SETCOS file attribute.",Released
20191204,CVE-2019-19523,5.7,4.6,1158381,kernel-source,https://www.suse.com/security/cve/CVE-2019-19523,"In the Linux kernel before 5.3.7, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/adutux.c driver, aka CID-44efc269db79.",Released
20191204,CVE-2019-19524,2.4,4.6,1158381,kernel-source,https://www.suse.com/security/cve/CVE-2019-19524,"In the Linux kernel before 5.3.12, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/input/ff-memless.c driver, aka CID-fa3a5a1880c9.",Released
20191204,CVE-2019-19527,5.7,6.8,1158381,kernel-source,https://www.suse.com/security/cve/CVE-2019-19527,"In the Linux kernel before 5.2.10, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/hid/usbhid/hiddev.c driver, aka CID-9c09b214f30e.",Released
20191204,CVE-2019-19529,4.6,6.3,1158381,kernel-source,https://www.suse.com/security/cve/CVE-2019-19529,"In the Linux kernel before 5.3.11, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/net/can/usb/mcba_usb.c driver, aka CID-4d6636498c41.",Released
20191204,CVE-2019-19530,4.6,4.6,1158381,kernel-source,https://www.suse.com/security/cve/CVE-2019-19530,"In the Linux kernel before 5.2.10, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/class/cdc-acm.c driver, aka CID-c52873e5a1ef.",Released
20191204,CVE-2019-19531,2.1,6.8,1158381,kernel-source,https://www.suse.com/security/cve/CVE-2019-19531,"In the Linux kernel before 5.2.9, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/yurex.c driver, aka CID-fc05481b2fca.",Released
20191204,CVE-2019-19532,6.8,6.8,1158381,kernel-source,https://www.suse.com/security/cve/CVE-2019-19532,"In the Linux kernel before 5.3.9, there are multiple out-of-bounds write bugs that can be caused by a malicious USB device in the Linux kernel HID drivers, aka CID-d9d4b1e46d95. This affects drivers/hid/hid-axff.c, drivers/hid/hid-dr.c, drivers/hid/hid-emsff.c, drivers/hid/hid-gaff.c, drivers/hid/hid-holtekff.c, drivers/hid/hid-lg2ff.c, drivers/hid/hid-lg3ff.c, drivers/hid/hid-lg4ff.c, drivers/hid/hid-lgff.c, drivers/hid/hid-logitech-hidpp.c, drivers/hid/hid-microsoft.c, drivers/hid/hid-sony.c, drivers/hid/hid-tmff.c, and drivers/hid/hid-zpff.c.",Released
20191204,CVE-2019-19533,2.4,2.4,1158381,kernel-source,https://www.suse.com/security/cve/CVE-2019-19533,"In the Linux kernel before 5.3.4, there is an info-leak bug that can be caused by a malicious USB device in the drivers/media/usb/ttusb-dec/ttusb_dec.c driver, aka CID-a10feaf8c464.",Released
20191204,CVE-2019-19537,4.6,4.2,1158381,kernel-source,https://www.suse.com/security/cve/CVE-2019-19537,"In the Linux kernel before 5.2.10, there is a race condition bug that can be caused by a malicious USB device in the USB character device driver layer, aka CID-303911cfc5b9. This affects drivers/usb/core/file.c.",Released
20191204,CVE-2019-19543,2.3,7.8,1158427,kernel-source,https://www.suse.com/security/cve/CVE-2019-19543,"In the Linux kernel before 5.1.6, there is a use-after-free in serial_ir_init_module() in drivers/media/rc/serial_ir.c.",Released
20191205,CVE-2019-19577,7.2,7.2,1158007,xen,https://www.suse.com/security/cve/CVE-2019-19577,"An issue was discovered in Xen through 4.12.x allowing x86 AMD HVM guest OS users to cause a denial of service or possibly gain privileges by triggering data-structure access during pagetable-height updates. When running on AMD systems with an IOMMU, Xen attempted to dynamically adapt the number of levels of pagetables (the pagetable height) in the IOMMU according to the guest's address space size. The code to select and update the height had several bugs. Notably, the update was done without taking a lock which is necessary for safe operation. A malicious guest administrator can cause Xen to access data structures while they are being modified, causing Xen to crash. Privilege escalation is thought to be very difficult but cannot be ruled out. Additionally, there is a potential memory leak of 4kb per guest boot, under memory pressure. Only Xen on AMD CPUs is vulnerable. Xen running on Intel CPUs is not vulnerable. ARM systems are not vulnerable. Only systems where guests are given direct access to physical devices are vulnerable. Systems which do not use PCI pass-through are not vulnerable. Only HVM guests can exploit the vulnerability. PV and PVH guests cannot. All versions of Xen with IOMMU support are vulnerable.",Released
20191205,CVE-2019-19578,7.5,8.8,1158005,xen,https://www.suse.com/security/cve/CVE-2019-19578,"An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to cause a denial of service via degenerate chains of linear pagetables, because of an incorrect fix for CVE-2017-15595. \"Linear pagetables\" is a technique which involves either pointing a pagetable at itself, or to another pagetable of the same or higher level. Xen has limited support for linear pagetables: A page may either point to itself, or point to another pagetable of the same level (i.e., L2 to L2, L3 to L3, and so on). XSA-240 introduced an additional restriction that limited the \"depth\" of such chains by allowing pages to either *point to* other pages of the same level, or *be pointed to* by other pages of the same level, but not both. To implement this, we keep track of the number of outstanding times a page points to or is pointed to another page table, to prevent both from happening at the same time. Unfortunately, the original commit introducing this reset this count when resuming validation of a partially-validated pagetable, incorrectly dropping some \"linear_pt_entry\" counts. If an attacker could engineer such a situation to occur, they might be able to make loops or other arbitrary chains of linear pagetables, as described in XSA-240. A malicious or buggy PV guest may cause the hypervisor to crash, resulting in Denial of Service (DoS) affecting the entire host. Privilege escalation and information leaks cannot be excluded. All versions of Xen are vulnerable. Only x86 systems are affected. Arm systems are not affected. Only x86 PV guests can leverage the vulnerability. x86 HVM and PVH guests cannot leverage the vulnerability. Only systems which have enabled linear pagetables are vulnerable. Systems which have disabled linear pagetables, either by selecting CONFIG_PV_LINEAR_PT=n when building the hypervisor, or adding pv-linear-pt=false on the command-line, are not vulnerable.",Released
20191205,CVE-2019-19579,6.9,6.8,1157888,xen,https://www.suse.com/security/cve/CVE-2019-19579,"An issue was discovered in Xen through 4.12.x allowing attackers to gain host OS privileges via DMA in a situation where an untrusted domain has access to a physical device (and assignable-add is not used), because of an incomplete fix for CVE-2019-18424. XSA-302 relies on the use of libxl's \"assignable-add\" feature to prepare devices to be assigned to untrusted guests. Unfortunately, this is not considered a strictly required step for device assignment. The PCI passthrough documentation on the wiki describes alternate ways of preparing devices for assignment, and libvirt uses its own ways as well. Hosts where these \"alternate\" methods are used will still leave the system in a vulnerable state after the device comes back from a guest. An untrusted domain with access to a physical device can DMA into host memory, leading to privilege escalation. Only systems where guests are given direct access to physical devices capable of DMA (PCI pass-through) are vulnerable. Systems which do not use PCI pass-through are not vulnerable.",Released
20191205,CVE-2019-19580,,6.6,1158006,xen,https://www.suse.com/security/cve/CVE-2019-19580,"An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to gain host OS privileges by leveraging race conditions in pagetable promotion and demotion operations, because of an incomplete fix for CVE-2019-18421. XSA-299 addressed several critical issues in restartable PV type change operations. Despite extensive testing and auditing, some corner cases were missed. A malicious PV guest administrator may be able to escalate their privilege to that of the host. All security-supported versions of Xen are vulnerable. Only x86 systems are affected. Arm systems are not affected. Only x86 PV guests can leverage the vulnerability. x86 HVM and PVH guests cannot leverage the vulnerability. Note that these attacks require very precise timing, which may be difficult to exploit in practice.",Released
20191205,CVE-2019-19581,,6.5,1158003,xen,https://www.suse.com/security/cve/CVE-2019-19581,"An issue was discovered in Xen through 4.12.x allowing 32-bit Arm guest OS users to cause a denial of service (out-of-bounds access) because certain bit iteration is mishandled. In a number of places bitmaps are being used by the hypervisor to track certain state. Iteration over all bits involves functions which may misbehave in certain corner cases: On 32-bit Arm accesses to bitmaps with bit a count which is a multiple of 32, an out of bounds access may occur. A malicious guest may cause a hypervisor crash or hang, resulting in a Denial of Service (DoS). All versions of Xen are vulnerable. 32-bit Arm systems are vulnerable. 64-bit Arm systems are not vulnerable.",Unsupported
20191205,CVE-2019-19582,6.5,6.5,1158003,xen,https://www.suse.com/security/cve/CVE-2019-19582,"An issue was discovered in Xen through 4.12.x allowing x86 guest OS users to cause a denial of service (infinite loop) because certain bit iteration is mishandled. In a number of places bitmaps are being used by the hypervisor to track certain state. Iteration over all bits involves functions which may misbehave in certain corner cases: On x86 accesses to bitmaps with a compile time known size of 64 may incur undefined behavior, which may in particular result in infinite loops. A malicious guest may cause a hypervisor crash or hang, resulting in a Denial of Service (DoS). All versions of Xen are vulnerable. x86 systems with 64 or more nodes are vulnerable (there might not be any such systems that Xen would run on). x86 systems with less than 64 nodes are not vulnerable.",Unsupported
20191205,CVE-2019-19583,,7.5,1158004,xen,https://www.suse.com/security/cve/CVE-2019-19583,"An issue was discovered in Xen through 4.12.x allowing x86 HVM/PVH guest OS users to cause a denial of service (guest OS crash) because VMX VMEntry checks mishandle a certain case. Please see XSA-260 for background on the MovSS shadow. Please see XSA-156 for background on the need for #DB interception. The VMX VMEntry checks do not like the exact combination of state which occurs when #DB in intercepted, Single Stepping is active, and blocked by STI/MovSS is active, despite this being a legitimate state to be in. The resulting VMEntry failure is fatal to the guest. HVM/PVH guest userspace code may be able to crash the guest, resulting in a guest Denial of Service. All versions of Xen are affected. Only systems supporting VMX hardware virtual extensions (Intel, Cyrix, or Zhaoxin CPUs) are affected. Arm and AMD systems are unaffected. Only HVM/PVH guests are affected. PV guests cannot leverage the vulnerability.",Released
20191210,CVE-2019-19603,7.5,7.5,1158960,sqlite3,https://www.suse.com/security/cve/CVE-2019-19603,"SQLite 3.30.1 mishandles certain SELECT statements with a nonexistent VIEW, leading to an application crash.",Affected
20191210,CVE-2019-19646,6.3,9.8,1158959,sqlite3,https://www.suse.com/security/cve/CVE-2019-19646,"pragma.c in SQLite through 3.30.1 mishandles NOT NULL in an integrity_check PRAGMA command in certain cases of generated columns.",Ignore
20191212,CVE-2019-12420,7.5,7.5,1159133,spamassassin,https://www.suse.com/security/cve/CVE-2019-12420,"In Apache SpamAssassin before 3.4.3, a message can be crafted in a way to use excessive resources. Upgrading to SA 3.4.3 as soon as possible is the recommended fix but details will not be shared publicly.",Unsupported
20191212,CVE-2019-19746,4.3,5.5,1159130,transfig,https://www.suse.com/security/cve/CVE-2019-19746,"make_arrow in arrow.c in Xfig fig2dev 3.2.7b allows a segmentation fault and out-of-bounds write because of an integer overflow via a large arrow type.",Released
20191213,CVE-2019-19770,5.7,8.2,1159198,kernel-source,https://www.suse.com/security/cve/CVE-2019-19770,"** DISPUTED ** In the Linux kernel 4.19.83, there is a use-after-free (read) in the debugfs_remove function in fs/debugfs/inode.c (which is used to remove a file or directory in debugfs that was previously created with a call to another debugfs function such as debugfs_create_file). NOTE: Linux kernel developers dispute this issue as not being an issue with debugfs, instead this is an issue with misuse of debugfs within blktrace.",Ignore
20191216,CVE-2019-19768,5.3,7.5,1159285,kernel-source,https://www.suse.com/security/cve/CVE-2019-19768,"In the Linux kernel 5.4.0-rc2, there is a use-after-free (read) in the __blk_add_trace function in kernel/trace/blktrace.c (which is used to fill out a blk_io_trace structure and place it in a per-cpu sub-buffer).",Released
20191216,CVE-2019-19797,5.4,5.5,1159293,transfig,https://www.suse.com/security/cve/CVE-2019-19797,"read_colordef in read.c in Xfig fig2dev 3.2.7b has an out-of-bounds write.",Released
20191218,CVE-2019-19813,6.1,5.5,1159435,kernel-source,https://www.suse.com/security/cve/CVE-2019-19813,"In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image, performing some operations, and then making a syncfs system call can lead to a use-after-free in __mutex_lock in kernel/locking/mutex.c. This is related to mutex_can_spin_on_owner in kernel/locking/mutex.c, __btrfs_qgroup_free_meta in fs/btrfs/qgroup.c, and btrfs_insert_delayed_items in fs/btrfs/delayed-inode.c.",Ignore
20191218,CVE-2019-19816,7.3,7.8,1159439,kernel-source,https://www.suse.com/security/cve/CVE-2019-19816,"In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image and performing some operations can cause slab-out-of-bounds write access in __btrfs_map_block in fs/btrfs/volumes.c, because a value of 1 for the number of data stripes is mishandled.",Ignore
20191218,CVE-2020-0548,2.8,5.5,1156353,microcode_ctl,https://www.suse.com/security/cve/CVE-2020-0548,"Cleanup errors in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.",Released
20191218,CVE-2020-0549,6.5,5.5,1156353,microcode_ctl,https://www.suse.com/security/cve/CVE-2020-0549,"Cleanup errors in some data cache evictions for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.",Released
20191220,CVE-2019-17571,9.8,9.8,1159646,log4j,https://www.suse.com/security/cve/CVE-2019-17571,"Included in Log4j 1.2 is a SocketServer class that is vulnerable to deserialization of untrusted data which can be exploited to remotely execute arbitrary code when combined with a deserialization gadget when listening to untrusted network traffic for log data. This affects Log4j versions up to 1.2 up to 1.2.17.",Released
20191220,CVE-2019-19906,7.5,7.5,1159635,cyrus-sasl,https://www.suse.com/security/cve/CVE-2019-19906,"cyrus-sasl (aka Cyrus SASL) 2.1.27 has an out-of-bounds write leading to unauthenticated remote denial-of-service in OpenLDAP via a malformed LDAP packet. The OpenLDAP crash is ultimately caused by an off-by-one error in _sasl_add_string in common.c in cyrus-sasl.",Released
20191220,CVE-2019-19906,7.5,7.5,1159635,cyrus-sasl-saslauthd,https://www.suse.com/security/cve/CVE-2019-19906,"cyrus-sasl (aka Cyrus SASL) 2.1.27 has an out-of-bounds write leading to unauthenticated remote denial-of-service in OpenLDAP via a malformed LDAP packet. The OpenLDAP crash is ultimately caused by an off-by-one error in _sasl_add_string in common.c in cyrus-sasl.",Released
20191223,CVE-2019-12418,7.1,7,1159723,tomcat6,https://www.suse.com/security/cve/CVE-2019-12418,"When Apache Tomcat 9.0.0.M1 to 9.0.28, 8.5.0 to 8.5.47, 7.0.0 and 7.0.97 is configured with the JMX Remote Lifecycle Listener, a local attacker without access to the Tomcat process or configuration files is able to manipulate the RMI registry to perform a man-in-the-middle attack to capture user names and passwords used to access the JMX interface. The attacker can then use these credentials to access the JMX interface and gain complete control over the Tomcat instance.",Released
20191227,CVE-2019-17006,6.8,9.8,1159819,mozilla-nss,https://www.suse.com/security/cve/CVE-2019-17006,"In Network Security Services (NSS) before 3.46, several cryptographic primitives had missing length checks. In cases where the application calling the library did not perform a sanity check on the inputs it could result in a crash due to a buffer overflow.",Released
20191227,CVE-2019-19948,7.3,9.8,1159861,ImageMagick,https://www.suse.com/security/cve/CVE-2019-19948,"In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer overflow in the function WriteSGIImage of coders/sgi.c.",Released
20191227,CVE-2019-19950,,9.8,1159852,ImageMagick,https://www.suse.com/security/cve/CVE-2019-19950,"In GraphicsMagick 1.4 snapshot-20190403 Q8, there is a use-after-free in ThrowException and ThrowLoggedException of magick/error.c.",Analysis
20191227,CVE-2019-19966,3.5,4.6,1159841,kernel-source,https://www.suse.com/security/cve/CVE-2019-19966,"In the Linux kernel before 5.1.6, there is a use-after-free in cpia2_exit() in drivers/media/usb/cpia2/cpia2_v4l.c that will cause denial of service, aka CID-dea37a972655.",Released
20191230,CVE-2019-11045,5.3,5.9,1159923,php53,https://www.suse.com/security/cve/CVE-2019-11045,"In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP DirectoryIterator class accepts filenames with embedded \0 byte and treats them as terminating at that byte. This could lead to security vulnerabilities, e.g. in applications checking paths that the code is allowed to access.",Released
20191230,CVE-2019-11046,5.3,5.3,1159924,php53,https://www.suse.com/security/cve/CVE-2019-11046,"In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP bcmath extension functions on some systems, including Windows, can be tricked into reading beyond the allocated space by supplying it with string containing characters that are identified as numeric by the OS but aren't ASCII numbers. This can read to disclosure of the content of some memory locations.",Released
20191230,CVE-2019-11047,6.5,6.5,1159922,php53,https://www.suse.com/security/cve/CVE-2019-11047,"When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash.",Released
20191230,CVE-2019-11050,6.5,6.5,1159927,php53,https://www.suse.com/security/cve/CVE-2019-11050,"When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash.",Released
20191230,CVE-2019-19956,5.3,7.5,1159928,libxml2,https://www.suse.com/security/cve/CVE-2019-19956,"xmlParseBalancedChunkMemoryRecover in parser.c in libxml2 before 2.9.10 has a memory leak related to newDoc->oldNs.",Released
20191230,CVE-2019-19965,4.2,4.7,1159911,kernel-source,https://www.suse.com/security/cve/CVE-2019-19965,"In the Linux kernel through 5.4.6, there is a NULL pointer dereference in drivers/scsi/libsas/sas_discover.c because of mishandling of port disconnection during discovery, related to a PHY down race condition, aka CID-f70267f379b5.",Released
20191230,CVE-2019-20096,5.3,5.5,1159908,kernel-source,https://www.suse.com/security/cve/CVE-2019-20096,"In the Linux kernel before 5.1, there is a memory leak in __feat_register_sp() in net/dccp/feat.c, which may cause denial of service, aka CID-1d3ff0950e2b.",Released
20191230,CVE-2019-5108,7.4,6.5,1159912,kernel-source,https://www.suse.com/security/cve/CVE-2019-5108,"An exploitable denial-of-service vulnerability exists in the Linux kernel prior to mainline 5.3. An attacker could exploit this vulnerability by triggering AP to send IAPP location updates for stations before the required authentication process has completed. This could lead to different denial-of-service scenarios, either by causing CAM table attacks, or by leading to traffic flapping if faking already existing clients in other nearby APs of the same wireless infrastructure. An attacker can forge Authentication and Association Request packets to trigger this vulnerability.",Released
20200106,CVE-2019-20176,7.6,7.5,1160111,pure-ftpd,https://www.suse.com/security/cve/CVE-2019-20176,"In Pure-FTPd 1.0.49, a stack exhaustion issue was discovered in the listdir function in ls.c.",Released
20200108,CVE-2019-15690,7.5,,1160471,LibVNCServer,https://www.suse.com/security/cve/CVE-2019-15690,"",Released
20200108,CVE-2019-19949,5.4,9.1,1160369,ImageMagick,https://www.suse.com/security/cve/CVE-2019-19949,"In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer over-read in the function WritePNGImage of coders/png.c, related to Magick_png_write_raw_profile and LocaleNCompare.",Released
20200108,CVE-2019-19977,7.1,9.8,1160462,libesmtp,https://www.suse.com/security/cve/CVE-2019-19977,"libESMTP through 1.0.6 mishandles domain copying into a fixed-size buffer in ntlm_build_type_2 in ntlm/ntlmstruct.c, as demonstrated by a stack-based buffer over-read.",Released
20200108,CVE-2019-20218,7.5,7.5,1160439,sqlite3,https://www.suse.com/security/cve/CVE-2019-20218,"selectExpander in select.c in SQLite 3.30.1 proceeds with WITH stack unwinding even after a parsing error.",Released
20200109,CVE-2019-5188,6.4,6.7,1160571,e2fsprogs,https://www.suse.com/security/cve/CVE-2019-5188,"A code execution vulnerability exists in the directory rehashing functionality of E2fsprogs e2fsck 1.45.4. A specially crafted ext4 directory can cause an out-of-bounds write on the stack, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.",Unsupported
20200113,CVE-2019-9278,7.3,8.8,1160770,libexif,https://www.suse.com/security/cve/CVE-2019-9278,"In libexif, there is a possible out of bounds write due to an integer overflow. This could lead to remote escalation of privilege in the media content provider with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112537774",Released
20200114,CVE-2017-8284,4.8,7,1160901,firefox-freetype2,https://www.suse.com/security/cve/CVE-2017-8284,"** DISPUTED ** The disas_insn function in target/i386/translate.c in QEMU before 2.9.0, when TCG mode without hardware acceleration is used, does not limit the instruction size, which allows local users to gain privileges by creating a modified basic block that injects code into a setuid program, as demonstrated by procmail. NOTE: the vendor has stated \"this bug does not violate any security guarantees QEMU makes.\"",Released
20200114,CVE-2017-8284,4.8,7,1160901,freetype2,https://www.suse.com/security/cve/CVE-2017-8284,"** DISPUTED ** The disas_insn function in target/i386/translate.c in QEMU before 2.9.0, when TCG mode without hardware acceleration is used, does not limit the instruction size, which allows local users to gain privileges by creating a modified basic block that injects code into a setuid program, as demonstrated by procmail. NOTE: the vendor has stated \"this bug does not violate any security guarantees QEMU makes.\"",Released
20200115,CVE-2020-2583,,3.7,1160968,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2020-2583,"Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).",Released
20200115,CVE-2020-2585,5.9,5.9,1160968,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2020-2585,"Vulnerability in the Java SE product of Oracle Java SE (component: JavaFX). The supported version that is affected is Java SE: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N).",Released
20200115,CVE-2020-2590,,3.7,1160968,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2020-2590,"Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).",Released
20200115,CVE-2020-2593,4.8,4.8,1160968,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2020-2593,"Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).",Released
20200115,CVE-2020-2601,,6.8,1160968,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2020-2601,"Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. While the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 6.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N).",Released
20200115,CVE-2020-2604,8.1,8.1,1160968,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2020-2604,"Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS v3.0 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).",Released
20200115,CVE-2020-2654,,3.7,1160968,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2020-2654,"Vulnerability in the Java SE product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).",Released
20200115,CVE-2020-2655,,4.8,1160968,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2020-2655,"Vulnerability in the Java SE product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 11.0.5 and 13.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE accessible data as well as unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).",Released
20200115,CVE-2020-2659,3.7,3.7,1160968,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2020-2659,"Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u241 and 8u231; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).",Released
20200116,CVE-2020-7039,7,5.6,1161066,kvm,https://www.suse.com/security/cve/CVE-2020-7039,"tcp_emu in tcp_subr.c in libslirp 4.1.0, as used in QEMU 4.2.0, mismanages memory, as demonstrated by IRC DCC commands in EMU_IRC. This can cause a heap-based buffer overflow or other out-of-bounds access which can lead to a DoS or potential execute arbitrary code.",Released
20200117,CVE-2020-7211,5.1,7.5,1161180,kvm,https://www.suse.com/security/cve/CVE-2020-7211,"tftp.c in libslirp 4.1.0, as used in QEMU 4.2.0, does not prevent ..\ directory traversal on Windows.",Ignore
20200117,CVE-2020-7211,5.1,7.5,1161180,xen,https://www.suse.com/security/cve/CVE-2020-7211,"tftp.c in libslirp 4.1.0, as used in QEMU 4.2.0, does not prevent ..\ directory traversal on Windows.",Released
20200122,CVE-2019-16994,5.3,4.7,1161523,kernel-source,https://www.suse.com/security/cve/CVE-2019-16994,"In the Linux kernel before 5.0, a memory leak exists in sit_init_net() in net/ipv6/sit.c when register_netdev() fails to register sitn->fb_tunnel_dev, which may cause denial of service, aka CID-07f12b26e21a.",Ignore
20200122,CVE-2019-19054,2.9,4.7,1161518,kernel-source,https://www.suse.com/security/cve/CVE-2019-19054,"A memory leak in the cx23888_ir_probe() function in drivers/media/pci/cx23885/cx23888-ir.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering kfifo_alloc() failures, aka CID-a7b2df76b42b.",Ignore
20200122,CVE-2019-20388,3.1,7.5,1161521,libxml2,https://www.suse.com/security/cve/CVE-2019-20388,"xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlSchemaValidateStream memory leak.",Released
20200122,CVE-2020-7595,4.3,7.5,1161517,libxml2,https://www.suse.com/security/cve/CVE-2020-7595,"xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation.",Released
20200123,CVE-2019-19555,4.3,5.5,1161698,transfig,https://www.suse.com/security/cve/CVE-2019-19555,"read_textobject in read.c in Xfig fig2dev 3.2.7b has a stack-based buffer overflow because of an incorrect sscanf.",Released
20200128,CVE-2019-20433,4,9.1,1161982,aspell,https://www.suse.com/security/cve/CVE-2019-20433,"libaspell.a in GNU Aspell before 0.60.8 has a buffer over-read for a string ending with a single '\0' byte, if the encoding is set to ucs-2 or ucs-4 outside of the application, as demonstrated by the ASPELL_CONF environment variable.",Released
20200128,CVE-2019-20433,4,9.1,1161982,php53,https://www.suse.com/security/cve/CVE-2019-20433,"libaspell.a in GNU Aspell before 0.60.8 has a buffer over-read for a string ending with a single '\0' byte, if the encoding is set to ucs-2 or ucs-4 outside of the application, as demonstrated by the ASPELL_CONF environment variable.",Released
20200130,CVE-2020-1930,7.4,8.1,1162197,spamassassin,https://www.suse.com/security/cve/CVE-2020-1930,"A command execution issue was found in Apache SpamAssassin prior to 3.4.3. Carefully crafted nefarious rule configuration (.cf) files can be configured to run system commands similar to CVE-2018-11805. With this bug unpatched, exploits can be injected in a number of scenarios including the same privileges as spamd is run which may be elevated though doing so remotely is difficult. In addition to upgrading to SA 3.4.4, we again recommend that users should only use update channels or 3rd party .cf files from trusted places. If you cannot upgrade, do not use 3rd party rulesets, do not use sa-compile and do not run spamd as an account with elevated privileges.",Won't fix
20200130,CVE-2020-1931,7.4,8.1,1162197,spamassassin,https://www.suse.com/security/cve/CVE-2020-1931,"A command execution issue was found in Apache SpamAssassin prior to 3.4.3. Carefully crafted nefarious Configuration (.cf) files can be configured to run system commands similar to CVE-2018-11805. This issue is less stealthy and attempts to exploit the issue will throw warnings. Thanks to Damian Lukowski at credativ for reporting the issue ethically. With this bug unpatched, exploits can be injected in a number of scenarios though doing so remotely is difficult. In addition to upgrading to SA 3.4.4, we again recommend that users should only use update channels or 3rd party .cf files from trusted places.",Won't fix
20200131,CVE-2020-8492,6.5,6.5,1162367,python,https://www.suse.com/security/cve/CVE-2020-8492,"Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service (ReDoS) attacks against a client because of urllib.request.AbstractBasicAuthHandler catastrophic backtracking.",Released
20200203,CVE-2019-20446,6.5,6.5,1162501,librsvg,https://www.suse.com/security/cve/CVE-2019-20446,"In xml.rs in GNOME librsvg before 2.46.2, a crafted SVG file with nested patterns can cause denial of service when passed to the library for processing. The attacker constructs pattern elements so that the number of final rendered objects grows exponentially.",Released
20200204,CVE-2019-12528,5.9,7.5,1162689,squid3,https://www.suse.com/security/cve/CVE-2019-12528,"An issue was discovered in Squid before 4.10. It allows a crafted FTP server to trigger disclosure of sensitive information from heap memory, such as information associated with other users' sessions or non-Squid processes.",Released
20200204,CVE-2019-12528,5.9,7.5,1162689,squid,https://www.suse.com/security/cve/CVE-2019-12528,"An issue was discovered in Squid before 4.10. It allows a crafted FTP server to trigger disclosure of sensitive information from heap memory, such as information associated with other users' sessions or non-Squid processes.",Unsupported
20200204,CVE-2020-7059,5.3,9.1,1162629,php53,https://www.suse.com/security/cve/CVE-2020-7059,"When using fgetss() function to read data with stripping tags, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause this function to read past the allocated buffer. This may lead to information disclosure or crash.",Released
20200204,CVE-2020-8449,,7.5,1162687,squid3,https://www.suse.com/security/cve/CVE-2020-8449,"An issue was discovered in Squid before 4.10. Due to incorrect input validation, it can interpret crafted HTTP requests in unexpected ways to access server resources prohibited by earlier security filters.",Released
20200204,CVE-2020-8449,,7.5,1162687,squid,https://www.suse.com/security/cve/CVE-2020-8449,"An issue was discovered in Squid before 4.10. Due to incorrect input validation, it can interpret crafted HTTP requests in unexpected ways to access server resources prohibited by earlier security filters.",Unsupported
20200204,CVE-2020-8450,7.3,7.3,1162687,squid3,https://www.suse.com/security/cve/CVE-2020-8450,"An issue was discovered in Squid before 4.10. Due to incorrect buffer management, a remote client can cause a buffer overflow in a Squid instance acting as a reverse proxy.",Released
20200204,CVE-2020-8450,7.3,7.3,1162687,squid,https://www.suse.com/security/cve/CVE-2020-8450,"An issue was discovered in Squid before 4.10. Due to incorrect buffer management, a remote client can cause a buffer overflow in a Squid instance acting as a reverse proxy.",Unsupported
20200204,CVE-2020-8517,8.1,7.5,1162691,squid3,https://www.suse.com/security/cve/CVE-2020-8517,"An issue was discovered in Squid before 4.10. Due to incorrect input validation, the NTLM authentication credentials parser in ext_lm_group_acl may write to memory outside the credentials buffer. On systems with memory access protections, this can result in the helper process being terminated unexpectedly. This leads to the Squid process also terminating and a denial of service for all clients using the proxy.",Released
20200204,CVE-2020-8517,8.1,7.5,1162691,squid,https://www.suse.com/security/cve/CVE-2020-8517,"An issue was discovered in Squid before 4.10. Due to incorrect input validation, the NTLM authentication credentials parser in ext_lm_group_acl may write to memory outside the credentials buffer. On systems with memory access protections, this can result in the helper process being terminated unexpectedly. This leads to the Squid process also terminating and a denial of service for all clients using the proxy.",Unsupported
20200204,CVE-2020-8597,8.6,9.8,1162610,ppp,https://www.suse.com/security/cve/CVE-2020-8597,"eap.c in pppd in ppp 2.4.2 through 2.4.8 has an rhostname buffer overflow in the eap_request and eap_response functions.",Released
20200205,CVE-2019-9674,6.5,7.5,1162825,python,https://www.suse.com/security/cve/CVE-2019-9674,"Lib/zipfile.py in Python through 3.7.2 allows remote attackers to cause a denial of service (resource consumption) via a ZIP bomb.",Released
20200206,CVE-2020-3123,,7.5,1162921,clamav,https://www.suse.com/security/cve/CVE-2020-3123,"A vulnerability in the Data-Loss-Prevention (DLP) module in Clam AntiVirus (ClamAV) Software versions 0.102.1 and 0.102.0 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to an out-of-bounds read affecting users that have enabled the optional DLP feature. An attacker could exploit this vulnerability by sending a crafted email file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process crash, resulting in a denial of service condition.",Released
20200206,CVE-2020-5208,7.1,8.8,1163026,ipmitool,https://www.suse.com/security/cve/CVE-2020-5208,"It's been found that multiple functions in ipmitool before 1.8.19 neglect proper checking of the data received from a remote LAN party, which may lead to buffer overflows and potentially to remote code execution on the ipmitool side. This is especially dangerous if ipmitool is run as a privileged user. This problem is fixed in version 1.8.19.",Released
20200206,CVE-2020-8608,7,5.6,1163018,kvm,https://www.suse.com/security/cve/CVE-2020-8608,"In libslirp 4.1.0, as used in QEMU 4.2.0, tcp_subr.c misuses snprintf return values, leading to a buffer overflow in later code.",Released
20200206,CVE-2020-8608,7,5.6,1163018,xen,https://www.suse.com/security/cve/CVE-2020-8608,"In libslirp 4.1.0, as used in QEMU 4.2.0, tcp_subr.c misuses snprintf return values, leading to a buffer overflow in later code.",Released
20200206,CVE-2020-8647,4.4,6.1,1162929,kernel-source,https://www.suse.com/security/cve/CVE-2020-8647,"There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the vc_do_resize function in drivers/tty/vt/vt.c.",Released
20200206,CVE-2020-8648,6.1,7.1,1162928,kernel-source,https://www.suse.com/security/cve/CVE-2020-8648,"There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the n_tty_receive_buf_common function in drivers/tty/n_tty.c.",Released
20200206,CVE-2020-8649,4.4,5.9,1162929,kernel-source,https://www.suse.com/security/cve/CVE-2020-8649,"There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the vgacon_invert_region function in drivers/video/console/vgacon.c.",Released
20200213,CVE-2020-0543,6.5,5.5,1154824,kernel-source,https://www.suse.com/security/cve/CVE-2020-0543,"Incomplete cleanup from specific special register read operations in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.",Released
20200213,CVE-2020-0543,6.5,5.5,1154824,microcode_ctl,https://www.suse.com/security/cve/CVE-2020-0543,"Incomplete cleanup from specific special register read operations in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.",Released
20200213,CVE-2020-0543,6.5,5.5,1154824,xen,https://www.suse.com/security/cve/CVE-2020-0543,"Incomplete cleanup from specific special register read operations in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.",Released
20200217,CVE-2015-9542,6.5,7.5,1163933,pam_radius,https://www.suse.com/security/cve/CVE-2015-9542,"add_password in pam_radius_auth.c in pam_radius 1.4.0 does not correctly check the length of the input password, and is vulnerable to a stack-based buffer overflow during memcpy(). An attacker could send a crafted password to an application (loading the pam_radius library) and crash it. Arbitrary code execution might be possible, depending on the application, C library, compiler, and other factors.",Released
20200217,CVE-2019-20044,7,7.8,1163882,zsh,https://www.suse.com/security/cve/CVE-2019-20044,"In Zsh before 5.8, attackers able to execute commands can regain privileges dropped by the --no-PRIVILEGED option. Zsh fails to overwrite the saved uid, so the original privileges can be restored by executing MODULE_PATH=/dir/with/module zmodload with a module that calls setuid().",Released
20200217,CVE-2020-1720,4.2,6.5,1163985,postgresql94,https://www.suse.com/security/cve/CVE-2020-1720,"A flaw was found in PostgreSQL's \"ALTER ... DEPENDS ON EXTENSION\", where sub-commands did not perform authorization checks. An authenticated attacker could use this flaw in certain configurations to perform drop objects such as function, triggers, et al., leading to database corruption. This issue affects PostgreSQL versions before 12.2, before 11.7, before 10.12 and before 9.6.17.",Affected
20200217,CVE-2020-8013,6.8,2.5,1163922,permissions,https://www.suse.com/security/cve/CVE-2020-8013,"A UNIX Symbolic Link (Symlink) Following vulnerability in chkstat of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15, SUSE Linux Enterprise Server 11 set permissions intended for specific binaries on other binaries because it erroneously followed symlinks. The symlinks can't be controlled by attackers on default systems, so exploitation is difficult. This issue affects: SUSE Linux Enterprise Server 12 permissions versions prior to 2015.09.28.1626-17.27.1. SUSE Linux Enterprise Server 15 permissions versions prior to 20181116-9.23.1. SUSE Linux Enterprise Server 11 permissions versions prior to 2013.1.7-0.6.12.1.",Released
20200218,CVE-2020-8991,2.3,2.3,1164126,lvm2,https://www.suse.com/security/cve/CVE-2020-8991,"** DISPUTED ** vg_lookup in daemons/lvmetad/lvmetad-core.c in LVM2 2.02 mismanages memory, leading to an lvmetad memory leak, as demonstrated by running pvs. NOTE: RedHat disputes CVE-2020-8991 as not being a vulnerability since there’s no apparent route to either privilege escalation or to denial of service through the bug.",Ignore
20200224,CVE-2016-4606,,9.8,1164687,curl,https://www.suse.com/security/cve/CVE-2016-4606,"Curl before 7.49.1 in Apple OS X before macOS Sierra prior to 10.12 allows remote or local attackers to execute arbitrary code, gain sensitive information, cause denial-of-service conditions, bypass security restrictions, and perform unauthorized actions. This may aid in other attacks.",Ignore
20200224,CVE-2020-1398,,6.8,1164692,tomcat6,https://www.suse.com/security/cve/CVE-2020-1398,"An elevation of privilege vulnerability exists when Windows Lockscreen fails to properly handle Ease of Access dialog.An attacker who successfully exploited the vulnerability could execute commands with elevated permissions.The security update addresses the vulnerability by ensuring that the Ease of Access dialog is handled properly., aka 'Windows Lockscreen Elevation of Privilege Vulnerability'.",Released
20200224,CVE-2020-1938,7.6,9.8,1164692,tomcat6,https://www.suse.com/security/cve/CVE-2020-1938,"When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat. Tomcat treats AJP connections as having higher trust than, for example, a similar HTTP connection. If such connections are available to an attacker, they can be exploited in ways that may be surprising. In Apache Tomcat 9.0.0.M1 to 9.0.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99, Tomcat shipped with an AJP Connector enabled by default that listened on all configured IP addresses. It was expected (and recommended in the security guide) that this Connector would be disabled if not required. This vulnerability report identified a mechanism that allowed: - returning arbitrary files from anywhere in the web application - processing any file in the web application as a JSP Further, if the web application allowed file upload and stored those files within the web application (or the attacker was able to control the content of the web application by some other means) then this, along with the ability to process a file as a JSP, made remote code execution possible. It is important to note that mitigation is only required if an AJP port is accessible to untrusted users. Users wishing to take a defence-in-depth approach and block the vector that permits returning arbitrary files and execution as JSP may upgrade to Apache Tomcat 9.0.31, 8.5.51 or 7.0.100 or later. A number of changes were made to the default AJP Connector configuration in 9.0.31 to harden the default configuration. It is likely that users upgrading to 9.0.31, 8.5.51 or 7.0.100 or later will need to make small changes to their configurations.",Released
20200225,CVE-2020-9365,5.1,7.5,1164805,pure-ftpd,https://www.suse.com/security/cve/CVE-2020-9365,"An issue was discovered in Pure-FTPd 1.0.49. An out-of-bounds (OOB) read has been detected in the pure_strcmp function in utils.c.",Affected
20200227,CVE-2020-9274,4.3,7.5,1165134,pure-ftpd,https://www.suse.com/security/cve/CVE-2020-9274,"An issue was discovered in Pure-FTPd 1.0.49. An uninitialized pointer vulnerability has been detected in the diraliases linked list. When the *lookup_alias(const char alias) or print_aliases(void) function is called, they fail to correctly detect the end of the linked list and try to access a non-existent list member. This is related to init_aliases in diraliases.c.",Affected
20200227,CVE-2020-9383,4.3,7.1,1165111,kernel-source,https://www.suse.com/security/cve/CVE-2020-9383,"An issue was discovered in the Linux kernel 3.16 through 5.5.6. set_fdc in drivers/block/floppy.c leads to a wait_til_ready out-of-bounds read because the FDC index is not checked for errors before assigning it, aka CID-2e90ca68b0d2.",Released
20200228,CVE-2020-7062,2.5,7.5,1165280,php53,https://www.suse.com/security/cve/CVE-2020-7062,"In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when using file upload functionality, if upload progress tracking is enabled, but session.upload_progress.cleanup is set to 0 (disabled), and the file upload fails, the upload procedure would try to clean up data that does not exist and encounter null pointer dereference, which would likely lead to a crash.",Unsupported
20200228,CVE-2020-7063,5.3,5.3,1165289,php53,https://www.suse.com/security/cve/CVE-2020-7063,"In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when creating PHAR archive using PharData::buildFromIterator() function, the files are added with default permissions (0666, or all access) even if the original files on the filesystem were with more restrictive permissions. This may result in files having more lax permissions than intended when such archive is extracted.",Released
20200304,CVE-2019-20485,5.7,5.7,1165616,libvirt,https://www.suse.com/security/cve/CVE-2019-20485,"qemu/qemu_driver.c in libvirt before 6.0.0 mishandles the holding of a monitor job during a query to a guest agent, which allows attackers to cause a denial of service (API blockage).",Ignore
20200305,CVE-2019-20382,6.5,3.5,1165776,kvm,https://www.suse.com/security/cve/CVE-2019-20382,"QEMU 4.1.0 has a memory leak in zrle_compress_data in ui/vnc-enc-zrle.c during a VNC disconnect operation because libz is misused, resulting in a situation where memory allocated in deflateInit2 is not freed in deflateEnd.",Unsupported
20200309,CVE-2020-0066,6.4,6.4,1166098,kernel-bigmem,https://www.suse.com/security/cve/CVE-2020-0066,"In the netlink driver, there is a possible out of bounds write due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-65025077",Released
20200309,CVE-2020-0066,6.4,6.4,1166098,kernel-default,https://www.suse.com/security/cve/CVE-2020-0066,"In the netlink driver, there is a possible out of bounds write due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-65025077",Released
20200309,CVE-2020-0066,6.4,6.4,1166098,kernel-ec2,https://www.suse.com/security/cve/CVE-2020-0066,"In the netlink driver, there is a possible out of bounds write due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-65025077",Released
20200309,CVE-2020-0066,6.4,6.4,1166098,kernel-pae,https://www.suse.com/security/cve/CVE-2020-0066,"In the netlink driver, there is a possible out of bounds write due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-65025077",Released
20200309,CVE-2020-0066,6.4,6.4,1166098,kernel-ppc64,https://www.suse.com/security/cve/CVE-2020-0066,"In the netlink driver, there is a possible out of bounds write due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-65025077",Released
20200309,CVE-2020-0066,6.4,6.4,1166098,kernel-source,https://www.suse.com/security/cve/CVE-2020-0066,"In the netlink driver, there is a possible out of bounds write due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-65025077",Released
20200309,CVE-2020-0066,6.4,6.4,1166098,kernel-syms,https://www.suse.com/security/cve/CVE-2020-0066,"In the netlink driver, there is a possible out of bounds write due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-65025077",Released
20200309,CVE-2020-0066,6.4,6.4,1166098,kernel-trace,https://www.suse.com/security/cve/CVE-2020-0066,"In the netlink driver, there is a possible out of bounds write due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-65025077",Released
20200309,CVE-2020-0066,6.4,6.4,1166098,kernel-xen,https://www.suse.com/security/cve/CVE-2020-0066,"In the netlink driver, there is a possible out of bounds write due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-65025077",Released
20200317,CVE-2020-10531,8.8,8.8,1166844,icu,https://www.suse.com/security/cve/CVE-2020-10531,"An issue was discovered in International Components for Unicode (ICU) for C/C++ through 66.1. An integer overflow, leading to a heap-based buffer overflow, exists in the UnicodeString::doAppend() function in common/unistr.cpp.",Released
20200318,CVE-2018-19325,6.5,7.5,1166972,tcpdump,https://www.suse.com/security/cve/CVE-2018-19325,"** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-14466. Reason: This candidate is a duplicate of CVE-2018-14466. Notes: All CVE users should reference CVE-2018-14466 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.",Ignore
20200320,CVE-2019-12921,4.3,6.5,1138425,ImageMagick,https://www.suse.com/security/cve/CVE-2019-12921,"In GraphicsMagick before 1.3.32, the text filename component allows remote attackers to read arbitrary files via a crafted image because of TranslateTextEx for SVG.",Already fixed
20200323,CVE-2019-18860,4.3,6.1,1167373,squid3,https://www.suse.com/security/cve/CVE-2019-18860,"Squid before 4.9, when certain web browsers are used, mishandles HTML in the host (aka hostname) parameter to cachemgr.cgi.",Released
20200323,CVE-2019-18860,4.3,6.1,1167373,squid,https://www.suse.com/security/cve/CVE-2019-18860,"Squid before 4.9, when certain web browsers are used, mishandles HTML in the host (aka hostname) parameter to cachemgr.cgi.",Ignore
20200323,CVE-2020-9359,5.3,5.3,1167435,kdegraphics4,https://www.suse.com/security/cve/CVE-2020-9359,"KDE Okular before 1.10.0 allows code execution via an action link in a PDF document.",Affected
20200325,CVE-2020-10938,,9.8,1167623,ImageMagick,https://www.suse.com/security/cve/CVE-2020-10938,"GraphicsMagick before 1.3.35 has an integer overflow and resultant heap-based buffer overflow in HuffmanDecodeImage in magick/compress.c.",Analysis
20200325,CVE-2020-10942,5.5,5.3,1167629,kernel-source,https://www.suse.com/security/cve/CVE-2020-10942,"In the Linux kernel before 5.5.8, get_raw_socket in drivers/vhost/net.c lacks validation of an sk_family field, which might allow attackers to trigger kernel stack corruption via crafted system calls.",Released
20200325,CVE-2020-7942,6.5,6.5,1167645,puppet,https://www.suse.com/security/cve/CVE-2020-7942,"Previously, Puppet operated on a model that a node with a valid certificate was entitled to all information in the system and that a compromised certificate allowed access to everything in the infrastructure. When a node's catalog falls back to the `default` node, the catalog can be retrieved for a different node by modifying facts for the Puppet run. This issue can be mitigated by setting `strict_hostname_checking = true` in `puppet.conf` on your Puppet master. Puppet 6.13.0 and 5.5.19 changes the default behavior for strict_hostname_checking from false to true. It is recommended that Puppet Open Source and Puppet Enterprise users that are not upgrading still set strict_hostname_checking to true to ensure secure behavior. Affected software versions: Puppet 6.x prior to 6.13.0 Puppet Agent 6.x prior to 6.13.0 Puppet 5.5.x prior to 5.5.19 Puppet Agent 5.5.x prior to 5.5.19 Resolved in: Puppet 6.13.0 Puppet Agent 6.13.0 Puppet 5.5.19 Puppet Agent 5.5.19",Released
20200326,CVE-2019-20633,3.3,5.5,1080985,patch,https://www.suse.com/security/cve/CVE-2019-20633,"GNU patch through 2.7.6 contains a free(p_line[p_end]) Double Free vulnerability in the function another_hunk in pch.c that can cause a denial of service via a crafted patch file. NOTE: this issue exists because of an incomplete fix for CVE-2018-6952.",Affected
20200401,CVE-2020-7064,5.3,5.4,1168326,php53,https://www.suse.com/security/cve/CVE-2020-7064,"In PHP versions 7.2.x below 7.2.9, 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while parsing EXIF data with exif_read_data() function, it is possible for malicious data to cause PHP to read one byte of uninitialized memory. This could potentially lead to information disclosure or crash.",Released
20200401,CVE-2020-7066,5.3,4.3,1168352,php53,https://www.suse.com/security/cve/CVE-2020-7066,"In PHP versions 7.2.x below 7.2.29, 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while using get_headers() with user-supplied URL, if the URL contains zero (\0) character, the URL will be silently truncated at it. This may cause some software to make incorrect assumptions about the target of the get_headers() and possibly send some information to a wrong server.",Released
20200402,CVE-2020-1934,,5.3,1168404,apache2,https://www.suse.com/security/cve/CVE-2020-1934,"In Apache HTTP Server 2.4.0 to 2.4.41, mod_proxy_ftp may use uninitialized memory when proxying to a malicious FTP server.",Released
20200402,CVE-2020-3898,7.3,7.8,1168422,cups,https://www.suse.com/security/cve/CVE-2020-3898,"A memory corruption issue was addressed with improved validation. This issue is fixed in macOS Catalina 10.15.4. An application may be able to gain elevated privileges.",Released
20200407,CVE-2020-11565,4.8,6,1168831,kernel-source,https://www.suse.com/security/cve/CVE-2020-11565,"** DISPUTED ** An issue was discovered in the Linux kernel through 5.6.2. mpol_parse_str in mm/mempolicy.c has a stack-based out-of-bounds write because an empty nodelist is mishandled during mount option parsing, aka CID-aa9f7d5172fa. NOTE: Someone in the security community disagrees that this is a vulnerability because the issue “is a bug in parsing mount options which can only be specified by a privileged user, so triggering the bug does not grant any powers not already held.”.",Ignore
20200407,CVE-2020-11608,4.3,4.3,1168829,kernel-source,https://www.suse.com/security/cve/CVE-2020-11608,"An issue was discovered in the Linux kernel before 5.6.1. drivers/media/usb/gspca/ov519.c allows NULL pointer dereferences in ov511_mode_init_regs and ov518_mode_init_regs when there are zero endpoints, aka CID-998912346c0d.",Released
20200407,CVE-2020-11609,4.3,4.3,1168854,kernel-source,https://www.suse.com/security/cve/CVE-2020-11609,"An issue was discovered in the stv06xx subsystem in the Linux kernel before 5.6.1. drivers/media/usb/gspca/stv06xx/stv06xx.c and drivers/media/usb/gspca/stv06xx/stv06xx_pb0100.c mishandle invalid descriptors, as demonstrated by a NULL pointer dereference, aka CID-485b06aadb93.",Released
20200408,CVE-2013-7488,5.3,7.5,1168934,perl-Convert-ASN1,https://www.suse.com/security/cve/CVE-2013-7488,"perl-Convert-ASN1 (aka the Convert::ASN1 module for Perl) through 0.27 allows remote attackers to cause an infinite loop via unexpected input.",Released
20200408,CVE-2019-20636,6.7,6.7,1168075,kernel-source,https://www.suse.com/security/cve/CVE-2019-20636,"In the Linux kernel before 5.4.12, drivers/input/input.c has out-of-bounds writes via a crafted keycode table, as demonstrated by input_set_keycode, aka CID-cb222aed03d7.",Released
20200409,CVE-2020-11647,4.3,7.5,1169063,wireshark,https://www.suse.com/security/cve/CVE-2020-11647,"In Wireshark 3.2.0 to 3.2.2, 3.0.0 to 3.0.9, and 2.6.0 to 2.6.15, the BACapp dissector could crash. This was addressed in epan/dissectors/packet-bacapp.c by limiting the amount of recursion.",Ignore
20200410,CVE-2020-11668,7.1,7.1,1168952,kernel-source,https://www.suse.com/security/cve/CVE-2020-11668,"In the Linux kernel before 5.6.1, drivers/media/usb/gspca/xirlink_cit.c (aka the Xirlink camera USB driver) mishandles invalid descriptors, aka CID-a246b4d54770.",Released
20200414,CVE-2020-11725,0,7.8,1169384,kernel-source,https://www.suse.com/security/cve/CVE-2020-11725,"** DISPUTED ** snd_ctl_elem_add in sound/core/control.c in the Linux kernel through 5.6.3 has a count=info->owner line, which later affects a private_size*count multiplication for unspecified \"interesting side effects.\" NOTE: kernel engineers dispute this finding, because it could be relevant only if new callers were added that were unfamiliar with the misuse of the info->owner field to represent data unrelated to the \"owner\" concept. The existing callers, SNDRV_CTL_IOCTL_ELEM_ADD and SNDRV_CTL_IOCTL_ELEM_REPLACE, have been designed to misuse the info->owner field in a safe way.",Ignore
20200414,CVE-2020-11740,,5.5,1168140,xen,https://www.suse.com/security/cve/CVE-2020-11740,"An issue was discovered in xenoprof in Xen through 4.13.x, allowing guest OS users (without active profiling) to obtain sensitive information about other guests. Unprivileged guests can request to map xenoprof buffers, even if profiling has not been enabled for those guests. These buffers were not scrubbed.",Released
20200414,CVE-2020-11741,,8.8,1168140,xen,https://www.suse.com/security/cve/CVE-2020-11741,"An issue was discovered in xenoprof in Xen through 4.13.x, allowing guest OS users (with active profiling) to obtain sensitive information about other guests, cause a denial of service, or possibly gain privileges. For guests for which \"active\" profiling was enabled by the administrator, the xenoprof code uses the standard Xen shared ring structure. Unfortunately, this code did not treat the guest as a potential adversary: it trusts the guest not to modify buffer size information or modify head / tail pointers in unexpected ways. This can crash the host (DoS). Privilege escalation cannot be ruled out.",Released
20200414,CVE-2020-11742,4.3,5.5,1169392,xen,https://www.suse.com/security/cve/CVE-2020-11742,"An issue was discovered in Xen through 4.13.x, allowing guest OS users to cause a denial of service because of bad continuation handling in GNTTABOP_copy. Grant table operations are expected to return 0 for success, and a negative number for errors. The fix for CVE-2017-12135 introduced a path through grant copy handling where success may be returned to the caller without any action taken. In particular, the status fields of individual operations are left uninitialised, and may result in errant behaviour in the caller of GNTTABOP_copy. A buggy or malicious guest can construct its grant table in such a way that, when a backend domain tries to copy a grant, it hits the incorrect exit path. This returns success to the caller without doing anything, which may cause crashes or other incorrect behaviour.",Released
20200414,CVE-2020-11743,,5.5,1168143,xen,https://www.suse.com/security/cve/CVE-2020-11743,"An issue was discovered in Xen through 4.13.x, allowing guest OS users to cause a denial of service because of a bad error path in GNTTABOP_map_grant. Grant table operations are expected to return 0 for success, and a negative number for errors. Some misplaced brackets cause one error path to return 1 instead of a negative value. The grant table code in Linux treats this condition as success, and proceeds with incorrectly initialised state. A buggy or malicious guest can construct its grant table in such a way that, when a backend domain tries to map a grant, it hits the incorrect error path. This will crash a Linux based dom0 or backend domain.",Ignore
20200414,CVE-2020-8019,7.8,7.8,1169385,syslog-ng,https://www.suse.com/security/cve/CVE-2020-8019,"A UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of syslog-ng of SUSE Linux Enterprise Debuginfo 11-SP3, SUSE Linux Enterprise Debuginfo 11-SP4, SUSE Linux Enterprise Module for Legacy Software 12, SUSE Linux Enterprise Point of Sale 11-SP3, SUSE Linux Enterprise Server 11-SP4-LTSS, SUSE Linux Enterprise Server for SAP 12-SP1; openSUSE Backports SLE-15-SP1, openSUSE Leap 15.1 allowed local attackers controlling the user news to escalate their privileges to root. This issue affects: SUSE Linux Enterprise Debuginfo 11-SP3 syslog-ng versions prior to 2.0.9-27.34.40.5.1. SUSE Linux Enterprise Debuginfo 11-SP4 syslog-ng versions prior to 2.0.9-27.34.40.5.1. SUSE Linux Enterprise Module for Legacy Software 12 syslog-ng versions prior to 3.6.4-12.8.1. SUSE Linux Enterprise Point of Sale 11-SP3 syslog-ng versions prior to 2.0.9-27.34.40.5.1. SUSE Linux Enterprise Server 11-SP4-LTSS syslog-ng versions prior to 2.0.9-27.34.40.5.1. SUSE Linux Enterprise Server for SAP 12-SP1 syslog-ng versions prior to 3.6.4-12.8.1. openSUSE Backports SLE-15-SP1 syslog-ng versions prior to 3.19.1-bp151.4.6.1. openSUSE Leap 15.1 syslog-ng versions prior to 3.19.1-lp151.3.6.1.",Released
20200415,CVE-2020-11761,3.3,5.5,1169578,OpenEXR,https://www.suse.com/security/cve/CVE-2020-11761,"An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read during Huffman uncompression, as demonstrated by FastHufDecoder::refill in ImfFastHuf.cpp.",Released
20200415,CVE-2020-11763,3.3,5.5,1169576,OpenEXR,https://www.suse.com/security/cve/CVE-2020-11763,"An issue was discovered in OpenEXR before 2.4.1. There is an std::vector out-of-bounds read and write, as demonstrated by ImfTileOffsets.cpp.",Released
20200415,CVE-2020-11764,3.3,5.5,1169574,OpenEXR,https://www.suse.com/security/cve/CVE-2020-11764,"An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds write in copyIntoFrameBuffer in ImfMisc.cpp.",Released
20200415,CVE-2020-2754,3.7,3.7,1169511,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2020-2754,"Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Scripting). Supported versions that are affected are Java SE: 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).",Released
20200415,CVE-2020-2755,3.7,3.7,1169511,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2020-2755,"Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Scripting). Supported versions that are affected are Java SE: 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).",Released
20200415,CVE-2020-2756,3.7,3.7,1169511,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2020-2756,"Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).",Released
20200415,CVE-2020-2757,3.7,3.7,1169511,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2020-2757,"Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).",Released
20200415,CVE-2020-2764,4.8,3.7,1169511,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2020-2764,"Vulnerability in the Java SE product of Oracle Java SE (component: Advanced Management Console). The supported version that is affected is Java Advanced Management Console: 2.16. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).",Released
20200415,CVE-2020-2767,4.8,4.8,1169511,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2020-2767,"Vulnerability in the Java SE product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 11.0.6 and 14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE accessible data as well as unauthorized read access to a subset of Java SE accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).",Released
20200415,CVE-2020-2773,3.7,3.7,1169511,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2020-2773,"Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).",Released
20200415,CVE-2020-2778,3.7,3.7,1169511,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2020-2778,"Vulnerability in the Java SE product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 11.0.6 and 14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).",Released
20200415,CVE-2020-2781,5.3,5.3,1169511,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2020-2781,"Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).",Released
20200415,CVE-2020-2800,4.8,4.8,1169511,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2020-2800,"Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Lightweight HTTP Server). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).",Released
20200415,CVE-2020-2803,8.3,8.3,1169511,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2020-2803,"Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).",Released
20200415,CVE-2020-2805,8.3,8.3,1169511,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2020-2805,"Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).",Released
20200415,CVE-2020-2816,7.5,7.5,1169511,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2020-2816,"Vulnerability in the Java SE product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 11.0.6 and 14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE accessible data. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).",Released
20200415,CVE-2020-2830,5.3,5.3,1169511,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2020-2830,"Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Concurrency). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).",Released
20200416,CVE-2019-12519,7.6,9.8,1169659,squid3,https://www.suse.com/security/cve/CVE-2019-12519,"An issue was discovered in Squid through 4.7. When handling the tag esi:when when ESI is enabled, Squid calls ESIExpression::Evaluate. This function uses a fixed stack buffer to hold the expression while it's being evaluated. When processing the expression, it could either evaluate the top of the stack, or add a new member to the stack. When adding a new member, there is no check to ensure that the stack won't overflow.",Released
20200416,CVE-2019-12519,7.6,9.8,1169659,squid,https://www.suse.com/security/cve/CVE-2019-12519,"An issue was discovered in Squid through 4.7. When handling the tag esi:when when ESI is enabled, Squid calls ESIExpression::Evaluate. This function uses a fixed stack buffer to hold the expression while it's being evaluated. When processing the expression, it could either evaluate the top of the stack, or add a new member to the stack. When adding a new member, there is no check to ensure that the stack won't overflow.",Ignore
20200416,CVE-2019-12520,5.8,7.5,1169666,squid3,https://www.suse.com/security/cve/CVE-2019-12520,"An issue was discovered in Squid through 4.7 and 5. When receiving a request, Squid checks its cache to see if it can serve up a response. It does this by making a MD5 hash of the absolute URL of the request. If found, it servers the request. The absolute URL can include the decoded UserInfo (username and password) for certain protocols. This decoded info is prepended to the domain. This allows an attacker to provide a username that has special characters to delimit the domain, and treat the rest of the URL as a path or query string. An attacker could first make a request to their domain using an encoded username, then when a request for the target domain comes in that decodes to the exact URL, it will serve the attacker's HTML instead of the real HTML. On Squid servers that also act as reverse proxies, this allows an attacker to gain access to features that only reverse proxies can use, such as ESI.",Released
20200417,CVE-2020-11868,3.7,7.5,1169740,ntp,https://www.suse.com/security/cve/CVE-2020-11868,"ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows an off-path attacker to block unauthenticated synchronization via a server mode packet with a spoofed source IP address, because transmissions are rescheduled even when a packet lacks a valid origin timestamp.",Released
20200420,CVE-2020-11880,6.5,6.5,1169844,kdepim4,https://www.suse.com/security/cve/CVE-2020-11880,"An issue was discovered in KDE KMail before 19.12.3. By using the proprietary (non-RFC6068) \"mailto?attach=...\" parameter, a website (or other source of mailto links) can make KMail attach local files to a composed email message without showing a warning to the user, as demonstrated by an attach=.bash_history value.",Affected
20200421,CVE-2020-10690,6.4,6.4,1170056,kernel-source,https://www.suse.com/security/cve/CVE-2020-10690,"There is a use-after-free in kernel versions before 5.5 due to a race condition between the release of ptp_clock and cdev while resource deallocation. When a (high privileged) process allocates a ptp device file (like /dev/ptpX) and voluntarily goes to sleep. During this time if the underlying device is removed, it can cause an exploitable condition as the process wakes up to terminate and clean all attached files. The system crashes due to the cdev structure being invalid (as already freed) which is pointed to by the inode.",Released
20200423,CVE-2019-12521,6.5,5.9,1169659,squid3,https://www.suse.com/security/cve/CVE-2019-12521,"An issue was discovered in Squid through 4.7. When Squid is parsing ESI, it keeps the ESI elements in ESIContext. ESIContext contains a buffer for holding a stack of ESIElements. When a new ESIElement is parsed, it is added via addStackElement. addStackElement has a check for the number of elements in this buffer, but it's off by 1, leading to a Heap Overflow of 1 element. The overflow is within the same structure so it can't affect adjacent memory blocks, and thus just leads to a crash while processing.",Released
20200423,CVE-2019-12521,6.5,5.9,1169659,squid,https://www.suse.com/security/cve/CVE-2019-12521,"An issue was discovered in Squid through 4.7. When Squid is parsing ESI, it keeps the ESI elements in ESIContext. ESIContext contains a buffer for holding a stack of ESIElements. When a new ESIElement is parsed, it is added via addStackElement. addStackElement has a check for the number of elements in this buffer, but it's off by 1, leading to a Heap Overflow of 1 element. The overflow is within the same structure so it can't affect adjacent memory blocks, and thus just leads to a crash while processing.",Ignore
20200423,CVE-2020-11945,8.8,9.8,1170313,squid3,https://www.suse.com/security/cve/CVE-2020-11945,"An issue was discovered in Squid before 5.0.2. A remote attacker can replay a sniffed Digest Authentication nonce to gain access to resources that are otherwise forbidden. This occurs because the attacker can overflow the nonce reference counter (a short integer). Remote code execution may occur if the pooled token credentials are freed (instead of replayed as valid credentials).",Released
20200423,CVE-2020-11945,8.8,9.8,1170313,squid,https://www.suse.com/security/cve/CVE-2020-11945,"An issue was discovered in Squid before 5.0.2. A remote attacker can replay a sniffed Digest Authentication nonce to gain access to resources that are otherwise forbidden. This occurs because the attacker can overflow the nonce reference counter (a short integer). Remote code execution may occur if the pooled token credentials are freed (instead of replayed as valid credentials).",Unsupported
20200424,CVE-2019-12522,4.5,9.8,1170454,squid3,https://www.suse.com/security/cve/CVE-2019-12522,"An issue was discovered in Squid through 4.7. When Squid is run as root, it spawns its child processes as a lesser user, by default the user nobody. This is done via the leave_suid call. leave_suid leaves the Saved UID as 0. This makes it trivial for an attacker who has compromised the child process to escalate their privileges back to root.",Affected
20200424,CVE-2019-12522,4.5,9.8,1170454,squid,https://www.suse.com/security/cve/CVE-2019-12522,"An issue was discovered in Squid through 4.7. When Squid is run as root, it spawns its child processes as a lesser user, by default the user nobody. This is done via the leave_suid call. leave_suid leaves the Saved UID as 0. This makes it trivial for an attacker who has compromised the child process to escalate their privileges back to root.",Unsupported
20200424,CVE-2019-12524,5.8,9.8,1169666,squid3,https://www.suse.com/security/cve/CVE-2019-12524,"An issue was discovered in Squid through 4.7. When handling requests from users, Squid checks its rules to see if the request should be denied. Squid by default comes with rules to block access to the Cache Manager, which serves detailed server information meant for the maintainer. This rule is implemented via url_regex. The handler for url_regex rules URL decodes an incoming request. This allows an attacker to encode their URL to bypass the url_regex check, and gain access to the blocked resource.",Released
20200424,CVE-2019-20788,7.5,9.8,1170441,LibVNCServer,https://www.suse.com/security/cve/CVE-2019-20788,"libvncclient/cursor.c in LibVNCServer through 0.9.12 has a HandleCursorShape integer overflow and heap-based buffer overflow via a large height or width value. NOTE: this may overlap CVE-2019-15690.",Released
20200424,CVE-2020-8695,5.3,5.5,1170415,microcode_ctl,https://www.suse.com/security/cve/CVE-2020-8695,"Observable discrepancy in the RAPL interface for some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local access.",Released
20200427,CVE-2020-10713,8.2,8.2,1168994,grub2,https://www.suse.com/security/cve/CVE-2020-10713,"A flaw was found in grub2, prior to version 2.06. An attacker may use the GRUB 2 flaw to hijack and tamper the GRUB verification process. This flaw also allows the bypass of Secure Boot protections. In order to load an untrusted or modified kernel, an attacker would first need to establish access to the system such as gaining physical access, obtain the ability to alter a pxe-boot network, or have remote access to a networked system with root access. With this access, an attacker could then craft a string to cause a buffer overflow by injecting a malicious payload that leads to arbitrary code execution within GRUB. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",Released
20200427,CVE-2020-10713,8.2,8.2,1168994,shim,https://www.suse.com/security/cve/CVE-2020-10713,"A flaw was found in grub2, prior to version 2.06. An attacker may use the GRUB 2 flaw to hijack and tamper the GRUB verification process. This flaw also allows the bypass of Secure Boot protections. In order to load an untrusted or modified kernel, an attacker would first need to establish access to the system such as gaining physical access, obtain the ability to alter a pxe-boot network, or have remote access to a networked system with root access. With this access, an attacker could then craft a string to cause a buffer overflow by injecting a malicious payload that leads to arbitrary code execution within GRUB. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",Released
20200427,CVE-2020-12137,6.4,6.1,1170558,mailman,https://www.suse.com/security/cve/CVE-2020-12137,"GNU Mailman 2.x before 2.1.30 uses the .obj extension for scrubbed application/octet-stream MIME parts. This behavior may contribute to XSS attacks against list-archive visitors, because an HTTP reply from an archive web server may lack a MIME type, and a web browser may perform MIME sniffing, conclude that the MIME type should have been text/html, and execute JavaScript code.",Released
20200429,CVE-2020-12243,7.5,7.5,1170771,openldap2,https://www.suse.com/security/cve/CVE-2020-12243,"In filter.c in slapd in OpenLDAP before 2.4.50, LDAP search filters with nested boolean expressions can result in denial of service (daemon crash).",Released
20200430,CVE-2018-21232,,5.5,1170890,re2c,https://www.suse.com/security/cve/CVE-2018-21232,"re2c before 2.0 has uncontrolled recursion that causes stack consumption in find_fixed_tags.",Analysis
20200430,CVE-2020-1983,7.5,6.5,1170940,kvm,https://www.suse.com/security/cve/CVE-2020-1983,"A use after free vulnerability in ip_reass() in ip_input.c of libslirp 4.2.0 and prior releases allows crafted packets to cause a denial of service.",Released
20200505,CVE-2020-10732,3.3,3.3,1171220,kernel-source,https://www.suse.com/security/cve/CVE-2020-10732,"A flaw was found in the Linux kernel's implementation of Userspace core dumps. This flaw allows an attacker with a local account to crash a trivial program and exfiltrate private kernel data.",Released
20200505,CVE-2020-12652,6.4,4.1,1171218,kernel-source,https://www.suse.com/security/cve/CVE-2020-12652,"The __mptctl_ioctl function in drivers/message/fusion/mptctl.c in the Linux kernel before 5.4.14 allows local users to hold an incorrect lock during the ioctl operation and trigger a race condition, i.e., a \"double fetch\" vulnerability, aka CID-28d76df18f0a. NOTE: the vendor states \"The security impact of this bug is not as bad as it could have been because these operations are all privileged and root already has enormous destructive power.\"",Released
20200505,CVE-2020-12653,7.8,7.8,1159281,kernel-source,https://www.suse.com/security/cve/CVE-2020-12653,"An issue was found in Linux kernel before 5.5.4. The mwifiex_cmd_append_vsie_tlv() function in drivers/net/wireless/marvell/mwifiex/scan.c allows local users to gain privileges or cause a denial of service because of an incorrect memcpy and buffer overflow, aka CID-b70261a288ea.",Released
20200505,CVE-2020-12654,8,7.1,1159281,kernel-source,https://www.suse.com/security/cve/CVE-2020-12654,"An issue was found in Linux kernel before 5.5.4. mwifiex_ret_wmm_get_status() in drivers/net/wireless/marvell/mwifiex/wmm.c allows a remote AP to trigger a heap-based buffer overflow because of an incorrect memcpy, aka CID-3a9b153c5591.",Released
20200505,CVE-2020-12656,2.9,5.5,1171219,kernel-source,https://www.suse.com/security/cve/CVE-2020-12656,"** DISPUTED ** gss_mech_free in net/sunrpc/auth_gss/gss_mech_switch.c in the rpcsec_gss_krb5 implementation in the Linux kernel through 5.6.10 lacks certain domain_release calls, leading to a memory leak. Note: This was disputed with the assertion that the issue does not grant any access not already available. It is a problem that on unloading a specific kernel module some memory is leaked, but loading kernel modules is a privileged operation. A user could also write a kernel module to consume any amount of memory they like and load that replicating the effect of this bug.",Released
20200506,CVE-2020-12672,,7.5,1171271,ImageMagick,https://www.suse.com/security/cve/CVE-2020-12672,"GraphicsMagick through 1.3.35 has a heap-based buffer overflow in ReadMNGImage in coders/png.c.",Analysis
20200507,CVE-2018-8956,3.7,5.3,1171355,ntp,https://www.suse.com/security/cve/CVE-2018-8956,"ntpd in ntp 4.2.8p10, 4.2.8p11, 4.2.8p12 and 4.2.8p13 allow remote attackers to prevent a broadcast client from synchronizing its clock with a broadcast NTP server via soofed mode 3 and mode 5 packets. The attacker must either be a part of the same broadcast network or control a slave in that broadcast network that can capture certain required packets on the attacker's behalf and send them to the attacker.",Released
20200507,CVE-2020-12108,4.3,6.5,1171363,mailman,https://www.suse.com/security/cve/CVE-2020-12108,"/options/mailman in GNU Mailman before 2.1.31 allows Arbitrary Content Injection.",Released
20200511,CVE-2018-20225,6.4,7.8,1171462,python,https://www.suse.com/security/cve/CVE-2018-20225,"** DISPUTED ** An issue was discovered in pip (all versions) because it installs the version with the highest version number, even if the user had intended to obtain a private package from a private index. This only affects use of the --extra-index-url option, and exploitation requires that the package does not already exist in the public index (and thus the attacker can put the package there with an arbitrary version number). NOTE: it has been reported that this is intended functionality and the user is responsible for using --extra-index-url securely.",Ignore
20200511,CVE-2020-12767,6.2,5.5,1171475,libexif,https://www.suse.com/security/cve/CVE-2020-12767,"exif_entry_get_value in exif-entry.c in libexif 0.6.21 has a divide-by-zero error.",Released
20200511,CVE-2020-12770,6.1,6.7,1171420,kernel-default,https://www.suse.com/security/cve/CVE-2020-12770,"An issue was discovered in the Linux kernel through 5.6.11. sg_write lacks an sg_remove_request call in a certain failure case, aka CID-83c6f2390040.",Ignore
20200511,CVE-2020-12770,6.1,6.7,1171420,kernel-ec2,https://www.suse.com/security/cve/CVE-2020-12770,"An issue was discovered in the Linux kernel through 5.6.11. sg_write lacks an sg_remove_request call in a certain failure case, aka CID-83c6f2390040.",Released
20200511,CVE-2020-12770,6.1,6.7,1171420,kernel-source,https://www.suse.com/security/cve/CVE-2020-12770,"An issue was discovered in the Linux kernel through 5.6.11. sg_write lacks an sg_remove_request call in a certain failure case, aka CID-83c6f2390040.",Released
20200511,CVE-2020-12770,6.1,6.7,1171420,kernel-syms,https://www.suse.com/security/cve/CVE-2020-12770,"An issue was discovered in the Linux kernel through 5.6.11. sg_write lacks an sg_remove_request call in a certain failure case, aka CID-83c6f2390040.",Released
20200511,CVE-2020-12770,6.1,6.7,1171420,kernel-trace,https://www.suse.com/security/cve/CVE-2020-12770,"An issue was discovered in the Linux kernel through 5.6.11. sg_write lacks an sg_remove_request call in a certain failure case, aka CID-83c6f2390040.",Released
20200511,CVE-2020-12770,6.1,6.7,1171420,kernel-xen,https://www.suse.com/security/cve/CVE-2020-12770,"An issue was discovered in the Linux kernel through 5.6.11. sg_write lacks an sg_remove_request call in a certain failure case, aka CID-83c6f2390040.",Released
20200514,CVE-2020-12825,7.1,7.1,1171685,libcroco,https://www.suse.com/security/cve/CVE-2020-12825,"libcroco through 0.6.13 has excessive recursion in cr_parser_parse_any_core in cr-parser.c, leading to stack consumption.",Released
20200514,CVE-2020-1945,4.9,6.3,1171696,ant,https://www.suse.com/security/cve/CVE-2020-1945,"Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. The fixcrlf and replaceregexp tasks also copy files from the temporary directory back into the build tree allowing an attacker to inject modified source files into the build process.",Won't fix
20200515,CVE-2020-12826,5.3,5.3,1171727,kernel-source,https://www.suse.com/security/cve/CVE-2020-12826,"A signal access-control issue was discovered in the Linux kernel before 5.6.5, aka CID-7395ea4e65c2. Because exec_id in include/linux/sched.h is only 32 bits, an integer overflow can interfere with a do_notify_parent protection mechanism. A child process can send an arbitrary signal to a parent process in a different security domain. Exploitation limitations include the amount of elapsed time before an integer overflow occurs, and the lack of scenarios where signals to a parent process present a substantial operational threat.",Affected
20200515,CVE-2020-8616,8.6,8.6,1109160,bind,https://www.suse.com/security/cve/CVE-2020-8616,"A malicious actor who intentionally exploits this lack of effective limitation on the number of fetches performed when processing referrals can, through the use of specially crafted referrals, cause a recursing server to issue a very large number of fetches in an attempt to process the referral. This has at least two potential effects: The performance of the recursing server can potentially be degraded by the additional work required to perform these fetches, and The attacker can exploit this behavior to use the recursing server as a reflector in a reflection attack with a high amplification factor.",Released
20200515,CVE-2020-8617,7.5,5.9,1109160,bind,https://www.suse.com/security/cve/CVE-2020-8617,"Using a specially-crafted message, an attacker may potentially cause a BIND server to reach an inconsistent state if the attacker knows (or successfully guesses) the name of a TSIG key used by the server. Since BIND, by default, configures a local session key even on servers whose configuration does not otherwise make use of it, almost all current BIND servers are vulnerable. In releases of BIND dating from March 2018 and after, an assertion check in tsig.c detects this inconsistent state and deliberately exits. Prior to the introduction of the check the server would continue operating in an inconsistent state, with potentially harmful results.",Released
20200518,CVE-2020-0093,5,5,1171847,libexif,https://www.suse.com/security/cve/CVE-2020-0093,"In exif_data_save_data_entry of exif-data.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-148705132",Unsupported
20200519,CVE-2020-10543,6.4,8.2,1171863,perl,https://www.suse.com/security/cve/CVE-2020-10543,"Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an integer overflow.",Released
20200519,CVE-2020-10878,6.4,8.6,1171864,perl,https://www.suse.com/security/cve/CVE-2020-10878,"Perl before 5.30.3 has an integer overflow related to mishandling of a \"PL_regkind[OP(n)] == NOTHING\" situation. A crafted regular expression could lead to malformed bytecode with a possibility of instruction injection.",Released
20200519,CVE-2020-12723,6.4,7.5,1171866,perl,https://www.suse.com/security/cve/CVE-2020-12723,"regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted regular expression because of recursive S_study_chunk calls.",Released
20200520,CVE-2020-9484,7.5,7,1171928,tomcat6,https://www.suse.com/security/cve/CVE-2020-9484,"When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a) an attacker is able to control the contents and name of a file on the server; and b) the server is configured to use the PersistenceManager with a FileStore; and c) the PersistenceManager is configured with sessionAttributeValueClassNameFilter=\"null\" (the default unless a SecurityManager is used) or a sufficiently lax filter to allow the attacker provided object to be deserialized; and d) the attacker knows the relative file path from the storage location used by FileStore to the file the attacker has control over; then, using a specifically crafted request, the attacker will be able to trigger remote code execution via deserialization of the file under their control. Note that all of conditions a) to d) must be true for the attack to succeed.",Released
20200522,CVE-2019-11048,,5.3,1171999,php53,https://www.suse.com/security/cve/CVE-2019-11048,"In PHP versions 7.2.x below 7.2.31, 7.3.x below 7.3.18 and 7.4.x below 7.4.6, when HTTP file uploads are allowed, supplying overly long filenames or field names could lead PHP engine to try to allocate oversized memory storage, hit the memory limit and stop processing the request, without cleaning up temporary files created by upload request. This potentially could lead to accumulation of uncleaned temporary files exhausting the disk space on the target server.",Released
20200522,CVE-2020-10741,4.4,,1171985,kernel-source,https://www.suse.com/security/cve/CVE-2020-10741,"** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2020-12826. Reason: This candidate is a duplicate of CVE-2020-12826. Notes: All CVE users should reference CVE-2020-12826 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.",Ignore
20200522,CVE-2020-3327,,7.5,1171980,clamav,https://www.suse.com/security/cve/CVE-2020-3327,"A vulnerability in the ARJ archive parsing module in Clam AntiVirus (ClamAV) Software versions 0.102.2 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a heap buffer overflow read. An attacker could exploit this vulnerability by sending a crafted ARJ file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process crash, resulting in a denial of service condition.",Released
20200522,CVE-2020-3341,8.4,7.5,1171981,clamav,https://www.suse.com/security/cve/CVE-2020-3341,"A vulnerability in the PDF archive parsing module in Clam AntiVirus (ClamAV) Software versions 0.101 - 0.102.2 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a stack buffer overflow read. An attacker could exploit this vulnerability by sending a crafted PDF file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process crash, resulting in a denial of service condition.",Released
20200525,CVE-2020-13253,3.3,5.5,1172033,kvm,https://www.suse.com/security/cve/CVE-2020-13253,"sd_wp_addr in hw/sd/sd.c in QEMU 4.2.0 uses an unvalidated address, which leads to an out-of-bounds read during sdhci_write() operations. A guest OS user can crash the QEMU process.",Ignore
20200526,CVE-2020-10751,6.1,6.1,1171189,kernel-source,https://www.suse.com/security/cve/CVE-2020-10751,"A flaw was found in the Linux kernels SELinux LSM hook implementation before version 5.7, where it incorrectly assumed that an skb would only contain a single netlink message. The hook would incorrectly only validate the first netlink message in the skb and allow or deny the rest of the messages within the skb with the granted permission without further processing.",Won't fix
20200526,CVE-2020-13112,9.1,9.1,1172116,libexif,https://www.suse.com/security/cve/CVE-2020-13112,"An issue was discovered in libexif before 0.6.22. Several buffer over-reads in EXIF MakerNote handling could lead to information disclosure and crashes. This is different from CVE-2020-0093.",Released
20200527,CVE-2018-1285,6.3,9.8,1172193,log4net,https://www.suse.com/security/cve/CVE-2018-1285,"Apache log4net versions before 2.0.10 do not disable XML external entities when parsing log4net configuration files. This allows for XXE-based attacks in applications that accept attacker-controlled log4net configuration files.",Released
20200528,CVE-2019-20807,6.3,5.3,1172225,vim,https://www.suse.com/security/cve/CVE-2019-20807,"In Vim before 8.1.0881, users can circumvent the rvim restricted mode and execute arbitrary OS commands via scripting interfaces (e.g., Python, Ruby, or Lua).",Released
20200529,CVE-2017-9103,7.5,9.8,1172265,adns,https://www.suse.com/security/cve/CVE-2017-9103,"An issue was discovered in adns before 1.5.2. pap_mailbox822 does not properly check st from adns__findlabel_next. Without this, an uninitialised stack value can be used as the first label length. Depending on the circumstances, an attacker might be able to trick adns into crashing the calling program, leaking aspects of the contents of some of its memory, causing it to allocate lots of memory, or perhaps overrunning a buffer. This is only possible with applications which make non-raw queries for SOA or RP records.",Released
20200529,CVE-2017-9104,7.5,9.8,1172265,adns,https://www.suse.com/security/cve/CVE-2017-9104,"An issue was discovered in adns before 1.5.2. It hangs, eating CPU, if a compression pointer loop is encountered.",Released
20200529,CVE-2017-9105,7.5,8.8,1172265,adns,https://www.suse.com/security/cve/CVE-2017-9105,"An issue was discovered in adns before 1.5.2. It corrupts a pointer when a nameserver speaks first because of a wrong number of pointer dereferences. This bug may well be exploitable as a remote code execution.",Released
20200529,CVE-2017-9106,7.5,7.5,1172265,adns,https://www.suse.com/security/cve/CVE-2017-9106,"An issue was discovered in adns before 1.5.2. adns_rr_info mishandles a bogus *datap. The general pattern for formatting integers is to sprintf into a fixed-size buffer. This is correct if the input is in the right range; if it isn't, the buffer may be overrun (depending on the sizes of the types on the current platform). Of course the inputs ought to be right. And there are pointers in there too, so perhaps one could say that the caller ought to check these things. It may be better to require the caller to make the pointer structure right, but to have the code here be defensive about (and tolerate with an error but without crashing) out-of-range integer values. So: it should defend each of these integer conversion sites with a check for the actual permitted range, and return adns_s_invaliddata if not. The lack of this check causes the SOA sign extension bug to be a serious security problem: the sign extended SOA value is out of range, and overruns the buffer when reconverted. This is related to sign extending SOA 32-bit integer fields, and use of a signed data type.",Released
20200529,CVE-2017-9107,7.5,7.5,1172265,adns,https://www.suse.com/security/cve/CVE-2017-9107,"An issue was discovered in adns before 1.5.2. It overruns reading a buffer if a domain ends with backslash. If the query domain ended with \, and adns_qf_quoteok_query was specified, qdparselabel would read additional bytes from the buffer and try to treat them as the escape sequence. It would depart the input buffer and start processing many bytes of arbitrary heap data as if it were the query domain. Eventually it would run out of input or find some other kind of error, and declare the query domain invalid. But before then it might outrun available memory and crash. In principle this could be a denial of service attack.",Released
20200529,CVE-2017-9108,4,7.5,1172265,adns,https://www.suse.com/security/cve/CVE-2017-9108,"An issue was discovered in adns before 1.5.2. adnshost mishandles a missing final newline on a stdin read. It is wrong to increment used as well as setting r, since used is incremented according to r, later. Rather one should be doing what read() would have done. Without this fix, adnshost may read and process one byte beyond the buffer, perhaps crashing or perhaps somehow leaking the value of that byte.",Released
20200529,CVE-2017-9109,7.5,9.8,1172265,adns,https://www.suse.com/security/cve/CVE-2017-9109,"An issue was discovered in adns before 1.5.2. It fails to ignore apparent answers before the first RR that was found the first time. when this is fixed, the second answer scan finds the same RRs at the first. Otherwise, adns can be confused by interleaving answers for the CNAME target, with the CNAME itself. In that case the answer data structure (on the heap) can be overrun. With this fixed, it prefers to look only at the answer RRs which come after the CNAME, which is at least arguably correct.",Released
20200602,CVE-2020-12829,6,5.5,1172385,kvm,https://www.suse.com/security/cve/CVE-2020-12829,"In QEMU through 5.0.0, an integer overflow was found in the SM501 display driver implementation. This flaw occurs in the COPY_AREA macro while handling MMIO write operations through the sm501_2d_engine_write() callback. A local attacker could abuse this flaw to crash the QEMU process in sm501_2d_operation() in hw/display/sm501.c on the host, resulting in a denial of service.",Released
20200602,CVE-2020-13361,3.9,3.9,1172384,kvm,https://www.suse.com/security/cve/CVE-2020-13361,"In QEMU 5.0.0 and earlier, es1370_transfer_audio in hw/audio/es1370.c does not properly validate the frame count, which allows guest OS users to trigger an out-of-bounds access during an es1370_write() operation.",Released
20200602,CVE-2020-13362,3.2,3.2,1172383,kvm,https://www.suse.com/security/cve/CVE-2020-13362,"In QEMU 5.0.0 and earlier, megasas_lookup_frame in hw/scsi/megasas.c has an out-of-bounds read via a crafted reply_queue_head field from a guest OS user.",Released
20200602,CVE-2020-13754,3.9,6.7,1172382,kvm,https://www.suse.com/security/cve/CVE-2020-13754,"hw/pci/msix.c in QEMU 4.2.0 allows guest OS users to trigger an out-of-bounds access via a crafted address in an msi-x mmio operation.",Affected
20200603,CVE-2019-20811,5.5,5.5,1172456,kernel-default,https://www.suse.com/security/cve/CVE-2019-20811,"An issue was discovered in the Linux kernel before 5.0.6. In rx_queue_add_kobject() and netdev_queue_add_kobject() in net/core/net-sysfs.c, a reference count is mishandled, aka CID-a3e23f719f5c.",Ignore
20200603,CVE-2020-13765,7.2,5.6,1172478,kvm,https://www.suse.com/security/cve/CVE-2020-13765,"rom_copy() in hw/core/loader.c in QEMU 4.0 and 4.1.0 does not validate the relationship between two addresses, which allows attackers to trigger an invalid memory copy operation.",Released
20200604,CVE-2020-10134,5.9,6.3,1172514,bluez,https://www.suse.com/security/cve/CVE-2020-10134,"Pairing in Bluetooth� Core v5.2 and earlier may permit an unauthenticated attacker to acquire credentials with two pairing devices via adjacent access when the unauthenticated user initiates different pairing methods in each peer device and an end-user erroneously completes both pairing procedures with the MITM using the confirmation number of one peer as the passkey of the other. An adjacent, unauthenticated attacker could be able to initiate any Bluetooth operation on either attacked device exposed by the enabled Bluetooth profiles. This exposure may be limited when the user must authorize certain access explicitly, but so long as a user assumes that it is the intended remote device requesting permissions, device-local protections may be weakened.",Unsupported
20200604,CVE-2020-13790,5.3,8.1,1172491,jpeg,https://www.suse.com/security/cve/CVE-2020-13790,"libjpeg-turbo 2.0.4, and mozjpeg 4.0.0, has a heap-based buffer over-read in get_rgb_row() in rdppm.c via a malformed PPM input file.",Released
20200608,CVE-2020-13817,5.9,7.4,1172651,ntp,https://www.suse.com/security/cve/CVE-2020-13817,"ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows remote attackers to cause a denial of service (daemon exit or system time change) by predicting transmit timestamps for use in spoofed packets. The victim must be relying on unauthenticated IPv4 time sources. There must be an off-path attacker who can query time from the victim's ntpd instance.",Released
20200609,CVE-2020-13692,5.6,7.7,1172746,postgresql-jdbc,https://www.suse.com/security/cve/CVE-2020-13692,"PostgreSQL JDBC Driver (aka PgJDBC) before 42.2.13 allows XXE.",Released
20200609,CVE-2020-8023,7.8,7.8,1172698,openldap2,https://www.suse.com/security/cve/CVE-2020-8023,"A acceptance of Extraneous Untrusted Data With Trusted Data vulnerability in the start script of openldap2 of SUSE Enterprise Storage 5, SUSE Linux Enterprise Debuginfo 11-SP3, SUSE Linux Enterprise Debuginfo 11-SP4, SUSE Linux Enterprise Point of Sale 11-SP3, SUSE Linux Enterprise Server 11-SECURITY, SUSE Linux Enterprise Server 11-SP4-LTSS, SUSE Linux Enterprise Server 12-SP2-BCL, SUSE Linux Enterprise Server 12-SP2-LTSS, SUSE Linux Enterprise Server 12-SP3-BCL, SUSE Linux Enterprise Server 12-SP3-LTSS, SUSE Linux Enterprise Server 12-SP4, SUSE Linux Enterprise Server 12-SP5, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 12-SP2, SUSE Linux Enterprise Server for SAP 12-SP3, SUSE Linux Enterprise Server for SAP 15, SUSE OpenStack Cloud 7, SUSE OpenStack Cloud 8, SUSE OpenStack Cloud Crowbar 8; openSUSE Leap 15.1, openSUSE Leap 15.2 allows local attackers to escalate privileges from user ldap to root. This issue affects: SUSE Enterprise Storage 5 openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Debuginfo 11-SP3 openldap2 versions prior to 2.4.26-0.74.13.1,. SUSE Linux Enterprise Debuginfo 11-SP4 openldap2 versions prior to 2.4.26-0.74.13.1,. SUSE Linux Enterprise Point of Sale 11-SP3 openldap2 versions prior to 2.4.26-0.74.13.1,. SUSE Linux Enterprise Server 11-SECURITY openldap2-client-openssl1 versions prior to 2.4.26-0.74.13.1. SUSE Linux Enterprise Server 11-SP4-LTSS openldap2 versions prior to 2.4.26-0.74.13.1,. SUSE Linux Enterprise Server 12-SP2-BCL openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Server 12-SP2-LTSS openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Server 12-SP3-BCL openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Server 12-SP3-LTSS openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Server 12-SP4 openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Server 12-SP5 openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Server 15-LTSS openldap2 versions prior to 2.4.46-9.31.1. SUSE Linux Enterprise Server for SAP 12-SP2 openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Server for SAP 12-SP3 openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Server for SAP 15 openldap2 versions prior to 2.4.46-9.31.1. SUSE OpenStack Cloud 7 openldap2 versions prior to 2.4.41-18.71.2. SUSE OpenStack Cloud 8 openldap2 versions prior to 2.4.41-18.71.2. SUSE OpenStack Cloud Crowbar 8 openldap2 versions prior to 2.4.41-18.71.2. openSUSE Leap 15.1 openldap2 versions prior to 2.4.46-lp151.10.12.1. openSUSE Leap 15.2 openldap2 versions prior to 2.4.46-lp152.14.3.1.",Released
20200610,CVE-2020-0181,5.3,7.5,1172802,libexif,https://www.suse.com/security/cve/CVE-2020-0181,"In exif_data_load_data_thumbnail of exif-data.c, there is a possible denial of service due to an integer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-145075076",Released
20200610,CVE-2020-0182,5.3,6.5,1172766,libexif,https://www.suse.com/security/cve/CVE-2020-0182,"In exif_entry_get_value of exif-entry.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-147140917",Unsupported
20200610,CVE-2020-0198,5.3,7.5,1172768,libexif,https://www.suse.com/security/cve/CVE-2020-0198,"In exif_data_load_data_content of exif-data.c, there is a possible UBSAN abort due to an integer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-146428941",Released
20200610,CVE-2020-13974,6.2,7.8,1172775,kernel-source,https://www.suse.com/security/cve/CVE-2020-13974,"An issue was discovered in the Linux kernel 4.4 through 5.7.1. drivers/tty/vt/keyboard.c has an integer overflow if k_ascii is called several times in a row, aka CID-b86dab054059. NOTE: Members in the community argue that the integer overflow does not lead to a security issue in this case.",Released
20200615,CVE-2020-14093,7.5,5.9,1172906,mutt,https://www.suse.com/security/cve/CVE-2020-14093,"Mutt before 1.14.3 allows an IMAP fcc/postpone man-in-the-middle attack via a PREAUTH response.",Released
20200616,CVE-2020-10773,2.5,4.4,1172999,kernel-source,https://www.suse.com/security/cve/CVE-2020-10773,"A stack information leak flaw was found in s390/s390x in the Linux kernel’s memory manager functionality, where it incorrectly writes to the /proc/sys/vm/cmm_timeout file. This flaw allows a local user to see the kernel data.",Released
20200616,CVE-2020-14151,,,1096209,jpeg,https://www.suse.com/security/cve/CVE-2020-14151,"** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-11813. Reason: This candidate is a duplicate of CVE-2018-11813. Notes: All CVE users should reference [ID] instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.",Released
20200616,CVE-2020-14152,6.1,7.1,1096209,jpeg,https://www.suse.com/security/cve/CVE-2020-14152,"In IJG JPEG (aka libjpeg) before 9d, jpeg_mem_available() in jmemnobs.c in djpeg does not honor the max_memory_to_use setting, possibly causing excessive memory consumption.",Released
20200616,CVE-2020-14153,,7.1,1172996,jpeg,https://www.suse.com/security/cve/CVE-2020-14153,"In IJG JPEG (aka libjpeg) from version 8 through 9c, jdhuff.c has an out-of-bounds array read for certain table pointers.",Ignore
20200616,CVE-2020-14154,4.3,4.8,1172906,mutt,https://www.suse.com/security/cve/CVE-2020-14154,"Mutt before 1.14.3 proceeds with a connection even if, in response to a GnuTLS certificate prompt, the user rejects an expired intermediate certificate.",Released
20200616,CVE-2020-14155,6.2,5.3,1172974,pcre,https://www.suse.com/security/cve/CVE-2020-14155,"libpcre in PCRE before 8.44 allows an integer overflow via a large number after a (?C substring.",Ignore
20200617,CVE-2020-8177,8.1,7.8,1173027,curl,https://www.suse.com/security/cve/CVE-2020-8177,"curl 7.20.0 through 7.70.0 is vulnerable to improper restriction of names for files and other resources that can lead too overwriting a local file when the -J flag is used.",Released
20200618,CVE-2020-14416,6.4,4.2,1162002,kernel-source,https://www.suse.com/security/cve/CVE-2020-14416,"In the Linux kernel before 5.4.16, a race condition in tty->disc_data handling in the slip and slcan line discipline could lead to a use-after-free, aka CID-0ace17d56824. This affects drivers/net/slip/slip.c and drivers/net/can/slcan.c.",Released
20200619,CVE-2020-10745,7.5,7.5,1173160,samba,https://www.suse.com/security/cve/CVE-2020-10745,"A flaw was found in all Samba versions before 4.10.17, before 4.11.11 and before 4.12.4 in the way it processed NetBios over TCP/IP. This flaw allows a remote attacker could to cause the Samba server to consume excessive CPU use, resulting in a denial of service. This highest threat from this vulnerability is to system availability.",Released
20200622,CVE-2020-14954,7.4,5.9,1173197,mutt,https://www.suse.com/security/cve/CVE-2020-14954,"Mutt before 1.14.4 and NeoMutt before 2020-06-19 have a STARTTLS buffering issue that affects IMAP, SMTP, and POP3. When a server sends a \"begin TLS\" response, the client reads additional data (e.g., from a man-in-the-middle attacker) and evaluates it in a TLS context, aka \"response injection.\"",Released
20200623,CVE-2020-10769,5.5,5.5,1173265,kernel-source,https://www.suse.com/security/cve/CVE-2020-10769,"A buffer over-read flaw was found in RH kernel versions before 5.0 in crypto_authenc_extractkeys in crypto/authenc.c in the IPsec Cryptographic algorithm's module, authenc. When a payload longer than 4 bytes, and is not following 4-byte alignment boundary guidelines, it causes a buffer over-read threat, leading to a system crash. This flaw allows a local attacker with user privileges to cause a denial of service.",Released
20200623,CVE-2020-12062,,7.5,1173249,openssh,https://www.suse.com/security/cve/CVE-2020-12062,"** DISPUTED ** The scp client in OpenSSH 8.2 incorrectly sends duplicate responses to the server upon a utimes system call failure, which allows a malicious unprivileged user on the remote server to overwrite arbitrary files in the client's download directory by creating a crafted subdirectory anywhere on the remote server. The victim must use the command scp -rp to download a file hierarchy containing, anywhere inside, this crafted subdirectory. NOTE: the vendor points out that \"this attack can achieve no more than a hostile peer is already able to achieve within the scp protocol\" and \"utimes does not fail under normal circumstances.\"",Ignore
20200624,CVE-2020-14058,8.6,7.5,1173303,squid3,https://www.suse.com/security/cve/CVE-2020-14058,"An issue was discovered in Squid before 4.12 and 5.x before 5.0.3. Due to use of a potentially dangerous function, Squid and the default certificate validation helper are vulnerable to a Denial of Service when opening a TLS connection to an attacker-controlled server for HTTPS. This occurs because unrecognized error values are mapped to NULL, but later code expects that each error value is mapped to a valid error string.",Released
20200624,CVE-2020-14059,6.3,6.5,1173303,squid3,https://www.suse.com/security/cve/CVE-2020-14059,"An issue was discovered in Squid 5.x before 5.0.3. Due to an Incorrect Synchronization, a Denial of Service can occur when processing objects in an SMP cache because of an Ipc::Mem::PageStack::pop ABA problem during access to the memory page/slot management list.",Released
20200624,CVE-2020-14304,2.3,4.4,1173327,kernel-source,https://www.suse.com/security/cve/CVE-2020-14304,"A memory disclosure flaw was found in the Linux kernel's ethernet drivers, in the way it read data from the EEPROM of the device. This flaw allows a local user to read uninitialized values from the kernel memory. The highest threat from this vulnerability is to confidentiality.",Ignore
20200625,CVE-2020-15011,6.5,4.3,1173369,mailman,https://www.suse.com/security/cve/CVE-2020-15011,"GNU Mailman before 2.1.33 allows arbitrary content injection via the Cgi/private.py private archive login page.",Released
20200625,CVE-2020-15025,5.3,4.9,1173334,ntp,https://www.suse.com/security/cve/CVE-2020-15025,"ntpd in ntp 4.2.8 before 4.2.8p15 and 4.3.x before 4.3.101 allows remote attackers to cause a denial of service (memory consumption) by sending packets, because memory is not freed in situations where a CMAC key is used and associated with a CMAC algorithm in the ntp.keys file.",Released
20200629,CVE-2020-15049,8.5,8.8,1173455,squid3,https://www.suse.com/security/cve/CVE-2020-15049,"An issue was discovered in http/ContentLengthInterpreter.cc in Squid before 4.12 and 5.x before 5.0.3. A Request Smuggling and Poisoning attack can succeed against the HTTP cache. The client sends an HTTP request with a Content-Length header containing \"+\ \"-\" or an uncommon shell whitespace character prefix to the length field-value.",Released
20200629,CVE-2020-15049,8.5,8.8,1173455,squid,https://www.suse.com/security/cve/CVE-2020-15049,"An issue was discovered in http/ContentLengthInterpreter.cc in Squid before 4.12 and 5.x before 5.0.3. A Request Smuggling and Poisoning attack can succeed against the HTTP cache. The client sends an HTTP request with a Content-Length header containing \"+\ \"-\" or an uncommon shell whitespace character prefix to the length field-value.",Unsupported
20200630,CVE-2020-14145,5.9,5.9,1173513,openssh,https://www.suse.com/security/cve/CVE-2020-14145,"The client side in OpenSSH 5.7 through 8.4 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle attackers to target initial connection attempts (where no host key for the server has been cached by the client). NOTE: some reports state that 8.5 and 8.6 are also affected.",Unsupported
20200630,CVE-2020-15393,4.4,5.5,1173514,kernel-bigmem,https://www.suse.com/security/cve/CVE-2020-15393,"In the Linux kernel 4.4 through 5.7.6, usbtest_disconnect in drivers/usb/misc/usbtest.c has a memory leak, aka CID-28ebeb8db770.",Released
20200630,CVE-2020-15393,4.4,5.5,1173514,kernel-default,https://www.suse.com/security/cve/CVE-2020-15393,"In the Linux kernel 4.4 through 5.7.6, usbtest_disconnect in drivers/usb/misc/usbtest.c has a memory leak, aka CID-28ebeb8db770.",Released
20200630,CVE-2020-15393,4.4,5.5,1173514,kernel-ec2,https://www.suse.com/security/cve/CVE-2020-15393,"In the Linux kernel 4.4 through 5.7.6, usbtest_disconnect in drivers/usb/misc/usbtest.c has a memory leak, aka CID-28ebeb8db770.",Released
20200630,CVE-2020-15393,4.4,5.5,1173514,kernel-pae,https://www.suse.com/security/cve/CVE-2020-15393,"In the Linux kernel 4.4 through 5.7.6, usbtest_disconnect in drivers/usb/misc/usbtest.c has a memory leak, aka CID-28ebeb8db770.",Released
20200630,CVE-2020-15393,4.4,5.5,1173514,kernel-ppc64,https://www.suse.com/security/cve/CVE-2020-15393,"In the Linux kernel 4.4 through 5.7.6, usbtest_disconnect in drivers/usb/misc/usbtest.c has a memory leak, aka CID-28ebeb8db770.",Released
20200630,CVE-2020-15393,4.4,5.5,1173514,kernel-source,https://www.suse.com/security/cve/CVE-2020-15393,"In the Linux kernel 4.4 through 5.7.6, usbtest_disconnect in drivers/usb/misc/usbtest.c has a memory leak, aka CID-28ebeb8db770.",Released
20200630,CVE-2020-15393,4.4,5.5,1173514,kernel-syms,https://www.suse.com/security/cve/CVE-2020-15393,"In the Linux kernel 4.4 through 5.7.6, usbtest_disconnect in drivers/usb/misc/usbtest.c has a memory leak, aka CID-28ebeb8db770.",Released
20200630,CVE-2020-15393,4.4,5.5,1173514,kernel-trace,https://www.suse.com/security/cve/CVE-2020-15393,"In the Linux kernel 4.4 through 5.7.6, usbtest_disconnect in drivers/usb/misc/usbtest.c has a memory leak, aka CID-28ebeb8db770.",Released
20200630,CVE-2020-15393,4.4,5.5,1173514,kernel-xen,https://www.suse.com/security/cve/CVE-2020-15393,"In the Linux kernel 4.4 through 5.7.6, usbtest_disconnect in drivers/usb/misc/usbtest.c has a memory leak, aka CID-28ebeb8db770.",Released
20200701,CVE-2020-4044,7.1,7.8,1173580,xrdp,https://www.suse.com/security/cve/CVE-2020-4044,"The xrdp-sesman service before version 0.9.13.1 can be crashed by connecting over port 3350 and supplying a malicious payload. Once the xrdp-sesman process is dead, an unprivileged attacker on the server could then proceed to start their own imposter sesman service listening on port 3350. This will allow them to capture any user credentials that are submitted to XRDP and approve or reject arbitrary login credentials. For xorgxrdp sessions in particular, this allows an unauthorized user to hijack an existing session. This is a buffer overflow attack, so there may be a risk of arbitrary code execution as well.",Unsupported
20200701,CVE-2020-8696,2.5,5.5,1173592,microcode_ctl,https://www.suse.com/security/cve/CVE-2020-8696,"Improper removal of sensitive information before storage or transfer in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.",Released
20200701,CVE-2020-8698,2.5,5.5,1173594,microcode_ctl,https://www.suse.com/security/cve/CVE-2020-8698,"Improper isolation of shared resources in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.",Released
20200702,CVE-2020-14312,4,5.9,1173646,dnsmasq,https://www.suse.com/security/cve/CVE-2020-14312,"A flaw was found in the default configuration of dnsmasq, as shipped with Fedora versions prior to 31 and in all versions Red Hat Enterprise Linux, where it listens on any interface and accepts queries from addresses outside of its local subnet. In particular, the option `local-service` is not enabled. Running dnsmasq in this manner may inadvertently make it an open resolver accessible from any address on the internet. This flaw allows an attacker to conduct a Distributed Denial of Service (DDoS) against other systems.",Unsupported
20200702,CVE-2020-15469,6,2.3,1173612,kvm,https://www.suse.com/security/cve/CVE-2020-15469,"In QEMU 4.2.0, a MemoryRegionOps object may lack read/write callback methods, leading to a NULL pointer dereference.",Released
20200703,CVE-2020-14397,6.5,7.5,1173477,LibVNCServer,https://www.suse.com/security/cve/CVE-2020-14397,"An issue was discovered in LibVNCServer before 0.9.13. libvncserver/rfbregion.c has a NULL pointer dereference.",Released
20200703,CVE-2020-14400,4.3,7.5,1173477,LibVNCServer,https://www.suse.com/security/cve/CVE-2020-14400,"** DISPUTED ** An issue was discovered in LibVNCServer before 0.9.13. Byte-aligned data is accessed through uint16_t pointers in libvncserver/translate.c. NOTE: Third parties do not consider this to be a vulnerability as there is no known path of exploitation or cross of a trust boundary.",Released
20200703,CVE-2020-14401,6.5,6.5,1173477,LibVNCServer,https://www.suse.com/security/cve/CVE-2020-14401,"An issue was discovered in LibVNCServer before 0.9.13. libvncserver/scale.c has a pixel_value integer overflow.",Released
20200703,CVE-2020-14404,6.3,5.4,1173701,LibVNCServer,https://www.suse.com/security/cve/CVE-2020-14404,"An issue was discovered in LibVNCServer before 0.9.13. libvncserver/rre.c allows out-of-bounds access via encodings.",Released
20200703,CVE-2020-14405,7.5,6.5,1170441,LibVNCServer,https://www.suse.com/security/cve/CVE-2020-14405,"An issue was discovered in LibVNCServer before 0.9.13. libvncclient/rfbproto.c does not limit TextChat size.",Already fixed
20200706,CVE-2020-14399,4.3,7.5,1173477,LibVNCServer,https://www.suse.com/security/cve/CVE-2020-14399,"** DISPUTED ** An issue was discovered in LibVNCServer before 0.9.13. Byte-aligned data is accessed through uint32_t pointers in libvncclient/rfbproto.c. NOTE: there is reportedly \"no trust boundary crossed.\"",Released
20200706,CVE-2020-14402,6.3,5.4,1173477,LibVNCServer,https://www.suse.com/security/cve/CVE-2020-14402,"An issue was discovered in LibVNCServer before 0.9.13. libvncserver/corre.c allows out-of-bounds access via encodings.",Released
20200706,CVE-2020-14403,6.3,5.4,1173701,LibVNCServer,https://www.suse.com/security/cve/CVE-2020-14403,"An issue was discovered in LibVNCServer before 0.9.13. libvncserver/hextile.c allows out-of-bounds access via encodings.",Released
20200706,CVE-2020-15565,7.9,8.8,1173378,xen,https://www.suse.com/security/cve/CVE-2020-15565,"An issue was discovered in Xen through 4.13.x, allowing x86 Intel HVM guest OS users to cause a host OS denial of service or possibly gain privileges because of insufficient cache write-back under VT-d. When page tables are shared between IOMMU and CPU, changes to them require flushing of both TLBs. Furthermore, IOMMUs may be non-coherent, and hence prior to flushing IOMMU TLBs, a CPU cache also needs writing back to memory after changes were made. Such writing back of cached data was missing in particular when splitting large page mappings into smaller granularity ones. A malicious guest may be able to retain read/write DMA access to frames returned to Xen's free pool, and later reused for another purpose. Host crashes (leading to a Denial of Service) and privilege escalation cannot be ruled out. Xen versions from at least 3.2 onwards are affected. Only x86 Intel systems are affected. x86 AMD as well as Arm systems are not affected. Only x86 HVM guests using hardware assisted paging (HAP), having a passed through PCI device assigned, and having page table sharing enabled can leverage the vulnerability. Note that page table sharing will be enabled (by default) only if Xen considers IOMMU and CPU large page size support compatible.",Released
20200706,CVE-2020-15567,6.4,7.8,1173380,xen,https://www.suse.com/security/cve/CVE-2020-15567,"An issue was discovered in Xen through 4.13.x, allowing Intel guest OS users to gain privileges or cause a denial of service because of non-atomic modification of a live EPT PTE. When mapping guest EPT (nested paging) tables, Xen would in some circumstances use a series of non-atomic bitfield writes. Depending on the compiler version and optimisation flags, Xen might expose a dangerous partially written PTE to the hardware, which an attacker might be able to race to exploit. A guest administrator or perhaps even an unprivileged guest user might be able to cause denial of service, data corruption, or privilege escalation. Only systems using Intel CPUs are vulnerable. Systems using AMD CPUs, and Arm systems, are not vulnerable. Only systems using nested paging (hap, aka nested paging, aka in this case Intel EPT) are vulnerable. Only HVM and PVH guests can exploit the vulnerability. The presence and scope of the vulnerability depends on the precise optimisations performed by the compiler used to build Xen. If the compiler generates (a) a single 64-bit write, or (b) a series of read-modify-write operations in the same order as the source code, the hypervisor is not vulnerable. For example, in one test build using GCC 8.3 with normal settings, the compiler generated multiple (unlocked) read-modify-write operations in source-code order, which did not constitute a vulnerability. We have not been able to survey compilers; consequently we cannot say which compiler(s) might produce vulnerable code (with which code-generation options). The source code clearly violates the C rules, and thus should be considered vulnerable.",Released
20200707,CVE-2020-14308,6.4,6.4,1168994,grub2,https://www.suse.com/security/cve/CVE-2020-14308,"In grub2 versions before 2.06 the grub memory allocator doesn't check for possible arithmetic overflows on the requested allocation size. This leads the function to return invalid memory allocations which can be further used to cause possible integrity, confidentiality and availability impacts during the boot process.",Released
20200707,CVE-2020-14309,5.7,6.7,1168994,grub2,https://www.suse.com/security/cve/CVE-2020-14309,"There's an issue with grub2 in all versions before 2.06 when handling squashfs filesystems containing a symbolic link with name length of UINT32 bytes in size. The name size leads to an arithmetic overflow leading to a zero-size allocation further causing a heap-based buffer overflow with attacker controlled data.",Released
20200707,CVE-2020-14310,5.7,6,1168994,grub2,https://www.suse.com/security/cve/CVE-2020-14310,"There is an issue on grub2 before version 2.06 at function read_section_as_string(). It expects a font name to be at max UINT32_MAX - 1 length in bytes but it doesn't verify it before proceed with buffer allocation to read the value from the font value. An attacker may leverage that by crafting a malicious font file which has a name with UINT32_MAX, leading to read_section_as_string() to an arithmetic overflow, zero-sized allocation and further heap-based buffer overflow.",Released
20200707,CVE-2020-14311,5.7,6,1168994,grub2,https://www.suse.com/security/cve/CVE-2020-14311,"There is an issue with grub2 before version 2.06 while handling symlink on ext filesystems. A filesystem containing a symbolic link with an inode size of UINT32_MAX causes an arithmetic overflow leading to a zero-sized memory allocation with subsequent heap-based buffer overflow.",Released
20200708,CVE-2020-14318,4.3,4.3,1173902,samba-doc,https://www.suse.com/security/cve/CVE-2020-14318,"A flaw was found in the way samba handled file and directory permissions. An authenticated user could use this flaw to gain access to certain file and directory information which otherwise would be unavailable to the attacker.",Released
20200708,CVE-2020-14318,4.3,4.3,1173902,samba,https://www.suse.com/security/cve/CVE-2020-14318,"A flaw was found in the way samba handled file and directory permissions. An authenticated user could use this flaw to gain access to certain file and directory information which otherwise would be unavailable to the attacker.",Released
20200708,CVE-2020-14398,6.5,7.5,1173477,LibVNCServer,https://www.suse.com/security/cve/CVE-2020-14398,"An issue was discovered in LibVNCServer before 0.9.13. An improperly closed TCP connection causes an infinite loop in libvncclient/sockets.c.",Released
20200710,CVE-2020-14323,5,5.5,1173994,samba-doc,https://www.suse.com/security/cve/CVE-2020-14323,"A null pointer dereference flaw was found in samba's Winbind service in versions before 4.11.15, before 4.12.9 and before 4.13.1. A local user could use this flaw to crash the winbind service causing denial of service.",Released
20200710,CVE-2020-14323,5,5.5,1173994,samba,https://www.suse.com/security/cve/CVE-2020-14323,"A null pointer dereference flaw was found in samba's Winbind service in versions before 4.11.15, before 4.12.9 and before 4.13.1. A local user could use this flaw to crash the winbind service causing denial of service.",Released
20200713,CVE-2019-20907,5.3,7.5,1174091,python,https://www.suse.com/security/cve/CVE-2019-20907,"In Lib/tarfile.py in Python through 3.8.3, an attacker is able to craft a TAR archive leading to an infinite loop when opened by tarfile.open, because _proc_pax lacks header validation.",Released
20200714,CVE-2020-15701,5.5,5.5,1174108,apport-crashdb-sle,https://www.suse.com/security/cve/CVE-2020-15701,"An unhandled exception in check_ignored() in apport/report.py can be exploited by a local attacker to cause a denial of service. If the mtime attribute is a string value in apport-ignore.xml, it will trigger an unhandled exception, resulting in a crash. Fixed in 2.20.1-0ubuntu2.24, 2.20.9-0ubuntu7.16, 2.20.11-0ubuntu27.6.",Released
20200714,CVE-2020-15701,5.5,5.5,1174108,apport,https://www.suse.com/security/cve/CVE-2020-15701,"An unhandled exception in check_ignored() in apport/report.py can be exploited by a local attacker to cause a denial of service. If the mtime attribute is a string value in apport-ignore.xml, it will trigger an unhandled exception, resulting in a crash. Fixed in 2.20.1-0ubuntu2.24, 2.20.9-0ubuntu7.16, 2.20.11-0ubuntu27.6.",Released
20200715,CVE-2020-14556,4.8,4.8,1174157,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2020-14556,"Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).",Released
20200715,CVE-2020-14562,5.3,5.3,1174157,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2020-14562,"Vulnerability in the Java SE product of Oracle Java SE (component: ImageIO). Supported versions that are affected are Java SE: 11.0.7 and 14.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).",Released
20200715,CVE-2020-14573,3.7,3.7,1174157,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2020-14573,"Vulnerability in the Java SE product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Java SE: 11.0.7 and 14.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).",Released
20200715,CVE-2020-14577,3.7,3.7,1174157,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2020-14577,"Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).",Released
20200715,CVE-2020-14578,3.7,3.7,1174157,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2020-14578,"Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u261 and 8u251; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).",Released
20200715,CVE-2020-14579,3.7,3.7,1174157,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2020-14579,"Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u261 and 8u251; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).",Released
20200715,CVE-2020-14581,3.7,3.7,1174157,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2020-14581,"Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).",Released
20200715,CVE-2020-14583,8.3,8.3,1174157,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2020-14583,"Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).",Released
20200715,CVE-2020-14593,7.4,7.4,1174157,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2020-14593,"Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 7.4 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N).",Released
20200715,CVE-2020-14621,5.3,5.3,1174157,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2020-14621,"Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JAXP). Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).",Released
20200715,CVE-2020-14664,8.3,8.3,1174157,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2020-14664,"Vulnerability in the Java SE product of Oracle Java SE (component: JavaFX). The supported version that is affected is Java SE: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).",Released
20200715,CVE-2020-15719,4.2,4.2,1174154,openldap2,https://www.suse.com/security/cve/CVE-2020-15719,"libldap in certain third-party OpenLDAP packages has a certificate-validation flaw when the third-party package is asserting RFC6125 support. It considers CN even when there is a non-matching subjectAltName (SAN). This is fixed in, for example, openldap-2.4.46-10.el8 in Red Hat Enterprise Linux.",Ignore
20200716,CVE-2020-14331,7.8,6.6,1174205,kernel-source,https://www.suse.com/security/cve/CVE-2020-14331,"A flaw was found in the Linux kernel’s implementation of the invert video code on VGA consoles when a local attacker attempts to resize the console, calling an ioctl VT_RESIZE, which causes an out-of-bounds write to occur. This flaw allows a local user with access to the VGA console to crash the system, potentially escalating their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",Released
20200717,CVE-2020-3350,6.3,5.5,1174250,clamav,https://www.suse.com/security/cve/CVE-2020-3350,"A vulnerability in the endpoint software of Cisco AMP for Endpoints and Clam AntiVirus could allow an authenticated, local attacker to cause the running software to delete arbitrary files on the system. The vulnerability is due to a race condition that could occur when scanning malicious files. An attacker with local shell access could exploit this vulnerability by executing a script that could trigger the race condition. A successful exploit could allow the attacker to delete arbitrary files on the system that the attacker would not normally have privileges to delete, producing system instability or causing the endpoint software to stop working.",Released
20200717,CVE-2020-3481,,7.5,1174250,clamav,https://www.suse.com/security/cve/CVE-2020-3481,"A vulnerability in the EGG archive parsing module in Clam AntiVirus (ClamAV) Software versions 0.102.0 - 0.102.3 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a null pointer dereference. An attacker could exploit this vulnerability by sending a crafted EGG file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process crash, resulting in a denial of service condition.",Released
20200720,CVE-2020-8026,,7.8,1172573,inn,https://www.suse.com/security/cve/CVE-2020-8026,"A Incorrect Default Permissions vulnerability in the packaging of inn in openSUSE Leap 15.2, openSUSE Tumbleweed, openSUSE Leap 15.1 allows local attackers with control of the new user to escalate their privileges to root. This issue affects: openSUSE Leap 15.2 inn version 2.6.2-lp152.1.26 and prior versions. openSUSE Tumbleweed inn version 2.6.2-4.2 and prior versions. openSUSE Leap 15.1 inn version 2.5.4-lp151.3.3.1 and prior versions.",Analysis
20200722,CVE-2020-15863,8.2,5.3,1174386,kvm,https://www.suse.com/security/cve/CVE-2020-15863,"hw/net/xgmac.c in the XGMAC Ethernet controller in QEMU before 07-20-2020 has a buffer overflow. This occurs during packet transmission and affects the highbank and midway emulated machines. A guest user or process could use this flaw to crash the QEMU process on the host, resulting in a denial of service or potential privileged code execution. This was fixed in commit 5519724a13664b43e225ca05351c60b4468e4555.",Released
20200722,CVE-2020-15888,7.3,8.8,1174367,lua,https://www.suse.com/security/cve/CVE-2020-15888,"Lua through 5.4.0 mishandles the interaction between stack resizes and garbage collection, leading to a heap-based buffer overflow, heap-based buffer over-read, or use-after-free.",Released
20200723,CVE-2019-2708,3.3,3.3,1174414,libdb-4_5,https://www.suse.com/security/cve/CVE-2019-2708,"Vulnerability in the Data Store component of Oracle Berkeley DB. Supported versions that are affected are Prior to 6.138, prior to 6.2.38 and prior to 18.1.32. Easily exploitable vulnerability allows low privileged attacker having Local Logon privilege with logon to the infrastructure where Data Store executes to compromise Data Store. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Data Store. CVSS 3.0 Base Score 3.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L).",Affected
20200723,CVE-2020-15705,7.8,6.4,1174421,grub2,https://www.suse.com/security/cve/CVE-2020-15705,"GRUB2 fails to validate kernel signature when booted directly without shim, allowing secure boot to be bypassed. This only affects systems where the kernel signing certificate has been imported directly into the secure boot database and the GRUB image is booted directly without the use of shim. This issue affects GRUB2 version 2.04 and prior versions.",Released
20200724,CVE-2020-0305,6.4,6.4,1174462,kernel-source,https://www.suse.com/security/cve/CVE-2020-0305,"In cdev_get of char_dev.c, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-153467744",Released
20200724,CVE-2020-14342,4.4,7,1174477,cifs-utils,https://www.suse.com/security/cve/CVE-2020-14342,"It was found that cifs-utils' mount.cifs was invoking a shell when requesting the Samba password, which could be used to inject arbitrary commands. An attacker able to invoke mount.cifs with special permission, such as via sudo rules, could use this flaw to escalate their privileges.",Unsupported
20200724,CVE-2020-15706,6.4,6.4,1174463,grub2,https://www.suse.com/security/cve/CVE-2020-15706,"GRUB2 contains a race condition in grub_script_function_create() leading to a use-after-free vulnerability which can be triggered by redefining a function whilst the same function is already executing, leading to arbitrary code execution and secure boot restriction bypass. This issue affects GRUB2 version 2.04 and prior versions.",Released
20200727,CVE-2020-15707,,6.4,1174570,grub2,https://www.suse.com/security/cve/CVE-2020-15707,"Integer overflows were discovered in the functions grub_cmd_initrd and grub_initrd_init in the efilinux component of GRUB2, as shipped in Debian, Red Hat, and Ubuntu (the functionality is not included in GRUB2 upstream), leading to a heap-based buffer overflow. These could be triggered by an extremely large number of arguments to the initrd command on 32-bit architectures, or a crafted filesystem with very large files on any architecture. An attacker could use this to execute arbitrary code and bypass UEFI Secure Boot restrictions. This issue affects GRUB2 version 2.04 and prior versions.",Released
20200727,CVE-2020-15778,7.8,7.8,1174515,openssh,https://www.suse.com/security/cve/CVE-2020-15778,"** DISPUTED ** scp in OpenSSH through 8.3p1 allows command injection in the scp.c toremote function, as demonstrated by backtick characters in the destination argument. NOTE: the vendor reportedly has stated that they intentionally omit validation of \"anomalous argument transfers\" because that could \"stand a great chance of breaking existing workflows.\"",Ignore
20200729,CVE-2020-14344,6.7,6.7,1174628,xorg-x11-libX11,https://www.suse.com/security/cve/CVE-2020-14344,"An integer overflow leading to a heap-buffer overflow was found in The X Input Method (XIM) client was implemented in libX11 before version 1.6.10. As per upstream this is security relevant when setuid programs call XIM client functions while running with elevated privileges. No such programs are shipped with Red Hat Enterprise Linux.",Released
20200729,CVE-2020-14345,7.8,7.8,1174635,xorg-x11-server,https://www.suse.com/security/cve/CVE-2020-14345,"A flaw was found in X.Org Server before xorg-x11-server 1.20.9. An Out-Of-Bounds access in XkbSetNames function may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",Released
20200729,CVE-2020-14347,5.5,5.5,1174633,xorg-x11-server,https://www.suse.com/security/cve/CVE-2020-14347,"A flaw was found in the way xserver memory was not properly initialized. This could leak parts of server memory to the X client. In cases where Xorg server runs with elevated privileges, this could result in possible ASLR bypass. Xorg-server before version 1.20.9 is vulnerable.",Released
20200731,CVE-2020-16166,5.9,3.7,1174757,kernel-source,https://www.suse.com/security/cve/CVE-2020-16166,"The Linux kernel through 5.7.11 allows remote attackers to make observations that help to obtain sensitive information about the internal state of the network RNG, aka CID-f227e3ec3b5c. This is related to drivers/char/random.c and kernel/time/timer.c.",Ignore
20200805,CVE-2020-11936,2.5,,1174890,apport,https://www.suse.com/security/cve/CVE-2020-11936,"** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.",Affected
20200806,CVE-2020-0255,6.8,,1174963,kernel-source,https://www.suse.com/security/cve/CVE-2020-0255,"** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2020-10751. Reason: This candidate is a duplicate of CVE-2020-10751. Notes: All CVE users should reference CVE-2020-10751 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.",Won't fix
20200806,CVE-2020-15862,8.8,7.8,1174961,net-snmp,https://www.suse.com/security/cve/CVE-2020-15862,"Net-SNMP through 5.8 has Improper Privilege Management because SNMP WRITE access to the EXTEND MIB provides the ability to run arbitrary commands as root.",Released
20200807,CVE-2020-14353,4.4,,1174993,kernel-source,https://www.suse.com/security/cve/CVE-2020-14353,"** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-18270. Reason: This candidate is a duplicate of CVE-2017-18270. Notes: All CVE users should reference CVE-2017-18270 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.",Released
20200811,CVE-2020-8231,3.7,7.5,1175109,curl,https://www.suse.com/security/cve/CVE-2020-8231,"Due to use of a dangling pointer, libcurl 7.29.0 through 7.71.1 can use the wrong connection when sending data.",Released
20200813,CVE-2020-14360,7.8,7.8,1174908,xorg-x11-server,https://www.suse.com/security/cve/CVE-2020-14360,"A flaw was found in the X.Org Server before version 1.20.10. An out-of-bounds access in the XkbSetMap function may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",Released
20200813,CVE-2020-14361,7.8,7.8,1174635,xorg-x11-server,https://www.suse.com/security/cve/CVE-2020-14361,"A flaw was found in X.Org Server before xorg-x11-server 1.20.9. An Integer underflow leading to heap-buffer overflow may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",Released
20200813,CVE-2020-14362,7.8,7.8,1174635,xorg-x11-server,https://www.suse.com/security/cve/CVE-2020-14362,"A flaw was found in X.Org Server before xorg-x11-server 1.20.9. An Integer underflow leading to heap-buffer overflow may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",Released
20200813,CVE-2020-14363,7.8,7.8,1175239,xorg-x11-libX11,https://www.suse.com/security/cve/CVE-2020-14363,"An integer overflow vulnerability leading to a double-free was found in libX11. This flaw allows a local privileged attacker to cause an application compiled with libX11 to crash, or in some cases, result in arbitrary code execution. The highest threat from this flaw is to confidentiality, integrity as well as system availability.",Released
20200813,CVE-2020-7068,4,3.6,1175203,php53,https://www.suse.com/security/cve/CVE-2020-7068,"In PHP versions 7.2.x below 7.2.33, 7.3.x below 7.3.21 and 7.4.x below 7.4.9, while processing PHAR files using phar extension, phar_parse_zipfile could be tricked into accessing freed memory, which could lead to a crash or information disclosure.",Released
20200814,CVE-2019-17639,,5.3,1175259,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2019-17639,"In Eclipse OpenJ9 prior to version 0.21 on Power platforms, calling the System.arraycopy method with a length longer than the length of the source or destination array can, in certain specially crafted code patterns, cause the current method to return prematurely with an undefined return value. This allows whatever value happens to be in the return register at that time to be used as if it matches the method's declared return type.",Released
20200814,CVE-2020-24330,7.8,7.8,1164472,trousers,https://www.suse.com/security/cve/CVE-2020-24330,"An issue was discovered in TrouSerS through 0.3.14. If the tcsd daemon is started with root privileges instead of by the tss user, it fails to drop the root gid privilege when no longer needed.",Released
20200817,CVE-2020-24331,7.8,7.8,1164472,trousers,https://www.suse.com/security/cve/CVE-2020-24331,"An issue was discovered in TrouSerS through 0.3.14. If the tcsd daemon is started with root privileges, the tss user still has read and write access to the /etc/tcsd.conf file (which contains various settings related to this daemon).",Released
20200817,CVE-2020-24332,5.5,5.5,1164472,trousers,https://www.suse.com/security/cve/CVE-2020-24332,"An issue was discovered in TrouSerS through 0.3.14. If the tcsd daemon is started with root privileges, the creation of the system.data file is prone to symlink attacks. The tss user can be used to create or corrupt existing files, which could possibly lead to a DoS attack.",Released
20200818,CVE-2020-14364,5,5,1175441,kvm,https://www.suse.com/security/cve/CVE-2020-14364,"An out-of-bounds read/write access flaw was found in the USB emulator of the QEMU in versions before 5.2.0. This issue occurs while processing USB packets from a guest when USBDevice 'setup_len' exceeds its 'data_buf[4096]' in the do_token_in, do_token_out routines. This flaw allows a guest user to crash the QEMU process, resulting in a denial of service, or the potential execution of arbitrary code with the privileges of the QEMU process on the host.",Released
20200818,CVE-2020-14364,5,5,1175441,xen,https://www.suse.com/security/cve/CVE-2020-14364,"An out-of-bounds read/write access flaw was found in the USB emulator of the QEMU in versions before 5.2.0. This issue occurs while processing USB packets from a guest when USBDevice 'setup_len' exceeds its 'data_buf[4096]' in the do_token_in, do_token_out routines. This flaw allows a guest user to crash the QEMU process, resulting in a denial of service, or the potential execution of arbitrary code with the privileges of the QEMU process on the host.",Released
20200824,CVE-2020-15810,9.6,6.5,1175664,squid3,https://www.suse.com/security/cve/CVE-2020-15810,"An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. Due to incorrect data validation, HTTP Request Smuggling attacks may succeed against HTTP and HTTPS traffic. This leads to cache poisoning. This allows any client, including browser scripts, to bypass local security and poison the proxy cache and any downstream caches with content from an arbitrary source. When configured for relaxed header parsing (the default), Squid relays headers containing whitespace characters to upstream servers. When this occurs as a prefix to a Content-Length header, the frame length specified will be ignored by Squid (allowing for a conflicting length to be used from another Content-Length header) but relayed upstream.",Released
20200824,CVE-2020-15810,9.6,6.5,1175664,squid,https://www.suse.com/security/cve/CVE-2020-15810,"An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. Due to incorrect data validation, HTTP Request Smuggling attacks may succeed against HTTP and HTTPS traffic. This leads to cache poisoning. This allows any client, including browser scripts, to bypass local security and poison the proxy cache and any downstream caches with content from an arbitrary source. When configured for relaxed header parsing (the default), Squid relays headers containing whitespace characters to upstream servers. When this occurs as a prefix to a Content-Length header, the frame length specified will be ignored by Squid (allowing for a conflicting length to be used from another Content-Length header) but relayed upstream.",Released
20200824,CVE-2020-15811,9.6,6.5,1175665,squid3,https://www.suse.com/security/cve/CVE-2020-15811,"An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. Due to incorrect data validation, HTTP Request Splitting attacks may succeed against HTTP and HTTPS traffic. This leads to cache poisoning. This allows any client, including browser scripts, to bypass local security and poison the browser cache and any downstream caches with content from an arbitrary source. Squid uses a string search instead of parsing the Transfer-Encoding header to find chunked encoding. This allows an attacker to hide a second request inside Transfer-Encoding: it is interpreted by Squid as chunked and split out into a second request delivered upstream. Squid will then deliver two distinct responses to the client, corrupting any downstream caches.",Released
20200825,CVE-2020-16287,5.5,5.5,1175719,ghostscript-library,https://www.suse.com/security/cve/CVE-2020-16287,"A buffer overflow vulnerability in lprn_is_black() in contrib/lips4/gdevlprn.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.",Ignore
20200825,CVE-2020-16288,5.5,5.5,1175719,ghostscript-library,https://www.suse.com/security/cve/CVE-2020-16288,"A buffer overflow vulnerability in pj_common_print_page() in devices/gdevpjet.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.",Ignore
20200825,CVE-2020-16289,5.5,5.5,1175719,ghostscript-library,https://www.suse.com/security/cve/CVE-2020-16289,"A buffer overflow vulnerability in cif_print_page() in devices/gdevcif.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.",Ignore
20200825,CVE-2020-16290,5.5,5.5,1175719,ghostscript-library,https://www.suse.com/security/cve/CVE-2020-16290,"A buffer overflow vulnerability in jetp3852_print_page() in devices/gdev3852.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.",Ignore
20200825,CVE-2020-16291,5.5,5.5,1175719,ghostscript-library,https://www.suse.com/security/cve/CVE-2020-16291,"A buffer overflow vulnerability in contrib/gdevdj9.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.",Ignore
20200825,CVE-2020-16292,5.5,5.5,1175719,ghostscript-library,https://www.suse.com/security/cve/CVE-2020-16292,"A buffer overflow vulnerability in mj_raster_cmd() in contrib/japanese/gdevmjc.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.",Ignore
20200825,CVE-2020-16293,5.5,5.5,1175719,ghostscript-library,https://www.suse.com/security/cve/CVE-2020-16293,"A null pointer dereference vulnerability in compose_group_nonknockout_nonblend_isolated_allmask_common() in base/gxblend.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.",Ignore
20200825,CVE-2020-16294,5.5,5.5,1175719,ghostscript-library,https://www.suse.com/security/cve/CVE-2020-16294,"A buffer overflow vulnerability in epsc_print_page() in devices/gdevepsc.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.",Ignore
20200825,CVE-2020-16295,5.5,5.5,1175719,ghostscript-library,https://www.suse.com/security/cve/CVE-2020-16295,"A null pointer dereference vulnerability in clj_media_size() in devices/gdevclj.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.",Ignore
20200825,CVE-2020-16296,5.5,5.5,1175719,ghostscript-library,https://www.suse.com/security/cve/CVE-2020-16296,"A buffer overflow vulnerability in GetNumWrongData() in contrib/lips4/gdevlips.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.",Ignore
20200825,CVE-2020-16297,5.5,5.5,1175719,ghostscript-library,https://www.suse.com/security/cve/CVE-2020-16297,"A buffer overflow vulnerability in FloydSteinbergDitheringC() in contrib/gdevbjca.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.",Ignore
20200825,CVE-2020-16298,5.5,5.5,1175719,ghostscript-library,https://www.suse.com/security/cve/CVE-2020-16298,"A buffer overflow vulnerability in mj_color_correct() in contrib/japanese/gdevmjc.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.",Ignore
20200825,CVE-2020-16299,5.5,5.5,1175719,ghostscript-library,https://www.suse.com/security/cve/CVE-2020-16299,"A Division by Zero vulnerability in bj10v_print_page() in contrib/japanese/gdev10v.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.",Ignore
20200825,CVE-2020-16300,5.5,5.5,1175719,ghostscript-library,https://www.suse.com/security/cve/CVE-2020-16300,"A buffer overflow vulnerability in tiff12_print_page() in devices/gdevtfnx.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.",Ignore
20200825,CVE-2020-16301,5.5,5.5,1175719,ghostscript-library,https://www.suse.com/security/cve/CVE-2020-16301,"A buffer overflow vulnerability in okiibm_print_page1() in devices/gdevokii.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.",Ignore
20200825,CVE-2020-16302,5.5,5.5,1175719,ghostscript-library,https://www.suse.com/security/cve/CVE-2020-16302,"A buffer overflow vulnerability in jetp3852_print_page() in devices/gdev3852.c of Artifex Software GhostScript v9.50 allows a remote attacker to escalate privileges via a crafted PDF file. This is fixed in v9.51.",Ignore
20200825,CVE-2020-16303,7.8,7.8,1175719,ghostscript-library,https://www.suse.com/security/cve/CVE-2020-16303,"A use-after-free vulnerability in xps_finish_image_path() in devices/vector/gdevxps.c of Artifex Software GhostScript v9.50 allows a remote attacker to escalate privileges via a crafted PDF file. This is fixed in v9.51.",Ignore
20200825,CVE-2020-16304,5.5,5.5,1175719,ghostscript-library,https://www.suse.com/security/cve/CVE-2020-16304,"A buffer overflow vulnerability in image_render_color_thresh() in base/gxicolor.c of Artifex Software GhostScript v9.50 allows a remote attacker to escalate privileges via a crafted eps file. This is fixed in v9.51.",Ignore
20200825,CVE-2020-16305,5.5,5.5,1175719,ghostscript-library,https://www.suse.com/security/cve/CVE-2020-16305,"A buffer overflow vulnerability in pcx_write_rle() in contrib/japanese/gdev10v.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.",Ignore
20200825,CVE-2020-16306,5.5,5.5,1175719,ghostscript-library,https://www.suse.com/security/cve/CVE-2020-16306,"A null pointer dereference vulnerability in devices/gdevtsep.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted postscript file. This is fixed in v9.51.",Ignore
20200825,CVE-2020-16307,5.5,5.5,1175719,ghostscript-library,https://www.suse.com/security/cve/CVE-2020-16307,"A null pointer dereference vulnerability in devices/vector/gdevtxtw.c and psi/zbfont.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted postscript file. This is fixed in v9.51.",Ignore
20200825,CVE-2020-16308,5.5,5.5,1175719,ghostscript-library,https://www.suse.com/security/cve/CVE-2020-16308,"A buffer overflow vulnerability in p_print_image() in devices/gdevcdj.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.",Ignore
20200825,CVE-2020-16309,5.5,5.5,1175719,ghostscript-library,https://www.suse.com/security/cve/CVE-2020-16309,"A buffer overflow vulnerability in lxm5700m_print_page() in devices/gdevlxm.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted eps file. This is fixed in v9.51.",Ignore
20200825,CVE-2020-16310,5.5,5.5,1175719,ghostscript-library,https://www.suse.com/security/cve/CVE-2020-16310,"A division by zero vulnerability in dot24_print_page() in devices/gdevdm24.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.",Ignore
20200825,CVE-2020-17538,5.5,5.5,1175719,ghostscript-library,https://www.suse.com/security/cve/CVE-2020-17538,"A buffer overflow vulnerability in GetNumSameData() in contrib/lips4/gdevlips.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.",Ignore
20200825,CVE-2020-24606,7.7,7.5,1175671,squid3,https://www.suse.com/security/cve/CVE-2020-24606,"Squid before 4.13 and 5.x before 5.0.4 allows a trusted peer to perform Denial of Service by consuming all available CPU cycles during handling of a crafted Cache Digest response message. This only occurs when cache_peer is used with the cache digests feature. The problem exists because peerDigestHandleReply() livelocking in peer_digest.cc mishandles EOF.",Released
20200825,CVE-2020-24606,7.7,7.5,1175671,squid,https://www.suse.com/security/cve/CVE-2020-24606,"Squid before 4.13 and 5.x before 5.0.4 allows a trusted peer to perform Denial of Service by consuming all available CPU cycles during handling of a crafted Cache Digest response message. This only occurs when cache_peer is used with the cache digests feature. The problem exists because peerDigestHandleReply() livelocking in peer_digest.cc mishandles EOF.",Unsupported
20200831,CVE-2020-14372,7.5,7.5,1175970,grub2,https://www.suse.com/security/cve/CVE-2020-14372,"A flaw was found in grub2 in versions prior to 2.06, where it incorrectly enables the usage of the ACPI command when Secure Boot is enabled. This flaw allows an attacker with privileged access to craft a Secondary System Description Table (SSDT) containing code to overwrite the Linux kernel lockdown variable content directly into memory. The table is further loaded and executed by the kernel, defeating its Secure Boot lockdown and allowing the attacker to load unsigned code. The highest threat from this vulnerability is to data confidentiality and integrity, as well as system availability.",Released
20200901,CVE-2020-14381,7.8,7.8,1176011,kernel-source,https://www.suse.com/security/cve/CVE-2020-14381,"A flaw was found in the Linux kernel’s futex implementation. This flaw allows a local attacker to corrupt system memory or escalate their privileges when creating a futex on a filesystem that is about to be unmounted. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.",Released
20200904,CVE-2020-24977,5.3,6.5,1176179,libxml2,https://www.suse.com/security/cve/CVE-2020-24977,"GNOME project libxml2 v2.9.10 has a global buffer over-read vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c. The issue has been fixed in commit 50f06b3e.",Released
20200904,CVE-2020-24977,5.3,6.5,1176179,libxml2-python,https://www.suse.com/security/cve/CVE-2020-24977,"GNOME project libxml2 v2.9.10 has a global buffer over-read vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c. The issue has been fixed in commit 50f06b3e.",Released
20200908,CVE-2020-14390,8.4,5.6,1176235,kernel-source,https://www.suse.com/security/cve/CVE-2020-14390,"A flaw was found in the Linux kernel in versions before 5.9-rc6. When changing screen size, an out-of-bounds memory write can occur leading to memory corruption or a denial of service. Due to the nature of the flaw, privilege escalation cannot be fully ruled out.",Released
20200909,CVE-2020-17507,7.5,5.3,1176315,libqt4-devel-doc,https://www.suse.com/security/cve/CVE-2020-17507,"An issue was discovered in Qt through 5.12.9, and 5.13.x through 5.15.x before 5.15.1. read_xbm_body in gui/image/qxbmhandler.cpp has a buffer over-read.",Released
20200909,CVE-2020-17507,7.5,5.3,1176315,libqt4,https://www.suse.com/security/cve/CVE-2020-17507,"An issue was discovered in Qt through 5.12.9, and 5.13.x through 5.15.x before 5.15.1. read_xbm_body in gui/image/qxbmhandler.cpp has a buffer over-read.",Released
20200909,CVE-2020-17507,7.5,5.3,1176315,libqt4-sql-plugins,https://www.suse.com/security/cve/CVE-2020-17507,"An issue was discovered in Qt through 5.12.9, and 5.13.x through 5.15.x before 5.15.1. read_xbm_body in gui/image/qxbmhandler.cpp has a buffer over-read.",Released
20200909,CVE-2020-1968,5.3,3.7,1176331,openssl,https://www.suse.com/security/cve/CVE-2020-1968,"The Raccoon attack exploits a flaw in the TLS specification which can lead to an attacker being able to compute the pre-master secret in connections which have used a Diffie-Hellman (DH) based ciphersuite. In such a case this would result in the attacker being able to eavesdrop on all encrypted communications sent over that TLS connection. The attack can only be exploited if an implementation re-uses a DH secret across multiple TLS connections. Note that this issue only impacts DH ciphersuites and not ECDH ciphersuites. This issue affects OpenSSL 1.0.2 which is out of support and no longer receiving public updates. OpenSSL 1.1.1 is not vulnerable to this issue. Fixed in OpenSSL 1.0.2w (Affected 1.0.2-1.0.2v).",Released
20200910,CVE-2020-0404,6.2,5.5,1176423,kernel-source,https://www.suse.com/security/cve/CVE-2020-0404,"In uvc_scan_chain_forward of uvc_driver.c, there is a possible linked list corruption due to an unusual root cause. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-111893654References: Upstream kernel",Released
20200910,CVE-2020-14392,7.4,5.5,1176412,perl-DBI,https://www.suse.com/security/cve/CVE-2020-14392,"An untrusted pointer dereference flaw was found in Perl-DBI < 1.643. A local attacker who is able to manipulate calls to dbd_db_login6_sv() could cause memory corruption, affecting the service's availability.",Released
20200910,CVE-2020-14393,8.4,7.1,1176409,perl-DBI,https://www.suse.com/security/cve/CVE-2020-14393,"A buffer overflow was found in perl-DBI < 1.643 in DBI.xs. A local attacker who is able to supply a string longer than 300 characters could cause an out-of-bounds write, affecting the availability of the service or integrity of data.",Released
20200910,CVE-2020-25211,5.9,6,1176395,kernel-source,https://www.suse.com/security/cve/CVE-2020-25211,"In the Linux kernel through 5.8.7, local attackers able to inject conntrack netlink configuration could overflow a local buffer, causing crashes or triggering use of incorrect protocol numbers in ctnetlink_parse_tuple_filter in net/netfilter/nf_conntrack_netlink.c, aka CID-1cc5ef91d2ff.",Released
20200911,CVE-2020-15802,6.3,5.9,1176442,kernel-source,https://www.suse.com/security/cve/CVE-2020-15802,"Devices supporting Bluetooth before 5.1 may allow man-in-the-middle attacks, aka BLURtooth. Cross Transport Key Derivation in Bluetooth Core Specification v4.2 and v5.0 may permit an unauthenticated user to establish a bonding with one transport, either LE or BR/EDR, and replace a bonding already established on the opposing transport, BR/EDR or LE, potentially overwriting an authenticated key with an unauthenticated key, or a key with greater entropy with one with less.",Unsupported
20200914,CVE-2013-7490,7,5.3,1176496,perl-DBI,https://www.suse.com/security/cve/CVE-2013-7490,"An issue was discovered in the DBI module before 1.632 for Perl. Using many arguments to methods for Callbacks may lead to memory corruption.",Released
20200914,CVE-2013-7491,7.8,5.3,1176493,perl-DBI,https://www.suse.com/security/cve/CVE-2013-7491,"An issue was discovered in the DBI module before 1.628 for Perl. Stack corruption occurs when a user-defined function requires a non-trivial amount of memory and the Perl stack gets reallocated.",Released
20200914,CVE-2014-10401,5.5,6.1,1176492,perl-DBI,https://www.suse.com/security/cve/CVE-2014-10401,"An issue was discovered in the DBI module before 1.632 for Perl. DBD::File drivers can open files from folders other than those specifically passed via the f_dir attribute.",Affected
20200914,CVE-2020-25284,6.7,4.1,1176482,kernel-source,https://www.suse.com/security/cve/CVE-2020-25284,"The rbd block device driver in drivers/block/rbd.c in the Linux kernel through 5.8.9 used incomplete permission checking for access to rbd devices, which could be leveraged by local attackers to map or unmap rbd block devices, aka CID-f44d04e696fe.",Released
20200914,CVE-2020-25285,6.7,6.4,1176485,kernel-source,https://www.suse.com/security/cve/CVE-2020-25285,"A race condition between hugetlb sysctl handlers in mm/hugetlb.c in the Linux kernel before 5.8.8 could be used by local attackers to corrupt memory, cause a NULL pointer dereference, or possibly have unspecified other impact, aka CID-17743798d812.",Released
20200917,CVE-2014-10402,,6.1,1176492,perl-DBI,https://www.suse.com/security/cve/CVE-2014-10402,"An issue was discovered in the DBI module through 1.643 for Perl. DBD::File drivers can open files from folders other than those specifically passed via the f_dir attribute in the data source name (DSN). NOTE: this issue exists because of an incomplete fix for CVE-2014-10401.",Affected
20200917,CVE-2020-25084,5,3.2,1176673,kvm,https://www.suse.com/security/cve/CVE-2020-25084,"QEMU 5.0.0 has a use-after-free in hw/usb/hcd-xhci.c because the usb_packet_map return value is not checked.",Released
20200917,CVE-2020-25595,7.8,7.8,1176344,xen,https://www.suse.com/security/cve/CVE-2020-25595,"An issue was discovered in Xen through 4.14.x. The PCI passthrough code improperly uses register data. Code paths in Xen's MSI handling have been identified that act on unsanitized values read back from device hardware registers. While devices strictly compliant with PCI specifications shouldn't be able to affect these registers, experience shows that it's very common for devices to have out-of-spec \"backdoor\" operations that can affect the result of these reads. A not fully trusted guest may be able to crash Xen, leading to a Denial of Service (DoS) for the entire system. Privilege escalation and information leaks cannot be excluded. All versions of Xen supporting PCI passthrough are affected. Only x86 systems are vulnerable. Arm systems are not vulnerable. Only guests with passed through PCI devices may be able to leverage the vulnerability. Only systems passing through devices with out-of-spec (\"backdoor\") functionality can cause issues. Experience shows that such out-of-spec functionality is common; unless you have reason to believe that your device does not have such functionality, it's better to assume that it does.",Released
20200917,CVE-2020-25596,5.5,5.5,1176345,xen,https://www.suse.com/security/cve/CVE-2020-25596,"An issue was discovered in Xen through 4.14.x. x86 PV guest kernels can experience denial of service via SYSENTER. The SYSENTER instruction leaves various state sanitization activities to software. One of Xen's sanitization paths injects a #GP fault, and incorrectly delivers it twice to the guest. This causes the guest kernel to observe a kernel-privilege #GP fault (typically fatal) rather than a user-privilege #GP fault (usually converted into SIGSEGV/etc.). Malicious or buggy userspace can crash the guest kernel, resulting in a VM Denial of Service. All versions of Xen from 3.2 onwards are vulnerable. Only x86 systems are vulnerable. ARM platforms are not vulnerable. Only x86 systems that support the SYSENTER instruction in 64bit mode are vulnerable. This is believed to be Intel, Centaur, and Shanghai CPUs. AMD and Hygon CPUs are not believed to be vulnerable. Only x86 PV guests can exploit the vulnerability. x86 PVH / HVM guests cannot exploit the vulnerability.",Released
20200917,CVE-2020-25597,6.5,6.5,1176346,xen,https://www.suse.com/security/cve/CVE-2020-25597,"An issue was discovered in Xen through 4.14.x. There is mishandling of the constraint that once-valid event channels may not turn invalid. Logic in the handling of event channel operations in Xen assumes that an event channel, once valid, will not become invalid over the life time of a guest. However, operations like the resetting of all event channels may involve decreasing one of the bounds checked when determining validity. This may lead to bug checks triggering, crashing the host. An unprivileged guest may be able to crash Xen, leading to a Denial of Service (DoS) for the entire system. All Xen versions from 4.4 onwards are vulnerable. Xen versions 4.3 and earlier are not vulnerable. Only systems with untrusted guests permitted to create more than the default number of event channels are vulnerable. This number depends on the architecture and type of guest. For 32-bit x86 PV guests, this is 1023; for 64-bit x86 PV guests, and for all ARM guests, this number is 4095. Systems where untrusted guests are limited to fewer than this number are not vulnerable. Note that xl and libxl limit max_event_channels to 1023 by default, so systems using exclusively xl, libvirt+libxl, or their own toolstack based on libxl, and not explicitly setting max_event_channels, are not vulnerable.",Released
20200917,CVE-2020-25600,7.1,5.5,1176348,xen,https://www.suse.com/security/cve/CVE-2020-25600,"An issue was discovered in Xen through 4.14.x. Out of bounds event channels are available to 32-bit x86 domains. The so called 2-level event channel model imposes different limits on the number of usable event channels for 32-bit x86 domains vs 64-bit or Arm (either bitness) ones. 32-bit x86 domains can use only 1023 channels, due to limited space in their shared (between guest and Xen) information structure, whereas all other domains can use up to 4095 in this model. The recording of the respective limit during domain initialization, however, has occurred at a time where domains are still deemed to be 64-bit ones, prior to actually honoring respective domain properties. At the point domains get recognized as 32-bit ones, the limit didn't get updated accordingly. Due to this misbehavior in Xen, 32-bit domains (including Domain 0) servicing other domains may observe event channel allocations to succeed when they should really fail. Subsequent use of such event channels would then possibly lead to corruption of other parts of the shared info structure. An unprivileged guest may cause another domain, in particular Domain 0, to misbehave. This may lead to a Denial of Service (DoS) for the entire system. All Xen versions from 4.4 onwards are vulnerable. Xen versions 4.3 and earlier are not vulnerable. Only x86 32-bit domains servicing other domains are vulnerable. Arm systems, as well as x86 64-bit domains, are not vulnerable.",Released
20200917,CVE-2020-25601,6.5,5.5,1176350,xen,https://www.suse.com/security/cve/CVE-2020-25601,"An issue was discovered in Xen through 4.14.x. There is a lack of preemption in evtchn_reset() / evtchn_destroy(). In particular, the FIFO event channel model allows guests to have a large number of event channels active at a time. Closing all of these (when resetting all event channels or when cleaning up after the guest) may take extended periods of time. So far, there was no arrangement for preemption at suitable intervals, allowing a CPU to spend an almost unbounded amount of time in the processing of these operations. Malicious or buggy guest kernels can mount a Denial of Service (DoS) attack affecting the entire system. All Xen versions are vulnerable in principle. Whether versions 4.3 and older are vulnerable depends on underlying hardware characteristics.",Released
20200917,CVE-2020-25603,7.8,7.8,1176347,xen,https://www.suse.com/security/cve/CVE-2020-25603,"An issue was discovered in Xen through 4.14.x. There are missing memory barriers when accessing/allocating an event channel. Event channels control structures can be accessed lockless as long as the port is considered to be valid. Such a sequence is missing an appropriate memory barrier (e.g., smp_*mb()) to prevent both the compiler and CPU from re-ordering access. A malicious guest may be able to cause a hypervisor crash resulting in a Denial of Service (DoS). Information leak and privilege escalation cannot be excluded. Systems running all versions of Xen are affected. Whether a system is vulnerable will depend on the CPU and compiler used to build Xen. For all systems, the presence and the scope of the vulnerability depend on the precise re-ordering performed by the compiler used to build Xen. We have not been able to survey compilers; consequently we cannot say which compiler(s) might produce vulnerable code (with which code generation options). GCC documentation clearly suggests that re-ordering is possible. Arm systems will also be vulnerable if the CPU is able to re-order memory access. Please consult your CPU vendor. x86 systems are only vulnerable if a compiler performs re-ordering.",Released
20200917,CVE-2020-25604,6.5,4.7,1176343,xen,https://www.suse.com/security/cve/CVE-2020-25604,"An issue was discovered in Xen through 4.14.x. There is a race condition when migrating timers between x86 HVM vCPUs. When migrating timers of x86 HVM guests between its vCPUs, the locking model used allows for a second vCPU of the same guest (also operating on the timers) to release a lock that it didn't acquire. The most likely effect of the issue is a hang or crash of the hypervisor, i.e., a Denial of Service (DoS). All versions of Xen are affected. Only x86 systems are vulnerable. Arm systems are not vulnerable. Only x86 HVM guests can leverage the vulnerability. x86 PV and PVH cannot leverage the vulnerability. Only guests with more than one vCPU can exploit the vulnerability.",Released
20200917,CVE-2020-25624,5,5,1176682,kvm,https://www.suse.com/security/cve/CVE-2020-25624,"hw/usb/hcd-ohci.c in QEMU 5.0.0 has a stack-based buffer over-read via values obtained from the host controller driver.",Released
20200917,CVE-2020-25625,2.5,5.3,1176684,kvm,https://www.suse.com/security/cve/CVE-2020-25625,"hw/usb/hcd-ohci.c in QEMU 5.0.0 has an infinite loop when a TD list has a loop.",Released
20200918,CVE-2020-0431,7.8,6.7,1176722,kernel-source,https://www.suse.com/security/cve/CVE-2020-0431,"In kbd_keycode of keyboard.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-144161459",Released
20200918,CVE-2020-25632,7.5,8.2,1176711,grub2,https://www.suse.com/security/cve/CVE-2020-25632,"A flaw was found in grub2 in versions prior to 2.06. The rmmod implementation allows the unloading of a module used as a dependency without checking if any other dependent module is still loaded leading to a use-after-free scenario. This could allow arbitrary code to be executed or a bypass of Secure Boot protections. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",Released
20200921,CVE-2019-20919,7.5,4.7,1176764,perl-DBI,https://www.suse.com/security/cve/CVE-2019-20919,"An issue was discovered in the DBI module before 1.643 for Perl. The hv_fetch() documentation requires checking for NULL and the code does that. But, shortly thereafter, it calls SvOK(profile), causing a NULL pointer dereference.",Released
20200922,CVE-2020-25741,4.4,3.2,1176810,kvm,https://www.suse.com/security/cve/CVE-2020-25741,"fdctrl_write_data in hw/block/fdc.c in QEMU 5.0.0 has a NULL pointer dereference via a NULL block pointer for the current drive.",Unsupported
20200929,CVE-2020-25742,3.2,3.2,1177088,kvm,https://www.suse.com/security/cve/CVE-2020-25742,"pci_change_irq_level in hw/pci/pci.c in QEMU before 5.1.1 has a NULL pointer dereference because pci_get_bus() might not return a valid pointer.",Ignore
20200930,CVE-2020-14355,6.6,6.6,1177158,spice,https://www.suse.com/security/cve/CVE-2020-14355,"Multiple buffer overflow vulnerabilities were found in the QUIC image decoding process of the SPICE remote display system, before spice-0.14.2-1. Both the SPICE client (spice-gtk) and server are affected by these flaws. These flaws allow a malicious client or server to send specially crafted messages that, when processed by the QUIC image compression algorithm, result in a process crash or potential code execution.",Released
20200930,CVE-2020-25613,6.3,7.5,1177125,ruby,https://www.suse.com/security/cve/CVE-2020-25613,"An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6, and 2.7.x through 2.7.1. WEBrick, a simple HTTP server bundled with Ruby, had not checked the transfer-encoding header value rigorously. An attacker may potentially exploit this issue to bypass a reverse proxy (which also has a poor header check), which may lead to an HTTP Request Smuggling attack.",Won't fix
20200930,CVE-2020-26116,6.8,7.2,1177120,python,https://www.suse.com/security/cve/CVE-2020-26116,"http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of HTTPConnection.request.",Released
20201001,CVE-2020-11979,4.9,7.5,1177180,ant,https://www.suse.com/security/cve/CVE-2020-11979,"As mitigation for CVE-2020-1945 Apache Ant 1.10.8 changed the permissions of temporary files it created so that only the current user was allowed to access them. Unfortunately the fixcrlf task deleted the temporary file and created a new one without said protection, effectively nullifying the effort. This would still allow an attacker to inject modified source files into the build process.",Won't fix
20201001,CVE-2020-25643,7.5,7.2,1177206,kernel-source,https://www.suse.com/security/cve/CVE-2020-25643,"A flaw was found in the HDLC_PPP module of the Linux kernel in versions before 5.9-rc7. Memory corruption and a read overflow is caused by improper input validation in the ppp_cp_parse_cr function which can cause the system to crash or cause a denial of service. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",Released
20201005,CVE-2020-26541,6,6.5,1177282,kernel-source,https://www.suse.com/security/cve/CVE-2020-26541,"The Linux kernel through 5.8.13 does not properly enforce the Secure Boot Forbidden Signature Database (aka dbx) protection mechanism. This affects certs/blacklist.c and certs/system_keyring.c.",Unsupported
20201006,CVE-2020-26571,6.2,5.5,1177380,opensc,https://www.suse.com/security/cve/CVE-2020-26571,"The gemsafe GPK smart card software driver in OpenSC before 0.21.0-rc1 has a stack-based buffer overflow in sc_pkcs15emu_gemsafeGPK_init.",Released
20201006,CVE-2020-26572,6.2,5.5,1177378,opensc,https://www.suse.com/security/cve/CVE-2020-26572,"The TCOS smart card software driver in OpenSC before 0.21.0-rc1 has a stack-based buffer overflow in tcos_decipher.",Released
20201006,CVE-2020-7070,6.8,5.3,1177352,php53,https://www.suse.com/security/cve/CVE-2020-7070,"In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when PHP is processing incoming HTTP cookie values, the cookie names are url-decoded. This may lead to cookies with prefixes like __Host confused with cookies that decode to such prefix, thus leading to an attacker being able to forge cookie which is supposed to be secure. See also CVE-2020-8184 for more information.",Released
20201008,CVE-2020-16119,7.8,7.8,1177471,kernel-bigmem,https://www.suse.com/security/cve/CVE-2020-16119,"Use-after-free vulnerability in the Linux kernel exploitable by a local attacker due to reuse of a DCCP socket with an attached dccps_hc_tx_ccid object as a listener after being released. Fixed in Ubuntu Linux kernel 5.4.0-51.56, 5.3.0-68.63, 4.15.0-121.123, 4.4.0-193.224, 3.13.0.182.191 and 3.2.0-149.196.",Released
20201008,CVE-2020-16119,7.8,7.8,1177471,kernel-default,https://www.suse.com/security/cve/CVE-2020-16119,"Use-after-free vulnerability in the Linux kernel exploitable by a local attacker due to reuse of a DCCP socket with an attached dccps_hc_tx_ccid object as a listener after being released. Fixed in Ubuntu Linux kernel 5.4.0-51.56, 5.3.0-68.63, 4.15.0-121.123, 4.4.0-193.224, 3.13.0.182.191 and 3.2.0-149.196.",Released
20201008,CVE-2020-16119,7.8,7.8,1177471,kernel-ec2,https://www.suse.com/security/cve/CVE-2020-16119,"Use-after-free vulnerability in the Linux kernel exploitable by a local attacker due to reuse of a DCCP socket with an attached dccps_hc_tx_ccid object as a listener after being released. Fixed in Ubuntu Linux kernel 5.4.0-51.56, 5.3.0-68.63, 4.15.0-121.123, 4.4.0-193.224, 3.13.0.182.191 and 3.2.0-149.196.",Released
20201008,CVE-2020-16119,7.8,7.8,1177471,kernel-pae,https://www.suse.com/security/cve/CVE-2020-16119,"Use-after-free vulnerability in the Linux kernel exploitable by a local attacker due to reuse of a DCCP socket with an attached dccps_hc_tx_ccid object as a listener after being released. Fixed in Ubuntu Linux kernel 5.4.0-51.56, 5.3.0-68.63, 4.15.0-121.123, 4.4.0-193.224, 3.13.0.182.191 and 3.2.0-149.196.",Released
20201008,CVE-2020-16119,7.8,7.8,1177471,kernel-ppc64,https://www.suse.com/security/cve/CVE-2020-16119,"Use-after-free vulnerability in the Linux kernel exploitable by a local attacker due to reuse of a DCCP socket with an attached dccps_hc_tx_ccid object as a listener after being released. Fixed in Ubuntu Linux kernel 5.4.0-51.56, 5.3.0-68.63, 4.15.0-121.123, 4.4.0-193.224, 3.13.0.182.191 and 3.2.0-149.196.",Released
20201008,CVE-2020-16119,7.8,7.8,1177471,kernel-source,https://www.suse.com/security/cve/CVE-2020-16119,"Use-after-free vulnerability in the Linux kernel exploitable by a local attacker due to reuse of a DCCP socket with an attached dccps_hc_tx_ccid object as a listener after being released. Fixed in Ubuntu Linux kernel 5.4.0-51.56, 5.3.0-68.63, 4.15.0-121.123, 4.4.0-193.224, 3.13.0.182.191 and 3.2.0-149.196.",Released
20201008,CVE-2020-16119,7.8,7.8,1177471,kernel-syms,https://www.suse.com/security/cve/CVE-2020-16119,"Use-after-free vulnerability in the Linux kernel exploitable by a local attacker due to reuse of a DCCP socket with an attached dccps_hc_tx_ccid object as a listener after being released. Fixed in Ubuntu Linux kernel 5.4.0-51.56, 5.3.0-68.63, 4.15.0-121.123, 4.4.0-193.224, 3.13.0.182.191 and 3.2.0-149.196.",Released
20201008,CVE-2020-16119,7.8,7.8,1177471,kernel-trace,https://www.suse.com/security/cve/CVE-2020-16119,"Use-after-free vulnerability in the Linux kernel exploitable by a local attacker due to reuse of a DCCP socket with an attached dccps_hc_tx_ccid object as a listener after being released. Fixed in Ubuntu Linux kernel 5.4.0-51.56, 5.3.0-68.63, 4.15.0-121.123, 4.4.0-193.224, 3.13.0.182.191 and 3.2.0-149.196.",Released
20201008,CVE-2020-16119,7.8,7.8,1177471,kernel-xen,https://www.suse.com/security/cve/CVE-2020-16119,"Use-after-free vulnerability in the Linux kernel exploitable by a local attacker due to reuse of a DCCP socket with an attached dccps_hc_tx_ccid object as a listener after being released. Fixed in Ubuntu Linux kernel 5.4.0-51.56, 5.3.0-68.63, 4.15.0-121.123, 4.4.0-193.224, 3.13.0.182.191 and 3.2.0-149.196.",Released
20201014,CVE-2020-4788,5.1,4.7,1177666,kernel-source,https://www.suse.com/security/cve/CVE-2020-4788,"IBM Power9 (AIX 7.1, 7.2, and VIOS 3.1) processors could allow a local user to obtain sensitive information from the data in the L1 cache under extenuating circumstances. IBM X-Force ID: 189296.",Released
20201015,CVE-2020-25656,5.5,4.1,1177766,kernel-source,https://www.suse.com/security/cve/CVE-2020-25656,"A flaw was found in the Linux kernel. A use-after-free was found in the way the console subsystem was using ioctls KDGKBSENT and KDSKBSENT. A local user could use this flaw to get read memory access out of bounds. The highest threat from this vulnerability is to data confidentiality.",Released
20201016,CVE-2019-14584,4,7.8,1177789,shim,https://www.suse.com/security/cve/CVE-2019-14584,"Null pointer dereference in Tianocore EDK2 may allow an authenticated user to potentially enable escalation of privilege via local access.",Affected
20201019,CVE-2020-25647,7.6,7.6,1177883,grub2,https://www.suse.com/security/cve/CVE-2020-25647,"A flaw was found in grub2 in versions prior to 2.06. During USB device initialization, descriptors are read with very little bounds checking and assumes the USB device is providing sane values. If properly exploited, an attacker could trigger memory corruption leading to arbitrary code execution allowing a bypass of the Secure Boot mechanism. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",Released
20201020,CVE-2020-25648,7.5,7.5,1177917,mozilla-nss,https://www.suse.com/security/cve/CVE-2020-25648,"A flaw was found in the way NSS handled CCS (ChangeCipherSpec) messages in TLS 1.3. This flaw allows a remote attacker to send multiple CCS messages, causing a denial of service for servers compiled with the NSS library. The highest threat from this vulnerability is to system availability. This flaw affects NSS versions before 3.58.",Released
20201021,CVE-2020-14779,3.7,3.7,1177943,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2020-14779,"Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).",Released
20201021,CVE-2020-14781,3.7,3.7,1177943,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2020-14781,"Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JNDI). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).",Released
20201021,CVE-2020-14782,3.7,3.7,1177943,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2020-14782,"Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).",Released
20201021,CVE-2020-14792,4.2,4.2,1177943,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2020-14792,"Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 4.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N).",Released
20201021,CVE-2020-14796,3.1,3.1,1177943,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2020-14796,"Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N).",Released
20201021,CVE-2020-14797,3.7,3.7,1177943,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2020-14797,"Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).",Released
20201021,CVE-2020-14798,3.7,3.1,1177943,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2020-14798,"Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N).",Released
20201021,CVE-2020-14803,5.3,5.3,1177943,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2020-14803,"Vulnerability in the Java SE product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 11.0.8 and 15. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).",Released
20201023,CVE-2020-27560,4.3,3.3,1178067,ImageMagick,https://www.suse.com/security/cve/CVE-2020-27560,"ImageMagick 7.0.10-34 allows Division by Zero in OptimizeLayerFrames in MagickCore/layer.c, which may cause a denial of service.",Released
20201023,CVE-2020-27670,7.8,7.8,1177414,xen,https://www.suse.com/security/cve/CVE-2020-27670,"An issue was discovered in Xen through 4.14.x allowing x86 guest OS users to cause a denial of service (data corruption), cause a data leak, or possibly gain privileges because an AMD IOMMU page-table entry can be half-updated.",Released
20201023,CVE-2020-27671,7.8,7.8,1177413,xen,https://www.suse.com/security/cve/CVE-2020-27671,"An issue was discovered in Xen through 4.14.x allowing x86 HVM and PVH guest OS users to cause a denial of service (data corruption), cause a data leak, or possibly gain privileges because coalescing of per-page IOMMU TLB flushes is mishandled.",Released
20201023,CVE-2020-27672,7.8,7,1177412,xen,https://www.suse.com/security/cve/CVE-2020-27672,"An issue was discovered in Xen through 4.14.x allowing x86 guest OS users to cause a host OS denial of service, achieve data corruption, or possibly gain privileges by exploiting a race condition that leads to a use-after-free involving 2MiB and 1GiB superpages.",Released
20201023,CVE-2020-27674,6.2,5.3,1177409,xen,https://www.suse.com/security/cve/CVE-2020-27674,"An issue was discovered in Xen through 4.14.x allowing x86 PV guest OS users to gain guest OS privileges by modifying kernel memory contents, because invalidation of TLB entries is mishandled during use of an INVLPG-like attack technique.",Released
20201027,CVE-2020-25669,4.3,7.8,1178182,kernel-source,https://www.suse.com/security/cve/CVE-2020-25669,"A vulnerability was found in the Linux Kernel where the function sunkbd_reinit having been scheduled by sunkbd_interrupt before sunkbd being freed. Though the dangling pointer is set to NULL in sunkbd_disconnect, there is still an alias in sunkbd_reinit causing Use After Free.",Released
20201030,CVE-2020-25668,7,7,1178123,kernel-source,https://www.suse.com/security/cve/CVE-2020-25668,"A flaw was found in Linux Kernel because access to the global variable fg_console is not properly synchronized leading to a use after free in con_font_op.",Released
20201030,CVE-2020-25681,8.1,8.1,1177077,dnsmasq,https://www.suse.com/security/cve/CVE-2020-25681,"A flaw was found in dnsmasq before version 2.83. A heap-based buffer overflow was discovered in the way RRSets are sorted before validating with DNSSEC data. An attacker on the network, who can forge DNS replies such as that they are accepted as valid, could use this flaw to cause a buffer overflow with arbitrary data in a heap memory segment, possibly executing code on the machine. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",Released
20201030,CVE-2020-25682,8.1,8.1,1177077,dnsmasq,https://www.suse.com/security/cve/CVE-2020-25682,"A flaw was found in dnsmasq before 2.83. A buffer overflow vulnerability was discovered in the way dnsmasq extract names from DNS packets before validating them with DNSSEC data. An attacker on the network, who can create valid DNS replies, could use this flaw to cause an overflow with arbitrary data in a heap-allocated memory, possibly executing code on the machine. The flaw is in the rfc1035.c:extract_name() function, which writes data to the memory pointed by name assuming MAXDNAME*2 bytes are available in the buffer. However, in some code execution paths, it is possible extract_name() gets passed an offset from the base buffer, thus reducing, in practice, the number of available bytes that can be written in the buffer. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",Released
20201030,CVE-2020-25683,5.9,5.9,1177077,dnsmasq,https://www.suse.com/security/cve/CVE-2020-25683,"A flaw was found in dnsmasq before version 2.83. A heap-based buffer overflow was discovered in dnsmasq when DNSSEC is enabled and before it validates the received DNS entries. A remote attacker, who can create valid DNS replies, could use this flaw to cause an overflow in a heap-allocated memory. This flaw is caused by the lack of length checks in rfc1035.c:extract_name(), which could be abused to make the code execute memcpy() with a negative size in get_rdata() and cause a crash in dnsmasq, resulting in a denial of service. The highest threat from this vulnerability is to system availability.",Released
20201030,CVE-2020-25684,5.4,3.7,1177077,dnsmasq,https://www.suse.com/security/cve/CVE-2020-25684,"A flaw was found in dnsmasq before version 2.83. When getting a reply from a forwarded query, dnsmasq checks in the forward.c:reply_query() if the reply destination address/port is used by the pending forwarded queries. However, it does not use the address/port to retrieve the exact forwarded query, substantially reducing the number of attempts an attacker on the network would have to perform to forge a reply and get it accepted by dnsmasq. This issue contrasts with RFC5452, which specifies a query's attributes that all must be used to match a reply. This flaw allows an attacker to perform a DNS Cache Poisoning attack. If chained with CVE-2020-25685 or CVE-2020-25686, the attack complexity of a successful attack is reduced. The highest threat from this vulnerability is to data integrity.",Released
20201030,CVE-2020-25685,5.4,3.7,1177077,dnsmasq,https://www.suse.com/security/cve/CVE-2020-25685,"A flaw was found in dnsmasq before version 2.83. When getting a reply from a forwarded query, dnsmasq checks in forward.c:reply_query(), which is the forwarded query that matches the reply, by only using a weak hash of the query name. Due to the weak hash (CRC32 when dnsmasq is compiled without DNSSEC, SHA-1 when it is) this flaw allows an off-path attacker to find several different domains all having the same hash, substantially reducing the number of attempts they would have to perform to forge a reply and get it accepted by dnsmasq. This is in contrast with RFC5452, which specifies that the query name is one of the attributes of a query that must be used to match a reply. This flaw could be abused to perform a DNS Cache Poisoning attack. If chained with CVE-2020-25684 the attack complexity of a successful attack is reduced. The highest threat from this vulnerability is to data integrity.",Released
20201030,CVE-2020-25686,5.4,3.7,1177077,dnsmasq,https://www.suse.com/security/cve/CVE-2020-25686,"A flaw was found in dnsmasq before version 2.83. When receiving a query, dnsmasq does not check for an existing pending request for the same name and forwards a new request. By default, a maximum of 150 pending queries can be sent to upstream servers, so there can be at most 150 queries for the same name. This flaw allows an off-path attacker on the network to substantially reduce the number of attempts that it would have to perform to forge a reply and have it accepted by dnsmasq. This issue is mentioned in the \"Birthday Attacks\" section of RFC5452. If chained with CVE-2020-25684, the attack complexity of a successful attack is reduced. The highest threat from this vulnerability is to data integrity.",Released
20201030,CVE-2020-25687,5.9,5.9,1177077,dnsmasq,https://www.suse.com/security/cve/CVE-2020-25687,"A flaw was found in dnsmasq before version 2.83. A heap-based buffer overflow was discovered in dnsmasq when DNSSEC is enabled and before it validates the received DNS entries. This flaw allows a remote attacker, who can create valid DNS replies, to cause an overflow in a heap-allocated memory. This flaw is caused by the lack of length checks in rfc1035.c:extract_name(), which could be abused to make the code execute memcpy() with a negative size in sort_rrset() and cause a crash in dnsmasq, resulting in a denial of service. The highest threat from this vulnerability is to system availability.",Released
20201103,CVE-2020-25692,7.5,7.5,1178387,openldap2-client,https://www.suse.com/security/cve/CVE-2020-25692,"A NULL pointer dereference was found in OpenLDAP server and was fixed in openldap 2.4.55, during a request for renaming RDNs. An unauthenticated attacker could remotely crash the slapd process by sending a specially crafted request, causing a Denial of Service.",Released
20201103,CVE-2020-25692,7.5,7.5,1178387,openldap2,https://www.suse.com/security/cve/CVE-2020-25692,"A NULL pointer dereference was found in OpenLDAP server and was fixed in openldap 2.4.55, during a request for renaming RDNs. An unauthenticated attacker could remotely crash the slapd process by sending a specially crafted request, causing a Denial of Service.",Released
20201103,CVE-2020-27618,3.3,5.5,1178386,glibc,https://www.suse.com/security/cve/CVE-2020-27618,"The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid multi-byte input sequences in IBM1364, IBM1371, IBM1388, IBM1390, and IBM1399 encodings, fails to advance the input state, which could lead to an infinite loop in applications, resulting in a denial of service, a different vulnerability from CVE-2016-10228.",Released
20201105,CVE-2020-0452,7.5,9.8,1178479,libexif,https://www.suse.com/security/cve/CVE-2020-0452,"In exif_entry_get_value of exif-entry.c, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution if a third party app used this library to process remote image data with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11 Android-8.0Android ID: A-159625731",Released
20201105,CVE-2020-8037,4.3,7.5,1178466,tcpdump,https://www.suse.com/security/cve/CVE-2020-8037,"The ppp decapsulator in tcpdump 4.9.3 can be convinced to allocate a large amount of memory.",Released
20201109,CVE-2017-18926,7.5,7.1,1178593,raptor,https://www.suse.com/security/cve/CVE-2017-18926,"raptor_xml_writer_start_element_common in raptor_xml_writer.c in Raptor RDF Syntax Library 2.0.15 miscalculates the maximum nspace declarations for the XML writer, leading to heap-based buffer overflows (sometimes seen in raptor_qname_format_as_xml).",Released
20201110,CVE-2020-25697,3.6,7,1178613,xorg-x11,https://www.suse.com/security/cve/CVE-2020-25697,"A privilege escalation flaw was found in the Xorg-x11-server due to a lack of authentication for X11 clients. This flaw allows an attacker to take control of an X application by impersonating the server it is expecting to connect to.",Unsupported
20201111,CVE-2020-25707,6,,1178683,kvm,https://www.suse.com/security/cve/CVE-2020-25707,"** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate is a duplicate of CVE-2020-28916",Released
20201111,CVE-2020-25708,,7.5,1178682,LibVNCServer,https://www.suse.com/security/cve/CVE-2020-25708,"A divide by zero issue was found to occur in libvncserver-0.9.12. A malicious client could use this flaw to send a specially crafted message that, when processed by the VNC server, would lead to a floating point exception, resulting in a denial of service.",Released
20201111,CVE-2020-28368,5.6,4.4,1178591,xen,https://www.suse.com/security/cve/CVE-2020-28368,"Xen through 4.14.x allows guest OS administrators to obtain sensitive information (such as AES keys from outside the guest) via a side-channel attack on a power/energy monitoring interface, aka a \"Platypus\" attack. NOTE: there is only one logically independent fix: to change the access control for each such interface in Xen.",Released
20201116,CVE-2020-25657,7.5,5.9,1178829,python-m2crypto,https://www.suse.com/security/cve/CVE-2020-25657,"A flaw was found in all released versions of m2crypto, where they are vulnerable to Bleichenbacher timing attacks in the RSA decryption API via the timed processing of valid PKCS#1 v1.5 Ciphertext. The highest threat from this vulnerability is to confidentiality.",Won't fix
20201116,CVE-2020-25712,7.8,7.8,1174908,xorg-x11-server,https://www.suse.com/security/cve/CVE-2020-25712,"A flaw was found in xorg-x11-server before 1.20.10. A heap-buffer overflow in XkbSetDeviceInfo may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",Released
20201116,CVE-2020-25713,6.5,6.5,1178593,raptor,https://www.suse.com/security/cve/CVE-2020-25713,"A malformed input file can lead to a segfault due to an out of bounds array access in raptor_xml_writer_start_element_common.",Released
20201117,CVE-2020-12313,8.8,8.8,1178872,kernel-firmware,https://www.suse.com/security/cve/CVE-2020-12313,"Insufficient control flow management in some Intel(R) PROSet/Wireless WiFi products before version 21.110 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.",Unsupported
20201117,CVE-2020-12317,6.5,6.5,1178872,kernel-firmware,https://www.suse.com/security/cve/CVE-2020-12317,"Improper buffer restriction in some Intel(R) PROSet/Wireless WiFi products before version 21.110 may allow an unauthenticated user to potentially enable denial of service via adjacent access.",Unsupported
20201117,CVE-2020-12319,6.5,6.5,1178872,kernel-firmware,https://www.suse.com/security/cve/CVE-2020-12319,"Insufficient control flow management in some Intel(R) PROSet/Wireless WiFi products before version 21.110 may allow an unauthenticated user to potentially enable denial of service via adjacent access.",Unsupported
20201117,CVE-2020-25678,,4.4,1178905,ceph,https://www.suse.com/security/cve/CVE-2020-25678,"A flaw was found in ceph in versions prior to 16.y.z where ceph stores mgr module passwords in clear text. This can be found by searching the mgr logs for grafana and dashboard, with passwords visible.",Ignore
20201117,CVE-2020-25709,6.5,7.5,1178909,openldap2,https://www.suse.com/security/cve/CVE-2020-25709,"A flaw was found in OpenLDAP. This flaw allows an attacker who can send a malicious packet to be processed by OpenLDAP’s slapd server, to trigger an assertion failure. The highest threat from this vulnerability is to system availability.",Released
20201117,CVE-2020-25710,6.5,7.5,1178909,openldap2,https://www.suse.com/security/cve/CVE-2020-25710,"A flaw was found in OpenLDAP in versions before 2.4.56. This flaw allows an attacker who sends a malicious packet processed by OpenLDAP to force a failed assertion in csnNormalize23(). The highest threat from this vulnerability is to system availability.",Released
20201118,CVE-2020-25723,3.2,3.2,1178934,kvm,https://www.suse.com/security/cve/CVE-2020-25723,"A reachable assertion issue was found in the USB EHCI emulation code of QEMU. It could occur while processing USB requests due to missing handling of DMA memory map failure. A malicious privileged user within the guest may abuse this flaw to send bogus USB requests and crash the QEMU process on the host, resulting in a denial of service.",Released
20201118,CVE-2020-25723,3.2,3.2,1178934,xen,https://www.suse.com/security/cve/CVE-2020-25723,"A reachable assertion issue was found in the USB EHCI emulation code of QEMU. It could occur while processing USB requests due to missing handling of DMA memory map failure. A malicious privileged user within the guest may abuse this flaw to send bogus USB requests and crash the QEMU process on the host, resulting in a denial of service.",Released
20201118,CVE-2020-28915,5.1,5.8,1178886,kernel-source,https://www.suse.com/security/cve/CVE-2020-28915,"A buffer over-read (at the framebuffer layer) in the fbcon code in the Linux kernel before 5.8.15 could be used by local attackers to read kernel memory, aka CID-6735b4632def.",Released
20201120,CVE-2020-28896,6.5,5.3,1179035,mutt,https://www.suse.com/security/cve/CVE-2020-28896,"Mutt before 2.0.2 and NeoMutt before 2020-11-20 did not ensure that $ssl_force_tls was processed if an IMAP server's initial server response was invalid. The connection was not properly closed, and the code could continue attempting to authenticate. This could result in authentication credentials being exposed on an unencrypted connection, or to a machine-in-the-middle.",Released
20201121,CVE-2020-28974,5.1,5,1178589,kernel-source,https://www.suse.com/security/cve/CVE-2020-28974,"A slab-out-of-bounds read in fbcon in the Linux kernel before 5.9.7 could be used by local attackers to read privileged information or potentially crash the kernel, aka CID-3c4e0dff2095. This occurs because KD_FONT_OP_COPY in drivers/tty/vt/vt.c can be used for manipulations such as font height.",Released
20201123,CVE-2020-19667,5.3,7.8,1179103,ImageMagick,https://www.suse.com/security/cve/CVE-2020-19667,"Stack-based buffer overflow and unconditional jump in ReadXPMImage in coders/xpm.c in ImageMagick 7.0.10-7.",Released
20201123,CVE-2020-27777,6.4,6.7,1179107,kernel-source,https://www.suse.com/security/cve/CVE-2020-27777,"A flaw was found in the way RTAS handled memory accesses in userspace to kernel communication. On a locked down (usually due to Secure Boot) guest system running on top of PowerVM or KVM hypervisors (pseries platform) a root like local user could use this flaw to further increase their privileges to that of a running kernel.",Released
20201124,CVE-2020-15436,6.4,6.7,1179141,kernel-source,https://www.suse.com/security/cve/CVE-2020-15436,"Use-after-free vulnerability in fs/block_dev.c in the Linux kernel before 5.8 allows local users to gain privileges or cause a denial of service by leveraging improper access to a certain error field.",Released
20201124,CVE-2020-15437,5.5,4.4,1179140,kernel-source,https://www.suse.com/security/cve/CVE-2020-15437,"The Linux kernel before version 5.8 is vulnerable to a NULL pointer dereference in drivers/tty/serial/8250/8250_core.c:serial8250_isa_init_ports() that allows local users to cause a denial of service by using the p->serial_in pointer which uninitialized.",Released
20201124,CVE-2020-27778,5.3,7.5,1179163,poppler,https://www.suse.com/security/cve/CVE-2020-27778,"A flaw was found in Poppler in the way certain PDF files were converted into HTML. A remote attacker could exploit this flaw by providing a malicious PDF file that, when processed by the 'pdftohtml' program, would crash the application causing a denial of service.",Released
20201125,CVE-2020-25664,8.2,6.1,1179202,ImageMagick,https://www.suse.com/security/cve/CVE-2020-25664,"In WriteOnePNGImage() of the PNG coder at coders/png.c, an improper call to AcquireVirtualMemory() and memset() allows for an out-of-bounds write later when PopShortPixel() from MagickCore/quantum-private.h is called. The patch fixes the calls by adding 256 to rowbytes. An attacker who is able to supply a specially crafted image could affect availability with a low impact to data integrity. This flaw affects ImageMagick versions prior to 6.9.10-68 and 7.0.8-68.",Released
20201125,CVE-2020-25665,5.5,5.5,1179208,ImageMagick,https://www.suse.com/security/cve/CVE-2020-25665,"The PALM image coder at coders/palm.c makes an improper call to AcquireQuantumMemory() in routine WritePALMImage() because it needs to be offset by 256. This can cause a out-of-bounds read later on in the routine. The patch adds 256 to bytes_per_row in the call to AcquireQuantumMemory(). This could cause impact to reliability. This flaw affects ImageMagick versions prior to 7.0.8-68.",Released
20201125,CVE-2020-25666,5.3,3.3,1179212,ImageMagick,https://www.suse.com/security/cve/CVE-2020-25666,"There are 4 places in HistogramCompare() in MagickCore/histogram.c where an integer overflow is possible during simple math calculations. This occurs in the rgb values and `count` value for a color. The patch uses casts to `ssize_t` type for these calculations, instead of `int`. This flaw could impact application reliability in the event that ImageMagick processes a crafted input file. This flaw affects ImageMagick versions prior to 7.0.9-0.",Released
20201125,CVE-2020-29040,7.9,8.8,1178963,xen,https://www.suse.com/security/cve/CVE-2020-29040,"An issue was discovered in Xen through 4.14.x allowing x86 HVM guest OS users to cause a denial of service (stack corruption), cause a data leak, or possibly gain privileges because of an off-by-one error. NOTE: this issue is caused by an incorrect fix for CVE-2020-27671.",Released
20201126,CVE-2020-27749,7.5,6.7,1179264,grub2,https://www.suse.com/security/cve/CVE-2020-27749,"A flaw was found in grub2 in versions prior to 2.06. Variable names present are expanded in the supplied command line into their corresponding variable contents, using a 1kB stack buffer for temporary storage, without sufficient bounds checking. If the function is called with a command line that references a variable with a sufficiently large payload, it is possible to overflow the stack buffer, corrupt the stack frame and control execution which could also circumvent Secure Boot protections. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",Released
20201126,CVE-2020-27751,5.3,3.3,1179269,ImageMagick,https://www.suse.com/security/cve/CVE-2020-27751,"A flaw was found in ImageMagick in MagickCore/quantum-export.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned long long` as well as a shift exponent that is too large for 64-bit type. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0.",Released
20201126,CVE-2020-27757,5.3,3.3,1179268,ImageMagick,https://www.suse.com/security/cve/CVE-2020-27757,"A floating point math calculation in ScaleAnyToQuantum() of /MagickCore/quantum-private.h could lead to undefined behavior in the form of a value outside the range of type unsigned long long. The flaw could be triggered by a crafted input file under certain conditions when it is processed by ImageMagick. Red Hat Product Security marked this as Low because although it could potentially lead to an impact to application availability, no specific impact was shown in this case. This flaw affects ImageMagick versions prior to 7.0.8-68.",Released
20201126,CVE-2020-27760,7.5,5.5,1179281,ImageMagick,https://www.suse.com/security/cve/CVE-2020-27760,"In `GammaImage()` of /MagickCore/enhance.c, depending on the `gamma` value, it's possible to trigger a divide-by-zero condition when a crafted input file is processed by ImageMagick. This could lead to an impact to application availability. The patch uses the `PerceptibleReciprocal()` to prevent the divide-by-zero from occurring. This flaw affects ImageMagick versions prior to ImageMagick 7.0.8-68.",Released
20201126,CVE-2020-27779,7.5,7.5,1179265,grub2,https://www.suse.com/security/cve/CVE-2020-27779,"A flaw was found in grub2 in versions prior to 2.06. The cutmem command does not honor secure boot locking allowing an privileged attacker to remove address ranges from memory creating an opportunity to circumvent SecureBoot protections after proper triage about grub's memory layout. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",Released
20201127,CVE-2020-27752,5.3,7.1,1179202,ImageMagick,https://www.suse.com/security/cve/CVE-2020-27752,"A flaw was found in ImageMagick in MagickCore/quantum-private.h. An attacker who submits a crafted file that is processed by ImageMagick could trigger a heap buffer overflow. This would most likely lead to an impact to application availability, but could potentially lead to an impact to data integrity as well. This flaw affects ImageMagick versions prior to 7.0.9-0.",Released
20201127,CVE-2020-27754,5.3,3.3,1179313,ImageMagick,https://www.suse.com/security/cve/CVE-2020-27754,"In IntensityCompare() of /magick/quantize.c, there are calls to PixelPacketIntensity() which could return overflowed values to the caller when ImageMagick processes a crafted input file. To mitigate this, the patch introduces and uses the ConstrainPixelIntensity() function, which forces the pixel intensities to be within the proper bounds in the event of an overflow. This flaw affects ImageMagick versions prior to 6.9.10-69 and 7.0.8-69.",Released
20201127,CVE-2020-27755,5.3,3.3,1179345,ImageMagick,https://www.suse.com/security/cve/CVE-2020-27755,"in SetImageExtent() of /MagickCore/image.c, an incorrect image depth size can cause a memory leak because the code which checks for the proper image depth size does not reset the size in the event there is an invalid size. The patch resets the depth to a proper size before throwing an exception. The memory leak can be triggered by a crafted input file that is processed by ImageMagick and could cause an impact to application reliability, such as denial of service. This flaw affects ImageMagick versions prior to 7.0.9-0.",Released
20201127,CVE-2020-27759,5.3,3.3,1179313,ImageMagick,https://www.suse.com/security/cve/CVE-2020-27759,"In IntensityCompare() of /MagickCore/quantize.c, a double value was being casted to int and returned, which in some cases caused a value outside the range of type `int` to be returned. The flaw could be triggered by a crafted input file under certain conditions when processed by ImageMagick. Red Hat Product Security marked this as Low severity because although it could potentially lead to an impact to application availability, no specific impact was shown in this case. This flaw affects ImageMagick versions prior to 7.0.8-68.",Released
20201127,CVE-2020-27761,5.3,3.3,1179315,ImageMagick,https://www.suse.com/security/cve/CVE-2020-27761,"WritePALMImage() in /coders/palm.c used size_t casts in several areas of a calculation which could lead to values outside the range of representable type `unsigned long` undefined behavior when a crafted input file was processed by ImageMagick. The patch casts to `ssize_t` instead to avoid this issue. Red Hat Product Security marked the Severity as Low because although it could potentially lead to an impact to application availability, no specific impact was shown in this case. This flaw affects ImageMagick versions prior to ImageMagick 7.0.9-0.",Released
20201127,CVE-2020-27763,5.3,3.3,1179312,ImageMagick,https://www.suse.com/security/cve/CVE-2020-27763,"A flaw was found in ImageMagick in MagickCore/resize.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.8-68.",Released
20201127,CVE-2020-27765,5.3,3.3,1179311,ImageMagick,https://www.suse.com/security/cve/CVE-2020-27765,"A flaw was found in ImageMagick in MagickCore/segment.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0.",Released
20201127,CVE-2020-27767,5.3,3.3,1179268,ImageMagick,https://www.suse.com/security/cve/CVE-2020-27767,"A flaw was found in ImageMagick in MagickCore/quantum.h. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of types `float` and `unsigned char`. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0.",Released
20201127,CVE-2020-27768,5.3,3.3,1179339,ImageMagick,https://www.suse.com/security/cve/CVE-2020-27768,"In ImageMagick, there is an outside the range of representable values of type 'unsigned int' at MagickCore/quantum-private.h. This flaw affects ImageMagick versions prior to 7.0.9-0.",Released
20201127,CVE-2020-27769,5.3,3.3,1179321,ImageMagick,https://www.suse.com/security/cve/CVE-2020-27769,"In ImageMagick versions before 7.0.9-0, there are outside the range of representable values of type 'float' at MagickCore/quantize.c.",Released
20201127,CVE-2020-27771,5.3,3.3,1179327,ImageMagick,https://www.suse.com/security/cve/CVE-2020-27771,"In RestoreMSCWarning() of /coders/pdf.c there are several areas where calls to GetPixelIndex() could result in values outside the range of representable for the unsigned char type. The patch casts the return value of GetPixelIndex() to ssize_t type to avoid this bug. This undefined behavior could be triggered when ImageMagick processes a crafted pdf file. Red Hat Product Security marked this as Low severity because although it could potentially lead to an impact to application availability, no specific impact was demonstrated in this case. This flaw affects ImageMagick versions prior to 7.0.9-0.",Released
20201127,CVE-2020-27772,5.3,3.3,1179347,ImageMagick,https://www.suse.com/security/cve/CVE-2020-27772,"A flaw was found in ImageMagick in coders/bmp.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned int`. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0.",Released
20201127,CVE-2020-27775,5.3,3.3,1179338,ImageMagick,https://www.suse.com/security/cve/CVE-2020-27775,"A flaw was found in ImageMagick in MagickCore/quantum.h. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type unsigned char. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0.",Released
20201130,CVE-2020-27753,3.3,5.5,1179397,ImageMagick,https://www.suse.com/security/cve/CVE-2020-27753,"There are several memory leaks in the MIFF coder in /coders/miff.c due to improper image depth values, which can be triggered by a specially crafted input file. These leaks could potentially lead to an impact to application availability or cause a denial of service. It was originally reported that the issues were in `AcquireMagickMemory()` because that is where LeakSanitizer detected the leaks, but the patch resolves issues in the MIFF coder, which incorrectly handles data being passed to `AcquireMagickMemory()`. This flaw affects ImageMagick versions prior to 7.0.9-0.",Released
20201130,CVE-2020-8284,4.3,3.7,1179398,curl,https://www.suse.com/security/cve/CVE-2020-8284,"A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port, and this way potentially make curl extract information about services that are otherwise private and not disclosed, for example doing port scanning and service banner extractions.",Released
20201130,CVE-2020-8285,6.5,7.5,1179399,curl,https://www.suse.com/security/cve/CVE-2020-8285,"curl 7.21.0 to and including 7.73.0 is vulnerable to uncontrolled recursion due to a stack overflow issue in FTP wildcard match parsing.",Released
20201201,CVE-2020-29130,4.3,4.3,1178658,kvm,https://www.suse.com/security/cve/CVE-2020-29130,"slirp.c in libslirp through 4.3.1 has a buffer over-read because it tries to read a certain amount of header data even if that exceeds the total packet length.",Released
20201201,CVE-2020-29130,4.3,4.3,1178658,xen,https://www.suse.com/security/cve/CVE-2020-29130,"slirp.c in libslirp through 4.3.1 has a buffer over-read because it tries to read a certain amount of header data even if that exceeds the total packet length.",Released
20201202,CVE-2020-27783,6.1,6.1,1179534,python-lxml,https://www.suse.com/security/cve/CVE-2020-27783,"A XSS vulnerability was discovered in python-lxml's clean module. The module's parser didn't properly imitate browsers, which caused different behaviors between the sanitizer and the user's page. A remote attacker could exploit this flaw to run arbitrary HTML/JS code.",Released
20201204,CVE-2020-26555,5.4,5.4,1179610,kernel-bigmem,https://www.suse.com/security/cve/CVE-2020-26555,"Bluetooth legacy BR/EDR PIN code pairing in Bluetooth Core Specification 1.0B through 5.2 may permit an unauthenticated nearby device to spoof the BD_ADDR of the peer device to complete pairing without knowledge of the PIN.",Released
20201204,CVE-2020-26555,5.4,5.4,1179610,kernel-default,https://www.suse.com/security/cve/CVE-2020-26555,"Bluetooth legacy BR/EDR PIN code pairing in Bluetooth Core Specification 1.0B through 5.2 may permit an unauthenticated nearby device to spoof the BD_ADDR of the peer device to complete pairing without knowledge of the PIN.",Released
20201204,CVE-2020-26555,5.4,5.4,1179610,kernel-ec2,https://www.suse.com/security/cve/CVE-2020-26555,"Bluetooth legacy BR/EDR PIN code pairing in Bluetooth Core Specification 1.0B through 5.2 may permit an unauthenticated nearby device to spoof the BD_ADDR of the peer device to complete pairing without knowledge of the PIN.",Released
20201204,CVE-2020-26555,5.4,5.4,1179610,kernel-pae,https://www.suse.com/security/cve/CVE-2020-26555,"Bluetooth legacy BR/EDR PIN code pairing in Bluetooth Core Specification 1.0B through 5.2 may permit an unauthenticated nearby device to spoof the BD_ADDR of the peer device to complete pairing without knowledge of the PIN.",Released
20201204,CVE-2020-26555,5.4,5.4,1179610,kernel-ppc64,https://www.suse.com/security/cve/CVE-2020-26555,"Bluetooth legacy BR/EDR PIN code pairing in Bluetooth Core Specification 1.0B through 5.2 may permit an unauthenticated nearby device to spoof the BD_ADDR of the peer device to complete pairing without knowledge of the PIN.",Released
20201204,CVE-2020-26555,5.4,5.4,1179610,kernel-source,https://www.suse.com/security/cve/CVE-2020-26555,"Bluetooth legacy BR/EDR PIN code pairing in Bluetooth Core Specification 1.0B through 5.2 may permit an unauthenticated nearby device to spoof the BD_ADDR of the peer device to complete pairing without knowledge of the PIN.",Released
20201204,CVE-2020-26555,5.4,5.4,1179610,kernel-syms,https://www.suse.com/security/cve/CVE-2020-26555,"Bluetooth legacy BR/EDR PIN code pairing in Bluetooth Core Specification 1.0B through 5.2 may permit an unauthenticated nearby device to spoof the BD_ADDR of the peer device to complete pairing without knowledge of the PIN.",Released
20201204,CVE-2020-26555,5.4,5.4,1179610,kernel-trace,https://www.suse.com/security/cve/CVE-2020-26555,"Bluetooth legacy BR/EDR PIN code pairing in Bluetooth Core Specification 1.0B through 5.2 may permit an unauthenticated nearby device to spoof the BD_ADDR of the peer device to complete pairing without knowledge of the PIN.",Released
20201204,CVE-2020-26555,5.4,5.4,1179610,kernel-xen,https://www.suse.com/security/cve/CVE-2020-26555,"Bluetooth legacy BR/EDR PIN code pairing in Bluetooth Core Specification 1.0B through 5.2 may permit an unauthenticated nearby device to spoof the BD_ADDR of the peer device to complete pairing without knowledge of the PIN.",Released
20201204,CVE-2020-27786,7.8,7.8,1179601,kernel-source,https://www.suse.com/security/cve/CVE-2020-27786,"A flaw was found in the Linux kernel’s implementation of MIDI, where an attacker with a local account and the permissions to issue ioctl commands to midi devices could trigger a use-after-free issue. A write to this specific memory while freed and before use causes the flow of execution to change and possibly allow for memory corruption or privilege escalation. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.",Released
20201204,CVE-2020-27820,3.1,4.7,1179599,kernel-source,https://www.suse.com/security/cve/CVE-2020-27820,"A vulnerability was found in Linux kernel, where a use-after-frees in nouveau's postclose() handler could happen if removing device (that is not common to remove video card physically without power-off, but same happens if \"unbind\" the driver).",Released
20201207,CVE-2020-29562,6.5,4.8,1179694,glibc,https://www.suse.com/security/cve/CVE-2020-29562,"The iconv function in the GNU C Library (aka glibc or libc6) 2.30 to 2.32, when converting UCS4 text containing an irreversible character, fails an assertion in the code path and aborts the program, potentially resulting in a denial of service.",Released
20201207,CVE-2020-29573,7.5,7.5,1179721,glibc,https://www.suse.com/security/cve/CVE-2020-29573,"sysdeps/i386/ldbl2mpn.c in the GNU C Library (aka glibc or libc6) before 2.23 on x86 targets has a stack-based buffer overflow if the input to any of the printf family of functions is an 80-bit long double with a non-canonical bit pattern, as seen when passing a \x00\x04\x00\x00\x00\x00\x00\x00\x00\x04 value to sprintf. NOTE: the issue does not affect glibc by default in 2016 or later (i.e., 2.23 or later) because of commits made in 2015 for inlining of C99 math functions through use of GCC built-ins. In other words, the reference to 2.23 is intentional despite the mention of \"Fixed for glibc 2.33\" in the 26649 reference.",Released
20201208,CVE-2020-27828,7.8,7.8,1179748,jasper,https://www.suse.com/security/cve/CVE-2020-27828,"There's a flaw in jasper's jpc encoder in versions prior to 2.0.23. Crafted input provided to jasper by an attacker could cause an arbitrary out-of-bounds write. This could potentially affect data confidentiality, integrity, or application availability.",Released
20201208,CVE-2020-29480,3.8,2.3,1178658,xen,https://www.suse.com/security/cve/CVE-2020-29480,"An issue was discovered in Xen through 4.14.x. Neither xenstore implementation does any permission checks when reporting a xenstore watch event. A guest administrator can watch the root xenstored node, which will cause notifications for every created, modified, and deleted key. A guest administrator can also use the special watches, which will cause a notification every time a domain is created and destroyed. Data may include: number, type, and domids of other VMs; existence and domids of driver domains; numbers of virtual interfaces, block devices, vcpus; existence of virtual framebuffers and their backend style (e.g., existence of VNC service); Xen VM UUIDs for other domains; timing information about domain creation and device setup; and some hints at the backend provisioning of VMs and their devices. The watch events do not contain values stored in xenstore, only key names. A guest administrator can observe non-sensitive domain and device lifecycle events relating to other guests. This information allows some insight into overall system configuration (including the number and general nature of other guests), and configuration of other guests (including the number and general nature of other guests' devices). This information might be commercially interesting or might make other attacks easier. There is not believed to be exposure of sensitive data. Specifically, there is no exposure of VNC passwords, port numbers, pathnames in host and guest filesystems, cryptographic keys, or within-guest data.",Released
20201208,CVE-2020-29481,6.5,8.8,1176349,xen,https://www.suse.com/security/cve/CVE-2020-29481,"An issue was discovered in Xen through 4.14.x. Access rights of Xenstore nodes are per domid. Unfortunately, existing granted access rights are not removed when a domain is being destroyed. This means that a new domain created with the same domid will inherit the access rights to Xenstore nodes from the previous domain(s) with the same domid. Because all Xenstore entries of a guest below /local/domain/<domid> are being deleted by Xen tools when a guest is destroyed, only Xenstore entries of other guests still running are affected. For example, a newly created guest domain might be able to read sensitive information that had belonged to a previously existing guest domain. Both Xenstore implementations (C and Ocaml) are vulnerable.",Released
20201208,CVE-2020-29483,6.5,6.5,1178658,xen,https://www.suse.com/security/cve/CVE-2020-29483,"An issue was discovered in Xen through 4.14.x. Xenstored and guests communicate via a shared memory page using a specific protocol. When a guest violates this protocol, xenstored will drop the connection to that guest. Unfortunately, this is done by just removing the guest from xenstored's internal management, resulting in the same actions as if the guest had been destroyed, including sending an @releaseDomain event. @releaseDomain events do not say that the guest has been removed. All watchers of this event must look at the states of all guests to find the guest that has been removed. When an @releaseDomain is generated due to a domain xenstored protocol violation, because the guest is still running, the watchers will not react. Later, when the guest is actually destroyed, xenstored will no longer have it stored in its internal data base, so no further @releaseDomain event will be sent. This can lead to a zombie domain; memory mappings of that guest's memory will not be removed, due to the missing event. This zombie domain will be cleaned up only after another domain is destroyed, as that will trigger another @releaseDomain event. If the device model of the guest that violated the Xenstore protocol is running in a stub-domain, a use-after-free case could happen in xenstored, after having removed the guest from its internal data base, possibly resulting in a crash of xenstored. A malicious guest can block resources of the host for a period after its own death. Guests with a stub domain device model can eventually crash xenstored, resulting in a more serious denial of service (the prevention of any further domain management operations). Only the C variant of Xenstore is affected; the Ocaml variant is not affected. Only HVM guests with a stubdom device model can cause a serious DoS.",Released
20201208,CVE-2020-29484,6.5,6,1178658,xen,https://www.suse.com/security/cve/CVE-2020-29484,"An issue was discovered in Xen through 4.14.x. When a Xenstore watch fires, the xenstore client that registered the watch will receive a Xenstore message containing the path of the modified Xenstore entry that triggered the watch, and the tag that was specified when registering the watch. Any communication with xenstored is done via Xenstore messages, consisting of a message header and the payload. The payload length is limited to 4096 bytes. Any request to xenstored resulting in a response with a payload longer than 4096 bytes will result in an error. When registering a watch, the payload length limit applies to the combined length of the watched path and the specified tag. Because watches for a specific path are also triggered for all nodes below that path, the payload of a watch event message can be longer than the payload needed to register the watch. A malicious guest that registers a watch using a very large tag (i.e., with a registration operation payload length close to the 4096 byte limit) can cause the generation of watch events with a payload length larger than 4096 bytes, by writing to Xenstore entries below the watched path. This will result in an error condition in xenstored. This error can result in a NULL pointer dereference, leading to a crash of xenstored. A malicious guest administrator can cause xenstored to crash, leading to a denial of service. Following a xenstored crash, domains may continue to run, but management operations will be impossible. Only C xenstored is affected, oxenstored is not affected.",Released
20201208,CVE-2020-29566,6.5,5.5,1178658,xen,https://www.suse.com/security/cve/CVE-2020-29566,"An issue was discovered in Xen through 4.14.x. When they require assistance from the device model, x86 HVM guests must be temporarily de-scheduled. The device model will signal Xen when it has completed its operation, via an event channel, so that the relevant vCPU is rescheduled. If the device model were to signal Xen without having actually completed the operation, the de-schedule / re-schedule cycle would repeat. If, in addition, Xen is resignalled very quickly, the re-schedule may occur before the de-schedule was fully complete, triggering a shortcut. This potentially repeating process uses ordinary recursive function calls, and thus could result in a stack overflow. A malicious or buggy stubdomain serving a HVM guest can cause Xen to crash, resulting in a Denial of Service (DoS) to the entire host. Only x86 systems are affected. Arm systems are not affected. Only x86 stubdomains serving HVM guests can exploit the vulnerability.",Released
20201208,CVE-2020-29568,6.5,6.5,1179508,kernel-source,https://www.suse.com/security/cve/CVE-2020-29568,"An issue was discovered in Xen through 4.14.x. Some OSes (such as Linux, FreeBSD, and NetBSD) are processing watch events using a single thread. If the events are received faster than the thread is able to handle, they will get queued. As the queue is unbounded, a guest may be able to trigger an OOM in the backend. All systems with a FreeBSD, Linux, or NetBSD (any version) dom0 are vulnerable.",Unsupported
20201208,CVE-2020-29569,8.8,8.8,1179509,kernel-source,https://www.suse.com/security/cve/CVE-2020-29569,"An issue was discovered in the Linux kernel through 5.10.1, as used with Xen through 4.14.x. The Linux kernel PV block backend expects the kernel thread handler to reset ring->xenblkd to NULL when stopped. However, the handler may not have time to run if the frontend quickly toggles between the states connect and disconnect. As a consequence, the block backend may re-use a pointer after it was freed. A misbehaving guest can trigger a dom0 crash by continuously connecting / disconnecting a block frontend. Privilege escalation and information leaks cannot be ruled out. This only affects systems with a Linux blkback.",Unsupported
20201208,CVE-2020-29570,6.5,6.2,1179514,xen,https://www.suse.com/security/cve/CVE-2020-29570,"An issue was discovered in Xen through 4.14.x. Recording of the per-vCPU control block mapping maintained by Xen and that of pointers into the control block is reversed. The consumer assumes, seeing the former initialized, that the latter are also ready for use. Malicious or buggy guest kernels can mount a Denial of Service (DoS) attack affecting the entire system.",Released
20201208,CVE-2020-29571,6.5,6.2,1179516,xen,https://www.suse.com/security/cve/CVE-2020-29571,"An issue was discovered in Xen through 4.14.x. A bounds check common to most operation time functions specific to FIFO event channels depends on the CPU observing consistent state. While the producer side uses appropriately ordered writes, the consumer side isn't protected against re-ordered reads, and may hence end up de-referencing a NULL pointer. Malicious or buggy guest kernels can mount a Denial of Service (DoS) attack affecting the entire system. Only Arm systems may be vulnerable. Whether a system is vulnerable depends on the specific CPU. x86 systems are not vulnerable.",Released
20201209,CVE-2020-24489,8.8,8.8,1179839,microcode_ctl,https://www.suse.com/security/cve/CVE-2020-24489,"Incomplete cleanup in some Intel(R) VT-d products may allow an authenticated user to potentially enable escalation of privilege via local access.",Released
20201209,CVE-2020-24511,5.6,6.5,1179836,microcode_ctl,https://www.suse.com/security/cve/CVE-2020-24511,"Improper isolation of shared resources in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.",Released
20201209,CVE-2020-24512,2.8,3.3,1179837,microcode_ctl,https://www.suse.com/security/cve/CVE-2020-24512,"Observable timing discrepancy in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.",Released
20201209,CVE-2020-24513,5.6,6.5,1179833,microcode_ctl,https://www.suse.com/security/cve/CVE-2020-24513,"Domain-bypass transient execution vulnerability in some Intel Atom(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.",Released
20201209,CVE-2020-27781,7.3,7.1,1179802,ceph,https://www.suse.com/security/cve/CVE-2020-27781,"User credentials can be manipulated and stolen by Native CephFS consumers of OpenStack Manila, resulting in potential privilege escalation. An Open Stack Manila user can request access to a share to an arbitrary cephx user, including existing users. The access key is retrieved via the interface drivers. Then, all users of the requesting OpenStack project can view the access key. This enables the attacker to target any resource that the user has access to. This can be done to even \"admin\" users, compromising the ceph administrator. This flaw affects Ceph versions prior to 14.2.16, 15.x prior to 15.2.8, and 16.x prior to 16.2.0.",Won't fix
20201209,CVE-2020-29660,7.4,4.4,1179745,kernel-source,https://www.suse.com/security/cve/CVE-2020-29660,"A locking inconsistency issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c may allow a read-after-free attack against TIOCGSID, aka CID-c8bcd9c5be24.",Released
20201209,CVE-2020-29661,7.4,7.8,1179745,kernel-source,https://www.suse.com/security/cve/CVE-2020-29661,"A locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_jobctrl.c allows a use-after-free attack against TIOCSPGRP, aka CID-54ffccbf053b.",Released
20201210,CVE-2020-13987,8.2,7.5,1179907,open-iscsi,https://www.suse.com/security/cve/CVE-2020-13987,"An issue was discovered in Contiki through 3.0. An Out-of-Bounds Read vulnerability exists in the uIP TCP/IP Stack component when calculating the checksums for IP packets in upper_layer_chksum in net/ipv4/uip.c.",Unsupported
20201210,CVE-2020-13988,7.5,7.5,1179907,open-iscsi,https://www.suse.com/security/cve/CVE-2020-13988,"An issue was discovered in Contiki through 3.0. An Integer Overflow exists in the uIP TCP/IP Stack component when parsing TCP MSS options of IPv4 network packets in uip_process in net/ipv4/uip.c.",Unsupported
20201210,CVE-2020-16587,5.3,5.5,1179879,OpenEXR,https://www.suse.com/security/cve/CVE-2020-16587,"A heap-based buffer overflow vulnerability exists in Academy Software Foundation OpenEXR 2.3.0 in chunkOffsetReconstruction in ImfMultiPartInputFile.cpp that can cause a denial of service via a crafted EXR file.",Released
20201210,CVE-2020-16588,,5.5,1179879,OpenEXR,https://www.suse.com/security/cve/CVE-2020-16588,"A Null Pointer Deference issue exists in Academy Software Foundation OpenEXR 2.3.0 in generatePreview in makePreview.cpp that can cause a denial of service via a crafted EXR file.",Released
20201210,CVE-2020-16589,,5.5,1179879,OpenEXR,https://www.suse.com/security/cve/CVE-2020-16589,"A head-based buffer overflow exists in Academy Software Foundation OpenEXR 2.3.0 in writeTileData in ImfTiledOutputFile.cpp that can cause a denial of service via a crafted EXR file.",Released
20201210,CVE-2020-16592,5.5,5.5,1179900,binutils,https://www.suse.com/security/cve/CVE-2020-16592,"A use after free issue exists in the Binary File Descriptor (BFD) library (aka libbfd) in GNU Binutils 2.34 in bfd_hash_lookup, as demonstrated in nm-new, that can cause a denial of service via a crafted file.",Unsupported
20201210,CVE-2020-16598,5.5,5.5,1179902,binutils,https://www.suse.com/security/cve/CVE-2020-16598,"** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.",Unsupported
20201210,CVE-2020-17437,5.3,8.2,1179907,open-iscsi,https://www.suse.com/security/cve/CVE-2020-17437,"An issue was discovered in uIP 1.0, as used in Contiki 3.0 and other products. When the Urgent flag is set in a TCP packet, and the stack is configured to ignore the urgent data, the stack attempts to use the value of the Urgent pointer bytes to separate the Urgent data from the normal data, by calculating the offset at which the normal data should be present in the global buffer. However, the length of this offset is not checked; therefore, for large values of the Urgent pointer bytes, the data pointer can point to memory that is way beyond the data buffer in uip_process in uip.c.",Unsupported
20201210,CVE-2020-17438,7,9.8,1179907,open-iscsi,https://www.suse.com/security/cve/CVE-2020-17438,"An issue was discovered in uIP 1.0, as used in Contiki 3.0 and other products. The code that reassembles fragmented packets fails to properly validate the total length of an incoming packet specified in its IP header, as well as the fragmentation offset value specified in the IP header. By crafting a packet with specific values of the IP header length and the fragmentation offset, attackers can write into the .bss section of the program (past the statically allocated buffer that is used for storing the fragmented data) and cause a denial of service in uip_reass() in uip.c, or possibly execute arbitrary code on some target architectures.",Unsupported
20201211,CVE-2020-26421,5.9,5.3,1179933,wireshark,https://www.suse.com/security/cve/CVE-2020-26421,"Crash in USB HID protocol dissector and possibly other dissectors in Wireshark 3.4.0 and 3.2.0 to 3.2.8 allows denial of service via packet injection or crafted capture file.",Affected
20201214,CVE-2020-27839,4,5.4,1179997,ceph,https://www.suse.com/security/cve/CVE-2020-27839,"A flaw was found in ceph-dashboard. The JSON Web Token (JWT) used for user authentication is stored by the frontend application in the browser’s localStorage which is potentially vulnerable to attackers via XSS attacks. The highest threat from this vulnerability is to data confidentiality and integrity.",Unsupported
20201215,CVE-2020-0465,8.4,6.8,1180029,kernel-source,https://www.suse.com/security/cve/CVE-2020-0465,"In various methods of hid-multitouch.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-162844689References: Upstream kernel",Released
20201216,CVE-2020-27066,6.7,6.7,1180098,kernel-source,https://www.suse.com/security/cve/CVE-2020-27066,"In xfrm6_tunnel_free_spi of net/ipv6/xfrm6_tunnel.c, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-168043318",Ignore
20201216,CVE-2020-27068,5.3,9.8,1180086,kernel-source,https://www.suse.com/security/cve/CVE-2020-27068,"Product: AndroidVersions: Android kernelAndroid ID: A-127973231References: Upstream kernel",Released
20201218,CVE-2020-14394,3.2,3.2,1180207,kvm,https://www.suse.com/security/cve/CVE-2020-14394,"An infinite loop flaw was found in the USB xHCI controller emulation of QEMU while computing the length of the Transfer Request Block (TRB) Ring. This flaw allows a privileged guest user to hang the QEMU process on the host, resulting in a denial of service.",Affected
20201226,CVE-2010-1129,-1,-1,1180370,php53,https://www.suse.com/security/cve/CVE-2010-1129,"The safe_mode implementation in PHP before 5.2.13 does not properly handle directory pathnames that lack a trailing / (slash) character, which allows context-dependent attackers to bypass intended access restrictions via vectors related to use of the tempnam function.",Already fixed
20201226,CVE-2010-1130,-1,-1,1180370,php53,https://www.suse.com/security/cve/CVE-2010-1130,"session.c in the session extension in PHP before 5.2.13, and 5.3.1, does not properly interpret ; (semicolon) characters in the argument to the session_save_path function, which allows context-dependent attackers to bypass open_basedir and safe_mode restrictions via an argument that contains multiple ; characters in conjunction with a .. (dot dot).",Already fixed
20201226,CVE-2015-9679,-1,-1,917799,cups,https://www.suse.com/security/cve/CVE-2015-9679,"",Released
20201228,CVE-2013-6336,-1,-1,848738,wireshark,https://www.suse.com/security/cve/CVE-2013-6336,"The ieee802154_map_rec function in epan/dissectors/packet-ieee802154.c in the IEEE 802.15.4 dissector in Wireshark 1.8.x before 1.8.11 and 1.10.x before 1.10.3 uses an incorrect pointer chain, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.",Released
20201228,CVE-2013-6338,-1,-1,848738,wireshark,https://www.suse.com/security/cve/CVE-2013-6338,"The dissect_sip_common function in epan/dissectors/packet-sip.c in the SIP dissector in Wireshark 1.8.x before 1.8.11 and 1.10.x before 1.10.3 does not properly initialize a data structure, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.",Released
20201228,CVE-2013-6339,-1,-1,848738,wireshark,https://www.suse.com/security/cve/CVE-2013-6339,"The dissect_openwire_type function in epan/dissectors/packet-openwire.c in the OpenWire dissector in Wireshark 1.8.x before 1.8.11 and 1.10.x before 1.10.3 allows remote attackers to cause a denial of service (loop) via a crafted packet.",Released
20201228,CVE-2013-6340,-1,-1,848738,wireshark,https://www.suse.com/security/cve/CVE-2013-6340,"epan/dissectors/packet-tcp.c in the TCP dissector in Wireshark 1.8.x before 1.8.11 and 1.10.x before 1.10.3 does not properly determine the amount of remaining data, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.",Released
20201228,CVE-2020-20412,5.9,6.5,1180395,libvorbis,https://www.suse.com/security/cve/CVE-2020-20412,"lib/codebook.c in libvorbis before 1.3.6, as used in StepMania 5.0.12 and other products, has insufficient array bounds checking via a crafted OGG file. NOTE: this may overlap CVE-2018-5146.",Unsupported
20201228,CVE-2020-35376,5.5,7.5,1180400,poppler,https://www.suse.com/security/cve/CVE-2020-35376,"Xpdf 4.02 allows stack consumption because of an incorrect subroutine reference in a Type 1C font charstring, related to the FoFiType1C::getOp() function.",Unsupported
20201228,CVE-2020-35738,8.1,6.1,1180414,wavpack,https://www.suse.com/security/cve/CVE-2020-35738,"WavPack 5.3.0 has an out-of-bounds write in WavpackPackSamples in pack_utils.c because of an integer overflow in a malloc argument. NOTE: some third-parties claim that there are later \"unofficial\" releases through 5.3.2, which are also affected.",Released
20201229,CVE-2020-35504,5.5,6,1180433,kvm,https://www.suse.com/security/cve/CVE-2020-35504,"A NULL pointer dereference flaw was found in the SCSI emulation support of QEMU in versions before 6.0.0. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability.",Unsupported
20201229,CVE-2020-35505,4.4,4.4,1180434,kvm,https://www.suse.com/security/cve/CVE-2020-35505,"A NULL pointer dereference flaw was found in the am53c974 SCSI host bus adapter emulation of QEMU in versions before 6.0.0. This issue occurs while handling the 'Information Transfer' command. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability.",Unsupported
20201229,CVE-2020-35506,5.6,6.7,1180435,kvm,https://www.suse.com/security/cve/CVE-2020-35506,"A use-after-free vulnerability was found in the am53c974 SCSI host bus adapter emulation of QEMU in versions before 6.0.0 during the handling of the 'Information Transfer' command (CMD_TI). This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service or potential code execution with the privileges of the QEMU process.",Unsupported
20201230,CVE-2020-35493,5.5,5.5,1180451,binutils,https://www.suse.com/security/cve/CVE-2020-35493,"A flaw exists in binutils in bfd/pef.c. An attacker who is able to submit a crafted PEF file to be parsed by objdump could cause a heap buffer overflow -> out-of-bounds read that could lead to an impact to application availability. This flaw affects binutils versions prior to 2.34.",Unsupported
20201230,CVE-2020-35495,5.5,5.5,1180453,binutils,https://www.suse.com/security/cve/CVE-2020-35495,"There's a flaw in binutils /bfd/pef.c. An attacker who is able to submit a crafted input file to be processed by the objdump program could cause a null pointer dereference. The greatest threat from this flaw is to application availability. This flaw affects binutils versions prior to 2.34.",Unsupported
20201230,CVE-2020-35496,5.5,5.5,1180454,binutils,https://www.suse.com/security/cve/CVE-2020-35496,"There's a flaw in bfd_pef_scan_start_address() of bfd/pef.c in binutils which could allow an attacker who is able to submit a crafted file to be processed by objdump to cause a NULL pointer dereference. The greatest threat of this flaw is to application availability. This flaw affects binutils versions prior to 2.34.",Unsupported
20201230,CVE-2020-35507,5.5,5.5,1180461,binutils,https://www.suse.com/security/cve/CVE-2020-35507,"There's a flaw in bfd_pef_parse_function_stubs of bfd/pef.c in binutils in versions prior to 2.34 which could allow an attacker who is able to submit a crafted file to be processed by objdump to cause a NULL pointer dereference. The greatest threat of this flaw is to application availability.",Unsupported
20210102,CVE-1999-0103,-1,-1,825985,krb5,https://www.suse.com/security/cve/CVE-1999-0103,"Echo and chargen, or other combinations of UDP services, can be used in tandem to flood the server, a.k.a. UDP bomb or UDP packet storm.",Released
20210103,CVE-2011-0444,-1,-1,664229,wireshark,https://www.suse.com/security/cve/CVE-2011-0444,"Buffer overflow in the MAC-LTE dissector (epan/dissectors/packet-mac-lte.c) in Wireshark 1.2.0 through 1.2.13 and 1.4.0 through 1.4.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large number of RARs.",Released
20210103,CVE-2011-0445,-1,-1,664229,wireshark,https://www.suse.com/security/cve/CVE-2011-0445,"The ASN.1 BER dissector in Wireshark 1.4.0 through 1.4.2 allows remote attackers to cause a denial of service (assertion failure) via crafted packets, as demonstrated by fuzz-2010-12-30-28473.pcap.",Released
20210104,CVE-2020-10001,,5.5,1170671,cups,https://www.suse.com/security/cve/CVE-2020-10001,"An input validation issue was addressed with improved memory handling. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave. A malicious application may be able to read restricted memory.",Released
20210104,CVE-2020-11947,5.5,3.8,1180523,kvm,https://www.suse.com/security/cve/CVE-2020-11947,"iscsi_aio_ioctl_cb in block/iscsi.c in QEMU 4.1.0 has a heap-based buffer over-read that may disclose unrelated information from process memory to an attacker.",Released
20210105,CVE-2020-36158,8.8,8.8,1180559,kernel-source,https://www.suse.com/security/cve/CVE-2020-36158,"mwifiex_cmd_802_11_ad_hoc_start in drivers/net/wireless/marvell/mwifiex/join.c in the Linux kernel through 5.10.4 might allow remote attackers to execute arbitrary code via a long SSID value, aka CID-5c455c5ab332.",Released
20210108,CVE-2020-7071,5.3,5.3,1180706,php53,https://www.suse.com/security/cve/CVE-2020-7071,"In PHP versions 7.3.x below 7.3.26, 7.4.x below 7.4.14 and 8.0.0, when validating URL with functions like filter_var($url, FILTER_VALIDATE_URL), PHP will accept an URL with invalid password as valid URL. This may lead to functions that rely on URL being valid to mis-parse the URL and produce wrong data as components of the URL.",Released
20210114,CVE-2021-24122,5.9,5.9,1180947,tomcat6,https://www.suse.com/security/cve/CVE-2021-24122,"When serving resources from a network location using the NTFS file system, Apache Tomcat versions 10.0.0-M1 to 10.0.0-M9, 9.0.0.M1 to 9.0.39, 8.5.0 to 8.5.59 and 7.0.0 to 7.0.106 were susceptible to JSP source code disclosure in some configurations. The root cause was the unexpected behaviour of the JRE API File.getCanonicalPath() which in turn was caused by the inconsistent behaviour of the Windows API (FindFirstFileW) in some circumstances.",Released
20210119,CVE-2020-29443,3.9,3.9,1181108,kvm,https://www.suse.com/security/cve/CVE-2020-29443,"ide_atapi_cmd_reply_end in hw/ide/atapi.c in QEMU 5.1.0 allows out-of-bounds read access because a buffer index is not validated.",Released
20210119,CVE-2021-20193,3.3,5.5,1181131,tar,https://www.suse.com/security/cve/CVE-2021-20193,"A flaw was found in the src/list.c of tar 1.33 and earlier. This flaw allows an attacker who can submit a crafted input file to tar to cause uncontrolled consumption of memory. The highest threat from this vulnerability is to system availability.",Released
20210119,CVE-2021-3177,5.9,9.8,1181126,python,https://www.suse.com/security/cve/CVE-2021-3177,"Python 3.x through 3.9.1 has a buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution in certain Python applications that accept floating-point numbers as untrusted input, as demonstrated by a 1e300 argument to c_double.from_param. This occurs because sprintf is used unsafely.",Released
20210120,CVE-2021-3178,5.7,6.5,1181162,kernel-source,https://www.suse.com/security/cve/CVE-2021-3178,"** DISPUTED ** fs/nfsd/nfs3xdr.c in the Linux kernel through 5.10.8, when there is an NFS export of a subdirectory of a filesystem, allows remote attackers to traverse to other parts of the filesystem via READDIRPLUS. NOTE: some parties argue that such a subdirectory export is not intended to prevent this attack; see also the exports(5) no_subtree_check default behavior.",Ignore
20210121,CVE-2020-14409,7.8,7.8,1181202,SDL,https://www.suse.com/security/cve/CVE-2020-14409,"SDL (Simple DirectMedia Layer) through 2.0.12 has an Integer Overflow (and resultant SDL_memcpy heap corruption) in SDL_BlitCopy in video/SDL_blit_copy.c via a crafted .BMP file.",Released
20210121,CVE-2020-14410,7.8,5.4,1181201,SDL,https://www.suse.com/security/cve/CVE-2020-14410,"SDL (Simple DirectMedia Layer) through 2.0.12 has a heap-based buffer over-read in Blit_3or4_to_3or4__inversed_rgb in video/SDL_blit_N.c via a crafted .BMP file.",Released
20210121,CVE-2021-3181,6.5,6.5,1181221,mutt,https://www.suse.com/security/cve/CVE-2021-3181,"rfc822.c in Mutt through 2.0.4 allows remote attackers to cause a denial of service (mailbox unavailability) by sending email messages with sequences of semicolon characters in RFC822 address fields (aka terminators of empty groups). A small email message from the attacker can cause large memory consumption, and the victim may then be unable to see email messages from other persons.",Released
20210127,CVE-2021-20197,6.3,6.3,1181452,binutils,https://www.suse.com/security/cve/CVE-2021-20197,"There is an open race window when writing output in the following utilities in GNU binutils version 2.35 and earlier:ar, objcopy, strip, ranlib. When these utilities are run as a privileged user (presumably as part of a script updating binaries across different users), an unprivileged user can trick these utilities into getting ownership of arbitrary files through a symlink.",Unsupported
20210127,CVE-2021-3272,4,5.5,1181483,jasper,https://www.suse.com/security/cve/CVE-2021-3272,"jp2_decode in jp2/jp2_dec.c in libjasper in JasPer 2.0.24 has a heap-based buffer over-read when there is an invalid relationship between the number of channels and the number of image components.",Released
20210128,CVE-2021-3326,6.2,7.5,1181505,glibc,https://www.suse.com/security/cve/CVE-2021-3326,"The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid input sequences in the ISO-2022-JP-3 encoding, fails an assertion in the code path and aborts the program, potentially resulting in a denial of service.",Released
20210129,CVE-2021-3347,8.4,7.8,1181349,kernel-source,https://www.suse.com/security/cve/CVE-2021-3347,"An issue was discovered in the Linux kernel through 5.10.11. PI futexes have a kernel stack use-after-free during fault handling, allowing local users to execute code in the kernel, aka CID-34b1a1ce1458.",Released
20210202,CVE-2021-20201,6.8,5.3,1181686,spice,https://www.suse.com/security/cve/CVE-2021-20201,"A flaw was found in spice in versions before 0.14.92. A DoS tool might make it easier for remote attackers to cause a denial of service (CPU consumption) by performing many renegotiations within a single connection.",Released
20210205,CVE-2021-20176,5.3,5.5,1181836,ImageMagick,https://www.suse.com/security/cve/CVE-2021-20176,"A divide-by-zero flaw was found in ImageMagick 6.9.11-57 and 7.0.10-57 in gem.c. This flaw allows an attacker who submits a crafted file that is processed by ImageMagick to trigger undefined behavior through a division by zero. The highest threat from this vulnerability is to system availability.",Released
20210208,CVE-2021-20221,5.3,6,1181933,kvm,https://www.suse.com/security/cve/CVE-2021-20221,"An out-of-bounds heap buffer access issue was found in the ARM Generic Interrupt Controller emulator of QEMU up to and including qemu 4.2.0on aarch64 platform. The issue occurs because while writing an interrupt ID to the controller memory area, it is not masked to be 4 bits wide. It may lead to the said issue while updating controller state fields and their subsequent processing. A privileged guest user may use this flaw to crash the QEMU process on the host resulting in DoS scenario.",Released
20210208,CVE-2021-26720,7.8,7.8,1180827,avahi,https://www.suse.com/security/cve/CVE-2021-26720,"avahi-daemon-check-dns.sh in the Debian avahi package through 0.8-4 is executed as root via /etc/network/if-up.d/avahi-daemon, and allows a local attacker to cause a denial of service or create arbitrary empty files via a symlink attack on files under /run/avahi-daemon. NOTE: this only affects the packaging for Debian GNU/Linux (used indirectly by SUSE), not the upstream Avahi product.",Already fixed
20210210,CVE-2021-21702,7.5,7.5,1182049,php53,https://www.suse.com/security/cve/CVE-2021-21702,"In PHP versions 7.3.x below 7.3.27, 7.4.x below 7.4.15 and 8.0.x below 8.0.2, when using SOAP extension to connect to a SOAP server, a malicious SOAP server could return malformed XML data as a response that would cause PHP to access a null pointer and thus cause a crash.",Released
20210211,CVE-2019-25013,5.3,5.9,1182117,glibc,https://www.suse.com/security/cve/CVE-2019-25013,"The iconv feature in the GNU C Library (aka glibc or libc6) through 2.32, when processing invalid multi-byte input sequences in the EUC-KR encoding, may have a buffer over-read.",Released
20210211,CVE-2019-9192,2.8,7.5,1182116,glibc,https://www.suse.com/security/cve/CVE-2019-9192,"** DISPUTED ** In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\\1\\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern.",Ignore
20210211,CVE-2021-20181,7.5,7.5,1182137,kvm,https://www.suse.com/security/cve/CVE-2021-20181,"A race condition flaw was found in the 9pfs server implementation of QEMU up to and including 5.2.0. This flaw allows a malicious 9p client to cause a use-after-free error, potentially escalating their privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity as well as system availability.",Released
20210211,CVE-2021-20200,,,1179432,kernel-source,https://www.suse.com/security/cve/CVE-2021-20200,"** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.",Ignore
20210211,CVE-2021-26926,5.1,7.1,1182105,jasper,https://www.suse.com/security/cve/CVE-2021-26926,"A flaw was found in jasper before 2.0.25. An out of bounds read issue was found in jp2_decode function whic may lead to disclosure of information or program crash.",Released
20210211,CVE-2021-26927,4,5.5,1182104,jasper,https://www.suse.com/security/cve/CVE-2021-26927,"A flaw was found in jasper before 2.0.25. A null pointer dereference in jp2_decode in jp2_dec.c may lead to program crash and denial of service.",Released
20210211,CVE-2021-26931,6.5,5.5,1181753,kernel-source,https://www.suse.com/security/cve/CVE-2021-26931,"An issue was discovered in the Linux kernel 2.6.39 through 5.10.16, as used in Xen. Block, net, and SCSI backends consider certain errors a plain bug, deliberately causing a kernel crash. For errors potentially being at least under the influence of guests (such as out of memory conditions), it isn't correct to assume a plain bug. Memory allocations potentially causing such crashes occur only when Linux is running in PV mode, though. This affects drivers/block/xen-blkback/blkback.c and drivers/xen/xen-scsiback.c.",Unsupported
20210211,CVE-2021-27135,7.5,9.8,1182091,xterm,https://www.suse.com/security/cve/CVE-2021-27135,"xterm before Patch #366 allows remote attackers to execute arbitrary code or cause a denial of service (segmentation fault) via a crafted UTF-8 combining character sequence.",Released
20210212,CVE-2020-27221,9.8,9.8,1182186,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2020-27221,"In Eclipse OpenJ9 up to and including version 0.23, there is potential for a stack-based buffer overflow when the virtual machine or JNI natives are converting from UTF-8 characters to platform encoding.",Released
20210215,CVE-2020-8625,8.1,8.1,1182246,bind,https://www.suse.com/security/cve/CVE-2020-8625,"BIND servers are vulnerable if they are running an affected version and are configured to use GSS-TSIG features. In a configuration which uses BIND's default settings the vulnerable code path is not exposed, but a server can be rendered vulnerable by explicitly setting valid values for the tkey-gssapi-keytab or tkey-gssapi-credentialconfiguration options. Although the default configuration is not vulnerable, GSS-TSIG is frequently used in networks where BIND is integrated with Samba, as well as in mixed-server environments that combine BIND servers with Active Directory domain controllers. The most likely outcome of a successful exploitation of the vulnerability is a crash of the named process. However, remote code execution, while unproven, is theoretically possible. Affects: BIND 9.5.0 -> 9.11.27, 9.12.0 -> 9.16.11, and versions BIND 9.11.3-S1 -> 9.11.27-S1 and 9.16.8-S1 -> 9.16.11-S1 of BIND Supported Preview Edition. Also release versions 9.17.0 -> 9.17.1 of the BIND 9.17 development branch",Released
20210215,CVE-2021-20225,7.5,6.7,1182262,grub2,https://www.suse.com/security/cve/CVE-2021-20225,"A flaw was found in grub2 in versions prior to 2.06. The option parser allows an attacker to write past the end of a heap-allocated buffer by calling certain commands with a large number of specific short forms of options. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",Released
20210215,CVE-2021-20233,7.5,8.2,1182263,grub2,https://www.suse.com/security/cve/CVE-2021-20233,"A flaw was found in grub2 in versions prior to 2.06. Setparam_prefix() in the menu rendering code performs a length calculation on the assumption that expressing a quoted single quote will require 3 characters, while it actually requires 4 characters which allows an attacker to corrupt memory by one byte for each quote in the input. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",Released
20210215,CVE-2021-27212,7.5,7.5,1182279,openldap2-client,https://www.suse.com/security/cve/CVE-2021-27212,"In OpenLDAP through 2.4.57 and 2.5.x through 2.5.1alpha, an assertion failure in slapd can occur in the issuerAndThisUpdateCheck function via a crafted packet, resulting in a denial of service (daemon exit) via a short timestamp. This is related to schema_init.c and checkTime.",Ignore
20210215,CVE-2021-27212,7.5,7.5,1182279,openldap2,https://www.suse.com/security/cve/CVE-2021-27212,"In OpenLDAP through 2.4.57 and 2.5.x through 2.5.1alpha, an assertion failure in slapd can occur in the issuerAndThisUpdateCheck function via a crafted packet, resulting in a denial of service (daemon exit) via a short timestamp. This is related to schema_init.c and checkTime.",Released
20210216,CVE-2021-20242,0,,1181836,ImageMagick,https://www.suse.com/security/cve/CVE-2021-20242,"** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-20176. Reason: This candidate is a reservation duplicate of CVE-2021-20176. Notes: All CVE users should reference CVE-2021-20176 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.",Released
20210216,CVE-2021-20243,5.3,5.5,1182336,ImageMagick,https://www.suse.com/security/cve/CVE-2021-20243,"A flaw was found in ImageMagick in MagickCore/resize.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability.",Released
20210216,CVE-2021-20244,5.3,5.5,1182325,ImageMagick,https://www.suse.com/security/cve/CVE-2021-20244,"A flaw was found in ImageMagick in MagickCore/visual-effects.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability.",Released
20210216,CVE-2021-20246,5.3,5.5,1182337,ImageMagick,https://www.suse.com/security/cve/CVE-2021-20246,"A flaw was found in ImageMagick in MagickCore/resample.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability.",Released
20210216,CVE-2021-23840,6.5,7.5,1182333,openssl,https://www.suse.com/security/cve/CVE-2021-23840,"Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissable length for an integer on the platform. In such cases the return value from the function call will be 1 (indicating success), but the output length value will be negative. This could cause applications to behave incorrectly or crash. OpenSSL versions 1.1.1i and below are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1j. OpenSSL versions 1.0.2x and below are affected by this issue. However OpenSSL 1.0.2 is out of support and no longer receiving public updates. Premium support customers of OpenSSL 1.0.2 should upgrade to 1.0.2y. Other users should upgrade to 1.1.1j. Fixed in OpenSSL 1.1.1j (Affected 1.1.1-1.1.1i). Fixed in OpenSSL 1.0.2y (Affected 1.0.2-1.0.2x).",Released
20210216,CVE-2021-23841,5.9,5.9,1182331,openssl,https://www.suse.com/security/cve/CVE-2021-23841,"The OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate. However it fails to correctly handle any errors that may occur while parsing the issuer field (which might occur if the issuer field is maliciously constructed). This may subsequently result in a NULL pointer deref and a crash leading to a potential denial of service attack. The function X509_issuer_and_serial_hash() is never directly called by OpenSSL itself so applications are only vulnerable if they use this function directly and they use it on certificates that may have been obtained from untrusted sources. OpenSSL versions 1.1.1i and below are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1j. OpenSSL versions 1.0.2x and below are affected by this issue. However OpenSSL 1.0.2 is out of support and no longer receiving public updates. Premium support customers of OpenSSL 1.0.2 should upgrade to 1.0.2y. Other users should upgrade to 1.1.1j. Fixed in OpenSSL 1.1.1j (Affected 1.1.1-1.1.1i). Fixed in OpenSSL 1.0.2y (Affected 1.0.2-1.0.2x).",Released
20210217,CVE-2021-23336,5.9,5.9,1182179,python,https://www.suse.com/security/cve/CVE-2021-23336,"The package python/cpython from 0 and before 3.6.13, from 3.7.0 and before 3.7.10, from 3.8.0 and before 3.8.8, from 3.9.0 and before 3.9.2 are vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter.",Released
20210218,CVE-2020-24502,3.8,5.5,1182409,kernel-source,https://www.suse.com/security/cve/CVE-2020-24502,"Improper input validation in some Intel(R) Ethernet E810 Adapter drivers for Linux before version 1.0.4 and before version 1.4.29.0 for Windows*, may allow an authenticated user to potentially enable a denial of service via local access.",Unsupported
20210218,CVE-2020-24503,3.3,5.5,1182405,kernel-source,https://www.suse.com/security/cve/CVE-2020-24503,"Insufficient access control in some Intel(R) Ethernet E810 Adapter drivers for Linux before version 1.0.4 may allow an authenticated user to potentially enable information disclosure via local access.",Unsupported
20210218,CVE-2020-36221,7.5,7.5,1182420,openldap2,https://www.suse.com/security/cve/CVE-2020-36221,"An integer underflow was discovered in OpenLDAP before 2.4.57 leading to slapd crashes in the Certificate Exact Assertion processing, resulting in denial of service (schema_init.c serialNumberAndIssuerCheck).",Released
20210218,CVE-2020-36222,7.5,7.5,1182419,openldap2,https://www.suse.com/security/cve/CVE-2020-36222,"A flaw was discovered in OpenLDAP before 2.4.57 leading to an assertion failure in slapd in the saslAuthzTo validation, resulting in denial of service.",Released
20210218,CVE-2020-36223,7.5,7.5,1182418,openldap2,https://www.suse.com/security/cve/CVE-2020-36223,"A flaw was discovered in OpenLDAP before 2.4.57 leading to a slapd crash in the Values Return Filter control handling, resulting in denial of service (double free and out-of-bounds read).",Released
20210218,CVE-2020-36224,7.5,7.5,1182417,openldap2,https://www.suse.com/security/cve/CVE-2020-36224,"A flaw was discovered in OpenLDAP before 2.4.57 leading to an invalid pointer free and slapd crash in the saslAuthzTo processing, resulting in denial of service.",Released
20210218,CVE-2020-36225,7.5,7.5,1182416,openldap2,https://www.suse.com/security/cve/CVE-2020-36225,"A flaw was discovered in OpenLDAP before 2.4.57 leading to a double free and slapd crash in the saslAuthzTo processing, resulting in denial of service.",Released
20210218,CVE-2020-36226,7.5,7.5,1182415,openldap2,https://www.suse.com/security/cve/CVE-2020-36226,"A flaw was discovered in OpenLDAP before 2.4.57 leading to a memch->bv_len miscalculation and slapd crash in the saslAuthzTo processing, resulting in denial of service.",Released
20210218,CVE-2020-36227,7.5,7.5,1182413,openldap2,https://www.suse.com/security/cve/CVE-2020-36227,"A flaw was discovered in OpenLDAP before 2.4.57 leading to an infinite loop in slapd with the cancel_extop Cancel operation, resulting in denial of service.",Released
20210218,CVE-2020-36228,7.5,7.5,1182412,openldap2,https://www.suse.com/security/cve/CVE-2020-36228,"An integer underflow was discovered in OpenLDAP before 2.4.57 leading to a slapd crash in the Certificate List Exact Assertion processing, resulting in denial of service.",Released
20210218,CVE-2020-36229,7.5,7.5,1182408,openldap2,https://www.suse.com/security/cve/CVE-2020-36229,"A flaw was discovered in ldap_X509dn2bv in OpenLDAP before 2.4.57 leading to a slapd crash in the X.509 DN parsing in ad_keystring, resulting in denial of service.",Released
20210218,CVE-2020-36230,7.5,7.5,1182408,openldap2,https://www.suse.com/security/cve/CVE-2020-36230,"A flaw was discovered in OpenLDAP before 2.4.57 leading in an assertion failure in slapd in the X.509 DN parsing in decode.c ber_next_element, resulting in denial of service.",Released
20210222,CVE-2021-20257,3.2,6.5,1182577,kvm,https://www.suse.com/security/cve/CVE-2021-20257,"An infinite loop flaw was found in the e1000 NIC emulator of the QEMU. This issue occurs while processing transmits (tx) descriptors in process_tx_desc if various descriptor fields are initialized with invalid values. This flaw allows a guest to consume CPU cycles on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability.",Released
20210222,CVE-2021-20257,3.2,6.5,1182577,xen,https://www.suse.com/security/cve/CVE-2021-20257,"An infinite loop flaw was found in the e1000 NIC emulator of the QEMU. This issue occurs while processing transmits (tx) descriptors in process_tx_desc if various descriptor fields are initialized with invalid values. This flaw allows a guest to consume CPU cycles on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability.",Released
20210224,CVE-2021-20255,3.2,5.5,1182651,kvm,https://www.suse.com/security/cve/CVE-2021-20255,"A stack overflow via an infinite recursion vulnerability was found in the eepro100 i8255x device emulator of QEMU. This issue occurs while processing controller commands due to a DMA reentry issue. This flaw allows a guest user or process to consume CPU cycles or crash the QEMU process on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability.",Ignore
20210224,CVE-2021-20255,3.2,5.5,1182651,xen,https://www.suse.com/security/cve/CVE-2021-20255,"A stack overflow via an infinite recursion vulnerability was found in the eepro100 i8255x device emulator of QEMU. This issue occurs while processing controller commands due to a DMA reentry issue. This flaw allows a guest user or process to consume CPU cycles or crash the QEMU process on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability.",Released
20210224,CVE-2021-27363,7.1,4.4,1182716,kernel-source,https://www.suse.com/security/cve/CVE-2021-27363,"An issue was discovered in the Linux kernel through 5.11.3. A kernel pointer leak can be used to determine the address of the iscsi_transport structure. When an iSCSI transport is registered with the iSCSI subsystem, the transport's handle is available to unprivileged users via the sysfs file system, at /sys/class/iscsi_transport/$TRANSPORT_NAME/handle. When read, the show_transport_handle function (in drivers/scsi/scsi_transport_iscsi.c) is called, which leaks the handle. This handle is actually the pointer to an iscsi_transport struct in the kernel module's global variables.",Released
20210224,CVE-2021-27364,7.1,7.1,1182715,kernel-source,https://www.suse.com/security/cve/CVE-2021-27364,"An issue was discovered in the Linux kernel through 5.11.3. drivers/scsi/scsi_transport_iscsi.c is adversely affected by the ability of an unprivileged user to craft Netlink messages.",Released
20210224,CVE-2021-27365,7,7.8,1182712,kernel-source,https://www.suse.com/security/cve/CVE-2021-27365,"An issue was discovered in the Linux kernel through 5.11.3. Certain iSCSI data structures do not have appropriate length constraints or checks, and can exceed the PAGE_SIZE value. An unprivileged user can send a Netlink message that is associated with iSCSI, and has a length up to the maximum length of a Netlink message.",Released
20210226,CVE-2020-35521,4.4,5.5,1182808,tiff,https://www.suse.com/security/cve/CVE-2020-35521,"A flaw was found in libtiff. Due to a memory allocation failure in tif_read.c, a crafted TIFF file can lead to an abort, resulting in denial of service.",Released
20210226,CVE-2020-35522,4.4,5.5,1182809,tiff,https://www.suse.com/security/cve/CVE-2020-35522,"In LibTIFF, there is a memory malloc failure in tif_pixarlog.c. A crafted TIFF document can lead to an abort, resulting in a remote denial of service attack.",Released
20210226,CVE-2020-35523,6.7,7.8,1182811,tiff,https://www.suse.com/security/cve/CVE-2020-35523,"An integer overflow flaw was found in libtiff that exists in the tif_getimage.c file. This flaw allows an attacker to inject and execute arbitrary code when a user opens a crafted TIFF file. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.",Released
20210226,CVE-2020-35524,6.7,7.8,1182812,tiff,https://www.suse.com/security/cve/CVE-2020-35524,"A heap-based buffer overflow flaw was found in libtiff in the handling of TIFF images in libtiff's TIFF2PDF tool. A specially crafted TIFF file can lead to arbitrary code execution. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.",Released
20210301,CVE-2021-25316,3.3,3.3,1180877,s390-tools,https://www.suse.com/security/cve/CVE-2021-25316,"A Insecure Temporary File vulnerability in s390-tools of SUSE Linux Enterprise Server 12-SP5, SUSE Linux Enterprise Server 15-SP2 allows local attackers to prevent VM live migrations This issue affects: SUSE Linux Enterprise Server 12-SP5 s390-tools versions prior to 2.1.0-18.29.1. SUSE Linux Enterprise Server 15-SP2 s390-tools versions prior to 2.11.0-9.20.1.",Ignore
20210302,CVE-2021-25329,7,7,1182909,tomcat6,https://www.suse.com/security/cve/CVE-2021-25329,"The fix for CVE-2020-9484 was incomplete. When using Apache Tomcat 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41, 8.5.0 to 8.5.61 or 7.0.0. to 7.0.107 with a configuration edge case that was highly unlikely to be used, the Tomcat instance was still vulnerable to CVE-2020-9494. Note that both the previously published prerequisites for CVE-2020-9484 and the previously published mitigations for CVE-2020-9484 also apply to this issue.",Released
20210303,CVE-2021-3419,5.5,,1182968,kvm,https://www.suse.com/security/cve/CVE-2021-3419,"** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.",Released
20210303,CVE-2021-3419,5.5,,1182968,xen,https://www.suse.com/security/cve/CVE-2021-3419,"** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.",Released
20210305,CVE-2021-20265,5.1,5.5,1183089,kernel-source,https://www.suse.com/security/cve/CVE-2021-20265,"A flaw was found in the way memory resources were freed in the unix_stream_recvmsg function in the Linux kernel when a signal was pending. This flaw allows an unprivileged local user to crash the system by exhausting available memory. The highest threat from this vulnerability is to system availability.",Released
20210308,CVE-2021-25313,6.1,6.1,1181852,avahi,https://www.suse.com/security/cve/CVE-2021-25313,"A Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rancher allows remote attackers to execute JavaScript via malicious links. This issue affects: SUSE Rancher Rancher versions prior to 2.5.6.",Unsupported
20210308,CVE-2021-28038,6.5,6.5,1183022,xen,https://www.suse.com/security/cve/CVE-2021-28038,"An issue was discovered in the Linux kernel through 5.11.3, as used with Xen PV. A certain part of the netback driver lacks necessary treatment of errors such as failed memory allocations (as a result of changes to the handling of grant mapping errors). A host OS denial of service may occur during misbehavior of a networking frontend driver. NOTE: this issue exists because of an incomplete fix for CVE-2021-26931.",Ignore
20210311,CVE-2021-20261,7.8,6.4,1183400,kernel-source,https://www.suse.com/security/cve/CVE-2021-20261,"A race condition was found in the Linux kernels implementation of the floppy disk drive controller driver software. The impact of this issue is lessened by the fact that the default permissions on the floppy device (/dev/fd0) are restricted to root. If the permissions on the device have changed the impact changes greatly. In the default configuration root (or equivalent) permissions are required to attack this flaw.",Released
20210312,CVE-2020-25097,8.6,8.6,1183436,squid3,https://www.suse.com/security/cve/CVE-2020-25097,"An issue was discovered in Squid through 4.13 and 5.x through 5.0.4. Due to improper input validation, it allows a trusted client to perform HTTP Request Smuggling and access services otherwise forbidden by the security controls. This occurs for certain uri_whitespace configuration settings.",Released
20210315,CVE-2021-20249,4.2,,1183544,rpm,https://www.suse.com/security/cve/CVE-2021-20249,"** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.",Ignore
20210315,CVE-2021-20271,3.3,7,1183545,rpm,https://www.suse.com/security/cve/CVE-2021-20271,"A flaw was found in RPM's signature check functionality when reading a package file. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package, whose signature header was modified, to cause RPM database corruption and execute code. The highest threat from this vulnerability is to data integrity, confidentiality, and system availability.",Released
20210315,CVE-2021-20271,3.3,7,1183545,rpm-python,https://www.suse.com/security/cve/CVE-2021-20271,"A flaw was found in RPM's signature check functionality when reading a package file. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package, whose signature header was modified, to cause RPM database corruption and execute code. The highest threat from this vulnerability is to data integrity, confidentiality, and system availability.",Released
20210315,CVE-2021-28153,3.7,5.3,1183533,glib2,https://www.suse.com/security/cve/CVE-2021-28153,"An issue was discovered in GNOME GLib before 2.66.8. When g_file_replace() is used with G_FILE_CREATE_REPLACE_DESTINATION to replace a path that is a dangling symlink, it incorrectly also creates the target of the symlink as an empty file, which could conceivably have security relevance if the symlink is attacker-controlled. (If the path is a symlink to a file that already exists, then the contents of that file correctly remain unchanged.)",Affected
20210315,CVE-2021-3421,5.3,5.5,1183543,rpm,https://www.suse.com/security/cve/CVE-2021-3421,"A flaw was found in the RPM package in the read functionality. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package or compromise an RPM repository, to cause RPM database corruption. The highest threat from this vulnerability is to data integrity. This flaw affects RPM versions before 4.17.0-alpha.",Released
20210315,CVE-2021-3421,5.3,5.5,1183543,rpm-python,https://www.suse.com/security/cve/CVE-2021-3421,"A flaw was found in the RPM package in the read functionality. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package or compromise an RPM repository, to cause RPM database corruption. The highest threat from this vulnerability is to data integrity. This flaw affects RPM versions before 4.17.0-alpha.",Released
20210315,CVE-2021-3428,3.3,5.5,1173485,kernel-source,https://www.suse.com/security/cve/CVE-2021-3428,"A flaw was found in the Linux kernel. A denial of service problem is identified if an extent tree is corrupted in a crafted ext4 filesystem in fs/ext4/extents.c in ext4_es_cache_extent. Fabricating an integer overflow, A local attacker with a special user privilege may cause a system crash problem which can lead to an availability threat.",Ignore
20210317,CVE-2021-20266,3.1,4.9,1183632,rpm,https://www.suse.com/security/cve/CVE-2021-20266,"A flaw was found in RPM's hdrblobInit() in lib/header.c. This flaw allows an attacker who can modify the rpmdb to cause an out-of-bounds read. The highest threat from this vulnerability is to system availability.",Released
20210317,CVE-2021-20266,3.1,4.9,1183632,rpm-python,https://www.suse.com/security/cve/CVE-2021-20266,"A flaw was found in RPM's hdrblobInit() in lib/header.c. This flaw allows an attacker who can modify the rpmdb to cause an out-of-bounds read. The highest threat from this vulnerability is to system availability.",Released
20210318,CVE-2020-35519,7.8,7.8,1183696,kernel-source,https://www.suse.com/security/cve/CVE-2020-35519,"An out-of-bounds (OOB) memory access flaw was found in x25_bind in net/x25/af_x25.c in the Linux kernel version v5.12-rc5. A bounds check failure allows a local attacker with a user account on the system to gain access to out-of-bounds memory, leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.",Released
20210318,CVE-2021-3448,4,4,1183709,dnsmasq,https://www.suse.com/security/cve/CVE-2021-3448,"A flaw was found in dnsmasq in versions before 2.85. When configured to use a specific server for a given network interface, dnsmasq uses a fixed port while forwarding queries. An attacker on the network, able to find the outgoing port used by dnsmasq, only needs to guess the random transmission ID to forge a reply and get it accepted by dnsmasq. This flaw makes a DNS Cache Poisoning attack much easier. The highest threat from this vulnerability is to data integrity.",Released
20210320,CVE-2021-3416,3.2,6,1182968,kvm,https://www.suse.com/security/cve/CVE-2021-3416,"A potential stack overflow via infinite loop issue was found in various NIC emulators of QEMU in versions up to and including 5.2.0. The issue occurs in loopback mode of a NIC wherein reentrant DMA checks get bypassed. A guest user/process may use this flaw to consume CPU cycles or crash the QEMU process on the host resulting in DoS scenario.",Released
20210323,CVE-2021-22876,6.1,5.3,1183933,curl,https://www.suse.com/security/cve/CVE-2021-22876,"curl 7.1.1 to and including 7.75.0 is vulnerable to an \"Exposure of Private Personal Information to an Unauthorized Actor\" by leaking credentials in the HTTP Referer: header. libcurl does not strip off user credentials from the URL when automatically populating the Referer: HTTP request header field in outgoing HTTP requests, and therefore risks leaking sensitive data to the server that is the target of the second HTTP request.",Released
20210330,CVE-2021-20288,8,7.2,1183074,ceph,https://www.suse.com/security/cve/CVE-2021-20288,"An authentication flaw was found in ceph in versions before 14.2.20. When the monitor handles CEPHX_GET_AUTH_SESSION_KEY requests, it doesn't sanitize other_keys, allowing key reuse. An attacker who can request a global_id can exploit the ability of any user to request a global_id previously associated with another user, as ceph does not force the reuse of old keys to generate new ones. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",Won't fix
20210330,CVE-2021-28957,6.1,6.1,1184177,python-lxml,https://www.suse.com/security/cve/CVE-2021-28957,"An XSS vulnerability was discovered in python-lxml's clean module versions before 4.6.3. When disabling the safe_attrs_only and forms arguments, the Cleaner class does not remove the formaction attribute allowing for JS to bypass the sanitizer. A remote attacker could exploit this flaw to run arbitrary JS code on users who interact with incorrectly sanitized HTML. This issue is patched in lxml 4.6.3.",Released
20210330,CVE-2021-29266,4.4,7.8,1184166,kernel-source,https://www.suse.com/security/cve/CVE-2021-29266,"An issue was discovered in the Linux kernel before 5.11.9. drivers/vhost/vdpa.c has a use-after-free because v->config_ctx has an invalid value upon re-opening a character device, aka CID-f6bbf0010ba0.",Unsupported
20210330,CVE-2021-3475,5.3,5.3,1184173,OpenEXR,https://www.suse.com/security/cve/CVE-2021-3475,"There is a flaw in OpenEXR in versions before 3.0.0-beta. An attacker who can submit a crafted file to be processed by OpenEXR could cause an integer overflow, potentially leading to problems with application availability.",Released
20210330,CVE-2021-3476,5.3,5.3,1184172,OpenEXR,https://www.suse.com/security/cve/CVE-2021-3476,"A flaw was found in OpenEXR's B44 uncompression functionality in versions before 3.0.0-beta. An attacker who is able to submit a crafted file to OpenEXR could trigger shift overflows, potentially affecting application availability.",Released
20210331,CVE-2020-1946,7.8,9.8,1184221,spamassassin,https://www.suse.com/security/cve/CVE-2020-1946,"In Apache SpamAssassin before 3.4.5, malicious rule configuration (.cf) files can be configured to run system commands without any output or errors. With this, exploits can be injected in a number of scenarios. In addition to upgrading to SA version 3.4.5, users should only use update channels or 3rd party .cf files from trusted places.",Unsupported
20210331,CVE-2021-28950,6.2,5.5,1184194,kernel-source,https://www.suse.com/security/cve/CVE-2021-28950,"An issue was discovered in fs/fuse/fuse_i.h in the Linux kernel before 5.11.8. A \"stall on CPU\" can occur because a retry loop continually finds the same bad inode, aka CID-775c5033a0d1.",Unsupported
20210331,CVE-2021-28972,6.4,6.7,1184198,kernel-source,https://www.suse.com/security/cve/CVE-2021-28972,"In drivers/pci/hotplug/rpadlpar_sysfs.c in the Linux kernel through 5.11.8, the RPA PCI Hotplug driver has a user-tolerable buffer overflow when writing a new device name to the driver from userspace, allowing userspace to write data to the kernel stack frame directly. This occurs because add_slot_store and remove_slot_store mishandle drc_name '\0' termination, aka CID-cc7a0bb058b8.",Released
20210331,CVE-2021-29650,5.5,5.5,1184208,kernel-source,https://www.suse.com/security/cve/CVE-2021-29650,"An issue was discovered in the Linux kernel before 5.11.11. The netfilter subsystem allows attackers to cause a denial of service (panic) because net/netfilter/x_tables.c and include/linux/netfilter/x_tables.h lack a full memory barrier upon the assignment of a new table value, aka CID-175e476b8cdf.",Released
20210331,CVE-2021-3472,7.8,7.8,1180128,xorg-x11-server,https://www.suse.com/security/cve/CVE-2021-3472,"A flaw was found in xorg-x11-server in versions before 1.20.11. An integer underflow can occur in xserver which can lead to a local privilege escalation. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",Released
20210406,CVE-2021-29154,7,7.8,1184391,kernel-source,https://www.suse.com/security/cve/CVE-2021-29154,"BPF JIT compilers in the Linux kernel through 5.11.12 have incorrect computation of branch displacements, allowing them to execute arbitrary code within the kernel context. This affects arch/x86/net/bpf_jit_comp.c and arch/x86/net/bpf_jit_comp32.c.",Released
20210406,CVE-2021-30002,6.2,6.2,1184120,kernel-source,https://www.suse.com/security/cve/CVE-2021-30002,"An issue was discovered in the Linux kernel before 5.11.3 when a webcam device exists. video_usercopy in drivers/media/v4l2-core/v4l2-ioctl.c has a memory leak for large arguments, aka CID-fb18802a338b.",Released
20210406,CVE-2021-3479,7.5,5.5,1184354,OpenEXR,https://www.suse.com/security/cve/CVE-2021-3479,"There's a flaw in OpenEXR's Scanline API functionality in versions before 3.0.0-beta. An attacker who is able to submit a crafted file to be processed by OpenEXR could trigger excessive consumption of memory, resulting in an impact to system availability.",Released
20210406,CVE-2021-3483,6.5,7.8,1184393,kernel-source,https://www.suse.com/security/cve/CVE-2021-3483,"A flaw was found in the Nosy driver in the Linux kernel. This issue allows a device to be inserted twice into a doubly-linked list, leading to a use-after-free when one of these devices is removed. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. Versions before kernel 5.12-rc6 are affected",Released
20210407,CVE-2021-25317,3.3,3.3,1184161,cups,https://www.suse.com/security/cve/CVE-2021-25317,"A Incorrect Default Permissions vulnerability in the packaging of cups of SUSE Linux Enterprise Server 11-SP4-LTSS, SUSE Manager Server 4.0, SUSE OpenStack Cloud Crowbar 9; openSUSE Leap 15.2, Factory allows local attackers with control of the lp users to create files as root with 0644 permissions without the ability to set the content. This issue affects: SUSE Linux Enterprise Server 11-SP4-LTSS cups versions prior to 1.3.9. SUSE Manager Server 4.0 cups versions prior to 2.2.7. SUSE OpenStack Cloud Crowbar 9 cups versions prior to 1.7.5. openSUSE Leap 15.2 cups versions prior to 2.2.7. openSUSE Factory cups version 2.3.3op2-2.1 and prior versions.",Released
20210408,CVE-2021-28831,7.5,7.5,1184522,busybox,https://www.suse.com/security/cve/CVE-2021-28831,"decompress_gunzip.c in BusyBox through 1.32.1 mishandles the error bit on the huft_build result pointer, with a resultant invalid free or segmentation fault, via malformed gzip data.",Won't fix
20210409,CVE-2021-1252,7.5,7.5,1184532,clamav,https://www.suse.com/security/cve/CVE-2021-1252,"A vulnerability in the Excel XLM macro parsing module in Clam AntiVirus (ClamAV) Software versions 0.103.0 and 0.103.1 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to improper error handling that may result in an infinite loop. An attacker could exploit this vulnerability by sending a crafted Excel file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process hang, resulting in a denial of service condition.",Released
20210409,CVE-2021-1404,7.5,7.5,1184533,clamav,https://www.suse.com/security/cve/CVE-2021-1404,"A vulnerability in the PDF parsing module in Clam AntiVirus (ClamAV) Software versions 0.103.0 and 0.103.1 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to improper buffer size tracking that may result in a heap buffer over-read. An attacker could exploit this vulnerability by sending a crafted PDF file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process to crash, resulting in a denial of service condition.",Released
20210409,CVE-2021-1405,7.5,7.5,1184534,clamav,https://www.suse.com/security/cve/CVE-2021-1405,"A vulnerability in the email parsing module in Clam AntiVirus (ClamAV) Software version 0.103.1 and all prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to improper variable initialization that may result in an NULL pointer read. An attacker could exploit this vulnerability by sending a crafted email to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process crash, resulting in a denial of service condition.",Released
20210409,CVE-2021-3468,6.2,5.5,1184521,avahi,https://www.suse.com/security/cve/CVE-2021-3468,"A flaw was found in avahi in versions 0.6 up to 0.8. The event used to signal the termination of the client connection on the avahi Unix socket is not correctly handled in the client_work function, allowing a local attacker to trigger an infinite loop. The highest threat from this vulnerability is to the availability of the avahi service, which becomes unresponsive after this flaw is triggered.",Released
20210412,CVE-2021-20309,5.3,7.5,1184624,ImageMagick,https://www.suse.com/security/cve/CVE-2021-20309,"A flaw was found in ImageMagick in versions before 7.0.11 and before 6.9.12, where a division by zero in WaveImage() of MagickCore/visual-effects.c may trigger undefined behavior via a crafted image file submitted to an application using ImageMagick. The highest threat from this vulnerability is to system availability.",Released
20210412,CVE-2021-20312,5.3,7.5,1184627,ImageMagick,https://www.suse.com/security/cve/CVE-2021-20312,"A flaw was found in ImageMagick in versions 7.0.11, where an integer overflow in WriteTHUMBNAILImage of coders/thumbnail.c may trigger undefined behavior via a crafted image file that is submitted by an attacker and processed by an application using ImageMagick. The highest threat from this vulnerability is to system availability.",Released
20210412,CVE-2021-20313,4.7,7.5,1184628,ImageMagick,https://www.suse.com/security/cve/CVE-2021-20313,"A flaw was found in ImageMagick in versions before 7.0.11. A potential cipher leak when the calculate signatures in TransformSignature is possible. The highest threat from this vulnerability is to data confidentiality.",Released
20210412,CVE-2021-3487,5.5,6.5,1184620,binutils,https://www.suse.com/security/cve/CVE-2021-3487,"** REJECT ** Non Security Issue. See the binutils security policy for more details, https://sourceware.org/cgit/binutils-gdb/tree/binutils/SECURITY.txt",Unsupported
20210413,CVE-2021-20254,7.1,8.1,1184677,samba,https://www.suse.com/security/cve/CVE-2021-20254,"A flaw was found in samba. The Samba smbd file server must map Windows group identities (SIDs) into unix group ids (gids). The code that performs this had a flaw that could allow it to read data beyond the end of the array in the case where a negative cache entry had been added to the mapping cache. This could cause the calling code to return those values into the process token that stores the group membership for a user. The highest threat from this vulnerability is to data confidentiality and integrity.",Released
20210413,CVE-2021-28965,5.3,7.5,1184644,ruby,https://www.suse.com/security/cve/CVE-2021-28965,"The REXML gem before 3.2.5 in Ruby before 2.6.7, 2.7.x before 2.7.3, and 3.x before 3.0.1 does not properly address XML round-trip issues. An incorrect document can be produced after parsing and serializing.",Won't fix
20210414,CVE-2020-36322,7.7,5.5,1184211,kernel-source,https://www.suse.com/security/cve/CVE-2020-36322,"An issue was discovered in the FUSE filesystem implementation in the Linux kernel before 5.10.6, aka CID-5d069dbe8aaf. fuse_do_getattr() calls make_bad_inode() in inappropriate situations, causing a system crash. NOTE: the original fix for this vulnerability was incomplete, and its incompleteness is tracked as CVE-2021-28950.",Released
20210414,CVE-2021-30498,9.8,7.8,1184752,libcaca,https://www.suse.com/security/cve/CVE-2021-30498,"A flaw was found in libcaca. A heap buffer overflow in export.c in function export_tga might lead to memory corruption and other potential consequences.",Released
20210414,CVE-2021-30499,9.8,7.8,1184751,libcaca,https://www.suse.com/security/cve/CVE-2021-30499,"A flaw was found in libcaca. A buffer overflow of export.c in function export_troff might lead to memory corruption and other potential consequences.",Released
20210414,CVE-2021-3467,5.5,5.5,1184757,jasper,https://www.suse.com/security/cve/CVE-2021-3467,"A NULL pointer dereference flaw was found in the way Jasper versions before 2.0.26 handled component references in CDEF box in the JP2 image format decoder. A specially crafted JP2 image file could cause an application using the Jasper library to crash when opened.",Released
20210415,CVE-2019-17007,7.5,7.5,1184805,mozilla-nss,https://www.suse.com/security/cve/CVE-2019-17007,"In Network Security Services before 3.44, a malformed Netscape Certificate Sequence can cause NSS to crash, resulting in a denial of service.",Already fixed
20210415,CVE-2020-35448,3.3,3.3,1184794,binutils,https://www.suse.com/security/cve/CVE-2020-35448,"An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.35.1. A heap-based buffer over-read can occur in bfd_getl_signed_32 in libbfd.c because sh_entsize is not validated in _bfd_elf_slurp_secondary_reloc_section in elf.c.",Unsupported
20210415,CVE-2021-3443,5.5,5.5,1184798,jasper,https://www.suse.com/security/cve/CVE-2021-3443,"A NULL pointer dereference flaw was found in the way Jasper versions before 2.0.27 handled component references in the JP2 image format decoder. A specially crafted JP2 image file could cause an application using the Jasper library to crash when opened.",Released
20210420,CVE-2021-29458,4.4,5.5,1185003,exiv2,https://www.suse.com/security/cve/CVE-2021-29458,"Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An out-of-bounds read was found in Exiv2 versions v0.27.3 and earlier. The out-of-bounds read is triggered when Exiv2 is used to write metadata into a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service by crashing Exiv2, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only triggered when writing the metadata, which is a less frequently used Exiv2 operation than reading the metadata. For example, to trigger the bug in the Exiv2 command-line application, you need to add an extra command-line argument such as insert. The bug is fixed in version v0.27.4.",Unsupported
20210420,CVE-2021-3507,4.4,6.1,1185000,kvm,https://www.suse.com/security/cve/CVE-2021-3507,"A heap buffer overflow was found in the floppy disk emulator of QEMU up to 6.0.0 (including). It could occur in fdctrl_transfer_handler() in hw/block/fdc.c while processing DMA read data transfers from the floppy drive to the guest system. A privileged guest user could use this flaw to crash the QEMU process on the host resulting in DoS scenario, or potential information leakage from the host memory.",Unsupported
20210421,CVE-2021-2163,5.3,5.3,1185055,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2021-2163,"Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u291, 8u281, 11.0.10, 16; Java SE Embedded: 8u281; Oracle GraalVM Enterprise Edition: 19.3.5, 20.3.1.2 and 21.0.0.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N).",Released
20210421,CVE-2021-28689,5.5,5.5,1185104,xen,https://www.suse.com/security/cve/CVE-2021-28689,"x86: Speculative vulnerabilities with bare (non-shim) 32-bit PV guests 32-bit x86 PV guest kernels run in ring 1. At the time when Xen was developed, this area of the i386 architecture was rarely used, which is why Xen was able to use it to implement paravirtualisation, Xen's novel approach to virtualization. In AMD64, Xen had to use a different implementation approach, so Xen does not use ring 1 to support 64-bit guests. With the focus now being on 64-bit systems, and the availability of explicit hardware support for virtualization, fixing speculation issues in ring 1 is not a priority for processor companies. Indirect Branch Restricted Speculation (IBRS) is an architectural x86 extension put together to combat speculative execution sidechannel attacks, including Spectre v2. It was retrofitted in microcode to existing CPUs. For more details on Spectre v2, see: http://xenbits.xen.org/xsa/advisory-254.html However, IBRS does not architecturally protect ring 0 from predictions learnt in ring 1. For more details, see: https://software.intel.com/security-software-guidance/deep-dives/deep-dive-indirect-branch-restricted-speculation Similar situations may exist with other mitigations for other kinds of speculative execution attacks. The situation is quite likely to be similar for speculative execution attacks which have yet to be discovered, disclosed, or mitigated.",Unsupported
20210422,CVE-2020-23922,3.7,7.1,1185129,giflib,https://www.suse.com/security/cve/CVE-2020-23922,"An issue was discovered in giflib through 5.1.4. DumpScreen2RGB in gif2rgb.c has a heap-based buffer over-read.",Unsupported
20210426,CVE-2020-15078,5.3,7.5,1185279,openvpn,https://www.suse.com/security/cve/CVE-2020-15078,"OpenVPN 2.5.1 and earlier versions allows a remote attackers to bypass authentication and access control channel data on servers configured with deferred authentication, which can be used to potentially trigger further information leaks.",Released
20210427,CVE-2021-25214,6.5,6.5,1185345,bind,https://www.suse.com/security/cve/CVE-2021-25214,"In BIND 9.8.5 -> 9.8.8, 9.9.3 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.9.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND 9 Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.11 of the BIND 9.17 development branch, when a vulnerable version of named receives a malformed IXFR triggering the flaw described above, the named process will terminate due to a failed assertion the next time the transferred secondary zone is refreshed.",Released
20210427,CVE-2021-25215,7.5,7.5,1185345,bind,https://www.suse.com/security/cve/CVE-2021-25215,"In BIND 9.0.0 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.9.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.11 of the BIND 9.17 development branch, when a vulnerable version of named receives a query for a record triggering the flaw described above, the named process will terminate due to a failed assertion check. The vulnerability affects all currently maintained BIND 9 branches (9.11, 9.11-S, 9.16, 9.16-S, 9.17) as well as all other versions of BIND 9.",Released
20210427,CVE-2021-25216,8.1,9.8,1185345,bind,https://www.suse.com/security/cve/CVE-2021-25216,"In BIND 9.5.0 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.11.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.1 of the BIND 9.17 development branch, BIND servers are vulnerable if they are running an affected version and are configured to use GSS-TSIG features. In a configuration which uses BIND's default settings the vulnerable code path is not exposed, but a server can be rendered vulnerable by explicitly setting values for the tkey-gssapi-keytab or tkey-gssapi-credential configuration options. Although the default configuration is not vulnerable, GSS-TSIG is frequently used in networks where BIND is integrated with Samba, as well as in mixed-server environments that combine BIND servers with Active Directory domain controllers. For servers that meet these conditions, the ISC SPNEGO implementation is vulnerable to various attacks, depending on the CPU architecture for which BIND was built: For named binaries compiled for 64-bit platforms, this flaw can be used to trigger a buffer over-read, leading to a server crash. For named binaries compiled for 32-bit platforms, this flaw can be used to trigger a server crash due to a buffer overflow and possibly also to achieve remote code execution. We have determined that standard SPNEGO implementations are available in the MIT and Heimdal Kerberos libraries, which support a broad range of operating systems, rendering the ISC implementation unnecessary and obsolete. Therefore, to reduce the attack surface for BIND users, we will be removing the ISC SPNEGO implementation in the April releases of BIND 9.11 and 9.16 (it had already been dropped from BIND 9.17). We would not normally remove something from a stable ESV (Extended Support Version) of BIND, but since system libraries can replace the ISC SPNEGO implementation, we have made an exception in this case for reasons of stability and security.",Released
20210428,CVE-2021-3516,5.9,7.8,1185409,libxml2,https://www.suse.com/security/cve/CVE-2021-3516,"There's a flaw in libxml2's xmllint in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by xmllint could trigger a use-after-free. The greatest impact of this flaw is to confidentiality, integrity, and availability.",Released
20210428,CVE-2021-3517,8.6,8.6,1185410,libxml2,https://www.suse.com/security/cve/CVE-2021-3517,"There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11. An attacker who is able to supply a crafted file to be processed by an application linked with the affected functionality of libxml2 could trigger an out-of-bounds read. The most likely impact of this flaw is to application availability, with some potential impact to confidentiality and integrity if an attacker is able to use memory information to further exploit the application.",Released
20210428,CVE-2021-3518,5.9,8.8,1185408,libxml2,https://www.suse.com/security/cve/CVE-2021-3518,"There's a flaw in libxml2 in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by an application linked with libxml2 could trigger a use-after-free. The greatest impact from this flaw is to confidentiality, integrity, and availability.",Released
20210503,CVE-2021-31879,6.5,6.1,1185551,wget,https://www.suse.com/security/cve/CVE-2021-31879,"GNU Wget through 1.21.1 does not omit the Authorization header upon a redirect to a different origin, a related issue to CVE-2018-1000007.",Won't fix
20210506,CVE-2021-3537,7.5,5.9,1185698,libxml2,https://www.suse.com/security/cve/CVE-2021-3537,"A vulnerability found in libxml2 in versions before 2.9.11 shows that it did not propagate errors while parsing XML mixed content, causing a NULL dereference. If an untrusted XML document was parsed in recovery mode and post-validated, the flaw could be used to crash the application. The highest threat from this vulnerability is to system availability.",Released
20210506,CVE-2021-3537,7.5,5.9,1185698,libxml2-python,https://www.suse.com/security/cve/CVE-2021-3537,"A vulnerability found in libxml2 in versions before 2.9.11 shows that it did not propagate errors while parsing XML mixed content, causing a NULL dereference. If an untrusted XML document was parsed in recovery mode and post-validated, the flaw could be used to crash the application. The highest threat from this vulnerability is to system availability.",Released
20210510,CVE-2020-24586,4.7,3.5,1185859,kernel-source,https://www.suse.com/security/cve/CVE-2020-24586,"The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that received fragments be cleared from memory after (re)connecting to a network. Under the right circumstances, when another device sends fragmented frames encrypted using WEP, CCMP, or GCMP, this can be abused to inject arbitrary network packets and/or exfiltrate user data.",Released
20210510,CVE-2020-24587,4.2,2.6,1185859,kernel-source,https://www.suse.com/security/cve/CVE-2020-24587,"The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that all fragments of a frame are encrypted under the same key. An adversary can abuse this to decrypt selected fragments when another device sends fragmented frames and the WEP, CCMP, or GCMP encryption key is periodically renewed.",Released
20210510,CVE-2020-24588,6.5,3.5,1185861,kernel-source,https://www.suse.com/security/cve/CVE-2020-24588,"The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that the A-MSDU flag in the plaintext QoS header field is authenticated. Against devices that support receiving non-SSP A-MSDU frames (which is mandatory as part of 802.11n), an adversary can abuse this to inject arbitrary network packets.",Released
20210511,CVE-2021-28651,7.4,7.5,1185921,squid3,https://www.suse.com/security/cve/CVE-2021-28651,"An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to a buffer-management bug, it allows a denial of service. When resolving a request with the urn: scheme, the parser leaks a small amount of memory. However, there is an unspecified attack methodology that can easily trigger a large amount of memory consumption.",Released
20210511,CVE-2021-28652,6.8,4.9,1185918,squid3,https://www.suse.com/security/cve/CVE-2021-28652,"An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to incorrect parser validation, it allows a Denial of Service attack against the Cache Manager API. This allows a trusted client to trigger memory leaks that. over time, lead to a Denial of Service via an unspecified short query string. This attack is limited to clients with Cache Manager API access privilege.",Unsupported
20210511,CVE-2021-32028,6.5,6.5,1185925,postgresql94,https://www.suse.com/security/cve/CVE-2021-32028,"A flaw was found in postgresql. Using an INSERT ... ON CONFLICT ... DO UPDATE command on a purpose-crafted table, an authenticated database user could read arbitrary bytes of server memory. The highest threat from this vulnerability is to data confidentiality.",Already fixed
20210511,CVE-2021-32399,7.4,7,1184611,kernel-source,https://www.suse.com/security/cve/CVE-2021-32399,"net/bluetooth/hci_request.c in the Linux kernel through 5.12.2 has a race condition for removal of the HCI controller.",Released
20210511,CVE-2021-32491,7.5,7.8,1185900,djvulibre,https://www.suse.com/security/cve/CVE-2021-32491,"A flaw was found in djvulibre-3.5.28 and earlier. An integer overflow in function render() in tools/ddjvu via crafted djvu file may lead to application crash and other consequences.",Released
20210511,CVE-2021-32492,7.5,7.8,1185904,djvulibre,https://www.suse.com/security/cve/CVE-2021-32492,"A flaw was found in djvulibre-3.5.28 and earlier. An out of bounds read in function DJVU::DataPool::has_data() via crafted djvu file may lead to application crash and other consequences.",Released
20210511,CVE-2021-32493,7.5,7.8,1185905,djvulibre,https://www.suse.com/security/cve/CVE-2021-32493,"A flaw was found in djvulibre-3.5.28 and earlier. A heap buffer overflow in function DJVU::GBitmap::decode() via crafted djvu file may lead to application crash and other consequences.",Released
20210512,CVE-2020-26141,4.2,6.5,1185987,kernel-source,https://www.suse.com/security/cve/CVE-2020-26141,"An issue was discovered in the ALFA Windows 10 driver 6.1316.1209 for AWUS036H. The Wi-Fi implementation does not verify the Message Integrity Check (authenticity) of fragmented TKIP frames. An adversary can abuse this to inject and possibly decrypt packets in WPA or WPA2 networks that support the TKIP data-confidentiality protocol.",Already fixed
20210512,CVE-2020-28600,,7.8,1185975,file,https://www.suse.com/security/cve/CVE-2020-28600,"An out-of-bounds write vulnerability exists in the import_stl.cc:import_stl() functionality of Openscad openscad-2020.12-RC2. A specially crafted STL file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.",Analysis
20210513,CVE-2021-3527,3.8,5.5,1186012,kvm,https://www.suse.com/security/cve/CVE-2021-3527,"A flaw was found in the USB redirector device (usb-redir) of QEMU. Small USB packets are combined into a single, large transfer request, to reduce the overhead and improve performance. The combined size of the bulk transfer is used to dynamically allocate a variable length array (VLA) on the stack without proper validation. Since the total size is not bounded, a malicious guest could use this flaw to influence the array length and cause the QEMU process to perform an excessive allocation on the stack, resulting in a denial of service.",Affected
20210513,CVE-2021-3527,3.8,5.5,1186012,xen,https://www.suse.com/security/cve/CVE-2021-3527,"A flaw was found in the USB redirector device (usb-redir) of QEMU. Small USB packets are combined into a single, large transfer request, to reduce the overhead and improve performance. The combined size of the bulk transfer is used to dynamically allocate a variable length array (VLA) on the stack without proper validation. Since the total size is not bounded, a malicious guest could use this flaw to influence the array length and cause the QEMU process to perform an excessive allocation on the stack, resulting in a denial of service.",Released
20210513,CVE-2021-3541,6.5,6.5,1186015,libxml2,https://www.suse.com/security/cve/CVE-2021-3541,"A flaw was found in libxml2. Exponential entity expansion attack its possible bypassing all existing protection mechanisms and leading to denial of service.",Released
20210513,CVE-2021-3541,6.5,6.5,1186015,libxml2-python,https://www.suse.com/security/cve/CVE-2021-3541,"A flaw was found in libxml2. Exponential entity expansion attack its possible bypassing all existing protection mechanisms and leading to denial of service.",Released
20210514,CVE-2020-26139,4.3,5.3,1186062,kernel-source,https://www.suse.com/security/cve/CVE-2020-26139,"An issue was discovered in the kernel in NetBSD 7.1. An Access Point (AP) forwards EAPOL frames to other clients even though the sender has not yet successfully authenticated to the AP. This might be abused in projected Wi-Fi networks to launch denial-of-service attacks against connected clients and makes it easier to exploit other vulnerabilities in connected clients.",Released
20210514,CVE-2021-3542,6.4,,1184673,kernel-source,https://www.suse.com/security/cve/CVE-2021-3542,"** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-42739. Reason: This candidate is a reservation duplicate of CVE-2021-42739. Notes: All CVE users should reference CVE-2021-42739 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.",Released
20210517,CVE-2021-22898,5.3,3.1,1186114,curl,https://www.suse.com/security/cve/CVE-2021-22898,"curl 7.7 through 7.76.1 suffers from an information disclosure when the `-t` command line option, known as `CURLOPT_TELNETOPTIONS` in libcurl, is used to send variable=content pairs to TELNET servers. Due to a flaw in the option parser for sending NEW_ENV variables, libcurl could be made to pass on uninitialized data from a stack based buffer to the server, resulting in potentially revealing sensitive internal information to the server using a clear-text network protocol.",Released
20210517,CVE-2021-33033,6.7,7.8,1186109,kernel-source,https://www.suse.com/security/cve/CVE-2021-33033,"The Linux kernel before 5.11.14 has a use-after-free in cipso_v4_genopt in net/ipv4/cipso_ipv4.c because the CIPSO and CALIPSO refcounting for the DOI definitions is mishandled, aka CID-ad5d07f4a9cd. This leads to writing an arbitrary value.",Released
20210518,CVE-2021-31535,8.1,9.8,1182506,xorg-x11-libX11,https://www.suse.com/security/cve/CVE-2021-31535,"LookupCol.c in X.Org X through X11R7.7 and libX11 before 1.7.1 might allow remote attackers to execute arbitrary code. The libX11 XLookupColor request (intended for server-side color lookup) contains a flaw allowing a client to send color-name requests with a name longer than the maximum size allowed by the protocol (and also longer than the maximum packet size for normal-sized packets). The user-controlled data exceeding the maximum size is then interpreted by the server as additional X protocol requests and executed, e.g., to disable X server authorization completely. For example, if the victim encounters malicious terminal control sequences for color codes, then the attacker may be able to take full control of the running graphical session.",Released
20210518,CVE-2021-32617,5.5,5.5,1186192,exiv2,https://www.suse.com/security/cve/CVE-2021-32617,"Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An inefficient algorithm (quadratic complexity) was found in Exiv2 versions v0.27.3 and earlier. The inefficient algorithm is triggered when Exiv2 is used to write metadata into a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service, if they can trick the victim into running Exiv2 on a crafted image file. The bug is fixed in version v0.27.4. Note that this bug is only triggered when _writing_ the metadata, which is a less frequently used Exiv2 operation than _reading_ the metadata. For example, to trigger the bug in the Exiv2 command-line application, you need to add an extra command-line argument such as `rm`.",Released
20210519,CVE-2021-25321,7.7,7.8,1186240,arpwatch,https://www.suse.com/security/cve/CVE-2021-25321,"A UNIX Symbolic Link (Symlink) Following vulnerability in arpwatch of SUSE Linux Enterprise Server 11-SP4-LTSS, SUSE Manager Server 4.0, SUSE OpenStack Cloud Crowbar 9; openSUSE Factory, Leap 15.2 allows local attackers with control of the runtime user to run arpwatch as to escalate to root upon the next restart of arpwatch. This issue affects: SUSE Linux Enterprise Server 11-SP4-LTSS arpwatch versions prior to 2.1a15. SUSE Manager Server 4.0 arpwatch versions prior to 2.1a15. SUSE OpenStack Cloud Crowbar 9 arpwatch versions prior to 2.1a15. openSUSE Factory arpwatch version 2.1a15-169.5 and prior versions. openSUSE Leap 15.2 arpwatch version 2.1a15-lp152.5.5 and prior versions.",Released
20210519,CVE-2021-3500,7.5,7.8,1186253,djvulibre,https://www.suse.com/security/cve/CVE-2021-3500,"A flaw was found in djvulibre-3.5.28 and earlier. A Stack overflow in function DJVU::DjVuDocument::get_djvu_file() via crafted djvu file may lead to application crash and other consequences.",Released
20210521,CVE-2021-31998,7.3,7.8,1182321,inn,https://www.suse.com/security/cve/CVE-2021-31998,"A Incorrect Default Permissions vulnerability in the packaging of inn of SUSE Linux Enterprise Server 11-SP3; openSUSE Backports SLE-15-SP2, openSUSE Leap 15.2 allows local attackers to escalate their privileges from the news user to root. This issue affects: SUSE Linux Enterprise Server 11-SP3 inn version inn-2.4.2-170.21.3.1 and prior versions. openSUSE Backports SLE-15-SP2 inn versions prior to 2.6.2. openSUSE Leap 15.2 inn versions prior to 2.6.2.",Released
20210521,CVE-2021-3561,5.3,7.1,1186329,transfig,https://www.suse.com/security/cve/CVE-2021-3561,"An Out of Bounds flaw was found fig2dev version 3.2.8a. A flawed bounds check in read_objects() could allow an attacker to provide a crafted malicious input causing the application to either crash or in some cases cause memory corruption. The highest threat from this vulnerability is to integrity as well as system availability.",Released
20210524,CVE-2021-25217,7.4,7.4,1186382,dhcp,https://www.suse.com/security/cve/CVE-2021-25217,"In ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16, ISC DHCP 4.4.0 -> 4.4.2 (Other branches of ISC DHCP (i.e., releases in the 4.0.x series or lower and releases in the 4.3.x series) are beyond their End-of-Life (EOL) and no longer supported by ISC. From inspection it is clear that the defect is also present in releases from those series, but they have not been officially tested for the vulnerability), The outcome of encountering the defect while reading a lease that will trigger it varies, according to: the component being affected (i.e., dhclient or dhcpd) whether the package was built as a 32-bit or 64-bit binary whether the compiler flag -fstack-protection-strong was used when compiling In dhclient, ISC has not successfully reproduced the error on a 64-bit system. However, on a 32-bit system it is possible to cause dhclient to crash when reading an improper lease, which could cause network connectivity problems for an affected system due to the absence of a running DHCP client process. In dhcpd, when run in DHCPv4 or DHCPv6 mode: if the dhcpd server binary was built for a 32-bit architecture AND the -fstack-protection-strong flag was specified to the compiler, dhcpd may exit while parsing a lease file containing an objectionable lease, resulting in lack of service to clients. Additionally, the offending lease and the lease immediately following it in the lease database may be improperly deleted. if the dhcpd server binary was built for a 64-bit architecture OR if the -fstack-protection-strong compiler flag was NOT specified, the crash will not occur, but it is possible for the offending lease and the lease which immediately followed it to be improperly deleted.",Released
20210525,CVE-2021-0086,-1,-1,1182867,xen,https://www.suse.com/security/cve/CVE-2021-0086,"Observable response discrepancy in floating-point operations for some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access.",Released
20210525,CVE-2021-0089,6.5,6.5,1186433,xen,https://www.suse.com/security/cve/CVE-2021-0089,"Observable response discrepancy in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access.",Released
20210525,CVE-2021-28690,5.6,6.5,1186434,xen,https://www.suse.com/security/cve/CVE-2021-28690,"x86: TSX Async Abort protections not restored after S3 This issue relates to the TSX Async Abort speculative security vulnerability. Please see https://xenbits.xen.org/xsa/advisory-305.html for details. Mitigating TAA by disabling TSX (the default and preferred option) requires selecting a non-default setting in MSR_TSX_CTRL. This setting isn't restored after S3 suspend.",Released
20210525,CVE-2021-28692,4.2,7.1,1186429,xen,https://www.suse.com/security/cve/CVE-2021-28692,"inappropriate x86 IOMMU timeout detection / handling IOMMUs process commands issued to them in parallel with the operation of the CPU(s) issuing such commands. In the current implementation in Xen, asynchronous notification of the completion of such commands is not used. Instead, the issuing CPU spin-waits for the completion of the most recently issued command(s). Some of these waiting loops try to apply a timeout to fail overly-slow commands. The course of action upon a perceived timeout actually being detected is inappropriate: - on Intel hardware guests which did not originally cause the timeout may be marked as crashed, - on AMD hardware higher layer callers would not be notified of the issue, making them continue as if the IOMMU operation succeeded.",Released
20210526,CVE-2021-0129,6.4,5.7,1186463,bluez,https://www.suse.com/security/cve/CVE-2021-0129,"Improper access control in BlueZ may allow an authenticated user to potentially enable information disclosure via adjacent access.",Unsupported
20210527,CVE-2021-29256,8.8,8.8,1186494,kernel-source,https://www.suse.com/security/cve/CVE-2021-29256,". The Arm Mali GPU kernel driver allows an unprivileged user to achieve access to freed memory, leading to information disclosure or root privilege escalation. This affects Bifrost r16p0 through r29p0 before r30p0, Valhall r19p0 through r29p0 before r30p0, and Midgard r28p0 through r30p0.",Ignore
20210527,CVE-2021-33574,5.9,9.8,1186489,glibc,https://www.suse.com/security/cve/CVE-2021-33574,"The mq_notify function in the GNU C Library (aka glibc) versions 2.32 and 2.33 has a use-after-free. It may use the notification thread attributes object (passed through its struct sigevent parameter) after it has been freed by the caller, leading to a denial of service (application crash) or possibly unspecified other impact.",Released
20210531,CVE-2021-33620,6.5,6.5,1185923,squid3,https://www.suse.com/security/cve/CVE-2021-33620,"Squid before 4.15 and 5.x before 5.0.6 allows remote servers to cause a denial of service (affecting availability to all clients) via an HTTP response. The issue trigger is a header that can be expected to exist in HTTP traffic without any malicious intent by the server.",Unsupported
20210531,CVE-2021-33620,6.5,6.5,1185923,squid,https://www.suse.com/security/cve/CVE-2021-33620,"Squid before 4.15 and 5.x before 5.0.6 allows remote servers to cause a denial of service (affecting availability to all clients) via an HTTP response. The issue trigger is a header that can be expected to exist in HTTP traffic without any malicious intent by the server.",Unsupported
20210603,CVE-2021-33805,5.3,,1186801,fuse,https://www.suse.com/security/cve/CVE-2021-33805,"** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-10906. Reason: This candidate is a duplicate of CVE-2018-10906. Notes: All CVE users should reference CVE-2018-10906 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.",Ignore
20210603,CVE-2021-33805,5.3,,1186801,gvfs,https://www.suse.com/security/cve/CVE-2021-33805,"** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-10906. Reason: This candidate is a duplicate of CVE-2018-10906. Notes: All CVE users should reference CVE-2018-10906 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.",Ignore
20210604,CVE-2020-15077,,5.3,1186874,openvpn,https://www.suse.com/security/cve/CVE-2020-15077,"OpenVPN Access Server 2.8.7 and earlier versions allows a remote attackers to bypass authentication and access control channel data on servers configured with deferred authentication, which can be used to potentially trigger further information leaks.",Ignore
20210604,CVE-2020-36382,,7.5,1186876,openvpn,https://www.suse.com/security/cve/CVE-2020-36382,"OpenVPN Access Server 2.7.3 to 2.8.7 allows remote attackers to trigger an assert during the user authentication phase via incorrect authentication token data in an early phase of the user authentication resulting in a denial of service.",Ignore
20210607,CVE-2020-35452,8.1,7.3,1186922,apache2,https://www.suse.com/security/cve/CVE-2020-35452,"Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Digest nonce can cause a stack overflow in mod_auth_digest. There is no report of this overflow being exploitable, nor the Apache HTTP Server team could create one, though some particular compiler and/or compilation option might make it possible, with limited consequences anyway due to the size (a single byte) and the value (zero byte) of the overflow",Released
20210608,CVE-2020-36385,8.4,7.8,1187050,kernel-source,https://www.suse.com/security/cve/CVE-2020-36385,"An issue was discovered in the Linux kernel before 5.10. drivers/infiniband/core/ucma.c has a use-after-free because the ctx is reached via the ctx_list in some ucma_migrate_id situations where ucma_close is called, aka CID-f5449e74802c.",Released
20210609,CVE-2020-35512,7,7.8,1187105,dbus-1,https://www.suse.com/security/cve/CVE-2020-35512,"A use-after-free flaw was found in D-Bus Development branch <= 1.13.16, dbus-1.12.x stable branch <= 1.12.18, and dbus-1.10.x and older branches <= 1.10.30 when a system has multiple usernames sharing the same UID. When a set of policy rules references these usernames, D-Bus may free some memory in the heap, which is still used by data structures necessary for the other usernames sharing the UID, possibly leading to a crash or other undefined behaviors",Released
20210609,CVE-2020-35512,7,7.8,1187105,dbus-1-x11,https://www.suse.com/security/cve/CVE-2020-35512,"A use-after-free flaw was found in D-Bus Development branch <= 1.13.16, dbus-1.12.x stable branch <= 1.12.18, and dbus-1.10.x and older branches <= 1.10.30 when a system has multiple usernames sharing the same UID. When a set of policy rules references these usernames, D-Bus may free some memory in the heap, which is still used by data structures necessary for the other usernames sharing the UID, possibly leading to a crash or other undefined behaviors",Released
20210610,CVE-2020-13938,,5.5,1187172,apache2,https://www.suse.com/security/cve/CVE-2020-13938,"Apache HTTP Server versions 2.4.0 to 2.4.46 Unprivileged local users can stop httpd on Windows",Ignore
20210610,CVE-2021-30641,5.9,5.3,1187174,apache2,https://www.suse.com/security/cve/CVE-2021-30641,"Apache HTTP Server versions 2.4.39 to 2.4.46 Unexpected matching behavior with 'MergeSlashes OFF'",Released
20210610,CVE-2021-3588,3.3,3.3,1187165,bluez,https://www.suse.com/security/cve/CVE-2021-3588,"The cli_feat_read_cb() function in src/gatt-database.c does not perform bounds checks on the 'offset' variable before using it as an index into an array for reading.",Unsupported
20210611,CVE-2021-33560,7.5,7.5,1187212,libgcrypt,https://www.suse.com/security/cve/CVE-2021-33560,"Libgcrypt before 1.8.8 and 1.9.x before 1.9.3 mishandles ElGamal encryption because it lacks exponent blinding to address a side-channel attack against mpi_powm, and the window size is not chosen appropriately. This, for example, affects use of ElGamal in OpenPGP.",Released
20210611,CVE-2021-34557,6.4,4.6,1186918,xscreensaver,https://www.suse.com/security/cve/CVE-2021-34557,"XScreenSaver 5.45 can be bypassed if the machine has more than ten disconnectable video outputs. A buffer overflow in update_screen_layout() allows an attacker to bypass the standard screen lock authentication mechanism by crashing XScreenSaver. The attacker must physically disconnect many video outputs.",Released
20210615,CVE-2021-3592,3.8,3.8,1187364,kvm,https://www.suse.com/security/cve/CVE-2021-3592,"An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the bootp_input() function and could occur while processing a udp packet that is smaller than the size of the 'bootp_t' structure. A malicious guest could use this flaw to leak 10 bytes of uninitialized heap memory from the host. The highest threat from this vulnerability is to data confidentiality. This flaw affects libslirp versions prior to 4.6.0.",Released
20210615,CVE-2021-3592,3.8,3.8,1187364,xen,https://www.suse.com/security/cve/CVE-2021-3592,"An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the bootp_input() function and could occur while processing a udp packet that is smaller than the size of the 'bootp_t' structure. A malicious guest could use this flaw to leak 10 bytes of uninitialized heap memory from the host. The highest threat from this vulnerability is to data confidentiality. This flaw affects libslirp versions prior to 4.6.0.",Released
20210615,CVE-2021-3594,3.8,3.8,1187367,kvm,https://www.suse.com/security/cve/CVE-2021-3594,"An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the udp_input() function and could occur while processing a udp packet that is smaller than the size of the 'udphdr' structure. This issue may lead to out-of-bounds read access or indirect host memory disclosure to the guest. The highest threat from this vulnerability is to data confidentiality. This flaw affects libslirp versions prior to 4.6.0.",Released
20210615,CVE-2021-3594,3.8,3.8,1187367,xen,https://www.suse.com/security/cve/CVE-2021-3594,"An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the udp_input() function and could occur while processing a udp packet that is smaller than the size of the 'udphdr' structure. This issue may lead to out-of-bounds read access or indirect host memory disclosure to the guest. The highest threat from this vulnerability is to data confidentiality. This flaw affects libslirp versions prior to 4.6.0.",Released
20210615,CVE-2021-3595,3.8,3.8,1187366,xen,https://www.suse.com/security/cve/CVE-2021-3595,"An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the tftp_input() function and could occur while processing a udp packet that is smaller than the size of the 'tftp_t' structure. This issue may lead to out-of-bounds read access or indirect host memory disclosure to the guest. The highest threat from this vulnerability is to data confidentiality. This flaw affects libslirp versions prior to 4.6.0.",Released
20210616,CVE-2021-3605,7.5,5.5,1187395,OpenEXR,https://www.suse.com/security/cve/CVE-2021-3605,"There's a flaw in OpenEXR's rleUncompress functionality in versions prior to 3.0.5. An attacker who is able to submit a crafted file to an application linked with OpenEXR could cause an out-of-bounds read. The greatest risk from this flaw is to application availability.",Released
20210617,CVE-2021-34693,6.2,5.5,1187452,kernel-source,https://www.suse.com/security/cve/CVE-2021-34693,"net/can/bcm.c in the Linux kernel through 5.12.10 allows local users to obtain sensitive information from kernel stack memory because parts of a data structure are uninitialized.",Released
20210618,CVE-2021-3609,7,7,1187215,kernel-source,https://www.suse.com/security/cve/CVE-2021-3609,".A flaw was found in the CAN BCM networking protocol in the Linux kernel, where a local attacker can abuse a flaw in the CAN subsystem to corrupt memory, crash the system or escalate privileges. This race condition in net/can/bcm.c in the Linux kernel allows for local privilege escalation to root.",Released
20210622,CVE-2021-0512,8.4,7.8,1187595,kernel-source,https://www.suse.com/security/cve/CVE-2021-0512,"In __hidinput_change_resolution_multipliers of hid-input.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-173843328References: Upstream kernel",Released
20210625,CVE-2020-28097,6.2,5.9,1187723,kernel-source,https://www.suse.com/security/cve/CVE-2020-28097,"The vgacon subsystem in the Linux kernel before 5.8.10 mishandles software scrollback. There is a vgacon_scrolldelta out-of-bounds read, aka CID-973c096f6a85.",Already fixed
20210628,CVE-2021-34183,0,7.5,1187762,ImageMagick,https://www.suse.com/security/cve/CVE-2021-34183,"** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.",Won't fix
20210629,CVE-2021-35937,6.3,6.4,1157882,rpm,https://www.suse.com/security/cve/CVE-2021-35937,"A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",Won't fix
20210629,CVE-2021-35938,6.5,6.7,1157880,rpm,https://www.suse.com/security/cve/CVE-2021-35938,"A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",Won't fix
20210629,CVE-2021-35939,6.5,6.7,1157883,rpm,https://www.suse.com/security/cve/CVE-2021-35939,"It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",Won't fix
20210630,CVE-2021-3630,7.3,5.5,1187869,djvulibre,https://www.suse.com/security/cve/CVE-2021-3630,"An out-of-bounds write vulnerability was found in DjVuLibre in DJVU::DjVuTXT::decode() in DjVuText.cpp via a crafted djvu file which may lead to crash and segmentation fault. This flaw affects DjVuLibre versions prior to 3.5.28.",Released
20210701,CVE-2021-31615,5.3,5.3,1187902,bluez,https://www.suse.com/security/cve/CVE-2021-31615,"Unencrypted Bluetooth Low Energy baseband links in Bluetooth Core Specifications 4.0 through 5.2 may permit an adjacent device to inject a crafted packet during the receive window of the listening device before the transmitting device initiates its packet transmission to achieve full MITM status without terminating the link. When applied against devices establishing or using encrypted links, crafted packets may be used to terminate an existing link, but will not compromise the confidentiality or integrity of the link.",Unsupported
20210701,CVE-2021-35942,5.1,9.1,1187911,glibc,https://www.suse.com/security/cve/CVE-2021-35942,"The wordexp function in the GNU C Library (aka glibc) through 2.33 may crash or read arbitrary memory in parse_param (in posix/wordexp.c) when called with an untrusted, crafted pattern, potentially resulting in a denial of service or disclosure of information. This occurs because atoi was used but strtoul should have been used to ensure correct calculations.",Released
20210706,CVE-2021-21704,7.5,5.9,1188035,php53,https://www.suse.com/security/cve/CVE-2021-21704,"In PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21 and 8.0.x below 8.0.8, when using Firebird PDO driver extension, a malicious database server could cause crashes in various database functions, such as getAttribute(), execute(), fetch() and others by returning invalid response data that is not parsed correctly by the driver. This can result in crashes, denial of service or potentially memory corruption.",Unsupported
20210706,CVE-2021-21705,5.3,5.3,1188037,php53,https://www.suse.com/security/cve/CVE-2021-21705,"In PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21 and 8.0.x below 8.0.8, when using URL validation functionality via filter_var() function with FILTER_VALIDATE_URL parameter, an URL with invalid password field can be accepted as valid. This can lead to the code incorrectly parsing the URL and potentially leading to other security implications - like contacting a wrong server or making a wrong access decision.",Released
20210713,CVE-2021-22922,6.5,6.5,1188217,curl,https://www.suse.com/security/cve/CVE-2021-22922,"When curl is instructed to download content using the metalink feature, thecontents is verified against a hash provided in the metalink XML file.The metalink XML file points out to the client how to get the same contentfrom a set of different URLs, potentially hosted by different servers and theclient can then download the file from one or several of them. In a serial orparallel manner.If one of the servers hosting the contents has been breached and the contentsof the specific file on that server is replaced with a modified payload, curlshould detect this when the hash of the file mismatches after a completeddownload. It should remove the contents and instead try getting the contentsfrom another URL. This is not done, and instead such a hash mismatch is onlymentioned in text and the potentially malicious content is kept in the file ondisk.",Released
20210713,CVE-2021-22923,5.3,5.3,1188218,curl,https://www.suse.com/security/cve/CVE-2021-22923,"When curl is instructed to get content using the metalink feature, and a user name and password are used to download the metalink XML file, those same credentials are then subsequently passed on to each of the servers from which curl will download or try to download the contents from. Often contrary to the user's expectations and intentions and without telling the user it happened.",Released
20210713,CVE-2021-22924,5.4,3.7,1188219,curl,https://www.suse.com/security/cve/CVE-2021-22924,"libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse, if one of them matches the setup.Due to errors in the logic, the config matching function did not take 'issuercert' into account and it compared the involved paths *case insensitively*,which could lead to libcurl reusing wrong connections.File paths are, or can be, case sensitive on many systems but not all, and caneven vary depending on used file systems.The comparison also didn't include the 'issuer cert' which a transfer can setto qualify how to verify the server certificate.",Released
20210713,CVE-2021-22925,4.3,5.3,1188220,curl,https://www.suse.com/security/cve/CVE-2021-22925,"curl supports the `-t` command line option, known as `CURLOPT_TELNETOPTIONS`in libcurl. This rarely used option is used to send variable=content pairs toTELNET servers.Due to flaw in the option parser for sending `NEW_ENV` variables, libcurlcould be made to pass on uninitialized data from a stack based buffer to theserver. Therefore potentially revealing sensitive internal information to theserver using a clear-text network protocol.This could happen because curl did not call and use sscanf() correctly whenparsing the string provided by the application.",Released
20210714,CVE-2021-30640,6.5,6.5,1188279,tomcat6,https://www.suse.com/security/cve/CVE-2021-30640,"A vulnerability in the JNDI Realm of Apache Tomcat allows an attacker to authenticate using variations of a valid user name and/or to bypass some of the protection provided by the LockOut Realm. This issue affects Apache Tomcat 10.0.0-M1 to 10.0.5; 9.0.0.M1 to 9.0.45; 8.5.0 to 8.5.65.",Won't fix
20210714,CVE-2021-33037,4.3,5.3,1188278,tomcat6,https://www.suse.com/security/cve/CVE-2021-33037,"Apache Tomcat 10.0.0-M1 to 10.0.6, 9.0.0.M1 to 9.0.46 and 8.5.0 to 8.5.66 did not correctly parse the HTTP transfer-encoding request header in some circumstances leading to the possibility to request smuggling when used with a reverse proxy. Specifically: - Tomcat incorrectly ignored the transfer encoding header if the client declared it would only accept an HTTP/1.0 response; - Tomcat honoured the identify encoding; and - Tomcat did not ensure that, if present, the chunked encoding was the final encoding.",Won't fix
20210714,CVE-2021-3640,7.4,7,1188172,kernel-source,https://www.suse.com/security/cve/CVE-2021-3640,"A flaw use-after-free in function sco_sock_sendmsg() of the Linux kernel HCI subsystem was found in the way user calls ioct UFFDIO_REGISTER or other way triggers race condition of the call sco_conn_del() together with the call sco_sock_sendmsg() with the expected controllable faulting memory page. A privileged local user could use this flaw to crash the system or escalate their privileges on the system.",Released
20210715,CVE-2021-31810,7.5,5.8,1188161,ruby,https://www.suse.com/security/cve/CVE-2021-31810,"An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. A malicious FTP server can use the PASV response to trick Net::FTP into connecting back to a given IP address and port. This potentially makes curl extract information about services that are otherwise private and not disclosed (e.g., the attacker can conduct port scans and service banner extractions).",Released
20210715,CVE-2021-32066,7.4,7.4,1188160,ruby,https://www.suse.com/security/cve/CVE-2021-32066,"An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. Net::IMAP does not raise an exception when StartTLS fails with an an unknown response, which might allow man-in-the-middle attackers to bypass the TLS protections by leveraging a network position between the client and the registry to block the StartTLS command, aka a \"StartTLS stripping attack.\"",Released
20210719,CVE-2021-20298,7.5,7.5,1188460,OpenEXR,https://www.suse.com/security/cve/CVE-2021-20298,"A flaw was found in OpenEXR's B44Compressor. This flaw allows an attacker who can submit a crafted file to be processed by OpenEXR, to exhaust all memory accessible to the application. The highest threat from this vulnerability is to system availability.",Released
20210719,CVE-2021-20300,5.3,5.5,1188458,OpenEXR,https://www.suse.com/security/cve/CVE-2021-20300,"A flaw was found in OpenEXR's hufUncompress functionality in OpenEXR/IlmImf/ImfHuf.cpp. This flaw allows an attacker who can submit a crafted file that is processed by OpenEXR, to trigger an integer overflow. The highest threat from this vulnerability is to system availability.",Released
20210719,CVE-2021-20303,6.1,6.1,1188457,OpenEXR,https://www.suse.com/security/cve/CVE-2021-20303,"A flaw found in function dataWindowForTile() of IlmImf/ImfTiledMisc.cpp. An attacker who is able to submit a crafted file to be processed by OpenEXR could trigger an integer overflow, leading to an out-of-bounds write on the heap. The greatest impact of this flaw is to application availability, with some potential impact to data integrity as well.",Released
20210719,CVE-2021-20304,5.3,7.5,1188461,OpenEXR,https://www.suse.com/security/cve/CVE-2021-20304,"A flaw was found in OpenEXR's hufDecode functionality. This flaw allows an attacker who can pass a crafted file to be processed by OpenEXR, to trigger an undefined right shift error. The highest threat from this vulnerability is to system availability.",Released
20210719,CVE-2021-27845,4,5.5,1188437,jasper,https://www.suse.com/security/cve/CVE-2021-27845,"A Divide-by-zero vulnerability exists in JasPer Image Coding Toolkit 2.0 in jasper/src/libjasper/jpc/jpc_enc.c",Released
20210719,CVE-2021-36374,5.5,5.5,1188469,ant,https://www.suse.com/security/cve/CVE-2021-36374,"When reading a specially crafted ZIP archive, or a derived formats, an Apache Ant build can be made to allocate large amounts of memory that leads to an out of memory error, even for small inputs. This can be used to disrupt builds using Apache Ant. Commonly used derived formats from ZIP archives are for instance JAR files and many office files. Apache Ant prior to 1.9.16 and 1.10.11 were affected.",Released
20210720,CVE-2017-9778,3.3,5.5,1188512,gdb,https://www.suse.com/security/cve/CVE-2017-9778,"GNU Debugger (GDB) 8.0 and earlier fails to detect a negative length field in a DWARF section. A malformed section in an ELF binary or a core file can cause GDB to repeatedly allocate memory until a process limit is reached. This can, for example, impede efforts to analyze malware with GDB.",Ignore
20210720,CVE-2018-20106,6.3,8.1,1114853,yast2-printer,https://www.suse.com/security/cve/CVE-2018-20106,"In yast2-printer up to and including version 4.0.2 the SMB printer settings don't escape characters in passwords properly. If a password with backticks or simliar characters is supplied this allows for executing code as root. This requires tricking root to enter such a password in yast.",Won't fix
20210720,CVE-2020-26140,6.5,6.5,1188528,kernel-source,https://www.suse.com/security/cve/CVE-2020-26140,"An issue was discovered in the ALFA Windows 10 driver 6.1316.1209 for AWUS036H. The WEP, WPA, WPA2, and WPA3 implementations accept plaintext frames in a protected Wi-Fi network. An adversary can abuse this to inject arbitrary data frames independent of the network configuration.",Released
20210721,CVE-2019-25051,7.8,7.8,1188576,aspell,https://www.suse.com/security/cve/CVE-2019-25051,"objstack in GNU Aspell 0.60.8 has a heap-based buffer overflow in acommon::ObjStack::dup_top (called from acommon::StringMap::add and acommon::Config::lookup_list).",Released
20210721,CVE-2021-22235,6.5,7.5,1188375,wireshark,https://www.suse.com/security/cve/CVE-2021-22235,"Crash in DNP dissector in Wireshark 3.4.0 to 3.4.6 and 3.2.0 to 3.2.14 allows denial of service via packet injection or crafted capture file",Affected
20210721,CVE-2021-2341,3.1,3.1,1188564,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2021-2341,"Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u301, 8u291, 11.0.11, 16.0.1; Oracle GraalVM Enterprise Edition: 20.3.2 and 21.1.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N).",Released
20210721,CVE-2021-2369,4.3,4.3,1188565,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2021-2369,"Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Library). Supported versions that are affected are Java SE: 7u301, 8u291, 11.0.11, 16.0.1; Oracle GraalVM Enterprise Edition: 20.3.2 and 21.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N).",Released
20210721,CVE-2021-2432,3.7,3.7,1188568,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2021-2432,"Vulnerability in the Java SE product of Oracle Java SE (component: JNDI). The supported version that is affected is Java SE: 7u301. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).",Released
20210721,CVE-2021-3246,9.8,8.8,1188540,libsndfile,https://www.suse.com/security/cve/CVE-2021-3246,"A heap buffer overflow vulnerability in msadpcm_decode_block of libsndfile 1.0.30 allows attackers to execute arbitrary code via a crafted WAV file.",Released
20210721,CVE-2021-3655,4,3.3,1188563,kernel-source,https://www.suse.com/security/cve/CVE-2021-3655,"A vulnerability was found in the Linux kernel in versions prior to v5.14-rc1. Missing size validations on inbound SCTP packets may allow the kernel to read uninitialized memory.",Released
20210722,CVE-2021-37159,5.5,6.4,1188601,kernel-source,https://www.suse.com/security/cve/CVE-2021-37159,"hso_free_net_device in drivers/net/usb/hso.c in the Linux kernel through 5.13.4 calls unregister_netdev without checking for the NETREG_REGISTERED state, leading to a use-after-free and a double free.",Released
20210728,CVE-2021-3658,4.6,6.5,1188859,bluez,https://www.suse.com/security/cve/CVE-2021-3658,"bluetoothd from bluez incorrectly saves adapters' Discoverable status when a device is powered down, and restores it when powered up. If a device is powered down while discoverable, it will be discoverable when powered on again. This could lead to inadvertent exposure of the bluetooth stack to physically nearby attackers.",Unsupported
20210729,CVE-2021-36386,5.1,7.5,1188875,fetchmail,https://www.suse.com/security/cve/CVE-2021-36386,"report_vbuild in report.c in Fetchmail before 6.4.20 sometimes omits initialization of the vsnprintf va_list argument, which might allow mail servers to cause a denial of service or possibly have unspecified other impact via long error messages. NOTE: it is unclear whether use of Fetchmail on any realistic platform results in an impact beyond an inconvenience to the client user.",Released
20210730,CVE-2021-3672,8.1,5.6,1188881,libcares2,https://www.suse.com/security/cve/CVE-2021-3672,"A flaw was found in c-ares library, where a missing input validation check of host names returned by DNS (Domain Name Servers) can lead to output of wrong hostnames which might potentially lead to Domain Hijacking. The highest threat from this vulnerability is to confidentiality and integrity as well as system availability.",Released
20210804,CVE-2021-3679,5.5,5.5,1189057,kernel-source,https://www.suse.com/security/cve/CVE-2021-3679,"A lack of CPU resource in the Linux kernel tracing module functionality in versions prior to 5.14-rc3 was found in the way user uses trace ring buffer in a specific way. Only privileged local users (with CAP_SYS_ADMIN capability) could use this flaw to starve the resources causing denial of service.",Released
20210805,CVE-2021-3682,6,8.5,1189145,kvm,https://www.suse.com/security/cve/CVE-2021-3682,"A flaw was found in the USB redirector device emulation of QEMU in versions prior to 6.1.0-rc2. It occurs when dropping packets during a bulk transfer from a SPICE client due to the packet queue being full. A malicious SPICE client could use this flaw to make QEMU call free() with faked heap chunk metadata, resulting in a crash of QEMU or potential code execution with the privileges of the QEMU process on the host.",Unsupported
20210805,CVE-2021-3682,6,8.5,1189145,xen,https://www.suse.com/security/cve/CVE-2021-3682,"A flaw was found in the USB redirector device emulation of QEMU in versions prior to 6.1.0-rc2. It occurs when dropping packets during a bulk transfer from a SPICE client due to the packet queue being full. A malicious SPICE client could use this flaw to make QEMU call free() with faked heap chunk metadata, resulting in a crash of QEMU or potential code execution with the privileges of the QEMU process on the host.",Released
20210809,CVE-2021-38185,8.8,7.8,1189206,cpio,https://www.suse.com/security/cve/CVE-2021-38185,"GNU cpio through 2.13 allows attackers to execute arbitrary code via a crafted pattern file, because of a dstring.c ds_fgetstr integer overflow that triggers an out-of-bounds heap write. NOTE: it is unclear whether there are common cases where the pattern file, associated with the -E option, is untrusted data.",Released
20210810,CVE-2021-3601,3.3,,1189259,openssl,https://www.suse.com/security/cve/CVE-2021-3601,"** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. OpenSSL does not class this issue as a security vulnerability. The trusted CA store should not contain anything that the user does not trust to issue other certificates. Notes: https://github.com/openssl/openssl/issues/5236#issuecomment-1196460611",Ignore
20210810,CVE-2021-38198,7.8,5.5,1189262,kernel-source,https://www.suse.com/security/cve/CVE-2021-38198,"arch/x86/kvm/mmu/paging_tmpl.h in the Linux kernel before 5.12.11 incorrectly computes the access permissions of a shadow page, leading to a missing guest protection page fault.",Released
20210811,CVE-2020-21680,7.5,5.5,1189343,transfig,https://www.suse.com/security/cve/CVE-2020-21680,"A stack-based buffer overflow in the put_arrow() component in genpict2e.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into pict2e format.",Released
20210811,CVE-2020-21681,7.5,5.5,1189345,transfig,https://www.suse.com/security/cve/CVE-2020-21681,"A global buffer overflow in the set_color component in genge.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into ge format.",Released
20210811,CVE-2020-21682,7.5,5.5,1189346,transfig,https://www.suse.com/security/cve/CVE-2020-21682,"A global buffer overflow in the set_fill component in genge.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into ge format.",Released
20210811,CVE-2020-21683,7.5,5.5,1189325,transfig,https://www.suse.com/security/cve/CVE-2020-21683,"A global buffer overflow in the shade_or_tint_name_after_declare_color in genpstricks.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into pstricks format.",Released
20210811,CVE-2021-32815,3.1,5.5,1189337,exiv2,https://www.suse.com/security/cve/CVE-2021-32815,"Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. The assertion failure is triggered when Exiv2 is used to modify the metadata of a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only triggered when modifying the metadata, which is a less frequently used Exiv2 operation than reading the metadata. For example, to trigger the bug in the Exiv2 command-line application, you need to add an extra command-line argument such as `fi`. ### Patches The bug is fixed in version v0.27.5. ### References Regression test and bug fix: #1739 ### For more information Please see our [security policy](https://github.com/Exiv2/exiv2/security/policy) for information about Exiv2 security.",Affected
20210811,CVE-2021-33582,7.5,7.5,1189313,cyrus-imapd,https://www.suse.com/security/cve/CVE-2021-33582,"Cyrus IMAP before 3.4.2 allows remote attackers to cause a denial of service (multiple-minute daemon hang) via input that is mishandled during hash-table interaction. Because there are many insertions into a single bucket, strcmp becomes slow. This is fixed in 3.4.2, 3.2.8, and 3.0.16.",Released
20210811,CVE-2021-34334,6.5,5.5,1189338,exiv2,https://www.suse.com/security/cve/CVE-2021-34334,"Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An infinite loop is triggered when Exiv2 is used to read the metadata of a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service, if they can trick the victim into running Exiv2 on a crafted image file. The bug is fixed in version v0.27.5.",Released
20210811,CVE-2021-37615,3.1,5.5,1189341,exiv2,https://www.suse.com/security/cve/CVE-2021-37615,"Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. A null pointer dereference was found in Exiv2 versions v0.27.4 and earlier. The null pointer dereference is triggered when Exiv2 is used to print the metadata of a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only triggered when printing the interpreted (translated) data, which is a less frequently used Exiv2 operation that requires an extra command line option (`-p t` or `-P t`). The bug is fixed in version v0.27.5.",Won't fix
20210811,CVE-2021-37616,3.1,5.5,1189341,exiv2,https://www.suse.com/security/cve/CVE-2021-37616,"Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. A null pointer dereference was found in Exiv2 versions v0.27.4 and earlier. The null pointer dereference is triggered when Exiv2 is used to print the metadata of a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only triggered when printing the interpreted (translated) data, which is a less frequently used Exiv2 operation that requires an extra command line option (`-p t` or `-P t`). The bug is fixed in version v0.27.5.",Won't fix
20210811,CVE-2021-37620,3.1,5.5,1189332,exiv2,https://www.suse.com/security/cve/CVE-2021-37620,"Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An out-of-bounds read was found in Exiv2 versions v0.27.4 and earlier. The out-of-bounds read is triggered when Exiv2 is used to read the metadata of a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service, if they can trick the victim into running Exiv2 on a crafted image file. The bug is fixed in version v0.27.5.",Won't fix
20210812,CVE-2021-28116,5.3,5.3,1189403,squid3,https://www.suse.com/security/cve/CVE-2021-28116,"Squid through 4.14 and 5.x through 5.0.5, in some configurations, allows information disclosure because of an out-of-bounds read in WCCP protocol data. This can be leveraged as part of a chain for remote code execution as nobody.",Unsupported
20210812,CVE-2021-28116,5.3,5.3,1189403,squid,https://www.suse.com/security/cve/CVE-2021-28116,"Squid through 4.14 and 5.x through 5.0.5, in some configurations, allows information disclosure because of an out-of-bounds read in WCCP protocol data. This can be leveraged as part of a chain for remote code execution as nobody.",Unsupported
20210812,CVE-2021-28694,8.4,6.8,1189373,xen,https://www.suse.com/security/cve/CVE-2021-28694,"IOMMU page mapping issues on x86 T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Both AMD and Intel allow ACPI tables to specify regions of memory which should be left untranslated, which typically means these addresses should pass the translation phase unaltered. While these are typically device specific ACPI properties, they can also be specified to apply to a range of devices, or even all devices. On all systems with such regions Xen failed to prevent guests from undoing/replacing such mappings (CVE-2021-28694). On AMD systems, where a discontinuous range is specified by firmware, the supposedly-excluded middle range will also be identity-mapped (CVE-2021-28695). Further, on AMD systems, upon de-assigment of a physical device from a guest, the identity mappings would be left in place, allowing a guest continued access to ranges of memory which it shouldn't have access to anymore (CVE-2021-28696).",Unsupported
20210812,CVE-2021-28695,8.4,6.8,1189373,xen,https://www.suse.com/security/cve/CVE-2021-28695,"IOMMU page mapping issues on x86 T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Both AMD and Intel allow ACPI tables to specify regions of memory which should be left untranslated, which typically means these addresses should pass the translation phase unaltered. While these are typically device specific ACPI properties, they can also be specified to apply to a range of devices, or even all devices. On all systems with such regions Xen failed to prevent guests from undoing/replacing such mappings (CVE-2021-28694). On AMD systems, where a discontinuous range is specified by firmware, the supposedly-excluded middle range will also be identity-mapped (CVE-2021-28695). Further, on AMD systems, upon de-assigment of a physical device from a guest, the identity mappings would be left in place, allowing a guest continued access to ranges of memory which it shouldn't have access to anymore (CVE-2021-28696).",Unsupported
20210812,CVE-2021-28696,8.4,6.8,1189373,xen,https://www.suse.com/security/cve/CVE-2021-28696,"IOMMU page mapping issues on x86 T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Both AMD and Intel allow ACPI tables to specify regions of memory which should be left untranslated, which typically means these addresses should pass the translation phase unaltered. While these are typically device specific ACPI properties, they can also be specified to apply to a range of devices, or even all devices. On all systems with such regions Xen failed to prevent guests from undoing/replacing such mappings (CVE-2021-28694). On AMD systems, where a discontinuous range is specified by firmware, the supposedly-excluded middle range will also be identity-mapped (CVE-2021-28695). Further, on AMD systems, upon de-assigment of a physical device from a guest, the identity mappings would be left in place, allowing a guest continued access to ranges of memory which it shouldn't have access to anymore (CVE-2021-28696).",Unsupported
20210812,CVE-2021-28697,7.4,7.8,1189376,xen,https://www.suse.com/security/cve/CVE-2021-28697,"grant table v2 status pages may remain accessible after de-allocation Guest get permitted access to certain Xen-owned pages of memory. The majority of such pages remain allocated / associated with a guest for its entire lifetime. Grant table v2 status pages, however, get de-allocated when a guest switched (back) from v2 to v1. The freeing of such pages requires that the hypervisor know where in the guest these pages were mapped. The hypervisor tracks only one use within guest space, but racing requests from the guest to insert mappings of these pages may result in any of them to become mapped in multiple locations. Upon switching back from v2 to v1, the guest would then retain access to a page that was freed and perhaps re-used for other purposes.",Released
20210812,CVE-2021-28698,5.5,5.5,1189378,xen,https://www.suse.com/security/cve/CVE-2021-28698,"long running loops in grant table handling In order to properly monitor resource use, Xen maintains information on the grant mappings a domain may create to map grants offered by other domains. In the process of carrying out certain actions, Xen would iterate over all such entries, including ones which aren't in use anymore and some which may have been created but never used. If the number of entries for a given domain is large enough, this iterating of the entire table may tie up a CPU for too long, starving other domains or causing issues in the hypervisor itself. Note that a domain may map its own grants, i.e. there is no need for multiple domains to be involved here. A pair of \"cooperating\" guests may, however, cause the effects to be more severe.",Released
20210812,CVE-2021-3653,7.8,8.8,1189399,kernel-source,https://www.suse.com/security/cve/CVE-2021-3653,"A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB (virtual machine control block) provided by the L1 guest to spawn/handle a nested guest (L2). Due to improper validation of the \"int_ctl\" field, this issue could allow a malicious L1 to enable AVIC support (Advanced Virtual Interrupt Controller) for the L2 guest. As a result, the L2 guest would be allowed to read/write physical pages of the host, resulting in a crash of the entire system, leak of sensitive data or potential guest-to-host escape. This flaw affects Linux kernel versions prior to 5.14-rc7.",Released
20210813,CVE-2019-9475,5.5,5.5,1189429,kernel-source,https://www.suse.com/security/cve/CVE-2019-9475,"In /proc/net of the kernel filesystem, there is a possible information leak due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-9496886",Unsupported
20210817,CVE-2021-3712,5.3,7.4,1189521,openssl,https://www.suse.com/security/cve/CVE-2021-3712,"ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which contains a buffer holding the string data and a field holding the buffer length. This contrasts with normal C strings which are repesented as a buffer for the string data which is terminated with a NUL (0) byte. Although not a strict requirement, ASN.1 strings that are parsed using OpenSSL's own \"d2i\" functions (and other similar parsing functions) as well as any string whose value has been set with the ASN1_STRING_set() function will additionally NUL terminate the byte array in the ASN1_STRING structure. However, it is possible for applications to directly construct valid ASN1_STRING structures which do not NUL terminate the byte array by directly setting the \"data\" and \"length\" fields in the ASN1_STRING array. This can also happen by using the ASN1_STRING_set0() function. Numerous OpenSSL functions that print ASN.1 data have been found to assume that the ASN1_STRING byte array will be NUL terminated, even though this is not guaranteed for strings that have been directly constructed. Where an application requests an ASN.1 structure to be printed, and where that ASN.1 structure contains ASN1_STRINGs that have been directly constructed by the application without NUL terminating the \"data\" field, then a read buffer overrun can occur. The same thing can also occur during name constraints processing of certificates (for example if a certificate has been directly constructed by the application instead of loading it via the OpenSSL parsing functions, and the certificate contains non NUL terminated ASN1_STRING structures). It can also occur in the X509_get1_email(), X509_REQ_get1_email() and X509_get1_ocsp() functions. If a malicious actor can cause an application to directly construct an ASN1_STRING and then process it through one of the affected OpenSSL functions then this issue could be hit. This might result in a crash (causing a Denial of Service attack). It could also result in the disclosure of private memory contents (such as private keys, or sensitive plaintext). Fixed in OpenSSL 1.1.1l (Affected 1.1.1-1.1.1k). Fixed in OpenSSL 1.0.2za (Affected 1.0.2-1.0.2y).",Released
20210818,CVE-2020-36193,7.5,7.5,1189591,php53,https://www.suse.com/security/cve/CVE-2020-36193,"Tar.php in Archive_Tar through 1.4.11 allows write operations with Directory Traversal due to inadequate checking of symbolic links, a related issue to CVE-2020-28948.",Released
20210820,CVE-2021-28701,7.4,7.8,1189632,xen,https://www.suse.com/security/cve/CVE-2021-28701,"Another race in XENMAPSPACE_grant_table handling Guests are permitted access to certain Xen-owned pages of memory. The majority of such pages remain allocated / associated with a guest for its entire lifetime. Grant table v2 status pages, however, are de-allocated when a guest switches (back) from v2 to v1. Freeing such pages requires that the hypervisor enforce that no parallel request can result in the addition of a mapping of such a page to a guest. That enforcement was missing, allowing guests to retain access to pages that were freed and perhaps re-used for other purposes. Unfortunately, when XSA-379 was being prepared, this similar issue was not noticed.",Released
20210823,CVE-2021-3733,4,6.5,1189287,python,https://www.suse.com/security/cve/CVE-2021-3733,"There's a flaw in urllib's AbstractBasicAuthHandler class. An attacker who controls a malicious HTTP server that an HTTP client (such as web browser) connects to, could trigger a Regular Expression Denial of Service (ReDOS) during an authentication request with a specially crafted payload that is sent by the server to the client. The greatest threat that this flaw poses is to application availability.",Released
20210824,CVE-2021-35465,,3.4,1189751,gcc33,https://www.suse.com/security/cve/CVE-2021-35465,"Certain Arm products before 2021-08-23 do not properly consider the effect of exceptions on a VLLDM instruction. A Non-secure handler may have read or write access to part of a Secure context. This affects Arm Cortex-M33 r0p0 through r1p0, Arm Cortex-M35P r0, Arm Cortex-M55 r0p0 through r1p0, and Arm China STAR-MC1 (in the STAR SE configuration).",Unsupported
20210824,CVE-2021-35465,,3.4,1189751,gcc5,https://www.suse.com/security/cve/CVE-2021-35465,"Certain Arm products before 2021-08-23 do not properly consider the effect of exceptions on a VLLDM instruction. A Non-secure handler may have read or write access to part of a Secure context. This affects Arm Cortex-M33 r0p0 through r1p0, Arm Cortex-M35P r0, Arm Cortex-M55 r0p0 through r1p0, and Arm China STAR-MC1 (in the STAR SE configuration).",Unsupported
20210826,CVE-2021-3737,6.5,7.5,1189241,python,https://www.suse.com/security/cve/CVE-2021-3737,"A flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, who controls the HTTP server, to make the client script enter an infinite loop, consuming CPU time. The highest threat from this vulnerability is to system availability.",Released
20210827,CVE-2021-3735,6,4.4,1189886,xen,https://www.suse.com/security/cve/CVE-2021-3735,"A deadlock issue was found in the AHCI controller device of QEMU. It occurs on a software reset (ahci_reset_port) while handling a host-to-device Register FIS (Frame Information Structure) packet from the guest. A privileged user inside the guest could use this flaw to hang the QEMU process on the host, resulting in a denial of service condition. The highest threat from this vulnerability is to system availability.",Unsupported
20210830,CVE-2021-40153,6.6,8.1,1189936,squashfs,https://www.suse.com/security/cve/CVE-2021-40153,"squashfs_opendir in unsquash-1.c in Squashfs-Tools 4.5 stores the filename in the directory entry; this is then used by unsquashfs to create the new file during the unsquash. The filename is not validated for traversal outside of the destination directory, and thus allows writing to locations outside of the destination.",Unsupported
20210831,CVE-2020-12965,2.9,7.5,1190017,kernel-source,https://www.suse.com/security/cve/CVE-2020-12965,"When combined with specific software sequences, AMD CPUs may transiently execute non-canonical loads and store using only the lower 48 address bits potentially resulting in data leakage.",Analysis
20210831,CVE-2021-3750,7.5,8.2,1190011,kvm,https://www.suse.com/security/cve/CVE-2021-3750,"A DMA reentrancy issue was found in the USB EHCI controller emulation of QEMU. EHCI does not verify if the Buffer Pointer overlaps with its MMIO region when it transfers the USB packets. Crafted content may be written to the controller's registers and trigger undesirable actions (such as reset) while the device is still transferring packets. This can ultimately lead to a use-after-free issue. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition, or potentially execute arbitrary code within the context of the QEMU process on the host. This flaw affects QEMU versions before 7.0.0.",Ignore
20210831,CVE-2021-3753,2.9,4.7,1190025,kernel-source,https://www.suse.com/security/cve/CVE-2021-3753,"A race problem was seen in the vt_k_ioctl in drivers/tty/vt/vt_ioctl.c in the Linux kernel, which may cause an out of bounds read in vt as the write access to vc_mode is not protected by lock-in vt_ioctl (KDSETMDE). The highest threat from this vulnerability is to data confidentiality.",Released
20210901,CVE-2021-3755,0,,1190045,rsync,https://www.suse.com/security/cve/CVE-2021-3755,"** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.",Ignore
20210901,CVE-2021-39272,5.9,5.9,1190069,fetchmail,https://www.suse.com/security/cve/CVE-2021-39272,"Fetchmail before 6.4.22 fails to enforce STARTTLS session encryption in some circumstances, such as a certain situation with IMAP and PREAUTH.",Won't fix
20210902,CVE-2021-38160,7,7.8,1190117,kernel-source,https://www.suse.com/security/cve/CVE-2021-38160,"** DISPUTED ** In drivers/char/virtio_console.c in the Linux kernel before 5.13.4, data corruption or loss can be triggered by an untrusted device that supplies a buf->len value exceeding the buffer size. NOTE: the vendor indicates that the cited data corruption is not a vulnerability in any existing use case; the length validation was added solely for robustness in the face of anomalous host OS behavior.",Released
20210906,CVE-2021-3773,5.9,9.8,1189897,kernel-default,https://www.suse.com/security/cve/CVE-2021-3773,"A flaw in netfilter could allow a network-connected attacker to infer openvpn connection endpoint information for further use in traditional network attacks.",Analysis
20210906,CVE-2021-3773,5.9,9.8,1189897,kernel-ec2,https://www.suse.com/security/cve/CVE-2021-3773,"A flaw in netfilter could allow a network-connected attacker to infer openvpn connection endpoint information for further use in traditional network attacks.",Analysis
20210906,CVE-2021-3773,5.9,9.8,1189897,kernel-source,https://www.suse.com/security/cve/CVE-2021-3773,"A flaw in netfilter could allow a network-connected attacker to infer openvpn connection endpoint information for further use in traditional network attacks.",Analysis
20210906,CVE-2021-3773,5.9,9.8,1189897,kernel-syms,https://www.suse.com/security/cve/CVE-2021-3773,"A flaw in netfilter could allow a network-connected attacker to infer openvpn connection endpoint information for further use in traditional network attacks.",Analysis
20210906,CVE-2021-3773,5.9,9.8,1189897,kernel-trace,https://www.suse.com/security/cve/CVE-2021-3773,"A flaw in netfilter could allow a network-connected attacker to infer openvpn connection endpoint information for further use in traditional network attacks.",Analysis
20210906,CVE-2021-3773,5.9,9.8,1189897,kernel-xen,https://www.suse.com/security/cve/CVE-2021-3773,"A flaw in netfilter could allow a network-connected attacker to infer openvpn connection endpoint information for further use in traditional network attacks.",Analysis
20210906,CVE-2021-40524,7.5,7.5,1190205,pure-ftpd,https://www.suse.com/security/cve/CVE-2021-40524,"In Pure-FTPd before 1.0.50, an incorrect max_filesize quota mechanism in the server allows attackers to upload files of unbounded size, which may lead to denial of service or a server hang. This occurs because a certain greater-than-zero test does not anticipate an initial -1 value. (Versions 1.0.23 through 1.0.49 are affected.)",Released
20210907,CVE-2021-40528,5.9,5.9,1190239,libgcrypt,https://www.suse.com/security/cve/CVE-2021-40528,"The ElGamal implementation in Libgcrypt before 1.9.4 allows plaintext recovery because, during interaction between two cryptographic libraries, a certain dangerous combination of the prime defined by the receiver's public key, the generator defined by the receiver's public key, and the sender's ephemeral exponents can lead to a cross-configuration attack against OpenPGP.",Already fixed
20210909,CVE-2021-3772,5.9,6.5,1190351,kernel-source,https://www.suse.com/security/cve/CVE-2021-3772,"A flaw was found in the Linux SCTP stack. A blind attacker may be able to kill an existing SCTP association through invalid chunks if the attacker knows the IP-addresses and port numbers being used and the attacker can send packets with spoofed IP addresses.",Released
20210910,CVE-2021-22946,5.9,7.5,1190373,curl,https://www.suse.com/security/cve/CVE-2021-22946,"A user can tell curl >= 7.20.0 and <= 7.78.0 to require a successful upgrade to TLS when speaking to an IMAP, POP3 or FTP server (`--ssl-reqd` on the command line or`CURLOPT_USE_SSL` set to `CURLUSESSL_CONTROL` or `CURLUSESSL_ALL` withlibcurl). This requirement could be bypassed if the server would return a properly crafted but perfectly legitimate response.This flaw would then make curl silently continue its operations **withoutTLS** contrary to the instructions and expectations, exposing possibly sensitive data in clear text over the network.",Released
20210910,CVE-2021-22947,5.9,5.9,1190374,curl,https://www.suse.com/security/cve/CVE-2021-22947,"When curl >= 7.20.0 and <= 7.78.0 connects to an IMAP or POP3 server to retrieve data using STARTTLS to upgrade to TLS security, the server can respond and send back multiple responses at once that curl caches. curl would then upgrade to TLS but not flush the in-queue of cached responses but instead continue using and trustingthe responses it got *before* the TLS handshake as if they were authenticated.Using this flaw, it allows a Man-In-The-Middle attacker to first inject the fake responses, then pass-through the TLS traffic from the legitimate server and trick curl into sending data back to the user thinking the attacker's injected data comes from the TLS-protected server.",Released
20210910,CVE-2021-3781,9.8,9.9,1190381,ghostscript-library,https://www.suse.com/security/cve/CVE-2021-3781,"A trivial sandbox (enabled with the `-dSAFER` option) escape flaw was found in the ghostscript interpreter by injecting a specially crafted pipe command. This flaw allows a specially crafted document to execute arbitrary commands on the system in the context of the ghostscript interpreter. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.",Already fixed
20210910,CVE-2021-40812,4,6.5,1190400,gd,https://www.suse.com/security/cve/CVE-2021-40812,"The GD Graphics Library (aka LibGD) through 2.3.2 has an out-of-bounds read because of the lack of certain gdGetBuf and gdPutBuf return value checks.",Won't fix
20210910,CVE-2021-40812,4,6.5,1190400,php53,https://www.suse.com/security/cve/CVE-2021-40812,"The GD Graphics Library (aka LibGD) through 2.3.2 has an out-of-bounds read because of the lack of certain gdGetBuf and gdPutBuf return value checks.",Won't fix
20210915,CVE-2021-41054,5.9,7.5,1190522,atftp,https://www.suse.com/security/cve/CVE-2021-41054,"tftpd_file.c in atftp through 0.7.4 has a buffer overflow because buffer-size handling does not properly consider the combination of data, OACK, and other options.",Released
20210917,CVE-2016-20012,3.7,5.3,1190600,openssh,https://www.suse.com/security/cve/CVE-2016-20012,"** DISPUTED ** OpenSSH through 8.7 allows remote attackers, who have a suspicion that a certain combination of username and public key is known to an SSH server, to test whether this suspicion is correct. This occurs because a challenge is sent only when that combination could be valid for a login session. NOTE: the vendor does not recognize user enumeration as a vulnerability for this product.",Ignore
20210917,CVE-2020-21529,5.5,5.5,1190618,transfig,https://www.suse.com/security/cve/CVE-2020-21529,"fig2dev 3.2.7b contains a stack buffer overflow in the bezier_spline function in genepic.c.",Released
20210917,CVE-2020-21530,5.5,5.5,1190615,transfig,https://www.suse.com/security/cve/CVE-2020-21530,"fig2dev 3.2.7b contains a segmentation fault in the read_objects function in read.c.",Unsupported
20210917,CVE-2020-21531,5.5,5.5,1190617,transfig,https://www.suse.com/security/cve/CVE-2020-21531,"fig2dev 3.2.7b contains a global buffer overflow in the conv_pattern_index function in gencgm.c.",Released
20210917,CVE-2020-21532,7.8,5.5,1190616,transfig,https://www.suse.com/security/cve/CVE-2020-21532,"fig2dev 3.2.7b contains a global buffer overflow in the setfigfont function in genepic.c.",Released
20210917,CVE-2020-21533,7.8,5.5,1190612,transfig,https://www.suse.com/security/cve/CVE-2020-21533,"fig2dev 3.2.7b contains a stack buffer overflow in the read_textobject function in read.c.",Released
20210917,CVE-2020-21534,7.8,5.5,1190611,transfig,https://www.suse.com/security/cve/CVE-2020-21534,"fig2dev 3.2.7b contains a global buffer overflow in the get_line function in read.c.",Affected
20210917,CVE-2020-21535,5.5,5.5,1190607,transfig,https://www.suse.com/security/cve/CVE-2020-21535,"fig2dev 3.2.7b contains a segmentation fault in the gencgm_start function in gencgm.c.",Unsupported
20210920,CVE-2021-39275,7.5,9.8,1190666,apache2,https://www.suse.com/security/cve/CVE-2021-39275,"ap_escape_quotes() may write beyond the end of a buffer when given malicious input. No included modules pass untrusted data to these functions, but third-party / external modules may. This issue affects Apache HTTP Server 2.4.48 and earlier.",Released
20210922,CVE-2021-39537,6.2,8.8,1190793,ncurses,https://www.suse.com/security/cve/CVE-2021-39537,"An issue was discovered in ncurses through v6.2-1. _nc_captoinfo in captoinfo.c has a heap-based buffer overflow.",Released
20210927,CVE-2021-41617,7,7,1190975,openssh,https://www.suse.com/security/cve/CVE-2021-41617,"sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with group memberships of the sshd process, if the configuration specifies running the command as a different user.",Released
20210929,CVE-2021-20317,4.4,4.4,1191125,kernel-source,https://www.suse.com/security/cve/CVE-2021-20317,"A flaw was found in the Linux kernel. A corrupted timer tree caused the task wakeup to be missing in the timerqueue_add function in lib/timerqueue.c. This flaw allows a local attacker with special user privileges to cause a denial of service, slowing and eventually stopping the system while running OSP.",Unsupported
20210930,CVE-2020-3702,7.5,7.5,1191193,kernel-source,https://www.suse.com/security/cve/CVE-2020-3702,"u'Specifically timed and handcrafted traffic can cause internal errors in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a discrete set of traffic' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8053, IPQ4019, IPQ8064, MSM8909W, MSM8996AU, QCA9531, QCN5502, QCS405, SDX20, SM6150, SM7150",Ignore
20210930,CVE-2021-3695,7.5,4.5,1191184,grub2,https://www.suse.com/security/cve/CVE-2021-3695,"A crafted 16-bit grayscale PNG image may lead to a out-of-bounds write in the heap area. An attacker may take advantage of that to cause heap data corruption or eventually arbitrary code execution and circumvent secure boot protections. This issue has a high complexity to be exploited as an attacker needs to perform some triage over the heap layout to achieve signifcant results, also the values written into the memory are repeated three times in a row making difficult to produce valid payloads. This flaw affects grub2 versions prior grub-2.12.",Unsupported
20210930,CVE-2021-3696,5,4.5,1191185,grub2,https://www.suse.com/security/cve/CVE-2021-3696,"A heap out-of-bounds write may heppen during the handling of Huffman tables in the PNG reader. This may lead to data corruption in the heap space. Confidentiality, Integrity and Availablity impact may be considered Low as it's very complex to an attacker control the encoding and positioning of corrupted Huffman entries to achieve results such as arbitrary code execution and/or secure boot circumvention. This flaw affects grub2 versions prior grub-2.12.",Unsupported
20210930,CVE-2021-3697,7.5,7,1191186,grub2,https://www.suse.com/security/cve/CVE-2021-3697,"A crafted JPEG image may lead the JPEG reader to underflow its data pointer, allowing user-controlled data to be written in heap. To a successful to be performed the attacker needs to perform some triage over the heap layout and craft an image with a malicious format and payload. This vulnerability can lead to data corruption and eventual code execution or secure boot circumvention. This flaw affects grub2 versions prior grub-2.12.",Unsupported
20211001,CVE-2021-20316,5.9,6.8,1191227,samba,https://www.suse.com/security/cve/CVE-2021-20316,"A flaw was found in the way Samba handled file/directory metadata. This flaw allows an authenticated attacker with permissions to read or modify share metadata, to perform this operation outside of the share.",Won't fix
20211005,CVE-2021-42008,8.8,7.8,1191315,kernel-source,https://www.suse.com/security/cve/CVE-2021-42008,"The decode_data function in drivers/net/hamradio/6pack.c in the Linux kernel before 5.13.13 has a slab out-of-bounds write. Input from a process that has the CAP_NET_ADMIN capability can lead to root access.",Released
20211008,CVE-2021-3800,4.7,5.5,1191489,glib2,https://www.suse.com/security/cve/CVE-2021-3800,"A flaw was found in glib before version 2.63.6. Due to random charset alias, pkexec can leak content from files owned by privileged users to unprivileged ones under the right condition.",Released
20211011,CVE-2021-3864,8.4,7,1191281,kernel-source,https://www.suse.com/security/cve/CVE-2021-3864,"A flaw was found in the way the dumpable flag setting was handled when certain SUID binaries executed its descendants. The prerequisite is a SUID binary that sets real UID equal to effective UID, and real GID equal to effective GID. The descendant will then have a dumpable value set to 1. As a result, if the descendant process crashes and core_pattern is set to a relative value, its core dump is stored in the current directory with uid:gid permissions. An unprivileged local user with eligible root SUID binary could use this flaw to place core dumps into root-owned directories, potentially resulting in escalation of privileges.",Unsupported
20211011,CVE-2021-3864,8.4,7,1191281,logrotate,https://www.suse.com/security/cve/CVE-2021-3864,"A flaw was found in the way the dumpable flag setting was handled when certain SUID binaries executed its descendants. The prerequisite is a SUID binary that sets real UID equal to effective UID, and real GID equal to effective GID. The descendant will then have a dumpable value set to 1. As a result, if the descendant process crashes and core_pattern is set to a relative value, its core dump is stored in the current directory with uid:gid permissions. An unprivileged local user with eligible root SUID binary could use this flaw to place core dumps into root-owned directories, potentially resulting in escalation of privileges.",Released
20211015,CVE-2018-13410,,9.8,1191696,zip,https://www.suse.com/security/cve/CVE-2018-13410,"** DISPUTED ** Info-ZIP Zip 3.0, when the -T and -TT command-line options are used, allows attackers to cause a denial of service (invalid free and application crash) or possibly have unspecified other impact because of an off-by-one error. NOTE: it is unclear whether there are realistic scenarios in which an untrusted party controls the -TT value, given that the entire purpose of -TT is execution of arbitrary commands.",Ignore
20211019,CVE-2021-42574,8.3,8.3,1191820,emacs,https://www.suse.com/security/cve/CVE-2021-42574,"** DISPUTED ** An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0. It permits the visual reordering of characters via control sequences, which can be used to craft source code that renders different logic than the logical ordering of tokens ingested by compilers and interpreters. Adversaries can leverage this to encode source code for compilers accepting Unicode such that targeted vulnerabilities are introduced invisibly to human reviewers. NOTE: the Unicode Consortium offers the following alternative approach to presenting this concern. An issue is noted in the nature of international text that can affect applications that implement support for The Unicode Standard and the Unicode Bidirectional Algorithm (all versions). Due to text display behavior when text includes left-to-right and right-to-left characters, the visual order of tokens may be different from their logical order. Additionally, control characters needed to fully support the requirements of bidirectional text can further obfuscate the logical order of tokens. Unless mitigated, an adversary could craft source code such that the ordering of tokens perceived by human reviewers does not match what will be processed by a compiler/interpreter/etc. The Unicode Consortium has documented this class of vulnerability in its document, Unicode Technical Report #36, Unicode Security Considerations. The Unicode Consortium also provides guidance on mitigations for this class of issues in Unicode Technical Standard #39, Unicode Security Mechanisms, and in Unicode Standard Annex #31, Unicode Identifier and Pattern Syntax. Also, the BIDI specification allows applications to tailor the implementation in ways that can mitigate misleading visual reordering in program text; see HL4 in Unicode Standard Annex #9, Unicode Bidirectional Algorithm.",Ignore
20211019,CVE-2021-42574,8.3,8.3,1191820,vim,https://www.suse.com/security/cve/CVE-2021-42574,"** DISPUTED ** An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0. It permits the visual reordering of characters via control sequences, which can be used to craft source code that renders different logic than the logical ordering of tokens ingested by compilers and interpreters. Adversaries can leverage this to encode source code for compilers accepting Unicode such that targeted vulnerabilities are introduced invisibly to human reviewers. NOTE: the Unicode Consortium offers the following alternative approach to presenting this concern. An issue is noted in the nature of international text that can affect applications that implement support for The Unicode Standard and the Unicode Bidirectional Algorithm (all versions). Due to text display behavior when text includes left-to-right and right-to-left characters, the visual order of tokens may be different from their logical order. Additionally, control characters needed to fully support the requirements of bidirectional text can further obfuscate the logical order of tokens. Unless mitigated, an adversary could craft source code such that the ordering of tokens perceived by human reviewers does not match what will be processed by a compiler/interpreter/etc. The Unicode Consortium has documented this class of vulnerability in its document, Unicode Technical Report #36, Unicode Security Considerations. The Unicode Consortium also provides guidance on mitigations for this class of issues in Unicode Technical Standard #39, Unicode Security Mechanisms, and in Unicode Standard Annex #31, Unicode Identifier and Pattern Syntax. Also, the BIDI specification allows applications to tailor the implementation in ways that can mitigate misleading visual reordering in program text; see HL4 in Unicode Standard Annex #9, Unicode Bidirectional Algorithm.",Ignore
20211020,CVE-2021-42739,8.4,6.7,1184673,kernel-source,https://www.suse.com/security/cve/CVE-2021-42739,"A heap-based buffer overflow flaw was found in the Linux kernel FireDTV media card driver, where the user calls the CA_SEND_MSG ioctl. This flaw allows a local user of the host machine to crash the system or escalate privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.",Released
20211021,CVE-2021-35556,5.3,5.3,1191910,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2021-35556,"Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Swing). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).",Released
20211021,CVE-2021-35559,5.3,5.3,1191911,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2021-35559,"Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Swing). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).",Released
20211021,CVE-2021-35564,5.3,5.3,1191913,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2021-35564,"Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Keytool). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).",Released
20211021,CVE-2021-35565,5.3,5.3,1191909,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2021-35565,"Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).",Released
20211021,CVE-2021-35586,5.3,5.3,1191914,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2021-35586,"Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).",Released
20211021,CVE-2021-35588,3.1,3.1,1191905,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2021-35588,"Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Java SE: 7u311, 8u301; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.1 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L).",Released
20211022,CVE-2021-3896,4.7,,1191958,kernel-source,https://www.suse.com/security/cve/CVE-2021-3896,"** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-43389. Reason: This candidate is a reservation duplicate of CVE-2021-43389. Notes: All CVE users should reference CVE-2021-43389 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.",Released
20211022,CVE-2021-42096,5.3,4.3,1191959,mailman,https://www.suse.com/security/cve/CVE-2021-42096,"GNU Mailman before 2.1.35 may allow remote Privilege Escalation. A certain csrf_token value is derived from the admin password, and may be useful in conducting a brute-force attack against that password.",Released
20211022,CVE-2021-42097,5.3,8,1191960,mailman,https://www.suse.com/security/cve/CVE-2021-42097,"GNU Mailman before 2.1.35 may allow remote Privilege Escalation. A csrf_token value is not specific to a single user account. An attacker can obtain a value within the context of an unprivileged user account, and then use that value in a CSRF attack against an admin (e.g., for account takeover).",Released
20211022,CVE-2021-42782,7.8,5.3,1191957,opensc,https://www.suse.com/security/cve/CVE-2021-42782,"Stack buffer overflow issues were found in Opensc before version 0.22.0 in various places that could potentially crash programs using the library.",Released
20211025,CVE-2021-42780,2,5.3,1192005,opensc,https://www.suse.com/security/cve/CVE-2021-42780,"A use after return issue was found in Opensc before version 0.22.0 in insert_pin function that could potentially crash programs using the library.",Released
20211026,CVE-2021-0935,7.8,6.7,1192032,kernel-source,https://www.suse.com/security/cve/CVE-2021-0935,"In ip6_xmit of ip6_output.c, there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-168607263References: Upstream kernel",Unsupported
20211026,CVE-2021-21703,6.4,7,1192050,php53,https://www.suse.com/security/cve/CVE-2021-21703,"In PHP versions 7.3.x up to and including 7.3.31, 7.4.x below 7.4.25 and 8.0.x below 8.0.12, when running PHP FPM SAPI with main FPM daemon process running as root and child worker processes running as lower-privileged users, it is possible for the child processes to access memory shared with the main process and write to it, modifying it in a way that would cause the root process to conduct invalid memory reads and writes, which can be used to escalate privileges from local unprivileged user to the root user.",Unsupported
20211026,CVE-2021-32280,5.5,5.5,1192019,transfig,https://www.suse.com/security/cve/CVE-2021-32280,"An issue was discovered in fig2dev before 3.2.8.. A NULL pointer dereference exists in the function compute_closed_spline() located in trans_spline.c. It allows an attacker to cause Denial of Service. The fixed version of fig2dev is 3.2.8.",Released
20211026,CVE-2021-41035,2.9,9.8,1192052,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2021-41035,"In Eclipse Openj9 before version 0.29.0, the JVM does not throw IllegalAccessError for MethodHandles that invoke inaccessible interface methods.",Released
20211029,CVE-2021-25219,5.3,5.3,1192146,bind,https://www.suse.com/security/cve/CVE-2021-25219,"In BIND 9.3.0 -> 9.11.35, 9.12.0 -> 9.16.21, and versions 9.9.3-S1 -> 9.11.35-S1 and 9.16.8-S1 -> 9.16.21-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.18 of the BIND 9.17 development branch, exploitation of broken authoritative servers using a flaw in response processing can cause degradation in BIND resolver performance. The way the lame cache is currently designed makes it possible for its internal data structures to grow almost infinitely, which may cause significant delays in client query processing.",Released
20211103,CVE-2020-25717,8.1,8.1,1192284,samba-doc,https://www.suse.com/security/cve/CVE-2020-25717,"A flaw was found in the way Samba maps domain users to local users. An authenticated attacker could use this flaw to cause possible privilege escalation.",Released
20211103,CVE-2020-25717,8.1,8.1,1192284,samba,https://www.suse.com/security/cve/CVE-2020-25717,"A flaw was found in the way Samba maps domain users to local users. An authenticated attacker could use this flaw to cause possible privilege escalation.",Released
20211103,CVE-2020-36386,5.1,7.1,1187038,kernel-source,https://www.suse.com/security/cve/CVE-2020-36386,"An issue was discovered in the Linux kernel before 5.8.1. net/bluetooth/hci_event.c has a slab out-of-bounds read in hci_extended_inquiry_result_evt, aka CID-51c19bf3d5cf.",Released
20211105,CVE-2021-43389,4.7,5.5,1191958,kernel-source,https://www.suse.com/security/cve/CVE-2021-43389,"An issue was discovered in the Linux kernel before 5.14.15. There is an array-index-out-of-bounds flaw in the detach_capi_ctr function in drivers/isdn/capi/kcapi.c.",Released
20211108,CVE-2021-3927,6.1,7.8,1192481,vim,https://www.suse.com/security/cve/CVE-2021-3927,"vim is vulnerable to Heap-based Buffer Overflow",Unsupported
20211108,CVE-2021-3928,6.1,7.8,1192478,vim,https://www.suse.com/security/cve/CVE-2021-3928,"vim is vulnerable to Use of Uninitialized Variable",Unsupported
20211109,CVE-2021-3618,7.4,7.4,1187678,sendmail,https://www.suse.com/security/cve/CVE-2021-3618,"ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP layer can redirect traffic from one subdomain to another, resulting in a valid TLS session. This breaks the authentication of TLS and cross-protocol attacks may be possible where the behavior of one protocol service may compromise the other at the application layer.",Won't fix
20211109,CVE-2021-3618,7.4,7.4,1187678,vsftpd,https://www.suse.com/security/cve/CVE-2021-3618,"ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP layer can redirect traffic from one subdomain to another, resulting in a valid TLS session. This breaks the authentication of TLS and cross-protocol attacks may be possible where the behavior of one protocol service may compromise the other at the application layer.",Won't fix
20211109,CVE-2021-3930,3.2,6.5,1192525,kvm,https://www.suse.com/security/cve/CVE-2021-3930,"An off-by-one error was found in the SCSI device emulation in QEMU. It could occur while processing MODE SELECT commands in mode_sense_page() if the 'page' argument was set to MODE_PAGE_ALLS (0x3f). A malicious guest could use this flaw to potentially crash QEMU, resulting in a denial of service condition.",Unsupported
20211109,CVE-2021-3930,3.2,6.5,1192525,xen,https://www.suse.com/security/cve/CVE-2021-3930,"An off-by-one error was found in the SCSI device emulation in QEMU. It could occur while processing MODE SELECT commands in mode_sense_page() if the 'page' argument was set to MODE_PAGE_ALLS (0x3f). A malicious guest could use this flaw to potentially crash QEMU, resulting in a denial of service condition.",Released
20211110,CVE-2021-28703,6.3,7,1192555,xen,https://www.suse.com/security/cve/CVE-2021-28703,"grant table v2 status pages may remain accessible after de-allocation (take two) Guest get permitted access to certain Xen-owned pages of memory. The majority of such pages remain allocated / associated with a guest for its entire lifetime. Grant table v2 status pages, however, get de-allocated when a guest switched (back) from v2 to v1. The freeing of such pages requires that the hypervisor know where in the guest these pages were mapped. The hypervisor tracks only one use within guest space, but racing requests from the guest to insert mappings of these pages may result in any of them to become mapped in multiple locations. Upon switching back from v2 to v1, the guest would then retain access to a page that was freed and perhaps re-used for other purposes. This bug was fortuitously fixed by code cleanup in Xen 4.14, and backported to security-supported Xen branches as a prerequisite of the fix for XSA-378.",Released
20211110,CVE-2021-28705,5.5,7.8,1192559,xen,https://www.suse.com/security/cve/CVE-2021-28705,"issues with partially successful P2M updates on x86 T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] x86 HVM and PVH guests may be started in populate-on-demand (PoD) mode, to provide a way for them to later easily have more memory assigned. Guests are permitted to control certain P2M aspects of individual pages via hypercalls. These hypercalls may act on ranges of pages specified via page orders (resulting in a power-of-2 number of pages). In some cases the hypervisor carries out the requests by splitting them into smaller chunks. Error handling in certain PoD cases has been insufficient in that in particular partial success of some operations was not properly accounted for. There are two code paths affected - page removal (CVE-2021-28705) and insertion of new pages (CVE-2021-28709). (We provide one patch which combines the fix to both issues.)",Released
20211110,CVE-2021-28706,5.5,8.6,1192554,xen,https://www.suse.com/security/cve/CVE-2021-28706,"guests may exceed their designated memory limit When a guest is permitted to have close to 16TiB of memory, it may be able to issue hypercalls to increase its memory allocation beyond the administrator established limit. This is a result of a calculation done with 32-bit precision, which may overflow. It would then only be the overflowed (and hence small) number which gets compared against the established upper bound.",Released
20211110,CVE-2021-3941,5.5,6.5,1192556,OpenEXR,https://www.suse.com/security/cve/CVE-2021-3941,"In ImfChromaticities.cpp routine RGBtoXYZ(), there are some division operations such as `float Z = (1 - chroma.white.x - chroma.white.y) * Y / chroma.white.y;` and `chroma.green.y * (X + Z))) / d;` but the divisor is not checked for a 0 value. A specially crafted file could trigger a divide-by-zero condition which could affect the availability of programs linked with OpenEXR.",Released
20211110,CVE-2021-43566,4.2,2.5,1139519,samba,https://www.suse.com/security/cve/CVE-2021-43566,"All versions of Samba prior to 4.13.16 are vulnerable to a malicious client using an SMB1 or NFS race to allow a directory to be created in an area of the server file system not exported under the share definition. Note that SMB1 has to be enabled, or the share also available via NFS in order for this attack to succeed.",Won't fix
20211111,CVE-2020-23903,5.5,5.5,1192580,speex,https://www.suse.com/security/cve/CVE-2020-23903,"A Divide by Zero vulnerability in the function static int read_samples of Speex v1.2 allows attackers to cause a denial of service (DoS) via a crafted WAV file.",Released
20211111,CVE-2021-34981,7.5,,1191961,kernel-bigmem,https://www.suse.com/security/cve/CVE-2021-34981,"** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.",Released
20211111,CVE-2021-34981,7.5,,1191961,kernel-default,https://www.suse.com/security/cve/CVE-2021-34981,"** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.",Released
20211111,CVE-2021-34981,7.5,,1191961,kernel-ec2,https://www.suse.com/security/cve/CVE-2021-34981,"** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.",Released
20211111,CVE-2021-34981,7.5,,1191961,kernel-pae,https://www.suse.com/security/cve/CVE-2021-34981,"** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.",Released
20211111,CVE-2021-34981,7.5,,1191961,kernel-ppc64,https://www.suse.com/security/cve/CVE-2021-34981,"** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.",Released
20211111,CVE-2021-34981,7.5,,1191961,kernel-source,https://www.suse.com/security/cve/CVE-2021-34981,"** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.",Released
20211111,CVE-2021-34981,7.5,,1191961,kernel-syms,https://www.suse.com/security/cve/CVE-2021-34981,"** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.",Released
20211111,CVE-2021-34981,7.5,,1191961,kernel-trace,https://www.suse.com/security/cve/CVE-2021-34981,"** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.",Released
20211111,CVE-2021-34981,7.5,,1191961,kernel-xen,https://www.suse.com/security/cve/CVE-2021-34981,"** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.",Released
20211112,CVE-2021-0146,7.1,6.8,1192615,microcode_ctl,https://www.suse.com/security/cve/CVE-2021-0146,"Hardware allows activation of test or debug logic at runtime for some Intel(R) processors which may allow an unauthenticated user to potentially enable escalation of privilege via physical access.",Released
20211112,CVE-2021-43519,3.3,5.5,1192613,lua,https://www.suse.com/security/cve/CVE-2021-43519,"Stack overflow in lua_resume of ldo.c in Lua Interpreter 5.1.0~5.4.4 allows attackers to perform a Denial of Service via a crafted script file.",Won't fix
20211115,CVE-2021-43618,5.5,7.5,1192717,gmp,https://www.suse.com/security/cve/CVE-2021-43618,"GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 has an mpz/inp_raw.c integer overflow and resultant buffer overflow via crafted input, leading to a segmentation fault on 32-bit platforms.",Released
20211116,CVE-2021-41229,4.3,6.5,1192760,bluez,https://www.suse.com/security/cve/CVE-2021-41229,"BlueZ is a Bluetooth protocol stack for Linux. In affected versions a vulnerability exists in sdp_cstate_alloc_buf which allocates memory which will always be hung in the singly linked list of cstates and will not be freed. This will cause a memory leak over time. The data can be a very large object, which can be caused by an attacker continuously sending sdp packets and this may cause the service of the target device to crash.",Affected
20211116,CVE-2021-43331,7.1,6.1,1192735,mailman,https://www.suse.com/security/cve/CVE-2021-43331,"In GNU Mailman before 2.1.36, a crafted URL to the Cgi/options.py user options page can execute arbitrary JavaScript for XSS.",Released
20211116,CVE-2021-43332,7.4,6.5,1192741,mailman,https://www.suse.com/security/cve/CVE-2021-43332,"In GNU Mailman before 2.1.36, the CSRF token for the Cgi/admindb.py admindb page contains an encrypted version of the list admin password. This could potentially be cracked by a moderator via an offline brute-force attack.",Released
20211117,CVE-2021-27025,6.3,6.5,1192792,puppet,https://www.suse.com/security/cve/CVE-2021-27025,"A flaw was discovered in Puppet Agent where the agent may silently ignore Augeas settings or may be vulnerable to a Denial of Service condition prior to the first 'pluginsync'.",Won't fix
20211118,CVE-2002-20001,7.5,7.5,1192815,openssl,https://www.suse.com/security/cve/CVE-2002-20001,"The Diffie-Hellman Key Agreement Protocol allows remote attackers (from the client side) to send arbitrary numbers that are actually not public keys, and trigger expensive server-side DHE modular-exponentiation calculations, aka a D(HE)at or D(HE)ater attack. The client needs very little CPU resources and network bandwidth. The attack may be more disruptive in cases where a client can require a server to select its largest supported key size. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE.",Ignore
20211118,CVE-2021-39920,4.3,7.5,1192830,wireshark,https://www.suse.com/security/cve/CVE-2021-39920,"NULL pointer exception in the IPPUSB dissector in Wireshark 3.4.0 to 3.4.9 allows denial of service via packet injection or crafted capture file",Won't fix
20211118,CVE-2021-39921,4.3,7.5,1192830,wireshark,https://www.suse.com/security/cve/CVE-2021-39921,"NULL pointer exception in the Modbus dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file",Won't fix
20211118,CVE-2021-39922,4.3,7.5,1192830,wireshark,https://www.suse.com/security/cve/CVE-2021-39922,"Buffer overflow in the C12.22 dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file",Won't fix
20211118,CVE-2021-39924,4.3,7.5,1192830,wireshark,https://www.suse.com/security/cve/CVE-2021-39924,"Large loop in the Bluetooth DHT dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file",Won't fix
20211118,CVE-2021-39925,4.3,7.5,1192830,wireshark,https://www.suse.com/security/cve/CVE-2021-39925,"Buffer overflow in the Bluetooth SDP dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file",Won't fix
20211118,CVE-2021-39926,4.3,7.5,1192830,wireshark,https://www.suse.com/security/cve/CVE-2021-39926,"Buffer overflow in the Bluetooth HCI_ISO dissector in Wireshark 3.4.0 to 3.4.9 allows denial of service via packet injection or crafted capture file",Won't fix
20211118,CVE-2021-39928,4.3,7.5,1192830,wireshark,https://www.suse.com/security/cve/CVE-2021-39928,"NULL pointer exception in the IEEE 802.11 dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file",Won't fix
20211118,CVE-2021-39929,4.3,7.5,1192830,wireshark,https://www.suse.com/security/cve/CVE-2021-39929,"Uncontrolled Recursion in the Bluetooth DHT dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file",Won't fix
20211119,CVE-2021-0200,,6.7,1192886,kernel-firmware,https://www.suse.com/security/cve/CVE-2021-0200,"Out-of-bounds write in the firmware for Intel(R) Ethernet 700 Series Controllers before version 8.2 may allow a privileged user to potentially enable an escalation of privilege via local access.",Ignore
20211122,CVE-2021-0071,6.8,8.8,1192953,kernel-firmware,https://www.suse.com/security/cve/CVE-2021-0071,"Improper input validation in firmware for some Intel(R) PROSet/Wireless WiFi in UEFI may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.",Unsupported
20211124,CVE-2021-21707,5.3,5.3,1193041,php53,https://www.suse.com/security/cve/CVE-2021-21707,"In PHP versions 7.3.x below 7.3.33, 7.4.x below 7.4.26 and 8.0.x below 8.0.13, certain XML parsing functions, like simplexml_load_file(), URL-decode the filename passed to them. If that filename contains URL-encoded NUL character, this may cause the function to interpret this as the end of the filename, thus interpreting the filename differently from what the user intended, which may lead it to reading a different file than intended.",Released
20211124,CVE-2021-4008,7.8,7.8,1193030,xorg-x11-server,https://www.suse.com/security/cve/CVE-2021-4008,"A flaw was found in xorg-x11-server in versions before 21.1.2 and before 1.20.14. An out-of-bounds access can occur in the SProcRenderCompositeGlyphs function. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",Released
20211124,CVE-2021-4011,7.8,7.8,1190489,xorg-x11-server,https://www.suse.com/security/cve/CVE-2021-4011,"A flaw was found in xorg-x11-server in versions before 21.1.2 and before 1.20.14. An out-of-bounds access can occur in the SwapCreateRegister function. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",Released
20211125,CVE-2021-41819,6.5,7.5,1193081,ruby,https://www.suse.com/security/cve/CVE-2021-41819,"CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes in cookie names. This also affects the CGI gem through 0.3.0 for Ruby.",Won't fix
20211129,CVE-2019-0136,7.4,7.4,1193157,kernel-source,https://www.suse.com/security/cve/CVE-2019-0136,"Insufficient access control in the Intel(R) PROSet/Wireless WiFi Software driver before version 21.10 may allow an unauthenticated user to potentially enable denial of service via adjacent access.",Released
20211130,CVE-2019-8921,7.5,6.5,1193237,bluez,https://www.suse.com/security/cve/CVE-2019-8921,"An issue was discovered in bluetoothd in BlueZ through 5.48. The vulnerability lies in the handling of a SVC_ATTR_REQ by the SDP implementation. By crafting a malicious CSTATE, it is possible to trick the server into returning more bytes than the buffer actually holds, resulting in leaking arbitrary heap data. The root cause can be found in the function service_attr_req of sdpd-request.c. The server does not check whether the CSTATE data is the same in consecutive requests, and instead simply trusts that it is the same.",Unsupported
20211130,CVE-2019-8922,7.5,8.8,1193227,bluez,https://www.suse.com/security/cve/CVE-2019-8922,"A heap-based buffer overflow was discovered in bluetoothd in BlueZ through 5.48. There isn't any check on whether there is enough space in the destination buffer. The function simply appends all data passed to it. The values of all attributes that are requested are appended to the output buffer. There are no size checks whatsoever, resulting in a simple heap overflow if one can craft a request where the response is large enough to overflow the preallocated buffer. This issue exists in service_attr_req gets called by process_request (in sdpd-request.c), which also allocates the response buffer.",Unsupported
20211202,CVE-2021-44227,7.6,8.8,1193316,mailman,https://www.suse.com/security/cve/CVE-2021-44227,"In GNU Mailman before 2.1.38, a list member or moderator can get a CSRF token and craft an admin request (using that token) to set a new admin password or make other changes.",Released
20211207,CVE-2020-35457,,7.8,1193464,glib2,https://www.suse.com/security/cve/CVE-2020-35457,"** DISPUTED ** GNOME GLib before 2.65.3 has an integer overflow, that might lead to an out-of-bounds write, in g_option_group_add_entries. NOTE: the vendor's position is \"Realistically this is not a security issue. The standard pattern is for callers to provide a static list of option entries in a fixed number of calls to g_option_group_add_entries().\" The researcher states that this pattern is undocumented.",Ignore
20211207,CVE-2021-28711,6.2,6.5,1193440,kernel-source,https://www.suse.com/security/cve/CVE-2021-28711,"Rogue backends can cause DoS of guests via high frequency events T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Xen offers the ability to run PV backends in regular unprivileged guests, typically referred to as \"driver domains\". Running PV backends in driver domains has one primary security advantage: if a driver domain gets compromised, it doesn't have the privileges to take over the system. However, a malicious driver domain could try to attack other guests via sending events at a high frequency leading to a Denial of Service in the guest due to trying to service interrupts for elongated amounts of time. There are three affected backends: * blkfront patch 1, CVE-2021-28711 * netfront patch 2, CVE-2021-28712 * hvc_xen (console) patch 3, CVE-2021-28713",Unsupported
20211207,CVE-2021-28714,5.5,6.5,1193442,kernel-source,https://www.suse.com/security/cve/CVE-2021-28714,"Guest can force Linux netback driver to hog large amounts of kernel memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Incoming data packets for a guest in the Linux kernel's netback driver are buffered until the guest is ready to process them. There are some measures taken for avoiding to pile up too much data, but those can be bypassed by the guest: There is a timeout how long the client side of an interface can stop consuming new packets before it is assumed to have stalled, but this timeout is rather long (60 seconds by default). Using a UDP connection on a fast interface can easily accumulate gigabytes of data in that time. (CVE-2021-28715) The timeout could even never trigger if the guest manages to have only one free slot in its RX queue ring page and the next package would require more than one free slot, which may be the case when using GSO, XDP, or software hashing. (CVE-2021-28714)",Unsupported
20211209,CVE-2021-4048,4.7,9.1,1193562,lapack,https://www.suse.com/security/cve/CVE-2021-4048,"An out-of-bounds read flaw was found in the CLARRV, DLARRV, SLARRV, and ZLARRV functions in lapack through version 3.10.0, as also used in OpenBLAS before version 0.3.18. Specially crafted inputs passed to these functions could cause an application using lapack to crash or possibly disclose portions of its memory.",Unsupported
20211213,CVE-2020-28948,,7.8,1193679,php53,https://www.suse.com/security/cve/CVE-2020-28948,"Archive_Tar through 1.4.10 allows an unserialization attack because phar: is blocked but PHAR: is not blocked.",Already fixed
20211213,CVE-2020-28949,,7.8,1193680,php53,https://www.suse.com/security/cve/CVE-2020-28949,"Archive_Tar through 1.4.10 has :// filename sanitization only to address phar attacks, and thus any other stream-wrapper attack (such as file:// to overwrite files) can still succeed.",Already fixed
20211213,CVE-2021-4104,6.4,7.5,1193662,log4j,https://www.suse.com/security/cve/CVE-2021-4104,"JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The attacker can provide TopicBindingName and TopicConnectionFactoryBindingName configurations causing JMSAppender to perform JNDI requests that result in remote code execution in a similar fashion to CVE-2021-44228. Note this issue only affects Log4j 1.2 when specifically configured to use JMSAppender, which is not the default. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions.",Released
20211213,CVE-2021-44141,5,4.3,1193690,samba,https://www.suse.com/security/cve/CVE-2021-44141,"All versions of Samba prior to 4.15.5 are vulnerable to a malicious client using a server symlink to determine if a file or directory exists in an area of the server file system not exported under the share definition. SMB1 with unix extensions has to be enabled in order for this attack to succeed.",Won't fix
20211215,CVE-2021-30541,,8.8,1188373,libxslt,https://www.suse.com/security/cve/CVE-2021-30541,"Use after free in V8 in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",Ignore
20211215,CVE-2021-30559,,8.8,1188373,libxslt,https://www.suse.com/security/cve/CVE-2021-30559,"Out of bounds write in ANGLE in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",Ignore
20211215,CVE-2021-30560,8.8,8.8,1188373,libxslt,https://www.suse.com/security/cve/CVE-2021-30560,"Use after free in Blink XSLT in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",Released
20211215,CVE-2021-30561,,8.8,1188373,libxslt,https://www.suse.com/security/cve/CVE-2021-30561,"Type Confusion in V8 in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",Ignore
20211215,CVE-2021-30562,,8.8,1188373,libxslt,https://www.suse.com/security/cve/CVE-2021-30562,"Use after free in WebSerial in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",Ignore
20211215,CVE-2021-30563,,8.8,1188373,libxslt,https://www.suse.com/security/cve/CVE-2021-30563,"Type Confusion in V8 in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",Ignore
20211215,CVE-2021-30564,,8.8,1188373,libxslt,https://www.suse.com/security/cve/CVE-2021-30564,"Heap buffer overflow in WebXR in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",Ignore
20211215,CVE-2021-43818,6.1,7.1,1193752,python-lxml,https://www.suse.com/security/cve/CVE-2021-43818,"lxml is a library for processing XML and HTML in the Python language. Prior to version 4.6.5, the HTML Cleaner in lxml.html lets certain crafted script content pass through, as well as script content in SVG files embedded using data URIs. Users that employ the HTML cleaner in a security relevant context should upgrade to lxml 4.6.5 to receive a patch. There are no known workarounds available.",Released
20211217,CVE-2021-3929,8.2,8.2,1193880,kvm,https://www.suse.com/security/cve/CVE-2021-3929,"A DMA reentrancy issue was found in the NVM Express Controller (NVME) emulation in QEMU. This CVE is similar to CVE-2021-3750 and, just like it, when the reentrancy write triggers the reset function nvme_ctrl_reset(), data structs will be freed leading to a use-after-free issue. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition or, potentially, executing arbitrary code within the context of the QEMU process on the host.",Ignore
20211217,CVE-2021-45095,4.3,5.5,1193867,kernel-source,https://www.suse.com/security/cve/CVE-2021-45095,"pep_sock_accept in net/phonet/pep.c in the Linux kernel through 5.15.8 has a refcount leak.",Released
20211220,CVE-2021-31566,4.4,7.8,1192426,bsdtar,https://www.suse.com/security/cve/CVE-2021-31566,"An improper link resolution flaw can occur while extracting an archive leading to changing modes, times, access control lists, and flags of a file outside of the archive. An attacker may provide a malicious archive to a victim user, who would trigger this flaw when trying to extract the archive. A local attacker may use this flaw to gain more privileges in a system.",Unsupported
20211220,CVE-2021-33430,7.5,5.3,1193913,python-numpy,https://www.suse.com/security/cve/CVE-2021-33430,"** DISPUTED ** A Buffer Overflow vulnerability exists in NumPy 1.9.x in the PyArray_NewFromDescr_int function of ctors.c when specifying arrays of large dimensions (over 32) from Python code, which could let a malicious user cause a Denial of Service. NOTE: The vendor does not agree this is a vulneraility; In (very limited) circumstances a user may be able provoke the buffer overflow, the user is most likely already privileged to at least provoke denial of service by exhausting memory. Triggering this further requires the use of uncommon API (complicated structured dtypes), which is very unlikely to be available to an unprivileged user.",Released
20211220,CVE-2021-41495,5.5,5.3,1193911,python-numpy,https://www.suse.com/security/cve/CVE-2021-41495,"** DISPUTED ** Null Pointer Dereference vulnerability exists in numpy.sort in NumPy &lt and 1.19 in the PyArray_DescrNew function due to missing return-value validation, which allows attackers to conduct DoS attacks by repetitively creating sort arrays. NOTE: While correct that validation is missing, an error can only occur due to an exhaustion of memory. If the user can exhaust memory, they are already privileged. Further, it should be practically impossible to construct an attack which can target the memory exhaustion to occur at exactly this place.",Unsupported
20211220,CVE-2021-41496,5.5,5.5,1193907,python-numpy,https://www.suse.com/security/cve/CVE-2021-41496,"** DISPUTED ** Buffer overflow in the array_from_pyobj function of fortranobject.c in NumPy < 1.19, which allows attackers to conduct a Denial of Service attacks by carefully constructing an array with negative values. NOTE: The vendor does not agree this is a vulnerability; the negative dimensions can only be created by an already privileged user (or internally).",Unsupported
20211220,CVE-2021-45078,3.3,7.8,1193929,binutils,https://www.suse.com/security/cve/CVE-2021-45078,"stab_xcoff_builtin_type in stabs.c in GNU Binutils through 2.37 allows attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact, as demonstrated by an out-of-bounds write. NOTE: this issue exists because of an incorrect fix for CVE-2018-12699.",Won't fix
20211222,CVE-2021-4156,6.1,7.1,1194006,libsndfile,https://www.suse.com/security/cve/CVE-2021-4156,"An out-of-bounds read flaw was found in libsndfile's FLAC codec functionality. An attacker who is able to submit a specially crafted file (via tricking a user to open or otherwise) to an application linked with libsndfile and using the FLAC codec, could trigger an out-of-bounds read that would most likely cause a crash but could potentially leak memory information that could be used in further exploitation of other flaws.",Released
20211229,CVE-2021-4189,5.3,5.3,1194146,python,https://www.suse.com/security/cve/CVE-2021-4189,"A flaw was found in Python, specifically in the FTP (File Transfer Protocol) client library in PASV (passive) mode. The issue is how the FTP client trusts the host from the PASV response by default. This flaw allows an attacker to set up a malicious FTP server that can trick FTP clients into connecting back to a given IP address and port. This vulnerability could lead to FTP client scanning ports, which otherwise would not have been possible.",Won't fix
20220103,CVE-2021-45951,6.5,9.8,1194252,dnsmasq,https://www.suse.com/security/cve/CVE-2021-45951,"** DISPUTED ** Dnsmasq 2.86 has a heap-based buffer overflow in check_bad_address (called from check_for_bogus_wildcard and FuzzCheckForBogusWildcard). NOTE: the vendor's position is that CVE-2021-45951 through CVE-2021-45957 \"do not represent real vulnerabilities, to the best of our knowledge.\"",Ignore
20220103,CVE-2021-45952,6.5,9.8,1194253,dnsmasq,https://www.suse.com/security/cve/CVE-2021-45952,"** DISPUTED ** Dnsmasq 2.86 has a heap-based buffer overflow in dhcp_reply (called from dhcp_packet and FuzzDhcp). NOTE: the vendor's position is that CVE-2021-45951 through CVE-2021-45957 \"do not represent real vulnerabilities, to the best of our knowledge.\"",Ignore
20220103,CVE-2021-45953,6.5,9.8,1194254,dnsmasq,https://www.suse.com/security/cve/CVE-2021-45953,"** DISPUTED ** Dnsmasq 2.86 has a heap-based buffer overflow in extract_name (called from hash_questions and fuzz_util.c). NOTE: the vendor's position is that CVE-2021-45951 through CVE-2021-45957 \"do not represent real vulnerabilities, to the best of our knowledge.\"",Ignore
20220103,CVE-2021-45954,6.5,9.8,1194255,dnsmasq,https://www.suse.com/security/cve/CVE-2021-45954,"** DISPUTED ** Dnsmasq 2.86 has a heap-based buffer overflow in extract_name (called from answer_auth and FuzzAuth). NOTE: the vendor's position is that CVE-2021-45951 through CVE-2021-45957 \"do not represent real vulnerabilities, to the best of our knowledge.\"",Ignore
20220103,CVE-2021-45955,6.5,9.8,1194256,dnsmasq,https://www.suse.com/security/cve/CVE-2021-45955,"** DISPUTED ** Dnsmasq 2.86 has a heap-based buffer overflow in resize_packet (called from FuzzResizePacket and fuzz_rfc1035.c) because of the lack of a proper bounds check upon pseudo header re-insertion. NOTE: the vendor's position is that CVE-2021-45951 through CVE-2021-45957 \"do not represent real vulnerabilities, to the best of our knowledge.\" However, a contributor states that a security patch (mentioned in 016162.html) is needed.",Ignore
20220103,CVE-2021-45956,6.5,9.8,1194257,dnsmasq,https://www.suse.com/security/cve/CVE-2021-45956,"** DISPUTED ** Dnsmasq 2.86 has a heap-based buffer overflow in print_mac (called from log_packet and dhcp_reply). NOTE: the vendor's position is that CVE-2021-45951 through CVE-2021-45957 \"do not represent real vulnerabilities, to the best of our knowledge.\"",Ignore
20220103,CVE-2021-45957,6.5,9.8,1194258,dnsmasq,https://www.suse.com/security/cve/CVE-2021-45957,"** DISPUTED ** Dnsmasq 2.86 has a heap-based buffer overflow in answer_request (called from FuzzAnswerTheRequest and fuzz_rfc1035.c). NOTE: the vendor's position is that CVE-2021-45951 through CVE-2021-45957 \"do not represent real vulnerabilities, to the best of our knowledge.\"",Ignore
20220103,CVE-2021-45960,6.4,8.8,1194251,expat,https://www.suse.com/security/cve/CVE-2021-45960,"In Expat (aka libexpat) before 2.4.3, a left shift by 29 (or more) places in the storeAtts function in xmlparse.c can lead to realloc misbehavior (e.g., allocating too few bytes, or only freeing memory).",Released
20220104,CVE-2021-4155,5.5,5.5,1194272,kernel-source,https://www.suse.com/security/cve/CVE-2021-4155,"A data leak flaw was found in the way XFS_IOC_ALLOCSP IOCTL in the XFS filesystem allowed for size increase of files with unaligned size. A local attacker could use this flaw to leak data on the XFS filesystem otherwise not accessible to them.",Released
20220106,CVE-2021-46143,8.1,7.8,1194362,expat,https://www.suse.com/security/cve/CVE-2021-46143,"In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, an integer overflow exists for m_groupSize.",Released
20220110,CVE-2021-42694,,8.3,1191820,emacs,https://www.suse.com/security/cve/CVE-2021-42694,"** DISPUTED ** An issue was discovered in the character definitions of the Unicode Specification through 14.0. The specification allows an adversary to produce source code identifiers such as function names using homoglyphs that render visually identical to a target identifier. Adversaries can leverage this to inject code via adversarial identifier definitions in upstream software dependencies invoked deceptively in downstream software. NOTE: the Unicode Consortium offers the following alternative approach to presenting this concern. An issue is noted in the nature of international text that can affect applications that implement support for The Unicode Standard (all versions). Unless mitigated, an adversary could produce source code identifiers using homoglyph characters that render visually identical to but are distinct from a target identifier. In this way, an adversary could inject adversarial identifier definitions in upstream software that are not detected by human reviewers and are invoked deceptively in downstream software. The Unicode Consortium has documented this class of security vulnerability in its document, Unicode Technical Report #36, Unicode Security Considerations. The Unicode Consortium also provides guidance on mitigations for this class of issues in Unicode Technical Standard #39, Unicode Security Mechanisms.",Ignore
20220110,CVE-2021-42694,,8.3,1191820,vim,https://www.suse.com/security/cve/CVE-2021-42694,"** DISPUTED ** An issue was discovered in the character definitions of the Unicode Specification through 14.0. The specification allows an adversary to produce source code identifiers such as function names using homoglyphs that render visually identical to a target identifier. Adversaries can leverage this to inject code via adversarial identifier definitions in upstream software dependencies invoked deceptively in downstream software. NOTE: the Unicode Consortium offers the following alternative approach to presenting this concern. An issue is noted in the nature of international text that can affect applications that implement support for The Unicode Standard (all versions). Unless mitigated, an adversary could produce source code identifiers using homoglyph characters that render visually identical to but are distinct from a target identifier. In this way, an adversary could inject adversarial identifier definitions in upstream software that are not detected by human reviewers and are invoked deceptively in downstream software. The Unicode Consortium has documented this class of security vulnerability in its document, Unicode Technical Report #36, Unicode Security Considerations. The Unicode Consortium also provides guidance on mitigations for this class of issues in Unicode Technical Standard #39, Unicode Security Mechanisms.",Ignore
20220110,CVE-2021-45079,6.5,9.1,1194471,strongswan,https://www.suse.com/security/cve/CVE-2021-45079,"In strongSwan before 5.9.5, a malicious responder can send an EAP-Success message too early without actually authenticating the client and (in the case of EAP methods with mutual authentication and EAP-only authentication for IKEv2) even without server authentication.",Released
20220110,CVE-2022-22822,7.5,9.8,1194474,expat,https://www.suse.com/security/cve/CVE-2022-22822,"addBinding in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.",Released
20220110,CVE-2022-22823,7.5,9.8,1194476,expat,https://www.suse.com/security/cve/CVE-2022-22823,"build_model in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.",Released
20220110,CVE-2022-22824,7.5,9.8,1194477,expat,https://www.suse.com/security/cve/CVE-2022-22824,"defineAttribute in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.",Released
20220110,CVE-2022-22825,7.5,8.8,1194478,expat,https://www.suse.com/security/cve/CVE-2022-22825,"lookup in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.",Released
20220110,CVE-2022-22826,7.5,8.8,1194479,expat,https://www.suse.com/security/cve/CVE-2022-22826,"nextScaffoldPart in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.",Released
20220110,CVE-2022-22827,7.5,8.8,1194480,expat,https://www.suse.com/security/cve/CVE-2022-22827,"storeAtts in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.",Released
20220111,CVE-2021-4203,5.8,6.8,1194535,kernel-default,https://www.suse.com/security/cve/CVE-2021-4203,"A use-after-free read flaw was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and SO_PEERGROUPS race with listen() (and connect()) in the Linux kernel. In this flaw, an attacker with a user privileges may crash the system or leak internal kernel information.",Unsupported
20220111,CVE-2021-4203,5.8,6.8,1194535,kernel-ec2,https://www.suse.com/security/cve/CVE-2021-4203,"A use-after-free read flaw was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and SO_PEERGROUPS race with listen() (and connect()) in the Linux kernel. In this flaw, an attacker with a user privileges may crash the system or leak internal kernel information.",Unsupported
20220111,CVE-2021-4203,5.8,6.8,1194535,kernel-source,https://www.suse.com/security/cve/CVE-2021-4203,"A use-after-free read flaw was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and SO_PEERGROUPS race with listen() (and connect()) in the Linux kernel. In this flaw, an attacker with a user privileges may crash the system or leak internal kernel information.",Unsupported
20220111,CVE-2021-4203,5.8,6.8,1194535,kernel-syms,https://www.suse.com/security/cve/CVE-2021-4203,"A use-after-free read flaw was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and SO_PEERGROUPS race with listen() (and connect()) in the Linux kernel. In this flaw, an attacker with a user privileges may crash the system or leak internal kernel information.",Unsupported
20220112,CVE-2022-23034,4,5.5,1194581,xen,https://www.suse.com/security/cve/CVE-2022-23034,"A PV guest could DoS Xen while unmapping a grant To address XSA-380, reference counting was introduced for grant mappings for the case where a PV guest would have the IOMMU enabled. PV guests can request two forms of mappings. When both are in use for any individual mapping, unmapping of such a mapping can be requested in two steps. The reference count for such a mapping would then mistakenly be decremented twice. Underflow of the counters gets detected, resulting in the triggering of a hypervisor bug check.",Released
20220112,CVE-2022-23035,6.5,4.6,1194588,xen,https://www.suse.com/security/cve/CVE-2022-23035,"Insufficient cleanup of passed-through device IRQs The management of IRQs associated with physical devices exposed to x86 HVM guests involves an iterative operation in particular when cleaning up after the guest's use of the device. In the case where an interrupt is not quiescent yet at the time this cleanup gets invoked, the cleanup attempt may be scheduled to be retried. When multiple interrupts are involved, this scheduling of a retry may get erroneously skipped. At the same time pointers may get cleared (resulting in a de-reference of NULL) and freed (resulting in a use-after-free), while other code would continue to assume them to be valid.",Released
20220113,CVE-2021-3999,7.4,7.8,1194640,glibc,https://www.suse.com/security/cve/CVE-2021-3999,"A flaw was found in glibc. An off-by-one buffer overflow and underflow in getcwd() may lead to memory corruption when the size of the buffer is exactly 1. A local attacker who can control the input buffer and size passed to getcwd() in a setuid program could use this flaw to potentially execute arbitrary code and escalate their privileges on the system.",Released
20220117,CVE-2021-45417,7,7.8,1194735,aide,https://www.suse.com/security/cve/CVE-2021-45417,"AIDE before 0.17.4 allows local users to obtain root privileges via crafted file metadata (such as XFS extended attributes or tmpfs ACLs), because of a heap-based buffer overflow.",Released
20220117,CVE-2022-20698,7.5,7.5,1194731,clamav,https://www.suse.com/security/cve/CVE-2022-20698,"A vulnerability in the OOXML parsing module in Clam AntiVirus (ClamAV) Software version 0.104.1 and LTS version 0.103.4 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to improper checks that may result in an invalid pointer read. An attacker could exploit this vulnerability by sending a crafted OOXML file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process to crash, resulting in a denial of service condition.",Released
20220117,CVE-2022-23218,5.3,9.8,1194770,glibc,https://www.suse.com/security/cve/CVE-2022-23218,"The deprecated compatibility function svcunix_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its path argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution.",Released
20220117,CVE-2022-23219,5.3,9.8,1194768,glibc,https://www.suse.com/security/cve/CVE-2022-23219,"The deprecated compatibility function clnt_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its hostname argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution.",Released
20220117,CVE-2022-23303,7.4,9.8,1194732,wpa_supplicant,https://www.suse.com/security/cve/CVE-2022-23303,"The implementations of SAE in hostapd before 2.10 and wpa_supplicant before 2.10 are vulnerable to side channel attacks as a result of cache access patterns. NOTE: this issue exists because of an incomplete fix for CVE-2019-9494.",Won't fix
20220117,CVE-2022-23304,7.4,9.8,1194733,wpa_supplicant,https://www.suse.com/security/cve/CVE-2022-23304,"The implementations of EAP-pwd in hostapd before 2.10 and wpa_supplicant before 2.10 are vulnerable to side-channel attacks as a result of cache access patterns. NOTE: this issue exists because of an incomplete fix for CVE-2019-9495.",Won't fix
20220118,CVE-2020-9493,8.1,9.8,1194844,log4j,https://www.suse.com/security/cve/CVE-2020-9493,"A deserialization flaw was found in Apache Chainsaw versions prior to 2.1.0 which could lead to malicious code execution.",Released
20220118,CVE-2022-23302,6.6,8.8,1194842,log4j,https://www.suse.com/security/cve/CVE-2022-23302,"JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration or if the configuration references an LDAP service the attacker has access to. The attacker can provide a TopicConnectionFactoryBindingName configuration causing JMSSink to perform JNDI requests that result in remote code execution in a similar fashion to CVE-2021-4104. Note this issue only affects Log4j 1.x when specifically configured to use JMSSink, which is not the default. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions.",Released
20220118,CVE-2022-23305,8.1,9.8,1194843,log4j,https://www.suse.com/security/cve/CVE-2022-23305,"By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as a configuration parameter where the values to be inserted are converters from PatternLayout. The message converter, %m, is likely to always be included. This allows attackers to manipulate the SQL by entering crafted strings into input fields or headers of an application that are logged allowing unintended SQL queries to be executed. Note this issue only affects Log4j 1.x when specifically configured to use the JDBCAppender, which is not the default. Beginning in version 2.0-beta8, the JDBCAppender was re-introduced with proper support for parameterized SQL queries and further customization over the columns written to in logs. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions.",Released
20220118,CVE-2022-23307,8.1,8.8,1194844,log4j,https://www.suse.com/security/cve/CVE-2022-23307,"CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw. Prior to Chainsaw V2.0 Chainsaw was a component of Apache Log4j 1.2.x where the same issue exists.",Released
20220119,CVE-2022-0213,5.5,6.6,1194885,vim,https://www.suse.com/security/cve/CVE-2022-0213,"vim is vulnerable to Heap-based Buffer Overflow",Unsupported
20220120,CVE-2022-21248,3.7,3.7,1194926,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2022-21248,"Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Serialization). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).",Released
20220120,CVE-2022-21277,5.3,5.3,1194930,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2022-21277,"Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO). Supported versions that are affected are Oracle Java SE: 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).",Released
20220120,CVE-2022-21282,5.3,5.3,1194933,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2022-21282,"Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).",Released
20220120,CVE-2022-21283,5.3,5.3,1194937,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2022-21283,"Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).",Released
20220120,CVE-2022-21291,5.3,5.3,1194925,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2022-21291,"Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).",Released
20220120,CVE-2022-21293,5.3,5.3,1194935,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2022-21293,"Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).",Released
20220120,CVE-2022-21294,5.3,5.3,1194934,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2022-21294,"Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).",Released
20220120,CVE-2022-21296,5.3,5.3,1194932,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2022-21296,"Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).",Released
20220120,CVE-2022-21299,5.3,5.3,1194931,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2022-21299,"Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).",Released
20220120,CVE-2022-21305,5.3,5.3,1194939,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2022-21305,"Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).",Released
20220120,CVE-2022-21340,5.3,5.3,1194940,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2022-21340,"Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).",Released
20220120,CVE-2022-21341,5.3,5.3,1194941,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2022-21341,"Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Serialization). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).",Released
20220120,CVE-2022-21360,5.3,5.3,1194929,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2022-21360,"Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).",Released
20220120,CVE-2022-21365,5.3,5.3,1194928,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2022-21365,"Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).",Released
20220120,CVE-2022-21366,5.3,5.3,1194927,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2022-21366,"Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO). Supported versions that are affected are Oracle Java SE: 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).",Released
20220124,CVE-2022-23852,8.1,9.8,1195054,expat,https://www.suse.com/security/cve/CVE-2022-23852,"Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for configurations with a nonzero XML_CONTEXT_BYTES.",Released
20220125,CVE-2022-23437,7.5,6.5,1195108,xerces-j2,https://www.suse.com/security/cve/CVE-2022-23437,"There's a vulnerability within the Apache Xerces Java (XercesJ) XML parser when handling specially crafted XML document payloads. This causes, the XercesJ XML parser to wait in an infinite loop, which may sometimes consume system resources for prolonged duration. This vulnerability is present within XercesJ version 2.12.1 and the previous versions.",Released
20220126,CVE-2022-0351,3.3,7.8,1195126,vim,https://www.suse.com/security/cve/CVE-2022-0351,"Access of Memory Location Before Start of Buffer in GitHub repository vim/vim prior to 8.2.",Unsupported
20220127,CVE-2022-0359,6.6,7.8,1195203,vim,https://www.suse.com/security/cve/CVE-2022-0359,"Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.",Unsupported
20220127,CVE-2022-23990,8.1,7.5,1195217,expat,https://www.suse.com/security/cve/CVE-2022-23990,"Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function.",Released
20220128,CVE-2021-26401,5.6,5.6,1191580,kernel-bigmem,https://www.suse.com/security/cve/CVE-2021-26401,"LFENCE/JMP (mitigation V2-2) may not sufficiently mitigate CVE-2017-5715 on some AMD CPUs.",Released
20220128,CVE-2021-26401,5.6,5.6,1191580,kernel-default,https://www.suse.com/security/cve/CVE-2021-26401,"LFENCE/JMP (mitigation V2-2) may not sufficiently mitigate CVE-2017-5715 on some AMD CPUs.",Released
20220128,CVE-2021-26401,5.6,5.6,1191580,kernel-ec2,https://www.suse.com/security/cve/CVE-2021-26401,"LFENCE/JMP (mitigation V2-2) may not sufficiently mitigate CVE-2017-5715 on some AMD CPUs.",Released
20220128,CVE-2021-26401,5.6,5.6,1191580,kernel-pae,https://www.suse.com/security/cve/CVE-2021-26401,"LFENCE/JMP (mitigation V2-2) may not sufficiently mitigate CVE-2017-5715 on some AMD CPUs.",Released
20220128,CVE-2021-26401,5.6,5.6,1191580,kernel-ppc64,https://www.suse.com/security/cve/CVE-2021-26401,"LFENCE/JMP (mitigation V2-2) may not sufficiently mitigate CVE-2017-5715 on some AMD CPUs.",Released
20220128,CVE-2021-26401,5.6,5.6,1191580,kernel-source,https://www.suse.com/security/cve/CVE-2021-26401,"LFENCE/JMP (mitigation V2-2) may not sufficiently mitigate CVE-2017-5715 on some AMD CPUs.",Released
20220128,CVE-2021-26401,5.6,5.6,1191580,kernel-syms,https://www.suse.com/security/cve/CVE-2021-26401,"LFENCE/JMP (mitigation V2-2) may not sufficiently mitigate CVE-2017-5715 on some AMD CPUs.",Released
20220128,CVE-2021-26401,5.6,5.6,1191580,kernel-trace,https://www.suse.com/security/cve/CVE-2021-26401,"LFENCE/JMP (mitigation V2-2) may not sufficiently mitigate CVE-2017-5715 on some AMD CPUs.",Released
20220128,CVE-2021-26401,5.6,5.6,1191580,kernel-xen,https://www.suse.com/security/cve/CVE-2021-26401,"LFENCE/JMP (mitigation V2-2) may not sufficiently mitigate CVE-2017-5715 on some AMD CPUs.",Released
20220128,CVE-2021-26401,5.6,5.6,1191580,xen,https://www.suse.com/security/cve/CVE-2021-26401,"LFENCE/JMP (mitigation V2-2) may not sufficiently mitigate CVE-2017-5715 on some AMD CPUs.",Unsupported
20220128,CVE-2021-35331,,7.8,1195257,tcl,https://www.suse.com/security/cve/CVE-2021-35331,"** DISPUTED ** In Tcl 8.6.11, a format string vulnerability in nmakehlp.c might allow code execution via a crafted file. NOTE: multiple third parties dispute the significance of this finding.",Ignore
20220128,CVE-2022-0001,5.6,6.5,1191580,kernel-bigmem,https://www.suse.com/security/cve/CVE-2022-0001,"Non-transparent sharing of branch predictor selectors between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access.",Released
20220128,CVE-2022-0001,5.6,6.5,1191580,kernel-default,https://www.suse.com/security/cve/CVE-2022-0001,"Non-transparent sharing of branch predictor selectors between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access.",Released
20220128,CVE-2022-0001,5.6,6.5,1191580,kernel-ec2,https://www.suse.com/security/cve/CVE-2022-0001,"Non-transparent sharing of branch predictor selectors between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access.",Released
20220128,CVE-2022-0001,5.6,6.5,1191580,kernel-pae,https://www.suse.com/security/cve/CVE-2022-0001,"Non-transparent sharing of branch predictor selectors between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access.",Released
20220128,CVE-2022-0001,5.6,6.5,1191580,kernel-ppc64,https://www.suse.com/security/cve/CVE-2022-0001,"Non-transparent sharing of branch predictor selectors between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access.",Released
20220128,CVE-2022-0001,5.6,6.5,1191580,kernel-source,https://www.suse.com/security/cve/CVE-2022-0001,"Non-transparent sharing of branch predictor selectors between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access.",Released
20220128,CVE-2022-0001,5.6,6.5,1191580,kernel-syms,https://www.suse.com/security/cve/CVE-2022-0001,"Non-transparent sharing of branch predictor selectors between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access.",Released
20220128,CVE-2022-0001,5.6,6.5,1191580,kernel-trace,https://www.suse.com/security/cve/CVE-2022-0001,"Non-transparent sharing of branch predictor selectors between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access.",Released
20220128,CVE-2022-0001,5.6,6.5,1191580,kernel-xen,https://www.suse.com/security/cve/CVE-2022-0001,"Non-transparent sharing of branch predictor selectors between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access.",Released
20220128,CVE-2022-0001,5.6,6.5,1191580,xen,https://www.suse.com/security/cve/CVE-2022-0001,"Non-transparent sharing of branch predictor selectors between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access.",Unsupported
20220128,CVE-2022-0002,5.6,6.5,1191580,kernel-bigmem,https://www.suse.com/security/cve/CVE-2022-0002,"Non-transparent sharing of branch predictor within a context in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access.",Released
20220128,CVE-2022-0002,5.6,6.5,1191580,kernel-default,https://www.suse.com/security/cve/CVE-2022-0002,"Non-transparent sharing of branch predictor within a context in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access.",Released
20220128,CVE-2022-0002,5.6,6.5,1191580,kernel-ec2,https://www.suse.com/security/cve/CVE-2022-0002,"Non-transparent sharing of branch predictor within a context in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access.",Released
20220128,CVE-2022-0002,5.6,6.5,1191580,kernel-pae,https://www.suse.com/security/cve/CVE-2022-0002,"Non-transparent sharing of branch predictor within a context in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access.",Released
20220128,CVE-2022-0002,5.6,6.5,1191580,kernel-ppc64,https://www.suse.com/security/cve/CVE-2022-0002,"Non-transparent sharing of branch predictor within a context in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access.",Released
20220128,CVE-2022-0002,5.6,6.5,1191580,kernel-source,https://www.suse.com/security/cve/CVE-2022-0002,"Non-transparent sharing of branch predictor within a context in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access.",Released
20220128,CVE-2022-0002,5.6,6.5,1191580,kernel-syms,https://www.suse.com/security/cve/CVE-2022-0002,"Non-transparent sharing of branch predictor within a context in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access.",Released
20220128,CVE-2022-0002,5.6,6.5,1191580,kernel-trace,https://www.suse.com/security/cve/CVE-2022-0002,"Non-transparent sharing of branch predictor within a context in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access.",Released
20220128,CVE-2022-0002,5.6,6.5,1191580,kernel-xen,https://www.suse.com/security/cve/CVE-2022-0002,"Non-transparent sharing of branch predictor within a context in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access.",Released
20220128,CVE-2022-0002,5.6,6.5,1191580,xen,https://www.suse.com/security/cve/CVE-2022-0002,"Non-transparent sharing of branch predictor within a context in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access.",Unsupported
20220128,CVE-2022-23960,5.6,5.6,1196657,kernel-bigmem,https://www.suse.com/security/cve/CVE-2022-23960,"Certain Arm Cortex and Neoverse processors through 2022-03-08 do not properly restrict cache speculation, aka Spectre-BHB. An attacker can leverage the shared branch history in the Branch History Buffer (BHB) to influence mispredicted branches. Then, cache allocation can allow the attacker to obtain sensitive information.",Released
20220128,CVE-2022-23960,5.6,5.6,1196657,kernel-default,https://www.suse.com/security/cve/CVE-2022-23960,"Certain Arm Cortex and Neoverse processors through 2022-03-08 do not properly restrict cache speculation, aka Spectre-BHB. An attacker can leverage the shared branch history in the Branch History Buffer (BHB) to influence mispredicted branches. Then, cache allocation can allow the attacker to obtain sensitive information.",Released
20220128,CVE-2022-23960,5.6,5.6,1196657,kernel-ec2,https://www.suse.com/security/cve/CVE-2022-23960,"Certain Arm Cortex and Neoverse processors through 2022-03-08 do not properly restrict cache speculation, aka Spectre-BHB. An attacker can leverage the shared branch history in the Branch History Buffer (BHB) to influence mispredicted branches. Then, cache allocation can allow the attacker to obtain sensitive information.",Released
20220128,CVE-2022-23960,5.6,5.6,1196657,kernel-pae,https://www.suse.com/security/cve/CVE-2022-23960,"Certain Arm Cortex and Neoverse processors through 2022-03-08 do not properly restrict cache speculation, aka Spectre-BHB. An attacker can leverage the shared branch history in the Branch History Buffer (BHB) to influence mispredicted branches. Then, cache allocation can allow the attacker to obtain sensitive information.",Released
20220128,CVE-2022-23960,5.6,5.6,1196657,kernel-ppc64,https://www.suse.com/security/cve/CVE-2022-23960,"Certain Arm Cortex and Neoverse processors through 2022-03-08 do not properly restrict cache speculation, aka Spectre-BHB. An attacker can leverage the shared branch history in the Branch History Buffer (BHB) to influence mispredicted branches. Then, cache allocation can allow the attacker to obtain sensitive information.",Released
20220128,CVE-2022-23960,5.6,5.6,1196657,kernel-source,https://www.suse.com/security/cve/CVE-2022-23960,"Certain Arm Cortex and Neoverse processors through 2022-03-08 do not properly restrict cache speculation, aka Spectre-BHB. An attacker can leverage the shared branch history in the Branch History Buffer (BHB) to influence mispredicted branches. Then, cache allocation can allow the attacker to obtain sensitive information.",Released
20220128,CVE-2022-23960,5.6,5.6,1196657,kernel-syms,https://www.suse.com/security/cve/CVE-2022-23960,"Certain Arm Cortex and Neoverse processors through 2022-03-08 do not properly restrict cache speculation, aka Spectre-BHB. An attacker can leverage the shared branch history in the Branch History Buffer (BHB) to influence mispredicted branches. Then, cache allocation can allow the attacker to obtain sensitive information.",Released
20220128,CVE-2022-23960,5.6,5.6,1196657,kernel-trace,https://www.suse.com/security/cve/CVE-2022-23960,"Certain Arm Cortex and Neoverse processors through 2022-03-08 do not properly restrict cache speculation, aka Spectre-BHB. An attacker can leverage the shared branch history in the Branch History Buffer (BHB) to influence mispredicted branches. Then, cache allocation can allow the attacker to obtain sensitive information.",Released
20220128,CVE-2022-23960,5.6,5.6,1196657,kernel-xen,https://www.suse.com/security/cve/CVE-2022-23960,"Certain Arm Cortex and Neoverse processors through 2022-03-08 do not properly restrict cache speculation, aka Spectre-BHB. An attacker can leverage the shared branch history in the Branch History Buffer (BHB) to influence mispredicted branches. Then, cache allocation can allow the attacker to obtain sensitive information.",Released
20220128,CVE-2022-23960,5.6,5.6,1196657,xen,https://www.suse.com/security/cve/CVE-2022-23960,"Certain Arm Cortex and Neoverse processors through 2022-03-08 do not properly restrict cache speculation, aka Spectre-BHB. An attacker can leverage the shared branch history in the Branch History Buffer (BHB) to influence mispredicted branches. Then, cache allocation can allow the attacker to obtain sensitive information.",Unsupported
20220128,CVE-2022-28733,8.8,8.1,1198460,grub2,https://www.suse.com/security/cve/CVE-2022-28733,"Integer underflow in grub_net_recv_ip4_packets; A malicious crafted IP packet can lead to an integer underflow in grub_net_recv_ip4_packets() function on rsm->total_len value. Under certain circumstances the total_len value may end up wrapping around to a small integer number which will be used in memory allocation. If the attack succeeds in such way, subsequent operations can write past the end of the buffer.",Unsupported
20220128,CVE-2022-28734,7,7,1198493,grub2,https://www.suse.com/security/cve/CVE-2022-28734,"Out-of-bounds write when handling split HTTP headers; When handling split HTTP headers, GRUB2 HTTP code accidentally moves its internal data buffer point by one position. This can lead to a out-of-bound write further when parsing the HTTP request, writing a NULL byte past the buffer. It's conceivable that an attacker controlled set of packets can lead to corruption of the GRUB2's internal memory metadata.",Unsupported
20220128,CVE-2022-28736,8.4,6.4,1198496,grub2,https://www.suse.com/security/cve/CVE-2022-28736,"There's a use-after-free vulnerability in grub_cmd_chainloader() function; The chainloader command is used to boot up operating systems that doesn't support multiboot and do not have direct support from GRUB2. When executing chainloader more than once a use-after-free vulnerability is triggered. If an attacker can control the GRUB2's memory allocation pattern sensitive data may be exposed and arbitrary code execution can be achieved.",Unsupported
20220128,CVE-2022-28737,8.4,6.5,1198458,binutils,https://www.suse.com/security/cve/CVE-2022-28737,"There's a possible overflow in handle_image() when shim tries to load and execute crafted EFI executables; The handle_image() function takes into account the SizeOfRawData field from each section to be loaded. An attacker can leverage this to perform out-of-bound writes into memory. Arbitrary code execution is not discarded in such scenario.",Already fixed
20220128,CVE-2022-28737,8.4,6.5,1198458,mokutil,https://www.suse.com/security/cve/CVE-2022-28737,"There's a possible overflow in handle_image() when shim tries to load and execute crafted EFI executables; The handle_image() function takes into account the SizeOfRawData field from each section to be loaded. An attacker can leverage this to perform out-of-bound writes into memory. Arbitrary code execution is not discarded in such scenario.",Released
20220128,CVE-2022-28737,8.4,6.5,1198458,shim,https://www.suse.com/security/cve/CVE-2022-28737,"There's a possible overflow in handle_image() when shim tries to load and execute crafted EFI executables; The handle_image() function takes into account the SizeOfRawData field from each section to be loaded. An attacker can leverage this to perform out-of-bound writes into memory. Arbitrary code execution is not discarded in such scenario.",Released
20220128,CVE-2023-23583,8.8,7.8,1215278,microcode_ctl,https://www.suse.com/security/cve/CVE-2023-23583,"Sequence of processor instructions leads to unexpected behavior for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege and/or information disclosure and/or denial of service via local access.",Affected
20220131,CVE-2022-0400,5.9,7.5,1195329,kernel-source,https://www.suse.com/security/cve/CVE-2022-0400,"An out-of-bounds read vulnerability was discovered in linux kernel in the smc protocol stack, causing remote dos.",Ignore
20220201,CVE-2022-0391,6.5,7.5,1195396,python-base,https://www.suse.com/security/cve/CVE-2022-0391,"A flaw was found in Python, specifically within the urllib.parse module. This module helps break Uniform Resource Locator (URL) strings into components. The issue involves how the urlparse method does not sanitize input and allows characters like '\r' and '\n' in the URL path. This flaw allows an attacker to input a crafted URL, leading to injection attacks. This flaw affects Python versions prior to 3.10.0b1, 3.9.5, 3.8.11, 3.7.11 and 3.6.14.",Released
20220201,CVE-2022-0391,6.5,7.5,1195396,python-doc,https://www.suse.com/security/cve/CVE-2022-0391,"A flaw was found in Python, specifically within the urllib.parse module. This module helps break Uniform Resource Locator (URL) strings into components. The issue involves how the urlparse method does not sanitize input and allows characters like '\r' and '\n' in the URL path. This flaw allows an attacker to input a crafted URL, leading to injection attacks. This flaw affects Python versions prior to 3.10.0b1, 3.9.5, 3.8.11, 3.7.11 and 3.6.14.",Released
20220201,CVE-2022-0391,6.5,7.5,1195396,python,https://www.suse.com/security/cve/CVE-2022-0391,"A flaw was found in Python, specifically within the urllib.parse module. This module helps break Uniform Resource Locator (URL) strings into components. The issue involves how the urlparse method does not sanitize input and allows characters like '\r' and '\n' in the URL path. This flaw allows an attacker to input a crafted URL, leading to injection attacks. This flaw affects Python versions prior to 3.10.0b1, 3.9.5, 3.8.11, 3.7.11 and 3.6.14.",Released
20220204,CVE-2022-0284,6.1,7.1,1195563,ImageMagick,https://www.suse.com/security/cve/CVE-2022-0284,"A heap-based-buffer-over-read flaw was found in ImageMagick's GetPixelAlpha() function of 'pixel-accessor.h'. This vulnerability is triggered when an attacker passes a specially crafted Tagged Image File Format (TIFF) image to convert it into a PICON file format. This issue can potentially lead to a denial of service and information disclosure.",Ignore
20220204,CVE-2022-0492,7,7.8,1195543,kernel-source,https://www.suse.com/security/cve/CVE-2022-0492,"A vulnerability was found in the Linux kernel’s cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly.",Released
20220207,CVE-2021-46671,3.7,5.3,1195619,atftp,https://www.suse.com/security/cve/CVE-2021-46671,"options.c in atftp before 0.7.5 reads past the end of an array, and consequently discloses server-side /etc/group data to a remote client.",Released
20220210,CVE-2021-0127,5.6,5.5,1195779,microcode_ctl,https://www.suse.com/security/cve/CVE-2021-0127,"Insufficient control flow management in some Intel(R) Processors may allow an authenticated user to potentially enable a denial of service via local access.",Released
20220210,CVE-2021-0145,6.5,5.5,1195780,microcode_ctl,https://www.suse.com/security/cve/CVE-2021-0145,"Improper initialization of shared resources in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.",Released
20220210,CVE-2021-33120,3.6,5.4,1195781,microcode_ctl,https://www.suse.com/security/cve/CVE-2021-33120,"Out of bounds read under complex microarchitectural condition in memory subsystem for some Intel Atom(R) Processors may allow authenticated user to potentially enable information disclosure or cause denial of service via network access.",Released
20220213,CVE-2013-2439,-1,-1,927126,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2013-2439,"Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, 5.0 Update 41 and earlier, and JavaFX 2.2.7 and earlier allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Install.",Analysis
20220216,CVE-2022-24407,8.8,8.8,1196036,cyrus-sasl,https://www.suse.com/security/cve/CVE-2022-24407,"In Cyrus SASL 2.1.17 through 2.1.27 before 2.1.28, plugins/sql.c does not escape the password for a SQL INSERT or UPDATE statement.",Released
20220216,CVE-2022-25235,7.5,9.8,1196026,expat,https://www.suse.com/security/cve/CVE-2022-25235,"xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context.",Released
20220216,CVE-2022-25236,7.5,9.8,1196025,expat,https://www.suse.com/security/cve/CVE-2022-25236,"xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs.",Released
20220217,CVE-2022-0617,5.5,5.5,1196079,kernel-source,https://www.suse.com/security/cve/CVE-2022-0617,"A flaw null pointer dereference in the Linux kernel UDF file system functionality was found in the way user triggers udf_file_write_iter function for the malicious UDF image. A local user could use this flaw to crash the system. Actual from Linux kernel 4.2-rc1 till 5.17-rc2.",Released
20220218,CVE-2021-4217,4.7,3.3,1196175,unzip,https://www.suse.com/security/cve/CVE-2021-4217,"A flaw was found in unzip. The vulnerability occurs due to improper handling of Unicode strings, which can lead to a null pointer dereference. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution.",Released
20220218,CVE-2022-0529,4.7,5.5,1196180,unzip,https://www.suse.com/security/cve/CVE-2022-0529,"A flaw was found in Unzip. The vulnerability occurs during the conversion of a wide string to a local string that leads to a heap of out-of-bound write. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution.",Released
20220218,CVE-2022-0530,4.7,5.5,1196177,unzip,https://www.suse.com/security/cve/CVE-2022-0530,"A flaw was found in Unzip. The vulnerability occurs during the conversion of a wide string to a local string that leads to a heap of out-of-bound write. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution.",Released
20220218,CVE-2022-25265,,7.8,1196134,gcc33,https://www.suse.com/security/cve/CVE-2022-25265,"In the Linux kernel through 5.16.10, certain binary files may have the exec-all attribute if they were built in approximately 2003 (e.g., with GCC 3.2.2 and Linux kernel 2.4.20). This can cause execution of bytes located in supposedly non-executable regions of a file.",Ignore
20220218,CVE-2022-25308,6.1,7.8,1196147,fribidi,https://www.suse.com/security/cve/CVE-2022-25308,"A stack-based buffer overflow flaw was found in the Fribidi package. This flaw allows an attacker to pass a specially crafted file to the Fribidi application, which leads to a possible memory leak or a denial of service.",Released
20220218,CVE-2022-25309,6.6,5.5,1196148,fribidi,https://www.suse.com/security/cve/CVE-2022-25309,"A heap-based buffer overflow flaw was found in the Fribidi package and affects the fribidi_cap_rtl_to_unicode() function of the fribidi-char-sets-cap-rtl.c file. This flaw allows an attacker to pass a specially crafted file to the Fribidi application with the '--caprtl' option, leading to a crash and causing a denial of service.",Released
20220218,CVE-2022-25310,5.5,5.5,1196150,fribidi,https://www.suse.com/security/cve/CVE-2022-25310,"A segmentation fault (SEGV) flaw was found in the Fribidi package and affects the fribidi_remove_bidi_marks() function of the lib/fribidi.c file. This flaw allows an attacker to pass a specially crafted file to Fribidi, leading to a crash and causing a denial of service.",Released
20220218,CVE-2022-25313,6.5,6.5,1196168,expat,https://www.suse.com/security/cve/CVE-2022-25313,"In Expat (aka libexpat) before 2.4.5, an attacker can trigger stack exhaustion in build_model via a large nesting depth in the DTD element.",Released
20220218,CVE-2022-25314,8.8,7.5,1196169,expat,https://www.suse.com/security/cve/CVE-2022-25314,"In Expat (aka libexpat) before 2.4.5, there is an integer overflow in copyString.",Released
20220218,CVE-2022-25315,8.8,9.8,1196171,expat,https://www.suse.com/security/cve/CVE-2022-25315,"In Expat (aka libexpat) before 2.4.5, there is an integer overflow in storeRawNames.",Released
20220223,CVE-2022-0696,3.3,5.5,1196361,vim,https://www.suse.com/security/cve/CVE-2022-0696,"NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.4428.",Unsupported
20220225,CVE-2022-21349,5.3,5.3,1196500,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2022-21349,"Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: 2D). Supported versions that are affected are Oracle Java SE: 7u321, 8u311; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).",Released
20220225,CVE-2022-23308,7,7.5,1196490,libxml2,https://www.suse.com/security/cve/CVE-2022-23308,"valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes.",Released
20220225,CVE-2022-23308,7,7.5,1196490,libxml2-python,https://www.suse.com/security/cve/CVE-2022-23308,"valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes.",Released
20220225,CVE-2022-24599,4.4,6.5,1196487,audiofile,https://www.suse.com/security/cve/CVE-2022-24599,"In autofile Audio File Library 0.3.6, there exists one memory leak vulnerability in printfileinfo, in printinfo.c, which allows an attacker to leak sensitive information via a crafted file. The printfileinfo function calls the copyrightstring function to get data, however, it dosn't use zero bytes to truncate the data.",Affected
20220301,CVE-2021-45346,3.1,4.3,1196611,sqlite3,https://www.suse.com/security/cve/CVE-2021-45346,"** DISPUTED ** A Memory Leak vulnerability exists in SQLite Project SQLite3 3.35.1 and 3.37.0 via maliciously crafted SQL Queries (made via editing the Database File), it is possible to query a record, and leak subsequent bytes of memory that extend beyond the record, which could let a malicious user obtain sensitive information. NOTE: The developer disputes this as a vulnerability stating that If you give SQLite a corrupted database file and submit a query against the database, it might read parts of the database that you did not intend or expect.",Ignore
20220302,CVE-2021-0561,5.5,5.5,1196660,flac,https://www.suse.com/security/cve/CVE-2021-0561,"In append_to_verify_fifo_interleaved_ of stream_encoder.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-174302683",Released
20220307,CVE-2022-23036,7.5,7,1196488,kernel-source,https://www.suse.com/security/cve/CVE-2022-23036,"Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access rights of the backends in ways being subject to race conditions, resulting in potential data leaks, data corruption by malicious backends, and denial of service triggered by malicious backends: blkfront, netfront, scsifront and the gntalloc driver are testing whether a grant reference is still in use. If this is not the case, they assume that a following removal of the granted access will always succeed, which is not true in case the backend has mapped the granted page between those two operations. As a result the backend can keep access to the memory page of the guest no matter how the page will be used after the frontend I/O has finished. The xenbus driver has a similar problem, as it doesn't check the success of removing the granted access of a shared ring buffer. blkfront: CVE-2022-23036 netfront: CVE-2022-23037 scsifront: CVE-2022-23038 gntalloc: CVE-2022-23039 xenbus: CVE-2022-23040 blkfront, netfront, scsifront, usbfront, dmabuf, xenbus, 9p, kbdfront, and pvcalls are using a functionality to delay freeing a grant reference until it is no longer in use, but the freeing of the related data page is not synchronized with dropping the granted access. As a result the backend can keep access to the memory page even after it has been freed and then re-used for a different purpose. CVE-2022-23041 netfront will fail a BUG_ON() assertion if it fails to revoke access in the rx path. This will result in a Denial of Service (DoS) situation of the guest which can be triggered by the backend. CVE-2022-23042",Unsupported
20220308,CVE-2022-0778,7.5,7.5,1196877,openssl,https://www.suse.com/security/cve/CVE-2022-0778,"The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form. It is possible to trigger the infinite loop by crafting a certificate that has invalid explicit curve parameters. Since certificate parsing happens prior to verification of the certificate signature, any process that parses an externally supplied certificate may thus be subject to a denial of service attack. The infinite loop can also be reached when parsing crafted private keys as they can contain explicit elliptic curve parameters. Thus vulnerable situations include: - TLS clients consuming server certificates - TLS servers consuming client certificates - Hosting providers taking certificates or private keys from customers - Certificate authorities parsing certification requests from subscribers - Anything else which parses ASN.1 elliptic curve parameters Also any other applications that use the BN_mod_sqrt() where the attacker can control the parameter values are vulnerable to this DoS issue. In the OpenSSL 1.0.2 version the public key is not parsed during initial parsing of the certificate which makes it slightly harder to trigger the infinite loop. However any operation which requires the public key from the certificate will trigger the infinite loop. In particular the attacker can use a self-signed certificate to trigger the loop during verification of the certificate signature. This issue affects OpenSSL versions 1.0.2, 1.1.1 and 3.0. It was addressed in the releases of 1.1.1n and 3.0.2 on the 15th March 2022. Fixed in OpenSSL 3.0.2 (Affected 3.0.0,3.0.1). Fixed in OpenSSL 1.1.1n (Affected 1.1.1-1.1.1m). Fixed in OpenSSL 1.0.2zd (Affected 1.0.2-1.0.2zc).",Released
20220309,CVE-2016-20013,,7.5,1196928,glibc,https://www.suse.com/security/cve/CVE-2016-20013,"sha256crypt and sha512crypt through 0.6 allow attackers to cause a denial of service (CPU consumption) because the algorithm's runtime is proportional to the square of the length of the password.",Won't fix
20220309,CVE-2021-26341,4.7,6.5,1196901,kernel-bigmem,https://www.suse.com/security/cve/CVE-2021-26341,"Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result in data leakage.",Released
20220309,CVE-2021-26341,4.7,6.5,1196901,kernel-default,https://www.suse.com/security/cve/CVE-2021-26341,"Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result in data leakage.",Released
20220309,CVE-2021-26341,4.7,6.5,1196901,kernel-ec2,https://www.suse.com/security/cve/CVE-2021-26341,"Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result in data leakage.",Released
20220309,CVE-2021-26341,4.7,6.5,1196901,kernel-pae,https://www.suse.com/security/cve/CVE-2021-26341,"Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result in data leakage.",Released
20220309,CVE-2021-26341,4.7,6.5,1196901,kernel-ppc64,https://www.suse.com/security/cve/CVE-2021-26341,"Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result in data leakage.",Released
20220309,CVE-2021-26341,4.7,6.5,1196901,kernel-source,https://www.suse.com/security/cve/CVE-2021-26341,"Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result in data leakage.",Released
20220309,CVE-2021-26341,4.7,6.5,1196901,kernel-syms,https://www.suse.com/security/cve/CVE-2021-26341,"Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result in data leakage.",Released
20220309,CVE-2021-26341,4.7,6.5,1196901,kernel-trace,https://www.suse.com/security/cve/CVE-2021-26341,"Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result in data leakage.",Released
20220309,CVE-2021-26341,4.7,6.5,1196901,kernel-xen,https://www.suse.com/security/cve/CVE-2021-26341,"Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result in data leakage.",Released
20220309,CVE-2021-26341,4.7,6.5,1196901,xen,https://www.suse.com/security/cve/CVE-2021-26341,"Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result in data leakage.",Unsupported
20220310,CVE-2021-39713,7.4,7,1196973,kernel-bigmem,https://www.suse.com/security/cve/CVE-2021-39713,"Product: AndroidVersions: Android kernelAndroid ID: A-173788806References: Upstream kernel",Released
20220310,CVE-2021-39713,7.4,7,1196973,kernel-default,https://www.suse.com/security/cve/CVE-2021-39713,"Product: AndroidVersions: Android kernelAndroid ID: A-173788806References: Upstream kernel",Released
20220310,CVE-2021-39713,7.4,7,1196973,kernel-ec2,https://www.suse.com/security/cve/CVE-2021-39713,"Product: AndroidVersions: Android kernelAndroid ID: A-173788806References: Upstream kernel",Released
20220310,CVE-2021-39713,7.4,7,1196973,kernel-pae,https://www.suse.com/security/cve/CVE-2021-39713,"Product: AndroidVersions: Android kernelAndroid ID: A-173788806References: Upstream kernel",Released
20220310,CVE-2021-39713,7.4,7,1196973,kernel-ppc64,https://www.suse.com/security/cve/CVE-2021-39713,"Product: AndroidVersions: Android kernelAndroid ID: A-173788806References: Upstream kernel",Released
20220310,CVE-2021-39713,7.4,7,1196973,kernel-source,https://www.suse.com/security/cve/CVE-2021-39713,"Product: AndroidVersions: Android kernelAndroid ID: A-173788806References: Upstream kernel",Released
20220310,CVE-2021-39713,7.4,7,1196973,kernel-syms,https://www.suse.com/security/cve/CVE-2021-39713,"Product: AndroidVersions: Android kernelAndroid ID: A-173788806References: Upstream kernel",Released
20220310,CVE-2021-39713,7.4,7,1196973,kernel-trace,https://www.suse.com/security/cve/CVE-2021-39713,"Product: AndroidVersions: Android kernelAndroid ID: A-173788806References: Upstream kernel",Released
20220310,CVE-2021-39713,7.4,7,1196973,kernel-xen,https://www.suse.com/security/cve/CVE-2021-39713,"Product: AndroidVersions: Android kernelAndroid ID: A-173788806References: Upstream kernel",Released
20220310,CVE-2022-24713,4.3,7.5,1196972,mozilla-nss,https://www.suse.com/security/cve/CVE-2022-24713,"regex is an implementation of regular expressions for the Rust language. The regex crate features built-in mitigations to prevent denial of service attacks caused by untrusted regexes, or untrusted input matched by trusted regexes. Those (tunable) mitigations already provide sane defaults to prevent attacks. This guarantee is documented and it's considered part of the crate's API. Unfortunately a bug was discovered in the mitigations designed to prevent untrusted regexes to take an arbitrary amount of time during parsing, and it's possible to craft regexes that bypass such mitigations. This makes it possible to perform denial of service attacks by sending specially crafted regexes to services accepting user-controlled, untrusted regexes. All versions of the regex crate before or equal to 1.5.4 are affected by this issue. The fix is include starting from regex 1.5.5. All users accepting user-controlled regexes are recommended to upgrade immediately to the latest version of the regex crate. Unfortunately there is no fixed set of problematic regexes, as there are practically infinite regexes that could be crafted to exploit this vulnerability. Because of this, it us not recommend to deny known problematic regexes.",Released
20220311,CVE-2022-0856,5.3,6.5,1197028,libcaca,https://www.suse.com/security/cve/CVE-2022-0856,"libcaca is affected by a Divide By Zero issue via img2txt, which allows a remote malicious user to cause a Denial of Service",Released
20220314,CVE-2022-0924,6.2,5.5,1197073,tiff,https://www.suse.com/security/cve/CVE-2022-0924,"Out-of-bounds Read error in tiffcp in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 408976c4.",Released
20220314,CVE-2022-22720,7.4,9.8,1197095,apache2,https://www.suse.com/security/cve/CVE-2022-22720,"Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling",Released
20220314,CVE-2022-22721,7.4,9.1,1197096,apache2,https://www.suse.com/security/cve/CVE-2022-22721,"If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server 2.4.52 and earlier.",Released
20220315,CVE-2021-25220,6.8,6.8,1197135,bind,https://www.suse.com/security/cve/CVE-2021-25220,"BIND 9.11.0 -> 9.11.36 9.12.0 -> 9.16.26 9.17.0 -> 9.18.0 BIND Supported Preview Editions: 9.11.4-S1 -> 9.11.36-S1 9.16.8-S1 -> 9.16.26-S1 Versions of BIND 9 earlier than those shown - back to 9.1.0, including Supported Preview Editions - are also believed to be affected but have not been tested as they are EOL. The cache could become poisoned with incorrect records leading to queries being made to the wrong servers, which might also result in false information being returned to clients.",Released
20220315,CVE-2022-21271,5.3,5.3,1197126,java-1_7_1-ibm,https://www.suse.com/security/cve/CVE-2022-21271,"Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).",Released
20220317,CVE-2022-0987,3.3,3.3,1197226,PackageKit,https://www.suse.com/security/cve/CVE-2022-0987,"A flaw was found in PackageKit in the way some of the methods exposed by the Transaction interface examines files. This issue allows a local user to measure the time the methods take to execute and know whether a file owned by root or other users exists.",Analysis
20220318,CVE-2022-27239,6.7,7.8,1197216,cifs-utils,https://www.suse.com/security/cve/CVE-2022-27239,"In cifs-utils through 6.14, a stack-based buffer overflow when parsing the mount.cifs ip= command-line argument could lead to local attackers gaining root privileges.",Released
20220321,CVE-2021-45868,5.1,5.5,1197366,kernel-bigmem,https://www.suse.com/security/cve/CVE-2021-45868,"In the Linux kernel before 5.15.3, fs/quota/quota_tree.c does not validate the block number in the quota tree (on disk). This can, for example, lead to a kernel/locking/rwsem.c use-after-free if there is a corrupted quota file.",Released
20220321,CVE-2021-45868,5.1,5.5,1197366,kernel-default,https://www.suse.com/security/cve/CVE-2021-45868,"In the Linux kernel before 5.15.3, fs/quota/quota_tree.c does not validate the block number in the quota tree (on disk). This can, for example, lead to a kernel/locking/rwsem.c use-after-free if there is a corrupted quota file.",Released
20220321,CVE-2021-45868,5.1,5.5,1197366,kernel-ec2,https://www.suse.com/security/cve/CVE-2021-45868,"In the Linux kernel before 5.15.3, fs/quota/quota_tree.c does not validate the block number in the quota tree (on disk). This can, for example, lead to a kernel/locking/rwsem.c use-after-free if there is a corrupted quota file.",Released
20220321,CVE-2021-45868,5.1,5.5,1197366,kernel-pae,https://www.suse.com/security/cve/CVE-2021-45868,"In the Linux kernel before 5.15.3, fs/quota/quota_tree.c does not validate the block number in the quota tree (on disk). This can, for example, lead to a kernel/locking/rwsem.c use-after-free if there is a corrupted quota file.",Released
20220321,CVE-2021-45868,5.1,5.5,1197366,kernel-ppc64,https://www.suse.com/security/cve/CVE-2021-45868,"In the Linux kernel before 5.15.3, fs/quota/quota_tree.c does not validate the block number in the quota tree (on disk). This can, for example, lead to a kernel/locking/rwsem.c use-after-free if there is a corrupted quota file.",Released
20220321,CVE-2021-45868,5.1,5.5,1197366,kernel-source,https://www.suse.com/security/cve/CVE-2021-45868,"In the Linux kernel before 5.15.3, fs/quota/quota_tree.c does not validate the block number in the quota tree (on disk). This can, for example, lead to a kernel/locking/rwsem.c use-after-free if there is a corrupted quota file.",Released
20220321,CVE-2021-45868,5.1,5.5,1197366,kernel-syms,https://www.suse.com/security/cve/CVE-2021-45868,"In the Linux kernel before 5.15.3, fs/quota/quota_tree.c does not validate the block number in the quota tree (on disk). This can, for example, lead to a kernel/locking/rwsem.c use-after-free if there is a corrupted quota file.",Released
20220321,CVE-2021-45868,5.1,5.5,1197366,kernel-trace,https://www.suse.com/security/cve/CVE-2021-45868,"In the Linux kernel before 5.15.3, fs/quota/quota_tree.c does not validate the block number in the quota tree (on disk). This can, for example, lead to a kernel/locking/rwsem.c use-after-free if there is a corrupted quota file.",Released
20220321,CVE-2021-45868,5.1,5.5,1197366,kernel-xen,https://www.suse.com/security/cve/CVE-2021-45868,"In the Linux kernel before 5.15.3, fs/quota/quota_tree.c does not validate the block number in the quota tree (on disk). This can, for example, lead to a kernel/locking/rwsem.c use-after-free if there is a corrupted quota file.",Released
20220321,CVE-2022-1011,7,7.8,1197343,kernel-bigmem,https://www.suse.com/security/cve/CVE-2022-1011,"A use-after-free flaw was found in the Linux kernel’s FUSE filesystem in the way a user triggers write(). This flaw allows a local user to gain unauthorized access to data from the FUSE filesystem, resulting in privilege escalation.",Released
20220321,CVE-2022-1011,7,7.8,1197343,kernel-default,https://www.suse.com/security/cve/CVE-2022-1011,"A use-after-free flaw was found in the Linux kernel’s FUSE filesystem in the way a user triggers write(). This flaw allows a local user to gain unauthorized access to data from the FUSE filesystem, resulting in privilege escalation.",Released
20220321,CVE-2022-1011,7,7.8,1197343,kernel-ec2,https://www.suse.com/security/cve/CVE-2022-1011,"A use-after-free flaw was found in the Linux kernel’s FUSE filesystem in the way a user triggers write(). This flaw allows a local user to gain unauthorized access to data from the FUSE filesystem, resulting in privilege escalation.",Released
20220321,CVE-2022-1011,7,7.8,1197343,kernel-pae,https://www.suse.com/security/cve/CVE-2022-1011,"A use-after-free flaw was found in the Linux kernel’s FUSE filesystem in the way a user triggers write(). This flaw allows a local user to gain unauthorized access to data from the FUSE filesystem, resulting in privilege escalation.",Released
20220321,CVE-2022-1011,7,7.8,1197343,kernel-ppc64,https://www.suse.com/security/cve/CVE-2022-1011,"A use-after-free flaw was found in the Linux kernel’s FUSE filesystem in the way a user triggers write(). This flaw allows a local user to gain unauthorized access to data from the FUSE filesystem, resulting in privilege escalation.",Released
20220321,CVE-2022-1011,7,7.8,1197343,kernel-source,https://www.suse.com/security/cve/CVE-2022-1011,"A use-after-free flaw was found in the Linux kernel’s FUSE filesystem in the way a user triggers write(). This flaw allows a local user to gain unauthorized access to data from the FUSE filesystem, resulting in privilege escalation.",Released
20220321,CVE-2022-1011,7,7.8,1197343,kernel-syms,https://www.suse.com/security/cve/CVE-2022-1011,"A use-after-free flaw was found in the Linux kernel’s FUSE filesystem in the way a user triggers write(). This flaw allows a local user to gain unauthorized access to data from the FUSE filesystem, resulting in privilege escalation.",Released
20220321,CVE-2022-1011,7,7.8,1197343,kernel-trace,https://www.suse.com/security/cve/CVE-2022-1011,"A use-after-free flaw was found in the Linux kernel’s FUSE filesystem in the way a user triggers write(). This flaw allows a local user to gain unauthorized access to data from the FUSE filesystem, resulting in privilege escalation.",Released
20220321,CVE-2022-1011,7,7.8,1197343,kernel-xen,https://www.suse.com/security/cve/CVE-2022-1011,"A use-after-free flaw was found in the Linux kernel’s FUSE filesystem in the way a user triggers write(). This flaw allows a local user to gain unauthorized access to data from the FUSE filesystem, resulting in privilege escalation.",Released
20220322,CVE-2022-1048,7.4,7,1197331,kernel-bigmem,https://www.suse.com/security/cve/CVE-2022-1048,"A use-after-free flaw was found in the Linux kernel’s sound subsystem in the way a user triggers concurrent calls of PCM hw_params. The hw_free ioctls or similar race condition happens inside ALSA PCM for other ioctls. This flaw allows a local user to crash or potentially escalate their privileges on the system.",Released
20220322,CVE-2022-1048,7.4,7,1197331,kernel-default,https://www.suse.com/security/cve/CVE-2022-1048,"A use-after-free flaw was found in the Linux kernel’s sound subsystem in the way a user triggers concurrent calls of PCM hw_params. The hw_free ioctls or similar race condition happens inside ALSA PCM for other ioctls. This flaw allows a local user to crash or potentially escalate their privileges on the system.",Released
20220322,CVE-2022-1048,7.4,7,1197331,kernel-ec2,https://www.suse.com/security/cve/CVE-2022-1048,"A use-after-free flaw was found in the Linux kernel’s sound subsystem in the way a user triggers concurrent calls of PCM hw_params. The hw_free ioctls or similar race condition happens inside ALSA PCM for other ioctls. This flaw allows a local user to crash or potentially escalate their privileges on the system.",Released
20220322,CVE-2022-1048,7.4,7,1197331,kernel-pae,https://www.suse.com/security/cve/CVE-2022-1048,"A use-after-free flaw was found in the Linux kernel’s sound subsystem in the way a user triggers concurrent calls of PCM hw_params. The hw_free ioctls or similar race condition happens inside ALSA PCM for other ioctls. This flaw allows a local user to crash or potentially escalate their privileges on the system.",Released
20220322,CVE-2022-1048,7.4,7,1197331,kernel-ppc64,https://www.suse.com/security/cve/CVE-2022-1048,"A use-after-free flaw was found in the Linux kernel’s sound subsystem in the way a user triggers concurrent calls of PCM hw_params. The hw_free ioctls or similar race condition happens inside ALSA PCM for other ioctls. This flaw allows a local user to crash or potentially escalate their privileges on the system.",Released
20220322,CVE-2022-1048,7.4,7,1197331,kernel-source,https://www.suse.com/security/cve/CVE-2022-1048,"A use-after-free flaw was found in the Linux kernel’s sound subsystem in the way a user triggers concurrent calls of PCM hw_params. The hw_free ioctls or similar race condition happens inside ALSA PCM for other ioctls. This flaw allows a local user to crash or potentially escalate their privileges on the system.",Released
20220322,CVE-2022-1048,7.4,7,1197331,kernel-syms,https://www.suse.com/security/cve/CVE-2022-1048,"A use-after-free flaw was found in the Linux kernel’s sound subsystem in the way a user triggers concurrent calls of PCM hw_params. The hw_free ioctls or similar race condition happens inside ALSA PCM for other ioctls. This flaw allows a local user to crash or potentially escalate their privileges on the system.",Released
20220322,CVE-2022-1048,7.4,7,1197331,kernel-trace,https://www.suse.com/security/cve/CVE-2022-1048,"A use-after-free flaw was found in the Linux kernel’s sound subsystem in the way a user triggers concurrent calls of PCM hw_params. The hw_free ioctls or similar race condition happens inside ALSA PCM for other ioctls. This flaw allows a local user to crash or potentially escalate their privileges on the system.",Released
20220322,CVE-2022-1048,7.4,7,1197331,kernel-xen,https://www.suse.com/security/cve/CVE-2022-1048,"A use-after-free flaw was found in the Linux kernel’s sound subsystem in the way a user triggers concurrent calls of PCM hw_params. The hw_free ioctls or similar race condition happens inside ALSA PCM for other ioctls. This flaw allows a local user to crash or potentially escalate their privileges on the system.",Released
20220323,CVE-2022-26356,6.7,5.6,1197423,xen,https://www.suse.com/security/cve/CVE-2022-26356,"Racy interactions between dirty vram tracking and paging log dirty hypercalls Activation of log dirty mode done by XEN_DMOP_track_dirty_vram (was named HVMOP_track_dirty_vram before Xen 4.9) is racy with ongoing log dirty hypercalls. A suitably timed call to XEN_DMOP_track_dirty_vram can enable log dirty while another CPU is still in the process of tearing down the structures related to a previously enabled log dirty mode (XEN_DOMCTL_SHADOW_OP_OFF). This is due to lack of mutually exclusive locking between both operations and can lead to entries being added in already freed slots, resulting in a memory leak.",Unsupported
20220323,CVE-2022-26358,5.7,7.8,1197426,xen,https://www.suse.com/security/cve/CVE-2022-26358,"IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Certain PCI devices in a system might be assigned Reserved Memory Regions (specified via Reserved Memory Region Reporting, \"RMRR\") for Intel VT-d or Unity Mapping ranges for AMD-Vi. These are typically used for platform tasks such as legacy USB emulation. Since the precise purpose of these regions is unknown, once a device associated with such a region is active, the mappings of these regions need to remain continuouly accessible by the device. This requirement has been violated. Subsequent DMA or interrupts from the device may have unpredictable behaviour, ranging from IOMMU faults to memory corruption.",Unsupported
20220323,CVE-2022-26359,5.7,7.8,1197426,xen,https://www.suse.com/security/cve/CVE-2022-26359,"IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Certain PCI devices in a system might be assigned Reserved Memory Regions (specified via Reserved Memory Region Reporting, \"RMRR\") for Intel VT-d or Unity Mapping ranges for AMD-Vi. These are typically used for platform tasks such as legacy USB emulation. Since the precise purpose of these regions is unknown, once a device associated with such a region is active, the mappings of these regions need to remain continuouly accessible by the device. This requirement has been violated. Subsequent DMA or interrupts from the device may have unpredictable behaviour, ranging from IOMMU faults to memory corruption.",Unsupported
20220323,CVE-2022-26360,5.7,7.8,1197426,xen,https://www.suse.com/security/cve/CVE-2022-26360,"IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Certain PCI devices in a system might be assigned Reserved Memory Regions (specified via Reserved Memory Region Reporting, \"RMRR\") for Intel VT-d or Unity Mapping ranges for AMD-Vi. These are typically used for platform tasks such as legacy USB emulation. Since the precise purpose of these regions is unknown, once a device associated with such a region is active, the mappings of these regions need to remain continuouly accessible by the device. This requirement has been violated. Subsequent DMA or interrupts from the device may have unpredictable behaviour, ranging from IOMMU faults to memory corruption.",Unsupported
20220323,CVE-2022-26361,5.7,7.8,1197426,xen,https://www.suse.com/security/cve/CVE-2022-26361,"IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Certain PCI devices in a system might be assigned Reserved Memory Regions (specified via Reserved Memory Region Reporting, \"RMRR\") for Intel VT-d or Unity Mapping ranges for AMD-Vi. These are typically used for platform tasks such as legacy USB emulation. Since the precise purpose of these regions is unknown, once a device associated with such a region is active, the mappings of these regions need to remain continuouly accessible by the device. This requirement has been violated. Subsequent DMA or interrupts from the device may have unpredictable behaviour, ranging from IOMMU faults to memory corruption.",Unsupported
20220328,CVE-2018-25032,8.1,7.5,1197459,zlib,https://www.suse.com/security/cve/CVE-2018-25032,"zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.",Released
20220329,CVE-2022-0897,5.5,4.3,1197636,libvirt,https://www.suse.com/security/cve/CVE-2022-0897,"A flaw was found in the libvirt nwfilter driver. The virNWFilterObjListNumOfNWFilters method failed to acquire the driver->nwfilters mutex before iterating over virNWFilterObj instances. There was no protection to stop another thread from concurrently modifying the driver->nwfilters object. This flaw allows a malicious, unprivileged user to exploit this issue via libvirt's API virConnectNumOfNWFilters to crash the network filter management daemon (libvirtd/virtnwfilterd).",Unsupported
20220331,CVE-2022-0934,6.5,7.5,1197872,dnsmasq,https://www.suse.com/security/cve/CVE-2022-0934,"A single-byte, non-arbitrary write/use-after-free flaw was found in dnsmasq. This flaw allows an attacker who sends a crafted packet processed by dnsmasq, potentially causing a denial of service.",Released
20220404,CVE-2021-33657,7.8,8.8,1198001,SDL,https://www.suse.com/security/cve/CVE-2021-33657,"There is a heap overflow problem in video/SDL_pixels.c in SDL (Simple DirectMedia Layer) 2.x to 2.0.18 versions. By crafting a malicious .BMP file, an attacker can cause the application using this library to crash, denial of service or Code execution.",Released
20220404,CVE-2021-4206,7.5,8.2,1198035,kvm,https://www.suse.com/security/cve/CVE-2021-4206,"A flaw was found in the QXL display device emulation in QEMU. An integer overflow in the cursor_alloc() function can lead to the allocation of a small cursor object followed by a subsequent heap-based buffer overflow. This flaw allows a malicious privileged guest user to crash the QEMU process on the host or potentially execute arbitrary code within the context of the QEMU process.",Ignore
20220404,CVE-2021-4207,7.5,8.2,1198037,kvm,https://www.suse.com/security/cve/CVE-2021-4207,"A flaw was found in the QXL display device emulation in QEMU. A double fetch of guest controlled values `cursor->header.width` and `cursor->header.height` can lead to the allocation of a small cursor object followed by a subsequent heap-based buffer overflow. A malicious privileged guest user could use this flaw to crash the QEMU process on the host or potentially execute arbitrary code within the context of the QEMU process.",Won't fix
20220404,CVE-2022-0216,5.3,4.4,1198038,kvm,https://www.suse.com/security/cve/CVE-2022-0216,"A use-after-free vulnerability was found in the LSI53C895A SCSI Host Bus Adapter emulation of QEMU. The flaw occurs while processing repeated messages to cancel the current SCSI request via the lsi_do_msgout function. This flaw allows a malicious privileged user within the guest to crash the QEMU process on the host, resulting in a denial of service.",Affected
20220404,CVE-2022-28356,5.5,5.5,1197391,kernel-bigmem,https://www.suse.com/security/cve/CVE-2022-28356,"In the Linux kernel before 5.17.1, a refcount leak bug was found in net/llc/af_llc.c.",Released
20220404,CVE-2022-28356,5.5,5.5,1197391,kernel-default,https://www.suse.com/security/cve/CVE-2022-28356,"In the Linux kernel before 5.17.1, a refcount leak bug was found in net/llc/af_llc.c.",Released
20220404,CVE-2022-28356,5.5,5.5,1197391,kernel-ec2,https://www.suse.com/security/cve/CVE-2022-28356,"In the Linux kernel before 5.17.1, a refcount leak bug was found in net/llc/af_llc.c.",Released
20220404,CVE-2022-28356,5.5,5.5,1197391,kernel-pae,https://www.suse.com/security/cve/CVE-2022-28356,"In the Linux kernel before 5.17.1, a refcount leak bug was found in net/llc/af_llc.c.",Released
20220404,CVE-2022-28356,5.5,5.5,1197391,kernel-ppc64,https://www.suse.com/security/cve/CVE-2022-28356,"In the Linux kernel before 5.17.1, a refcount leak bug was found in net/llc/af_llc.c.",Released
20220404,CVE-2022-28356,5.5,5.5,1197391,kernel-source,https://www.suse.com/security/cve/CVE-2022-28356,"In the Linux kernel before 5.17.1, a refcount leak bug was found in net/llc/af_llc.c.",Released
20220404,CVE-2022-28356,5.5,5.5,1197391,kernel-syms,https://www.suse.com/security/cve/CVE-2022-28356,"In the Linux kernel before 5.17.1, a refcount leak bug was found in net/llc/af_llc.c.",Released
20220404,CVE-2022-28356,5.5,5.5,1197391,kernel-trace,https://www.suse.com/security/cve/CVE-2022-28356,"In the Linux kernel before 5.17.1, a refcount leak bug was found in net/llc/af_llc.c.",Released
20220404,CVE-2022-28356,5.5,5.5,1197391,kernel-xen,https://www.suse.com/security/cve/CVE-2022-28356,"In the Linux kernel before 5.17.1, a refcount leak bug was found in net/llc/af_llc.c.",Released
20220405,CVE-2022-28391,7.5,8.8,1198092,busybox,https://www.suse.com/security/cve/CVE-2022-28391,"BusyBox through 1.35.0 allows remote attackers to execute arbitrary code if netstat is used to print a DNS PTR record's value to a VT compatible terminal. Alternatively, the attacker could choose to change the terminal's colors.",Unsupported
20220408,CVE-2022-1271,8.4,8.8,1198062,gzip,https://www.suse.com/security/cve/CVE-2022-1271,"An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name (for example, a crafted file name), this can overwrite an attacker's content to an arbitrary attacker-selected file. This flaw occurs due to insufficient validation when processing filenames with two or more newlines where selected content and the target file names are embedded in crafted multi-line file names. This flaw allows a remote, low privileged attacker to force zgrep to write arbitrary files on the system.",Released
20220408,CVE-2022-1271,8.4,8.8,1198062,xz,https://www.suse.com/security/cve/CVE-2022-1271,"An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name (for example, a crafted file name), this can overwrite an attacker's content to an arbitrary attacker-selected file. This flaw occurs due to insufficient validation when processing filenames with two or more newlines where selected content and the target file names are embedded in crafted multi-line file names. This flaw allows a remote, low privileged attacker to force zgrep to write arbitrary files on the system.",Released
20220412,CVE-2022-24795,5.9,5.9,1198405,libyajl,https://www.suse.com/security/cve/CVE-2022-24795,"yajl-ruby is a C binding to the YAJL JSON parsing and generation library. The 1.x branch and the 2.x branch of `yajl` contain an integer overflow which leads to subsequent heap memory corruption when dealing with large (~2GB) inputs. The reallocation logic at `yajl_buf.c#L64` may result in the `need` 32bit integer wrapping to 0 when `need` approaches a value of 0x80000000 (i.e. ~2GB of data), which results in a reallocation of buf->alloc into a small heap chunk. These integers are declared as `size_t` in the 2.x branch of `yajl`, which practically prevents the issue from triggering on 64bit platforms, however this does not preclude this issue triggering on 32bit builds on which `size_t` is a 32bit integer. Subsequent population of this under-allocated heap chunk is based on the original buffer size, leading to heap memory corruption. This vulnerability mostly impacts process availability. Maintainers believe exploitation for arbitrary code execution is unlikely. A patch is available and anticipated to be part of yajl-ruby version 1.4.2. As a workaround, avoid passing large inputs to YAJL.",Released
20220413,CVE-2022-28739,6.2,7.5,1198441,ruby,https://www.suse.com/security/cve/CVE-2022-28739,"There is a buffer over-read in Ruby before 2.6.10, 2.7.x before 2.7.6, 3.x before 3.0.4, and 3.1.x before 3.1.2. It occurs in String-to-Float conversion, including Kernel#Float and String#to_f.",Won't fix
20220415,CVE-2015-20107,7.1,7.6,1198511,python-base,https://www.suse.com/security/cve/CVE-2015-20107,"In Python (aka CPython) up to 3.10.8, the mailcap module does not add escape characters into commands discovered in the system mailcap file. This may allow attackers to inject shell commands into applications that call mailcap.findmatch with untrusted input (if they lack validation of user-provided filenames or arguments). The fix is also back-ported to 3.7, 3.8, 3.9",Released
20220415,CVE-2015-20107,7.1,7.6,1198511,python-doc,https://www.suse.com/security/cve/CVE-2015-20107,"In Python (aka CPython) up to 3.10.8, the mailcap module does not add escape characters into commands discovered in the system mailcap file. This may allow attackers to inject shell commands into applications that call mailcap.findmatch with untrusted input (if they lack validation of user-provided filenames or arguments). The fix is also back-ported to 3.7, 3.8, 3.9",Released
20220415,CVE-2015-20107,7.1,7.6,1198511,python,https://www.suse.com/security/cve/CVE-2015-20107,"In Python (aka CPython) up to 3.10.8, the mailcap module does not add escape characters into commands discovered in the system mailcap file. This may allow attackers to inject shell commands into applications that call mailcap.findmatch with untrusted input (if they lack validation of user-provided filenames or arguments). The fix is also back-ported to 3.7, 3.8, 3.9",Released
20220415,CVE-2022-1328,5.5,5.3,1198518,mutt,https://www.suse.com/security/cve/CVE-2022-1328,"Buffer Overflow in uudecoder in Mutt affecting all versions starting from 0.94.13 before 2.2.3 allows read past end of input line",Released
20220415,CVE-2022-1353,6.1,7.1,1198516,kernel-bigmem,https://www.suse.com/security/cve/CVE-2022-1353,"A vulnerability was found in the pfkey_register function in net/key/af_key.c in the Linux kernel. This flaw allows a local, unprivileged user to gain access to kernel memory, leading to a system crash or a leak of internal kernel information.",Released
20220415,CVE-2022-1353,6.1,7.1,1198516,kernel-default,https://www.suse.com/security/cve/CVE-2022-1353,"A vulnerability was found in the pfkey_register function in net/key/af_key.c in the Linux kernel. This flaw allows a local, unprivileged user to gain access to kernel memory, leading to a system crash or a leak of internal kernel information.",Released
20220415,CVE-2022-1353,6.1,7.1,1198516,kernel-ec2,https://www.suse.com/security/cve/CVE-2022-1353,"A vulnerability was found in the pfkey_register function in net/key/af_key.c in the Linux kernel. This flaw allows a local, unprivileged user to gain access to kernel memory, leading to a system crash or a leak of internal kernel information.",Released
20220415,CVE-2022-1353,6.1,7.1,1198516,kernel-pae,https://www.suse.com/security/cve/CVE-2022-1353,"A vulnerability was found in the pfkey_register function in net/key/af_key.c in the Linux kernel. This flaw allows a local, unprivileged user to gain access to kernel memory, leading to a system crash or a leak of internal kernel information.",Released
20220415,CVE-2022-1353,6.1,7.1,1198516,kernel-ppc64,https://www.suse.com/security/cve/CVE-2022-1353,"A vulnerability was found in the pfkey_register function in net/key/af_key.c in the Linux kernel. This flaw allows a local, unprivileged user to gain access to kernel memory, leading to a system crash or a leak of internal kernel information.",Released
20220415,CVE-2022-1353,6.1,7.1,1198516,kernel-source,https://www.suse.com/security/cve/CVE-2022-1353,"A vulnerability was found in the pfkey_register function in net/key/af_key.c in the Linux kernel. This flaw allows a local, unprivileged user to gain access to kernel memory, leading to a system crash or a leak of internal kernel information.",Released
20220415,CVE-2022-1353,6.1,7.1,1198516,kernel-syms,https://www.suse.com/security/cve/CVE-2022-1353,"A vulnerability was found in the pfkey_register function in net/key/af_key.c in the Linux kernel. This flaw allows a local, unprivileged user to gain access to kernel memory, leading to a system crash or a leak of internal kernel information.",Released
20220415,CVE-2022-1353,6.1,7.1,1198516,kernel-trace,https://www.suse.com/security/cve/CVE-2022-1353,"A vulnerability was found in the pfkey_register function in net/key/af_key.c in the Linux kernel. This flaw allows a local, unprivileged user to gain access to kernel memory, leading to a system crash or a leak of internal kernel information.",Released
20220415,CVE-2022-1353,6.1,7.1,1198516,kernel-xen,https://www.suse.com/security/cve/CVE-2022-1353,"A vulnerability was found in the pfkey_register function in net/key/af_key.c in the Linux kernel. This flaw allows a local, unprivileged user to gain access to kernel memory, leading to a system crash or a leak of internal kernel information.",Released
20220419,CVE-2022-1184,5.5,5.5,1198577,kernel-source,https://www.suse.com/security/cve/CVE-2022-1184,"A use-after-free flaw was found in fs/ext4/namei.c:dx_insert_block() in the Linux kernel’s filesystem sub-component. This flaw allows a local attacker with a user privilege to cause a denial of service.",Unsupported
20220419,CVE-2022-22576,5.3,8.1,1198614,curl,https://www.suse.com/security/cve/CVE-2022-22576,"An improper authentication vulnerability exists in curl 7.33.0 to and including 7.82.0 which might allow reuse OAUTH2-authenticated connections without properly making sure that the connection was authenticated with the same credentials as set for this transfer. This affects SASL-enabled protocols: SMPTP(S), IMAP(S), POP3(S) and LDAP(S) (openldap only).",Released
20220419,CVE-2022-27774,6.2,5.7,1198608,curl,https://www.suse.com/security/cve/CVE-2022-27774,"An insufficiently protected credentials vulnerability exists in curl 4.9 to and include curl 7.82.0 are affected that could allow an attacker to extract credentials when follows HTTP(S) redirects is used with authentication could leak credentials to other services that exist on different protocols or port numbers.",Unsupported
20220422,CVE-2022-27776,4.3,6.5,1198766,curl,https://www.suse.com/security/cve/CVE-2022-27776,"A insufficiently protected credentials vulnerability in fixed in curl 7.83.0 might leak authentication or cookie header data on HTTP redirects to the same host but another port number.",Released
20220425,CVE-2022-1462,6.3,6.3,1198829,kernel-bigmem,https://www.suse.com/security/cve/CVE-2022-1462,"An out-of-bounds read flaw was found in the Linux kernel’s TeleTYpe subsystem. The issue occurs in how a user triggers a race condition using ioctls TIOCSPTLCK and TIOCGPTPEER and TIOCSTI and TCXONC with leakage of memory in the flush_to_ldisc function. This flaw allows a local user to crash the system or read unauthorized random data from memory.",Released
20220425,CVE-2022-1462,6.3,6.3,1198829,kernel-default,https://www.suse.com/security/cve/CVE-2022-1462,"An out-of-bounds read flaw was found in the Linux kernel’s TeleTYpe subsystem. The issue occurs in how a user triggers a race condition using ioctls TIOCSPTLCK and TIOCGPTPEER and TIOCSTI and TCXONC with leakage of memory in the flush_to_ldisc function. This flaw allows a local user to crash the system or read unauthorized random data from memory.",Released
20220425,CVE-2022-1462,6.3,6.3,1198829,kernel-ec2,https://www.suse.com/security/cve/CVE-2022-1462,"An out-of-bounds read flaw was found in the Linux kernel’s TeleTYpe subsystem. The issue occurs in how a user triggers a race condition using ioctls TIOCSPTLCK and TIOCGPTPEER and TIOCSTI and TCXONC with leakage of memory in the flush_to_ldisc function. This flaw allows a local user to crash the system or read unauthorized random data from memory.",Released
20220425,CVE-2022-1462,6.3,6.3,1198829,kernel-pae,https://www.suse.com/security/cve/CVE-2022-1462,"An out-of-bounds read flaw was found in the Linux kernel’s TeleTYpe subsystem. The issue occurs in how a user triggers a race condition using ioctls TIOCSPTLCK and TIOCGPTPEER and TIOCSTI and TCXONC with leakage of memory in the flush_to_ldisc function. This flaw allows a local user to crash the system or read unauthorized random data from memory.",Released
20220425,CVE-2022-1462,6.3,6.3,1198829,kernel-ppc64,https://www.suse.com/security/cve/CVE-2022-1462,"An out-of-bounds read flaw was found in the Linux kernel’s TeleTYpe subsystem. The issue occurs in how a user triggers a race condition using ioctls TIOCSPTLCK and TIOCGPTPEER and TIOCSTI and TCXONC with leakage of memory in the flush_to_ldisc function. This flaw allows a local user to crash the system or read unauthorized random data from memory.",Released
20220425,CVE-2022-1462,6.3,6.3,1198829,kernel-source,https://www.suse.com/security/cve/CVE-2022-1462,"An out-of-bounds read flaw was found in the Linux kernel’s TeleTYpe subsystem. The issue occurs in how a user triggers a race condition using ioctls TIOCSPTLCK and TIOCGPTPEER and TIOCSTI and TCXONC with leakage of memory in the flush_to_ldisc function. This flaw allows a local user to crash the system or read unauthorized random data from memory.",Released
20220425,CVE-2022-1462,6.3,6.3,1198829,kernel-syms,https://www.suse.com/security/cve/CVE-2022-1462,"An out-of-bounds read flaw was found in the Linux kernel’s TeleTYpe subsystem. The issue occurs in how a user triggers a race condition using ioctls TIOCSPTLCK and TIOCGPTPEER and TIOCSTI and TCXONC with leakage of memory in the flush_to_ldisc function. This flaw allows a local user to crash the system or read unauthorized random data from memory.",Released
20220425,CVE-2022-1462,6.3,6.3,1198829,kernel-trace,https://www.suse.com/security/cve/CVE-2022-1462,"An out-of-bounds read flaw was found in the Linux kernel’s TeleTYpe subsystem. The issue occurs in how a user triggers a race condition using ioctls TIOCSPTLCK and TIOCGPTPEER and TIOCSTI and TCXONC with leakage of memory in the flush_to_ldisc function. This flaw allows a local user to crash the system or read unauthorized random data from memory.",Released
20220425,CVE-2022-1462,6.3,6.3,1198829,kernel-xen,https://www.suse.com/security/cve/CVE-2022-1462,"An out-of-bounds read flaw was found in the Linux kernel’s TeleTYpe subsystem. The issue occurs in how a user triggers a race condition using ioctls TIOCSPTLCK and TIOCGPTPEER and TIOCSTI and TCXONC with leakage of memory in the flush_to_ldisc function. This flaw allows a local user to crash the system or read unauthorized random data from memory.",Released
20220425,CVE-2022-27406,5.5,7.5,1198823,freetype2,https://www.suse.com/security/cve/CVE-2022-27406,"FreeType commit 22a0cccb4d9d002f33c1ba7a4b36812c7d4f46b5 was discovered to contain a segmentation violation via the function FT_Request_Size.",Won't fix
20220428,CVE-2022-29869,4.3,5.3,1198976,cifs-utils,https://www.suse.com/security/cve/CVE-2022-29869,"cifs-utils through 6.14, with verbose logging, can cause an information leak when a file contains = (equal sign) characters but is not a valid credentials file.",Unsupported
20220502,CVE-2022-23037,7.5,7,1199099,kernel-source,https://www.suse.com/security/cve/CVE-2022-23037,"Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access rights of the backends in ways being subject to race conditions, resulting in potential data leaks, data corruption by malicious backends, and denial of service triggered by malicious backends: blkfront, netfront, scsifront and the gntalloc driver are testing whether a grant reference is still in use. If this is not the case, they assume that a following removal of the granted access will always succeed, which is not true in case the backend has mapped the granted page between those two operations. As a result the backend can keep access to the memory page of the guest no matter how the page will be used after the frontend I/O has finished. The xenbus driver has a similar problem, as it doesn't check the success of removing the granted access of a shared ring buffer. blkfront: CVE-2022-23036 netfront: CVE-2022-23037 scsifront: CVE-2022-23038 gntalloc: CVE-2022-23039 xenbus: CVE-2022-23040 blkfront, netfront, scsifront, usbfront, dmabuf, xenbus, 9p, kbdfront, and pvcalls are using a functionality to delay freeing a grant reference until it is no longer in use, but the freeing of the related data page is not synchronized with dropping the granted access. As a result the backend can keep access to the memory page even after it has been freed and then re-used for a different purpose. CVE-2022-23041 netfront will fail a BUG_ON() assertion if it fails to revoke access in the rx path. This will result in a Denial of Service (DoS) situation of the guest which can be triggered by the backend. CVE-2022-23042",Unsupported
20220502,CVE-2022-23038,7.5,7,1199099,kernel-source,https://www.suse.com/security/cve/CVE-2022-23038,"Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access rights of the backends in ways being subject to race conditions, resulting in potential data leaks, data corruption by malicious backends, and denial of service triggered by malicious backends: blkfront, netfront, scsifront and the gntalloc driver are testing whether a grant reference is still in use. If this is not the case, they assume that a following removal of the granted access will always succeed, which is not true in case the backend has mapped the granted page between those two operations. As a result the backend can keep access to the memory page of the guest no matter how the page will be used after the frontend I/O has finished. The xenbus driver has a similar problem, as it doesn't check the success of removing the granted access of a shared ring buffer. blkfront: CVE-2022-23036 netfront: CVE-2022-23037 scsifront: CVE-2022-23038 gntalloc: CVE-2022-23039 xenbus: CVE-2022-23040 blkfront, netfront, scsifront, usbfront, dmabuf, xenbus, 9p, kbdfront, and pvcalls are using a functionality to delay freeing a grant reference until it is no longer in use, but the freeing of the related data page is not synchronized with dropping the granted access. As a result the backend can keep access to the memory page even after it has been freed and then re-used for a different purpose. CVE-2022-23041 netfront will fail a BUG_ON() assertion if it fails to revoke access in the rx path. This will result in a Denial of Service (DoS) situation of the guest which can be triggered by the backend. CVE-2022-23042",Unsupported
20220502,CVE-2022-23039,7.5,7,1199099,kernel-source,https://www.suse.com/security/cve/CVE-2022-23039,"Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access rights of the backends in ways being subject to race conditions, resulting in potential data leaks, data corruption by malicious backends, and denial of service triggered by malicious backends: blkfront, netfront, scsifront and the gntalloc driver are testing whether a grant reference is still in use. If this is not the case, they assume that a following removal of the granted access will always succeed, which is not true in case the backend has mapped the granted page between those two operations. As a result the backend can keep access to the memory page of the guest no matter how the page will be used after the frontend I/O has finished. The xenbus driver has a similar problem, as it doesn't check the success of removing the granted access of a shared ring buffer. blkfront: CVE-2022-23036 netfront: CVE-2022-23037 scsifront: CVE-2022-23038 gntalloc: CVE-2022-23039 xenbus: CVE-2022-23040 blkfront, netfront, scsifront, usbfront, dmabuf, xenbus, 9p, kbdfront, and pvcalls are using a functionality to delay freeing a grant reference until it is no longer in use, but the freeing of the related data page is not synchronized with dropping the granted access. As a result the backend can keep access to the memory page even after it has been freed and then re-used for a different purpose. CVE-2022-23041 netfront will fail a BUG_ON() assertion if it fails to revoke access in the rx path. This will result in a Denial of Service (DoS) situation of the guest which can be triggered by the backend. CVE-2022-23042",Unsupported
20220502,CVE-2022-23040,7.5,7,1199099,kernel-source,https://www.suse.com/security/cve/CVE-2022-23040,"Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access rights of the backends in ways being subject to race conditions, resulting in potential data leaks, data corruption by malicious backends, and denial of service triggered by malicious backends: blkfront, netfront, scsifront and the gntalloc driver are testing whether a grant reference is still in use. If this is not the case, they assume that a following removal of the granted access will always succeed, which is not true in case the backend has mapped the granted page between those two operations. As a result the backend can keep access to the memory page of the guest no matter how the page will be used after the frontend I/O has finished. The xenbus driver has a similar problem, as it doesn't check the success of removing the granted access of a shared ring buffer. blkfront: CVE-2022-23036 netfront: CVE-2022-23037 scsifront: CVE-2022-23038 gntalloc: CVE-2022-23039 xenbus: CVE-2022-23040 blkfront, netfront, scsifront, usbfront, dmabuf, xenbus, 9p, kbdfront, and pvcalls are using a functionality to delay freeing a grant reference until it is no longer in use, but the freeing of the related data page is not synchronized with dropping the granted access. As a result the backend can keep access to the memory page even after it has been freed and then re-used for a different purpose. CVE-2022-23041 netfront will fail a BUG_ON() assertion if it fails to revoke access in the rx path. This will result in a Denial of Service (DoS) situation of the guest which can be triggered by the backend. CVE-2022-23042",Unsupported
20220502,CVE-2022-23041,7.5,7,1199099,kernel-source,https://www.suse.com/security/cve/CVE-2022-23041,"Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access rights of the backends in ways being subject to race conditions, resulting in potential data leaks, data corruption by malicious backends, and denial of service triggered by malicious backends: blkfront, netfront, scsifront and the gntalloc driver are testing whether a grant reference is still in use. If this is not the case, they assume that a following removal of the granted access will always succeed, which is not true in case the backend has mapped the granted page between those two operations. As a result the backend can keep access to the memory page of the guest no matter how the page will be used after the frontend I/O has finished. The xenbus driver has a similar problem, as it doesn't check the success of removing the granted access of a shared ring buffer. blkfront: CVE-2022-23036 netfront: CVE-2022-23037 scsifront: CVE-2022-23038 gntalloc: CVE-2022-23039 xenbus: CVE-2022-23040 blkfront, netfront, scsifront, usbfront, dmabuf, xenbus, 9p, kbdfront, and pvcalls are using a functionality to delay freeing a grant reference until it is no longer in use, but the freeing of the related data page is not synchronized with dropping the granted access. As a result the backend can keep access to the memory page even after it has been freed and then re-used for a different purpose. CVE-2022-23041 netfront will fail a BUG_ON() assertion if it fails to revoke access in the rx path. This will result in a Denial of Service (DoS) situation of the guest which can be triggered by the backend. CVE-2022-23042",Unsupported
20220502,CVE-2022-23042,7.5,7,1199099,kernel-source,https://www.suse.com/security/cve/CVE-2022-23042,"Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access rights of the backends in ways being subject to race conditions, resulting in potential data leaks, data corruption by malicious backends, and denial of service triggered by malicious backends: blkfront, netfront, scsifront and the gntalloc driver are testing whether a grant reference is still in use. If this is not the case, they assume that a following removal of the granted access will always succeed, which is not true in case the backend has mapped the granted page between those two operations. As a result the backend can keep access to the memory page of the guest no matter how the page will be used after the frontend I/O has finished. The xenbus driver has a similar problem, as it doesn't check the success of removing the granted access of a shared ring buffer. blkfront: CVE-2022-23036 netfront: CVE-2022-23037 scsifront: CVE-2022-23038 gntalloc: CVE-2022-23039 xenbus: CVE-2022-23040 blkfront, netfront, scsifront, usbfront, dmabuf, xenbus, 9p, kbdfront, and pvcalls are using a functionality to delay freeing a grant reference until it is no longer in use, but the freeing of the related data page is not synchronized with dropping the granted access. As a result the backend can keep access to the memory page even after it has been freed and then re-used for a different purpose. CVE-2022-23041 netfront will fail a BUG_ON() assertion if it fails to revoke access in the rx path. This will result in a Denial of Service (DoS) situation of the guest which can be triggered by the backend. CVE-2022-23042",Unsupported
20220503,CVE-2022-1292,6.7,9.8,1199166,openssl,https://www.suse.com/security/cve/CVE-2022-1292,"The c_rehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2). Fixed in OpenSSL 1.1.1o (Affected 1.1.1-1.1.1n). Fixed in OpenSSL 1.0.2ze (Affected 1.0.2-1.0.2zd).",Released
20220503,CVE-2022-29824,7.8,6.5,1199132,libxml2,https://www.suse.com/security/cve/CVE-2022-29824,"In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don't check for integer overflows. This can result in out-of-bounds memory writes. Exploitation requires a victim to open a crafted, multi-gigabyte XML file. Other software using libxml2's buffer functions, for example libxslt through 1.1.35, is affected as well.",Released
20220505,CVE-2022-20770,6.5,8.6,1199242,clamav,https://www.suse.com/security/cve/CVE-2022-20770,"On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in CHM file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. For a description of this vulnerability, see the ClamAV blog. This advisory will be updated as additional information becomes available.",Released
20220505,CVE-2022-20771,7.5,7.5,1199244,clamav,https://www.suse.com/security/cve/CVE-2022-20771,"On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in the TIFF file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. For a description of this vulnerability, see the ClamAV blog. This advisory will be updated as additional information becomes available.",Released
20220505,CVE-2022-20785,7.5,7.5,1199245,clamav,https://www.suse.com/security/cve/CVE-2022-20785,"On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in HTML file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. For a description of this vulnerability, see the ClamAV blog. This advisory will be updated as additional information becomes available.",Released
20220505,CVE-2022-20796,7.5,6.5,1199246,clamav,https://www.suse.com/security/cve/CVE-2022-20796,"On May 4, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in Clam AntiVirus (ClamAV) versions 0.103.4, 0.103.5, 0.104.1, and 0.104.2 could allow an authenticated, local attacker to cause a denial of service condition on an affected device. For a description of this vulnerability, see the ClamAV blog.",Released
20220505,CVE-2022-27781,3.7,7.5,1199223,curl,https://www.suse.com/security/cve/CVE-2022-27781,"libcurl provides the `CURLOPT_CERTINFO` option to allow applications torequest details to be returned about a server's certificate chain.Due to an erroneous function, a malicious server could make libcurl built withNSS get stuck in a never-ending busy-loop when trying to retrieve thatinformation.",Released
20220505,CVE-2022-27782,7.5,7.5,1199224,curl,https://www.suse.com/security/cve/CVE-2022-27782,"libcurl would reuse a previously created connection even when a TLS or SSHrelated option had been changed that should have prohibited reuse.libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse if one of them matches the setup. However, several TLS andSSH settings were left out from the configuration match checks, making themmatch too easily.",Released
20220505,CVE-2022-29155,9.4,9.8,1199240,openldap2,https://www.suse.com/security/cve/CVE-2022-29155,"In OpenLDAP 2.x before 2.5.12 and 2.6.x before 2.6.2, a SQL injection vulnerability exists in the experimental back-sql backend to slapd, via a SQL statement within an LDAP query. This can occur during an LDAP search operation when the search filter is processed, due to a lack of proper escaping.",Released
20220506,CVE-2022-20792,7.8,7.8,1199274,clamav,https://www.suse.com/security/cve/CVE-2022-20792,"A vulnerability in the regex module used by the signature database load module of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an authenticated, local attacker to crash ClamAV at database load time, and possibly gain code execution. The vulnerability is due to improper bounds checking that may result in a multi-byte heap buffer overwflow write. An attacker could exploit this vulnerability by placing a crafted CDB ClamAV signature database file in the ClamAV database directory. An exploit could allow the attacker to run code as the clamav user.",Released
20220509,CVE-2022-1620,3.3,6.6,1199334,vim,https://www.suse.com/security/cve/CVE-2022-1620,"NULL Pointer Dereference in function vim_regexec_string at regexp.c:2729 in GitHub repository vim/vim prior to 8.2.4901. NULL Pointer Dereference in function vim_regexec_string at regexp.c:2729 allows attackers to cause a denial of service (application crash) via a crafted input.",Won't fix
20220509,CVE-2022-28463,5.5,7.8,1199350,ImageMagick,https://www.suse.com/security/cve/CVE-2022-28463,"ImageMagick 7.1.0-27 is vulnerable to Buffer Overflow.",Released
20220509,CVE-2022-30333,6.6,7.5,1199349,unrar,https://www.suse.com/security/cve/CVE-2022-30333,"RARLAB UnRAR before 6.12 on Linux and UNIX allows directory traversal to write to files during an extract (aka unpack) operation, as demonstrated by creating a ~/.ssh/authorized_keys file. NOTE: WinRAR and Android RAR are unaffected.",Released
20220510,CVE-2022-1652,7,7.8,1199063,kernel-bigmem,https://www.suse.com/security/cve/CVE-2022-1652,"Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a concurrency use-after-free flaw in the bad_flp_intr function. By executing a specially-crafted program, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system.",Released
20220510,CVE-2022-1652,7,7.8,1199063,kernel-default,https://www.suse.com/security/cve/CVE-2022-1652,"Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a concurrency use-after-free flaw in the bad_flp_intr function. By executing a specially-crafted program, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system.",Released
20220510,CVE-2022-1652,7,7.8,1199063,kernel-ec2,https://www.suse.com/security/cve/CVE-2022-1652,"Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a concurrency use-after-free flaw in the bad_flp_intr function. By executing a specially-crafted program, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system.",Released
20220510,CVE-2022-1652,7,7.8,1199063,kernel-pae,https://www.suse.com/security/cve/CVE-2022-1652,"Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a concurrency use-after-free flaw in the bad_flp_intr function. By executing a specially-crafted program, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system.",Released
20220510,CVE-2022-1652,7,7.8,1199063,kernel-ppc64,https://www.suse.com/security/cve/CVE-2022-1652,"Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a concurrency use-after-free flaw in the bad_flp_intr function. By executing a specially-crafted program, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system.",Released
20220510,CVE-2022-1652,7,7.8,1199063,kernel-source,https://www.suse.com/security/cve/CVE-2022-1652,"Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a concurrency use-after-free flaw in the bad_flp_intr function. By executing a specially-crafted program, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system.",Released
20220510,CVE-2022-1652,7,7.8,1199063,kernel-syms,https://www.suse.com/security/cve/CVE-2022-1652,"Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a concurrency use-after-free flaw in the bad_flp_intr function. By executing a specially-crafted program, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system.",Released
20220510,CVE-2022-1652,7,7.8,1199063,kernel-trace,https://www.suse.com/security/cve/CVE-2022-1652,"Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a concurrency use-after-free flaw in the bad_flp_intr function. By executing a specially-crafted program, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system.",Released
20220510,CVE-2022-1652,7,7.8,1199063,kernel-xen,https://www.suse.com/security/cve/CVE-2022-1652,"Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a concurrency use-after-free flaw in the bad_flp_intr function. By executing a specially-crafted program, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system.",Released
20220511,CVE-2022-1247,7,7,1199434,kernel-source,https://www.suse.com/security/cve/CVE-2022-1247,"An issue found in linux-kernel that leads to a race condition in rose_connect(). The rose driver uses rose_neigh->use to represent how many objects are using the rose_neigh. When a user wants to delete a rose_route via rose_ioctl(), the rose driver calls rose_del_node() and removes neighbours only if their “count” and “use” are zero.",Won't fix
20220511,CVE-2022-21151,5.3,5.5,1199423,microcode_ctl,https://www.suse.com/security/cve/CVE-2022-21151,"Processor optimization removal or modification of security-critical code for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.",Released
20220511,CVE-2022-21499,8.4,6.7,1199426,kernel-bigmem,https://www.suse.com/security/cve/CVE-2022-21499,"KGDB and KDB allow read and write access to kernel memory, and thus should be restricted during lockdown. An attacker with access to a serial port could trigger the debugger so it is important that the debugger respect the lockdown mode when/if it is triggered. CVSS 3.1 Base Score 6.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).",Released
20220511,CVE-2022-21499,8.4,6.7,1199426,kernel-default,https://www.suse.com/security/cve/CVE-2022-21499,"KGDB and KDB allow read and write access to kernel memory, and thus should be restricted during lockdown. An attacker with access to a serial port could trigger the debugger so it is important that the debugger respect the lockdown mode when/if it is triggered. CVSS 3.1 Base Score 6.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).",Released
20220511,CVE-2022-21499,8.4,6.7,1199426,kernel-ec2,https://www.suse.com/security/cve/CVE-2022-21499,"KGDB and KDB allow read and write access to kernel memory, and thus should be restricted during lockdown. An attacker with access to a serial port could trigger the debugger so it is important that the debugger respect the lockdown mode when/if it is triggered. CVSS 3.1 Base Score 6.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).",Released
20220511,CVE-2022-21499,8.4,6.7,1199426,kernel-pae,https://www.suse.com/security/cve/CVE-2022-21499,"KGDB and KDB allow read and write access to kernel memory, and thus should be restricted during lockdown. An attacker with access to a serial port could trigger the debugger so it is important that the debugger respect the lockdown mode when/if it is triggered. CVSS 3.1 Base Score 6.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).",Released
20220511,CVE-2022-21499,8.4,6.7,1199426,kernel-ppc64,https://www.suse.com/security/cve/CVE-2022-21499,"KGDB and KDB allow read and write access to kernel memory, and thus should be restricted during lockdown. An attacker with access to a serial port could trigger the debugger so it is important that the debugger respect the lockdown mode when/if it is triggered. CVSS 3.1 Base Score 6.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).",Released
20220511,CVE-2022-21499,8.4,6.7,1199426,kernel-source,https://www.suse.com/security/cve/CVE-2022-21499,"KGDB and KDB allow read and write access to kernel memory, and thus should be restricted during lockdown. An attacker with access to a serial port could trigger the debugger so it is important that the debugger respect the lockdown mode when/if it is triggered. CVSS 3.1 Base Score 6.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).",Released
20220511,CVE-2022-21499,8.4,6.7,1199426,kernel-syms,https://www.suse.com/security/cve/CVE-2022-21499,"KGDB and KDB allow read and write access to kernel memory, and thus should be restricted during lockdown. An attacker with access to a serial port could trigger the debugger so it is important that the debugger respect the lockdown mode when/if it is triggered. CVSS 3.1 Base Score 6.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).",Released
20220511,CVE-2022-21499,8.4,6.7,1199426,kernel-trace,https://www.suse.com/security/cve/CVE-2022-21499,"KGDB and KDB allow read and write access to kernel memory, and thus should be restricted during lockdown. An attacker with access to a serial port could trigger the debugger so it is important that the debugger respect the lockdown mode when/if it is triggered. CVSS 3.1 Base Score 6.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).",Released
20220511,CVE-2022-21499,8.4,6.7,1199426,kernel-xen,https://www.suse.com/security/cve/CVE-2022-21499,"KGDB and KDB allow read and write access to kernel memory, and thus should be restricted during lockdown. An attacker with access to a serial port could trigger the debugger so it is important that the debugger respect the lockdown mode when/if it is triggered. CVSS 3.1 Base Score 6.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).",Released
20220512,CVE-2022-1679,7,7.8,1199487,kernel-bigmem,https://www.suse.com/security/cve/CVE-2022-1679,"A use-after-free flaw was found in the Linux kernel’s Atheros wireless adapter driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages. This flaw allows a local user to crash or potentially escalate their privileges on the system.",Released
20220512,CVE-2022-1679,7,7.8,1199487,kernel-default,https://www.suse.com/security/cve/CVE-2022-1679,"A use-after-free flaw was found in the Linux kernel’s Atheros wireless adapter driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages. This flaw allows a local user to crash or potentially escalate their privileges on the system.",Released
20220512,CVE-2022-1679,7,7.8,1199487,kernel-ec2,https://www.suse.com/security/cve/CVE-2022-1679,"A use-after-free flaw was found in the Linux kernel’s Atheros wireless adapter driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages. This flaw allows a local user to crash or potentially escalate their privileges on the system.",Released
20220512,CVE-2022-1679,7,7.8,1199487,kernel-pae,https://www.suse.com/security/cve/CVE-2022-1679,"A use-after-free flaw was found in the Linux kernel’s Atheros wireless adapter driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages. This flaw allows a local user to crash or potentially escalate their privileges on the system.",Released
20220512,CVE-2022-1679,7,7.8,1199487,kernel-ppc64,https://www.suse.com/security/cve/CVE-2022-1679,"A use-after-free flaw was found in the Linux kernel’s Atheros wireless adapter driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages. This flaw allows a local user to crash or potentially escalate their privileges on the system.",Released
20220512,CVE-2022-1679,7,7.8,1199487,kernel-source,https://www.suse.com/security/cve/CVE-2022-1679,"A use-after-free flaw was found in the Linux kernel’s Atheros wireless adapter driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages. This flaw allows a local user to crash or potentially escalate their privileges on the system.",Released
20220512,CVE-2022-1679,7,7.8,1199487,kernel-syms,https://www.suse.com/security/cve/CVE-2022-1679,"A use-after-free flaw was found in the Linux kernel’s Atheros wireless adapter driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages. This flaw allows a local user to crash or potentially escalate their privileges on the system.",Released
20220512,CVE-2022-1679,7,7.8,1199487,kernel-trace,https://www.suse.com/security/cve/CVE-2022-1679,"A use-after-free flaw was found in the Linux kernel’s Atheros wireless adapter driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages. This flaw allows a local user to crash or potentially escalate their privileges on the system.",Released
20220512,CVE-2022-1679,7,7.8,1199487,kernel-xen,https://www.suse.com/security/cve/CVE-2022-1679,"A use-after-free flaw was found in the Linux kernel’s Atheros wireless adapter driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages. This flaw allows a local user to crash or potentially escalate their privileges on the system.",Released
20220518,CVE-2022-1733,3.3,6.6,1199655,vim,https://www.suse.com/security/cve/CVE-2022-1733,"Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.4968.",Unsupported
20220518,CVE-2022-1735,5.3,6.6,1199651,vim,https://www.suse.com/security/cve/CVE-2022-1735,"Classic Buffer Overflow in GitHub repository vim/vim prior to 8.2.4969.",Unsupported
20220518,CVE-2022-29900,4.7,6.5,1199657,kernel-bigmem,https://www.suse.com/security/cve/CVE-2022-29900,"Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions.",Released
20220518,CVE-2022-29900,4.7,6.5,1199657,kernel-default,https://www.suse.com/security/cve/CVE-2022-29900,"Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions.",Released
20220518,CVE-2022-29900,4.7,6.5,1199657,kernel-ec2,https://www.suse.com/security/cve/CVE-2022-29900,"Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions.",Released
20220518,CVE-2022-29900,4.7,6.5,1199657,kernel-pae,https://www.suse.com/security/cve/CVE-2022-29900,"Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions.",Released
20220518,CVE-2022-29900,4.7,6.5,1199657,kernel-ppc64,https://www.suse.com/security/cve/CVE-2022-29900,"Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions.",Released
20220518,CVE-2022-29900,4.7,6.5,1199657,kernel-source,https://www.suse.com/security/cve/CVE-2022-29900,"Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions.",Released
20220518,CVE-2022-29900,4.7,6.5,1199657,kernel-syms,https://www.suse.com/security/cve/CVE-2022-29900,"Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions.",Released
20220518,CVE-2022-29900,4.7,6.5,1199657,kernel-trace,https://www.suse.com/security/cve/CVE-2022-29900,"Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions.",Released
20220518,CVE-2022-29900,4.7,6.5,1199657,kernel-xen,https://www.suse.com/security/cve/CVE-2022-29900,"Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions.",Released
20220519,CVE-2022-1771,3.3,5.5,1199693,vim,https://www.suse.com/security/cve/CVE-2022-1771,"Uncontrolled Recursion in GitHub repository vim/vim prior to 8.2.4975.",Unsupported
20220520,CVE-2022-1785,3.3,7.3,1199745,vim,https://www.suse.com/security/cve/CVE-2022-1785,"Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.4977.",Unsupported
20220520,CVE-2022-1796,5.5,6.6,1199747,vim,https://www.suse.com/security/cve/CVE-2022-1796,"Use After Free in GitHub repository vim/vim prior to 8.2.4979.",Unsupported
20220520,CVE-2022-30065,6.2,7.8,1199744,busybox,https://www.suse.com/security/cve/CVE-2022-30065,"A use-after-free in Busybox 1.35-x's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the copyvar function.",Won't fix
20220522,CVE-2022-21123,6.1,5.5,1199650,kernel-bigmem,https://www.suse.com/security/cve/CVE-2022-21123,"Incomplete cleanup of multi-core shared buffers for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.",Released
20220522,CVE-2022-21123,6.1,5.5,1199650,kernel-default,https://www.suse.com/security/cve/CVE-2022-21123,"Incomplete cleanup of multi-core shared buffers for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.",Released
20220522,CVE-2022-21123,6.1,5.5,1199650,kernel-ec2,https://www.suse.com/security/cve/CVE-2022-21123,"Incomplete cleanup of multi-core shared buffers for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.",Released
20220522,CVE-2022-21123,6.1,5.5,1199650,kernel-pae,https://www.suse.com/security/cve/CVE-2022-21123,"Incomplete cleanup of multi-core shared buffers for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.",Released
20220522,CVE-2022-21123,6.1,5.5,1199650,kernel-ppc64,https://www.suse.com/security/cve/CVE-2022-21123,"Incomplete cleanup of multi-core shared buffers for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.",Released
20220522,CVE-2022-21123,6.1,5.5,1199650,kernel-source,https://www.suse.com/security/cve/CVE-2022-21123,"Incomplete cleanup of multi-core shared buffers for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.",Released
20220522,CVE-2022-21123,6.1,5.5,1199650,kernel-syms,https://www.suse.com/security/cve/CVE-2022-21123,"Incomplete cleanup of multi-core shared buffers for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.",Released
20220522,CVE-2022-21123,6.1,5.5,1199650,kernel-trace,https://www.suse.com/security/cve/CVE-2022-21123,"Incomplete cleanup of multi-core shared buffers for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.",Released
20220522,CVE-2022-21123,6.1,5.5,1199650,kernel-xen,https://www.suse.com/security/cve/CVE-2022-21123,"Incomplete cleanup of multi-core shared buffers for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.",Released
20220522,CVE-2022-21125,5.6,5.5,1199650,kernel-bigmem,https://www.suse.com/security/cve/CVE-2022-21125,"Incomplete cleanup of microarchitectural fill buffers on some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.",Released
20220522,CVE-2022-21125,5.6,5.5,1199650,kernel-default,https://www.suse.com/security/cve/CVE-2022-21125,"Incomplete cleanup of microarchitectural fill buffers on some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.",Released
20220522,CVE-2022-21125,5.6,5.5,1199650,kernel-ec2,https://www.suse.com/security/cve/CVE-2022-21125,"Incomplete cleanup of microarchitectural fill buffers on some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.",Released
20220522,CVE-2022-21125,5.6,5.5,1199650,kernel-pae,https://www.suse.com/security/cve/CVE-2022-21125,"Incomplete cleanup of microarchitectural fill buffers on some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.",Released
20220522,CVE-2022-21125,5.6,5.5,1199650,kernel-ppc64,https://www.suse.com/security/cve/CVE-2022-21125,"Incomplete cleanup of microarchitectural fill buffers on some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.",Released
20220522,CVE-2022-21125,5.6,5.5,1199650,kernel-source,https://www.suse.com/security/cve/CVE-2022-21125,"Incomplete cleanup of microarchitectural fill buffers on some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.",Released
20220522,CVE-2022-21125,5.6,5.5,1199650,kernel-syms,https://www.suse.com/security/cve/CVE-2022-21125,"Incomplete cleanup of microarchitectural fill buffers on some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.",Released
20220522,CVE-2022-21125,5.6,5.5,1199650,kernel-trace,https://www.suse.com/security/cve/CVE-2022-21125,"Incomplete cleanup of microarchitectural fill buffers on some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.",Released
20220522,CVE-2022-21125,5.6,5.5,1199650,kernel-xen,https://www.suse.com/security/cve/CVE-2022-21125,"Incomplete cleanup of microarchitectural fill buffers on some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.",Released
20220522,CVE-2022-21127,5.5,5.5,1199650,kernel-bigmem,https://www.suse.com/security/cve/CVE-2022-21127,"Incomplete cleanup in specific special register read operations for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.",Released
20220522,CVE-2022-21127,5.5,5.5,1199650,kernel-default,https://www.suse.com/security/cve/CVE-2022-21127,"Incomplete cleanup in specific special register read operations for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.",Released
20220522,CVE-2022-21127,5.5,5.5,1199650,kernel-ec2,https://www.suse.com/security/cve/CVE-2022-21127,"Incomplete cleanup in specific special register read operations for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.",Released
20220522,CVE-2022-21127,5.5,5.5,1199650,kernel-pae,https://www.suse.com/security/cve/CVE-2022-21127,"Incomplete cleanup in specific special register read operations for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.",Released
20220522,CVE-2022-21127,5.5,5.5,1199650,kernel-ppc64,https://www.suse.com/security/cve/CVE-2022-21127,"Incomplete cleanup in specific special register read operations for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.",Released
20220522,CVE-2022-21127,5.5,5.5,1199650,kernel-source,https://www.suse.com/security/cve/CVE-2022-21127,"Incomplete cleanup in specific special register read operations for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.",Released
20220522,CVE-2022-21127,5.5,5.5,1199650,kernel-syms,https://www.suse.com/security/cve/CVE-2022-21127,"Incomplete cleanup in specific special register read operations for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.",Released
20220522,CVE-2022-21127,5.5,5.5,1199650,kernel-trace,https://www.suse.com/security/cve/CVE-2022-21127,"Incomplete cleanup in specific special register read operations for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.",Released
20220522,CVE-2022-21127,5.5,5.5,1199650,kernel-xen,https://www.suse.com/security/cve/CVE-2022-21127,"Incomplete cleanup in specific special register read operations for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.",Released
20220522,CVE-2022-21166,5.5,5.5,1199650,kernel-bigmem,https://www.suse.com/security/cve/CVE-2022-21166,"Incomplete cleanup in specific special register write operations for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.",Released
20220522,CVE-2022-21166,5.5,5.5,1199650,kernel-default,https://www.suse.com/security/cve/CVE-2022-21166,"Incomplete cleanup in specific special register write operations for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.",Released
20220522,CVE-2022-21166,5.5,5.5,1199650,kernel-ec2,https://www.suse.com/security/cve/CVE-2022-21166,"Incomplete cleanup in specific special register write operations for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.",Released
20220522,CVE-2022-21166,5.5,5.5,1199650,kernel-pae,https://www.suse.com/security/cve/CVE-2022-21166,"Incomplete cleanup in specific special register write operations for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.",Released
20220522,CVE-2022-21166,5.5,5.5,1199650,kernel-ppc64,https://www.suse.com/security/cve/CVE-2022-21166,"Incomplete cleanup in specific special register write operations for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.",Released
20220522,CVE-2022-21166,5.5,5.5,1199650,kernel-source,https://www.suse.com/security/cve/CVE-2022-21166,"Incomplete cleanup in specific special register write operations for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.",Released
20220522,CVE-2022-21166,5.5,5.5,1199650,kernel-syms,https://www.suse.com/security/cve/CVE-2022-21166,"Incomplete cleanup in specific special register write operations for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.",Released
20220522,CVE-2022-21166,5.5,5.5,1199650,kernel-trace,https://www.suse.com/security/cve/CVE-2022-21166,"Incomplete cleanup in specific special register write operations for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.",Released
20220522,CVE-2022-21166,5.5,5.5,1199650,kernel-xen,https://www.suse.com/security/cve/CVE-2022-21166,"Incomplete cleanup in specific special register write operations for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.",Released
20220522,CVE-2022-21180,5.5,5.5,1199650,kernel-bigmem,https://www.suse.com/security/cve/CVE-2022-21180,"Improper input validation for some Intel(R) Processors may allow an authenticated user to potentially cause a denial of service via local access.",Released
20220522,CVE-2022-21180,5.5,5.5,1199650,kernel-default,https://www.suse.com/security/cve/CVE-2022-21180,"Improper input validation for some Intel(R) Processors may allow an authenticated user to potentially cause a denial of service via local access.",Released
20220522,CVE-2022-21180,5.5,5.5,1199650,kernel-ec2,https://www.suse.com/security/cve/CVE-2022-21180,"Improper input validation for some Intel(R) Processors may allow an authenticated user to potentially cause a denial of service via local access.",Released
20220522,CVE-2022-21180,5.5,5.5,1199650,kernel-pae,https://www.suse.com/security/cve/CVE-2022-21180,"Improper input validation for some Intel(R) Processors may allow an authenticated user to potentially cause a denial of service via local access.",Released
20220522,CVE-2022-21180,5.5,5.5,1199650,kernel-ppc64,https://www.suse.com/security/cve/CVE-2022-21180,"Improper input validation for some Intel(R) Processors may allow an authenticated user to potentially cause a denial of service via local access.",Released
20220522,CVE-2022-21180,5.5,5.5,1199650,kernel-source,https://www.suse.com/security/cve/CVE-2022-21180,"Improper input validation for some Intel(R) Processors may allow an authenticated user to potentially cause a denial of service via local access.",Released
20220522,CVE-2022-21180,5.5,5.5,1199650,kernel-syms,https://www.suse.com/security/cve/CVE-2022-21180,"Improper input validation for some Intel(R) Processors may allow an authenticated user to potentially cause a denial of service via local access.",Released
20220522,CVE-2022-21180,5.5,5.5,1199650,kernel-trace,https://www.suse.com/security/cve/CVE-2022-21180,"Improper input validation for some Intel(R) Processors may allow an authenticated user to potentially cause a denial of service via local access.",Released
20220522,CVE-2022-21180,5.5,5.5,1199650,kernel-xen,https://www.suse.com/security/cve/CVE-2022-21180,"Improper input validation for some Intel(R) Processors may allow an authenticated user to potentially cause a denial of service via local access.",Released
20220524,CVE-2022-1836,5.1,,1198866,kernel-bigmem,https://www.suse.com/security/cve/CVE-2022-1836,"** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2022-33981. Reason: This candidate is a reservation duplicate of CVE-2022-33981. Notes: All CVE users should reference CVE-2022-33981 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.",Released
20220524,CVE-2022-1836,5.1,,1198866,kernel-default,https://www.suse.com/security/cve/CVE-2022-1836,"** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2022-33981. Reason: This candidate is a reservation duplicate of CVE-2022-33981. Notes: All CVE users should reference CVE-2022-33981 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.",Released
20220524,CVE-2022-1836,5.1,,1198866,kernel-ec2,https://www.suse.com/security/cve/CVE-2022-1836,"** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2022-33981. Reason: This candidate is a reservation duplicate of CVE-2022-33981. Notes: All CVE users should reference CVE-2022-33981 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.",Released
20220524,CVE-2022-1836,5.1,,1198866,kernel-pae,https://www.suse.com/security/cve/CVE-2022-1836,"** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2022-33981. Reason: This candidate is a reservation duplicate of CVE-2022-33981. Notes: All CVE users should reference CVE-2022-33981 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.",Released
20220524,CVE-2022-1836,5.1,,1198866,kernel-ppc64,https://www.suse.com/security/cve/CVE-2022-1836,"** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2022-33981. Reason: This candidate is a reservation duplicate of CVE-2022-33981. Notes: All CVE users should reference CVE-2022-33981 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.",Released
20220524,CVE-2022-1836,5.1,,1198866,kernel-source,https://www.suse.com/security/cve/CVE-2022-1836,"** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2022-33981. Reason: This candidate is a reservation duplicate of CVE-2022-33981. Notes: All CVE users should reference CVE-2022-33981 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.",Released
20220524,CVE-2022-1836,5.1,,1198866,kernel-syms,https://www.suse.com/security/cve/CVE-2022-1836,"** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2022-33981. Reason: This candidate is a reservation duplicate of CVE-2022-33981. Notes: All CVE users should reference CVE-2022-33981 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.",Released
20220524,CVE-2022-1836,5.1,,1198866,kernel-trace,https://www.suse.com/security/cve/CVE-2022-1836,"** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2022-33981. Reason: This candidate is a reservation duplicate of CVE-2022-33981. Notes: All CVE users should reference CVE-2022-33981 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.",Released
20220524,CVE-2022-1836,5.1,,1198866,kernel-xen,https://www.suse.com/security/cve/CVE-2022-1836,"** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2022-33981. Reason: This candidate is a reservation duplicate of CVE-2022-33981. Notes: All CVE users should reference CVE-2022-33981 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.",Released
20220530,CVE-2022-1897,5.3,7.8,1200010,vim,https://www.suse.com/security/cve/CVE-2022-1897,"Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.",Won't fix
20220530,CVE-2022-1898,5.3,7.8,1200011,vim,https://www.suse.com/security/cve/CVE-2022-1898,"Use After Free in GitHub repository vim/vim prior to 8.2.",Won't fix
20220531,CVE-2016-4072,4.5,9.8,1200082,php53,https://www.suse.com/security/cve/CVE-2016-4072,"The Phar extension in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allows remote attackers to execute arbitrary code via a crafted filename, as demonstrated by mishandling of \0 characters by the phar_analyze_path function in ext/phar/phar.c.",Released
20220607,CVE-2022-1968,4.4,7.8,1200270,vim,https://www.suse.com/security/cve/CVE-2022-1968,"Use After Free in GitHub repository vim/vim prior to 8.2.",Unsupported
20220608,CVE-2022-26377,7.4,7.5,1200338,apache2,https://www.suse.com/security/cve/CVE-2022-26377,"Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in mod_proxy_ajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to. This issue affects Apache HTTP Server Apache HTTP Server 2.4 version 2.4.53 and prior versions.",Released
20220608,CVE-2022-28614,5.9,5.3,1200340,apache2,https://www.suse.com/security/cve/CVE-2022-28614,"The ap_rwrite() function in Apache HTTP Server 2.4.53 and earlier may read unintended memory if an attacker can cause the server to reflect very large input using ap_rwrite() or ap_rputs(), such as with mod_luas r:puts() function. Modules compiled and distributed separately from Apache HTTP Server that use the 'ap_rputs' function and may pass it a very large (INT_MAX or larger) string must be compiled against current headers to resolve the issue.",Released
20220608,CVE-2022-28615,7.4,9.1,1200341,apache2,https://www.suse.com/security/cve/CVE-2022-28615,"Apache HTTP Server 2.4.53 and earlier may crash or disclose information due to a read beyond bounds in ap_strcmp_match() when provided with an extremely large input buffer. While no code distributed with the server can be coerced into such a call, third-party modules or lua scripts that use ap_strcmp_match() may hypothetically be affected.",Released
20220608,CVE-2022-31813,5.9,9.8,1200348,apache2,https://www.suse.com/security/cve/CVE-2022-31813,"Apache HTTP Server 2.4.53 and earlier may not send the X-Forwarded-* headers to the origin server based on client side Connection header hop-by-hop mechanism. This may be used to bypass IP based authentication on the origin server/application.",Released
20220609,CVE-2022-32545,3.3,7.8,1200388,ImageMagick,https://www.suse.com/security/cve/CVE-2022-32545,"A vulnerability was found in ImageMagick, causing an outside the range of representable values of type 'unsigned char' at coders/psd.c, when crafted or untrusted input is processed. This leads to a negative impact to application availability or other problems related to undefined behavior.",Ignore
20220609,CVE-2022-32546,3.3,7.8,1200389,ImageMagick,https://www.suse.com/security/cve/CVE-2022-32546,"A vulnerability was found in ImageMagick, causing an outside the range of representable values of type 'unsigned long' at coders/pcl.c, when crafted or untrusted input is processed. This leads to a negative impact to application availability or other problems related to undefined behavior.",Released
20220609,CVE-2022-32547,5.5,7.8,1200387,ImageMagick,https://www.suse.com/security/cve/CVE-2022-32547,"In ImageMagick, there is load of misaligned address for type 'double', which requires 8 byte alignment and for type 'float', which requires 4 byte alignment at MagickCore/property.c. Whenever crafted or untrusted input is processed by ImageMagick, this causes a negative impact to application availability or other problems related to undefined behavior.",Released
20220615,CVE-2021-40633,3.3,8.8,1200551,giflib,https://www.suse.com/security/cve/CVE-2021-40633,"A memory leak (out-of-memory) in gif2rgb in util/gif2rgb.c in giflib 5.1.4 allows remote attackers trigger an out of memory exception or denial of service via a gif format file.",Affected
20220615,CVE-2022-2068,6.7,9.8,1200550,openssl,https://www.suse.com/security/cve/CVE-2022-2068,"In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there are other places in the script where the file names of certificates being hashed were possibly passed to a command executed through the shell. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.4 (Affected 3.0.0,3.0.1,3.0.2,3.0.3). Fixed in OpenSSL 1.1.1p (Affected 1.1.1-1.1.1o). Fixed in OpenSSL 1.0.2zf (Affected 1.0.2-1.0.2ze).",Released
20220616,CVE-2022-20132,4.9,4.6,1200619,kernel-bigmem,https://www.suse.com/security/cve/CVE-2022-20132,"In lg_probe and related functions of hid-lg.c and other USB HID files, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure if a malicious USB HID device were plugged in, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-188677105References: Upstream kernel",Released
20220616,CVE-2022-20132,4.9,4.6,1200619,kernel-default,https://www.suse.com/security/cve/CVE-2022-20132,"In lg_probe and related functions of hid-lg.c and other USB HID files, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure if a malicious USB HID device were plugged in, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-188677105References: Upstream kernel",Released
20220616,CVE-2022-20132,4.9,4.6,1200619,kernel-ec2,https://www.suse.com/security/cve/CVE-2022-20132,"In lg_probe and related functions of hid-lg.c and other USB HID files, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure if a malicious USB HID device were plugged in, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-188677105References: Upstream kernel",Released
20220616,CVE-2022-20132,4.9,4.6,1200619,kernel-pae,https://www.suse.com/security/cve/CVE-2022-20132,"In lg_probe and related functions of hid-lg.c and other USB HID files, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure if a malicious USB HID device were plugged in, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-188677105References: Upstream kernel",Released
20220616,CVE-2022-20132,4.9,4.6,1200619,kernel-ppc64,https://www.suse.com/security/cve/CVE-2022-20132,"In lg_probe and related functions of hid-lg.c and other USB HID files, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure if a malicious USB HID device were plugged in, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-188677105References: Upstream kernel",Released
20220616,CVE-2022-20132,4.9,4.6,1200619,kernel-source,https://www.suse.com/security/cve/CVE-2022-20132,"In lg_probe and related functions of hid-lg.c and other USB HID files, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure if a malicious USB HID device were plugged in, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-188677105References: Upstream kernel",Released
20220616,CVE-2022-20132,4.9,4.6,1200619,kernel-syms,https://www.suse.com/security/cve/CVE-2022-20132,"In lg_probe and related functions of hid-lg.c and other USB HID files, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure if a malicious USB HID device were plugged in, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-188677105References: Upstream kernel",Released
20220616,CVE-2022-20132,4.9,4.6,1200619,kernel-trace,https://www.suse.com/security/cve/CVE-2022-20132,"In lg_probe and related functions of hid-lg.c and other USB HID files, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure if a malicious USB HID device were plugged in, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-188677105References: Upstream kernel",Released
20220616,CVE-2022-20132,4.9,4.6,1200619,kernel-xen,https://www.suse.com/security/cve/CVE-2022-20132,"In lg_probe and related functions of hid-lg.c and other USB HID files, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure if a malicious USB HID device were plugged in, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-188677105References: Upstream kernel",Released
20220616,CVE-2022-20166,6.1,6.7,1200598,kernel-bigmem,https://www.suse.com/security/cve/CVE-2022-20166,"In various methods of kernel base drivers, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-182388481References: Upstream kernel",Released
20220616,CVE-2022-20166,6.1,6.7,1200598,kernel-default,https://www.suse.com/security/cve/CVE-2022-20166,"In various methods of kernel base drivers, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-182388481References: Upstream kernel",Released
20220616,CVE-2022-20166,6.1,6.7,1200598,kernel-ec2,https://www.suse.com/security/cve/CVE-2022-20166,"In various methods of kernel base drivers, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-182388481References: Upstream kernel",Released
20220616,CVE-2022-20166,6.1,6.7,1200598,kernel-pae,https://www.suse.com/security/cve/CVE-2022-20166,"In various methods of kernel base drivers, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-182388481References: Upstream kernel",Released
20220616,CVE-2022-20166,6.1,6.7,1200598,kernel-ppc64,https://www.suse.com/security/cve/CVE-2022-20166,"In various methods of kernel base drivers, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-182388481References: Upstream kernel",Released
20220616,CVE-2022-20166,6.1,6.7,1200598,kernel-source,https://www.suse.com/security/cve/CVE-2022-20166,"In various methods of kernel base drivers, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-182388481References: Upstream kernel",Released
20220616,CVE-2022-20166,6.1,6.7,1200598,kernel-syms,https://www.suse.com/security/cve/CVE-2022-20166,"In various methods of kernel base drivers, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-182388481References: Upstream kernel",Released
20220616,CVE-2022-20166,6.1,6.7,1200598,kernel-trace,https://www.suse.com/security/cve/CVE-2022-20166,"In various methods of kernel base drivers, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-182388481References: Upstream kernel",Released
20220616,CVE-2022-20166,6.1,6.7,1200598,kernel-xen,https://www.suse.com/security/cve/CVE-2022-20166,"In various methods of kernel base drivers, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-182388481References: Upstream kernel",Released
20220617,CVE-2022-31625,7.8,8.1,1200645,php53,https://www.suse.com/security/cve/CVE-2022-31625,"In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when using Postgres database extension, supplying invalid parameters to the parametrized query may lead to PHP attempting to free memory using uninitialized data as pointers. This could lead to RCE vulnerability or denial of service.",Released
20220620,CVE-2022-2125,3.3,7.8,1200698,vim,https://www.suse.com/security/cve/CVE-2022-2125,"Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.",Unsupported
20220621,CVE-2022-1720,3.3,6.6,1200732,vim,https://www.suse.com/security/cve/CVE-2022-1720,"Buffer Over-read in function grab_file_name in GitHub repository vim/vim prior to 8.2.4956. This vulnerability is capable of crashing the software, memory modification, and possible remote execution.",Unsupported
20220621,CVE-2022-32208,6.6,5.9,1200737,curl,https://www.suse.com/security/cve/CVE-2022-32208,"When curl < 7.84.0 does FTP transfers secured by krb5, it handles message verification failures wrongly. This flaw makes it possible for a Man-In-The-Middle attack to go unnoticed and even allows it to inject data to the client.",Released
20220624,CVE-2022-2175,5.5,7.8,1200904,vim,https://www.suse.com/security/cve/CVE-2022-2175,"Buffer Over-read in GitHub repository vim/vim prior to 8.2.",Unsupported
20220624,CVE-2022-2183,4.4,7.8,1200902,vim,https://www.suse.com/security/cve/CVE-2022-2183,"Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.",Unsupported
20220704,CVE-2022-2206,4.4,7.8,1201155,vim,https://www.suse.com/security/cve/CVE-2022-2206,"Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.",Unsupported
20220704,CVE-2022-2257,3.3,7.8,1201154,vim,https://www.suse.com/security/cve/CVE-2022-2257,"Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.",Unsupported
20220704,CVE-2022-2284,3.3,7.8,1201133,vim,https://www.suse.com/security/cve/CVE-2022-2284,"Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.",Unsupported
20220704,CVE-2022-33981,5.5,3.3,1200692,kernel-bigmem,https://www.suse.com/security/cve/CVE-2022-33981,"drivers/block/floppy.c in the Linux kernel before 5.17.6 is vulnerable to a denial of service, because of a concurrency use-after-free flaw after deallocating raw_cmd in the raw_cmd_ioctl function.",Released
20220704,CVE-2022-33981,5.5,3.3,1200692,kernel-default,https://www.suse.com/security/cve/CVE-2022-33981,"drivers/block/floppy.c in the Linux kernel before 5.17.6 is vulnerable to a denial of service, because of a concurrency use-after-free flaw after deallocating raw_cmd in the raw_cmd_ioctl function.",Released
20220704,CVE-2022-33981,5.5,3.3,1200692,kernel-ec2,https://www.suse.com/security/cve/CVE-2022-33981,"drivers/block/floppy.c in the Linux kernel before 5.17.6 is vulnerable to a denial of service, because of a concurrency use-after-free flaw after deallocating raw_cmd in the raw_cmd_ioctl function.",Released
20220704,CVE-2022-33981,5.5,3.3,1200692,kernel-pae,https://www.suse.com/security/cve/CVE-2022-33981,"drivers/block/floppy.c in the Linux kernel before 5.17.6 is vulnerable to a denial of service, because of a concurrency use-after-free flaw after deallocating raw_cmd in the raw_cmd_ioctl function.",Released
20220704,CVE-2022-33981,5.5,3.3,1200692,kernel-ppc64,https://www.suse.com/security/cve/CVE-2022-33981,"drivers/block/floppy.c in the Linux kernel before 5.17.6 is vulnerable to a denial of service, because of a concurrency use-after-free flaw after deallocating raw_cmd in the raw_cmd_ioctl function.",Released
20220704,CVE-2022-33981,5.5,3.3,1200692,kernel-source,https://www.suse.com/security/cve/CVE-2022-33981,"drivers/block/floppy.c in the Linux kernel before 5.17.6 is vulnerable to a denial of service, because of a concurrency use-after-free flaw after deallocating raw_cmd in the raw_cmd_ioctl function.",Released
20220704,CVE-2022-33981,5.5,3.3,1200692,kernel-syms,https://www.suse.com/security/cve/CVE-2022-33981,"drivers/block/floppy.c in the Linux kernel before 5.17.6 is vulnerable to a denial of service, because of a concurrency use-after-free flaw after deallocating raw_cmd in the raw_cmd_ioctl function.",Released
20220704,CVE-2022-33981,5.5,3.3,1200692,kernel-trace,https://www.suse.com/security/cve/CVE-2022-33981,"drivers/block/floppy.c in the Linux kernel before 5.17.6 is vulnerable to a denial of service, because of a concurrency use-after-free flaw after deallocating raw_cmd in the raw_cmd_ioctl function.",Released
20220704,CVE-2022-33981,5.5,3.3,1200692,kernel-xen,https://www.suse.com/security/cve/CVE-2022-33981,"drivers/block/floppy.c in the Linux kernel before 5.17.6 is vulnerable to a denial of service, because of a concurrency use-after-free flaw after deallocating raw_cmd in the raw_cmd_ioctl function.",Released
20220705,CVE-2022-34903,6.8,6.5,1201225,gpg2,https://www.suse.com/security/cve/CVE-2022-34903,"GnuPG through 2.3.6, in unusual situations where an attacker possesses any secret-key information from a victim's keyring and other constraints (e.g., use of GPGME) are met, allows signature forgery via injection into the status line.",Released
20220706,CVE-2022-2318,5.5,5.5,1201251,kernel-bigmem,https://www.suse.com/security/cve/CVE-2022-2318,"There are use-after-free vulnerabilities caused by timer handler in net/rose/rose_timer.c of linux that allow attackers to crash linux kernel without any privileges.",Released
20220706,CVE-2022-2318,5.5,5.5,1201251,kernel-default,https://www.suse.com/security/cve/CVE-2022-2318,"There are use-after-free vulnerabilities caused by timer handler in net/rose/rose_timer.c of linux that allow attackers to crash linux kernel without any privileges.",Released
20220706,CVE-2022-2318,5.5,5.5,1201251,kernel-ec2,https://www.suse.com/security/cve/CVE-2022-2318,"There are use-after-free vulnerabilities caused by timer handler in net/rose/rose_timer.c of linux that allow attackers to crash linux kernel without any privileges.",Released
20220706,CVE-2022-2318,5.5,5.5,1201251,kernel-pae,https://www.suse.com/security/cve/CVE-2022-2318,"There are use-after-free vulnerabilities caused by timer handler in net/rose/rose_timer.c of linux that allow attackers to crash linux kernel without any privileges.",Released
20220706,CVE-2022-2318,5.5,5.5,1201251,kernel-ppc64,https://www.suse.com/security/cve/CVE-2022-2318,"There are use-after-free vulnerabilities caused by timer handler in net/rose/rose_timer.c of linux that allow attackers to crash linux kernel without any privileges.",Released
20220706,CVE-2022-2318,5.5,5.5,1201251,kernel-source,https://www.suse.com/security/cve/CVE-2022-2318,"There are use-after-free vulnerabilities caused by timer handler in net/rose/rose_timer.c of linux that allow attackers to crash linux kernel without any privileges.",Released
20220706,CVE-2022-2318,5.5,5.5,1201251,kernel-syms,https://www.suse.com/security/cve/CVE-2022-2318,"There are use-after-free vulnerabilities caused by timer handler in net/rose/rose_timer.c of linux that allow attackers to crash linux kernel without any privileges.",Released
20220706,CVE-2022-2318,5.5,5.5,1201251,kernel-trace,https://www.suse.com/security/cve/CVE-2022-2318,"There are use-after-free vulnerabilities caused by timer handler in net/rose/rose_timer.c of linux that allow attackers to crash linux kernel without any privileges.",Released
20220706,CVE-2022-2318,5.5,5.5,1201251,kernel-xen,https://www.suse.com/security/cve/CVE-2022-2318,"There are use-after-free vulnerabilities caused by timer handler in net/rose/rose_timer.c of linux that allow attackers to crash linux kernel without any privileges.",Released
20220706,CVE-2022-2319,7.8,7.8,1194179,xorg-x11-server,https://www.suse.com/security/cve/CVE-2022-2319,"A flaw was found in the Xorg-x11-server. An out-of-bounds access issue can occur in the ProcXkbSetGeometry function due to improper validation of the request length.",Released
20220706,CVE-2022-2320,7.8,7.8,1194181,xorg-x11-server,https://www.suse.com/security/cve/CVE-2022-2320,"A flaw was found in the Xorg-x11-server. The specific flaw exists within the handling of ProcXkbSetDeviceInfo requests. The issue results from the lack of proper validation of user-supplied data, which can result in a memory access past the end of an allocated buffer. This flaw allows an attacker to escalate privileges and execute arbitrary code in the context of root.",Released
20220711,CVE-2022-29901,4.7,6.5,1201469,kernel-bigmem,https://www.suse.com/security/cve/CVE-2022-29901,"Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can hijack return instructions to achieve arbitrary speculative code execution under certain microarchitecture-dependent conditions.",Released
20220711,CVE-2022-29901,4.7,6.5,1201469,kernel-default,https://www.suse.com/security/cve/CVE-2022-29901,"Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can hijack return instructions to achieve arbitrary speculative code execution under certain microarchitecture-dependent conditions.",Released
20220711,CVE-2022-29901,4.7,6.5,1201469,kernel-ec2,https://www.suse.com/security/cve/CVE-2022-29901,"Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can hijack return instructions to achieve arbitrary speculative code execution under certain microarchitecture-dependent conditions.",Released
20220711,CVE-2022-29901,4.7,6.5,1201469,kernel-pae,https://www.suse.com/security/cve/CVE-2022-29901,"Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can hijack return instructions to achieve arbitrary speculative code execution under certain microarchitecture-dependent conditions.",Released
20220711,CVE-2022-29901,4.7,6.5,1201469,kernel-ppc64,https://www.suse.com/security/cve/CVE-2022-29901,"Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can hijack return instructions to achieve arbitrary speculative code execution under certain microarchitecture-dependent conditions.",Released
20220711,CVE-2022-29901,4.7,6.5,1201469,kernel-source,https://www.suse.com/security/cve/CVE-2022-29901,"Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can hijack return instructions to achieve arbitrary speculative code execution under certain microarchitecture-dependent conditions.",Released
20220711,CVE-2022-29901,4.7,6.5,1201469,kernel-syms,https://www.suse.com/security/cve/CVE-2022-29901,"Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can hijack return instructions to achieve arbitrary speculative code execution under certain microarchitecture-dependent conditions.",Released
20220711,CVE-2022-29901,4.7,6.5,1201469,kernel-trace,https://www.suse.com/security/cve/CVE-2022-29901,"Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can hijack return instructions to achieve arbitrary speculative code execution under certain microarchitecture-dependent conditions.",Released
20220711,CVE-2022-29901,4.7,6.5,1201469,kernel-xen,https://www.suse.com/security/cve/CVE-2022-29901,"Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can hijack return instructions to achieve arbitrary speculative code execution under certain microarchitecture-dependent conditions.",Released
20220719,CVE-2021-33655,7.8,6.7,1201635,kernel-bigmem,https://www.suse.com/security/cve/CVE-2021-33655,"When sending malicous data to kernel by ioctl cmd FBIOPUT_VSCREENINFO,kernel will write memory out of bounds.",Released
20220719,CVE-2021-33655,7.8,6.7,1201635,kernel-default,https://www.suse.com/security/cve/CVE-2021-33655,"When sending malicous data to kernel by ioctl cmd FBIOPUT_VSCREENINFO,kernel will write memory out of bounds.",Released
20220719,CVE-2021-33655,7.8,6.7,1201635,kernel-ec2,https://www.suse.com/security/cve/CVE-2021-33655,"When sending malicous data to kernel by ioctl cmd FBIOPUT_VSCREENINFO,kernel will write memory out of bounds.",Released
20220719,CVE-2021-33655,7.8,6.7,1201635,kernel-pae,https://www.suse.com/security/cve/CVE-2021-33655,"When sending malicous data to kernel by ioctl cmd FBIOPUT_VSCREENINFO,kernel will write memory out of bounds.",Released
20220719,CVE-2021-33655,7.8,6.7,1201635,kernel-ppc64,https://www.suse.com/security/cve/CVE-2021-33655,"When sending malicous data to kernel by ioctl cmd FBIOPUT_VSCREENINFO,kernel will write memory out of bounds.",Released
20220719,CVE-2021-33655,7.8,6.7,1201635,kernel-source,https://www.suse.com/security/cve/CVE-2021-33655,"When sending malicous data to kernel by ioctl cmd FBIOPUT_VSCREENINFO,kernel will write memory out of bounds.",Released
20220719,CVE-2021-33655,7.8,6.7,1201635,kernel-syms,https://www.suse.com/security/cve/CVE-2021-33655,"When sending malicous data to kernel by ioctl cmd FBIOPUT_VSCREENINFO,kernel will write memory out of bounds.",Released
20220719,CVE-2021-33655,7.8,6.7,1201635,kernel-trace,https://www.suse.com/security/cve/CVE-2021-33655,"When sending malicous data to kernel by ioctl cmd FBIOPUT_VSCREENINFO,kernel will write memory out of bounds.",Released
20220719,CVE-2021-33655,7.8,6.7,1201635,kernel-xen,https://www.suse.com/security/cve/CVE-2021-33655,"When sending malicous data to kernel by ioctl cmd FBIOPUT_VSCREENINFO,kernel will write memory out of bounds.",Released
20220719,CVE-2021-33656,6.3,6.8,1201636,kernel-bigmem,https://www.suse.com/security/cve/CVE-2021-33656,"When setting font with malicous data by ioctl cmd PIO_FONT,kernel will write memory out of bounds.",Released
20220719,CVE-2021-33656,6.3,6.8,1201636,kernel-default,https://www.suse.com/security/cve/CVE-2021-33656,"When setting font with malicous data by ioctl cmd PIO_FONT,kernel will write memory out of bounds.",Released
20220719,CVE-2021-33656,6.3,6.8,1201636,kernel-ec2,https://www.suse.com/security/cve/CVE-2021-33656,"When setting font with malicous data by ioctl cmd PIO_FONT,kernel will write memory out of bounds.",Released
20220719,CVE-2021-33656,6.3,6.8,1201636,kernel-pae,https://www.suse.com/security/cve/CVE-2021-33656,"When setting font with malicous data by ioctl cmd PIO_FONT,kernel will write memory out of bounds.",Released
20220719,CVE-2021-33656,6.3,6.8,1201636,kernel-ppc64,https://www.suse.com/security/cve/CVE-2021-33656,"When setting font with malicous data by ioctl cmd PIO_FONT,kernel will write memory out of bounds.",Released
20220719,CVE-2021-33656,6.3,6.8,1201636,kernel-source,https://www.suse.com/security/cve/CVE-2021-33656,"When setting font with malicous data by ioctl cmd PIO_FONT,kernel will write memory out of bounds.",Released
20220719,CVE-2021-33656,6.3,6.8,1201636,kernel-syms,https://www.suse.com/security/cve/CVE-2021-33656,"When setting font with malicous data by ioctl cmd PIO_FONT,kernel will write memory out of bounds.",Released
20220719,CVE-2021-33656,6.3,6.8,1201636,kernel-trace,https://www.suse.com/security/cve/CVE-2021-33656,"When setting font with malicous data by ioctl cmd PIO_FONT,kernel will write memory out of bounds.",Released
20220719,CVE-2021-33656,6.3,6.8,1201636,kernel-xen,https://www.suse.com/security/cve/CVE-2021-33656,"When setting font with malicous data by ioctl cmd PIO_FONT,kernel will write memory out of bounds.",Released
20220719,CVE-2022-2255,5.6,7.5,1201634,apache2-mod_wsgi,https://www.suse.com/security/cve/CVE-2022-2255,"A vulnerability was found in mod_wsgi. The X-Client-IP header is not removed from a request from an untrusted proxy, allowing an attacker to pass the X-Client-IP header to the target WSGI application because the condition to remove it is missing.",Affected
20220720,CVE-2022-1920,6.6,7.8,1201688,gstreamer-0_10-plugins-good,https://www.suse.com/security/cve/CVE-2022-1920,"Integer overflow in matroskademux element in gst_matroska_demux_add_wvpk_header function which allows a heap overwrite while parsing matroska files. Potential for arbitrary code execution through heap overwrite.",Released
20220720,CVE-2022-1921,6.6,7.8,1201693,gstreamer-0_10-plugins-good,https://www.suse.com/security/cve/CVE-2022-1921,"Integer overflow in avidemux element in gst_avi_demux_invert function which allows a heap overwrite while parsing avi files. Potential for arbitrary code execution through heap overwrite.",Released
20220720,CVE-2022-1922,6.1,7.8,1201702,gstreamer-0_10-plugins-good,https://www.suse.com/security/cve/CVE-2022-1922,"DOS / potential heap overwrite in mkv demuxing using zlib decompression. Integer overflow in matroskademux element in gst_matroska_decompress_data function which causes a segfault, or could cause a heap overwrite, depending on libc and OS. Depending on the libc used, and the underlying OS capabilities, it could be just a segfault or a heap overwrite. If the libc uses mmap for large chunks, and the OS supports mmap, then it is just a segfault (because the realloc before the integer overflow will use mremap to reduce the size of the chunk, and it will start to write to unmapped memory). However, if using a libc implementation that does not use mmap, or if the OS does not support mmap while using libc, then this could result in a heap overwrite.",Released
20220720,CVE-2022-1923,6.1,7.8,1201704,gstreamer-0_10-plugins-good,https://www.suse.com/security/cve/CVE-2022-1923,"DOS / potential heap overwrite in mkv demuxing using bzip decompression. Integer overflow in matroskademux element in bzip decompression function which causes a segfault, or could cause a heap overwrite, depending on libc and OS. Depending on the libc used, and the underlying OS capabilities, it could be just a segfault or a heap overwrite. If the libc uses mmap for large chunks, and the OS supports mmap, then it is just a segfault (because the realloc before the integer overflow will use mremap to reduce the size of the chunk, and it will start to write to unmapped memory). However, if using a libc implementation that does not use mmap, or if the OS does not support mmap while using libc, then this could result in a heap overwrite.",Released
20220720,CVE-2022-1924,6.1,7.8,1201706,gstreamer-0_10-plugins-good,https://www.suse.com/security/cve/CVE-2022-1924,"DOS / potential heap overwrite in mkv demuxing using lzo decompression. Integer overflow in matroskademux element in lzo decompression function which causes a segfault, or could cause a heap overwrite, depending on libc and OS. Depending on the libc used, and the underlying OS capabilities, it could be just a segfault or a heap overwrite. If the libc uses mmap for large chunks, and the OS supports mmap, then it is just a segfault (because the realloc before the integer overflow will use mremap to reduce the size of the chunk, and it will start to write to unmapped memory). However, if using a libc implementation that does not use mmap, or if the OS does not support mmap while using libc, then this could result in a heap overwrite.",Released
20220720,CVE-2022-1925,6.1,7.8,1201707,gstreamer-0_10-plugins-good,https://www.suse.com/security/cve/CVE-2022-1925,"DOS / potential heap overwrite in mkv demuxing using HEADERSTRIP decompression. Integer overflow in matroskaparse element in gst_matroska_decompress_data function which causes a heap overflow. Due to restrictions on chunk sizes in the matroskademux element, the overflow can't be triggered, however the matroskaparse element has no size checks.",Released
20220720,CVE-2022-2122,6.1,7.8,1201708,gstreamer-0_10-plugins-good,https://www.suse.com/security/cve/CVE-2022-2122,"DOS / potential heap overwrite in qtdemux using zlib decompression. Integer overflow in qtdemux element in qtdemux_inflate function which causes a segfault, or could cause a heap overwrite, depending on libc and OS. Depending on the libc used, and the underlying OS capabilities, it could be just a segfault or a heap overwrite.",Released
20220720,CVE-2022-2476,3.3,5.5,1201716,wavpack,https://www.suse.com/security/cve/CVE-2022-2476,"A null pointer dereference bug was found in wavpack-5.4.0 The results from the ASAN log: AddressSanitizer:DEADLYSIGNAL ===================================================================84257==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x561b47a970c6 bp 0x7fff13952fb0 sp 0x7fff1394fca0 T0) ==84257==The signal is caused by a WRITE memory access. ==84257==Hint: address points to the zero page. #0 0x561b47a970c5 in main cli/wvunpack.c:834 #1 0x7efc4f5c0082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) #2 0x561b47a945ed in _start (/usr/local/bin/wvunpack+0xa5ed) AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV cli/wvunpack.c:834 in main ==84257==ABORTING",Released
20220721,CVE-2020-36557,7.8,5.1,1201429,kernel-bigmem,https://www.suse.com/security/cve/CVE-2020-36557,"A race condition in the Linux kernel before 5.6.2 between the VT_DISALLOCATE ioctl and closing/opening of ttys could lead to a use-after-free.",Released
20220721,CVE-2020-36557,7.8,5.1,1201429,kernel-default,https://www.suse.com/security/cve/CVE-2020-36557,"A race condition in the Linux kernel before 5.6.2 between the VT_DISALLOCATE ioctl and closing/opening of ttys could lead to a use-after-free.",Released
20220721,CVE-2020-36557,7.8,5.1,1201429,kernel-ec2,https://www.suse.com/security/cve/CVE-2020-36557,"A race condition in the Linux kernel before 5.6.2 between the VT_DISALLOCATE ioctl and closing/opening of ttys could lead to a use-after-free.",Released
20220721,CVE-2020-36557,7.8,5.1,1201429,kernel-pae,https://www.suse.com/security/cve/CVE-2020-36557,"A race condition in the Linux kernel before 5.6.2 between the VT_DISALLOCATE ioctl and closing/opening of ttys could lead to a use-after-free.",Released
20220721,CVE-2020-36557,7.8,5.1,1201429,kernel-ppc64,https://www.suse.com/security/cve/CVE-2020-36557,"A race condition in the Linux kernel before 5.6.2 between the VT_DISALLOCATE ioctl and closing/opening of ttys could lead to a use-after-free.",Released
20220721,CVE-2020-36557,7.8,5.1,1201429,kernel-source,https://www.suse.com/security/cve/CVE-2020-36557,"A race condition in the Linux kernel before 5.6.2 between the VT_DISALLOCATE ioctl and closing/opening of ttys could lead to a use-after-free.",Released
20220721,CVE-2020-36557,7.8,5.1,1201429,kernel-syms,https://www.suse.com/security/cve/CVE-2020-36557,"A race condition in the Linux kernel before 5.6.2 between the VT_DISALLOCATE ioctl and closing/opening of ttys could lead to a use-after-free.",Released
20220721,CVE-2020-36557,7.8,5.1,1201429,kernel-trace,https://www.suse.com/security/cve/CVE-2020-36557,"A race condition in the Linux kernel before 5.6.2 between the VT_DISALLOCATE ioctl and closing/opening of ttys could lead to a use-after-free.",Released
20220721,CVE-2020-36557,7.8,5.1,1201429,kernel-xen,https://www.suse.com/security/cve/CVE-2020-36557,"A race condition in the Linux kernel before 5.6.2 between the VT_DISALLOCATE ioctl and closing/opening of ttys could lead to a use-after-free.",Released
20220721,CVE-2020-36558,7.8,5.1,1200910,kernel-bigmem,https://www.suse.com/security/cve/CVE-2020-36558,"A race condition in the Linux kernel before 5.5.7 involving VT_RESIZEX could lead to a NULL pointer dereference and general protection fault.",Released
20220721,CVE-2020-36558,7.8,5.1,1200910,kernel-default,https://www.suse.com/security/cve/CVE-2020-36558,"A race condition in the Linux kernel before 5.5.7 involving VT_RESIZEX could lead to a NULL pointer dereference and general protection fault.",Released
20220721,CVE-2020-36558,7.8,5.1,1200910,kernel-ec2,https://www.suse.com/security/cve/CVE-2020-36558,"A race condition in the Linux kernel before 5.5.7 involving VT_RESIZEX could lead to a NULL pointer dereference and general protection fault.",Released
20220721,CVE-2020-36558,7.8,5.1,1200910,kernel-pae,https://www.suse.com/security/cve/CVE-2020-36558,"A race condition in the Linux kernel before 5.5.7 involving VT_RESIZEX could lead to a NULL pointer dereference and general protection fault.",Released
20220721,CVE-2020-36558,7.8,5.1,1200910,kernel-ppc64,https://www.suse.com/security/cve/CVE-2020-36558,"A race condition in the Linux kernel before 5.5.7 involving VT_RESIZEX could lead to a NULL pointer dereference and general protection fault.",Released
20220721,CVE-2020-36558,7.8,5.1,1200910,kernel-source,https://www.suse.com/security/cve/CVE-2020-36558,"A race condition in the Linux kernel before 5.5.7 involving VT_RESIZEX could lead to a NULL pointer dereference and general protection fault.",Released
20220721,CVE-2020-36558,7.8,5.1,1200910,kernel-syms,https://www.suse.com/security/cve/CVE-2020-36558,"A race condition in the Linux kernel before 5.5.7 involving VT_RESIZEX could lead to a NULL pointer dereference and general protection fault.",Released
20220721,CVE-2020-36558,7.8,5.1,1200910,kernel-trace,https://www.suse.com/security/cve/CVE-2020-36558,"A race condition in the Linux kernel before 5.5.7 involving VT_RESIZEX could lead to a NULL pointer dereference and general protection fault.",Released
20220721,CVE-2020-36558,7.8,5.1,1200910,kernel-xen,https://www.suse.com/security/cve/CVE-2020-36558,"A race condition in the Linux kernel before 5.5.7 involving VT_RESIZEX could lead to a NULL pointer dereference and general protection fault.",Released
20220725,CVE-2022-29154,8.8,7.4,1201840,rsync,https://www.suse.com/security/cve/CVE-2022-29154,"An issue was discovered in rsync before 3.2.5 that allows malicious remote servers to write arbitrary files inside the directories of connecting peers. The server chooses which files/directories are sent to the client. However, the rsync client performs insufficient validation of file names. A malicious rsync server (or Man-in-The-Middle attacker) can overwrite arbitrary files in the rsync client target directory and subdirectories (for example, overwrite the .ssh/authorized_keys file).",Won't fix
20220726,CVE-2022-2522,3.3,7.8,1201863,vim,https://www.suse.com/security/cve/CVE-2022-2522,"Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0061.",Won't fix
20220728,CVE-2022-36879,4.1,5.5,1201948,kernel-bigmem,https://www.suse.com/security/cve/CVE-2022-36879,"An issue was discovered in the Linux kernel through 5.18.14. xfrm_expand_policies in net/xfrm/xfrm_policy.c can cause a refcount to be dropped twice.",Released
20220728,CVE-2022-36879,4.1,5.5,1201948,kernel-default,https://www.suse.com/security/cve/CVE-2022-36879,"An issue was discovered in the Linux kernel through 5.18.14. xfrm_expand_policies in net/xfrm/xfrm_policy.c can cause a refcount to be dropped twice.",Released
20220728,CVE-2022-36879,4.1,5.5,1201948,kernel-ec2,https://www.suse.com/security/cve/CVE-2022-36879,"An issue was discovered in the Linux kernel through 5.18.14. xfrm_expand_policies in net/xfrm/xfrm_policy.c can cause a refcount to be dropped twice.",Released
20220728,CVE-2022-36879,4.1,5.5,1201948,kernel-pae,https://www.suse.com/security/cve/CVE-2022-36879,"An issue was discovered in the Linux kernel through 5.18.14. xfrm_expand_policies in net/xfrm/xfrm_policy.c can cause a refcount to be dropped twice.",Released
20220728,CVE-2022-36879,4.1,5.5,1201948,kernel-ppc64,https://www.suse.com/security/cve/CVE-2022-36879,"An issue was discovered in the Linux kernel through 5.18.14. xfrm_expand_policies in net/xfrm/xfrm_policy.c can cause a refcount to be dropped twice.",Released
20220728,CVE-2022-36879,4.1,5.5,1201948,kernel-source,https://www.suse.com/security/cve/CVE-2022-36879,"An issue was discovered in the Linux kernel through 5.18.14. xfrm_expand_policies in net/xfrm/xfrm_policy.c can cause a refcount to be dropped twice.",Released
20220728,CVE-2022-36879,4.1,5.5,1201948,kernel-syms,https://www.suse.com/security/cve/CVE-2022-36879,"An issue was discovered in the Linux kernel through 5.18.14. xfrm_expand_policies in net/xfrm/xfrm_policy.c can cause a refcount to be dropped twice.",Released
20220728,CVE-2022-36879,4.1,5.5,1201948,kernel-trace,https://www.suse.com/security/cve/CVE-2022-36879,"An issue was discovered in the Linux kernel through 5.18.14. xfrm_expand_policies in net/xfrm/xfrm_policy.c can cause a refcount to be dropped twice.",Released
20220728,CVE-2022-36879,4.1,5.5,1201948,kernel-xen,https://www.suse.com/security/cve/CVE-2022-36879,"An issue was discovered in the Linux kernel through 5.18.14. xfrm_expand_policies in net/xfrm/xfrm_policy.c can cause a refcount to be dropped twice.",Released
20220728,CVE-2022-36946,7.5,7.5,1201940,kernel-bigmem,https://www.suse.com/security/cve/CVE-2022-36946,"nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote attackers to cause a denial of service (panic) because, in the case of an nf_queue verdict with a one-byte nfta_payload attribute, an skb_pull can encounter a negative skb->len.",Released
20220728,CVE-2022-36946,7.5,7.5,1201940,kernel-default,https://www.suse.com/security/cve/CVE-2022-36946,"nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote attackers to cause a denial of service (panic) because, in the case of an nf_queue verdict with a one-byte nfta_payload attribute, an skb_pull can encounter a negative skb->len.",Released
20220728,CVE-2022-36946,7.5,7.5,1201940,kernel-ec2,https://www.suse.com/security/cve/CVE-2022-36946,"nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote attackers to cause a denial of service (panic) because, in the case of an nf_queue verdict with a one-byte nfta_payload attribute, an skb_pull can encounter a negative skb->len.",Released
20220728,CVE-2022-36946,7.5,7.5,1201940,kernel-pae,https://www.suse.com/security/cve/CVE-2022-36946,"nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote attackers to cause a denial of service (panic) because, in the case of an nf_queue verdict with a one-byte nfta_payload attribute, an skb_pull can encounter a negative skb->len.",Released
20220728,CVE-2022-36946,7.5,7.5,1201940,kernel-ppc64,https://www.suse.com/security/cve/CVE-2022-36946,"nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote attackers to cause a denial of service (panic) because, in the case of an nf_queue verdict with a one-byte nfta_payload attribute, an skb_pull can encounter a negative skb->len.",Released
20220728,CVE-2022-36946,7.5,7.5,1201940,kernel-source,https://www.suse.com/security/cve/CVE-2022-36946,"nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote attackers to cause a denial of service (panic) because, in the case of an nf_queue verdict with a one-byte nfta_payload attribute, an skb_pull can encounter a negative skb->len.",Released
20220728,CVE-2022-36946,7.5,7.5,1201940,kernel-syms,https://www.suse.com/security/cve/CVE-2022-36946,"nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote attackers to cause a denial of service (panic) because, in the case of an nf_queue verdict with a one-byte nfta_payload attribute, an skb_pull can encounter a negative skb->len.",Released
20220728,CVE-2022-36946,7.5,7.5,1201940,kernel-trace,https://www.suse.com/security/cve/CVE-2022-36946,"nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote attackers to cause a denial of service (panic) because, in the case of an nf_queue verdict with a one-byte nfta_payload attribute, an skb_pull can encounter a negative skb->len.",Released
20220728,CVE-2022-36946,7.5,7.5,1201940,kernel-xen,https://www.suse.com/security/cve/CVE-2022-36946,"nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote attackers to cause a denial of service (panic) because, in the case of an nf_queue verdict with a one-byte nfta_payload attribute, an skb_pull can encounter a negative skb->len.",Released
20220729,CVE-2022-34568,2.9,7.5,1201977,SDL,https://www.suse.com/security/cve/CVE-2022-34568,"SDL v1.2 was discovered to contain a use-after-free via the XFree function at /src/video/x11/SDL_x11yuv.c.",Released
20220801,CVE-2022-34526,7.8,6.5,1202026,tiff,https://www.suse.com/security/cve/CVE-2022-34526,"A stack overflow was discovered in the _TIFFVGetField function of Tiffsplit v4.4.0. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted TIFF file parsed by the \"tiffsplit\" or \"tiffcrop\" utilities.",Released
20220802,CVE-2022-2581,3.3,7.8,1202050,vim,https://www.suse.com/security/cve/CVE-2022-2581,"Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.0104.",Unsupported
20220802,CVE-2022-2598,3.3,6.5,1202051,vim,https://www.suse.com/security/cve/CVE-2022-2598,"Out-of-bounds Write to API in GitHub repository vim/vim prior to 9.0.0100.  ",Unsupported
20220803,CVE-2022-2586,6.7,7.8,1202095,kernel-default,https://www.suse.com/security/cve/CVE-2022-2586,"It was discovered that a nft object or expression could reference a nft set on a different nft table, leading to a use-after-free once that table was deleted.",Ignore
20220803,CVE-2022-2588,7.8,7.8,1202096,kernel-bigmem,https://www.suse.com/security/cve/CVE-2022-2588,"It was discovered that the cls_route filter implementation in the Linux kernel would not remove an old filter from the hashtable before freeing it if its handle had the value 0.",Released
20220803,CVE-2022-2588,7.8,7.8,1202096,kernel-default,https://www.suse.com/security/cve/CVE-2022-2588,"It was discovered that the cls_route filter implementation in the Linux kernel would not remove an old filter from the hashtable before freeing it if its handle had the value 0.",Released
20220803,CVE-2022-2588,7.8,7.8,1202096,kernel-ec2,https://www.suse.com/security/cve/CVE-2022-2588,"It was discovered that the cls_route filter implementation in the Linux kernel would not remove an old filter from the hashtable before freeing it if its handle had the value 0.",Released
20220803,CVE-2022-2588,7.8,7.8,1202096,kernel-pae,https://www.suse.com/security/cve/CVE-2022-2588,"It was discovered that the cls_route filter implementation in the Linux kernel would not remove an old filter from the hashtable before freeing it if its handle had the value 0.",Released
20220803,CVE-2022-2588,7.8,7.8,1202096,kernel-ppc64,https://www.suse.com/security/cve/CVE-2022-2588,"It was discovered that the cls_route filter implementation in the Linux kernel would not remove an old filter from the hashtable before freeing it if its handle had the value 0.",Released
20220803,CVE-2022-2588,7.8,7.8,1202096,kernel-source,https://www.suse.com/security/cve/CVE-2022-2588,"It was discovered that the cls_route filter implementation in the Linux kernel would not remove an old filter from the hashtable before freeing it if its handle had the value 0.",Released
20220803,CVE-2022-2588,7.8,7.8,1202096,kernel-syms,https://www.suse.com/security/cve/CVE-2022-2588,"It was discovered that the cls_route filter implementation in the Linux kernel would not remove an old filter from the hashtable before freeing it if its handle had the value 0.",Released
20220803,CVE-2022-2588,7.8,7.8,1202096,kernel-trace,https://www.suse.com/security/cve/CVE-2022-2588,"It was discovered that the cls_route filter implementation in the Linux kernel would not remove an old filter from the hashtable before freeing it if its handle had the value 0.",Released
20220803,CVE-2022-2588,7.8,7.8,1202096,kernel-xen,https://www.suse.com/security/cve/CVE-2022-2588,"It was discovered that the cls_route filter implementation in the Linux kernel would not remove an old filter from the hashtable before freeing it if its handle had the value 0.",Released
20220805,CVE-2022-31197,8.1,8,1202170,postgresql-jdbc,https://www.suse.com/security/cve/CVE-2022-31197,"PostgreSQL JDBC Driver (PgJDBC for short) allows Java programs to connect to a PostgreSQL database using standard, database independent Java code. The PGJDBC implementation of the `java.sql.ResultRow.refreshRow()` method is not performing escaping of column names so a malicious column name that contains a statement terminator, e.g. `;`, could lead to SQL injection. This could lead to executing additional SQL commands as the application's JDBC user. User applications that do not invoke the `ResultSet.refreshRow()` method are not impacted. User application that do invoke that method are impacted if the underlying database that they are querying via their JDBC application may be under the control of an attacker. The attack requires the attacker to trick the user into executing SQL against a table name who's column names would contain the malicious SQL and subsequently invoke the `refreshRow()` method on the ResultSet. Note that the application's JDBC user and the schema owner need not be the same. A JDBC application that executes as a privileged user querying database schemas owned by potentially malicious less-privileged users would be vulnerable. In that situation it may be possible for the malicious user to craft a schema that causes the application to execute commands as the privileged user. Patched versions will be released as `42.2.26` and `42.4.1`. Users are advised to upgrade. There are no known workarounds for this issue.",Released
20220805,CVE-2022-37434,8.1,9.8,1202175,zlib,https://www.suse.com/security/cve/CVE-2022-37434,"zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference).",Released
20220811,CVE-2021-23177,6.6,7.8,1192425,bsdtar,https://www.suse.com/security/cve/CVE-2021-23177,"An improper link resolution flaw while extracting an archive can lead to changing the access control list (ACL) of the target of the link. An attacker may provide a malicious archive to a victim user, who would trigger this flaw when trying to extract the archive. A local attacker may use this flaw to change the ACL of a file on the system and gain more privileges.",Unsupported
20220812,CVE-2022-20368,5.5,7.8,1202346,kernel-bigmem,https://www.suse.com/security/cve/CVE-2022-20368,"Product: AndroidVersions: Android kernelAndroid ID: A-224546354References: Upstream kernel",Released
20220812,CVE-2022-20368,5.5,7.8,1202346,kernel-default,https://www.suse.com/security/cve/CVE-2022-20368,"Product: AndroidVersions: Android kernelAndroid ID: A-224546354References: Upstream kernel",Released
20220812,CVE-2022-20368,5.5,7.8,1202346,kernel-ec2,https://www.suse.com/security/cve/CVE-2022-20368,"Product: AndroidVersions: Android kernelAndroid ID: A-224546354References: Upstream kernel",Released
20220812,CVE-2022-20368,5.5,7.8,1202346,kernel-pae,https://www.suse.com/security/cve/CVE-2022-20368,"Product: AndroidVersions: Android kernelAndroid ID: A-224546354References: Upstream kernel",Released
20220812,CVE-2022-20368,5.5,7.8,1202346,kernel-ppc64,https://www.suse.com/security/cve/CVE-2022-20368,"Product: AndroidVersions: Android kernelAndroid ID: A-224546354References: Upstream kernel",Released
20220812,CVE-2022-20368,5.5,7.8,1202346,kernel-source,https://www.suse.com/security/cve/CVE-2022-20368,"Product: AndroidVersions: Android kernelAndroid ID: A-224546354References: Upstream kernel",Released
20220812,CVE-2022-20368,5.5,7.8,1202346,kernel-syms,https://www.suse.com/security/cve/CVE-2022-20368,"Product: AndroidVersions: Android kernelAndroid ID: A-224546354References: Upstream kernel",Released
20220812,CVE-2022-20368,5.5,7.8,1202346,kernel-trace,https://www.suse.com/security/cve/CVE-2022-20368,"Product: AndroidVersions: Android kernelAndroid ID: A-224546354References: Upstream kernel",Released
20220812,CVE-2022-20368,5.5,7.8,1202346,kernel-xen,https://www.suse.com/security/cve/CVE-2022-20368,"Product: AndroidVersions: Android kernelAndroid ID: A-224546354References: Upstream kernel",Released
20220812,CVE-2022-20369,5.5,6.7,1202347,kernel-bigmem,https://www.suse.com/security/cve/CVE-2022-20369,"In v4l2_m2m_querybuf of v4l2-mem2mem.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-223375145References: Upstream kernel",Released
20220812,CVE-2022-20369,5.5,6.7,1202347,kernel-default,https://www.suse.com/security/cve/CVE-2022-20369,"In v4l2_m2m_querybuf of v4l2-mem2mem.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-223375145References: Upstream kernel",Released
20220812,CVE-2022-20369,5.5,6.7,1202347,kernel-ec2,https://www.suse.com/security/cve/CVE-2022-20369,"In v4l2_m2m_querybuf of v4l2-mem2mem.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-223375145References: Upstream kernel",Released
20220812,CVE-2022-20369,5.5,6.7,1202347,kernel-pae,https://www.suse.com/security/cve/CVE-2022-20369,"In v4l2_m2m_querybuf of v4l2-mem2mem.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-223375145References: Upstream kernel",Released
20220812,CVE-2022-20369,5.5,6.7,1202347,kernel-ppc64,https://www.suse.com/security/cve/CVE-2022-20369,"In v4l2_m2m_querybuf of v4l2-mem2mem.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-223375145References: Upstream kernel",Released
20220812,CVE-2022-20369,5.5,6.7,1202347,kernel-source,https://www.suse.com/security/cve/CVE-2022-20369,"In v4l2_m2m_querybuf of v4l2-mem2mem.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-223375145References: Upstream kernel",Released
20220812,CVE-2022-20369,5.5,6.7,1202347,kernel-syms,https://www.suse.com/security/cve/CVE-2022-20369,"In v4l2_m2m_querybuf of v4l2-mem2mem.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-223375145References: Upstream kernel",Released
20220812,CVE-2022-20369,5.5,6.7,1202347,kernel-trace,https://www.suse.com/security/cve/CVE-2022-20369,"In v4l2_m2m_querybuf of v4l2-mem2mem.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-223375145References: Upstream kernel",Released
20220812,CVE-2022-20369,5.5,6.7,1202347,kernel-xen,https://www.suse.com/security/cve/CVE-2022-20369,"In v4l2_m2m_querybuf of v4l2-mem2mem.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-223375145References: Upstream kernel",Released
20220812,CVE-2022-2625,7.1,8,1202368,postgresql94,https://www.suse.com/security/cve/CVE-2022-2625,"A vulnerability was found in PostgreSQL. This attack requires permission to create non-temporary objects in at least one schema, the ability to lure or wait for an administrator to create or update an affected extension in that schema, and the ability to lure or wait for a victim to use the object targeted in CREATE OR REPLACE or CREATE IF NOT EXISTS. Given all three prerequisites, this flaw allows an attacker to run arbitrary code as the victim role, which may be a superuser.",Ignore
20220818,CVE-2022-2845,3.3,7.8,1202515,vim,https://www.suse.com/security/cve/CVE-2022-2845,"Improper Validation of Specified Quantity in Input in GitHub repository vim/vim prior to 9.0.0218.  ",Unsupported
20220818,CVE-2022-2849,3.3,7.8,1202512,vim,https://www.suse.com/security/cve/CVE-2022-2849,"Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0220.",Unsupported
20220822,CVE-2020-27792,5.5,7.1,1202598,ghostscript-library,https://www.suse.com/security/cve/CVE-2020-27792,"A heap-based buffer overwrite vulnerability was found in GhostScript's lp8000_print_page() function in the gdevlp8k.c file. This flaw allows an attacker to trick a user into opening a crafted PDF file, triggering the heap buffer overflow that could lead to memory corruption or a denial of service.",Released
20220822,CVE-2022-35252,3.7,3.7,1202593,curl,https://www.suse.com/security/cve/CVE-2022-35252,"When curl is used to retrieve and parse cookies from a HTTP(S) server, itaccepts cookies using control codes that when later are sent back to a HTTPserver might make the server return 400 responses. Effectively allowing a\"sister site\" to deny service to all siblings.",Released
20220823,CVE-2021-28861,7.4,7.4,1202624,python-base,https://www.suse.com/security/cve/CVE-2021-28861,"** DISPUTED ** Python 3.x through 3.10 has an open redirection vulnerability in lib/http/server.py due to no protection against multiple (/) at the beginning of URI path which may leads to information disclosure. NOTE: this is disputed by a third party because the http.server.html documentation page states \"Warning: http.server is not recommended for production. It only implements basic security checks.\"",Released
20220823,CVE-2021-28861,7.4,7.4,1202624,python-doc,https://www.suse.com/security/cve/CVE-2021-28861,"** DISPUTED ** Python 3.x through 3.10 has an open redirection vulnerability in lib/http/server.py due to no protection against multiple (/) at the beginning of URI path which may leads to information disclosure. NOTE: this is disputed by a third party because the http.server.html documentation page states \"Warning: http.server is not recommended for production. It only implements basic security checks.\"",Released
20220823,CVE-2021-28861,7.4,7.4,1202624,python,https://www.suse.com/security/cve/CVE-2021-28861,"** DISPUTED ** Python 3.x through 3.10 has an open redirection vulnerability in lib/http/server.py due to no protection against multiple (/) at the beginning of URI path which may leads to information disclosure. NOTE: this is disputed by a third party because the http.server.html documentation page states \"Warning: http.server is not recommended for production. It only implements basic security checks.\"",Released
20220823,CVE-2022-2963,6.2,7.5,1202642,jasper,https://www.suse.com/security/cve/CVE-2022-2963,"A vulnerability found in jasper. This security vulnerability happens because of a memory leak bug in function cmdopts_parse that can cause a crash or segmentation fault.",Released
20220824,CVE-2021-30860,7.8,7.8,1202692,poppler,https://www.suse.com/security/cve/CVE-2021-30860,"An integer overflow was addressed with improved input validation. This issue is fixed in Security Update 2021-005 Catalina, iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6, watchOS 7.6.2. Processing a maliciously crafted PDF may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.",Analysis
20220824,CVE-2021-3714,5.8,5.9,1202680,kernel-source,https://www.suse.com/security/cve/CVE-2021-3714,"A flaw was found in the Linux kernels memory deduplication mechanism. Previous work has shown that memory deduplication can be attacked via a local exploitation mechanism. The same technique can be used if an attacker can upload page sized files and detect the change in access time from a networked service to determine if the page has been merged.",Won't fix
20220824,CVE-2022-2923,3.3,6.6,1202687,vim,https://www.suse.com/security/cve/CVE-2022-2923,"NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0240.",Won't fix
20220824,CVE-2022-2978,7,7.8,1202700,kernel-source,https://www.suse.com/security/cve/CVE-2022-2978,"A flaw use after free in the Linux kernel NILFS file system was found in the way user triggers function security_inode_alloc to fail with following call to function nilfs_mdt_destroy. A local user could use this flaw to crash the system or potentially escalate their privileges on the system.",Already fixed
20220824,CVE-2022-31676,7,7.8,1202657,open-vm-tools,https://www.suse.com/security/cve/CVE-2022-31676,"VMware Tools (12.0.0, 11.x.y and 10.x.y) contains a local privilege escalation vulnerability. A malicious actor with local non-administrative access to the Guest OS can escalate privileges as a root user in the virtual machine.",Unsupported
20220824,CVE-2022-38171,7.8,7.8,1202692,poppler,https://www.suse.com/security/cve/CVE-2022-38171,"Xpdf prior to version 4.04 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readTextRegionSeg() in JBIG2Stream.cc). Processing a specially crafted PDF file or JBIG2 image could lead to a crash or the execution of arbitrary code. This is similar to the vulnerability described by CVE-2021-30860 (Apple CoreGraphics).",Analysis
20220824,CVE-2022-38223,5.5,7.8,1202684,w3m,https://www.suse.com/security/cve/CVE-2022-38223,"There is an out-of-bounds write in checkType located in etc.c in w3m 0.5.3. It can be triggered by sending a crafted HTML file to the w3m binary. It allows an attacker to cause Denial of Service or possibly have unspecified other impact.",Released
20220830,CVE-2020-35525,5.1,7.5,1202910,sqlite3,https://www.suse.com/security/cve/CVE-2020-35525,"In SQlite 3.31.1, a potential null pointer derreference was found in the INTERSEC query processing.",Won't fix
20220830,CVE-2020-35527,6.2,9.8,1202912,sqlite3,https://www.suse.com/security/cve/CVE-2020-35527,"In SQLite 3.31.1, there is an out of bounds access problem through ALTER TABLE for views that have a nested FROM clause.",Already fixed
20220830,CVE-2020-35536,3.3,5.5,1202918,gcc,https://www.suse.com/security/cve/CVE-2020-35536,"** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.",Ignore
20220830,CVE-2020-35537,3.3,7.5,1202922,gcc,https://www.suse.com/security/cve/CVE-2020-35537,"** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.",Ignore
20220830,CVE-2022-21385,6.2,6.2,1202897,kernel-bigmem,https://www.suse.com/security/cve/CVE-2022-21385,"A flaw in net_rds_alloc_sgs() in Oracle Linux kernels allows unprivileged local users to crash the machine. CVSS 3.1 Base Score 6.2 (Availability impacts). CVSS Vector (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)",Released
20220830,CVE-2022-21385,6.2,6.2,1202897,kernel-default,https://www.suse.com/security/cve/CVE-2022-21385,"A flaw in net_rds_alloc_sgs() in Oracle Linux kernels allows unprivileged local users to crash the machine. CVSS 3.1 Base Score 6.2 (Availability impacts). CVSS Vector (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)",Released
20220830,CVE-2022-21385,6.2,6.2,1202897,kernel-ec2,https://www.suse.com/security/cve/CVE-2022-21385,"A flaw in net_rds_alloc_sgs() in Oracle Linux kernels allows unprivileged local users to crash the machine. CVSS 3.1 Base Score 6.2 (Availability impacts). CVSS Vector (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)",Released
20220830,CVE-2022-21385,6.2,6.2,1202897,kernel-pae,https://www.suse.com/security/cve/CVE-2022-21385,"A flaw in net_rds_alloc_sgs() in Oracle Linux kernels allows unprivileged local users to crash the machine. CVSS 3.1 Base Score 6.2 (Availability impacts). CVSS Vector (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)",Released
20220830,CVE-2022-21385,6.2,6.2,1202897,kernel-ppc64,https://www.suse.com/security/cve/CVE-2022-21385,"A flaw in net_rds_alloc_sgs() in Oracle Linux kernels allows unprivileged local users to crash the machine. CVSS 3.1 Base Score 6.2 (Availability impacts). CVSS Vector (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)",Released
20220830,CVE-2022-21385,6.2,6.2,1202897,kernel-source,https://www.suse.com/security/cve/CVE-2022-21385,"A flaw in net_rds_alloc_sgs() in Oracle Linux kernels allows unprivileged local users to crash the machine. CVSS 3.1 Base Score 6.2 (Availability impacts). CVSS Vector (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)",Released
20220830,CVE-2022-21385,6.2,6.2,1202897,kernel-syms,https://www.suse.com/security/cve/CVE-2022-21385,"A flaw in net_rds_alloc_sgs() in Oracle Linux kernels allows unprivileged local users to crash the machine. CVSS 3.1 Base Score 6.2 (Availability impacts). CVSS Vector (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)",Released
20220830,CVE-2022-21385,6.2,6.2,1202897,kernel-trace,https://www.suse.com/security/cve/CVE-2022-21385,"A flaw in net_rds_alloc_sgs() in Oracle Linux kernels allows unprivileged local users to crash the machine. CVSS 3.1 Base Score 6.2 (Availability impacts). CVSS Vector (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)",Released
20220830,CVE-2022-21385,6.2,6.2,1202897,kernel-xen,https://www.suse.com/security/cve/CVE-2022-21385,"A flaw in net_rds_alloc_sgs() in Oracle Linux kernels allows unprivileged local users to crash the machine. CVSS 3.1 Base Score 6.2 (Availability impacts). CVSS Vector (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)",Released
20220830,CVE-2022-3028,6.7,7,1202898,kernel-bigmem,https://www.suse.com/security/cve/CVE-2022-3028,"A race condition was found in the Linux kernel's IP framework for transforming packets (XFRM subsystem) when multiple calls to xfrm_probe_algs occurred simultaneously. This flaw could allow a local attacker to potentially trigger an out-of-bounds write or leak kernel heap memory by performing an out-of-bounds read and copying it into a socket.",Released
20220830,CVE-2022-3028,6.7,7,1202898,kernel-default,https://www.suse.com/security/cve/CVE-2022-3028,"A race condition was found in the Linux kernel's IP framework for transforming packets (XFRM subsystem) when multiple calls to xfrm_probe_algs occurred simultaneously. This flaw could allow a local attacker to potentially trigger an out-of-bounds write or leak kernel heap memory by performing an out-of-bounds read and copying it into a socket.",Released
20220830,CVE-2022-3028,6.7,7,1202898,kernel-ec2,https://www.suse.com/security/cve/CVE-2022-3028,"A race condition was found in the Linux kernel's IP framework for transforming packets (XFRM subsystem) when multiple calls to xfrm_probe_algs occurred simultaneously. This flaw could allow a local attacker to potentially trigger an out-of-bounds write or leak kernel heap memory by performing an out-of-bounds read and copying it into a socket.",Released
20220830,CVE-2022-3028,6.7,7,1202898,kernel-pae,https://www.suse.com/security/cve/CVE-2022-3028,"A race condition was found in the Linux kernel's IP framework for transforming packets (XFRM subsystem) when multiple calls to xfrm_probe_algs occurred simultaneously. This flaw could allow a local attacker to potentially trigger an out-of-bounds write or leak kernel heap memory by performing an out-of-bounds read and copying it into a socket.",Released
20220830,CVE-2022-3028,6.7,7,1202898,kernel-ppc64,https://www.suse.com/security/cve/CVE-2022-3028,"A race condition was found in the Linux kernel's IP framework for transforming packets (XFRM subsystem) when multiple calls to xfrm_probe_algs occurred simultaneously. This flaw could allow a local attacker to potentially trigger an out-of-bounds write or leak kernel heap memory by performing an out-of-bounds read and copying it into a socket.",Released
20220830,CVE-2022-3028,6.7,7,1202898,kernel-source,https://www.suse.com/security/cve/CVE-2022-3028,"A race condition was found in the Linux kernel's IP framework for transforming packets (XFRM subsystem) when multiple calls to xfrm_probe_algs occurred simultaneously. This flaw could allow a local attacker to potentially trigger an out-of-bounds write or leak kernel heap memory by performing an out-of-bounds read and copying it into a socket.",Released
20220830,CVE-2022-3028,6.7,7,1202898,kernel-syms,https://www.suse.com/security/cve/CVE-2022-3028,"A race condition was found in the Linux kernel's IP framework for transforming packets (XFRM subsystem) when multiple calls to xfrm_probe_algs occurred simultaneously. This flaw could allow a local attacker to potentially trigger an out-of-bounds write or leak kernel heap memory by performing an out-of-bounds read and copying it into a socket.",Released
20220830,CVE-2022-3028,6.7,7,1202898,kernel-trace,https://www.suse.com/security/cve/CVE-2022-3028,"A race condition was found in the Linux kernel's IP framework for transforming packets (XFRM subsystem) when multiple calls to xfrm_probe_algs occurred simultaneously. This flaw could allow a local attacker to potentially trigger an out-of-bounds write or leak kernel heap memory by performing an out-of-bounds read and copying it into a socket.",Released
20220830,CVE-2022-3028,6.7,7,1202898,kernel-xen,https://www.suse.com/security/cve/CVE-2022-3028,"A race condition was found in the Linux kernel's IP framework for transforming packets (XFRM subsystem) when multiple calls to xfrm_probe_algs occurred simultaneously. This flaw could allow a local attacker to potentially trigger an out-of-bounds write or leak kernel heap memory by performing an out-of-bounds read and copying it into a socket.",Released
20220831,CVE-2022-38126,6.2,5.5,1202966,binutils,https://www.suse.com/security/cve/CVE-2022-38126,"** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.",Unsupported
20220831,CVE-2022-38127,6.2,5.5,1202967,binutils,https://www.suse.com/security/cve/CVE-2022-38127,"** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.",Unsupported
20220901,CVE-2022-2663,5.9,5.3,1202097,kernel-bigmem,https://www.suse.com/security/cve/CVE-2022-2663,"An issue was found in the Linux kernel in nf_conntrack_irc where the message handling can be confused and incorrectly matches the message. A firewall may be able to be bypassed when users are using unencrypted IRC with nf_conntrack_irc configured.",Released
20220901,CVE-2022-2663,5.9,5.3,1202097,kernel-default,https://www.suse.com/security/cve/CVE-2022-2663,"An issue was found in the Linux kernel in nf_conntrack_irc where the message handling can be confused and incorrectly matches the message. A firewall may be able to be bypassed when users are using unencrypted IRC with nf_conntrack_irc configured.",Released
20220901,CVE-2022-2663,5.9,5.3,1202097,kernel-ec2,https://www.suse.com/security/cve/CVE-2022-2663,"An issue was found in the Linux kernel in nf_conntrack_irc where the message handling can be confused and incorrectly matches the message. A firewall may be able to be bypassed when users are using unencrypted IRC with nf_conntrack_irc configured.",Released
20220901,CVE-2022-2663,5.9,5.3,1202097,kernel-pae,https://www.suse.com/security/cve/CVE-2022-2663,"An issue was found in the Linux kernel in nf_conntrack_irc where the message handling can be confused and incorrectly matches the message. A firewall may be able to be bypassed when users are using unencrypted IRC with nf_conntrack_irc configured.",Released
20220901,CVE-2022-2663,5.9,5.3,1202097,kernel-ppc64,https://www.suse.com/security/cve/CVE-2022-2663,"An issue was found in the Linux kernel in nf_conntrack_irc where the message handling can be confused and incorrectly matches the message. A firewall may be able to be bypassed when users are using unencrypted IRC with nf_conntrack_irc configured.",Released
20220901,CVE-2022-2663,5.9,5.3,1202097,kernel-source,https://www.suse.com/security/cve/CVE-2022-2663,"An issue was found in the Linux kernel in nf_conntrack_irc where the message handling can be confused and incorrectly matches the message. A firewall may be able to be bypassed when users are using unencrypted IRC with nf_conntrack_irc configured.",Released
20220901,CVE-2022-2663,5.9,5.3,1202097,kernel-syms,https://www.suse.com/security/cve/CVE-2022-2663,"An issue was found in the Linux kernel in nf_conntrack_irc where the message handling can be confused and incorrectly matches the message. A firewall may be able to be bypassed when users are using unencrypted IRC with nf_conntrack_irc configured.",Released
20220901,CVE-2022-2663,5.9,5.3,1202097,kernel-trace,https://www.suse.com/security/cve/CVE-2022-2663,"An issue was found in the Linux kernel in nf_conntrack_irc where the message handling can be confused and incorrectly matches the message. A firewall may be able to be bypassed when users are using unencrypted IRC with nf_conntrack_irc configured.",Released
20220901,CVE-2022-2663,5.9,5.3,1202097,kernel-xen,https://www.suse.com/security/cve/CVE-2022-2663,"An issue was found in the Linux kernel in nf_conntrack_irc where the message handling can be confused and incorrectly matches the message. A firewall may be able to be bypassed when users are using unencrypted IRC with nf_conntrack_irc configured.",Released
20220901,CVE-2022-31252,6.7,4.4,1203018,permissions,https://www.suse.com/security/cve/CVE-2022-31252,"A Incorrect Authorization vulnerability in chkstat of SUSE Linux Enterprise Server 12-SP5; openSUSE Leap 15.3, openSUSE Leap 15.4, openSUSE Leap Micro 5.2 did not consider group writable path components, allowing local attackers with access to a group what can write to a location included in the path to a privileged binary to influence path resolution. This issue affects: SUSE Linux Enterprise Server 12-SP5 permissions versions prior to 20170707. openSUSE Leap 15.3 permissions versions prior to 20200127. openSUSE Leap 15.4 permissions versions prior to 20201225. openSUSE Leap Micro 5.2 permissions versions prior to 20181225.",Released
20220902,CVE-2022-24106,5.3,7.8,1203055,poppler,https://www.suse.com/security/cve/CVE-2022-24106,"In Xpdf prior to 4.04, the DCT (JPEG) decoder was incorrectly allowing the 'interleaved' flag to be changed after the first scan of the image, leading to an unknown integer-related vulnerability in Stream.cc.",Unsupported
20220905,CVE-2020-10735,7.5,7.5,1203125,python,https://www.suse.com/security/cve/CVE-2020-10735,"A flaw was found in python. In algorithms with quadratic time complexity using non-binary bases, when using int(\"text\"), a system could take 50ms to parse an int string with 100,000 digits and 5s for 1,000,000 digits (float, decimal, int.from_bytes(), and int() for binary bases 2, 4, 8, 16, and 32 are not affected). The highest threat from this vulnerability is to system availability.",Won't fix
20220905,CVE-2020-29260,5.3,7.5,1203106,LibVNCServer,https://www.suse.com/security/cve/CVE-2020-29260,"libvncclient v0.9.13 was discovered to contain a memory leak via the function rfbClientCleanup().",Released
20220905,CVE-2022-39176,7.3,8.8,1203121,bluez,https://www.suse.com/security/cve/CVE-2022-39176,"BlueZ before 5.59 allows physically proximate attackers to obtain sensitive information because profiles/audio/avrcp.c does not validate params_len.",Ignore
20220905,CVE-2022-39188,7,4.7,1203107,kernel-bigmem,https://www.suse.com/security/cve/CVE-2022-39188,"An issue was discovered in include/asm-generic/tlb.h in the Linux kernel before 5.19. Because of a race condition (unmap_mapping_range versus munmap), a device driver can free a page while it still has stale TLB entries. This only occurs in situations with VM_PFNMAP VMAs.",Released
20220905,CVE-2022-39188,7,4.7,1203107,kernel-default,https://www.suse.com/security/cve/CVE-2022-39188,"An issue was discovered in include/asm-generic/tlb.h in the Linux kernel before 5.19. Because of a race condition (unmap_mapping_range versus munmap), a device driver can free a page while it still has stale TLB entries. This only occurs in situations with VM_PFNMAP VMAs.",Released
20220905,CVE-2022-39188,7,4.7,1203107,kernel-ec2,https://www.suse.com/security/cve/CVE-2022-39188,"An issue was discovered in include/asm-generic/tlb.h in the Linux kernel before 5.19. Because of a race condition (unmap_mapping_range versus munmap), a device driver can free a page while it still has stale TLB entries. This only occurs in situations with VM_PFNMAP VMAs.",Released
20220905,CVE-2022-39188,7,4.7,1203107,kernel-pae,https://www.suse.com/security/cve/CVE-2022-39188,"An issue was discovered in include/asm-generic/tlb.h in the Linux kernel before 5.19. Because of a race condition (unmap_mapping_range versus munmap), a device driver can free a page while it still has stale TLB entries. This only occurs in situations with VM_PFNMAP VMAs.",Released
20220905,CVE-2022-39188,7,4.7,1203107,kernel-ppc64,https://www.suse.com/security/cve/CVE-2022-39188,"An issue was discovered in include/asm-generic/tlb.h in the Linux kernel before 5.19. Because of a race condition (unmap_mapping_range versus munmap), a device driver can free a page while it still has stale TLB entries. This only occurs in situations with VM_PFNMAP VMAs.",Released
20220905,CVE-2022-39188,7,4.7,1203107,kernel-source,https://www.suse.com/security/cve/CVE-2022-39188,"An issue was discovered in include/asm-generic/tlb.h in the Linux kernel before 5.19. Because of a race condition (unmap_mapping_range versus munmap), a device driver can free a page while it still has stale TLB entries. This only occurs in situations with VM_PFNMAP VMAs.",Released
20220905,CVE-2022-39188,7,4.7,1203107,kernel-syms,https://www.suse.com/security/cve/CVE-2022-39188,"An issue was discovered in include/asm-generic/tlb.h in the Linux kernel before 5.19. Because of a race condition (unmap_mapping_range versus munmap), a device driver can free a page while it still has stale TLB entries. This only occurs in situations with VM_PFNMAP VMAs.",Released
20220905,CVE-2022-39188,7,4.7,1203107,kernel-trace,https://www.suse.com/security/cve/CVE-2022-39188,"An issue was discovered in include/asm-generic/tlb.h in the Linux kernel before 5.19. Because of a race condition (unmap_mapping_range versus munmap), a device driver can free a page while it still has stale TLB entries. This only occurs in situations with VM_PFNMAP VMAs.",Released
20220905,CVE-2022-39188,7,4.7,1203107,kernel-xen,https://www.suse.com/security/cve/CVE-2022-39188,"An issue was discovered in include/asm-generic/tlb.h in the Linux kernel before 5.19. Because of a race condition (unmap_mapping_range versus munmap), a device driver can free a page while it still has stale TLB entries. This only occurs in situations with VM_PFNMAP VMAs.",Released
20220906,CVE-2022-2980,3.3,6.3,1203155,vim,https://www.suse.com/security/cve/CVE-2022-2980,"NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0259.",Unsupported
20220914,CVE-2022-37703,4,3.3,1203390,amanda,https://www.suse.com/security/cve/CVE-2022-37703,"In Amanda 3.5.1, an information leak vulnerability was found in the calcsize SUID binary. An attacker can abuse this vulnerability to know if a directory exists or not anywhere in the fs. The binary will use `opendir()` as root directly without checking the path, letting the attacker provide an arbitrary path.",Released
20220914,CVE-2022-38784,7.8,7.8,1202692,poppler,https://www.suse.com/security/cve/CVE-2022-38784,"Poppler prior to and including 22.08.0 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readTextRegionSeg() in JBIGStream.cc). Processing a specially crafted PDF file or JBIG2 image could lead to a crash or the execution of arbitrary code. This is similar to the vulnerability described by CVE-2022-38171 in Xpdf.",Analysis
20220915,CVE-2022-3219,6.2,3.3,1203440,gpg2,https://www.suse.com/security/cve/CVE-2022-3219,"GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.",Won't fix
20220915,CVE-2022-40674,8.1,8.1,1203438,expat,https://www.suse.com/security/cve/CVE-2022-40674,"libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c.",Released
20220919,CVE-2022-40768,5.5,5.5,1203514,kernel-bigmem,https://www.suse.com/security/cve/CVE-2022-40768,"drivers/scsi/stex.c in the Linux kernel through 5.19.9 allows local users to obtain sensitive information from kernel memory because stex_queuecommand_lck lacks a memset for the PASSTHRU_CMD case.",Released
20220919,CVE-2022-40768,5.5,5.5,1203514,kernel-default,https://www.suse.com/security/cve/CVE-2022-40768,"drivers/scsi/stex.c in the Linux kernel through 5.19.9 allows local users to obtain sensitive information from kernel memory because stex_queuecommand_lck lacks a memset for the PASSTHRU_CMD case.",Released
20220919,CVE-2022-40768,5.5,5.5,1203514,kernel-ec2,https://www.suse.com/security/cve/CVE-2022-40768,"drivers/scsi/stex.c in the Linux kernel through 5.19.9 allows local users to obtain sensitive information from kernel memory because stex_queuecommand_lck lacks a memset for the PASSTHRU_CMD case.",Released
20220919,CVE-2022-40768,5.5,5.5,1203514,kernel-pae,https://www.suse.com/security/cve/CVE-2022-40768,"drivers/scsi/stex.c in the Linux kernel through 5.19.9 allows local users to obtain sensitive information from kernel memory because stex_queuecommand_lck lacks a memset for the PASSTHRU_CMD case.",Released
20220919,CVE-2022-40768,5.5,5.5,1203514,kernel-ppc64,https://www.suse.com/security/cve/CVE-2022-40768,"drivers/scsi/stex.c in the Linux kernel through 5.19.9 allows local users to obtain sensitive information from kernel memory because stex_queuecommand_lck lacks a memset for the PASSTHRU_CMD case.",Released
20220919,CVE-2022-40768,5.5,5.5,1203514,kernel-source,https://www.suse.com/security/cve/CVE-2022-40768,"drivers/scsi/stex.c in the Linux kernel through 5.19.9 allows local users to obtain sensitive information from kernel memory because stex_queuecommand_lck lacks a memset for the PASSTHRU_CMD case.",Released
20220919,CVE-2022-40768,5.5,5.5,1203514,kernel-syms,https://www.suse.com/security/cve/CVE-2022-40768,"drivers/scsi/stex.c in the Linux kernel through 5.19.9 allows local users to obtain sensitive information from kernel memory because stex_queuecommand_lck lacks a memset for the PASSTHRU_CMD case.",Released
20220919,CVE-2022-40768,5.5,5.5,1203514,kernel-trace,https://www.suse.com/security/cve/CVE-2022-40768,"drivers/scsi/stex.c in the Linux kernel through 5.19.9 allows local users to obtain sensitive information from kernel memory because stex_queuecommand_lck lacks a memset for the PASSTHRU_CMD case.",Released
20220919,CVE-2022-40768,5.5,5.5,1203514,kernel-xen,https://www.suse.com/security/cve/CVE-2022-40768,"drivers/scsi/stex.c in the Linux kernel through 5.19.9 allows local users to obtain sensitive information from kernel memory because stex_queuecommand_lck lacks a memset for the PASSTHRU_CMD case.",Released
20220920,CVE-2022-40617,6.5,7.5,1203556,strongswan,https://www.suse.com/security/cve/CVE-2022-40617,"strongSwan before 5.9.8 allows remote attackers to cause a denial of service in the revocation plugin by sending a crafted end-entity (and intermediate CA) certificate that contains a CRL/OCSP URL that points to a server (under the attacker's control) that doesn't properly respond but (for example) just does nothing after the initial TCP handshake, or sends an excessive amount of application data.",Won't fix
20220921,CVE-2022-2795,5.3,5.3,1203614,bind,https://www.suse.com/security/cve/CVE-2022-2795,"By flooding the target resolver with queries exploiting this flaw an attacker can significantly impair the resolver's performance, effectively denying legitimate clients access to the DNS resolution service.",Released
20220921,CVE-2022-38177,7.5,7.5,1203619,bind,https://www.suse.com/security/cve/CVE-2022-38177,"By spoofing the target resolver with responses that have a malformed ECDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources.",Released
20220921,CVE-2022-41218,8.4,5.5,1202960,kernel-bigmem,https://www.suse.com/security/cve/CVE-2022-41218,"In drivers/media/dvb-core/dmxdev.c in the Linux kernel through 5.19.10, there is a use-after-free caused by refcount races, affecting dvb_demux_open and dvb_dmxdev_release.",Released
20220921,CVE-2022-41218,8.4,5.5,1202960,kernel-default,https://www.suse.com/security/cve/CVE-2022-41218,"In drivers/media/dvb-core/dmxdev.c in the Linux kernel through 5.19.10, there is a use-after-free caused by refcount races, affecting dvb_demux_open and dvb_dmxdev_release.",Released
20220921,CVE-2022-41218,8.4,5.5,1202960,kernel-ec2,https://www.suse.com/security/cve/CVE-2022-41218,"In drivers/media/dvb-core/dmxdev.c in the Linux kernel through 5.19.10, there is a use-after-free caused by refcount races, affecting dvb_demux_open and dvb_dmxdev_release.",Released
20220921,CVE-2022-41218,8.4,5.5,1202960,kernel-pae,https://www.suse.com/security/cve/CVE-2022-41218,"In drivers/media/dvb-core/dmxdev.c in the Linux kernel through 5.19.10, there is a use-after-free caused by refcount races, affecting dvb_demux_open and dvb_dmxdev_release.",Released
20220921,CVE-2022-41218,8.4,5.5,1202960,kernel-ppc64,https://www.suse.com/security/cve/CVE-2022-41218,"In drivers/media/dvb-core/dmxdev.c in the Linux kernel through 5.19.10, there is a use-after-free caused by refcount races, affecting dvb_demux_open and dvb_dmxdev_release.",Released
20220921,CVE-2022-41218,8.4,5.5,1202960,kernel-source,https://www.suse.com/security/cve/CVE-2022-41218,"In drivers/media/dvb-core/dmxdev.c in the Linux kernel through 5.19.10, there is a use-after-free caused by refcount races, affecting dvb_demux_open and dvb_dmxdev_release.",Released
20220921,CVE-2022-41218,8.4,5.5,1202960,kernel-syms,https://www.suse.com/security/cve/CVE-2022-41218,"In drivers/media/dvb-core/dmxdev.c in the Linux kernel through 5.19.10, there is a use-after-free caused by refcount races, affecting dvb_demux_open and dvb_dmxdev_release.",Released
20220921,CVE-2022-41218,8.4,5.5,1202960,kernel-trace,https://www.suse.com/security/cve/CVE-2022-41218,"In drivers/media/dvb-core/dmxdev.c in the Linux kernel through 5.19.10, there is a use-after-free caused by refcount races, affecting dvb_demux_open and dvb_dmxdev_release.",Released
20220921,CVE-2022-41218,8.4,5.5,1202960,kernel-xen,https://www.suse.com/security/cve/CVE-2022-41218,"In drivers/media/dvb-core/dmxdev.c in the Linux kernel through 5.19.10, there is a use-after-free caused by refcount races, affecting dvb_demux_open and dvb_dmxdev_release.",Released
20220923,CVE-2022-41318,8.9,8.6,1203680,squid3,https://www.suse.com/security/cve/CVE-2022-41318,"A buffer over-read was discovered in libntlmauth in Squid 2.5 through 5.6. Due to incorrect integer-overflow protection, the SSPI and SMB authentication helpers are vulnerable to reading unintended memory locations. In some configurations, cleartext credentials from these locations are sent to a client. This is fixed in 5.7.",Released
20220923,CVE-2022-41318,8.9,8.6,1203680,squid,https://www.suse.com/security/cve/CVE-2022-41318,"A buffer over-read was discovered in libntlmauth in Squid 2.5 through 5.6. Due to incorrect integer-overflow protection, the SSPI and SMB authentication helpers are vulnerable to reading unintended memory locations. In some configurations, cleartext credentials from these locations are sent to a client. This is fixed in 5.7.",Released
20220926,CVE-2007-4559,5.4,,1203750,python,https://www.suse.com/security/cve/CVE-2007-4559,"Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.",Won't fix
20220926,CVE-2022-39028,7.5,7.5,1203759,krb5,https://www.suse.com/security/cve/CVE-2022-39028,"telnetd in GNU Inetutils through 2.3, MIT krb5-appl through 1.0.3, and derivative works has a NULL pointer dereference via 0xff 0xf7 or 0xff 0xf8. In a typical installation, the telnetd application would crash but the telnet service would remain available through inetd. However, if the telnetd application has many crashes within a short time interval, the telnet service would become unavailable after inetd logs a \"telnet/tcp server failing (looping), service terminated\" error. NOTE: MIT krb5-appl is not supported upstream but is shipped by a few Linux distributions. The affected code was removed from the supported MIT Kerberos 5 (aka krb5) product many years ago, at version 1.8.",Unsupported
20220926,CVE-2022-39028,7.5,7.5,1203759,telnet,https://www.suse.com/security/cve/CVE-2022-39028,"telnetd in GNU Inetutils through 2.3, MIT krb5-appl through 1.0.3, and derivative works has a NULL pointer dereference via 0xff 0xf7 or 0xff 0xf8. In a typical installation, the telnetd application would crash but the telnet service would remain available through inetd. However, if the telnetd application has many crashes within a short time interval, the telnet service would become unavailable after inetd logs a \"telnet/tcp server failing (looping), service terminated\" error. NOTE: MIT krb5-appl is not supported upstream but is shipped by a few Linux distributions. The affected code was removed from the supported MIT Kerberos 5 (aka krb5) product many years ago, at version 1.8.",Released
20220927,CVE-2022-3296,3.3,7.8,1203796,vim,https://www.suse.com/security/cve/CVE-2022-3296,"Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0577.",Unsupported
20220927,CVE-2022-3303,4.4,4.7,1203769,kernel-bigmem,https://www.suse.com/security/cve/CVE-2022-3303,"A race condition flaw was found in the Linux kernel sound subsystem due to improper locking. It could lead to a NULL pointer dereference while handling the SNDCTL_DSP_SYNC ioctl. A privileged local user (root or member of the audio group) could use this flaw to crash the system, resulting in a denial of service condition",Released
20220927,CVE-2022-3303,4.4,4.7,1203769,kernel-default,https://www.suse.com/security/cve/CVE-2022-3303,"A race condition flaw was found in the Linux kernel sound subsystem due to improper locking. It could lead to a NULL pointer dereference while handling the SNDCTL_DSP_SYNC ioctl. A privileged local user (root or member of the audio group) could use this flaw to crash the system, resulting in a denial of service condition",Released
20220927,CVE-2022-3303,4.4,4.7,1203769,kernel-ec2,https://www.suse.com/security/cve/CVE-2022-3303,"A race condition flaw was found in the Linux kernel sound subsystem due to improper locking. It could lead to a NULL pointer dereference while handling the SNDCTL_DSP_SYNC ioctl. A privileged local user (root or member of the audio group) could use this flaw to crash the system, resulting in a denial of service condition",Released
20220927,CVE-2022-3303,4.4,4.7,1203769,kernel-pae,https://www.suse.com/security/cve/CVE-2022-3303,"A race condition flaw was found in the Linux kernel sound subsystem due to improper locking. It could lead to a NULL pointer dereference while handling the SNDCTL_DSP_SYNC ioctl. A privileged local user (root or member of the audio group) could use this flaw to crash the system, resulting in a denial of service condition",Released
20220927,CVE-2022-3303,4.4,4.7,1203769,kernel-ppc64,https://www.suse.com/security/cve/CVE-2022-3303,"A race condition flaw was found in the Linux kernel sound subsystem due to improper locking. It could lead to a NULL pointer dereference while handling the SNDCTL_DSP_SYNC ioctl. A privileged local user (root or member of the audio group) could use this flaw to crash the system, resulting in a denial of service condition",Released
20220927,CVE-2022-3303,4.4,4.7,1203769,kernel-source,https://www.suse.com/security/cve/CVE-2022-3303,"A race condition flaw was found in the Linux kernel sound subsystem due to improper locking. It could lead to a NULL pointer dereference while handling the SNDCTL_DSP_SYNC ioctl. A privileged local user (root or member of the audio group) could use this flaw to crash the system, resulting in a denial of service condition",Released
20220927,CVE-2022-3303,4.4,4.7,1203769,kernel-syms,https://www.suse.com/security/cve/CVE-2022-3303,"A race condition flaw was found in the Linux kernel sound subsystem due to improper locking. It could lead to a NULL pointer dereference while handling the SNDCTL_DSP_SYNC ioctl. A privileged local user (root or member of the audio group) could use this flaw to crash the system, resulting in a denial of service condition",Released
20220927,CVE-2022-3303,4.4,4.7,1203769,kernel-trace,https://www.suse.com/security/cve/CVE-2022-3303,"A race condition flaw was found in the Linux kernel sound subsystem due to improper locking. It could lead to a NULL pointer dereference while handling the SNDCTL_DSP_SYNC ioctl. A privileged local user (root or member of the audio group) could use this flaw to crash the system, resulting in a denial of service condition",Released
20220927,CVE-2022-3303,4.4,4.7,1203769,kernel-xen,https://www.suse.com/security/cve/CVE-2022-3303,"A race condition flaw was found in the Linux kernel sound subsystem due to improper locking. It could lead to a NULL pointer dereference while handling the SNDCTL_DSP_SYNC ioctl. A privileged local user (root or member of the audio group) could use this flaw to crash the system, resulting in a denial of service condition",Released
20220928,CVE-2022-3324,7,7.8,1203820,vim,https://www.suse.com/security/cve/CVE-2022-3324,"Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0598.",Won't fix
20220929,CVE-2022-31628,4.4,2.3,1203867,php53,https://www.suse.com/security/cve/CVE-2022-31628,"In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the phar uncompressor code would recursively uncompress \"quines\" gzip files, resulting in an infinite loop.",Released
20220929,CVE-2022-31629,,6.5,1203870,php53,https://www.suse.com/security/cve/CVE-2022-31629,"In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the vulnerability enables network and same-site attackers to set a standard insecure cookie in the victim's browser which is treated as a `__Host-` or `__Secure-` cookie by PHP applications.",Released
20221003,CVE-2022-41850,4,4.7,1203960,kernel-bigmem,https://www.suse.com/security/cve/CVE-2022-41850,"roccat_report_event in drivers/hid/hid-roccat.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free in certain situations where a report is received while copying a report->value is in progress.",Released
20221003,CVE-2022-41850,4,4.7,1203960,kernel-default,https://www.suse.com/security/cve/CVE-2022-41850,"roccat_report_event in drivers/hid/hid-roccat.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free in certain situations where a report is received while copying a report->value is in progress.",Released
20221003,CVE-2022-41850,4,4.7,1203960,kernel-ec2,https://www.suse.com/security/cve/CVE-2022-41850,"roccat_report_event in drivers/hid/hid-roccat.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free in certain situations where a report is received while copying a report->value is in progress.",Released
20221003,CVE-2022-41850,4,4.7,1203960,kernel-pae,https://www.suse.com/security/cve/CVE-2022-41850,"roccat_report_event in drivers/hid/hid-roccat.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free in certain situations where a report is received while copying a report->value is in progress.",Released
20221003,CVE-2022-41850,4,4.7,1203960,kernel-ppc64,https://www.suse.com/security/cve/CVE-2022-41850,"roccat_report_event in drivers/hid/hid-roccat.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free in certain situations where a report is received while copying a report->value is in progress.",Released
20221003,CVE-2022-41850,4,4.7,1203960,kernel-source,https://www.suse.com/security/cve/CVE-2022-41850,"roccat_report_event in drivers/hid/hid-roccat.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free in certain situations where a report is received while copying a report->value is in progress.",Released
20221003,CVE-2022-41850,4,4.7,1203960,kernel-syms,https://www.suse.com/security/cve/CVE-2022-41850,"roccat_report_event in drivers/hid/hid-roccat.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free in certain situations where a report is received while copying a report->value is in progress.",Released
20221003,CVE-2022-41850,4,4.7,1203960,kernel-trace,https://www.suse.com/security/cve/CVE-2022-41850,"roccat_report_event in drivers/hid/hid-roccat.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free in certain situations where a report is received while copying a report->value is in progress.",Released
20221003,CVE-2022-41850,4,4.7,1203960,kernel-xen,https://www.suse.com/security/cve/CVE-2022-41850,"roccat_report_event in drivers/hid/hid-roccat.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free in certain situations where a report is received while copying a report->value is in progress.",Released
20221004,CVE-2022-2928,6.5,6.5,1203988,dhcp,https://www.suse.com/security/cve/CVE-2022-2928,"In ISC DHCP 4.4.0 -> 4.4.3, ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16-P1, when the function option_code_hash_lookup() is called from add_option(), it increases the option's refcount field. However, there is not a corresponding call to option_dereference() to decrement the refcount field. The function add_option() is only used in server responses to lease query packets. Each lease query response calls this function for several options, so eventually, the reference counters could overflow and cause the server to abort.",Released
20221004,CVE-2022-2929,6.5,6.5,1203989,dhcp,https://www.suse.com/security/cve/CVE-2022-2929,"In ISC DHCP 1.0 -> 4.4.3, ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16-P1 a system with access to a DHCP server, sending DHCP packets crafted to include fqdn labels longer than 63 bytes, could eventually cause the server to run out of memory.",Released
20221004,CVE-2022-41848,6.4,4.2,1203987,kernel-bigmem,https://www.suse.com/security/cve/CVE-2022-41848,"drivers/char/pcmcia/synclink_cs.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling ioctl, aka a race condition between mgslpc_ioctl and mgslpc_detach.",Released
20221004,CVE-2022-41848,6.4,4.2,1203987,kernel-default,https://www.suse.com/security/cve/CVE-2022-41848,"drivers/char/pcmcia/synclink_cs.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling ioctl, aka a race condition between mgslpc_ioctl and mgslpc_detach.",Released
20221004,CVE-2022-41848,6.4,4.2,1203987,kernel-ec2,https://www.suse.com/security/cve/CVE-2022-41848,"drivers/char/pcmcia/synclink_cs.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling ioctl, aka a race condition between mgslpc_ioctl and mgslpc_detach.",Released
20221004,CVE-2022-41848,6.4,4.2,1203987,kernel-pae,https://www.suse.com/security/cve/CVE-2022-41848,"drivers/char/pcmcia/synclink_cs.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling ioctl, aka a race condition between mgslpc_ioctl and mgslpc_detach.",Released
20221004,CVE-2022-41848,6.4,4.2,1203987,kernel-ppc64,https://www.suse.com/security/cve/CVE-2022-41848,"drivers/char/pcmcia/synclink_cs.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling ioctl, aka a race condition between mgslpc_ioctl and mgslpc_detach.",Released
20221004,CVE-2022-41848,6.4,4.2,1203987,kernel-source,https://www.suse.com/security/cve/CVE-2022-41848,"drivers/char/pcmcia/synclink_cs.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling ioctl, aka a race condition between mgslpc_ioctl and mgslpc_detach.",Released
20221004,CVE-2022-41848,6.4,4.2,1203987,kernel-syms,https://www.suse.com/security/cve/CVE-2022-41848,"drivers/char/pcmcia/synclink_cs.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling ioctl, aka a race condition between mgslpc_ioctl and mgslpc_detach.",Released
20221004,CVE-2022-41848,6.4,4.2,1203987,kernel-trace,https://www.suse.com/security/cve/CVE-2022-41848,"drivers/char/pcmcia/synclink_cs.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling ioctl, aka a race condition between mgslpc_ioctl and mgslpc_detach.",Released
20221004,CVE-2022-41848,6.4,4.2,1203987,kernel-xen,https://www.suse.com/security/cve/CVE-2022-41848,"drivers/char/pcmcia/synclink_cs.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling ioctl, aka a race condition between mgslpc_ioctl and mgslpc_detach.",Released
20221006,CVE-2020-10375,,5.5,1204077,python,https://www.suse.com/security/cve/CVE-2020-10375,"An issue was discovered in New Media Smarty before 9.10. Passwords are stored in the database in an obfuscated format that can be easily reversed. The file data.mdb contains these obfuscated passwords in the second column. NOTE: this is unrelated to the popular Smarty template engine product.",Analysis
20221007,CVE-2022-42010,3.3,6.5,1204111,dbus-1,https://www.suse.com/security/cve/CVE-2022-42010,"An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash when receiving a message with certain invalid type signatures.",Unsupported
20221007,CVE-2022-42012,4.4,6.5,1204113,dbus-1,https://www.suse.com/security/cve/CVE-2022-42012,"An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash by sending a message with attached file descriptors in an unexpected format.",Unsupported
20221010,CVE-2022-31253,,7.8,1202931,openldap2,https://www.suse.com/security/cve/CVE-2022-31253,"A Untrusted Search Path vulnerability in openldap2 of openSUSE Factory allows local attackers with control of the ldap user or group to change ownership of arbitrary directory entries to this user/group, leading to escalation to root. This issue affects: openSUSE Factory openldap2 versions prior to 2.6.3-404.1.",Ignore
20221010,CVE-2022-3424,7,7.8,1204166,kernel-bigmem,https://www.suse.com/security/cve/CVE-2022-3424,"A use-after-free flaw was found in the Linux kernel’s SGI GRU driver in the way the first gru_file_unlocked_ioctl function is called by the user, where a fail pass occurs in the gru_check_chiplet_assignment function. This flaw allows a local user to crash or potentially escalate their privileges on the system.",Released
20221010,CVE-2022-3424,7,7.8,1204166,kernel-default,https://www.suse.com/security/cve/CVE-2022-3424,"A use-after-free flaw was found in the Linux kernel’s SGI GRU driver in the way the first gru_file_unlocked_ioctl function is called by the user, where a fail pass occurs in the gru_check_chiplet_assignment function. This flaw allows a local user to crash or potentially escalate their privileges on the system.",Released
20221010,CVE-2022-3424,7,7.8,1204166,kernel-ec2,https://www.suse.com/security/cve/CVE-2022-3424,"A use-after-free flaw was found in the Linux kernel’s SGI GRU driver in the way the first gru_file_unlocked_ioctl function is called by the user, where a fail pass occurs in the gru_check_chiplet_assignment function. This flaw allows a local user to crash or potentially escalate their privileges on the system.",Released
20221010,CVE-2022-3424,7,7.8,1204166,kernel-pae,https://www.suse.com/security/cve/CVE-2022-3424,"A use-after-free flaw was found in the Linux kernel’s SGI GRU driver in the way the first gru_file_unlocked_ioctl function is called by the user, where a fail pass occurs in the gru_check_chiplet_assignment function. This flaw allows a local user to crash or potentially escalate their privileges on the system.",Released
20221010,CVE-2022-3424,7,7.8,1204166,kernel-ppc64,https://www.suse.com/security/cve/CVE-2022-3424,"A use-after-free flaw was found in the Linux kernel’s SGI GRU driver in the way the first gru_file_unlocked_ioctl function is called by the user, where a fail pass occurs in the gru_check_chiplet_assignment function. This flaw allows a local user to crash or potentially escalate their privileges on the system.",Released
20221010,CVE-2022-3424,7,7.8,1204166,kernel-source,https://www.suse.com/security/cve/CVE-2022-3424,"A use-after-free flaw was found in the Linux kernel’s SGI GRU driver in the way the first gru_file_unlocked_ioctl function is called by the user, where a fail pass occurs in the gru_check_chiplet_assignment function. This flaw allows a local user to crash or potentially escalate their privileges on the system.",Released
20221010,CVE-2022-3424,7,7.8,1204166,kernel-syms,https://www.suse.com/security/cve/CVE-2022-3424,"A use-after-free flaw was found in the Linux kernel’s SGI GRU driver in the way the first gru_file_unlocked_ioctl function is called by the user, where a fail pass occurs in the gru_check_chiplet_assignment function. This flaw allows a local user to crash or potentially escalate their privileges on the system.",Released
20221010,CVE-2022-3424,7,7.8,1204166,kernel-trace,https://www.suse.com/security/cve/CVE-2022-3424,"A use-after-free flaw was found in the Linux kernel’s SGI GRU driver in the way the first gru_file_unlocked_ioctl function is called by the user, where a fail pass occurs in the gru_check_chiplet_assignment function. This flaw allows a local user to crash or potentially escalate their privileges on the system.",Released
20221010,CVE-2022-3424,7,7.8,1204166,kernel-xen,https://www.suse.com/security/cve/CVE-2022-3424,"A use-after-free flaw was found in the Linux kernel’s SGI GRU driver in the way the first gru_file_unlocked_ioctl function is called by the user, where a fail pass occurs in the gru_check_chiplet_assignment function. This flaw allows a local user to crash or potentially escalate their privileges on the system.",Released
20221010,CVE-2022-3435,5.3,4.3,1204171,kernel-default,https://www.suse.com/security/cve/CVE-2022-3435,"A vulnerability classified as problematic has been found in Linux Kernel. This affects the function fib_nh_match of the file net/ipv4/fib_semantics.c of the component IPv4 Handler. The manipulation leads to out-of-bounds read. It is possible to initiate the attack remotely. It is recommended to apply a patch to fix this issue. The identifier VDB-210357 was assigned to this vulnerability.",Unsupported
20221010,CVE-2022-42703,7,5.5,1204168,kernel-bigmem,https://www.suse.com/security/cve/CVE-2022-42703,"mm/rmap.c in the Linux kernel before 5.19.7 has a use-after-free related to leaf anon_vma double reuse.",Released
20221010,CVE-2022-42703,7,5.5,1204168,kernel-default,https://www.suse.com/security/cve/CVE-2022-42703,"mm/rmap.c in the Linux kernel before 5.19.7 has a use-after-free related to leaf anon_vma double reuse.",Released
20221010,CVE-2022-42703,7,5.5,1204168,kernel-ec2,https://www.suse.com/security/cve/CVE-2022-42703,"mm/rmap.c in the Linux kernel before 5.19.7 has a use-after-free related to leaf anon_vma double reuse.",Released
20221010,CVE-2022-42703,7,5.5,1204168,kernel-pae,https://www.suse.com/security/cve/CVE-2022-42703,"mm/rmap.c in the Linux kernel before 5.19.7 has a use-after-free related to leaf anon_vma double reuse.",Released
20221010,CVE-2022-42703,7,5.5,1204168,kernel-ppc64,https://www.suse.com/security/cve/CVE-2022-42703,"mm/rmap.c in the Linux kernel before 5.19.7 has a use-after-free related to leaf anon_vma double reuse.",Released
20221010,CVE-2022-42703,7,5.5,1204168,kernel-source,https://www.suse.com/security/cve/CVE-2022-42703,"mm/rmap.c in the Linux kernel before 5.19.7 has a use-after-free related to leaf anon_vma double reuse.",Released
20221010,CVE-2022-42703,7,5.5,1204168,kernel-syms,https://www.suse.com/security/cve/CVE-2022-42703,"mm/rmap.c in the Linux kernel before 5.19.7 has a use-after-free related to leaf anon_vma double reuse.",Released
20221010,CVE-2022-42703,7,5.5,1204168,kernel-trace,https://www.suse.com/security/cve/CVE-2022-42703,"mm/rmap.c in the Linux kernel before 5.19.7 has a use-after-free related to leaf anon_vma double reuse.",Released
20221010,CVE-2022-42703,7,5.5,1204168,kernel-xen,https://www.suse.com/security/cve/CVE-2022-42703,"mm/rmap.c in the Linux kernel before 5.19.7 has a use-after-free related to leaf anon_vma double reuse.",Released
20221013,CVE-2022-32742,4.3,4.3,1201496,samba-doc,https://www.suse.com/security/cve/CVE-2022-32742,"A flaw was found in Samba. Some SMB1 write requests were not correctly range-checked to ensure the client had sent enough data to fulfill the write, allowing server memory contents to be written into the file (or printer) instead of client-supplied data. The client cannot control the area of the server memory written to the file (or printer).",Released
20221013,CVE-2022-32742,4.3,4.3,1201496,samba,https://www.suse.com/security/cve/CVE-2022-32742,"A flaw was found in Samba. Some SMB1 write requests were not correctly range-checked to ensure the client had sent enough data to fulfill the write, allowing server memory contents to be written into the file (or printer) instead of client-supplied data. The client cannot control the area of the server memory written to the file (or printer).",Released
20221013,CVE-2022-3479,6.5,7.5,1204272,mozilla-nss,https://www.suse.com/security/cve/CVE-2022-3479,"A vulnerability found in nss. By this security vulnerability, nss client auth crash without a user certificate in the database and this can lead us to a segmentation fault or crash.",Released
20221017,CVE-2022-32221,7.3,9.8,1204383,curl,https://www.suse.com/security/cve/CVE-2022-32221,"When doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously was used to issue a `PUT` request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the subsequent `POST` request. The problem exists in the logic for a reused handle when it is changed from a PUT to a POST.",Released
20221017,CVE-2022-3515,9.8,9.8,1204357,libksba,https://www.suse.com/security/cve/CVE-2022-3515,"A vulnerability was found in the Libksba library due to an integer overflow within the CRL parser. The vulnerability can be exploited remotely for code execution on the target system by passing specially crafted data to the application, for example, a malicious S/MIME attachment.",Released
20221017,CVE-2022-3522,7,7,1204358,kernel-source,https://www.suse.com/security/cve/CVE-2022-3522,"** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.",Won't fix
20221017,CVE-2022-3524,4.7,5.5,1204354,kernel-bigmem,https://www.suse.com/security/cve/CVE-2022-3524,"A vulnerability was found in Linux Kernel. It has been declared as problematic. Affected by this vulnerability is the function ipv6_renew_options of the component IPv6 Handler. The manipulation leads to memory leak. The attack can be launched remotely. It is recommended to apply a patch to fix this issue. The identifier VDB-211021 was assigned to this vulnerability.",Released
20221017,CVE-2022-3524,4.7,5.5,1204354,kernel-default,https://www.suse.com/security/cve/CVE-2022-3524,"A vulnerability was found in Linux Kernel. It has been declared as problematic. Affected by this vulnerability is the function ipv6_renew_options of the component IPv6 Handler. The manipulation leads to memory leak. The attack can be launched remotely. It is recommended to apply a patch to fix this issue. The identifier VDB-211021 was assigned to this vulnerability.",Released
20221017,CVE-2022-3524,4.7,5.5,1204354,kernel-ec2,https://www.suse.com/security/cve/CVE-2022-3524,"A vulnerability was found in Linux Kernel. It has been declared as problematic. Affected by this vulnerability is the function ipv6_renew_options of the component IPv6 Handler. The manipulation leads to memory leak. The attack can be launched remotely. It is recommended to apply a patch to fix this issue. The identifier VDB-211021 was assigned to this vulnerability.",Released
20221017,CVE-2022-3524,4.7,5.5,1204354,kernel-pae,https://www.suse.com/security/cve/CVE-2022-3524,"A vulnerability was found in Linux Kernel. It has been declared as problematic. Affected by this vulnerability is the function ipv6_renew_options of the component IPv6 Handler. The manipulation leads to memory leak. The attack can be launched remotely. It is recommended to apply a patch to fix this issue. The identifier VDB-211021 was assigned to this vulnerability.",Released
20221017,CVE-2022-3524,4.7,5.5,1204354,kernel-ppc64,https://www.suse.com/security/cve/CVE-2022-3524,"A vulnerability was found in Linux Kernel. It has been declared as problematic. Affected by this vulnerability is the function ipv6_renew_options of the component IPv6 Handler. The manipulation leads to memory leak. The attack can be launched remotely. It is recommended to apply a patch to fix this issue. The identifier VDB-211021 was assigned to this vulnerability.",Released
20221017,CVE-2022-3524,4.7,5.5,1204354,kernel-source,https://www.suse.com/security/cve/CVE-2022-3524,"A vulnerability was found in Linux Kernel. It has been declared as problematic. Affected by this vulnerability is the function ipv6_renew_options of the component IPv6 Handler. The manipulation leads to memory leak. The attack can be launched remotely. It is recommended to apply a patch to fix this issue. The identifier VDB-211021 was assigned to this vulnerability.",Released
20221017,CVE-2022-3524,4.7,5.5,1204354,kernel-syms,https://www.suse.com/security/cve/CVE-2022-3524,"A vulnerability was found in Linux Kernel. It has been declared as problematic. Affected by this vulnerability is the function ipv6_renew_options of the component IPv6 Handler. The manipulation leads to memory leak. The attack can be launched remotely. It is recommended to apply a patch to fix this issue. The identifier VDB-211021 was assigned to this vulnerability.",Released
20221017,CVE-2022-3524,4.7,5.5,1204354,kernel-trace,https://www.suse.com/security/cve/CVE-2022-3524,"A vulnerability was found in Linux Kernel. It has been declared as problematic. Affected by this vulnerability is the function ipv6_renew_options of the component IPv6 Handler. The manipulation leads to memory leak. The attack can be launched remotely. It is recommended to apply a patch to fix this issue. The identifier VDB-211021 was assigned to this vulnerability.",Released
20221017,CVE-2022-3524,4.7,5.5,1204354,kernel-xen,https://www.suse.com/security/cve/CVE-2022-3524,"A vulnerability was found in Linux Kernel. It has been declared as problematic. Affected by this vulnerability is the function ipv6_renew_options of the component IPv6 Handler. The manipulation leads to memory leak. The attack can be launched remotely. It is recommended to apply a patch to fix this issue. The identifier VDB-211021 was assigned to this vulnerability.",Released
20221017,CVE-2022-40304,8.1,7.8,1204367,libxml2,https://www.suse.com/security/cve/CVE-2022-40304,"An issue was discovered in libxml2 before 2.10.3. Certain invalid XML entity definitions can corrupt a hash table key, potentially leading to subsequent logic errors. In one case, a double-free can be provoked.",Released
20221017,CVE-2022-40304,8.1,7.8,1204367,libxml2-python,https://www.suse.com/security/cve/CVE-2022-40304,"An issue was discovered in libxml2 before 2.10.3. Certain invalid XML entity definitions can corrupt a hash table key, potentially leading to subsequent logic errors. In one case, a double-free can be provoked.",Released
20221018,CVE-2022-3535,2.3,3.5,1204417,kernel-default,https://www.suse.com/security/cve/CVE-2022-3535,"** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.",Ignore
20221018,CVE-2022-3550,7.8,5.5,1204412,xorg-x11-server,https://www.suse.com/security/cve/CVE-2022-3550,"A vulnerability classified as critical was found in X.org Server. Affected by this vulnerability is the function _GetCountedString of the file xkb/xkb.c. The manipulation leads to buffer overflow. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211051.",Released
20221018,CVE-2022-3551,5.5,3.5,1204416,xorg-x11-server,https://www.suse.com/security/cve/CVE-2022-3551,"A vulnerability, which was classified as problematic, has been found in X.org Server. Affected by this issue is the function ProcXkbGetKbdByName of the file xkb/xkb.c. The manipulation leads to memory leak. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211052.",Released
20221018,CVE-2022-3554,5.5,7.5,1204422,xorg-x11-libX11,https://www.suse.com/security/cve/CVE-2022-3554,"** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.",Released
20221018,CVE-2022-3555,5.5,7.5,1204425,xorg-x11-libX11,https://www.suse.com/security/cve/CVE-2022-3555,"** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.",Released
20221018,CVE-2022-3565,7.4,4.6,1204431,kernel-bigmem,https://www.suse.com/security/cve/CVE-2022-3565,"A vulnerability, which was classified as critical, has been found in Linux Kernel. Affected by this issue is the function del_timer of the file drivers/isdn/mISDN/l1oip_core.c of the component Bluetooth. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211088.",Released
20221018,CVE-2022-3565,7.4,4.6,1204431,kernel-default,https://www.suse.com/security/cve/CVE-2022-3565,"A vulnerability, which was classified as critical, has been found in Linux Kernel. Affected by this issue is the function del_timer of the file drivers/isdn/mISDN/l1oip_core.c of the component Bluetooth. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211088.",Released
20221018,CVE-2022-3565,7.4,4.6,1204431,kernel-ec2,https://www.suse.com/security/cve/CVE-2022-3565,"A vulnerability, which was classified as critical, has been found in Linux Kernel. Affected by this issue is the function del_timer of the file drivers/isdn/mISDN/l1oip_core.c of the component Bluetooth. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211088.",Released
20221018,CVE-2022-3565,7.4,4.6,1204431,kernel-pae,https://www.suse.com/security/cve/CVE-2022-3565,"A vulnerability, which was classified as critical, has been found in Linux Kernel. Affected by this issue is the function del_timer of the file drivers/isdn/mISDN/l1oip_core.c of the component Bluetooth. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211088.",Released
20221018,CVE-2022-3565,7.4,4.6,1204431,kernel-ppc64,https://www.suse.com/security/cve/CVE-2022-3565,"A vulnerability, which was classified as critical, has been found in Linux Kernel. Affected by this issue is the function del_timer of the file drivers/isdn/mISDN/l1oip_core.c of the component Bluetooth. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211088.",Released
20221018,CVE-2022-3565,7.4,4.6,1204431,kernel-source,https://www.suse.com/security/cve/CVE-2022-3565,"A vulnerability, which was classified as critical, has been found in Linux Kernel. Affected by this issue is the function del_timer of the file drivers/isdn/mISDN/l1oip_core.c of the component Bluetooth. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211088.",Released
20221018,CVE-2022-3565,7.4,4.6,1204431,kernel-syms,https://www.suse.com/security/cve/CVE-2022-3565,"A vulnerability, which was classified as critical, has been found in Linux Kernel. Affected by this issue is the function del_timer of the file drivers/isdn/mISDN/l1oip_core.c of the component Bluetooth. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211088.",Released
20221018,CVE-2022-3565,7.4,4.6,1204431,kernel-trace,https://www.suse.com/security/cve/CVE-2022-3565,"A vulnerability, which was classified as critical, has been found in Linux Kernel. Affected by this issue is the function del_timer of the file drivers/isdn/mISDN/l1oip_core.c of the component Bluetooth. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211088.",Released
20221018,CVE-2022-3565,7.4,4.6,1204431,kernel-xen,https://www.suse.com/security/cve/CVE-2022-3565,"A vulnerability, which was classified as critical, has been found in Linux Kernel. Affected by this issue is the function del_timer of the file drivers/isdn/mISDN/l1oip_core.c of the component Bluetooth. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211088.",Released
20221018,CVE-2022-3566,4.7,7.1,1204405,kernel-bigmem,https://www.suse.com/security/cve/CVE-2022-3566,"A vulnerability, which was classified as problematic, was found in Linux Kernel. This affects the function tcp_getsockopt/tcp_setsockopt of the component TCP Handler. The manipulation leads to race condition. It is recommended to apply a patch to fix this issue. The identifier VDB-211089 was assigned to this vulnerability.",Released
20221018,CVE-2022-3566,4.7,7.1,1204405,kernel-default,https://www.suse.com/security/cve/CVE-2022-3566,"A vulnerability, which was classified as problematic, was found in Linux Kernel. This affects the function tcp_getsockopt/tcp_setsockopt of the component TCP Handler. The manipulation leads to race condition. It is recommended to apply a patch to fix this issue. The identifier VDB-211089 was assigned to this vulnerability.",Released
20221018,CVE-2022-3566,4.7,7.1,1204405,kernel-ec2,https://www.suse.com/security/cve/CVE-2022-3566,"A vulnerability, which was classified as problematic, was found in Linux Kernel. This affects the function tcp_getsockopt/tcp_setsockopt of the component TCP Handler. The manipulation leads to race condition. It is recommended to apply a patch to fix this issue. The identifier VDB-211089 was assigned to this vulnerability.",Released
20221018,CVE-2022-3566,4.7,7.1,1204405,kernel-pae,https://www.suse.com/security/cve/CVE-2022-3566,"A vulnerability, which was classified as problematic, was found in Linux Kernel. This affects the function tcp_getsockopt/tcp_setsockopt of the component TCP Handler. The manipulation leads to race condition. It is recommended to apply a patch to fix this issue. The identifier VDB-211089 was assigned to this vulnerability.",Released
20221018,CVE-2022-3566,4.7,7.1,1204405,kernel-ppc64,https://www.suse.com/security/cve/CVE-2022-3566,"A vulnerability, which was classified as problematic, was found in Linux Kernel. This affects the function tcp_getsockopt/tcp_setsockopt of the component TCP Handler. The manipulation leads to race condition. It is recommended to apply a patch to fix this issue. The identifier VDB-211089 was assigned to this vulnerability.",Released
20221018,CVE-2022-3566,4.7,7.1,1204405,kernel-source,https://www.suse.com/security/cve/CVE-2022-3566,"A vulnerability, which was classified as problematic, was found in Linux Kernel. This affects the function tcp_getsockopt/tcp_setsockopt of the component TCP Handler. The manipulation leads to race condition. It is recommended to apply a patch to fix this issue. The identifier VDB-211089 was assigned to this vulnerability.",Released
20221018,CVE-2022-3566,4.7,7.1,1204405,kernel-syms,https://www.suse.com/security/cve/CVE-2022-3566,"A vulnerability, which was classified as problematic, was found in Linux Kernel. This affects the function tcp_getsockopt/tcp_setsockopt of the component TCP Handler. The manipulation leads to race condition. It is recommended to apply a patch to fix this issue. The identifier VDB-211089 was assigned to this vulnerability.",Released
20221018,CVE-2022-3566,4.7,7.1,1204405,kernel-trace,https://www.suse.com/security/cve/CVE-2022-3566,"A vulnerability, which was classified as problematic, was found in Linux Kernel. This affects the function tcp_getsockopt/tcp_setsockopt of the component TCP Handler. The manipulation leads to race condition. It is recommended to apply a patch to fix this issue. The identifier VDB-211089 was assigned to this vulnerability.",Released
20221018,CVE-2022-3566,4.7,7.1,1204405,kernel-xen,https://www.suse.com/security/cve/CVE-2022-3566,"A vulnerability, which was classified as problematic, was found in Linux Kernel. This affects the function tcp_getsockopt/tcp_setsockopt of the component TCP Handler. The manipulation leads to race condition. It is recommended to apply a patch to fix this issue. The identifier VDB-211089 was assigned to this vulnerability.",Released
20221018,CVE-2022-3567,5.3,4.6,1204414,kernel-bigmem,https://www.suse.com/security/cve/CVE-2022-3567,"A vulnerability has been found in Linux Kernel and classified as problematic. This vulnerability affects the function inet6_stream_ops/inet6_dgram_ops of the component IPv6 Handler. The manipulation leads to race condition. It is recommended to apply a patch to fix this issue. VDB-211090 is the identifier assigned to this vulnerability.",Released
20221018,CVE-2022-3567,5.3,4.6,1204414,kernel-default,https://www.suse.com/security/cve/CVE-2022-3567,"A vulnerability has been found in Linux Kernel and classified as problematic. This vulnerability affects the function inet6_stream_ops/inet6_dgram_ops of the component IPv6 Handler. The manipulation leads to race condition. It is recommended to apply a patch to fix this issue. VDB-211090 is the identifier assigned to this vulnerability.",Released
20221018,CVE-2022-3567,5.3,4.6,1204414,kernel-ec2,https://www.suse.com/security/cve/CVE-2022-3567,"A vulnerability has been found in Linux Kernel and classified as problematic. This vulnerability affects the function inet6_stream_ops/inet6_dgram_ops of the component IPv6 Handler. The manipulation leads to race condition. It is recommended to apply a patch to fix this issue. VDB-211090 is the identifier assigned to this vulnerability.",Released
20221018,CVE-2022-3567,5.3,4.6,1204414,kernel-pae,https://www.suse.com/security/cve/CVE-2022-3567,"A vulnerability has been found in Linux Kernel and classified as problematic. This vulnerability affects the function inet6_stream_ops/inet6_dgram_ops of the component IPv6 Handler. The manipulation leads to race condition. It is recommended to apply a patch to fix this issue. VDB-211090 is the identifier assigned to this vulnerability.",Released
20221018,CVE-2022-3567,5.3,4.6,1204414,kernel-ppc64,https://www.suse.com/security/cve/CVE-2022-3567,"A vulnerability has been found in Linux Kernel and classified as problematic. This vulnerability affects the function inet6_stream_ops/inet6_dgram_ops of the component IPv6 Handler. The manipulation leads to race condition. It is recommended to apply a patch to fix this issue. VDB-211090 is the identifier assigned to this vulnerability.",Released
20221018,CVE-2022-3567,5.3,4.6,1204414,kernel-source,https://www.suse.com/security/cve/CVE-2022-3567,"A vulnerability has been found in Linux Kernel and classified as problematic. This vulnerability affects the function inet6_stream_ops/inet6_dgram_ops of the component IPv6 Handler. The manipulation leads to race condition. It is recommended to apply a patch to fix this issue. VDB-211090 is the identifier assigned to this vulnerability.",Released
20221018,CVE-2022-3567,5.3,4.6,1204414,kernel-syms,https://www.suse.com/security/cve/CVE-2022-3567,"A vulnerability has been found in Linux Kernel and classified as problematic. This vulnerability affects the function inet6_stream_ops/inet6_dgram_ops of the component IPv6 Handler. The manipulation leads to race condition. It is recommended to apply a patch to fix this issue. VDB-211090 is the identifier assigned to this vulnerability.",Released
20221018,CVE-2022-3567,5.3,4.6,1204414,kernel-trace,https://www.suse.com/security/cve/CVE-2022-3567,"A vulnerability has been found in Linux Kernel and classified as problematic. This vulnerability affects the function inet6_stream_ops/inet6_dgram_ops of the component IPv6 Handler. The manipulation leads to race condition. It is recommended to apply a patch to fix this issue. VDB-211090 is the identifier assigned to this vulnerability.",Released
20221018,CVE-2022-3567,5.3,4.6,1204414,kernel-xen,https://www.suse.com/security/cve/CVE-2022-3567,"A vulnerability has been found in Linux Kernel and classified as problematic. This vulnerability affects the function inet6_stream_ops/inet6_dgram_ops of the component IPv6 Handler. The manipulation leads to race condition. It is recommended to apply a patch to fix this issue. VDB-211090 is the identifier assigned to this vulnerability.",Released
20221018,CVE-2022-3586,7,5.5,1204439,kernel-bigmem,https://www.suse.com/security/cve/CVE-2022-3586,"A flaw was found in the Linux kernel’s networking code. A use-after-free was found in the way the sch_sfb enqueue function used the socket buffer (SKB) cb field after the same SKB had been enqueued (and freed) into a child qdisc. This flaw allows a local, unprivileged user to crash the system, causing a denial of service.",Released
20221018,CVE-2022-3586,7,5.5,1204439,kernel-default,https://www.suse.com/security/cve/CVE-2022-3586,"A flaw was found in the Linux kernel’s networking code. A use-after-free was found in the way the sch_sfb enqueue function used the socket buffer (SKB) cb field after the same SKB had been enqueued (and freed) into a child qdisc. This flaw allows a local, unprivileged user to crash the system, causing a denial of service.",Released
20221018,CVE-2022-3586,7,5.5,1204439,kernel-ec2,https://www.suse.com/security/cve/CVE-2022-3586,"A flaw was found in the Linux kernel’s networking code. A use-after-free was found in the way the sch_sfb enqueue function used the socket buffer (SKB) cb field after the same SKB had been enqueued (and freed) into a child qdisc. This flaw allows a local, unprivileged user to crash the system, causing a denial of service.",Released
20221018,CVE-2022-3586,7,5.5,1204439,kernel-pae,https://www.suse.com/security/cve/CVE-2022-3586,"A flaw was found in the Linux kernel’s networking code. A use-after-free was found in the way the sch_sfb enqueue function used the socket buffer (SKB) cb field after the same SKB had been enqueued (and freed) into a child qdisc. This flaw allows a local, unprivileged user to crash the system, causing a denial of service.",Released
20221018,CVE-2022-3586,7,5.5,1204439,kernel-ppc64,https://www.suse.com/security/cve/CVE-2022-3586,"A flaw was found in the Linux kernel’s networking code. A use-after-free was found in the way the sch_sfb enqueue function used the socket buffer (SKB) cb field after the same SKB had been enqueued (and freed) into a child qdisc. This flaw allows a local, unprivileged user to crash the system, causing a denial of service.",Released
20221018,CVE-2022-3586,7,5.5,1204439,kernel-source,https://www.suse.com/security/cve/CVE-2022-3586,"A flaw was found in the Linux kernel’s networking code. A use-after-free was found in the way the sch_sfb enqueue function used the socket buffer (SKB) cb field after the same SKB had been enqueued (and freed) into a child qdisc. This flaw allows a local, unprivileged user to crash the system, causing a denial of service.",Released
20221018,CVE-2022-3586,7,5.5,1204439,kernel-syms,https://www.suse.com/security/cve/CVE-2022-3586,"A flaw was found in the Linux kernel’s networking code. A use-after-free was found in the way the sch_sfb enqueue function used the socket buffer (SKB) cb field after the same SKB had been enqueued (and freed) into a child qdisc. This flaw allows a local, unprivileged user to crash the system, causing a denial of service.",Released
20221018,CVE-2022-3586,7,5.5,1204439,kernel-trace,https://www.suse.com/security/cve/CVE-2022-3586,"A flaw was found in the Linux kernel’s networking code. A use-after-free was found in the way the sch_sfb enqueue function used the socket buffer (SKB) cb field after the same SKB had been enqueued (and freed) into a child qdisc. This flaw allows a local, unprivileged user to crash the system, causing a denial of service.",Released
20221018,CVE-2022-3586,7,5.5,1204439,kernel-xen,https://www.suse.com/security/cve/CVE-2022-3586,"A flaw was found in the Linux kernel’s networking code. A use-after-free was found in the way the sch_sfb enqueue function used the socket buffer (SKB) cb field after the same SKB had been enqueued (and freed) into a child qdisc. This flaw allows a local, unprivileged user to crash the system, causing a denial of service.",Released
20221021,CVE-2022-3621,4.3,6.5,1204574,kernel-bigmem,https://www.suse.com/security/cve/CVE-2022-3621,"A vulnerability was found in Linux Kernel. It has been classified as problematic. Affected is the function nilfs_bmap_lookup_at_level of the file fs/nilfs2/inode.c of the component nilfs2. The manipulation leads to null pointer dereference. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211920.",Released
20221021,CVE-2022-3621,4.3,6.5,1204574,kernel-default,https://www.suse.com/security/cve/CVE-2022-3621,"A vulnerability was found in Linux Kernel. It has been classified as problematic. Affected is the function nilfs_bmap_lookup_at_level of the file fs/nilfs2/inode.c of the component nilfs2. The manipulation leads to null pointer dereference. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211920.",Released
20221021,CVE-2022-3621,4.3,6.5,1204574,kernel-ec2,https://www.suse.com/security/cve/CVE-2022-3621,"A vulnerability was found in Linux Kernel. It has been classified as problematic. Affected is the function nilfs_bmap_lookup_at_level of the file fs/nilfs2/inode.c of the component nilfs2. The manipulation leads to null pointer dereference. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211920.",Released
20221021,CVE-2022-3621,4.3,6.5,1204574,kernel-pae,https://www.suse.com/security/cve/CVE-2022-3621,"A vulnerability was found in Linux Kernel. It has been classified as problematic. Affected is the function nilfs_bmap_lookup_at_level of the file fs/nilfs2/inode.c of the component nilfs2. The manipulation leads to null pointer dereference. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211920.",Released
20221021,CVE-2022-3621,4.3,6.5,1204574,kernel-ppc64,https://www.suse.com/security/cve/CVE-2022-3621,"A vulnerability was found in Linux Kernel. It has been classified as problematic. Affected is the function nilfs_bmap_lookup_at_level of the file fs/nilfs2/inode.c of the component nilfs2. The manipulation leads to null pointer dereference. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211920.",Released
20221021,CVE-2022-3621,4.3,6.5,1204574,kernel-source,https://www.suse.com/security/cve/CVE-2022-3621,"A vulnerability was found in Linux Kernel. It has been classified as problematic. Affected is the function nilfs_bmap_lookup_at_level of the file fs/nilfs2/inode.c of the component nilfs2. The manipulation leads to null pointer dereference. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211920.",Released
20221021,CVE-2022-3621,4.3,6.5,1204574,kernel-syms,https://www.suse.com/security/cve/CVE-2022-3621,"A vulnerability was found in Linux Kernel. It has been classified as problematic. Affected is the function nilfs_bmap_lookup_at_level of the file fs/nilfs2/inode.c of the component nilfs2. The manipulation leads to null pointer dereference. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211920.",Released
20221021,CVE-2022-3621,4.3,6.5,1204574,kernel-trace,https://www.suse.com/security/cve/CVE-2022-3621,"A vulnerability was found in Linux Kernel. It has been classified as problematic. Affected is the function nilfs_bmap_lookup_at_level of the file fs/nilfs2/inode.c of the component nilfs2. The manipulation leads to null pointer dereference. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211920.",Released
20221021,CVE-2022-3621,4.3,6.5,1204574,kernel-xen,https://www.suse.com/security/cve/CVE-2022-3621,"A vulnerability was found in Linux Kernel. It has been classified as problematic. Affected is the function nilfs_bmap_lookup_at_level of the file fs/nilfs2/inode.c of the component nilfs2. The manipulation leads to null pointer dereference. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211920.",Released
20221024,CVE-2022-3629,2.5,2.6,1204635,kernel-default,https://www.suse.com/security/cve/CVE-2022-3629,"A vulnerability was found in Linux Kernel. It has been declared as problematic. This vulnerability affects the function vsock_connect of the file net/vmw_vsock/af_vsock.c. The manipulation leads to memory leak. The complexity of an attack is rather high. The exploitation appears to be difficult. It is recommended to apply a patch to fix this issue. VDB-211930 is the identifier assigned to this vulnerability.",Ignore
20221024,CVE-2022-3635,7,5.5,1204631,kernel-bigmem,https://www.suse.com/security/cve/CVE-2022-3635,"A vulnerability, which was classified as critical, has been found in Linux Kernel. Affected by this issue is the function tst_timer of the file drivers/atm/idt77252.c of the component IPsec. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. VDB-211934 is the identifier assigned to this vulnerability.",Released
20221024,CVE-2022-3635,7,5.5,1204631,kernel-default,https://www.suse.com/security/cve/CVE-2022-3635,"A vulnerability, which was classified as critical, has been found in Linux Kernel. Affected by this issue is the function tst_timer of the file drivers/atm/idt77252.c of the component IPsec. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. VDB-211934 is the identifier assigned to this vulnerability.",Released
20221024,CVE-2022-3635,7,5.5,1204631,kernel-ec2,https://www.suse.com/security/cve/CVE-2022-3635,"A vulnerability, which was classified as critical, has been found in Linux Kernel. Affected by this issue is the function tst_timer of the file drivers/atm/idt77252.c of the component IPsec. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. VDB-211934 is the identifier assigned to this vulnerability.",Released
20221024,CVE-2022-3635,7,5.5,1204631,kernel-pae,https://www.suse.com/security/cve/CVE-2022-3635,"A vulnerability, which was classified as critical, has been found in Linux Kernel. Affected by this issue is the function tst_timer of the file drivers/atm/idt77252.c of the component IPsec. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. VDB-211934 is the identifier assigned to this vulnerability.",Released
20221024,CVE-2022-3635,7,5.5,1204631,kernel-ppc64,https://www.suse.com/security/cve/CVE-2022-3635,"A vulnerability, which was classified as critical, has been found in Linux Kernel. Affected by this issue is the function tst_timer of the file drivers/atm/idt77252.c of the component IPsec. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. VDB-211934 is the identifier assigned to this vulnerability.",Released
20221024,CVE-2022-3635,7,5.5,1204631,kernel-source,https://www.suse.com/security/cve/CVE-2022-3635,"A vulnerability, which was classified as critical, has been found in Linux Kernel. Affected by this issue is the function tst_timer of the file drivers/atm/idt77252.c of the component IPsec. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. VDB-211934 is the identifier assigned to this vulnerability.",Released
20221024,CVE-2022-3635,7,5.5,1204631,kernel-syms,https://www.suse.com/security/cve/CVE-2022-3635,"A vulnerability, which was classified as critical, has been found in Linux Kernel. Affected by this issue is the function tst_timer of the file drivers/atm/idt77252.c of the component IPsec. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. VDB-211934 is the identifier assigned to this vulnerability.",Released
20221024,CVE-2022-3635,7,5.5,1204631,kernel-trace,https://www.suse.com/security/cve/CVE-2022-3635,"A vulnerability, which was classified as critical, has been found in Linux Kernel. Affected by this issue is the function tst_timer of the file drivers/atm/idt77252.c of the component IPsec. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. VDB-211934 is the identifier assigned to this vulnerability.",Released
20221024,CVE-2022-3635,7,5.5,1204631,kernel-xen,https://www.suse.com/security/cve/CVE-2022-3635,"A vulnerability, which was classified as critical, has been found in Linux Kernel. Affected by this issue is the function tst_timer of the file drivers/atm/idt77252.c of the component IPsec. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. VDB-211934 is the identifier assigned to this vulnerability.",Released
20221024,CVE-2022-3646,2.5,4.3,1204646,kernel-bigmem,https://www.suse.com/security/cve/CVE-2022-3646,"A vulnerability, which was classified as problematic, has been found in Linux Kernel. This issue affects the function nilfs_attach_log_writer of the file fs/nilfs2/segment.c of the component BPF. The manipulation leads to memory leak. The attack may be initiated remotely. It is recommended to apply a patch to fix this issue. The identifier VDB-211961 was assigned to this vulnerability.",Released
20221024,CVE-2022-3646,2.5,4.3,1204646,kernel-default,https://www.suse.com/security/cve/CVE-2022-3646,"A vulnerability, which was classified as problematic, has been found in Linux Kernel. This issue affects the function nilfs_attach_log_writer of the file fs/nilfs2/segment.c of the component BPF. The manipulation leads to memory leak. The attack may be initiated remotely. It is recommended to apply a patch to fix this issue. The identifier VDB-211961 was assigned to this vulnerability.",Released
20221024,CVE-2022-3646,2.5,4.3,1204646,kernel-ec2,https://www.suse.com/security/cve/CVE-2022-3646,"A vulnerability, which was classified as problematic, has been found in Linux Kernel. This issue affects the function nilfs_attach_log_writer of the file fs/nilfs2/segment.c of the component BPF. The manipulation leads to memory leak. The attack may be initiated remotely. It is recommended to apply a patch to fix this issue. The identifier VDB-211961 was assigned to this vulnerability.",Released
20221024,CVE-2022-3646,2.5,4.3,1204646,kernel-pae,https://www.suse.com/security/cve/CVE-2022-3646,"A vulnerability, which was classified as problematic, has been found in Linux Kernel. This issue affects the function nilfs_attach_log_writer of the file fs/nilfs2/segment.c of the component BPF. The manipulation leads to memory leak. The attack may be initiated remotely. It is recommended to apply a patch to fix this issue. The identifier VDB-211961 was assigned to this vulnerability.",Released
20221024,CVE-2022-3646,2.5,4.3,1204646,kernel-ppc64,https://www.suse.com/security/cve/CVE-2022-3646,"A vulnerability, which was classified as problematic, has been found in Linux Kernel. This issue affects the function nilfs_attach_log_writer of the file fs/nilfs2/segment.c of the component BPF. The manipulation leads to memory leak. The attack may be initiated remotely. It is recommended to apply a patch to fix this issue. The identifier VDB-211961 was assigned to this vulnerability.",Released
20221024,CVE-2022-3646,2.5,4.3,1204646,kernel-source,https://www.suse.com/security/cve/CVE-2022-3646,"A vulnerability, which was classified as problematic, has been found in Linux Kernel. This issue affects the function nilfs_attach_log_writer of the file fs/nilfs2/segment.c of the component BPF. The manipulation leads to memory leak. The attack may be initiated remotely. It is recommended to apply a patch to fix this issue. The identifier VDB-211961 was assigned to this vulnerability.",Released
20221024,CVE-2022-3646,2.5,4.3,1204646,kernel-syms,https://www.suse.com/security/cve/CVE-2022-3646,"A vulnerability, which was classified as problematic, has been found in Linux Kernel. This issue affects the function nilfs_attach_log_writer of the file fs/nilfs2/segment.c of the component BPF. The manipulation leads to memory leak. The attack may be initiated remotely. It is recommended to apply a patch to fix this issue. The identifier VDB-211961 was assigned to this vulnerability.",Released
20221024,CVE-2022-3646,2.5,4.3,1204646,kernel-trace,https://www.suse.com/security/cve/CVE-2022-3646,"A vulnerability, which was classified as problematic, has been found in Linux Kernel. This issue affects the function nilfs_attach_log_writer of the file fs/nilfs2/segment.c of the component BPF. The manipulation leads to memory leak. The attack may be initiated remotely. It is recommended to apply a patch to fix this issue. The identifier VDB-211961 was assigned to this vulnerability.",Released
20221024,CVE-2022-3646,2.5,4.3,1204646,kernel-xen,https://www.suse.com/security/cve/CVE-2022-3646,"A vulnerability, which was classified as problematic, has been found in Linux Kernel. This issue affects the function nilfs_attach_log_writer of the file fs/nilfs2/segment.c of the component BPF. The manipulation leads to memory leak. The attack may be initiated remotely. It is recommended to apply a patch to fix this issue. The identifier VDB-211961 was assigned to this vulnerability.",Released
20221024,CVE-2022-3649,3.1,7,1204647,kernel-bigmem,https://www.suse.com/security/cve/CVE-2022-3649,"A vulnerability was found in Linux Kernel. It has been classified as problematic. Affected is the function nilfs_new_inode of the file fs/nilfs2/inode.c of the component BPF. The manipulation leads to use after free. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211992.",Released
20221024,CVE-2022-3649,3.1,7,1204647,kernel-default,https://www.suse.com/security/cve/CVE-2022-3649,"A vulnerability was found in Linux Kernel. It has been classified as problematic. Affected is the function nilfs_new_inode of the file fs/nilfs2/inode.c of the component BPF. The manipulation leads to use after free. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211992.",Released
20221024,CVE-2022-3649,3.1,7,1204647,kernel-ec2,https://www.suse.com/security/cve/CVE-2022-3649,"A vulnerability was found in Linux Kernel. It has been classified as problematic. Affected is the function nilfs_new_inode of the file fs/nilfs2/inode.c of the component BPF. The manipulation leads to use after free. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211992.",Released
20221024,CVE-2022-3649,3.1,7,1204647,kernel-pae,https://www.suse.com/security/cve/CVE-2022-3649,"A vulnerability was found in Linux Kernel. It has been classified as problematic. Affected is the function nilfs_new_inode of the file fs/nilfs2/inode.c of the component BPF. The manipulation leads to use after free. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211992.",Released
20221024,CVE-2022-3649,3.1,7,1204647,kernel-ppc64,https://www.suse.com/security/cve/CVE-2022-3649,"A vulnerability was found in Linux Kernel. It has been classified as problematic. Affected is the function nilfs_new_inode of the file fs/nilfs2/inode.c of the component BPF. The manipulation leads to use after free. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211992.",Released
20221024,CVE-2022-3649,3.1,7,1204647,kernel-source,https://www.suse.com/security/cve/CVE-2022-3649,"A vulnerability was found in Linux Kernel. It has been classified as problematic. Affected is the function nilfs_new_inode of the file fs/nilfs2/inode.c of the component BPF. The manipulation leads to use after free. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211992.",Released
20221024,CVE-2022-3649,3.1,7,1204647,kernel-syms,https://www.suse.com/security/cve/CVE-2022-3649,"A vulnerability was found in Linux Kernel. It has been classified as problematic. Affected is the function nilfs_new_inode of the file fs/nilfs2/inode.c of the component BPF. The manipulation leads to use after free. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211992.",Released
20221024,CVE-2022-3649,3.1,7,1204647,kernel-trace,https://www.suse.com/security/cve/CVE-2022-3649,"A vulnerability was found in Linux Kernel. It has been classified as problematic. Affected is the function nilfs_new_inode of the file fs/nilfs2/inode.c of the component BPF. The manipulation leads to use after free. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211992.",Released
20221024,CVE-2022-3649,3.1,7,1204647,kernel-xen,https://www.suse.com/security/cve/CVE-2022-3649,"A vulnerability was found in Linux Kernel. It has been classified as problematic. Affected is the function nilfs_new_inode of the file fs/nilfs2/inode.c of the component BPF. The manipulation leads to use after free. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211992.",Released
20221025,CVE-2021-46848,9.1,9.1,1204690,libtasn1,https://www.suse.com/security/cve/CVE-2021-46848,"GNU Libtasn1 before 4.19.0 has an ETYPE_OK off-by-one array size check that affects asn1_encode_simple_der.",Released
20221025,CVE-2022-43680,8.1,7.5,1204708,expat,https://www.suse.com/security/cve/CVE-2022-43680,"In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations.",Released
20221026,CVE-2022-43750,6.7,6.7,1204653,kernel-bigmem,https://www.suse.com/security/cve/CVE-2022-43750,"drivers/usb/mon/mon_bin.c in usbmon in the Linux kernel before 5.19.15 and 6.x before 6.0.1 allows a user-space client to corrupt the monitor's internal memory.",Released
20221026,CVE-2022-43750,6.7,6.7,1204653,kernel-default,https://www.suse.com/security/cve/CVE-2022-43750,"drivers/usb/mon/mon_bin.c in usbmon in the Linux kernel before 5.19.15 and 6.x before 6.0.1 allows a user-space client to corrupt the monitor's internal memory.",Released
20221026,CVE-2022-43750,6.7,6.7,1204653,kernel-ec2,https://www.suse.com/security/cve/CVE-2022-43750,"drivers/usb/mon/mon_bin.c in usbmon in the Linux kernel before 5.19.15 and 6.x before 6.0.1 allows a user-space client to corrupt the monitor's internal memory.",Released
20221026,CVE-2022-43750,6.7,6.7,1204653,kernel-pae,https://www.suse.com/security/cve/CVE-2022-43750,"drivers/usb/mon/mon_bin.c in usbmon in the Linux kernel before 5.19.15 and 6.x before 6.0.1 allows a user-space client to corrupt the monitor's internal memory.",Released
20221026,CVE-2022-43750,6.7,6.7,1204653,kernel-ppc64,https://www.suse.com/security/cve/CVE-2022-43750,"drivers/usb/mon/mon_bin.c in usbmon in the Linux kernel before 5.19.15 and 6.x before 6.0.1 allows a user-space client to corrupt the monitor's internal memory.",Released
20221026,CVE-2022-43750,6.7,6.7,1204653,kernel-source,https://www.suse.com/security/cve/CVE-2022-43750,"drivers/usb/mon/mon_bin.c in usbmon in the Linux kernel before 5.19.15 and 6.x before 6.0.1 allows a user-space client to corrupt the monitor's internal memory.",Released
20221026,CVE-2022-43750,6.7,6.7,1204653,kernel-syms,https://www.suse.com/security/cve/CVE-2022-43750,"drivers/usb/mon/mon_bin.c in usbmon in the Linux kernel before 5.19.15 and 6.x before 6.0.1 allows a user-space client to corrupt the monitor's internal memory.",Released
20221026,CVE-2022-43750,6.7,6.7,1204653,kernel-trace,https://www.suse.com/security/cve/CVE-2022-43750,"drivers/usb/mon/mon_bin.c in usbmon in the Linux kernel before 5.19.15 and 6.x before 6.0.1 allows a user-space client to corrupt the monitor's internal memory.",Released
20221026,CVE-2022-43750,6.7,6.7,1204653,kernel-xen,https://www.suse.com/security/cve/CVE-2022-43750,"drivers/usb/mon/mon_bin.c in usbmon in the Linux kernel before 5.19.15 and 6.x before 6.0.1 allows a user-space client to corrupt the monitor's internal memory.",Released
20221031,CVE-2022-44032,4.3,6.4,1204894,kernel-bigmem,https://www.suse.com/security/cve/CVE-2022-44032,"An issue was discovered in the Linux kernel through 6.0.6. drivers/char/pcmcia/cm4000_cs.c has a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling open(), aka a race condition between cmm_open() and cm4000_detach().",Released
20221031,CVE-2022-44032,4.3,6.4,1204894,kernel-default,https://www.suse.com/security/cve/CVE-2022-44032,"An issue was discovered in the Linux kernel through 6.0.6. drivers/char/pcmcia/cm4000_cs.c has a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling open(), aka a race condition between cmm_open() and cm4000_detach().",Released
20221031,CVE-2022-44032,4.3,6.4,1204894,kernel-ec2,https://www.suse.com/security/cve/CVE-2022-44032,"An issue was discovered in the Linux kernel through 6.0.6. drivers/char/pcmcia/cm4000_cs.c has a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling open(), aka a race condition between cmm_open() and cm4000_detach().",Released
20221031,CVE-2022-44032,4.3,6.4,1204894,kernel-pae,https://www.suse.com/security/cve/CVE-2022-44032,"An issue was discovered in the Linux kernel through 6.0.6. drivers/char/pcmcia/cm4000_cs.c has a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling open(), aka a race condition between cmm_open() and cm4000_detach().",Released
20221031,CVE-2022-44032,4.3,6.4,1204894,kernel-ppc64,https://www.suse.com/security/cve/CVE-2022-44032,"An issue was discovered in the Linux kernel through 6.0.6. drivers/char/pcmcia/cm4000_cs.c has a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling open(), aka a race condition between cmm_open() and cm4000_detach().",Released
20221031,CVE-2022-44032,4.3,6.4,1204894,kernel-source,https://www.suse.com/security/cve/CVE-2022-44032,"An issue was discovered in the Linux kernel through 6.0.6. drivers/char/pcmcia/cm4000_cs.c has a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling open(), aka a race condition between cmm_open() and cm4000_detach().",Released
20221031,CVE-2022-44032,4.3,6.4,1204894,kernel-syms,https://www.suse.com/security/cve/CVE-2022-44032,"An issue was discovered in the Linux kernel through 6.0.6. drivers/char/pcmcia/cm4000_cs.c has a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling open(), aka a race condition between cmm_open() and cm4000_detach().",Released
20221031,CVE-2022-44032,4.3,6.4,1204894,kernel-trace,https://www.suse.com/security/cve/CVE-2022-44032,"An issue was discovered in the Linux kernel through 6.0.6. drivers/char/pcmcia/cm4000_cs.c has a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling open(), aka a race condition between cmm_open() and cm4000_detach().",Released
20221031,CVE-2022-44032,4.3,6.4,1204894,kernel-xen,https://www.suse.com/security/cve/CVE-2022-44032,"An issue was discovered in the Linux kernel through 6.0.6. drivers/char/pcmcia/cm4000_cs.c has a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling open(), aka a race condition between cmm_open() and cm4000_detach().",Released
20221101,CVE-2022-42252,6.5,7.5,1204918,tomcat6,https://www.suse.com/security/cve/CVE-2022-42252,"If Apache Tomcat 8.5.0 to 8.5.82, 9.0.0-M1 to 9.0.67, 10.0.0-M1 to 10.0.26 or 10.1.0-M1 to 10.1.0 was configured to ignore invalid HTTP headers via setting rejectIllegalHeader to false (the default for 8.5.x only), Tomcat did not reject a request containing an invalid Content-Length header making a request smuggling attack possible if Tomcat was located behind a reverse proxy that also failed to reject the request with the invalid header.",Released
20221101,CVE-2022-44033,4.3,6.4,1204922,kernel-bigmem,https://www.suse.com/security/cve/CVE-2022-44033,"An issue was discovered in the Linux kernel through 6.0.6. drivers/char/pcmcia/cm4040_cs.c has a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling open(), aka a race condition between cm4040_open() and reader_detach().",Released
20221101,CVE-2022-44033,4.3,6.4,1204922,kernel-default,https://www.suse.com/security/cve/CVE-2022-44033,"An issue was discovered in the Linux kernel through 6.0.6. drivers/char/pcmcia/cm4040_cs.c has a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling open(), aka a race condition between cm4040_open() and reader_detach().",Released
20221101,CVE-2022-44033,4.3,6.4,1204922,kernel-ec2,https://www.suse.com/security/cve/CVE-2022-44033,"An issue was discovered in the Linux kernel through 6.0.6. drivers/char/pcmcia/cm4040_cs.c has a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling open(), aka a race condition between cm4040_open() and reader_detach().",Released
20221101,CVE-2022-44033,4.3,6.4,1204922,kernel-pae,https://www.suse.com/security/cve/CVE-2022-44033,"An issue was discovered in the Linux kernel through 6.0.6. drivers/char/pcmcia/cm4040_cs.c has a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling open(), aka a race condition between cm4040_open() and reader_detach().",Released
20221101,CVE-2022-44033,4.3,6.4,1204922,kernel-ppc64,https://www.suse.com/security/cve/CVE-2022-44033,"An issue was discovered in the Linux kernel through 6.0.6. drivers/char/pcmcia/cm4040_cs.c has a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling open(), aka a race condition between cm4040_open() and reader_detach().",Released
20221101,CVE-2022-44033,4.3,6.4,1204922,kernel-source,https://www.suse.com/security/cve/CVE-2022-44033,"An issue was discovered in the Linux kernel through 6.0.6. drivers/char/pcmcia/cm4040_cs.c has a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling open(), aka a race condition between cm4040_open() and reader_detach().",Released
20221101,CVE-2022-44033,4.3,6.4,1204922,kernel-syms,https://www.suse.com/security/cve/CVE-2022-44033,"An issue was discovered in the Linux kernel through 6.0.6. drivers/char/pcmcia/cm4040_cs.c has a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling open(), aka a race condition between cm4040_open() and reader_detach().",Released
20221101,CVE-2022-44033,4.3,6.4,1204922,kernel-trace,https://www.suse.com/security/cve/CVE-2022-44033,"An issue was discovered in the Linux kernel through 6.0.6. drivers/char/pcmcia/cm4040_cs.c has a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling open(), aka a race condition between cm4040_open() and reader_detach().",Released
20221101,CVE-2022-44033,4.3,6.4,1204922,kernel-xen,https://www.suse.com/security/cve/CVE-2022-44033,"An issue was discovered in the Linux kernel through 6.0.6. drivers/char/pcmcia/cm4040_cs.c has a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling open(), aka a race condition between cm4040_open() and reader_detach().",Released
20221104,CVE-2022-44638,8.8,8.8,1205033,pixman,https://www.suse.com/security/cve/CVE-2022-44638,"In libpixman in Pixman before 0.42.2, there is an out-of-bounds write (aka heap-based buffer overflow) in rasterize_edges_8 due to an integer overflow in pixman_sample_floor_y.",Released
20221107,CVE-2022-3872,6,8.6,1205131,kvm,https://www.suse.com/security/cve/CVE-2022-3872,"An off-by-one read/write issue was found in the SDHCI device of QEMU. It occurs when reading/writing the Buffer Data Port Register in sdhci_read_dataport and sdhci_write_dataport, respectively, if data_count == block_size. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition.",Analysis
20221107,CVE-2022-42920,8.1,9.8,1205125,bcel,https://www.suse.com/security/cve/CVE-2022-42920,"Apache Commons BCEL has a number of APIs that would normally only allow changing specific class characteristics. However, due to an out-of-bounds writing issue, these APIs can be used to produce arbitrary bytecode. This could be abused in applications that pass attacker-controllable data to those APIs, giving the attacker more control over the resulting bytecode than otherwise expected. Update to Apache Commons BCEL 6.6.0.",Released
20221107,CVE-2022-44793,6.5,6.5,1205148,net-snmp,https://www.suse.com/security/cve/CVE-2022-44793,"handle_ipv6IpForwarding in agent/mibgroup/ip-mib/ip_scalars.c in Net-SNMP 5.4.3 through 5.9.3 has a NULL Pointer Exception bug that can be used by a remote attacker to cause the instance to crash via a crafted UDP packet, resulting in Denial of Service.",Unsupported
20221109,CVE-2022-3903,5.5,4.6,1205220,kernel-bigmem,https://www.suse.com/security/cve/CVE-2022-3903,"An incorrect read request flaw was found in the Infrared Transceiver USB driver in the Linux kernel. This issue occurs when a user attaches a malicious USB device. A local user could use this flaw to starve the resources, causing denial of service or potentially crashing the system.",Released
20221109,CVE-2022-3903,5.5,4.6,1205220,kernel-default,https://www.suse.com/security/cve/CVE-2022-3903,"An incorrect read request flaw was found in the Infrared Transceiver USB driver in the Linux kernel. This issue occurs when a user attaches a malicious USB device. A local user could use this flaw to starve the resources, causing denial of service or potentially crashing the system.",Released
20221109,CVE-2022-3903,5.5,4.6,1205220,kernel-ec2,https://www.suse.com/security/cve/CVE-2022-3903,"An incorrect read request flaw was found in the Infrared Transceiver USB driver in the Linux kernel. This issue occurs when a user attaches a malicious USB device. A local user could use this flaw to starve the resources, causing denial of service or potentially crashing the system.",Released
20221109,CVE-2022-3903,5.5,4.6,1205220,kernel-pae,https://www.suse.com/security/cve/CVE-2022-3903,"An incorrect read request flaw was found in the Infrared Transceiver USB driver in the Linux kernel. This issue occurs when a user attaches a malicious USB device. A local user could use this flaw to starve the resources, causing denial of service or potentially crashing the system.",Released
20221109,CVE-2022-3903,5.5,4.6,1205220,kernel-ppc64,https://www.suse.com/security/cve/CVE-2022-3903,"An incorrect read request flaw was found in the Infrared Transceiver USB driver in the Linux kernel. This issue occurs when a user attaches a malicious USB device. A local user could use this flaw to starve the resources, causing denial of service or potentially crashing the system.",Released
20221109,CVE-2022-3903,5.5,4.6,1205220,kernel-source,https://www.suse.com/security/cve/CVE-2022-3903,"An incorrect read request flaw was found in the Infrared Transceiver USB driver in the Linux kernel. This issue occurs when a user attaches a malicious USB device. A local user could use this flaw to starve the resources, causing denial of service or potentially crashing the system.",Released
20221109,CVE-2022-3903,5.5,4.6,1205220,kernel-syms,https://www.suse.com/security/cve/CVE-2022-3903,"An incorrect read request flaw was found in the Infrared Transceiver USB driver in the Linux kernel. This issue occurs when a user attaches a malicious USB device. A local user could use this flaw to starve the resources, causing denial of service or potentially crashing the system.",Released
20221109,CVE-2022-3903,5.5,4.6,1205220,kernel-trace,https://www.suse.com/security/cve/CVE-2022-3903,"An incorrect read request flaw was found in the Infrared Transceiver USB driver in the Linux kernel. This issue occurs when a user attaches a malicious USB device. A local user could use this flaw to starve the resources, causing denial of service or potentially crashing the system.",Released
20221109,CVE-2022-3903,5.5,4.6,1205220,kernel-xen,https://www.suse.com/security/cve/CVE-2022-3903,"An incorrect read request flaw was found in the Infrared Transceiver USB driver in the Linux kernel. This issue occurs when a user attaches a malicious USB device. A local user could use this flaw to starve the resources, causing denial of service or potentially crashing the system.",Released
20221109,CVE-2022-45061,6.5,7.5,1205244,python-base,https://www.suse.com/security/cve/CVE-2022-45061,"An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA (RFC 3490) decoder, such that a crafted, unreasonably long name being presented to the decoder could lead to a CPU denial of service. Hostnames are often supplied by remote servers that could be controlled by a malicious actor; in such a scenario, they could trigger excessive CPU consumption on the client attempting to make use of an attacker-supplied supposed hostname. For example, the attack payload could be placed in the Location header of an HTTP response with status code 302. A fix is planned in 3.11.1, 3.10.9, 3.9.16, 3.8.16, and 3.7.16.",Released
20221109,CVE-2022-45061,6.5,7.5,1205244,python-doc,https://www.suse.com/security/cve/CVE-2022-45061,"An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA (RFC 3490) decoder, such that a crafted, unreasonably long name being presented to the decoder could lead to a CPU denial of service. Hostnames are often supplied by remote servers that could be controlled by a malicious actor; in such a scenario, they could trigger excessive CPU consumption on the client attempting to make use of an attacker-supplied supposed hostname. For example, the attack payload could be placed in the Location header of an HTTP response with status code 302. A fix is planned in 3.11.1, 3.10.9, 3.9.16, 3.8.16, and 3.7.16.",Released
20221109,CVE-2022-45061,6.5,7.5,1205244,python,https://www.suse.com/security/cve/CVE-2022-45061,"An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA (RFC 3490) decoder, such that a crafted, unreasonably long name being presented to the decoder could lead to a CPU denial of service. Hostnames are often supplied by remote servers that could be controlled by a malicious actor; in such a scenario, they could trigger excessive CPU consumption on the client attempting to make use of an attacker-supplied supposed hostname. For example, the attack payload could be placed in the Location header of an HTTP response with status code 302. A fix is planned in 3.11.1, 3.10.9, 3.9.16, 3.8.16, and 3.7.16.",Released
20221111,CVE-2022-45063,8.8,9.8,1205305,xterm,https://www.suse.com/security/cve/CVE-2022-45063,"xterm before 375 allows code execution via font ops, e.g., because an OSC 50 response may have Ctrl-g and therefore lead to command execution within the vi line-editing mode of Zsh. NOTE: font ops are not allowed in the xterm default configurations of some Linux distributions.",Released
20221114,CVE-2022-3970,8.8,8.8,1205392,tiff,https://www.suse.com/security/cve/CVE-2022-3970,"A vulnerability was found in LibTIFF. It has been classified as critical. This affects the function TIFFReadRGBATileExt of the file libtiff/tif_getimage.c. The manipulation leads to integer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 227500897dfb07fb7d27f7aa570050e62617e3be. It is recommended to apply a patch to fix this issue. The identifier VDB-213549 was assigned to this vulnerability.",Released
20221115,CVE-2022-37290,5.5,5.5,1205418,nautilus,https://www.suse.com/security/cve/CVE-2022-37290,"GNOME Nautilus 42.2 allows a NULL pointer dereference and get_basename application crash via a pasted ZIP archive.",Ignore
20221118,CVE-2022-4055,6.1,7.4,1205553,xdg-utils,https://www.suse.com/security/cve/CVE-2022-4055,"When xdg-mail is configured to use thunderbird for mailto URLs, improper parsing of the URL can lead to additional headers being passed to thunderbird that should not be included per RFC 2368. An attacker can use this method to create a mailto URL that looks safe to users, but will actually attach files when clicked.",Analysis
20221121,CVE-2022-4095,7.8,7.8,1205514,kernel-bigmem,https://www.suse.com/security/cve/CVE-2022-4095,"A use-after-free flaw was found in Linux kernel before 5.19.2. This issue occurs in cmd_hdl_filter in drivers/staging/rtl8712/rtl8712_cmd.c, allowing an attacker to launch a local denial of service attack and gain escalation of privileges.",Released
20221121,CVE-2022-4095,7.8,7.8,1205514,kernel-default,https://www.suse.com/security/cve/CVE-2022-4095,"A use-after-free flaw was found in Linux kernel before 5.19.2. This issue occurs in cmd_hdl_filter in drivers/staging/rtl8712/rtl8712_cmd.c, allowing an attacker to launch a local denial of service attack and gain escalation of privileges.",Released
20221121,CVE-2022-4095,7.8,7.8,1205514,kernel-ec2,https://www.suse.com/security/cve/CVE-2022-4095,"A use-after-free flaw was found in Linux kernel before 5.19.2. This issue occurs in cmd_hdl_filter in drivers/staging/rtl8712/rtl8712_cmd.c, allowing an attacker to launch a local denial of service attack and gain escalation of privileges.",Released
20221121,CVE-2022-4095,7.8,7.8,1205514,kernel-pae,https://www.suse.com/security/cve/CVE-2022-4095,"A use-after-free flaw was found in Linux kernel before 5.19.2. This issue occurs in cmd_hdl_filter in drivers/staging/rtl8712/rtl8712_cmd.c, allowing an attacker to launch a local denial of service attack and gain escalation of privileges.",Released
20221121,CVE-2022-4095,7.8,7.8,1205514,kernel-ppc64,https://www.suse.com/security/cve/CVE-2022-4095,"A use-after-free flaw was found in Linux kernel before 5.19.2. This issue occurs in cmd_hdl_filter in drivers/staging/rtl8712/rtl8712_cmd.c, allowing an attacker to launch a local denial of service attack and gain escalation of privileges.",Released
20221121,CVE-2022-4095,7.8,7.8,1205514,kernel-source,https://www.suse.com/security/cve/CVE-2022-4095,"A use-after-free flaw was found in Linux kernel before 5.19.2. This issue occurs in cmd_hdl_filter in drivers/staging/rtl8712/rtl8712_cmd.c, allowing an attacker to launch a local denial of service attack and gain escalation of privileges.",Released
20221121,CVE-2022-4095,7.8,7.8,1205514,kernel-syms,https://www.suse.com/security/cve/CVE-2022-4095,"A use-after-free flaw was found in Linux kernel before 5.19.2. This issue occurs in cmd_hdl_filter in drivers/staging/rtl8712/rtl8712_cmd.c, allowing an attacker to launch a local denial of service attack and gain escalation of privileges.",Released
20221121,CVE-2022-4095,7.8,7.8,1205514,kernel-trace,https://www.suse.com/security/cve/CVE-2022-4095,"A use-after-free flaw was found in Linux kernel before 5.19.2. This issue occurs in cmd_hdl_filter in drivers/staging/rtl8712/rtl8712_cmd.c, allowing an attacker to launch a local denial of service attack and gain escalation of privileges.",Released
20221121,CVE-2022-4095,7.8,7.8,1205514,kernel-xen,https://www.suse.com/security/cve/CVE-2022-4095,"A use-after-free flaw was found in Linux kernel before 5.19.2. This issue occurs in cmd_hdl_filter in drivers/staging/rtl8712/rtl8712_cmd.c, allowing an attacker to launch a local denial of service attack and gain escalation of privileges.",Released
20221123,CVE-2022-41858,4.4,7.1,1205671,kernel-bigmem,https://www.suse.com/security/cve/CVE-2022-41858,"A flaw was found in the Linux kernel. A NULL pointer dereference may occur while a slip driver is in progress to detach in sl_tx_timeout in drivers/net/slip/slip.c. This issue could allow an attacker to crash the system or leak internal kernel information.",Released
20221123,CVE-2022-41858,4.4,7.1,1205671,kernel-default,https://www.suse.com/security/cve/CVE-2022-41858,"A flaw was found in the Linux kernel. A NULL pointer dereference may occur while a slip driver is in progress to detach in sl_tx_timeout in drivers/net/slip/slip.c. This issue could allow an attacker to crash the system or leak internal kernel information.",Released
20221123,CVE-2022-41858,4.4,7.1,1205671,kernel-ec2,https://www.suse.com/security/cve/CVE-2022-41858,"A flaw was found in the Linux kernel. A NULL pointer dereference may occur while a slip driver is in progress to detach in sl_tx_timeout in drivers/net/slip/slip.c. This issue could allow an attacker to crash the system or leak internal kernel information.",Released
20221123,CVE-2022-41858,4.4,7.1,1205671,kernel-pae,https://www.suse.com/security/cve/CVE-2022-41858,"A flaw was found in the Linux kernel. A NULL pointer dereference may occur while a slip driver is in progress to detach in sl_tx_timeout in drivers/net/slip/slip.c. This issue could allow an attacker to crash the system or leak internal kernel information.",Released
20221123,CVE-2022-41858,4.4,7.1,1205671,kernel-ppc64,https://www.suse.com/security/cve/CVE-2022-41858,"A flaw was found in the Linux kernel. A NULL pointer dereference may occur while a slip driver is in progress to detach in sl_tx_timeout in drivers/net/slip/slip.c. This issue could allow an attacker to crash the system or leak internal kernel information.",Released
20221123,CVE-2022-41858,4.4,7.1,1205671,kernel-source,https://www.suse.com/security/cve/CVE-2022-41858,"A flaw was found in the Linux kernel. A NULL pointer dereference may occur while a slip driver is in progress to detach in sl_tx_timeout in drivers/net/slip/slip.c. This issue could allow an attacker to crash the system or leak internal kernel information.",Released
20221123,CVE-2022-41858,4.4,7.1,1205671,kernel-syms,https://www.suse.com/security/cve/CVE-2022-41858,"A flaw was found in the Linux kernel. A NULL pointer dereference may occur while a slip driver is in progress to detach in sl_tx_timeout in drivers/net/slip/slip.c. This issue could allow an attacker to crash the system or leak internal kernel information.",Released
20221123,CVE-2022-41858,4.4,7.1,1205671,kernel-trace,https://www.suse.com/security/cve/CVE-2022-41858,"A flaw was found in the Linux kernel. A NULL pointer dereference may occur while a slip driver is in progress to detach in sl_tx_timeout in drivers/net/slip/slip.c. This issue could allow an attacker to crash the system or leak internal kernel information.",Released
20221123,CVE-2022-41858,4.4,7.1,1205671,kernel-xen,https://www.suse.com/security/cve/CVE-2022-41858,"A flaw was found in the Linux kernel. A NULL pointer dereference may occur while a slip driver is in progress to detach in sl_tx_timeout in drivers/net/slip/slip.c. This issue could allow an attacker to crash the system or leak internal kernel information.",Released
20221124,CVE-2021-33621,7.5,8.8,1205726,ruby,https://www.suse.com/security/cve/CVE-2021-33621,"The cgi gem before 0.1.0.2, 0.2.x before 0.2.2, and 0.3.x before 0.3.5 for Ruby allows HTTP response splitting. This is relevant to applications that use untrusted user input either to generate an HTTP response or to create a CGI::Cookie object.",Unsupported
20221124,CVE-2022-4129,5.5,5.5,1205711,kernel-default,https://www.suse.com/security/cve/CVE-2022-4129,"A flaw was found in the Linux kernel's Layer 2 Tunneling Protocol (L2TP). A missing lock when clearing sk_user_data can lead to a race condition and NULL pointer dereference. A local user could use this flaw to potentially crash the system causing a denial of service.",Affected
20221124,CVE-2022-4129,5.5,5.5,1205711,kernel-ec2,https://www.suse.com/security/cve/CVE-2022-4129,"A flaw was found in the Linux kernel's Layer 2 Tunneling Protocol (L2TP). A missing lock when clearing sk_user_data can lead to a race condition and NULL pointer dereference. A local user could use this flaw to potentially crash the system causing a denial of service.",Affected
20221124,CVE-2022-4129,5.5,5.5,1205711,kernel-source,https://www.suse.com/security/cve/CVE-2022-4129,"A flaw was found in the Linux kernel's Layer 2 Tunneling Protocol (L2TP). A missing lock when clearing sk_user_data can lead to a race condition and NULL pointer dereference. A local user could use this flaw to potentially crash the system causing a denial of service.",Affected
20221124,CVE-2022-4129,5.5,5.5,1205711,kernel-syms,https://www.suse.com/security/cve/CVE-2022-4129,"A flaw was found in the Linux kernel's Layer 2 Tunneling Protocol (L2TP). A missing lock when clearing sk_user_data can lead to a race condition and NULL pointer dereference. A local user could use this flaw to potentially crash the system causing a denial of service.",Affected
20221124,CVE-2022-4132,5.9,5.9,1205721,tomcat6,https://www.suse.com/security/cve/CVE-2022-4132,"A flaw was found in JSS. A memory leak in JSS requires non-standard configuration but is a low-effort DoS vector if configured that way (repeatedly hitting the login page).",Analysis
20221125,CVE-2022-45884,4.1,7,1205756,kernel-default,https://www.suse.com/security/cve/CVE-2022-45884,"An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvbdev.c has a use-after-free, related to dvb_register_device dynamically allocating fops.",Won't fix
20221125,CVE-2022-45884,4.1,7,1205756,kernel-ec2,https://www.suse.com/security/cve/CVE-2022-45884,"An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvbdev.c has a use-after-free, related to dvb_register_device dynamically allocating fops.",Won't fix
20221125,CVE-2022-45884,4.1,7,1205756,kernel-source,https://www.suse.com/security/cve/CVE-2022-45884,"An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvbdev.c has a use-after-free, related to dvb_register_device dynamically allocating fops.",Won't fix
20221125,CVE-2022-45884,4.1,7,1205756,kernel-syms,https://www.suse.com/security/cve/CVE-2022-45884,"An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvbdev.c has a use-after-free, related to dvb_register_device dynamically allocating fops.",Won't fix
20221125,CVE-2022-45885,4.1,7,1205758,kernel-source,https://www.suse.com/security/cve/CVE-2022-45885,"An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvb_frontend.c has a race condition that can cause a use-after-free when a device is disconnected.",Won't fix
20221125,CVE-2022-45886,4.1,7,1205760,kernel-default,https://www.suse.com/security/cve/CVE-2022-45886,"An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvb_net.c has a .disconnect versus dvb_device_open race condition that leads to a use-after-free.",Won't fix
20221125,CVE-2022-45886,4.1,7,1205760,kernel-ec2,https://www.suse.com/security/cve/CVE-2022-45886,"An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvb_net.c has a .disconnect versus dvb_device_open race condition that leads to a use-after-free.",Won't fix
20221125,CVE-2022-45886,4.1,7,1205760,kernel-source,https://www.suse.com/security/cve/CVE-2022-45886,"An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvb_net.c has a .disconnect versus dvb_device_open race condition that leads to a use-after-free.",Won't fix
20221125,CVE-2022-45886,4.1,7,1205760,kernel-syms,https://www.suse.com/security/cve/CVE-2022-45886,"An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvb_net.c has a .disconnect versus dvb_device_open race condition that leads to a use-after-free.",Won't fix
20221125,CVE-2022-45887,4.1,4.7,1205762,kernel-bigmem,https://www.suse.com/security/cve/CVE-2022-45887,"An issue was discovered in the Linux kernel through 6.0.9. drivers/media/usb/ttusb-dec/ttusb_dec.c has a memory leak because of the lack of a dvb_frontend_detach call.",Released
20221125,CVE-2022-45887,4.1,4.7,1205762,kernel-default,https://www.suse.com/security/cve/CVE-2022-45887,"An issue was discovered in the Linux kernel through 6.0.9. drivers/media/usb/ttusb-dec/ttusb_dec.c has a memory leak because of the lack of a dvb_frontend_detach call.",Released
20221125,CVE-2022-45887,4.1,4.7,1205762,kernel-ec2,https://www.suse.com/security/cve/CVE-2022-45887,"An issue was discovered in the Linux kernel through 6.0.9. drivers/media/usb/ttusb-dec/ttusb_dec.c has a memory leak because of the lack of a dvb_frontend_detach call.",Released
20221125,CVE-2022-45887,4.1,4.7,1205762,kernel-pae,https://www.suse.com/security/cve/CVE-2022-45887,"An issue was discovered in the Linux kernel through 6.0.9. drivers/media/usb/ttusb-dec/ttusb_dec.c has a memory leak because of the lack of a dvb_frontend_detach call.",Released
20221125,CVE-2022-45887,4.1,4.7,1205762,kernel-ppc64,https://www.suse.com/security/cve/CVE-2022-45887,"An issue was discovered in the Linux kernel through 6.0.9. drivers/media/usb/ttusb-dec/ttusb_dec.c has a memory leak because of the lack of a dvb_frontend_detach call.",Released
20221125,CVE-2022-45887,4.1,4.7,1205762,kernel-source,https://www.suse.com/security/cve/CVE-2022-45887,"An issue was discovered in the Linux kernel through 6.0.9. drivers/media/usb/ttusb-dec/ttusb_dec.c has a memory leak because of the lack of a dvb_frontend_detach call.",Released
20221125,CVE-2022-45887,4.1,4.7,1205762,kernel-syms,https://www.suse.com/security/cve/CVE-2022-45887,"An issue was discovered in the Linux kernel through 6.0.9. drivers/media/usb/ttusb-dec/ttusb_dec.c has a memory leak because of the lack of a dvb_frontend_detach call.",Released
20221125,CVE-2022-45887,4.1,4.7,1205762,kernel-trace,https://www.suse.com/security/cve/CVE-2022-45887,"An issue was discovered in the Linux kernel through 6.0.9. drivers/media/usb/ttusb-dec/ttusb_dec.c has a memory leak because of the lack of a dvb_frontend_detach call.",Released
20221125,CVE-2022-45887,4.1,4.7,1205762,kernel-xen,https://www.suse.com/security/cve/CVE-2022-45887,"An issue was discovered in the Linux kernel through 6.0.9. drivers/media/usb/ttusb-dec/ttusb_dec.c has a memory leak because of the lack of a dvb_frontend_detach call.",Released
20221128,CVE-2022-45919,7,7,1205803,kernel-bigmem,https://www.suse.com/security/cve/CVE-2022-45919,"An issue was discovered in the Linux kernel through 6.0.10. In drivers/media/dvb-core/dvb_ca_en50221.c, a use-after-free can occur is there is a disconnect after an open, because of the lack of a wait_event.",Released
20221128,CVE-2022-45919,7,7,1205803,kernel-default,https://www.suse.com/security/cve/CVE-2022-45919,"An issue was discovered in the Linux kernel through 6.0.10. In drivers/media/dvb-core/dvb_ca_en50221.c, a use-after-free can occur is there is a disconnect after an open, because of the lack of a wait_event.",Released
20221128,CVE-2022-45919,7,7,1205803,kernel-ec2,https://www.suse.com/security/cve/CVE-2022-45919,"An issue was discovered in the Linux kernel through 6.0.10. In drivers/media/dvb-core/dvb_ca_en50221.c, a use-after-free can occur is there is a disconnect after an open, because of the lack of a wait_event.",Released
20221128,CVE-2022-45919,7,7,1205803,kernel-pae,https://www.suse.com/security/cve/CVE-2022-45919,"An issue was discovered in the Linux kernel through 6.0.10. In drivers/media/dvb-core/dvb_ca_en50221.c, a use-after-free can occur is there is a disconnect after an open, because of the lack of a wait_event.",Released
20221128,CVE-2022-45919,7,7,1205803,kernel-ppc64,https://www.suse.com/security/cve/CVE-2022-45919,"An issue was discovered in the Linux kernel through 6.0.10. In drivers/media/dvb-core/dvb_ca_en50221.c, a use-after-free can occur is there is a disconnect after an open, because of the lack of a wait_event.",Released
20221128,CVE-2022-45919,7,7,1205803,kernel-source,https://www.suse.com/security/cve/CVE-2022-45919,"An issue was discovered in the Linux kernel through 6.0.10. In drivers/media/dvb-core/dvb_ca_en50221.c, a use-after-free can occur is there is a disconnect after an open, because of the lack of a wait_event.",Released
20221128,CVE-2022-45919,7,7,1205803,kernel-syms,https://www.suse.com/security/cve/CVE-2022-45919,"An issue was discovered in the Linux kernel through 6.0.10. In drivers/media/dvb-core/dvb_ca_en50221.c, a use-after-free can occur is there is a disconnect after an open, because of the lack of a wait_event.",Released
20221128,CVE-2022-45919,7,7,1205803,kernel-trace,https://www.suse.com/security/cve/CVE-2022-45919,"An issue was discovered in the Linux kernel through 6.0.10. In drivers/media/dvb-core/dvb_ca_en50221.c, a use-after-free can occur is there is a disconnect after an open, because of the lack of a wait_event.",Released
20221128,CVE-2022-45919,7,7,1205803,kernel-xen,https://www.suse.com/security/cve/CVE-2022-45919,"An issue was discovered in the Linux kernel through 6.0.10. In drivers/media/dvb-core/dvb_ca_en50221.c, a use-after-free can occur is there is a disconnect after an open, because of the lack of a wait_event.",Released
20221128,CVE-2022-45934,5.3,7.8,1205796,kernel-bigmem,https://www.suse.com/security/cve/CVE-2022-45934,"An issue was discovered in the Linux kernel through 6.0.10. l2cap_config_req in net/bluetooth/l2cap_core.c has an integer wraparound via L2CAP_CONF_REQ packets.",Released
20221128,CVE-2022-45934,5.3,7.8,1205796,kernel-default,https://www.suse.com/security/cve/CVE-2022-45934,"An issue was discovered in the Linux kernel through 6.0.10. l2cap_config_req in net/bluetooth/l2cap_core.c has an integer wraparound via L2CAP_CONF_REQ packets.",Released
20221128,CVE-2022-45934,5.3,7.8,1205796,kernel-ec2,https://www.suse.com/security/cve/CVE-2022-45934,"An issue was discovered in the Linux kernel through 6.0.10. l2cap_config_req in net/bluetooth/l2cap_core.c has an integer wraparound via L2CAP_CONF_REQ packets.",Released
20221128,CVE-2022-45934,5.3,7.8,1205796,kernel-pae,https://www.suse.com/security/cve/CVE-2022-45934,"An issue was discovered in the Linux kernel through 6.0.10. l2cap_config_req in net/bluetooth/l2cap_core.c has an integer wraparound via L2CAP_CONF_REQ packets.",Released
20221128,CVE-2022-45934,5.3,7.8,1205796,kernel-ppc64,https://www.suse.com/security/cve/CVE-2022-45934,"An issue was discovered in the Linux kernel through 6.0.10. l2cap_config_req in net/bluetooth/l2cap_core.c has an integer wraparound via L2CAP_CONF_REQ packets.",Released
20221128,CVE-2022-45934,5.3,7.8,1205796,kernel-source,https://www.suse.com/security/cve/CVE-2022-45934,"An issue was discovered in the Linux kernel through 6.0.10. l2cap_config_req in net/bluetooth/l2cap_core.c has an integer wraparound via L2CAP_CONF_REQ packets.",Released
20221128,CVE-2022-45934,5.3,7.8,1205796,kernel-syms,https://www.suse.com/security/cve/CVE-2022-45934,"An issue was discovered in the Linux kernel through 6.0.10. l2cap_config_req in net/bluetooth/l2cap_core.c has an integer wraparound via L2CAP_CONF_REQ packets.",Released
20221128,CVE-2022-45934,5.3,7.8,1205796,kernel-trace,https://www.suse.com/security/cve/CVE-2022-45934,"An issue was discovered in the Linux kernel through 6.0.10. l2cap_config_req in net/bluetooth/l2cap_core.c has an integer wraparound via L2CAP_CONF_REQ packets.",Released
20221128,CVE-2022-45934,5.3,7.8,1205796,kernel-xen,https://www.suse.com/security/cve/CVE-2022-45934,"An issue was discovered in the Linux kernel through 6.0.10. l2cap_config_req in net/bluetooth/l2cap_core.c has an integer wraparound via L2CAP_CONF_REQ packets.",Released
20221128,CVE-2022-45939,7.8,7.8,1205822,emacs,https://www.suse.com/security/cve/CVE-2022-45939,"GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the ctags program. For example, a victim may use the \"ctags *\" command (suggested in the ctags documentation) in a situation where the current working directory has contents that depend on untrusted input.",Released
20221130,CVE-2022-46340,7.1,8.8,1205874,xorg-x11-server,https://www.suse.com/security/cve/CVE-2022-46340,"A vulnerability was found in X.Org. This security flaw occurs becuase the swap handler for the XTestFakeInput request of the XTest extension may corrupt the stack if GenericEvents with lengths larger than 32 bytes are sent through a the XTestFakeInput request. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions. This issue does not affect systems where client and server use the same byte order.",Released
20221130,CVE-2022-46342,6.1,8.8,1205879,xorg-x11-server,https://www.suse.com/security/cve/CVE-2022-46342,"A vulnerability was found in X.Org. This security flaw occurs because the handler for the XvdiSelectVideoNotify request may write to memory after it has been freed. This issue can lead to local privileges elevation on systems where the X se",Released
20221130,CVE-2022-46343,4.4,8.8,1205878,xorg-x11-server,https://www.suse.com/security/cve/CVE-2022-46343,"A vulnerability was found in X.Org. This security flaw occurs because the handler for the ScreenSaverSetAttributes request may write to memory after it has been freed. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions.",Released
20221130,CVE-2022-46344,5.5,8.8,1205876,xorg-x11-server,https://www.suse.com/security/cve/CVE-2022-46344,"A vulnerability was found in X.Org. This security flaw occurs because the handler for the XIChangeProperty request has a length-validation issues, resulting in out-of-bounds memory reads and potential information disclosure. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions.",Released
20221205,CVE-2022-4283,7.8,7.8,1206017,xorg-x11-server,https://www.suse.com/security/cve/CVE-2022-4283,"A vulnerability was found in X.Org. This security flaw occurs because the XkbCopyNames function left a dangling pointer to freed memory, resulting in out-of-bounds memory access on subsequent XkbGetKbdByName requests.. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions.",Released
20221206,CVE-2022-3520,7.8,7.8,1206071,vim,https://www.suse.com/security/cve/CVE-2022-3520,"Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0765.",Unsupported
20221206,CVE-2022-3564,8,5.5,1206073,kernel-default,https://www.suse.com/security/cve/CVE-2022-3564,"A vulnerability classified as critical was found in Linux Kernel. Affected by this vulnerability is the function l2cap_reassemble_sdu of the file net/bluetooth/l2cap_core.c of the component Bluetooth. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211087.",Ignore
20221206,CVE-2022-3591,7.8,7.8,1206072,vim,https://www.suse.com/security/cve/CVE-2022-3591,"Use After Free in GitHub repository vim/vim prior to 9.0.0789.",Unsupported
20221206,CVE-2022-4285,5.5,5.5,1206080,binutils,https://www.suse.com/security/cve/CVE-2022-4285,"An illegal memory access flaw was found in the binutils package. Parsing an ELF file containing corrupt symbol version information may result in a denial of service. This issue is the result of an incomplete fix for CVE-2020-16599.",Unsupported
20221206,CVE-2022-4292,7.8,7.8,1206075,vim,https://www.suse.com/security/cve/CVE-2022-4292,"Use After Free in GitHub repository vim/vim prior to 9.0.0882.",Unsupported
20221206,CVE-2022-4293,6.8,6.8,1206077,vim,https://www.suse.com/security/cve/CVE-2022-4293,"Floating Point Comparison with Incorrect Operator in GitHub repository vim/vim prior to 9.0.0804.",Unsupported
20221208,CVE-2022-23491,6.6,6.8,1206212,mozilla-nss,https://www.suse.com/security/cve/CVE-2022-23491,"Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi 2022.12.07 removes root certificates from \"TrustCor\" from the root store. These are in the process of being removed from Mozilla's trust store. TrustCor's root certificates are being removed pursuant to an investigation prompted by media reporting that TrustCor's ownership also operated a business that produced spyware. Conclusions of Mozilla's investigation can be found in the linked google group discussion.",Released
20221208,CVE-2022-41860,7.5,7.5,1206205,freeradius-server,https://www.suse.com/security/cve/CVE-2022-41860,"In freeradius, when an EAP-SIM supplicant sends an unknown SIM option, the server will try to look that option up in the internal dictionaries. This lookup will fail, but the SIM code will not check for that failure. Instead, it will dereference a NULL pointer, and cause the server to crash.",Released
20221208,CVE-2022-41861,7.5,6.5,1206206,freeradius-server,https://www.suse.com/security/cve/CVE-2022-41861,"A flaw was found in freeradius. A malicious RADIUS client or home server can send a malformed abinary attribute which can cause the server to crash.",Released
20221212,CVE-2022-43552,5.6,5.9,1206309,curl,https://www.suse.com/security/cve/CVE-2022-43552,"A use after free vulnerability exists in curl <7.87.0. Curl can be asked to *tunnel* virtually all protocols it supports through an HTTP proxy. HTTP proxies can (and often do) deny such tunnel operations. When getting denied to tunnel the specific protocols SMB or TELNET, curl would use a heap-allocated struct after it had been freed, in its transfer shutdown code path.",Released
20221213,CVE-2022-3275,,8.4,1206353,wireshark,https://www.suse.com/security/cve/CVE-2022-3275,"Command injection is possible in the puppetlabs-apt module prior to version 9.0.0. A malicious actor is able to exploit this vulnerability only if they are able to provide unsanitized input to the module. This condition is rare in most deployments of Puppet and Puppet Enterprise.",Ignore
20221214,CVE-2022-3105,5.5,5.5,1206398,kernel-default,https://www.suse.com/security/cve/CVE-2022-3105,"An issue was discovered in the Linux kernel through 5.16-rc6. uapi_finalize in drivers/infiniband/core/uverbs_uapi.c lacks check of kmalloc_array().",Already fixed
20221214,CVE-2022-3111,5.5,5.5,1206394,kernel-default,https://www.suse.com/security/cve/CVE-2022-3111,"An issue was discovered in the Linux kernel through 5.16-rc6. free_charger_irq() in drivers/power/supply/wm8350_power.c lacks free of WM8350_IRQ_CHG_FAST_RDY, which is registered in wm8350_init_charger().",Already fixed
20221214,CVE-2022-40982,6.2,6.5,1206418,kernel-bigmem,https://www.suse.com/security/cve/CVE-2022-40982,"Information exposure through microarchitectural state after transient execution in certain vector execution units for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.",Released
20221214,CVE-2022-40982,6.2,6.5,1206418,kernel-default,https://www.suse.com/security/cve/CVE-2022-40982,"Information exposure through microarchitectural state after transient execution in certain vector execution units for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.",Released
20221214,CVE-2022-40982,6.2,6.5,1206418,kernel-ec2,https://www.suse.com/security/cve/CVE-2022-40982,"Information exposure through microarchitectural state after transient execution in certain vector execution units for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.",Released
20221214,CVE-2022-40982,6.2,6.5,1206418,kernel-pae,https://www.suse.com/security/cve/CVE-2022-40982,"Information exposure through microarchitectural state after transient execution in certain vector execution units for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.",Released
20221214,CVE-2022-40982,6.2,6.5,1206418,kernel-ppc64,https://www.suse.com/security/cve/CVE-2022-40982,"Information exposure through microarchitectural state after transient execution in certain vector execution units for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.",Released
20221214,CVE-2022-40982,6.2,6.5,1206418,kernel-source,https://www.suse.com/security/cve/CVE-2022-40982,"Information exposure through microarchitectural state after transient execution in certain vector execution units for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.",Released
20221214,CVE-2022-40982,6.2,6.5,1206418,kernel-syms,https://www.suse.com/security/cve/CVE-2022-40982,"Information exposure through microarchitectural state after transient execution in certain vector execution units for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.",Released
20221214,CVE-2022-40982,6.2,6.5,1206418,kernel-trace,https://www.suse.com/security/cve/CVE-2022-40982,"Information exposure through microarchitectural state after transient execution in certain vector execution units for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.",Released
20221214,CVE-2022-40982,6.2,6.5,1206418,kernel-xen,https://www.suse.com/security/cve/CVE-2022-40982,"Information exposure through microarchitectural state after transient execution in certain vector execution units for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.",Released
20221220,CVE-2021-20251,8.1,5.9,1206546,samba-doc,https://www.suse.com/security/cve/CVE-2021-20251,"A flaw was found in samba. A race condition in the password lockout code may lead to the risk of brute force attacks being successful if special conditions are met.",Released
20221220,CVE-2021-20251,8.1,5.9,1206546,samba,https://www.suse.com/security/cve/CVE-2021-20251,"A flaw was found in samba. A race condition in the password lockout code may lead to the risk of brute force attacks being successful if special conditions are met.",Released
20221220,CVE-2022-4515,7.8,7.8,1206543,ctags,https://www.suse.com/security/cve/CVE-2022-4515,"A flaw was found in Exuberant Ctags in the way it handles the \"-o\" option. This option specifies the tag filename. A crafted tag filename specified in the command line or in the configuration file results in arbitrary command execution because the externalSortTags() in sort.c calls the system(3) function in an unsafe way.",Released
20221221,CVE-2022-47629,8.1,9.8,1206579,libksba,https://www.suse.com/security/cve/CVE-2022-47629,"Libksba before 1.6.3 is prone to an integer overflow vulnerability in the CRL signature parser.",Released
20221223,CVE-2022-40899,5.3,7.5,1206673,python-base,https://www.suse.com/security/cve/CVE-2022-40899,"An issue discovered in Python Charmers Future 0.18.2 and earlier allows remote attackers to cause a denial of service via crafted Set-Cookie header from malicious web server.",Released
20221223,CVE-2022-40899,5.3,7.5,1206673,python-doc,https://www.suse.com/security/cve/CVE-2022-40899,"An issue discovered in Python Charmers Future 0.18.2 and earlier allows remote attackers to cause a denial of service via crafted Set-Cookie header from malicious web server.",Released
20221223,CVE-2022-40899,5.3,7.5,1206673,python,https://www.suse.com/security/cve/CVE-2022-40899,"An issue discovered in Python Charmers Future 0.18.2 and earlier allows remote attackers to cause a denial of service via crafted Set-Cookie header from malicious web server.",Released
20221223,CVE-2022-4662,4.7,5.5,1206664,kernel-default,https://www.suse.com/security/cve/CVE-2022-4662,"A flaw incorrect access control in the Linux kernel USB core subsystem was found in the way user attaches usb device. A local user could use this flaw to crash the system.",Released
20230105,CVE-2023-0047,5.9,,1206896,kernel-default,https://www.suse.com/security/cve/CVE-2023-0047,"** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2023. Notes: none.",Unsupported
20230109,CVE-2022-31631,6.9,,1206958,php53,https://www.suse.com/security/cve/CVE-2022-31631,"** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.",Released
20230111,CVE-2022-44617,5.5,7.5,1207030,xorg-x11-libXpm,https://www.suse.com/security/cve/CVE-2022-44617,"A flaw was found in libXpm. When processing a file with width of 0 and a very large height, some parser functions will be called repeatedly and can lead to an infinite loop, resulting in a Denial of Service in the application linked to the library.",Released
20230111,CVE-2022-46285,5.5,7.5,1207029,xorg-x11-libXpm,https://www.suse.com/security/cve/CVE-2022-46285,"A flaw was found in libXpm. This issue occurs when parsing a file with a comment not closed; the end-of-file condition will not be detected, leading to an infinite loop and resulting in a Denial of Service in the application linked to the library.",Released
20230111,CVE-2022-4883,7.3,8.8,1207031,xorg-x11-libXpm,https://www.suse.com/security/cve/CVE-2022-4883,"A flaw was found in libXpm. When processing files with .Z or .gz extensions, the library calls external programs to compress and uncompress files, relying on the PATH environment variable to find these programs, which could allow a malicious user to execute other programs by manipulating the PATH environment variable.",Released
20230113,CVE-2023-0266,7.8,7.9,1207134,kernel-default,https://www.suse.com/security/cve/CVE-2023-0266,"A use after free vulnerability exists in the ALSA PCM package in the Linux Kernel.�SNDRV_CTL_IOCTL_ELEM_{READ|WRITE}32 is missing locks that can be used in a use-after-free that can result in a priviledge escalation to gain ring0 access from the system user. We recommend upgrading past commit�56b88b50565cd8b946a2d00b0c83927b7ebb055e ",Ignore
20230113,CVE-2023-23454,7.8,5.5,1207036,kernel-bigmem,https://www.suse.com/security/cve/CVE-2023-23454,"cbq_classify in net/sched/sch_cbq.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service (slab-out-of-bounds read) because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results).",Released
20230113,CVE-2023-23454,7.8,5.5,1207036,kernel-default,https://www.suse.com/security/cve/CVE-2023-23454,"cbq_classify in net/sched/sch_cbq.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service (slab-out-of-bounds read) because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results).",Released
20230113,CVE-2023-23454,7.8,5.5,1207036,kernel-ec2,https://www.suse.com/security/cve/CVE-2023-23454,"cbq_classify in net/sched/sch_cbq.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service (slab-out-of-bounds read) because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results).",Released
20230113,CVE-2023-23454,7.8,5.5,1207036,kernel-pae,https://www.suse.com/security/cve/CVE-2023-23454,"cbq_classify in net/sched/sch_cbq.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service (slab-out-of-bounds read) because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results).",Released
20230113,CVE-2023-23454,7.8,5.5,1207036,kernel-ppc64,https://www.suse.com/security/cve/CVE-2023-23454,"cbq_classify in net/sched/sch_cbq.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service (slab-out-of-bounds read) because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results).",Released
20230113,CVE-2023-23454,7.8,5.5,1207036,kernel-source,https://www.suse.com/security/cve/CVE-2023-23454,"cbq_classify in net/sched/sch_cbq.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service (slab-out-of-bounds read) because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results).",Released
20230113,CVE-2023-23454,7.8,5.5,1207036,kernel-syms,https://www.suse.com/security/cve/CVE-2023-23454,"cbq_classify in net/sched/sch_cbq.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service (slab-out-of-bounds read) because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results).",Released
20230113,CVE-2023-23454,7.8,5.5,1207036,kernel-trace,https://www.suse.com/security/cve/CVE-2023-23454,"cbq_classify in net/sched/sch_cbq.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service (slab-out-of-bounds read) because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results).",Released
20230113,CVE-2023-23454,7.8,5.5,1207036,kernel-xen,https://www.suse.com/security/cve/CVE-2023-23454,"cbq_classify in net/sched/sch_cbq.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service (slab-out-of-bounds read) because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results).",Released
20230113,CVE-2023-23455,7.8,5.5,1207125,kernel-bigmem,https://www.suse.com/security/cve/CVE-2023-23455,"atm_tc_enqueue in net/sched/sch_atm.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results).",Released
20230113,CVE-2023-23455,7.8,5.5,1207125,kernel-default,https://www.suse.com/security/cve/CVE-2023-23455,"atm_tc_enqueue in net/sched/sch_atm.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results).",Released
20230113,CVE-2023-23455,7.8,5.5,1207125,kernel-ec2,https://www.suse.com/security/cve/CVE-2023-23455,"atm_tc_enqueue in net/sched/sch_atm.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results).",Released
20230113,CVE-2023-23455,7.8,5.5,1207125,kernel-pae,https://www.suse.com/security/cve/CVE-2023-23455,"atm_tc_enqueue in net/sched/sch_atm.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results).",Released
20230113,CVE-2023-23455,7.8,5.5,1207125,kernel-ppc64,https://www.suse.com/security/cve/CVE-2023-23455,"atm_tc_enqueue in net/sched/sch_atm.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results).",Released
20230113,CVE-2023-23455,7.8,5.5,1207125,kernel-source,https://www.suse.com/security/cve/CVE-2023-23455,"atm_tc_enqueue in net/sched/sch_atm.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results).",Released
20230113,CVE-2023-23455,7.8,5.5,1207125,kernel-syms,https://www.suse.com/security/cve/CVE-2023-23455,"atm_tc_enqueue in net/sched/sch_atm.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results).",Released
20230113,CVE-2023-23455,7.8,5.5,1207125,kernel-trace,https://www.suse.com/security/cve/CVE-2023-23455,"atm_tc_enqueue in net/sched/sch_atm.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results).",Released
20230113,CVE-2023-23455,7.8,5.5,1207125,kernel-xen,https://www.suse.com/security/cve/CVE-2023-23455,"atm_tc_enqueue in net/sched/sch_atm.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results).",Released
20230113,CVE-2023-23559,6.5,7.8,1207051,kernel-bigmem,https://www.suse.com/security/cve/CVE-2023-23559,"In rndis_query_oid in drivers/net/wireless/rndis_wlan.c in the Linux kernel through 6.1.5, there is an integer overflow in an addition.",Released
20230113,CVE-2023-23559,6.5,7.8,1207051,kernel-default,https://www.suse.com/security/cve/CVE-2023-23559,"In rndis_query_oid in drivers/net/wireless/rndis_wlan.c in the Linux kernel through 6.1.5, there is an integer overflow in an addition.",Released
20230113,CVE-2023-23559,6.5,7.8,1207051,kernel-ec2,https://www.suse.com/security/cve/CVE-2023-23559,"In rndis_query_oid in drivers/net/wireless/rndis_wlan.c in the Linux kernel through 6.1.5, there is an integer overflow in an addition.",Released
20230113,CVE-2023-23559,6.5,7.8,1207051,kernel-pae,https://www.suse.com/security/cve/CVE-2023-23559,"In rndis_query_oid in drivers/net/wireless/rndis_wlan.c in the Linux kernel through 6.1.5, there is an integer overflow in an addition.",Released
20230113,CVE-2023-23559,6.5,7.8,1207051,kernel-ppc64,https://www.suse.com/security/cve/CVE-2023-23559,"In rndis_query_oid in drivers/net/wireless/rndis_wlan.c in the Linux kernel through 6.1.5, there is an integer overflow in an addition.",Released
20230113,CVE-2023-23559,6.5,7.8,1207051,kernel-source,https://www.suse.com/security/cve/CVE-2023-23559,"In rndis_query_oid in drivers/net/wireless/rndis_wlan.c in the Linux kernel through 6.1.5, there is an integer overflow in an addition.",Released
20230113,CVE-2023-23559,6.5,7.8,1207051,kernel-syms,https://www.suse.com/security/cve/CVE-2023-23559,"In rndis_query_oid in drivers/net/wireless/rndis_wlan.c in the Linux kernel through 6.1.5, there is an integer overflow in an addition.",Released
20230113,CVE-2023-23559,6.5,7.8,1207051,kernel-trace,https://www.suse.com/security/cve/CVE-2023-23559,"In rndis_query_oid in drivers/net/wireless/rndis_wlan.c in the Linux kernel through 6.1.5, there is an integer overflow in an addition.",Released
20230113,CVE-2023-23559,6.5,7.8,1207051,kernel-xen,https://www.suse.com/security/cve/CVE-2023-23559,"In rndis_query_oid in drivers/net/wireless/rndis_wlan.c in the Linux kernel through 6.1.5, there is an integer overflow in an addition.",Released
20230118,CVE-2006-20001,7.5,7.5,1207247,apache2,https://www.suse.com/security/cve/CVE-2006-20001,"A carefully crafted If: request header can cause a memory read, or write of a single zero byte, in a pool (heap) memory location beyond the header value sent. This could cause the process to crash.  This issue affects Apache HTTP Server 2.4.54 and earlier. ",Released
20230118,CVE-2022-36760,6.5,9,1207250,apache2,https://www.suse.com/security/cve/CVE-2022-36760,"Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in mod_proxy_ajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to.  This issue affects Apache HTTP Server Apache HTTP Server 2.4 version 2.4.54 and prior versions.",Released
20230118,CVE-2022-37436,7.4,5.3,1207251,apache2,https://www.suse.com/security/cve/CVE-2022-37436,"Prior to Apache HTTP Server 2.4.55, a malicious backend can cause the response headers to be truncated early, resulting in some headers being incorporated into the response body. If the later headers have any security purpose, they will not be interpreted by the client.",Released
20230118,CVE-2022-47929,4.2,5.5,1207237,kernel-default,https://www.suse.com/security/cve/CVE-2022-47929,"In the Linux kernel before 6.1.6, a NULL pointer dereference bug in the traffic control subsystem allows an unprivileged user to trigger a denial of service (system crash) via a crafted traffic control configuration that is set up with \"tc qdisc\" and \"tc class\" commands. This affects qdisc_graft in net/sched/sch_api.c.",Ignore
20230119,CVE-2023-0394,6.5,5.5,1207168,kernel-default,https://www.suse.com/security/cve/CVE-2023-0394,"A NULL pointer dereference flaw was found in rawv6_push_pending_frames in net/ipv6/raw.c in the network subcomponent in the Linux kernel. This flaw causes the system to crash.",Released
20230119,CVE-2023-0394,6.5,5.5,1207168,kernel-ec2,https://www.suse.com/security/cve/CVE-2023-0394,"A NULL pointer dereference flaw was found in rawv6_push_pending_frames in net/ipv6/raw.c in the network subcomponent in the Linux kernel. This flaw causes the system to crash.",Released
20230119,CVE-2023-0394,6.5,5.5,1207168,kernel-source,https://www.suse.com/security/cve/CVE-2023-0394,"A NULL pointer dereference flaw was found in rawv6_push_pending_frames in net/ipv6/raw.c in the network subcomponent in the Linux kernel. This flaw causes the system to crash.",Released
20230119,CVE-2023-0394,6.5,5.5,1207168,kernel-syms,https://www.suse.com/security/cve/CVE-2023-0394,"A NULL pointer dereference flaw was found in rawv6_push_pending_frames in net/ipv6/raw.c in the network subcomponent in the Linux kernel. This flaw causes the system to crash.",Released
20230123,CVE-2022-47024,3.3,7.8,1207397,vim,https://www.suse.com/security/cve/CVE-2022-47024,"A null pointer dereference issue was discovered in function gui_x11_create_blank_mouse in gui_x11.c in vim 8.1.2269 thru 9.0.0339 allows attackers to cause denial of service or other unspecified impacts.",Won't fix
20230123,CVE-2022-48279,7.5,7.5,1207378,apache2-mod_security2,https://www.suse.com/security/cve/CVE-2022-48279,"In ModSecurity before 2.9.6 and 3.x before 3.0.8, HTTP multipart requests were incorrectly parsed and could bypass the Web Application Firewall. NOTE: this is related to CVE-2022-39956 but can be considered independent changes to the ModSecurity (C language) codebase.",Released
20230124,CVE-2022-3094,6.5,7.5,1207471,bind,https://www.suse.com/security/cve/CVE-2022-3094,"Sending a flood of dynamic DNS updates may cause `named` to allocate large amounts of memory. This, in turn, may cause `named` to exit due to a lack of free memory. We are not aware of any cases where this has been exploited. Memory is allocated prior to the checking of access permissions (ACLs) and is retained during the processing of a dynamic update from a client whose access credentials are accepted. Memory allocated to clients that are not permitted to send updates is released immediately upon rejection. The scope of this vulnerability is limited therefore to trusted clients who are permitted to make dynamic zone changes. If a dynamic update is REFUSED, memory will be released again very quickly. Therefore it is only likely to be possible to degrade or stop `named` by sending a flood of unaccepted dynamic updates comparable in magnitude to a query flood intended to achieve the same detrimental outcome. BIND 9.11 and earlier branches are also affected, but through exhaustion of internal resources rather than memory constraints. This may reduce performance but should not be a significant problem for most servers. Therefore we don't intend to address this for BIND versions prior to BIND 9.16. This issue affects BIND 9 versions 9.16.0 through 9.16.36, 9.18.0 through 9.18.10, 9.19.0 through 9.19.8, and 9.16.8-S1 through 9.16.36-S1.",Won't fix
20230125,CVE-2022-4304,5.9,5.9,1207534,openssl,https://www.suse.com/security/cve/CVE-2022-4304,"A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in a Bleichenbacher style attack. To achieve a successful decryption an attacker would have to be able to send a very large number of trial messages for decryption. The vulnerability affects all RSA padding modes: PKCS#1 v1.5, RSA-OEAP and RSASVE.  For example, in a TLS connection, RSA is commonly used by a client to send an encrypted pre-master secret to the server. An attacker that had observed a genuine connection between a client and a server could use this flaw to send trial messages to the server and record the time taken to process them. After a sufficiently large number of messages the attacker could recover the pre-master secret used for the original connection and thus be able to decrypt the application data sent over that connection.  ",Released
20230126,CVE-2022-45154,4.3,4.4,1207598,supportutils,https://www.suse.com/security/cve/CVE-2022-45154,"A Cleartext Storage of Sensitive Information vulnerability in suppportutils of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15, SUSE Linux Enterprise Server 15 SP3 allows attackers that get access to the support logs to gain knowledge of the stored credentials This issue affects: SUSE Linux Enterprise Server 12 supportutils version 3.0.10-95.51.1CWE-312: Cleartext Storage of Sensitive Information and prior versions. SUSE Linux Enterprise Server 15 supportutils version 3.1.21-150000.5.44.1 and prior versions. SUSE Linux Enterprise Server 15 SP3 supportutils version 3.1.21-150300.7.35.15.1 and prior versions.",Unsupported
20230130,CVE-2022-48303,4.3,5.5,1207753,tar,https://www.suse.com/security/cve/CVE-2022-48303,"GNU Tar through 1.34 has a one-byte out-of-bounds read that results in use of uninitialized memory for a conditional jump. Exploitation to change the flow of control has not been demonstrated. The issue occurs in from_header in list.c via a V7 archive in which mtime has approximately 11 whitespace characters.",Released
20230131,CVE-2023-0494,7.8,7.8,1207783,xorg-x11-server,https://www.suse.com/security/cve/CVE-2023-0494,"A vulnerability was found in X.Org. This issue occurs due to a dangling pointer in DeepCopyPointerClasses that can be exploited by ProcXkbSetDeviceInfo() and ProcXkbGetDeviceInfo() to read and write into freed memory. This can lead to local privilege elevation on systems where the X server runs privileged and remote code execution for ssh X forwarding sessions.",Released
20230131,CVE-2023-0590,7,4.7,1207795,kernel-bigmem,https://www.suse.com/security/cve/CVE-2023-0590,"A use-after-free flaw was found in qdisc_graft in net/sched/sch_api.c in the Linux Kernel due to a race problem. This flaw leads to a denial of service issue. If patch ebda44da44f6 (\"net: sched: fix race condition in qdisc_graft()\") not applied yet, then kernel could be affected.",Released
20230131,CVE-2023-0590,7,4.7,1207795,kernel-default,https://www.suse.com/security/cve/CVE-2023-0590,"A use-after-free flaw was found in qdisc_graft in net/sched/sch_api.c in the Linux Kernel due to a race problem. This flaw leads to a denial of service issue. If patch ebda44da44f6 (\"net: sched: fix race condition in qdisc_graft()\") not applied yet, then kernel could be affected.",Released
20230131,CVE-2023-0590,7,4.7,1207795,kernel-ec2,https://www.suse.com/security/cve/CVE-2023-0590,"A use-after-free flaw was found in qdisc_graft in net/sched/sch_api.c in the Linux Kernel due to a race problem. This flaw leads to a denial of service issue. If patch ebda44da44f6 (\"net: sched: fix race condition in qdisc_graft()\") not applied yet, then kernel could be affected.",Released
20230131,CVE-2023-0590,7,4.7,1207795,kernel-pae,https://www.suse.com/security/cve/CVE-2023-0590,"A use-after-free flaw was found in qdisc_graft in net/sched/sch_api.c in the Linux Kernel due to a race problem. This flaw leads to a denial of service issue. If patch ebda44da44f6 (\"net: sched: fix race condition in qdisc_graft()\") not applied yet, then kernel could be affected.",Released
20230131,CVE-2023-0590,7,4.7,1207795,kernel-ppc64,https://www.suse.com/security/cve/CVE-2023-0590,"A use-after-free flaw was found in qdisc_graft in net/sched/sch_api.c in the Linux Kernel due to a race problem. This flaw leads to a denial of service issue. If patch ebda44da44f6 (\"net: sched: fix race condition in qdisc_graft()\") not applied yet, then kernel could be affected.",Released
20230131,CVE-2023-0590,7,4.7,1207795,kernel-source,https://www.suse.com/security/cve/CVE-2023-0590,"A use-after-free flaw was found in qdisc_graft in net/sched/sch_api.c in the Linux Kernel due to a race problem. This flaw leads to a denial of service issue. If patch ebda44da44f6 (\"net: sched: fix race condition in qdisc_graft()\") not applied yet, then kernel could be affected.",Released
20230131,CVE-2023-0590,7,4.7,1207795,kernel-syms,https://www.suse.com/security/cve/CVE-2023-0590,"A use-after-free flaw was found in qdisc_graft in net/sched/sch_api.c in the Linux Kernel due to a race problem. This flaw leads to a denial of service issue. If patch ebda44da44f6 (\"net: sched: fix race condition in qdisc_graft()\") not applied yet, then kernel could be affected.",Released
20230131,CVE-2023-0590,7,4.7,1207795,kernel-trace,https://www.suse.com/security/cve/CVE-2023-0590,"A use-after-free flaw was found in qdisc_graft in net/sched/sch_api.c in the Linux Kernel due to a race problem. This flaw leads to a denial of service issue. If patch ebda44da44f6 (\"net: sched: fix race condition in qdisc_graft()\") not applied yet, then kernel could be affected.",Released
20230131,CVE-2023-0590,7,4.7,1207795,kernel-xen,https://www.suse.com/security/cve/CVE-2023-0590,"A use-after-free flaw was found in qdisc_graft in net/sched/sch_api.c in the Linux Kernel due to a race problem. This flaw leads to a denial of service issue. If patch ebda44da44f6 (\"net: sched: fix race condition in qdisc_graft()\") not applied yet, then kernel could be affected.",Released
20230202,CVE-2022-25147,9.8,6.5,1207866,libapr-util1,https://www.suse.com/security/cve/CVE-2022-25147,"Integer Overflow or Wraparound vulnerability in apr_base64 functions of Apache Portable Runtime Utility (APR-util) allows an attacker to write beyond bounds of a buffer. This issue affects Apache Portable Runtime Utility (APR-util) 1.6.1 and prior versions.",Released
20230206,CVE-2023-25193,7.5,7.5,1207922,firefox-harfbuzz,https://www.suse.com/security/cve/CVE-2023-25193,"hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to trigger O(n^2) growth via consecutive marks during the process of looking back for base glyphs when attaching marks.",Released
20230207,CVE-2023-23916,6.5,6.5,1207992,curl,https://www.suse.com/security/cve/CVE-2023-23916,"An allocation of resources without limits or throttling vulnerability exists in curl <v7.88.0 based on the \"chained\" HTTP compression algorithms, meaning that a server response can be compressed multiple times and potentially with differentalgorithms. The number of acceptable \"links\" in this \"decompression chain\" wascapped, but the cap was implemented on a per-header basis allowing a maliciousserver to insert a virtually unlimited number of compression steps simply byusing many headers. The use of such a decompression chain could result in a \"malloc bomb\", making curl end up spending enormous amounts of allocated heap memory, or trying to and returning out of memory errors.",Released
20230208,CVE-2022-37704,7.8,6.7,1208033,amanda,https://www.suse.com/security/cve/CVE-2022-37704,"Amanda 3.5.1 allows privilege escalation from the regular user backup to root. The SUID binary located at /lib/amanda/rundump will execute /usr/sbin/dump as root with controlled arguments from the attacker which may lead to escalation of privileges, denial of service, and information disclosure.",Released
20230208,CVE-2022-37705,7.8,6.7,1208032,amanda,https://www.suse.com/security/cve/CVE-2022-37705,"A privilege escalation flaw was found in Amanda 3.5.1 in which the backup user can acquire root privileges. The vulnerable component is the runtar SUID program, which is a wrapper to run /usr/bin/tar with specific arguments that are controllable by the attacker. This program mishandles the arguments passed to tar binary (it expects that the argument name and value are separated with a space; however, separating them with an equals sign is also supported),",Released
20230208,CVE-2023-25585,2.5,4.7,1208040,binutils,https://www.suse.com/security/cve/CVE-2023-25585,"A flaw was found in Binutils. The use of an uninitialized field in the struct module *module may lead to application crash and local denial of service.",Unsupported
20230208,CVE-2023-25587,2.5,,1208038,binutils,https://www.suse.com/security/cve/CVE-2023-25587,"** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.",Unsupported
20230208,CVE-2023-25588,2.5,4.7,1208037,binutils,https://www.suse.com/security/cve/CVE-2023-25588,"A flaw was found in Binutils. The field `the_bfd` of `asymbol`struct is uninitialized in the `bfd_mach_o_get_synthetic_symtab` function, which may lead to an application crash and local denial of service.",Unsupported
20230215,CVE-2022-21216,7.5,7.5,1208277,microcode_ctl,https://www.suse.com/security/cve/CVE-2022-21216,"Insufficient granularity of access control in out-of-band management in some Intel(R) Atom and Intel Xeon Scalable Processors may allow a privileged user to potentially enable escalation of privilege via adjacent network access.",Released
20230215,CVE-2022-33196,7.2,7.2,1208276,microcode_ctl,https://www.suse.com/security/cve/CVE-2022-33196,"Incorrect default permissions in some memory controller configurations for some Intel(R) Xeon(R) Processors when using Intel(R) Software Guard Extensions which may allow a privileged user to potentially enable escalation of privilege via local access.",Released
20230215,CVE-2022-38090,6,6,1208275,microcode_ctl,https://www.suse.com/security/cve/CVE-2022-38090,"Improper isolation of shared resources in some Intel(R) Processors when using Intel(R) Software Guard Extensions may allow a privileged user to potentially enable information disclosure via local access.",Released
20230216,CVE-2023-0567,6.5,7.7,1208388,php53,https://www.suse.com/security/cve/CVE-2023-0567,"In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, password_verify() function may accept some invalid Blowfish hashes as valid. If such invalid hash ever ends up in the password database, it may lead to an application allowing any password for this entry as valid.",Released
20230216,CVE-2023-0568,7.5,7.5,1208366,php53,https://www.suse.com/security/cve/CVE-2023-0568,"In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, core path resolution function allocate buffer one byte too small. When resolving paths with lengths close to system MAXPATHLEN setting, this may lead to the byte after the allocated buffer being overwritten with NUL value, which might lead to unauthorized data access or modification.�",Released
20230216,CVE-2023-0662,7.5,7.5,1208367,php53,https://www.suse.com/security/cve/CVE-2023-0662,"In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, excessive number of parts in HTTP form upload can cause high resource consumption and excessive number of log entries. This can cause denial of service on the affected server by exhausting CPU resources or disk space.�",Released
20230216,CVE-2023-20032,9.8,9.8,1208363,clamav,https://www.suse.com/security/cve/CVE-2023-20032,"On Feb 15, 2023, the following vulnerability in the ClamAV scanning library was disclosed:
 
 
 A vulnerability in the HFS+ partition file parser of ClamAV versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier could allow an unauthenticated, remote attacker to execute arbitrary code.
 
 
 This vulnerability is due to a missing buffer size check that may result in a heap buffer overflow write. An attacker could exploit this vulnerability by submitting a crafted HFS+ partition file to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to execute arbitrary code with the privileges of the ClamAV scanning process, or else crash the process, resulting in a denial of service (DoS) condition.
 
 For a description of this vulnerability, see the ClamAV blog [\"https://blog.clamav.net/\"].",Released
20230216,CVE-2023-20052,5.5,5.3,1208365,clamav,https://www.suse.com/security/cve/CVE-2023-20052,"On Feb 15, 2023, the following vulnerability in the ClamAV scanning library was disclosed:
 
 
 A vulnerability in the DMG file parser of ClamAV versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier could allow an unauthenticated, remote attacker to access sensitive information on an affected device.
 
 
 This vulnerability is due to enabling XML entity substitution that may result in XML external entity injection. An attacker could exploit this vulnerability by submitting a crafted DMG file to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to leak bytes from any file that may be read by the ClamAV scanning process.",Released
20230220,CVE-2022-33972,6.1,6.1,1208479,microcode_ctl,https://www.suse.com/security/cve/CVE-2022-33972,"Incorrect calculation in microcode keying mechanism for some 3rd Generation Intel(R) Xeon(R) Scalable Processors may allow a privileged user to potentially enable information disclosure via local access.",Already fixed
20230220,CVE-2023-24329,7.3,7.5,1208471,python-base,https://www.suse.com/security/cve/CVE-2023-24329,"An issue in the urllib.parse component of Python before 3.11.4 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters.",Released
20230220,CVE-2023-24329,7.3,7.5,1208471,python-doc,https://www.suse.com/security/cve/CVE-2023-24329,"An issue in the urllib.parse component of Python before 3.11.4 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters.",Released
20230220,CVE-2023-24329,7.3,7.5,1208471,python,https://www.suse.com/security/cve/CVE-2023-24329,"An issue in the urllib.parse component of Python before 3.11.4 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters.",Released
20230221,CVE-2022-48337,7.8,9.8,1208515,emacs,https://www.suse.com/security/cve/CVE-2022-48337,"GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the etags program. For example, a victim may use the \"etags -u *\" command (suggested in the etags documentation) in a situation where the current working directory has contents that depend on untrusted input.",Released
20230221,CVE-2023-24998,7.5,7.5,1208513,jakarta-commons-fileupload,https://www.suse.com/security/cve/CVE-2023-24998,"Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads.     Note that, like all of the file upload limits, the           new configuration option (FileUploadBase#setFileCountMax) is not           enabled by default and must be explicitly configured.   ",Released
20230221,CVE-2023-24998,7.5,7.5,1208513,tomcat6,https://www.suse.com/security/cve/CVE-2023-24998,"Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads.     Note that, like all of the file upload limits, the           new configuration option (FileUploadBase#setFileCountMax) is not           enabled by default and must be explicitly configured.   ",Won't fix
20230228,CVE-2023-1073,6.3,6.6,1206784,kernel-default,https://www.suse.com/security/cve/CVE-2023-1073,"A memory corruption flaw was found in the Linux kernel’s human interface device (HID) subsystem in how a user inserts a malicious USB device. This flaw allows a local user to crash or potentially escalate their privileges on the system.",Unsupported
20230228,CVE-2023-1073,6.3,6.6,1206784,kernel-ec2,https://www.suse.com/security/cve/CVE-2023-1073,"A memory corruption flaw was found in the Linux kernel’s human interface device (HID) subsystem in how a user inserts a malicious USB device. This flaw allows a local user to crash or potentially escalate their privileges on the system.",Unsupported
20230228,CVE-2023-1073,6.3,6.6,1206784,kernel-source,https://www.suse.com/security/cve/CVE-2023-1073,"A memory corruption flaw was found in the Linux kernel’s human interface device (HID) subsystem in how a user inserts a malicious USB device. This flaw allows a local user to crash or potentially escalate their privileges on the system.",Unsupported
20230228,CVE-2023-1073,6.3,6.6,1206784,kernel-syms,https://www.suse.com/security/cve/CVE-2023-1073,"A memory corruption flaw was found in the Linux kernel’s human interface device (HID) subsystem in how a user inserts a malicious USB device. This flaw allows a local user to crash or potentially escalate their privileges on the system.",Unsupported
20230228,CVE-2023-1074,4.7,5.5,1206677,kernel-bigmem,https://www.suse.com/security/cve/CVE-2023-1074,"A memory leak flaw was found in the Linux kernel's Stream Control Transmission Protocol. This issue may occur when a user starts a malicious networking service and someone connects to this service. This could allow a local user to starve resources, causing a denial of service.",Released
20230228,CVE-2023-1074,4.7,5.5,1206677,kernel-default,https://www.suse.com/security/cve/CVE-2023-1074,"A memory leak flaw was found in the Linux kernel's Stream Control Transmission Protocol. This issue may occur when a user starts a malicious networking service and someone connects to this service. This could allow a local user to starve resources, causing a denial of service.",Released
20230228,CVE-2023-1074,4.7,5.5,1206677,kernel-ec2,https://www.suse.com/security/cve/CVE-2023-1074,"A memory leak flaw was found in the Linux kernel's Stream Control Transmission Protocol. This issue may occur when a user starts a malicious networking service and someone connects to this service. This could allow a local user to starve resources, causing a denial of service.",Released
20230228,CVE-2023-1074,4.7,5.5,1206677,kernel-pae,https://www.suse.com/security/cve/CVE-2023-1074,"A memory leak flaw was found in the Linux kernel's Stream Control Transmission Protocol. This issue may occur when a user starts a malicious networking service and someone connects to this service. This could allow a local user to starve resources, causing a denial of service.",Released
20230228,CVE-2023-1074,4.7,5.5,1206677,kernel-ppc64,https://www.suse.com/security/cve/CVE-2023-1074,"A memory leak flaw was found in the Linux kernel's Stream Control Transmission Protocol. This issue may occur when a user starts a malicious networking service and someone connects to this service. This could allow a local user to starve resources, causing a denial of service.",Released
20230228,CVE-2023-1074,4.7,5.5,1206677,kernel-source,https://www.suse.com/security/cve/CVE-2023-1074,"A memory leak flaw was found in the Linux kernel's Stream Control Transmission Protocol. This issue may occur when a user starts a malicious networking service and someone connects to this service. This could allow a local user to starve resources, causing a denial of service.",Released
20230228,CVE-2023-1074,4.7,5.5,1206677,kernel-syms,https://www.suse.com/security/cve/CVE-2023-1074,"A memory leak flaw was found in the Linux kernel's Stream Control Transmission Protocol. This issue may occur when a user starts a malicious networking service and someone connects to this service. This could allow a local user to starve resources, causing a denial of service.",Released
20230228,CVE-2023-1074,4.7,5.5,1206677,kernel-trace,https://www.suse.com/security/cve/CVE-2023-1074,"A memory leak flaw was found in the Linux kernel's Stream Control Transmission Protocol. This issue may occur when a user starts a malicious networking service and someone connects to this service. This could allow a local user to starve resources, causing a denial of service.",Released
20230228,CVE-2023-1074,4.7,5.5,1206677,kernel-xen,https://www.suse.com/security/cve/CVE-2023-1074,"A memory leak flaw was found in the Linux kernel's Stream Control Transmission Protocol. This issue may occur when a user starts a malicious networking service and someone connects to this service. This could allow a local user to starve resources, causing a denial of service.",Released
20230228,CVE-2023-1077,7,7,1208600,kernel-bigmem,https://www.suse.com/security/cve/CVE-2023-1077,"In the Linux kernel, pick_next_rt_entity() may return a type confused entry, not detected by the BUG_ON condition, as the confused entry will not be NULL, but list_head.The buggy error condition would lead to a type confused entry with the list head,which would then be used as a type confused sched_rt_entity,causing memory corruption.",Released
20230228,CVE-2023-1077,7,7,1208600,kernel-default,https://www.suse.com/security/cve/CVE-2023-1077,"In the Linux kernel, pick_next_rt_entity() may return a type confused entry, not detected by the BUG_ON condition, as the confused entry will not be NULL, but list_head.The buggy error condition would lead to a type confused entry with the list head,which would then be used as a type confused sched_rt_entity,causing memory corruption.",Released
20230228,CVE-2023-1077,7,7,1208600,kernel-ec2,https://www.suse.com/security/cve/CVE-2023-1077,"In the Linux kernel, pick_next_rt_entity() may return a type confused entry, not detected by the BUG_ON condition, as the confused entry will not be NULL, but list_head.The buggy error condition would lead to a type confused entry with the list head,which would then be used as a type confused sched_rt_entity,causing memory corruption.",Released
20230228,CVE-2023-1077,7,7,1208600,kernel-pae,https://www.suse.com/security/cve/CVE-2023-1077,"In the Linux kernel, pick_next_rt_entity() may return a type confused entry, not detected by the BUG_ON condition, as the confused entry will not be NULL, but list_head.The buggy error condition would lead to a type confused entry with the list head,which would then be used as a type confused sched_rt_entity,causing memory corruption.",Released
20230228,CVE-2023-1077,7,7,1208600,kernel-ppc64,https://www.suse.com/security/cve/CVE-2023-1077,"In the Linux kernel, pick_next_rt_entity() may return a type confused entry, not detected by the BUG_ON condition, as the confused entry will not be NULL, but list_head.The buggy error condition would lead to a type confused entry with the list head,which would then be used as a type confused sched_rt_entity,causing memory corruption.",Released
20230228,CVE-2023-1077,7,7,1208600,kernel-source,https://www.suse.com/security/cve/CVE-2023-1077,"In the Linux kernel, pick_next_rt_entity() may return a type confused entry, not detected by the BUG_ON condition, as the confused entry will not be NULL, but list_head.The buggy error condition would lead to a type confused entry with the list head,which would then be used as a type confused sched_rt_entity,causing memory corruption.",Released
20230228,CVE-2023-1077,7,7,1208600,kernel-syms,https://www.suse.com/security/cve/CVE-2023-1077,"In the Linux kernel, pick_next_rt_entity() may return a type confused entry, not detected by the BUG_ON condition, as the confused entry will not be NULL, but list_head.The buggy error condition would lead to a type confused entry with the list head,which would then be used as a type confused sched_rt_entity,causing memory corruption.",Released
20230228,CVE-2023-1077,7,7,1208600,kernel-trace,https://www.suse.com/security/cve/CVE-2023-1077,"In the Linux kernel, pick_next_rt_entity() may return a type confused entry, not detected by the BUG_ON condition, as the confused entry will not be NULL, but list_head.The buggy error condition would lead to a type confused entry with the list head,which would then be used as a type confused sched_rt_entity,causing memory corruption.",Released
20230228,CVE-2023-1077,7,7,1208600,kernel-xen,https://www.suse.com/security/cve/CVE-2023-1077,"In the Linux kernel, pick_next_rt_entity() may return a type confused entry, not detected by the BUG_ON condition, as the confused entry will not be NULL, but list_head.The buggy error condition would lead to a type confused entry with the list head,which would then be used as a type confused sched_rt_entity,causing memory corruption.",Released
20230301,CVE-2023-0461,7.8,7.8,1208787,kernel-syms,https://www.suse.com/security/cve/CVE-2023-0461,"There is a use-after-free vulnerability in the Linux Kernel which can be exploited to achieve local privilege escalation. To reach the vulnerability kernel configuration flag CONFIG_TLS�or CONFIG_XFRM_ESPINTCP�has to be configured, but the operation does not require any privilege.  There is a use-after-free bug of icsk_ulp_data�of a struct inet_connection_sock.  When CONFIG_TLS�is enabled, user can install a tls context (struct tls_context) on a connected tcp socket. The context is not cleared if this socket is disconnected and reused as a listener. If a new socket is created from the listener, the context is inherited and vulnerable.  The setsockopt�TCP_ULP�operation does not require any privilege.  We recommend upgrading past commit�2c02d41d71f90a5168391b6a5f2954112ba2307c",Released
20230302,CVE-2023-1118,7,7.8,1208837,kernel-bigmem,https://www.suse.com/security/cve/CVE-2023-1118,"A flaw use after free in the Linux kernel integrated infrared receiver/transceiver driver was found in the way user detaching rc device. A local user could use this flaw to crash the system or potentially escalate their privileges on the system.",Released
20230302,CVE-2023-1118,7,7.8,1208837,kernel-default,https://www.suse.com/security/cve/CVE-2023-1118,"A flaw use after free in the Linux kernel integrated infrared receiver/transceiver driver was found in the way user detaching rc device. A local user could use this flaw to crash the system or potentially escalate their privileges on the system.",Released
20230302,CVE-2023-1118,7,7.8,1208837,kernel-ec2,https://www.suse.com/security/cve/CVE-2023-1118,"A flaw use after free in the Linux kernel integrated infrared receiver/transceiver driver was found in the way user detaching rc device. A local user could use this flaw to crash the system or potentially escalate their privileges on the system.",Released
20230302,CVE-2023-1118,7,7.8,1208837,kernel-pae,https://www.suse.com/security/cve/CVE-2023-1118,"A flaw use after free in the Linux kernel integrated infrared receiver/transceiver driver was found in the way user detaching rc device. A local user could use this flaw to crash the system or potentially escalate their privileges on the system.",Released
20230302,CVE-2023-1118,7,7.8,1208837,kernel-ppc64,https://www.suse.com/security/cve/CVE-2023-1118,"A flaw use after free in the Linux kernel integrated infrared receiver/transceiver driver was found in the way user detaching rc device. A local user could use this flaw to crash the system or potentially escalate their privileges on the system.",Released
20230302,CVE-2023-1118,7,7.8,1208837,kernel-source,https://www.suse.com/security/cve/CVE-2023-1118,"A flaw use after free in the Linux kernel integrated infrared receiver/transceiver driver was found in the way user detaching rc device. A local user could use this flaw to crash the system or potentially escalate their privileges on the system.",Released
20230302,CVE-2023-1118,7,7.8,1208837,kernel-syms,https://www.suse.com/security/cve/CVE-2023-1118,"A flaw use after free in the Linux kernel integrated infrared receiver/transceiver driver was found in the way user detaching rc device. A local user could use this flaw to crash the system or potentially escalate their privileges on the system.",Released
20230302,CVE-2023-1118,7,7.8,1208837,kernel-trace,https://www.suse.com/security/cve/CVE-2023-1118,"A flaw use after free in the Linux kernel integrated infrared receiver/transceiver driver was found in the way user detaching rc device. A local user could use this flaw to crash the system or potentially escalate their privileges on the system.",Released
20230302,CVE-2023-1118,7,7.8,1208837,kernel-xen,https://www.suse.com/security/cve/CVE-2023-1118,"A flaw use after free in the Linux kernel integrated infrared receiver/transceiver driver was found in the way user detaching rc device. A local user could use this flaw to crash the system or potentially escalate their privileges on the system.",Released
20230306,CVE-2023-1170,5.3,6.6,1208959,vim,https://www.suse.com/security/cve/CVE-2023-1170,"Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1376.",Won't fix
20230306,CVE-2023-1175,5.3,6.6,1208957,vim,https://www.suse.com/security/cve/CVE-2023-1175,"Incorrect Calculation of Buffer Size in GitHub repository vim/vim prior to 9.0.1378.",Won't fix
20230307,CVE-2023-1192,6.5,6.5,1208995,kernel-bigmem,https://www.suse.com/security/cve/CVE-2023-1192,"A use-after-free flaw was found in smb2_is_status_io_timeout() in CIFS in the Linux Kernel. After CIFS transfers response data to a system call, there are still local variable points to the memory region, and if the system call frees it faster than CIFS uses it, CIFS will access a free memory region, leading to a denial of service.",Released
20230307,CVE-2023-1192,6.5,6.5,1208995,kernel-default,https://www.suse.com/security/cve/CVE-2023-1192,"A use-after-free flaw was found in smb2_is_status_io_timeout() in CIFS in the Linux Kernel. After CIFS transfers response data to a system call, there are still local variable points to the memory region, and if the system call frees it faster than CIFS uses it, CIFS will access a free memory region, leading to a denial of service.",Released
20230307,CVE-2023-1192,6.5,6.5,1208995,kernel-ec2,https://www.suse.com/security/cve/CVE-2023-1192,"A use-after-free flaw was found in smb2_is_status_io_timeout() in CIFS in the Linux Kernel. After CIFS transfers response data to a system call, there are still local variable points to the memory region, and if the system call frees it faster than CIFS uses it, CIFS will access a free memory region, leading to a denial of service.",Released
20230307,CVE-2023-1192,6.5,6.5,1208995,kernel-pae,https://www.suse.com/security/cve/CVE-2023-1192,"A use-after-free flaw was found in smb2_is_status_io_timeout() in CIFS in the Linux Kernel. After CIFS transfers response data to a system call, there are still local variable points to the memory region, and if the system call frees it faster than CIFS uses it, CIFS will access a free memory region, leading to a denial of service.",Released
20230307,CVE-2023-1192,6.5,6.5,1208995,kernel-ppc64,https://www.suse.com/security/cve/CVE-2023-1192,"A use-after-free flaw was found in smb2_is_status_io_timeout() in CIFS in the Linux Kernel. After CIFS transfers response data to a system call, there are still local variable points to the memory region, and if the system call frees it faster than CIFS uses it, CIFS will access a free memory region, leading to a denial of service.",Released
20230307,CVE-2023-1192,6.5,6.5,1208995,kernel-source,https://www.suse.com/security/cve/CVE-2023-1192,"A use-after-free flaw was found in smb2_is_status_io_timeout() in CIFS in the Linux Kernel. After CIFS transfers response data to a system call, there are still local variable points to the memory region, and if the system call frees it faster than CIFS uses it, CIFS will access a free memory region, leading to a denial of service.",Released
20230307,CVE-2023-1192,6.5,6.5,1208995,kernel-syms,https://www.suse.com/security/cve/CVE-2023-1192,"A use-after-free flaw was found in smb2_is_status_io_timeout() in CIFS in the Linux Kernel. After CIFS transfers response data to a system call, there are still local variable points to the memory region, and if the system call frees it faster than CIFS uses it, CIFS will access a free memory region, leading to a denial of service.",Released
20230307,CVE-2023-1192,6.5,6.5,1208995,kernel-trace,https://www.suse.com/security/cve/CVE-2023-1192,"A use-after-free flaw was found in smb2_is_status_io_timeout() in CIFS in the Linux Kernel. After CIFS transfers response data to a system call, there are still local variable points to the memory region, and if the system call frees it faster than CIFS uses it, CIFS will access a free memory region, leading to a denial of service.",Released
20230307,CVE-2023-1192,6.5,6.5,1208995,kernel-xen,https://www.suse.com/security/cve/CVE-2023-1192,"A use-after-free flaw was found in smb2_is_status_io_timeout() in CIFS in the Linux Kernel. After CIFS transfers response data to a system call, there are still local variable points to the memory region, and if the system call frees it faster than CIFS uses it, CIFS will access a free memory region, leading to a denial of service.",Released
20230308,CVE-2023-25690,7.5,9.8,1209047,apache2,https://www.suse.com/security/cve/CVE-2023-25690,"Some mod_proxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Request Smuggling attack.     Configurations are affected when mod_proxy is enabled along with some form of RewriteRule  or ProxyPassMatch in which a non-specific pattern matches  some portion of the user-supplied request-target (URL) data and is then  re-inserted into the proxied request-target using variable  substitution. For example, something like:     RewriteEngine on RewriteRule \"^/here/(.*)\" \"http://example.com:8080/elsewhere?$1\"; [P] ProxyPassReverse /here/ http://example.com:8080/   Request splitting/smuggling could result in bypass of access controls in the proxy server, proxying unintended URLs to existing origin servers, and cache poisoning. Users are recommended to update to at least version 2.4.56 of Apache HTTP Server.   ",Released
20230310,CVE-2023-1289,5.5,5.5,1209141,ImageMagick,https://www.suse.com/security/cve/CVE-2023-1289,"A vulnerability was discovered in ImageMagick where a specially created SVG file loads itself and causes a segmentation fault. This flaw allows a remote attacker to pass a specially crafted SVG file that leads to a segmentation fault, generating many trash files in \"/tmp,\" resulting in a denial of service. When ImageMagick crashes, it generates a lot of trash files. These trash files can be large if the SVG file contains many render actions. In a denial of service attack, if a remote attacker uploads an SVG file of size t, ImageMagick generates files of size 103*t. If an attacker uploads a 100M SVG, the server will generate about 10G.",Released
20230313,CVE-2023-27533,4.5,8.8,1209209,curl,https://www.suse.com/security/cve/CVE-2023-27533,"A vulnerability in input validation exists in curl <8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and \"telnet options\" during server negotiation. The lack of proper input scrubbing allows an attacker to send content or perform option negotiation without the application's intent. This vulnerability could be exploited if an application allows user input, thereby enabling attackers to execute arbitrary code on the system.",Released
20230313,CVE-2023-27534,4.5,8.8,1209210,curl,https://www.suse.com/security/cve/CVE-2023-27534,"A path traversal vulnerability exists in curl <8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can exploit this flaw to bypass filtering or execute arbitrary code by crafting a path like /~2/foo while accessing a server with a specific user.",Released
20230313,CVE-2023-27535,5.8,5.9,1209211,curl,https://www.suse.com/security/cve/CVE-2023-27535,"An authentication bypass vulnerability exists in libcurl <8.0.0 in the FTP connection reuse feature that can result in wrong credentials being used during subsequent transfers. Previously created connections are kept in a connection pool for reuse if they match the current setup. However, certain FTP settings such as CURLOPT_FTP_ACCOUNT, CURLOPT_FTP_ALTERNATIVE_TO_USER, CURLOPT_FTP_SSL_CCC, and CURLOPT_USE_SSL were not included in the configuration match checks, causing them to match too easily. This could lead to libcurl using the wrong credentials when performing a transfer, potentially allowing unauthorized access to sensitive information.",Released
20230313,CVE-2023-27536,5.8,5.9,1209212,curl,https://www.suse.com/security/cve/CVE-2023-27536,"An authentication bypass vulnerability exists libcurl <8.0.0 in the connection reuse feature which can reuse previously established connections with incorrect user permissions due to a failure to check for changes in the CURLOPT_GSSAPI_DELEGATION option. This vulnerability affects krb5/kerberos/negotiate/GSSAPI transfers and could potentially result in unauthorized access to sensitive information. The safest option is to not reuse connections if the CURLOPT_GSSAPI_DELEGATION option has been changed.",Released
20230313,CVE-2023-27538,5.8,5.5,1209214,curl,https://www.suse.com/security/cve/CVE-2023-27538,"An authentication bypass vulnerability exists in libcurl prior to v8.0.0 where it reuses a previously established SSH connection despite the fact that an SSH option was modified, which should have prevented reuse. libcurl maintains a pool of previously used connections to reuse them for subsequent transfers if the configurations match. However, two SSH settings were omitted from the configuration check, allowing them to match easily, potentially leading to the reuse of an inappropriate connection.",Released
20230315,CVE-2023-1382,6.5,4.7,1209288,kernel-default,https://www.suse.com/security/cve/CVE-2023-1382,"A data race flaw was found in the Linux kernel, between where con is allocated and con->sock is set. This issue leads to a NULL pointer dereference when accessing con->sock->sk in net/tipc/topsrv.c in the tipc protocol in the Linux kernel.",Ignore
20230315,CVE-2023-1382,6.5,4.7,1209288,kernel-syms,https://www.suse.com/security/cve/CVE-2023-1382,"A data race flaw was found in the Linux kernel, between where con is allocated and con->sock is set. This issue leads to a NULL pointer dereference when accessing con->sock->sk in net/tipc/topsrv.c in the tipc protocol in the Linux kernel.",Ignore
20230315,CVE-2023-28328,5.5,5.5,1209291,kernel-bigmem,https://www.suse.com/security/cve/CVE-2023-28328,"A NULL pointer dereference flaw was found in the az6027 driver in drivers/media/usb/dev-usb/az6027.c in the Linux Kernel. The message from user space is not checked properly before transferring into the device. This flaw allows a local user to crash the system or potentially cause a denial of service.",Released
20230315,CVE-2023-28328,5.5,5.5,1209291,kernel-default,https://www.suse.com/security/cve/CVE-2023-28328,"A NULL pointer dereference flaw was found in the az6027 driver in drivers/media/usb/dev-usb/az6027.c in the Linux Kernel. The message from user space is not checked properly before transferring into the device. This flaw allows a local user to crash the system or potentially cause a denial of service.",Released
20230315,CVE-2023-28328,5.5,5.5,1209291,kernel-ec2,https://www.suse.com/security/cve/CVE-2023-28328,"A NULL pointer dereference flaw was found in the az6027 driver in drivers/media/usb/dev-usb/az6027.c in the Linux Kernel. The message from user space is not checked properly before transferring into the device. This flaw allows a local user to crash the system or potentially cause a denial of service.",Released
20230315,CVE-2023-28328,5.5,5.5,1209291,kernel-pae,https://www.suse.com/security/cve/CVE-2023-28328,"A NULL pointer dereference flaw was found in the az6027 driver in drivers/media/usb/dev-usb/az6027.c in the Linux Kernel. The message from user space is not checked properly before transferring into the device. This flaw allows a local user to crash the system or potentially cause a denial of service.",Released
20230315,CVE-2023-28328,5.5,5.5,1209291,kernel-ppc64,https://www.suse.com/security/cve/CVE-2023-28328,"A NULL pointer dereference flaw was found in the az6027 driver in drivers/media/usb/dev-usb/az6027.c in the Linux Kernel. The message from user space is not checked properly before transferring into the device. This flaw allows a local user to crash the system or potentially cause a denial of service.",Released
20230315,CVE-2023-28328,5.5,5.5,1209291,kernel-source,https://www.suse.com/security/cve/CVE-2023-28328,"A NULL pointer dereference flaw was found in the az6027 driver in drivers/media/usb/dev-usb/az6027.c in the Linux Kernel. The message from user space is not checked properly before transferring into the device. This flaw allows a local user to crash the system or potentially cause a denial of service.",Released
20230315,CVE-2023-28328,5.5,5.5,1209291,kernel-syms,https://www.suse.com/security/cve/CVE-2023-28328,"A NULL pointer dereference flaw was found in the az6027 driver in drivers/media/usb/dev-usb/az6027.c in the Linux Kernel. The message from user space is not checked properly before transferring into the device. This flaw allows a local user to crash the system or potentially cause a denial of service.",Released
20230315,CVE-2023-28328,5.5,5.5,1209291,kernel-trace,https://www.suse.com/security/cve/CVE-2023-28328,"A NULL pointer dereference flaw was found in the az6027 driver in drivers/media/usb/dev-usb/az6027.c in the Linux Kernel. The message from user space is not checked properly before transferring into the device. This flaw allows a local user to crash the system or potentially cause a denial of service.",Released
20230315,CVE-2023-28328,5.5,5.5,1209291,kernel-xen,https://www.suse.com/security/cve/CVE-2023-28328,"A NULL pointer dereference flaw was found in the az6027 driver in drivers/media/usb/dev-usb/az6027.c in the Linux Kernel. The message from user space is not checked properly before transferring into the device. This flaw allows a local user to crash the system or potentially cause a denial of service.",Released
20230316,CVE-2023-28450,5.3,7.5,1209358,dnsmasq,https://www.suse.com/security/cve/CVE-2023-28450,"An issue was discovered in Dnsmasq before 2.90. The default maximum EDNS.0 UDP packet size was set to 4096 but should be 1232 because of DNS Flag Day 2020.",Unsupported
20230316,CVE-2023-28466,7.8,7,1209366,kernel-default,https://www.suse.com/security/cve/CVE-2023-28466,"do_tls_getsockopt in net/tls/tls_main.c in the Linux kernel through 6.2.6 lacks a lock_sock call, leading to a race condition (with a resultant use-after-free or NULL pointer dereference).",Ignore
20230316,CVE-2023-28466,7.8,7,1209366,kernel-ec2,https://www.suse.com/security/cve/CVE-2023-28466,"do_tls_getsockopt in net/tls/tls_main.c in the Linux kernel through 6.2.6 lacks a lock_sock call, leading to a race condition (with a resultant use-after-free or NULL pointer dereference).",Ignore
20230316,CVE-2023-28466,7.8,7,1209366,kernel-syms,https://www.suse.com/security/cve/CVE-2023-28466,"do_tls_getsockopt in net/tls/tls_main.c in the Linux kernel through 6.2.6 lacks a lock_sock call, leading to a race condition (with a resultant use-after-free or NULL pointer dereference).",Ignore
20230316,CVE-2023-28486,5.5,5.3,1209362,sudo,https://www.suse.com/security/cve/CVE-2023-28486,"Sudo before 1.9.13 does not escape control characters in log messages.",Won't fix
20230316,CVE-2023-28487,5.5,5.3,1209361,sudo,https://www.suse.com/security/cve/CVE-2023-28487,"Sudo before 1.9.13 does not escape control characters in sudoreplay output.",Won't fix
20230321,CVE-2023-1393,7,7.8,1209543,xorg-x11-server,https://www.suse.com/security/cve/CVE-2023-1393,"A flaw was found in X.Org Server Overlay Window. A Use-After-Free may lead to local privilege escalation. If a client explicitly destroys the compositor overlay window (aka COW), the Xserver would leave a dangling pointer to that window in the CompScreen structure, which will trigger a use-after-free later.",Released
20230321,CVE-2023-1513,3.3,3.3,1209532,kernel-bigmem,https://www.suse.com/security/cve/CVE-2023-1513,"A flaw was found in KVM. When calling the KVM_GET_DEBUGREGS ioctl, on 32-bit systems, there might be some uninitialized portions of the kvm_debugregs structure that could be copied to userspace, causing an information leak.",Released
20230321,CVE-2023-1513,3.3,3.3,1209532,kernel-default,https://www.suse.com/security/cve/CVE-2023-1513,"A flaw was found in KVM. When calling the KVM_GET_DEBUGREGS ioctl, on 32-bit systems, there might be some uninitialized portions of the kvm_debugregs structure that could be copied to userspace, causing an information leak.",Released
20230321,CVE-2023-1513,3.3,3.3,1209532,kernel-ec2,https://www.suse.com/security/cve/CVE-2023-1513,"A flaw was found in KVM. When calling the KVM_GET_DEBUGREGS ioctl, on 32-bit systems, there might be some uninitialized portions of the kvm_debugregs structure that could be copied to userspace, causing an information leak.",Released
20230321,CVE-2023-1513,3.3,3.3,1209532,kernel-pae,https://www.suse.com/security/cve/CVE-2023-1513,"A flaw was found in KVM. When calling the KVM_GET_DEBUGREGS ioctl, on 32-bit systems, there might be some uninitialized portions of the kvm_debugregs structure that could be copied to userspace, causing an information leak.",Released
20230321,CVE-2023-1513,3.3,3.3,1209532,kernel-ppc64,https://www.suse.com/security/cve/CVE-2023-1513,"A flaw was found in KVM. When calling the KVM_GET_DEBUGREGS ioctl, on 32-bit systems, there might be some uninitialized portions of the kvm_debugregs structure that could be copied to userspace, causing an information leak.",Released
20230321,CVE-2023-1513,3.3,3.3,1209532,kernel-source,https://www.suse.com/security/cve/CVE-2023-1513,"A flaw was found in KVM. When calling the KVM_GET_DEBUGREGS ioctl, on 32-bit systems, there might be some uninitialized portions of the kvm_debugregs structure that could be copied to userspace, causing an information leak.",Released
20230321,CVE-2023-1513,3.3,3.3,1209532,kernel-syms,https://www.suse.com/security/cve/CVE-2023-1513,"A flaw was found in KVM. When calling the KVM_GET_DEBUGREGS ioctl, on 32-bit systems, there might be some uninitialized portions of the kvm_debugregs structure that could be copied to userspace, causing an information leak.",Released
20230321,CVE-2023-1513,3.3,3.3,1209532,kernel-trace,https://www.suse.com/security/cve/CVE-2023-1513,"A flaw was found in KVM. When calling the KVM_GET_DEBUGREGS ioctl, on 32-bit systems, there might be some uninitialized portions of the kvm_debugregs structure that could be copied to userspace, causing an information leak.",Released
20230321,CVE-2023-1513,3.3,3.3,1209532,kernel-xen,https://www.suse.com/security/cve/CVE-2023-1513,"A flaw was found in KVM. When calling the KVM_GET_DEBUGREGS ioctl, on 32-bit systems, there might be some uninitialized portions of the kvm_debugregs structure that could be copied to userspace, causing an information leak.",Released
20230322,CVE-2023-0464,5.3,7.5,1209624,openssl,https://www.suse.com/security/cve/CVE-2023-0464,"A security vulnerability has been identified in all supported versions  of OpenSSL related to the verification of X.509 certificate chains that include policy constraints.  Attackers may be able to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of computational resources, leading to a denial-of-service (DoS) attack on affected systems.  Policy processing is disabled by default but can be enabled by passing the `-policy' argument to the command line utilities or by calling the `X509_VERIFY_PARAM_set1_policies()' function.",Released
20230323,CVE-2023-1579,3.3,7.8,1209642,binutils,https://www.suse.com/security/cve/CVE-2023-1579,"Heap based buffer overflow in binutils-gdb/bfd/libbfd.c in bfd_getl64.",Unsupported
20230324,CVE-2023-25180,6.2,,1209713,glib2,https://www.suse.com/security/cve/CVE-2023-25180,"** REJECT ** Rejected by upstream.",Ignore
20230327,CVE-2023-1637,4.8,5.5,1209779,kernel-default,https://www.suse.com/security/cve/CVE-2023-1637,"A flaw that boot CPU could be vulnerable for the speculative execution behavior kind of attacks in the Linux kernel X86 CPU Power management options functionality was found in the way user resuming CPU from suspend-to-RAM. A local user could use this flaw to potentially get unauthorized access to some memory of the CPU similar to the speculative execution behavior kind of attacks.",Analysis
20230327,CVE-2023-1637,4.8,5.5,1209779,kernel-source,https://www.suse.com/security/cve/CVE-2023-1637,"A flaw that boot CPU could be vulnerable for the speculative execution behavior kind of attacks in the Linux kernel X86 CPU Power management options functionality was found in the way user resuming CPU from suspend-to-RAM. A local user could use this flaw to potentially get unauthorized access to some memory of the CPU similar to the speculative execution behavior kind of attacks.",Analysis
20230327,CVE-2023-1637,4.8,5.5,1209779,kernel-syms,https://www.suse.com/security/cve/CVE-2023-1637,"A flaw that boot CPU could be vulnerable for the speculative execution behavior kind of attacks in the Linux kernel X86 CPU Power management options functionality was found in the way user resuming CPU from suspend-to-RAM. A local user could use this flaw to potentially get unauthorized access to some memory of the CPU similar to the speculative execution behavior kind of attacks.",Analysis
20230329,CVE-2023-0465,5.9,5.3,1209878,openssl,https://www.suse.com/security/cve/CVE-2023-0465,"Applications that use a non-default option when verifying certificates may be vulnerable to an attack from a malicious CA to circumvent certain checks.  Invalid certificate policies in leaf certificates are silently ignored by OpenSSL and other certificate policy checks are skipped for that certificate. A malicious CA could use this to deliberately assert invalid certificate policies in order to circumvent policy checking on the certificate altogether.  Policy processing is disabled by default but can be enabled by passing the `-policy' argument to the command line utilities or by calling the `X509_VERIFY_PARAM_set1_policies()' function.",Released
20230329,CVE-2023-0466,2,5.3,1209873,openssl,https://www.suse.com/security/cve/CVE-2023-0466,"The function X509_VERIFY_PARAM_add0_policy() is documented to implicitly enable the certificate policy check when doing certificate verification. However the implementation of the function does not enable the check which allows certificates with invalid or incorrect policies to pass the certificate verification.  As suddenly enabling the policy check could break existing deployments it was decided to keep the existing behavior of the X509_VERIFY_PARAM_add0_policy() function.  Instead the applications that require OpenSSL to perform certificate policy check need to use X509_VERIFY_PARAM_set1_policies() or explicitly enable the policy check by calling X509_VERIFY_PARAM_set_flags() with the X509_V_FLAG_POLICY_CHECK flag argument.  Certificate policy checks are disabled by default in OpenSSL and are not commonly used by applications.",Released
20230329,CVE-2023-1670,4.4,7.8,1209871,kernel-bigmem,https://www.suse.com/security/cve/CVE-2023-1670,"A flaw use after free in the Linux kernel Xircom 16-bit PCMCIA (PC-card) Ethernet driver was found.A local user could use this flaw to crash the system or potentially escalate their privileges on the system.",Released
20230329,CVE-2023-1670,4.4,7.8,1209871,kernel-default,https://www.suse.com/security/cve/CVE-2023-1670,"A flaw use after free in the Linux kernel Xircom 16-bit PCMCIA (PC-card) Ethernet driver was found.A local user could use this flaw to crash the system or potentially escalate their privileges on the system.",Released
20230329,CVE-2023-1670,4.4,7.8,1209871,kernel-ec2,https://www.suse.com/security/cve/CVE-2023-1670,"A flaw use after free in the Linux kernel Xircom 16-bit PCMCIA (PC-card) Ethernet driver was found.A local user could use this flaw to crash the system or potentially escalate their privileges on the system.",Released
20230329,CVE-2023-1670,4.4,7.8,1209871,kernel-pae,https://www.suse.com/security/cve/CVE-2023-1670,"A flaw use after free in the Linux kernel Xircom 16-bit PCMCIA (PC-card) Ethernet driver was found.A local user could use this flaw to crash the system or potentially escalate their privileges on the system.",Released
20230329,CVE-2023-1670,4.4,7.8,1209871,kernel-ppc64,https://www.suse.com/security/cve/CVE-2023-1670,"A flaw use after free in the Linux kernel Xircom 16-bit PCMCIA (PC-card) Ethernet driver was found.A local user could use this flaw to crash the system or potentially escalate their privileges on the system.",Released
20230329,CVE-2023-1670,4.4,7.8,1209871,kernel-source,https://www.suse.com/security/cve/CVE-2023-1670,"A flaw use after free in the Linux kernel Xircom 16-bit PCMCIA (PC-card) Ethernet driver was found.A local user could use this flaw to crash the system or potentially escalate their privileges on the system.",Released
20230329,CVE-2023-1670,4.4,7.8,1209871,kernel-syms,https://www.suse.com/security/cve/CVE-2023-1670,"A flaw use after free in the Linux kernel Xircom 16-bit PCMCIA (PC-card) Ethernet driver was found.A local user could use this flaw to crash the system or potentially escalate their privileges on the system.",Released
20230329,CVE-2023-1670,4.4,7.8,1209871,kernel-trace,https://www.suse.com/security/cve/CVE-2023-1670,"A flaw use after free in the Linux kernel Xircom 16-bit PCMCIA (PC-card) Ethernet driver was found.A local user could use this flaw to crash the system or potentially escalate their privileges on the system.",Released
20230329,CVE-2023-1670,4.4,7.8,1209871,kernel-xen,https://www.suse.com/security/cve/CVE-2023-1670,"A flaw use after free in the Linux kernel Xircom 16-bit PCMCIA (PC-card) Ethernet driver was found.A local user could use this flaw to crash the system or potentially escalate their privileges on the system.",Released
20230330,CVE-2023-28756,6.5,5.3,1209967,ruby,https://www.suse.com/security/cve/CVE-2023-28756,"A ReDoS issue was discovered in the Time component through 0.2.1 in Ruby through 3.2.1. The Time parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to Time objects. The fixed versions are 0.1.1 and 0.2.2.",Unsupported
20230403,CVE-2023-28757,8.6,,1210046,openslp,https://www.suse.com/security/cve/CVE-2023-28757,"** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.",Won't fix
20230403,CVE-2023-28845,,3.5,1210036,talk,https://www.suse.com/security/cve/CVE-2023-28845,"Nextcloud talk is a video & audio conferencing app for Nextcloud. In affected versions the talk app does not properly filter access to a conversations member list. As a result an attacker could use this vulnerability to gain information about the members of a Talk conversation, even if they themselves are not members. It is recommended that the Nextcloud Talk is upgraded to 14.0.9 or 15.0.4. There are no known workarounds for this vulnerability.",Analysis
20230403,CVE-2023-28879,7.8,9.8,1210062,ghostscript-library,https://www.suse.com/security/cve/CVE-2023-28879,"In Artifex Ghostscript through 10.01.0, there is a buffer overflow leading to potential corruption of data internal to the PostScript interpreter, in base/sbcp.c. This affects BCPEncode, BCPDecode, TBCPEncode, and TBCPDecode. If the write buffer is filled to one byte less than full, and one then tries to write an escaped character, two bytes are written.",Released
20230404,CVE-2023-26112,3.7,3.7,1210070,python-configobj,https://www.suse.com/security/cve/CVE-2023-26112,"All versions of the package configobj are vulnerable to Regular Expression Denial of Service (ReDoS) via the validate function, using (.+?)\((.*)\).

**Note:** This is only exploitable in the case of a developer, putting the offending value in a server side configuration file.

",Unsupported
20230406,CVE-2023-1838,5.5,7.1,1210203,kernel-default,https://www.suse.com/security/cve/CVE-2023-1838,"A use-after-free flaw was found in vhost_net_set_backend in drivers/vhost/net.c in virtio network subcomponent in the Linux kernel due to a double fget. This flaw could allow a local attacker to crash the system, and could even lead to a kernel information leak problem.",Analysis
20230406,CVE-2023-1838,5.5,7.1,1210203,kernel-source,https://www.suse.com/security/cve/CVE-2023-1838,"A use-after-free flaw was found in vhost_net_set_backend in drivers/vhost/net.c in virtio network subcomponent in the Linux kernel due to a double fget. This flaw could allow a local attacker to crash the system, and could even lead to a kernel information leak problem.",Analysis
20230406,CVE-2023-1838,5.5,7.1,1210203,kernel-syms,https://www.suse.com/security/cve/CVE-2023-1838,"A use-after-free flaw was found in vhost_net_set_backend in drivers/vhost/net.c in virtio network subcomponent in the Linux kernel due to a double fget. This flaw could allow a local attacker to crash the system, and could even lead to a kernel information leak problem.",Analysis
20230406,CVE-2023-1855,6.4,6.3,1210202,kernel-default,https://www.suse.com/security/cve/CVE-2023-1855,"A use-after-free flaw was found in xgene_hwmon_remove in drivers/hwmon/xgene-hwmon.c in the Hardware Monitoring Linux Kernel Driver (xgene-hwmon). This flaw could allow a local attacker to crash the system due to a race problem. This vulnerability could even lead to a kernel information leak problem.",Analysis
20230406,CVE-2023-1855,6.4,6.3,1210202,kernel-ec2,https://www.suse.com/security/cve/CVE-2023-1855,"A use-after-free flaw was found in xgene_hwmon_remove in drivers/hwmon/xgene-hwmon.c in the Hardware Monitoring Linux Kernel Driver (xgene-hwmon). This flaw could allow a local attacker to crash the system due to a race problem. This vulnerability could even lead to a kernel information leak problem.",Analysis
20230406,CVE-2023-1855,6.4,6.3,1210202,kernel-source,https://www.suse.com/security/cve/CVE-2023-1855,"A use-after-free flaw was found in xgene_hwmon_remove in drivers/hwmon/xgene-hwmon.c in the Hardware Monitoring Linux Kernel Driver (xgene-hwmon). This flaw could allow a local attacker to crash the system due to a race problem. This vulnerability could even lead to a kernel information leak problem.",Analysis
20230406,CVE-2023-1855,6.4,6.3,1210202,kernel-syms,https://www.suse.com/security/cve/CVE-2023-1855,"A use-after-free flaw was found in xgene_hwmon_remove in drivers/hwmon/xgene-hwmon.c in the Hardware Monitoring Linux Kernel Driver (xgene-hwmon). This flaw could allow a local attacker to crash the system due to a race problem. This vulnerability could even lead to a kernel information leak problem.",Analysis
20230411,CVE-2023-1972,3.3,6.5,1210297,binutils,https://www.suse.com/security/cve/CVE-2023-1972,"A potential heap based buffer overflow was found in _bfd_elf_slurp_version_tables() in bfd/elf.c. This may lead to loss of availability.",Analysis
20230411,CVE-2023-1981,5.5,5.5,1210328,avahi-glib2,https://www.suse.com/security/cve/CVE-2023-1981,"A vulnerability was found in the avahi library. This flaw allows an unprivileged user to make a dbus call, causing the avahi daemon to crash.",Released
20230411,CVE-2023-1981,5.5,5.5,1210328,avahi,https://www.suse.com/security/cve/CVE-2023-1981,"A vulnerability was found in the avahi library. This flaw allows an unprivileged user to make a dbus call, causing the avahi daemon to crash.",Released
20230411,CVE-2023-29552,8.6,7.5,1210046,openslp,https://www.suse.com/security/cve/CVE-2023-29552,"The Service Location Protocol (SLP, RFC 2608) allows an unauthenticated, remote attacker to register arbitrary services. This could allow the attacker to use spoofed UDP traffic to conduct a denial-of-service attack with a significant amplification factor.",Won't fix
20230412,CVE-2023-1989,7.8,7,1210336,kernel-bigmem,https://www.suse.com/security/cve/CVE-2023-1989,"A use-after-free flaw was found in btsdio_remove in drivers\bluetooth\btsdio.c in the Linux Kernel. In this flaw, a call to btsdio_remove with an unfinished job, may cause a race problem leading to a UAF on hdev devices.",Released
20230412,CVE-2023-1989,7.8,7,1210336,kernel-default,https://www.suse.com/security/cve/CVE-2023-1989,"A use-after-free flaw was found in btsdio_remove in drivers\bluetooth\btsdio.c in the Linux Kernel. In this flaw, a call to btsdio_remove with an unfinished job, may cause a race problem leading to a UAF on hdev devices.",Released
20230412,CVE-2023-1989,7.8,7,1210336,kernel-ec2,https://www.suse.com/security/cve/CVE-2023-1989,"A use-after-free flaw was found in btsdio_remove in drivers\bluetooth\btsdio.c in the Linux Kernel. In this flaw, a call to btsdio_remove with an unfinished job, may cause a race problem leading to a UAF on hdev devices.",Released
20230412,CVE-2023-1989,7.8,7,1210336,kernel-pae,https://www.suse.com/security/cve/CVE-2023-1989,"A use-after-free flaw was found in btsdio_remove in drivers\bluetooth\btsdio.c in the Linux Kernel. In this flaw, a call to btsdio_remove with an unfinished job, may cause a race problem leading to a UAF on hdev devices.",Released
20230412,CVE-2023-1989,7.8,7,1210336,kernel-ppc64,https://www.suse.com/security/cve/CVE-2023-1989,"A use-after-free flaw was found in btsdio_remove in drivers\bluetooth\btsdio.c in the Linux Kernel. In this flaw, a call to btsdio_remove with an unfinished job, may cause a race problem leading to a UAF on hdev devices.",Released
20230412,CVE-2023-1989,7.8,7,1210336,kernel-source,https://www.suse.com/security/cve/CVE-2023-1989,"A use-after-free flaw was found in btsdio_remove in drivers\bluetooth\btsdio.c in the Linux Kernel. In this flaw, a call to btsdio_remove with an unfinished job, may cause a race problem leading to a UAF on hdev devices.",Released
20230412,CVE-2023-1989,7.8,7,1210336,kernel-syms,https://www.suse.com/security/cve/CVE-2023-1989,"A use-after-free flaw was found in btsdio_remove in drivers\bluetooth\btsdio.c in the Linux Kernel. In this flaw, a call to btsdio_remove with an unfinished job, may cause a race problem leading to a UAF on hdev devices.",Released
20230412,CVE-2023-1989,7.8,7,1210336,kernel-trace,https://www.suse.com/security/cve/CVE-2023-1989,"A use-after-free flaw was found in btsdio_remove in drivers\bluetooth\btsdio.c in the Linux Kernel. In this flaw, a call to btsdio_remove with an unfinished job, may cause a race problem leading to a UAF on hdev devices.",Released
20230412,CVE-2023-1989,7.8,7,1210336,kernel-xen,https://www.suse.com/security/cve/CVE-2023-1989,"A use-after-free flaw was found in btsdio_remove in drivers\bluetooth\btsdio.c in the Linux Kernel. In this flaw, a call to btsdio_remove with an unfinished job, may cause a race problem leading to a UAF on hdev devices.",Released
20230413,CVE-2023-27349,8,,1210398,bluez,https://www.suse.com/security/cve/CVE-2023-27349,"** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.",Ignore
20230413,CVE-2023-28484,5.9,6.5,1210411,libxml2,https://www.suse.com/security/cve/CVE-2023-28484,"In libxml2 before 2.10.4, parsing of certain invalid XSD schemas can lead to a NULL pointer dereference and subsequently a segfault. This occurs in xmlSchemaFixupComplexType in xmlschemas.c.",Released
20230413,CVE-2023-28484,5.9,6.5,1210411,libxml2-python,https://www.suse.com/security/cve/CVE-2023-28484,"In libxml2 before 2.10.4, parsing of certain invalid XSD schemas can lead to a NULL pointer dereference and subsequently a segfault. This occurs in xmlSchemaFixupComplexType in xmlschemas.c.",Released
20230413,CVE-2023-29469,5.9,6.5,1210412,libxml2,https://www.suse.com/security/cve/CVE-2023-29469,"An issue was discovered in libxml2 before 2.10.4. When hashing empty dict strings in a crafted XML document, xmlDictComputeFastKey in dict.c can produce non-deterministic values, leading to various logic and memory errors, such as a double free. This behavior occurs because there is an attempt to use the first byte of an empty string, and any value is possible (not solely the '\0' value).",Released
20230413,CVE-2023-29469,5.9,6.5,1210412,libxml2-python,https://www.suse.com/security/cve/CVE-2023-29469,"An issue was discovered in libxml2 before 2.10.4. When hashing empty dict strings in a crafted XML document, xmlDictComputeFastKey in dict.c can produce non-deterministic values, leading to various logic and memory errors, such as a double free. This behavior occurs because there is an attempt to use the first byte of an empty string, and any value is possible (not solely the '\0' value).",Released
20230413,CVE-2023-29491,6.5,7.8,1210434,ncurses,https://www.suse.com/security/cve/CVE-2023-29491,"ncurses before 6.4 20230408, when used by a setuid application, allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file that is found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable.",Released
20230414,CVE-2023-1326,6.7,7.7,1210451,apport-crashdb-sle,https://www.suse.com/security/cve/CVE-2023-1326,"A privilege escalation attack was found in apport-cli 2.26.0 and earlier which is similar to CVE-2023-26604. If a system is specially configured to allow unprivileged users to run sudo apport-cli, less is configured as the pager, and the terminal size can be set: a local attacker can escalate privilege. It is extremely unlikely that a system administrator would configure sudo to allow unprivileged users to perform this class of exploit.",Analysis
20230414,CVE-2023-1326,6.7,7.7,1210451,apport,https://www.suse.com/security/cve/CVE-2023-1326,"A privilege escalation attack was found in apport-cli 2.26.0 and earlier which is similar to CVE-2023-26604. If a system is specially configured to allow unprivileged users to run sudo apport-cli, less is configured as the pager, and the terminal size can be set: a local attacker can escalate privilege. It is extremely unlikely that a system administrator would configure sudo to allow unprivileged users to perform this class of exploit.",Analysis
20230414,CVE-2023-2007,4.4,7.8,1210448,kernel-bigmem,https://www.suse.com/security/cve/CVE-2023-2007,"The specific flaw exists within the DPT I2O Controller driver. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the kernel.",Released
20230414,CVE-2023-2007,4.4,7.8,1210448,kernel-default,https://www.suse.com/security/cve/CVE-2023-2007,"The specific flaw exists within the DPT I2O Controller driver. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the kernel.",Released
20230414,CVE-2023-2007,4.4,7.8,1210448,kernel-ec2,https://www.suse.com/security/cve/CVE-2023-2007,"The specific flaw exists within the DPT I2O Controller driver. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the kernel.",Released
20230414,CVE-2023-2007,4.4,7.8,1210448,kernel-pae,https://www.suse.com/security/cve/CVE-2023-2007,"The specific flaw exists within the DPT I2O Controller driver. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the kernel.",Released
20230414,CVE-2023-2007,4.4,7.8,1210448,kernel-ppc64,https://www.suse.com/security/cve/CVE-2023-2007,"The specific flaw exists within the DPT I2O Controller driver. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the kernel.",Released
20230414,CVE-2023-2007,4.4,7.8,1210448,kernel-source,https://www.suse.com/security/cve/CVE-2023-2007,"The specific flaw exists within the DPT I2O Controller driver. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the kernel.",Released
20230414,CVE-2023-2007,4.4,7.8,1210448,kernel-syms,https://www.suse.com/security/cve/CVE-2023-2007,"The specific flaw exists within the DPT I2O Controller driver. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the kernel.",Released
20230414,CVE-2023-2007,4.4,7.8,1210448,kernel-trace,https://www.suse.com/security/cve/CVE-2023-2007,"The specific flaw exists within the DPT I2O Controller driver. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the kernel.",Released
20230414,CVE-2023-2007,4.4,7.8,1210448,kernel-xen,https://www.suse.com/security/cve/CVE-2023-2007,"The specific flaw exists within the DPT I2O Controller driver. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the kernel.",Released
20230416,CVE-2023-30772,6.4,6.4,1210329,kernel-default,https://www.suse.com/security/cve/CVE-2023-30772,"The Linux kernel before 6.2.9 has a race condition and resultant use-after-free in drivers/power/supply/da9150-charger.c if a physically proximate attacker unplugs a device.",Ignore
20230416,CVE-2023-30772,6.4,6.4,1210329,kernel-ec2,https://www.suse.com/security/cve/CVE-2023-30772,"The Linux kernel before 6.2.9 has a race condition and resultant use-after-free in drivers/power/supply/da9150-charger.c if a physically proximate attacker unplugs a device.",Ignore
20230416,CVE-2023-30772,6.4,6.4,1210329,kernel-syms,https://www.suse.com/security/cve/CVE-2023-30772,"The Linux kernel before 6.2.9 has a race condition and resultant use-after-free in drivers/power/supply/da9150-charger.c if a physically proximate attacker unplugs a device.",Ignore
20230417,CVE-2023-2124,6.7,7.8,1210498,kernel-default,https://www.suse.com/security/cve/CVE-2023-2124,"An out-of-bounds memory access flaw was found in the Linux kernel’s XFS file system in how a user restores an XFS image after failure (with a dirty log journal). This flaw allows a local user to crash or potentially escalate their privileges on the system.",Ignore
20230417,CVE-2023-2124,6.7,7.8,1210498,kernel-ec2,https://www.suse.com/security/cve/CVE-2023-2124,"An out-of-bounds memory access flaw was found in the Linux kernel’s XFS file system in how a user restores an XFS image after failure (with a dirty log journal). This flaw allows a local user to crash or potentially escalate their privileges on the system.",Ignore
20230417,CVE-2023-2124,6.7,7.8,1210498,kernel-syms,https://www.suse.com/security/cve/CVE-2023-2124,"An out-of-bounds memory access flaw was found in the Linux kernel’s XFS file system in how a user restores an XFS image after failure (with a dirty log journal). This flaw allows a local user to crash or potentially escalate their privileges on the system.",Ignore
20230419,CVE-2023-2137,8.8,8.8,1210618,sqlite3,https://www.suse.com/security/cve/CVE-2023-2137,"Heap buffer overflow in sqlite in Google Chrome prior to 112.0.5615.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)",Analysis
20230419,CVE-2023-2162,7,5.5,1210647,kernel-bigmem,https://www.suse.com/security/cve/CVE-2023-2162,"A use-after-free vulnerability was found in iscsi_sw_tcp_session_create in drivers/scsi/iscsi_tcp.c in SCSI sub-component in the Linux Kernel. In this flaw an attacker could leak kernel internal information.",Released
20230419,CVE-2023-2162,7,5.5,1210647,kernel-default,https://www.suse.com/security/cve/CVE-2023-2162,"A use-after-free vulnerability was found in iscsi_sw_tcp_session_create in drivers/scsi/iscsi_tcp.c in SCSI sub-component in the Linux Kernel. In this flaw an attacker could leak kernel internal information.",Released
20230419,CVE-2023-2162,7,5.5,1210647,kernel-ec2,https://www.suse.com/security/cve/CVE-2023-2162,"A use-after-free vulnerability was found in iscsi_sw_tcp_session_create in drivers/scsi/iscsi_tcp.c in SCSI sub-component in the Linux Kernel. In this flaw an attacker could leak kernel internal information.",Released
20230419,CVE-2023-2162,7,5.5,1210647,kernel-pae,https://www.suse.com/security/cve/CVE-2023-2162,"A use-after-free vulnerability was found in iscsi_sw_tcp_session_create in drivers/scsi/iscsi_tcp.c in SCSI sub-component in the Linux Kernel. In this flaw an attacker could leak kernel internal information.",Released
20230419,CVE-2023-2162,7,5.5,1210647,kernel-ppc64,https://www.suse.com/security/cve/CVE-2023-2162,"A use-after-free vulnerability was found in iscsi_sw_tcp_session_create in drivers/scsi/iscsi_tcp.c in SCSI sub-component in the Linux Kernel. In this flaw an attacker could leak kernel internal information.",Released
20230419,CVE-2023-2162,7,5.5,1210647,kernel-source,https://www.suse.com/security/cve/CVE-2023-2162,"A use-after-free vulnerability was found in iscsi_sw_tcp_session_create in drivers/scsi/iscsi_tcp.c in SCSI sub-component in the Linux Kernel. In this flaw an attacker could leak kernel internal information.",Released
20230419,CVE-2023-2162,7,5.5,1210647,kernel-syms,https://www.suse.com/security/cve/CVE-2023-2162,"A use-after-free vulnerability was found in iscsi_sw_tcp_session_create in drivers/scsi/iscsi_tcp.c in SCSI sub-component in the Linux Kernel. In this flaw an attacker could leak kernel internal information.",Released
20230419,CVE-2023-2162,7,5.5,1210647,kernel-trace,https://www.suse.com/security/cve/CVE-2023-2162,"A use-after-free vulnerability was found in iscsi_sw_tcp_session_create in drivers/scsi/iscsi_tcp.c in SCSI sub-component in the Linux Kernel. In this flaw an attacker could leak kernel internal information.",Released
20230419,CVE-2023-2162,7,5.5,1210647,kernel-xen,https://www.suse.com/security/cve/CVE-2023-2162,"A use-after-free vulnerability was found in iscsi_sw_tcp_session_create in drivers/scsi/iscsi_tcp.c in SCSI sub-component in the Linux Kernel. In this flaw an attacker could leak kernel internal information.",Released
20230419,CVE-2023-2176,7.8,7.8,1210629,kernel-source,https://www.suse.com/security/cve/CVE-2023-2176,"A vulnerability was found in compare_netdev_and_ip in drivers/infiniband/core/cma.c in RDMA in the Linux Kernel. The improper cleanup results in out-of-boundary read, where a local user can utilize this problem to crash the system or escalation of privilege.",Already fixed
20230419,CVE-2023-27043,5.3,5.3,1210638,python,https://www.suse.com/security/cve/CVE-2023-27043,"The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is granted only after verifying receipt of e-mail to a specific domain (e.g., only @company.example.com addresses may be used for signup). This occurs in email/_parseaddr.py in recent versions of Python.",Unsupported
20230421,CVE-2023-2222,3.3,,1210733,binutils,https://www.suse.com/security/cve/CVE-2023-2222,"** REJECT ** This was deemed not a security vulnerability by upstream.",Analysis
20230424,CVE-2023-31084,5.5,5.5,1210783,kernel-default,https://www.suse.com/security/cve/CVE-2023-31084,"An issue was discovered in drivers/media/dvb-core/dvb_frontend.c in the Linux kernel 6.2. There is a blocking operation when a task is in !TASK_RUNNING. In dvb_frontend_get_event, wait_event_interruptible is called; the condition is dvb_frontend_test_event(fepriv,events). In dvb_frontend_test_event, down(&fepriv->sem) is called. However, wait_event_interruptible would put the process to sleep, and down(&fepriv->sem) may block the process.",Analysis
20230424,CVE-2023-31084,5.5,5.5,1210783,kernel-ec2,https://www.suse.com/security/cve/CVE-2023-31084,"An issue was discovered in drivers/media/dvb-core/dvb_frontend.c in the Linux kernel 6.2. There is a blocking operation when a task is in !TASK_RUNNING. In dvb_frontend_get_event, wait_event_interruptible is called; the condition is dvb_frontend_test_event(fepriv,events). In dvb_frontend_test_event, down(&fepriv->sem) is called. However, wait_event_interruptible would put the process to sleep, and down(&fepriv->sem) may block the process.",Analysis
20230424,CVE-2023-31084,5.5,5.5,1210783,kernel-source,https://www.suse.com/security/cve/CVE-2023-31084,"An issue was discovered in drivers/media/dvb-core/dvb_frontend.c in the Linux kernel 6.2. There is a blocking operation when a task is in !TASK_RUNNING. In dvb_frontend_get_event, wait_event_interruptible is called; the condition is dvb_frontend_test_event(fepriv,events). In dvb_frontend_test_event, down(&fepriv->sem) is called. However, wait_event_interruptible would put the process to sleep, and down(&fepriv->sem) may block the process.",Analysis
20230424,CVE-2023-31084,5.5,5.5,1210783,kernel-syms,https://www.suse.com/security/cve/CVE-2023-31084,"An issue was discovered in drivers/media/dvb-core/dvb_frontend.c in the Linux kernel 6.2. There is a blocking operation when a task is in !TASK_RUNNING. In dvb_frontend_get_event, wait_event_interruptible is called; the condition is dvb_frontend_test_event(fepriv,events). In dvb_frontend_test_event, down(&fepriv->sem) is called. However, wait_event_interruptible would put the process to sleep, and down(&fepriv->sem) may block the process.",Analysis
20230424,CVE-2023-31085,5.5,5.5,1210778,kernel-bigmem,https://www.suse.com/security/cve/CVE-2023-31085,"An issue was discovered in drivers/mtd/ubi/cdev.c in the Linux kernel 6.2. There is a divide-by-zero error in do_div(sz,mtd->erasesize), used indirectly by ctrl_cdev_ioctl, when mtd->erasesize is 0.",Released
20230424,CVE-2023-31085,5.5,5.5,1210778,kernel-default,https://www.suse.com/security/cve/CVE-2023-31085,"An issue was discovered in drivers/mtd/ubi/cdev.c in the Linux kernel 6.2. There is a divide-by-zero error in do_div(sz,mtd->erasesize), used indirectly by ctrl_cdev_ioctl, when mtd->erasesize is 0.",Released
20230424,CVE-2023-31085,5.5,5.5,1210778,kernel-ec2,https://www.suse.com/security/cve/CVE-2023-31085,"An issue was discovered in drivers/mtd/ubi/cdev.c in the Linux kernel 6.2. There is a divide-by-zero error in do_div(sz,mtd->erasesize), used indirectly by ctrl_cdev_ioctl, when mtd->erasesize is 0.",Released
20230424,CVE-2023-31085,5.5,5.5,1210778,kernel-pae,https://www.suse.com/security/cve/CVE-2023-31085,"An issue was discovered in drivers/mtd/ubi/cdev.c in the Linux kernel 6.2. There is a divide-by-zero error in do_div(sz,mtd->erasesize), used indirectly by ctrl_cdev_ioctl, when mtd->erasesize is 0.",Released
20230424,CVE-2023-31085,5.5,5.5,1210778,kernel-ppc64,https://www.suse.com/security/cve/CVE-2023-31085,"An issue was discovered in drivers/mtd/ubi/cdev.c in the Linux kernel 6.2. There is a divide-by-zero error in do_div(sz,mtd->erasesize), used indirectly by ctrl_cdev_ioctl, when mtd->erasesize is 0.",Released
20230424,CVE-2023-31085,5.5,5.5,1210778,kernel-source,https://www.suse.com/security/cve/CVE-2023-31085,"An issue was discovered in drivers/mtd/ubi/cdev.c in the Linux kernel 6.2. There is a divide-by-zero error in do_div(sz,mtd->erasesize), used indirectly by ctrl_cdev_ioctl, when mtd->erasesize is 0.",Released
20230424,CVE-2023-31085,5.5,5.5,1210778,kernel-syms,https://www.suse.com/security/cve/CVE-2023-31085,"An issue was discovered in drivers/mtd/ubi/cdev.c in the Linux kernel 6.2. There is a divide-by-zero error in do_div(sz,mtd->erasesize), used indirectly by ctrl_cdev_ioctl, when mtd->erasesize is 0.",Released
20230424,CVE-2023-31085,5.5,5.5,1210778,kernel-trace,https://www.suse.com/security/cve/CVE-2023-31085,"An issue was discovered in drivers/mtd/ubi/cdev.c in the Linux kernel 6.2. There is a divide-by-zero error in do_div(sz,mtd->erasesize), used indirectly by ctrl_cdev_ioctl, when mtd->erasesize is 0.",Released
20230424,CVE-2023-31085,5.5,5.5,1210778,kernel-xen,https://www.suse.com/security/cve/CVE-2023-31085,"An issue was discovered in drivers/mtd/ubi/cdev.c in the Linux kernel 6.2. There is a divide-by-zero error in do_div(sz,mtd->erasesize), used indirectly by ctrl_cdev_ioctl, when mtd->erasesize is 0.",Released
20230427,CVE-2023-0458,5.3,5.3,1210905,kernel-source,https://www.suse.com/security/cve/CVE-2023-0458,"A speculative pointer dereference problem exists in the Linux Kernel on the do_prlimit() function. The resource argument value is controlled and is used in pointer arithmetic for the 'rlim' variable and can be used to leak the contents. We recommend upgrading past version 6.1.8 or commit�739790605705ddcf18f21782b9c99ad7d53a8c11",Released
20230502,CVE-2023-2248,7.8,7.8,1210988,kernel-source,https://www.suse.com/security/cve/CVE-2023-2248,"** REJECT ** This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it was the duplicate of CVE-2023-31436.",Won't fix
20230502,CVE-2023-31484,7.4,8.1,1210999,perl,https://www.suse.com/security/cve/CVE-2023-31484,"CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS.",Unsupported
20230502,CVE-2023-31486,7.4,8.1,1211001,perl,https://www.suse.com/security/cve/CVE-2023-31486,"HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration where users must opt in to verify certificates.",Analysis
20230508,CVE-2023-32269,5.9,6.7,1211186,kernel-bigmem,https://www.suse.com/security/cve/CVE-2023-32269,"An issue was discovered in the Linux kernel before 6.1.11. In net/netrom/af_netrom.c, there is a use-after-free because accept is also allowed for a successfully connected AF_NETROM socket. However, in order for an attacker to exploit this, the system must have netrom routing configured or the attacker must have the CAP_NET_ADMIN capability.",Released
20230508,CVE-2023-32269,5.9,6.7,1211186,kernel-default,https://www.suse.com/security/cve/CVE-2023-32269,"An issue was discovered in the Linux kernel before 6.1.11. In net/netrom/af_netrom.c, there is a use-after-free because accept is also allowed for a successfully connected AF_NETROM socket. However, in order for an attacker to exploit this, the system must have netrom routing configured or the attacker must have the CAP_NET_ADMIN capability.",Released
20230508,CVE-2023-32269,5.9,6.7,1211186,kernel-ec2,https://www.suse.com/security/cve/CVE-2023-32269,"An issue was discovered in the Linux kernel before 6.1.11. In net/netrom/af_netrom.c, there is a use-after-free because accept is also allowed for a successfully connected AF_NETROM socket. However, in order for an attacker to exploit this, the system must have netrom routing configured or the attacker must have the CAP_NET_ADMIN capability.",Released
20230508,CVE-2023-32269,5.9,6.7,1211186,kernel-pae,https://www.suse.com/security/cve/CVE-2023-32269,"An issue was discovered in the Linux kernel before 6.1.11. In net/netrom/af_netrom.c, there is a use-after-free because accept is also allowed for a successfully connected AF_NETROM socket. However, in order for an attacker to exploit this, the system must have netrom routing configured or the attacker must have the CAP_NET_ADMIN capability.",Released
20230508,CVE-2023-32269,5.9,6.7,1211186,kernel-ppc64,https://www.suse.com/security/cve/CVE-2023-32269,"An issue was discovered in the Linux kernel before 6.1.11. In net/netrom/af_netrom.c, there is a use-after-free because accept is also allowed for a successfully connected AF_NETROM socket. However, in order for an attacker to exploit this, the system must have netrom routing configured or the attacker must have the CAP_NET_ADMIN capability.",Released
20230508,CVE-2023-32269,5.9,6.7,1211186,kernel-source,https://www.suse.com/security/cve/CVE-2023-32269,"An issue was discovered in the Linux kernel before 6.1.11. In net/netrom/af_netrom.c, there is a use-after-free because accept is also allowed for a successfully connected AF_NETROM socket. However, in order for an attacker to exploit this, the system must have netrom routing configured or the attacker must have the CAP_NET_ADMIN capability.",Released
20230508,CVE-2023-32269,5.9,6.7,1211186,kernel-syms,https://www.suse.com/security/cve/CVE-2023-32269,"An issue was discovered in the Linux kernel before 6.1.11. In net/netrom/af_netrom.c, there is a use-after-free because accept is also allowed for a successfully connected AF_NETROM socket. However, in order for an attacker to exploit this, the system must have netrom routing configured or the attacker must have the CAP_NET_ADMIN capability.",Released
20230508,CVE-2023-32269,5.9,6.7,1211186,kernel-trace,https://www.suse.com/security/cve/CVE-2023-32269,"An issue was discovered in the Linux kernel before 6.1.11. In net/netrom/af_netrom.c, there is a use-after-free because accept is also allowed for a successfully connected AF_NETROM socket. However, in order for an attacker to exploit this, the system must have netrom routing configured or the attacker must have the CAP_NET_ADMIN capability.",Released
20230508,CVE-2023-32269,5.9,6.7,1211186,kernel-xen,https://www.suse.com/security/cve/CVE-2023-32269,"An issue was discovered in the Linux kernel before 6.1.11. In net/netrom/af_netrom.c, there is a use-after-free because accept is also allowed for a successfully connected AF_NETROM socket. However, in order for an attacker to exploit this, the system must have netrom routing configured or the attacker must have the CAP_NET_ADMIN capability.",Released
20230509,CVE-2023-28320,3.7,5.9,1211231,curl,https://www.suse.com/security/cve/CVE-2023-28320,"A denial of service vulnerability exists in curl <v8.1.0 in the way libcurl provides several different backends for resolving host names, selected at build time. If it is built to use the synchronous resolver, it allows name resolves to time-out slow operations using `alarm()` and `siglongjmp()`. When doing this, libcurl used a global buffer that was not mutex protected and a multi-threaded application might therefore crash or otherwise misbehave.",Released
20230509,CVE-2023-28321,4.3,5.9,1211232,curl,https://www.suse.com/security/cve/CVE-2023-28321,"An improper certificate validation vulnerability exists in curl <v8.1.0 in the way it supports matching of wildcard patterns when listed as \"Subject Alternative Name\" in TLS server certificates. curl can be built to use its own name matching function for TLS rather than one provided by a TLS library. This private wildcard matching function would match IDN (International Domain Name) hosts incorrectly and could as a result accept patterns that otherwise should mismatch. IDN hostnames are converted to puny code before used for certificate checks. Puny coded names always start with `xn--` and should not be allowed to pattern match, but the wildcard check in curl could still check for `x*`, which would match even though the IDN name most likely contained nothing even resembling an `x`.",Released
20230509,CVE-2023-28322,6.5,3.7,1211233,curl,https://www.suse.com/security/cve/CVE-2023-28322,"An information disclosure vulnerability exists in curl <v8.1.0 when doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously wasused to issue a `PUT` request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the second transfer. The problem exists in the logic for a reused handle when it is (expected to be) changed from a PUT to a POST.",Released
20230510,CVE-2023-2609,5.5,5.5,1211256,vim,https://www.suse.com/security/cve/CVE-2023-2609,"NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1531.",Affected
20230510,CVE-2023-2610,7.1,7.8,1211257,vim,https://www.suse.com/security/cve/CVE-2023-2610,"Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1532.",Affected
20230510,CVE-2023-30086,6.2,5.5,1211252,tiff,https://www.suse.com/security/cve/CVE-2023-30086,"Buffer Overflow vulnerability found in Libtiff V.4.0.7 allows a local attacker to cause a denial of service via the tiffcp function in tiffcp.c.",Unsupported
20230515,CVE-2023-2700,5,5.5,1211390,libvirt,https://www.suse.com/security/cve/CVE-2023-2700,"A vulnerability was found in libvirt. This security flaw ouccers due to repeatedly querying an SR-IOV PCI device's capabilities that exposes a memory leak caused by a failure to free the virPCIVirtualFunction array within the parent struct's g_autoptr cleanup.",Unsupported
20230516,CVE-2023-2650,6.5,6.5,1211430,openssl,https://www.suse.com/security/cve/CVE-2023-2650,"Issue summary: Processing some specially crafted ASN.1 object identifiers or data containing them may be very slow.  Impact summary: Applications that use OBJ_obj2txt() directly, or use any of the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message size limit may experience notable to very long delays when processing those messages, which may lead to a Denial of Service.  An OBJECT IDENTIFIER is composed of a series of numbers - sub-identifiers - most of which have no size limit.  OBJ_obj2txt() may be used to translate an ASN.1 OBJECT IDENTIFIER given in DER encoding form (using the OpenSSL type ASN1_OBJECT) to its canonical numeric text form, which are the sub-identifiers of the OBJECT IDENTIFIER in decimal form, separated by periods.  When one of the sub-identifiers in the OBJECT IDENTIFIER is very large (these are sizes that are seen as absurdly large, taking up tens or hundreds of KiBs), the translation to a decimal number in text may take a very long time.  The time complexity is O(n^2) with 'n' being the size of the sub-identifiers in bytes (*).  With OpenSSL 3.0, support to fetch cryptographic algorithms using names / identifiers in string form was introduced.  This includes using OBJECT IDENTIFIERs in canonical numeric text form as identifiers for fetching algorithms.  Such OBJECT IDENTIFIERs may be received through the ASN.1 structure AlgorithmIdentifier, which is commonly used in multiple protocols to specify what cryptographic algorithm should be used to sign or verify, encrypt or decrypt, or digest passed data.  Applications that call OBJ_obj2txt() directly with untrusted data are affected, with any version of OpenSSL.  If the use is for the mere purpose of display, the severity is considered low.  In OpenSSL 3.0 and newer, this affects the subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS.  It also impacts anything that processes X.509 certificates, including simple things like verifying its signature.  The impact on TLS is relatively low, because all versions of OpenSSL have a 100KiB limit on the peer's certificate chain.  Additionally, this only impacts clients, or servers that have explicitly enabled client authentication.  In OpenSSL 1.1.1 and 1.0.2, this only affects displaying diverse objects, such as X.509 certificates.  This is assumed to not happen in such a way that it would cause a Denial of Service, so these versions are considered not affected by this issue in such a way that it would be cause for concern, and the severity is therefore considered low.",Released
20230522,CVE-2023-1601,7.5,,1211582,kvm,https://www.suse.com/security/cve/CVE-2023-1601,"** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.",Unsupported
20230522,CVE-2023-28709,7.5,7.5,1211608,jakarta-commons-fileupload,https://www.suse.com/security/cve/CVE-2023-28709,"The fix for CVE-2023-24998 was incomplete for Apache Tomcat 11.0.0-M2 to 11.0.0-M4, 10.1.5 to 10.1.7, 9.0.71 to 9.0.73 and 8.5.85 to 8.5.87. If non-default HTTP       connector settings were used such that the maxParameterCount�could be reached using query string parameters and a request was       submitted that supplied exactly maxParameterCount parameters�in the query string, the limit for uploaded request parts could be�bypassed with the potential for a denial of service to occur.     ",Released
20230522,CVE-2023-28709,7.5,7.5,1211608,tomcat6,https://www.suse.com/security/cve/CVE-2023-28709,"The fix for CVE-2023-24998 was incomplete for Apache Tomcat 11.0.0-M2 to 11.0.0-M4, 10.1.5 to 10.1.7, 9.0.71 to 9.0.73 and 8.5.85 to 8.5.87. If non-default HTTP       connector settings were used such that the maxParameterCount�could be reached using query string parameters and a request was       submitted that supplied exactly maxParameterCount parameters�in the query string, the limit for uploaded request parts could be�bypassed with the potential for a denial of service to occur.     ",Unsupported
20230522,CVE-2023-32182,5.5,5.9,1211196,postfix,https://www.suse.com/security/cve/CVE-2023-32182,"A Improper Link Resolution Before File Access ('Link Following') vulnerability in SUSE SUSE Linux Enterprise Desktop 15 SP5 postfix, SUSE SUSE Linux Enterprise High Performance Computing 15 SP5 postfix, SUSE openSUSE Leap 15.5 postfix.This issue affects SUSE Linux Enterprise Desktop 15 SP5: before 3.7.3-150500.3.5.1; SUSE Linux Enterprise High Performance Computing 15 SP5: before 3.7.3-150500.3.5.1; openSUSE Leap 15.5 : before 3.7.3-150500.3.5.1.  ",Affected
20230523,CVE-2023-32324,5.9,7.5,1211643,cups,https://www.suse.com/security/cve/CVE-2023-32324,"OpenPrinting CUPS is an open source printing system. In versions 2.4.2 and prior, a heap buffer overflow vulnerability would allow a remote attacker to launch a denial of service (DoS) attack. A buffer overflow vulnerability in the function `format_log_line` could allow remote attackers to cause a DoS on the affected system. Exploitation of the vulnerability can be triggered when the configuration file `cupsd.conf` sets the value of `loglevel `to `DEBUG`. No known patches or workarounds exist at time of publication.",Unsupported
20230526,CVE-2023-0459,4.7,6.5,1211738,kernel-bigmem,https://www.suse.com/security/cve/CVE-2023-0459,"Copy_from_user on 64-bit versions of the Linux kernel does not implement the __uaccess_begin_nospec allowing a user to bypass the \"access_ok\" check and pass a kernel pointer to copy_from_user(). This would allow an attacker to leak information. We recommend upgrading beyond commit�74e19ef0ff8061ef55957c3abd71614ef0f42f47",Released
20230526,CVE-2023-0459,4.7,6.5,1211738,kernel-default,https://www.suse.com/security/cve/CVE-2023-0459,"Copy_from_user on 64-bit versions of the Linux kernel does not implement the __uaccess_begin_nospec allowing a user to bypass the \"access_ok\" check and pass a kernel pointer to copy_from_user(). This would allow an attacker to leak information. We recommend upgrading beyond commit�74e19ef0ff8061ef55957c3abd71614ef0f42f47",Released
20230526,CVE-2023-0459,4.7,6.5,1211738,kernel-ec2,https://www.suse.com/security/cve/CVE-2023-0459,"Copy_from_user on 64-bit versions of the Linux kernel does not implement the __uaccess_begin_nospec allowing a user to bypass the \"access_ok\" check and pass a kernel pointer to copy_from_user(). This would allow an attacker to leak information. We recommend upgrading beyond commit�74e19ef0ff8061ef55957c3abd71614ef0f42f47",Released
20230526,CVE-2023-0459,4.7,6.5,1211738,kernel-pae,https://www.suse.com/security/cve/CVE-2023-0459,"Copy_from_user on 64-bit versions of the Linux kernel does not implement the __uaccess_begin_nospec allowing a user to bypass the \"access_ok\" check and pass a kernel pointer to copy_from_user(). This would allow an attacker to leak information. We recommend upgrading beyond commit�74e19ef0ff8061ef55957c3abd71614ef0f42f47",Released
20230526,CVE-2023-0459,4.7,6.5,1211738,kernel-ppc64,https://www.suse.com/security/cve/CVE-2023-0459,"Copy_from_user on 64-bit versions of the Linux kernel does not implement the __uaccess_begin_nospec allowing a user to bypass the \"access_ok\" check and pass a kernel pointer to copy_from_user(). This would allow an attacker to leak information. We recommend upgrading beyond commit�74e19ef0ff8061ef55957c3abd71614ef0f42f47",Released
20230526,CVE-2023-0459,4.7,6.5,1211738,kernel-source,https://www.suse.com/security/cve/CVE-2023-0459,"Copy_from_user on 64-bit versions of the Linux kernel does not implement the __uaccess_begin_nospec allowing a user to bypass the \"access_ok\" check and pass a kernel pointer to copy_from_user(). This would allow an attacker to leak information. We recommend upgrading beyond commit�74e19ef0ff8061ef55957c3abd71614ef0f42f47",Released
20230526,CVE-2023-0459,4.7,6.5,1211738,kernel-syms,https://www.suse.com/security/cve/CVE-2023-0459,"Copy_from_user on 64-bit versions of the Linux kernel does not implement the __uaccess_begin_nospec allowing a user to bypass the \"access_ok\" check and pass a kernel pointer to copy_from_user(). This would allow an attacker to leak information. We recommend upgrading beyond commit�74e19ef0ff8061ef55957c3abd71614ef0f42f47",Released
20230526,CVE-2023-0459,4.7,6.5,1211738,kernel-trace,https://www.suse.com/security/cve/CVE-2023-0459,"Copy_from_user on 64-bit versions of the Linux kernel does not implement the __uaccess_begin_nospec allowing a user to bypass the \"access_ok\" check and pass a kernel pointer to copy_from_user(). This would allow an attacker to leak information. We recommend upgrading beyond commit�74e19ef0ff8061ef55957c3abd71614ef0f42f47",Released
20230526,CVE-2023-0459,4.7,6.5,1211738,kernel-xen,https://www.suse.com/security/cve/CVE-2023-0459,"Copy_from_user on 64-bit versions of the Linux kernel does not implement the __uaccess_begin_nospec allowing a user to bypass the \"access_ok\" check and pass a kernel pointer to copy_from_user(). This would allow an attacker to leak information. We recommend upgrading beyond commit�74e19ef0ff8061ef55957c3abd71614ef0f42f47",Released
20230529,CVE-2023-2953,5.9,7.5,1211795,openldap2-client,https://www.suse.com/security/cve/CVE-2023-2953,"A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function.",Unsupported
20230529,CVE-2023-2953,5.9,7.5,1211795,openldap2,https://www.suse.com/security/cve/CVE-2023-2953,"A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function.",Unsupported
20230531,CVE-2023-2985,6.4,5.5,1211867,kernel-source,https://www.suse.com/security/cve/CVE-2023-2985,"A use after free flaw was found in hfsplus_put_super in fs/hfsplus/super.c in the Linux Kernel. This flaw could allow a local user to cause a denial of service problem.",Won't fix
20230531,CVE-2023-3006,4.8,5.5,1211855,kernel-source,https://www.suse.com/security/cve/CVE-2023-3006,"A known cache speculation vulnerability, known as Branch History Injection (BHI) or Spectre-BHB, becomes actual again for the new hw AmpereOne. Spectre-BHB is similar to Spectre v2, except that malicious code uses the shared branch history (stored in the CPU Branch History Buffer, or BHB) to influence mispredicted branches within the victim's hardware context. Once that occurs, speculation caused by the mispredicted branches can cause cache allocation. This issue leads to obtaining information that should not be accessible.",Analysis
20230531,CVE-2023-30571,3.9,3.9,1211842,bsdtar,https://www.suse.com/security/cve/CVE-2023-30571,"Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask() call inside archive_write_disk_posix.c changes the umask of the whole process for a very short period of time; a race condition with another thread can lead to a permanent umask 0 setting. Such a race condition could lead to implicit directory creation with permissions 0777 (without the sticky bit), which means that any low-privileged local user can delete and rename files inside those directories.",Unsupported
20230605,CVE-2022-24695,4.3,4.3,1212028,bluez,https://www.suse.com/security/cve/CVE-2022-24695,"Bluetooth Classic in Bluetooth Core Specification through 5.3 does not properly conceal device information for Bluetooth transceivers in Non-Discoverable mode. By conducting an efficient over-the-air attack, an attacker can fully extract the permanent, unique Bluetooth MAC identifier, along with device capabilities and identifiers, some of which may contain identifying information about the device owner. This additionally allows the attacker to establish a connection to the target device.",Ignore
20230605,CVE-2022-24695,4.3,4.3,1212028,kernel-source,https://www.suse.com/security/cve/CVE-2022-24695,"Bluetooth Classic in Bluetooth Core Specification through 5.3 does not properly conceal device information for Bluetooth transceivers in Non-Discoverable mode. By conducting an efficient over-the-air attack, an attacker can fully extract the permanent, unique Bluetooth MAC identifier, along with device capabilities and identifiers, some of which may contain identifying information about the device owner. This additionally allows the attacker to establish a connection to the target device.",Ignore
20230606,CVE-2023-3111,6.7,7.8,1212051,kernel-bigmem,https://www.suse.com/security/cve/CVE-2023-3111,"A use after free vulnerability was found in prepare_to_relocate in fs/btrfs/relocation.c in btrfs in the Linux Kernel. This possible flaw can be triggered by calling btrfs_ioctl_balance() before calling btrfs_ioctl_defrag().",Released
20230606,CVE-2023-3111,6.7,7.8,1212051,kernel-default,https://www.suse.com/security/cve/CVE-2023-3111,"A use after free vulnerability was found in prepare_to_relocate in fs/btrfs/relocation.c in btrfs in the Linux Kernel. This possible flaw can be triggered by calling btrfs_ioctl_balance() before calling btrfs_ioctl_defrag().",Released
20230606,CVE-2023-3111,6.7,7.8,1212051,kernel-ec2,https://www.suse.com/security/cve/CVE-2023-3111,"A use after free vulnerability was found in prepare_to_relocate in fs/btrfs/relocation.c in btrfs in the Linux Kernel. This possible flaw can be triggered by calling btrfs_ioctl_balance() before calling btrfs_ioctl_defrag().",Released
20230606,CVE-2023-3111,6.7,7.8,1212051,kernel-pae,https://www.suse.com/security/cve/CVE-2023-3111,"A use after free vulnerability was found in prepare_to_relocate in fs/btrfs/relocation.c in btrfs in the Linux Kernel. This possible flaw can be triggered by calling btrfs_ioctl_balance() before calling btrfs_ioctl_defrag().",Released
20230606,CVE-2023-3111,6.7,7.8,1212051,kernel-ppc64,https://www.suse.com/security/cve/CVE-2023-3111,"A use after free vulnerability was found in prepare_to_relocate in fs/btrfs/relocation.c in btrfs in the Linux Kernel. This possible flaw can be triggered by calling btrfs_ioctl_balance() before calling btrfs_ioctl_defrag().",Released
20230606,CVE-2023-3111,6.7,7.8,1212051,kernel-source,https://www.suse.com/security/cve/CVE-2023-3111,"A use after free vulnerability was found in prepare_to_relocate in fs/btrfs/relocation.c in btrfs in the Linux Kernel. This possible flaw can be triggered by calling btrfs_ioctl_balance() before calling btrfs_ioctl_defrag().",Released
20230606,CVE-2023-3111,6.7,7.8,1212051,kernel-syms,https://www.suse.com/security/cve/CVE-2023-3111,"A use after free vulnerability was found in prepare_to_relocate in fs/btrfs/relocation.c in btrfs in the Linux Kernel. This possible flaw can be triggered by calling btrfs_ioctl_balance() before calling btrfs_ioctl_defrag().",Released
20230606,CVE-2023-3111,6.7,7.8,1212051,kernel-trace,https://www.suse.com/security/cve/CVE-2023-3111,"A use after free vulnerability was found in prepare_to_relocate in fs/btrfs/relocation.c in btrfs in the Linux Kernel. This possible flaw can be triggered by calling btrfs_ioctl_balance() before calling btrfs_ioctl_defrag().",Released
20230606,CVE-2023-3111,6.7,7.8,1212051,kernel-xen,https://www.suse.com/security/cve/CVE-2023-3111,"A use after free vulnerability was found in prepare_to_relocate in fs/btrfs/relocation.c in btrfs in the Linux Kernel. This possible flaw can be triggered by calling btrfs_ioctl_balance() before calling btrfs_ioctl_defrag().",Released
20230608,CVE-2023-20867,3.9,3.9,1212143,open-vm-tools,https://www.suse.com/security/cve/CVE-2023-20867,"A fully compromised ESXi host can force VMware Tools to fail to authenticate host-to-guest operations, impacting the confidentiality and integrity of the guest virtual machine.",Analysis
20230608,CVE-2023-3141,6.1,7.1,1212129,kernel-bigmem,https://www.suse.com/security/cve/CVE-2023-3141,"A use-after-free flaw was found in r592_remove in drivers/memstick/host/r592.c in media access in the Linux Kernel. This flaw allows a local attacker to crash the system at device disconnect, possibly leading to a kernel information leak.",Released
20230608,CVE-2023-3141,6.1,7.1,1212129,kernel-default,https://www.suse.com/security/cve/CVE-2023-3141,"A use-after-free flaw was found in r592_remove in drivers/memstick/host/r592.c in media access in the Linux Kernel. This flaw allows a local attacker to crash the system at device disconnect, possibly leading to a kernel information leak.",Released
20230608,CVE-2023-3141,6.1,7.1,1212129,kernel-ec2,https://www.suse.com/security/cve/CVE-2023-3141,"A use-after-free flaw was found in r592_remove in drivers/memstick/host/r592.c in media access in the Linux Kernel. This flaw allows a local attacker to crash the system at device disconnect, possibly leading to a kernel information leak.",Released
20230608,CVE-2023-3141,6.1,7.1,1212129,kernel-pae,https://www.suse.com/security/cve/CVE-2023-3141,"A use-after-free flaw was found in r592_remove in drivers/memstick/host/r592.c in media access in the Linux Kernel. This flaw allows a local attacker to crash the system at device disconnect, possibly leading to a kernel information leak.",Released
20230608,CVE-2023-3141,6.1,7.1,1212129,kernel-ppc64,https://www.suse.com/security/cve/CVE-2023-3141,"A use-after-free flaw was found in r592_remove in drivers/memstick/host/r592.c in media access in the Linux Kernel. This flaw allows a local attacker to crash the system at device disconnect, possibly leading to a kernel information leak.",Released
20230608,CVE-2023-3141,6.1,7.1,1212129,kernel-source,https://www.suse.com/security/cve/CVE-2023-3141,"A use-after-free flaw was found in r592_remove in drivers/memstick/host/r592.c in media access in the Linux Kernel. This flaw allows a local attacker to crash the system at device disconnect, possibly leading to a kernel information leak.",Released
20230608,CVE-2023-3141,6.1,7.1,1212129,kernel-syms,https://www.suse.com/security/cve/CVE-2023-3141,"A use-after-free flaw was found in r592_remove in drivers/memstick/host/r592.c in media access in the Linux Kernel. This flaw allows a local attacker to crash the system at device disconnect, possibly leading to a kernel information leak.",Released
20230608,CVE-2023-3141,6.1,7.1,1212129,kernel-trace,https://www.suse.com/security/cve/CVE-2023-3141,"A use-after-free flaw was found in r592_remove in drivers/memstick/host/r592.c in media access in the Linux Kernel. This flaw allows a local attacker to crash the system at device disconnect, possibly leading to a kernel information leak.",Released
20230608,CVE-2023-3141,6.1,7.1,1212129,kernel-xen,https://www.suse.com/security/cve/CVE-2023-3141,"A use-after-free flaw was found in r592_remove in drivers/memstick/host/r592.c in media access in the Linux Kernel. This flaw allows a local attacker to crash the system at device disconnect, possibly leading to a kernel information leak.",Released
20230608,CVE-2023-3159,7.8,6.7,1212128,kernel-bigmem,https://www.suse.com/security/cve/CVE-2023-3159,"A use after free issue was discovered in driver/firewire in outbound_phy_packet_callback in the Linux Kernel. In this flaw a local attacker with special privilege may cause a use after free problem when queue_event() fails.",Released
20230608,CVE-2023-3159,7.8,6.7,1212128,kernel-default,https://www.suse.com/security/cve/CVE-2023-3159,"A use after free issue was discovered in driver/firewire in outbound_phy_packet_callback in the Linux Kernel. In this flaw a local attacker with special privilege may cause a use after free problem when queue_event() fails.",Released
20230608,CVE-2023-3159,7.8,6.7,1212128,kernel-ec2,https://www.suse.com/security/cve/CVE-2023-3159,"A use after free issue was discovered in driver/firewire in outbound_phy_packet_callback in the Linux Kernel. In this flaw a local attacker with special privilege may cause a use after free problem when queue_event() fails.",Released
20230608,CVE-2023-3159,7.8,6.7,1212128,kernel-pae,https://www.suse.com/security/cve/CVE-2023-3159,"A use after free issue was discovered in driver/firewire in outbound_phy_packet_callback in the Linux Kernel. In this flaw a local attacker with special privilege may cause a use after free problem when queue_event() fails.",Released
20230608,CVE-2023-3159,7.8,6.7,1212128,kernel-ppc64,https://www.suse.com/security/cve/CVE-2023-3159,"A use after free issue was discovered in driver/firewire in outbound_phy_packet_callback in the Linux Kernel. In this flaw a local attacker with special privilege may cause a use after free problem when queue_event() fails.",Released
20230608,CVE-2023-3159,7.8,6.7,1212128,kernel-source,https://www.suse.com/security/cve/CVE-2023-3159,"A use after free issue was discovered in driver/firewire in outbound_phy_packet_callback in the Linux Kernel. In this flaw a local attacker with special privilege may cause a use after free problem when queue_event() fails.",Released
20230608,CVE-2023-3159,7.8,6.7,1212128,kernel-syms,https://www.suse.com/security/cve/CVE-2023-3159,"A use after free issue was discovered in driver/firewire in outbound_phy_packet_callback in the Linux Kernel. In this flaw a local attacker with special privilege may cause a use after free problem when queue_event() fails.",Released
20230608,CVE-2023-3159,7.8,6.7,1212128,kernel-trace,https://www.suse.com/security/cve/CVE-2023-3159,"A use after free issue was discovered in driver/firewire in outbound_phy_packet_callback in the Linux Kernel. In this flaw a local attacker with special privilege may cause a use after free problem when queue_event() fails.",Released
20230608,CVE-2023-3159,7.8,6.7,1212128,kernel-xen,https://www.suse.com/security/cve/CVE-2023-3159,"A use after free issue was discovered in driver/firewire in outbound_phy_packet_callback in the Linux Kernel. In this flaw a local attacker with special privilege may cause a use after free problem when queue_event() fails.",Released
20230609,CVE-2023-3161,5.5,5.5,1212154,kernel-bigmem,https://www.suse.com/security/cve/CVE-2023-3161,"A flaw was found in the Framebuffer Console (fbcon) in the Linux Kernel. When providing font->width and font->height greater than 32 to fbcon_set_font, since there are no checks in place, a shift-out-of-bounds occurs leading to undefined behavior and possible denial of service.",Released
20230609,CVE-2023-3161,5.5,5.5,1212154,kernel-default,https://www.suse.com/security/cve/CVE-2023-3161,"A flaw was found in the Framebuffer Console (fbcon) in the Linux Kernel. When providing font->width and font->height greater than 32 to fbcon_set_font, since there are no checks in place, a shift-out-of-bounds occurs leading to undefined behavior and possible denial of service.",Released
20230609,CVE-2023-3161,5.5,5.5,1212154,kernel-ec2,https://www.suse.com/security/cve/CVE-2023-3161,"A flaw was found in the Framebuffer Console (fbcon) in the Linux Kernel. When providing font->width and font->height greater than 32 to fbcon_set_font, since there are no checks in place, a shift-out-of-bounds occurs leading to undefined behavior and possible denial of service.",Released
20230609,CVE-2023-3161,5.5,5.5,1212154,kernel-pae,https://www.suse.com/security/cve/CVE-2023-3161,"A flaw was found in the Framebuffer Console (fbcon) in the Linux Kernel. When providing font->width and font->height greater than 32 to fbcon_set_font, since there are no checks in place, a shift-out-of-bounds occurs leading to undefined behavior and possible denial of service.",Released
20230609,CVE-2023-3161,5.5,5.5,1212154,kernel-ppc64,https://www.suse.com/security/cve/CVE-2023-3161,"A flaw was found in the Framebuffer Console (fbcon) in the Linux Kernel. When providing font->width and font->height greater than 32 to fbcon_set_font, since there are no checks in place, a shift-out-of-bounds occurs leading to undefined behavior and possible denial of service.",Released
20230609,CVE-2023-3161,5.5,5.5,1212154,kernel-source,https://www.suse.com/security/cve/CVE-2023-3161,"A flaw was found in the Framebuffer Console (fbcon) in the Linux Kernel. When providing font->width and font->height greater than 32 to fbcon_set_font, since there are no checks in place, a shift-out-of-bounds occurs leading to undefined behavior and possible denial of service.",Released
20230609,CVE-2023-3161,5.5,5.5,1212154,kernel-syms,https://www.suse.com/security/cve/CVE-2023-3161,"A flaw was found in the Framebuffer Console (fbcon) in the Linux Kernel. When providing font->width and font->height greater than 32 to fbcon_set_font, since there are no checks in place, a shift-out-of-bounds occurs leading to undefined behavior and possible denial of service.",Released
20230609,CVE-2023-3161,5.5,5.5,1212154,kernel-trace,https://www.suse.com/security/cve/CVE-2023-3161,"A flaw was found in the Framebuffer Console (fbcon) in the Linux Kernel. When providing font->width and font->height greater than 32 to fbcon_set_font, since there are no checks in place, a shift-out-of-bounds occurs leading to undefined behavior and possible denial of service.",Released
20230609,CVE-2023-3161,5.5,5.5,1212154,kernel-xen,https://www.suse.com/security/cve/CVE-2023-3161,"A flaw was found in the Framebuffer Console (fbcon) in the Linux Kernel. When providing font->width and font->height greater than 32 to fbcon_set_font, since there are no checks in place, a shift-out-of-bounds occurs leading to undefined behavior and possible denial of service.",Released
20230612,CVE-2023-3195,4.4,5.5,1212235,ImageMagick,https://www.suse.com/security/cve/CVE-2023-3195,"A stack-based buffer overflow issue was found in ImageMagick's coders/tiff.c. This flaw allows an attacker to trick the user into opening a specially crafted malicious tiff file, causing an application to crash, resulting in a denial of service.",Unsupported
20230612,CVE-2023-34474,4.4,5.5,1212237,ImageMagick,https://www.suse.com/security/cve/CVE-2023-34474,"A heap-based buffer overflow issue was discovered in ImageMagick's ReadTIM2ImageData() function in coders/tim2.c. A local attacker could trick the user in opening specially crafted file, triggering an out-of-bounds read error, allowing an application to crash, resulting in a denial of service.",Unsupported
20230619,CVE-2023-3268,6.1,7.1,1212502,kernel-bigmem,https://www.suse.com/security/cve/CVE-2023-3268,"An out of bounds (OOB) memory access flaw was found in the Linux kernel in relay_file_read_start_pos in kernel/relay.c in the relayfs. This flaw could allow a local attacker to crash the system or leak kernel internal information.",Released
20230619,CVE-2023-3268,6.1,7.1,1212502,kernel-default,https://www.suse.com/security/cve/CVE-2023-3268,"An out of bounds (OOB) memory access flaw was found in the Linux kernel in relay_file_read_start_pos in kernel/relay.c in the relayfs. This flaw could allow a local attacker to crash the system or leak kernel internal information.",Released
20230619,CVE-2023-3268,6.1,7.1,1212502,kernel-ec2,https://www.suse.com/security/cve/CVE-2023-3268,"An out of bounds (OOB) memory access flaw was found in the Linux kernel in relay_file_read_start_pos in kernel/relay.c in the relayfs. This flaw could allow a local attacker to crash the system or leak kernel internal information.",Released
20230619,CVE-2023-3268,6.1,7.1,1212502,kernel-pae,https://www.suse.com/security/cve/CVE-2023-3268,"An out of bounds (OOB) memory access flaw was found in the Linux kernel in relay_file_read_start_pos in kernel/relay.c in the relayfs. This flaw could allow a local attacker to crash the system or leak kernel internal information.",Released
20230619,CVE-2023-3268,6.1,7.1,1212502,kernel-ppc64,https://www.suse.com/security/cve/CVE-2023-3268,"An out of bounds (OOB) memory access flaw was found in the Linux kernel in relay_file_read_start_pos in kernel/relay.c in the relayfs. This flaw could allow a local attacker to crash the system or leak kernel internal information.",Released
20230619,CVE-2023-3268,6.1,7.1,1212502,kernel-source,https://www.suse.com/security/cve/CVE-2023-3268,"An out of bounds (OOB) memory access flaw was found in the Linux kernel in relay_file_read_start_pos in kernel/relay.c in the relayfs. This flaw could allow a local attacker to crash the system or leak kernel internal information.",Released
20230619,CVE-2023-3268,6.1,7.1,1212502,kernel-syms,https://www.suse.com/security/cve/CVE-2023-3268,"An out of bounds (OOB) memory access flaw was found in the Linux kernel in relay_file_read_start_pos in kernel/relay.c in the relayfs. This flaw could allow a local attacker to crash the system or leak kernel internal information.",Released
20230619,CVE-2023-3268,6.1,7.1,1212502,kernel-trace,https://www.suse.com/security/cve/CVE-2023-3268,"An out of bounds (OOB) memory access flaw was found in the Linux kernel in relay_file_read_start_pos in kernel/relay.c in the relayfs. This flaw could allow a local attacker to crash the system or leak kernel internal information.",Released
20230619,CVE-2023-3268,6.1,7.1,1212502,kernel-xen,https://www.suse.com/security/cve/CVE-2023-3268,"An out of bounds (OOB) memory access flaw was found in the Linux kernel in relay_file_read_start_pos in kernel/relay.c in the relayfs. This flaw could allow a local attacker to crash the system or leak kernel internal information.",Released
20230619,CVE-2023-35824,4.7,7,1212501,kernel-bigmem,https://www.suse.com/security/cve/CVE-2023-35824,"An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in dm1105_remove in drivers/media/pci/dm1105/dm1105.c.",Released
20230619,CVE-2023-35824,4.7,7,1212501,kernel-default,https://www.suse.com/security/cve/CVE-2023-35824,"An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in dm1105_remove in drivers/media/pci/dm1105/dm1105.c.",Released
20230619,CVE-2023-35824,4.7,7,1212501,kernel-ec2,https://www.suse.com/security/cve/CVE-2023-35824,"An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in dm1105_remove in drivers/media/pci/dm1105/dm1105.c.",Released
20230619,CVE-2023-35824,4.7,7,1212501,kernel-pae,https://www.suse.com/security/cve/CVE-2023-35824,"An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in dm1105_remove in drivers/media/pci/dm1105/dm1105.c.",Released
20230619,CVE-2023-35824,4.7,7,1212501,kernel-ppc64,https://www.suse.com/security/cve/CVE-2023-35824,"An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in dm1105_remove in drivers/media/pci/dm1105/dm1105.c.",Released
20230619,CVE-2023-35824,4.7,7,1212501,kernel-source,https://www.suse.com/security/cve/CVE-2023-35824,"An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in dm1105_remove in drivers/media/pci/dm1105/dm1105.c.",Released
20230619,CVE-2023-35824,4.7,7,1212501,kernel-syms,https://www.suse.com/security/cve/CVE-2023-35824,"An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in dm1105_remove in drivers/media/pci/dm1105/dm1105.c.",Released
20230619,CVE-2023-35824,4.7,7,1212501,kernel-trace,https://www.suse.com/security/cve/CVE-2023-35824,"An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in dm1105_remove in drivers/media/pci/dm1105/dm1105.c.",Released
20230619,CVE-2023-35824,4.7,7,1212501,kernel-xen,https://www.suse.com/security/cve/CVE-2023-35824,"An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in dm1105_remove in drivers/media/pci/dm1105/dm1105.c.",Released
20230619,CVE-2023-35825,,,1212503,kernel-source,https://www.suse.com/security/cve/CVE-2023-35825,"** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2023-3141. Reason: This candidate is a reservation duplicate of CVE-2023-3141. Notes: All CVE users should reference CVE-2023-3141 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.",Ignore
20230620,CVE-2023-2828,7.5,7.5,1212544,bind,https://www.suse.com/security/cve/CVE-2023-2828,"Every `named` instance configured to run as a recursive resolver maintains a cache database holding the responses to the queries it has recently sent to authoritative servers. The size limit for that cache database can be configured using the `max-cache-size` statement in the configuration file; it defaults to 90% of the total amount of memory available on the host. When the size of the cache reaches 7/8 of the configured limit, a cache-cleaning algorithm starts to remove expired and/or least-recently used RRsets from the cache, to keep memory use below the configured limit.  It has been discovered that the effectiveness of the cache-cleaning algorithm used in `named` can be severely diminished by querying the resolver for specific RRsets in a certain order, effectively allowing the configured `max-cache-size` limit to be significantly exceeded. This issue affects BIND 9 versions 9.11.0 through 9.16.41, 9.18.0 through 9.18.15, 9.19.0 through 9.19.13, 9.11.3-S1 through 9.16.41-S1, and 9.18.11-S1 through 9.18.15-S1.",Ignore
20230620,CVE-2023-2911,7.5,7.5,1212544,bind,https://www.suse.com/security/cve/CVE-2023-2911,"If the `recursive-clients` quota is reached on a BIND 9 resolver configured with both `stale-answer-enable yes;` and `stale-answer-client-timeout 0;`, a sequence of serve-stale-related lookups could cause `named` to loop and terminate unexpectedly due to a stack overflow. This issue affects BIND 9 versions 9.16.33 through 9.16.41, 9.18.7 through 9.18.15, 9.16.33-S1 through 9.16.41-S1, and 9.18.11-S1 through 9.18.15-S1.",Ignore
20230620,CVE-2023-3316,5.5,5.9,1212535,tiff,https://www.suse.com/security/cve/CVE-2023-3316,"A NULL pointer dereference in TIFFClose() is caused by a failure to open an output file (non-existent path or a path that requires permissions like /dev/null) while specifying zones.  ",Unsupported
20230626,CVE-2015-20109,,5.5,1212713,glibc,https://www.suse.com/security/cve/CVE-2015-20109,"end_pattern (called from internal_fnmatch) in the GNU C Library (aka glibc or libc6) before 2.22 might allow context-dependent attackers to cause a denial of service (application crash), as demonstrated by use of the fnmatch library function with the **(!() pattern. NOTE: this is not the same as CVE-2015-8984; also, some Linux distributions have fixed CVE-2015-8984 but have not fixed this additional fnmatch issue.",Already fixed
20230626,CVE-2023-1206,5.9,5.7,1212703,kernel-bigmem,https://www.suse.com/security/cve/CVE-2023-1206,"A hash collision flaw was found in the IPv6 connection lookup table in the Linux kernel’s IPv6 functionality when a user makes a new kind of SYN flood attack. A user located in the local network or with a high bandwidth connection can increase the CPU usage of the server that accepts IPV6 connections up to 95%.",Released
20230626,CVE-2023-1206,5.9,5.7,1212703,kernel-default,https://www.suse.com/security/cve/CVE-2023-1206,"A hash collision flaw was found in the IPv6 connection lookup table in the Linux kernel’s IPv6 functionality when a user makes a new kind of SYN flood attack. A user located in the local network or with a high bandwidth connection can increase the CPU usage of the server that accepts IPV6 connections up to 95%.",Released
20230626,CVE-2023-1206,5.9,5.7,1212703,kernel-ec2,https://www.suse.com/security/cve/CVE-2023-1206,"A hash collision flaw was found in the IPv6 connection lookup table in the Linux kernel’s IPv6 functionality when a user makes a new kind of SYN flood attack. A user located in the local network or with a high bandwidth connection can increase the CPU usage of the server that accepts IPV6 connections up to 95%.",Released
20230626,CVE-2023-1206,5.9,5.7,1212703,kernel-pae,https://www.suse.com/security/cve/CVE-2023-1206,"A hash collision flaw was found in the IPv6 connection lookup table in the Linux kernel’s IPv6 functionality when a user makes a new kind of SYN flood attack. A user located in the local network or with a high bandwidth connection can increase the CPU usage of the server that accepts IPV6 connections up to 95%.",Released
20230626,CVE-2023-1206,5.9,5.7,1212703,kernel-ppc64,https://www.suse.com/security/cve/CVE-2023-1206,"A hash collision flaw was found in the IPv6 connection lookup table in the Linux kernel’s IPv6 functionality when a user makes a new kind of SYN flood attack. A user located in the local network or with a high bandwidth connection can increase the CPU usage of the server that accepts IPV6 connections up to 95%.",Released
20230626,CVE-2023-1206,5.9,5.7,1212703,kernel-source,https://www.suse.com/security/cve/CVE-2023-1206,"A hash collision flaw was found in the IPv6 connection lookup table in the Linux kernel’s IPv6 functionality when a user makes a new kind of SYN flood attack. A user located in the local network or with a high bandwidth connection can increase the CPU usage of the server that accepts IPV6 connections up to 95%.",Released
20230626,CVE-2023-1206,5.9,5.7,1212703,kernel-syms,https://www.suse.com/security/cve/CVE-2023-1206,"A hash collision flaw was found in the IPv6 connection lookup table in the Linux kernel’s IPv6 functionality when a user makes a new kind of SYN flood attack. A user located in the local network or with a high bandwidth connection can increase the CPU usage of the server that accepts IPV6 connections up to 95%.",Released
20230626,CVE-2023-1206,5.9,5.7,1212703,kernel-trace,https://www.suse.com/security/cve/CVE-2023-1206,"A hash collision flaw was found in the IPv6 connection lookup table in the Linux kernel’s IPv6 functionality when a user makes a new kind of SYN flood attack. A user located in the local network or with a high bandwidth connection can increase the CPU usage of the server that accepts IPV6 connections up to 95%.",Released
20230626,CVE-2023-1206,5.9,5.7,1212703,kernel-xen,https://www.suse.com/security/cve/CVE-2023-1206,"A hash collision flaw was found in the IPv6 connection lookup table in the Linux kernel’s IPv6 functionality when a user makes a new kind of SYN flood attack. A user located in the local network or with a high bandwidth connection can increase the CPU usage of the server that accepts IPV6 connections up to 95%.",Released
20230626,CVE-2023-3397,7,7,1212704,kernel-source,https://www.suse.com/security/cve/CVE-2023-3397,"A race condition occurred between the functions lmLogClose and txEnd in JFS, in the Linux Kernel, executed in different threads. This flaw allows a local attacker with normal user privileges to crash the system or leak internal kernel information.",Ignore
20230626,CVE-2023-36632,3.1,7.5,1212717,python,https://www.suse.com/security/cve/CVE-2023-36632,"** DISPUTED ** The legacy email.utils.parseaddr function in Python through 3.11.4 allows attackers to trigger \"RecursionError: maximum recursion depth exceeded while calling a Python object\" via a crafted argument. This argument is plausibly an untrusted value from an application's input data that was supposed to contain a name and an e-mail address. NOTE: email.utils.parseaddr is categorized as a Legacy API in the documentation of the Python email package. Applications should instead use the email.parser.BytesParser or email.parser.Parser class. NOTE: the vendor's perspective is that this is neither a vulnerability nor a bug. The email package is intended to have size limits and to throw an exception when limits are exceeded; they were exceeded by the example demonstration code.",Won't fix
20230630,CVE-2023-26966,4.4,5.5,1212881,tiff,https://www.suse.com/security/cve/CVE-2023-26966,"libtiff 4.5.0 is vulnerable to Buffer Overflow in uv_encode() when libtiff reads a corrupted little-endian TIFF file and specifies the output to be big-endian.",Affected
20230703,CVE-2023-33460,6.5,6.5,1212928,libyajl,https://www.suse.com/security/cve/CVE-2023-33460,"There's a memory leak in yajl 2.1.0 with use of yajl_tree_parse function. which will cause out-of-memory in server and cause crash.",Unsupported
20230704,CVE-2023-22387,7.8,7.8,1212971,kernel-source,https://www.suse.com/security/cve/CVE-2023-22387,"Arbitrary memory overwrite when VM gets compromised in TX write leading to Memory Corruption.",Analysis
20230704,CVE-2023-2861,7.5,7.1,1212968,kvm,https://www.suse.com/security/cve/CVE-2023-2861,"A flaw was found in the 9p passthrough filesystem (9pfs) implementation in QEMU. The 9pfs server did not prohibit opening special files on the host side, potentially allowing a malicious client to escape from the exported 9p tree by creating and opening a device file in the shared folder.",Affected
20230706,CVE-2020-25969,4.4,9.8,1213068,gnuplot,https://www.suse.com/security/cve/CVE-2020-25969,"gnuplot v5.5 was discovered to contain a buffer overflow via the function plotrequest().",Affected
20230707,CVE-2023-37454,,5.5,1213122,kernel-source,https://www.suse.com/security/cve/CVE-2023-37454,"An issue was discovered in the Linux kernel through 6.4.2. A crafted UDF filesystem image causes a use-after-free write operation in the udf_put_super and udf_close_lvid functions in fs/udf/super.c. NOTE: the suse.com reference has a different perspective about this.",Analysis
20230710,CVE-2022-2127,5.9,5.9,1213174,samba,https://www.suse.com/security/cve/CVE-2022-2127,"An out-of-bounds read vulnerability was found in Samba due to insufficient length checks in winbindd_pam_auth_crap.c. When performing NTLM authentication, the client replies to cryptographic challenges back to the server. These replies have variable lengths, and Winbind fails to check the lan manager response length. When Winbind is used for NTLM authentication, a maliciously crafted request can trigger an out-of-bounds read in Winbind, possibly resulting in a crash.",Affected
20230710,CVE-2023-3567,7.8,7.1,1213167,kernel-bigmem,https://www.suse.com/security/cve/CVE-2023-3567,"A use-after-free flaw was found in vcs_read in drivers/tty/vt/vc_screen.c in vc_screen in the Linux Kernel. This issue may allow an attacker with local user access to cause a system crash or leak internal kernel information.",Released
20230710,CVE-2023-3567,7.8,7.1,1213167,kernel-default,https://www.suse.com/security/cve/CVE-2023-3567,"A use-after-free flaw was found in vcs_read in drivers/tty/vt/vc_screen.c in vc_screen in the Linux Kernel. This issue may allow an attacker with local user access to cause a system crash or leak internal kernel information.",Released
20230710,CVE-2023-3567,7.8,7.1,1213167,kernel-ec2,https://www.suse.com/security/cve/CVE-2023-3567,"A use-after-free flaw was found in vcs_read in drivers/tty/vt/vc_screen.c in vc_screen in the Linux Kernel. This issue may allow an attacker with local user access to cause a system crash or leak internal kernel information.",Released
20230710,CVE-2023-3567,7.8,7.1,1213167,kernel-pae,https://www.suse.com/security/cve/CVE-2023-3567,"A use-after-free flaw was found in vcs_read in drivers/tty/vt/vc_screen.c in vc_screen in the Linux Kernel. This issue may allow an attacker with local user access to cause a system crash or leak internal kernel information.",Released
20230710,CVE-2023-3567,7.8,7.1,1213167,kernel-ppc64,https://www.suse.com/security/cve/CVE-2023-3567,"A use-after-free flaw was found in vcs_read in drivers/tty/vt/vc_screen.c in vc_screen in the Linux Kernel. This issue may allow an attacker with local user access to cause a system crash or leak internal kernel information.",Released
20230710,CVE-2023-3567,7.8,7.1,1213167,kernel-source,https://www.suse.com/security/cve/CVE-2023-3567,"A use-after-free flaw was found in vcs_read in drivers/tty/vt/vc_screen.c in vc_screen in the Linux Kernel. This issue may allow an attacker with local user access to cause a system crash or leak internal kernel information.",Released
20230710,CVE-2023-3567,7.8,7.1,1213167,kernel-syms,https://www.suse.com/security/cve/CVE-2023-3567,"A use-after-free flaw was found in vcs_read in drivers/tty/vt/vc_screen.c in vc_screen in the Linux Kernel. This issue may allow an attacker with local user access to cause a system crash or leak internal kernel information.",Released
20230710,CVE-2023-3567,7.8,7.1,1213167,kernel-trace,https://www.suse.com/security/cve/CVE-2023-3567,"A use-after-free flaw was found in vcs_read in drivers/tty/vt/vc_screen.c in vc_screen in the Linux Kernel. This issue may allow an attacker with local user access to cause a system crash or leak internal kernel information.",Released
20230710,CVE-2023-3567,7.8,7.1,1213167,kernel-xen,https://www.suse.com/security/cve/CVE-2023-3567,"A use-after-free flaw was found in vcs_read in drivers/tty/vt/vc_screen.c in vc_screen in the Linux Kernel. This issue may allow an attacker with local user access to cause a system crash or leak internal kernel information.",Released
20230713,CVE-1999-0636,-1,-1,1213295,xinetd,https://www.suse.com/security/cve/CVE-1999-0636,"The discard service is running.",Won't fix
20230713,CVE-2023-20569,5.6,4.7,1213287,kernel-firmware,https://www.suse.com/security/cve/CVE-2023-20569,"   A side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address prediction. This may result in speculative execution at an attacker-controlled address, potentially leading to information disclosure.                    ",Affected
20230713,CVE-2023-20569,5.6,4.7,1213287,kernel-source,https://www.suse.com/security/cve/CVE-2023-20569,"   A side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address prediction. This may result in speculative execution at an attacker-controlled address, potentially leading to information disclosure.                    ",Affected
20230713,CVE-2023-20593,6.2,5.5,1213286,kernel-bigmem,https://www.suse.com/security/cve/CVE-2023-20593," An issue in “Zen 2” CPUs, under specific microarchitectural circumstances, may allow an attacker to potentially access sensitive information.       ",Released
20230713,CVE-2023-20593,6.2,5.5,1213286,kernel-default,https://www.suse.com/security/cve/CVE-2023-20593," An issue in “Zen 2” CPUs, under specific microarchitectural circumstances, may allow an attacker to potentially access sensitive information.       ",Released
20230713,CVE-2023-20593,6.2,5.5,1213286,kernel-ec2,https://www.suse.com/security/cve/CVE-2023-20593," An issue in “Zen 2” CPUs, under specific microarchitectural circumstances, may allow an attacker to potentially access sensitive information.       ",Released
20230713,CVE-2023-20593,6.2,5.5,1213286,kernel-firmware,https://www.suse.com/security/cve/CVE-2023-20593," An issue in “Zen 2” CPUs, under specific microarchitectural circumstances, may allow an attacker to potentially access sensitive information.       ",Released
20230713,CVE-2023-20593,6.2,5.5,1213286,kernel-pae,https://www.suse.com/security/cve/CVE-2023-20593," An issue in “Zen 2” CPUs, under specific microarchitectural circumstances, may allow an attacker to potentially access sensitive information.       ",Released
20230713,CVE-2023-20593,6.2,5.5,1213286,kernel-ppc64,https://www.suse.com/security/cve/CVE-2023-20593," An issue in “Zen 2” CPUs, under specific microarchitectural circumstances, may allow an attacker to potentially access sensitive information.       ",Released
20230713,CVE-2023-20593,6.2,5.5,1213286,kernel-source,https://www.suse.com/security/cve/CVE-2023-20593," An issue in “Zen 2” CPUs, under specific microarchitectural circumstances, may allow an attacker to potentially access sensitive information.       ",Released
20230713,CVE-2023-20593,6.2,5.5,1213286,kernel-syms,https://www.suse.com/security/cve/CVE-2023-20593," An issue in “Zen 2” CPUs, under specific microarchitectural circumstances, may allow an attacker to potentially access sensitive information.       ",Released
20230713,CVE-2023-20593,6.2,5.5,1213286,kernel-trace,https://www.suse.com/security/cve/CVE-2023-20593," An issue in “Zen 2” CPUs, under specific microarchitectural circumstances, may allow an attacker to potentially access sensitive information.       ",Released
20230713,CVE-2023-20593,6.2,5.5,1213286,kernel-xen,https://www.suse.com/security/cve/CVE-2023-20593," An issue in “Zen 2” CPUs, under specific microarchitectural circumstances, may allow an attacker to potentially access sensitive information.       ",Released
20230713,CVE-2023-3576,3.3,5.5,1213273,tiff,https://www.suse.com/security/cve/CVE-2023-3576,"A memory leak flaw was found in Libtiff's tiffcrop utility. This issue occurs when tiffcrop operates on a TIFF image file, allowing an attacker to pass a crafted TIFF image file to tiffcrop utility, which causes this memory leak issue, resulting an application crash, eventually leading to a denial of service.",Unsupported
20230713,CVE-2023-3618,5.5,6.5,1213274,tiff,https://www.suse.com/security/cve/CVE-2023-3618,"A flaw was found in libtiff. A specially crafted tiff file can lead to a segmentation fault due to a buffer overflow in the Fax3Encode function in libtiff/tif_fax3.c, resulting in a denial of service.",Unsupported
20230713,CVE-2023-3640,5.5,7,1213271,kernel-source,https://www.suse.com/security/cve/CVE-2023-3640,"A possible unauthorized memory access flaw was found in the Linux kernel's cpu_entry_area mapping of X86 CPU data to memory, where a user may guess the location of exception stacks or other important data. Based on the previous CVE-2023-0597, the 'Randomize per-cpu entry area' feature was implemented in /arch/x86/mm/cpu_entry_area.c, which works through the init_cea_offsets() function when KASLR is enabled. However, despite this feature, there is still a risk of per-cpu entry area leaks. This issue could allow a local user to gain access to some important data with memory in an expected location and potentially escalate their privileges on the system.",Analysis
20230714,CVE-2023-38197,5.5,7.5,1213326,libqt4,https://www.suse.com/security/cve/CVE-2023-38197,"An issue was discovered in Qt before 5.15.15, 6.x before 6.2.10, and 6.3.x through 6.5.x before 6.5.3. There are infinite loops in recursive entity expansion.",Ignore
20230714,CVE-2023-38197,5.5,7.5,1213326,qt3,https://www.suse.com/security/cve/CVE-2023-38197,"An issue was discovered in Qt before 5.15.15, 6.x before 6.2.10, and 6.3.x through 6.5.x before 6.5.3. There are infinite loops in recursive entity expansion.",Unsupported
20230718,CVE-2023-37769,,6.5,1213416,pixman,https://www.suse.com/security/cve/CVE-2023-37769,"stress-test master commit e4c878 was discovered to contain a FPE vulnerability via the component combine_inner at /pixman-combine-float.c.",Analysis
20230719,CVE-2021-32256,2.5,6.5,1213458,binutils,https://www.suse.com/security/cve/CVE-2021-32256,"An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.36. It is a stack-overflow issue in demangle_type in rust-demangle.c.",Ignore
20230719,CVE-2021-33294,2.5,5.5,1213464,elfutils,https://www.suse.com/security/cve/CVE-2021-33294,"In elfutils 0.183, an infinite loop was found in the function handle_symtab in readelf.c .Which allows attackers to cause a denial of service (infinite loop) via crafted file.",Ignore
20230719,CVE-2022-33064,0,7.8,1213453,libsndfile,https://www.suse.com/security/cve/CVE-2022-33064,"An off-by-one error in function wav_read_header in src/wav.c in Libsndfile 1.1.0, results in a write out of bound, which allows an attacker to execute arbitrary code, Denial of Service or other unspecified impacts.",Analysis
20230719,CVE-2022-33065,7.8,7.8,1213451,libsndfile,https://www.suse.com/security/cve/CVE-2022-33065,"Multiple signed integers overflow in function au_read_header in src/au.c and in functions mat4_open and mat4_read_header in src/mat4.c in Libsndfile, allows an attacker to cause Denial of Service or other unspecified impacts.",Won't fix
20230719,CVE-2023-28746,6.5,,1213456,kernel-source,https://www.suse.com/security/cve/CVE-2023-28746,"** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.",Affected
20230719,CVE-2023-3446,5.3,5.3,1213487,openssl,https://www.suse.com/security/cve/CVE-2023-3446,"Issue summary: Checking excessively long DH keys or parameters may be very slow.  Impact summary: Applications that use the functions DH_check(), DH_check_ex() or EVP_PKEY_param_check() to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source this may lead to a Denial of Service.  The function DH_check() performs various checks on DH parameters. One of those checks confirms that the modulus ('p' parameter) is not too large. Trying to use a very large modulus is slow and OpenSSL will not normally use a modulus which is over 10,000 bits in length.  However the DH_check() function checks numerous aspects of the key or parameters that have been supplied. Some of those checks use the supplied modulus value even if it has already been found to be too large.  An application that calls DH_check() and supplies a key or parameters obtained from an untrusted source could be vulernable to a Denial of Service attack.  The function DH_check() is itself called by a number of other OpenSSL functions. An application calling any of those other functions may similarly be affected. The other functions affected by this are DH_check_ex() and EVP_PKEY_param_check().  Also vulnerable are the OpenSSL dhparam and pkeyparam command line applications when using the '-check' option.  The OpenSSL SSL/TLS implementation is not affected by this issue. The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.",Released
20230720,CVE-2023-1386,3.3,3.3,1213501,kvm,https://www.suse.com/security/cve/CVE-2023-1386,"A flaw was found in the 9p passthrough filesystem (9pfs) implementation in QEMU. When a local user in the guest writes an executable file with SUID or SGID, none of these privileged bits are correctly dropped. As a result, in rare circumstances, this flaw could be used by malicious users in the guest to elevate their privileges within the guest and help a host local user to elevate privileges on the host.",Analysis
20230720,CVE-2023-38408,7.5,9.8,1213504,openssh,https://www.suse.com/security/cve/CVE-2023-38408,"The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system. (Code in /usr/lib is not necessarily safe for loading into ssh-agent.) NOTE: this issue exists because of an incomplete fix for CVE-2016-10009.",Unsupported
20230724,CVE-2023-3776,7,7.8,1213588,kernel-source,https://www.suse.com/security/cve/CVE-2023-3776,"A use-after-free vulnerability in the Linux kernel's net/sched: cls_fw component can be exploited to achieve local privilege escalation.  If tcf_change_indev() fails, fw_set_parms() will immediately return an error after incrementing or decrementing the reference counter in tcf_bind_filter(). If an attacker can control the reference counter and set it to zero, they can cause the reference to be freed, leading to a use-after-free vulnerability.  We recommend upgrading past commit 0323bce598eea038714f941ce2b22541c46d488f.  ",Released
20230808,CVE-2023-36054,8.8,6.5,1214054,krb5,https://www.suse.com/security/cve/CVE-2023-36054,"lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticated user can trigger a kadmind crash. This occurs because _xdr_kadm5_principal_ent_rec does not validate the relationship between n_key_data and the key_data array count.",Unsupported
20230823,CVE-2020-22218,7.5,7.5,1214527,libssh2_org,https://www.suse.com/security/cve/CVE-2020-22218,"An issue was discovered in function _libssh2_packet_add in libssh2 1.10.0 allows attackers to access out of bounds memory.",Affected
20230824,CVE-2020-19726,7.8,8.8,1214565,binutils,https://www.suse.com/security/cve/CVE-2020-19726,"An issue was discovered in binutils libbfd.c 2.36 relating to the auxiliary symbol data allows attackers to read or write to system memory or cause a denial of service.",Analysis
20230824,CVE-2020-35342,,7.5,1214563,binutils,https://www.suse.com/security/cve/CVE-2020-35342,"GNU Binutils before 2.34 has an uninitialized-heap vulnerability in function tic4x_print_cond (file opcodes/tic4x-dis.c) which could allow attackers to make an information leak.",Affected
20230824,CVE-2022-44840,7.8,7.8,1214580,binutils,https://www.suse.com/security/cve/CVE-2022-44840,"Heap buffer overflow vulnerability in binutils readelf before 2.40 via function find_section_in_set in file readelf.c.",Analysis
20230828,CVE-2023-40217,7.4,5.3,1214692,python,https://www.suse.com/security/cve/CVE-2023-40217,"An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, 3.10.x before 3.10.13, and 3.11.x before 3.11.5. It primarily affects servers (such as HTTP servers) that use TLS client authentication. If a TLS server-side socket is created, receives data into the socket buffer, and then is closed quickly, there is a brief window where the SSLSocket instance will detect the socket as \"not connected\" and won't initiate a handshake, but buffered data will still be readable from the socket buffer. This data will not be authenticated if the server-side TLS peer is expecting client certificate authentication, and is indistinguishable from valid TLS stream data. Data is limited in size to the amount that will fit in the buffer. (The TLS connection cannot directly be used for data exfiltration because the vulnerable code path requires that the connection be closed on initialization of the SSLSocket.)",Affected
20230904,CVE-2023-4738,7.8,7.8,1214922,vim,https://www.suse.com/security/cve/CVE-2023-4738,"Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1848.",Affected
20230904,CVE-2023-4751,7.8,7.8,1214921,vim,https://www.suse.com/security/cve/CVE-2023-4751,"Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1331.",Affected
20230905,CVE-2023-4733,8.2,7.8,1215004,vim,https://www.suse.com/security/cve/CVE-2023-4733,"Use After Free in GitHub repository vim/vim prior to 9.0.1840.",Affected
20230905,CVE-2023-4750,7.8,7.8,1215005,vim,https://www.suse.com/security/cve/CVE-2023-4750,"Use After Free in GitHub repository vim/vim prior to 9.0.1857.",Affected
20230905,CVE-2023-4752,7.8,7.8,1215006,vim,https://www.suse.com/security/cve/CVE-2023-4752,"Use After Free in GitHub repository vim/vim prior to 9.0.1858.",Affected
20230906,CVE-2023-4781,7.8,7.8,1215033,vim,https://www.suse.com/security/cve/CVE-2023-4781,"Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1873.",Affected
20230907,CVE-2023-40547,7.1,8.3,1215098,shim,https://www.suse.com/security/cve/CVE-2023-40547,"A remote code execution vulnerability was found in Shim. The Shim boot support trusts attacker-controlled values when parsing an HTTP response. This flaw allows an attacker to craft a specific malicious HTTP request, leading to a completely controlled out-of-bounds write primitive and complete system compromise. This flaw is only exploitable during the early boot phase, an attacker needs to perform a Man-in-the-Middle or compromise the boot server to be able to exploit this vulnerability successfully.",Affected
20230907,CVE-2023-4623,7.8,7.8,1215115,kernel-source,https://www.suse.com/security/cve/CVE-2023-4623,"A use-after-free vulnerability in the Linux kernel's net/sched: sch_hfsc (HFSC qdisc traffic control) component can be exploited to achieve local privilege escalation.  If a class with a link-sharing curve (i.e. with the HFSC_FSC flag set) has a parent without a link-sharing curve, then init_vf() will call vttree_insert() on the parent, but vttree_remove() will be skipped in update_vf(). This leaves a dangling pointer that can cause a use-after-free.  We recommend upgrading past commit b3d26c5702c7d6c45456326e56d2ccf3f103e60f.  ",Released
20230911,CVE-2023-4504,8.8,7,1215204,cups,https://www.suse.com/security/cve/CVE-2023-4504,"Due to failure in validating the length provided by an attacker-crafted PPD PostScript document, CUPS and libppd are susceptible to a heap-based buffer overflow and possibly code execution. This issue has been fixed in CUPS version 2.4.7, released in September of 2023. ",Affected
20230919,CVE-2023-3341,7.5,7.5,1215472,bind,https://www.suse.com/security/cve/CVE-2023-3341,"The code that processes control channel messages sent to `named` calls certain functions recursively during packet parsing. Recursion depth is only limited by the maximum accepted packet size; depending on the environment, this may cause the packet-parsing code to run out of available stack memory, causing `named` to terminate unexpectedly. Since each incoming control channel message is fully parsed before its contents are authenticated, exploiting this flaw does not require the attacker to hold a valid RNDC key; only network access to the control channel's configured TCP port is necessary. This issue affects BIND 9 versions 9.2.0 through 9.16.43, 9.18.0 through 9.18.18, 9.19.0 through 9.19.16, 9.9.3-S1 through 9.16.43-S1, and 9.18.0-S1 through 9.18.18-S1.",Unsupported
20230919,CVE-2023-43115,8.8,8.8,1215466,ghostscript-library,https://www.suse.com/security/cve/CVE-2023-43115,"In Artifex Ghostscript through 10.01.2, gdevijs.c in GhostPDL can lead to remote code execution via crafted PostScript documents because they can switch to the IJS device, or change the IjsServer parameter, after SAFER has been activated. NOTE: it is a documented risk that the IJS server can be specified on a gs command line (the IJS device inherently must execute a command to start the IJS server).",Affected
20230929,CVE-2022-23820,7.5,9.8,1215831,kernel-firmware,https://www.suse.com/security/cve/CVE-2022-23820,"Failure to validate the AMD SMM communication buffer may allow an attacker to corrupt the SMRAM potentially leading to arbitrary code execution.         ",Affected
20231004,CVE-2023-4692,7.8,7.8,1215935,grub2,https://www.suse.com/security/cve/CVE-2023-4692,"An out-of-bounds write flaw was found in grub2's NTFS filesystem driver. This issue may allow an attacker to present a specially crafted NTFS filesystem image, leading to grub's heap metadata corruption. In some circumstances, the attack may also corrupt the UEFI firmware heap metadata. As a result, arbitrary code execution and secure boot protection bypass may be achieved.",Affected
20231011,CVE-2023-5367,7.8,7.8,1216135,xorg-x11-server,https://www.suse.com/security/cve/CVE-2023-5367,"A out-of-bounds write flaw was found in the xorg-x11-server. This issue occurs due to an incorrect calculation of a buffer offset when copying data stored in the heap in the XIChangeDeviceProperty function in Xi/xiproperty.c and in RRChangeOutputProperty function in randr/rrproperty.c, allowing for possible escalation of privileges or denial of service.",Affected
20231012,CVE-2023-5535,7.8,7.8,1216167,vim,https://www.suse.com/security/cve/CVE-2023-5535,"Use After Free in GitHub repository vim/vim prior to v9.0.2010.",Affected
20231108,CVE-2023-5868,7.5,4.3,1216962,postgresql94,https://www.suse.com/security/cve/CVE-2023-5868,"A memory disclosure vulnerability was found in PostgreSQL that allows remote users to access sensitive information by exploiting certain aggregate function calls with 'unknown'-type arguments. Handling 'unknown'-type values from string literals without type designation can disclose bytes, potentially revealing notable and confidential information. This issue exists due to excessive data output in aggregate function calls, enabling remote users to read some portion of system memory.",Unsupported
20231108,CVE-2023-5869,9.8,8.8,1216961,postgresql94,https://www.suse.com/security/cve/CVE-2023-5869,"A flaw was found in PostgreSQL that allows authenticated database users to execute arbitrary code through missing overflow checks during SQL array value modification. This issue exists due to an integer overflow during array modification where a remote user can trigger the overflow by providing specially crafted data. This enables the execution of arbitrary code on the target system, allowing users to write arbitrary bytes to memory and extensively read the server's memory.",Unsupported
20231113,CVE-2023-4949,8.1,6.7,1217067,grub,https://www.suse.com/security/cve/CVE-2023-4949,"An attacker with local access to a system (either through a disk or external drive) can present a modified XFS partition to grub-legacy in such a way to exploit a memory corruption in grub�s XFS file system implementation. ",Affected
20231204,CVE-2023-6377,8.4,7.8,1217765,xorg-x11-server,https://www.suse.com/security/cve/CVE-2023-6377,"A flaw was found in xorg-server. Querying or changing XKB button actions such as moving from a touchpad to a mouse can result in out-of-bounds memory reads and writes. This may allow local privilege escalation or possible remote code execution in cases where X11 forwarding is involved.",Unsupported
20231220,CVE-2023-6932,7,7,1218253,kernel-source,https://www.suse.com/security/cve/CVE-2023-6932,"A use-after-free vulnerability in the Linux kernel's ipv4: igmp component can be exploited to achieve local privilege escalation.  A race condition can be exploited to cause a timer be mistakenly registered on a RCU read locked object which is freed by another thread.  We recommend upgrading past commit e2b706c691905fe78468c361aaabc719d0a496f1.  ",Released
20240105,CVE-2023-51779,7,,1218559,kernel-source,https://www.suse.com/security/cve/CVE-2023-51779,"** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.",Released
20240105,CVE-2023-6270,7,7,1218562,kernel-source,https://www.suse.com/security/cve/CVE-2023-6270,"A flaw was found in the ATA over Ethernet (AoE) driver in the Linux kernel. The aoecmd_cfg_pkts() function improperly updates the refcnt on `struct net_device`, and a use-after-free can be triggered by racing between the free on the struct and the access through the `skbtxq` global queue. This could lead to a denial of service condition or potential code execution.",Affected
20240107,CVE-2023-6816,8.4,9.8,1218582,xorg-x11-server,https://www.suse.com/security/cve/CVE-2023-6816,"A flaw was found in X.Org server. Both DeviceFocusEvent and the XIQueryPointer reply contain a bit for each logical button currently down. Buttons can be arbitrarily mapped to any value up to 255, but the X.Org Server was only allocating space for the device's particular number of buttons, leading to a heap overflow if a bigger value was used.",Unsupported
20240107,CVE-2024-0229,8.4,,1218583,xorg-x11-server,https://www.suse.com/security/cve/CVE-2024-0229,"An out-of-bounds memory access flaw was found in the X.Org server. This issue can be triggered when a device frozen by a sync grab is reattached to a different master device. This issue may lead to an application crash, local privilege escalation (if the server runs with extended privileges), or remote code execution in SSH X11 forwarding environments.",Unsupported
20240107,CVE-2024-21885,8.4,,1218584,xorg-x11-server,https://www.suse.com/security/cve/CVE-2024-21885,"A flaw was found in X.Org server. In the XISendDeviceHierarchyEvent function, it is possible to exceed the allocated array length when certain new device IDs are added to the xXIHierarchyInfo struct. This can trigger a heap buffer overflow condition, which may lead to an application crash or remote code execution in SSH X11 forwarding environments.",Unsupported
20240107,CVE-2024-21886,8.4,,1218585,xorg-x11-server,https://www.suse.com/security/cve/CVE-2024-21886,"A heap buffer overflow flaw was found in the DisableDevice function in the X.Org server. This issue may lead to an application crash or, in some circumstances, remote code execution in SSH X11 forwarding environments.",Unsupported
20240111,CVE-2023-51780,7.8,7,1218730,kernel-source,https://www.suse.com/security/cve/CVE-2023-51780,"An issue was discovered in the Linux kernel before 6.6.8. do_vcc_ioctl in net/atm/ioctl.c has a use-after-free because of a vcc_recvmsg race condition.",Affected
20240119,CVE-2023-42465,7,7,1219026,sudo,https://www.suse.com/security/cve/CVE-2023-42465,"Sudo before 1.9.15 might allow row hammer attacks (for authentication bypass or privilege escalation) because application logic sometimes is based on not equaling an error value (instead of equaling a success value), and because the values do not resist flips of a single bit.",Affected
20240207,CVE-2024-0985,8,8,1219679,postgresql94,https://www.suse.com/security/cve/CVE-2024-0985,"Late privilege drop in REFRESH MATERIALIZED VIEW CONCURRENTLY in PostgreSQL allows an object creator to execute arbitrary SQL functions as the command issuer. The command intends to run SQL functions as the owner of the materialized view, enabling safe refresh of untrusted materialized views. The victim is a superuser or member of one of the attacker's roles. The attack requires luring the victim into running REFRESH MATERIALIZED VIEW CONCURRENTLY on the attacker's materialized view. As part of exploiting this vulnerability, the attacker creates functions that use CREATE RULE to convert the internally-built temporary table to a view. Versions before PostgreSQL 15.6, 14.11, 13.14, and 12.18 are affected. The only known exploit does not work in PostgreSQL 16 and later. For defense in depth, PostgreSQL 16.2 adds the protections that older branches are using to fix their vulnerability.",Affected
20240212,CVE-2023-4408,7.5,,1219851,bind,https://www.suse.com/security/cve/CVE-2023-4408,"The DNS message parsing code in `named` includes a section whose computational complexity is overly high. It does not cause problems for typical DNS traffic, but crafted queries and responses may cause excessive CPU load on the affected `named` instance by exploiting this flaw. This issue affects both authoritative servers and recursive resolvers. This issue affects BIND 9 versions 9.0.0 through 9.16.45, 9.18.0 through 9.18.21, 9.19.0 through 9.19.19, 9.9.3-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.45-S1, and 9.18.11-S1 through 9.18.21-S1.",Affected
20240212,CVE-2023-4408,7.5,,1219851,dnsmasq,https://www.suse.com/security/cve/CVE-2023-4408,"The DNS message parsing code in `named` includes a section whose computational complexity is overly high. It does not cause problems for typical DNS traffic, but crafted queries and responses may cause excessive CPU load on the affected `named` instance by exploiting this flaw. This issue affects both authoritative servers and recursive resolvers. This issue affects BIND 9 versions 9.0.0 through 9.16.45, 9.18.0 through 9.18.21, 9.19.0 through 9.19.19, 9.9.3-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.45-S1, and 9.18.11-S1 through 9.18.21-S1.",Affected
20240212,CVE-2023-50387,7.5,7.5,1219823,bind,https://www.suse.com/security/cve/CVE-2023-50387,"Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of service (CPU consumption) via one or more DNSSEC responses, aka the \"KeyTrap\" issue. One of the concerns is that, when there is a zone with many DNSKEY and RRSIG records, the protocol specification implies that an algorithm must evaluate all combinations of DNSKEY and RRSIG records.",Affected
20240212,CVE-2023-50387,7.5,7.5,1219823,dnsmasq,https://www.suse.com/security/cve/CVE-2023-50387,"Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of service (CPU consumption) via one or more DNSSEC responses, aka the \"KeyTrap\" issue. One of the concerns is that, when there is a zone with many DNSKEY and RRSIG records, the protocol specification implies that an algorithm must evaluate all combinations of DNSKEY and RRSIG records.",Affected
20240212,CVE-2023-50868,7.5,,1219826,bind,https://www.suse.com/security/cve/CVE-2023-50868,"The Closest Encloser Proof aspect of the DNS protocol (in RFC 5155 when RFC 9276 guidance is skipped) allows remote attackers to cause a denial of service (CPU consumption for SHA-1 computations) via DNSSEC responses in a random subdomain attack, aka the \"NSEC3\" issue. The RFC 5155 specification implies that an algorithm must perform thousands of iterations of a hash function in certain situations.",Affected
20240212,CVE-2023-50868,7.5,,1219826,dnsmasq,https://www.suse.com/security/cve/CVE-2023-50868,"The Closest Encloser Proof aspect of the DNS protocol (in RFC 5155 when RFC 9276 guidance is skipped) allows remote attackers to cause a denial of service (CPU consumption for SHA-1 computations) via DNSSEC responses in a random subdomain attack, aka the \"NSEC3\" issue. The RFC 5155 specification implies that an algorithm must perform thousands of iterations of a hash function in certain situations.",Affected
20240215,CVE-2023-52160,7.5,6.5,1219975,wpa_supplicant,https://www.suse.com/security/cve/CVE-2023-52160,"The implementation of PEAP in wpa_supplicant through 2.10 allows authentication bypass. For a successful attack, wpa_supplicant must be configured to not verify the network's TLS certificate during Phase 1 authentication, and an eap_peap_decrypt vulnerability can then be abused to skip Phase 2 authentication. The attack vector is sending an EAP-TLV Success packet instead of starting Phase 2. This allows an adversary to impersonate Enterprise Wi-Fi networks.",Affected
20240219,CVE-2022-48624,7.8,,1219901,less,https://www.suse.com/security/cve/CVE-2022-48624,"close_altfile in filename.c in less before 606 omits shell_quote calls for LESSCLOSE.",Affected
20240222,CVE-2024-24476,7.5,,1220181,wireshark,https://www.suse.com/security/cve/CVE-2024-24476,"** DISPUTED ** A buffer overflow in Wireshark before 4.2.0 allows a remote attacker to cause a denial of service via the pan/addr_resolv.c, and ws_manuf_lookup_str(), size components. NOTE: this is disputed by the vendor because neither release 4.2.0 nor any other release was affected.",Affected
20240222,CVE-2024-24478,7.5,,1220180,wireshark,https://www.suse.com/security/cve/CVE-2024-24478,"** DISPUTED ** An issue in Wireshark before 4.2.0 allows a remote attacker to cause a denial of service via the packet-bgp.c, dissect_bgp_open(tvbuff_t*tvb, proto_tree*tree, packet_info*pinfo), optlen components. NOTE: this is disputed by the vendor because neither release 4.2.0 nor any other release was affected.",Affected
20240222,CVE-2024-24479,7.5,,1220179,wireshark,https://www.suse.com/security/cve/CVE-2024-24479,"** DISPUTED ** A Buffer Overflow in Wireshark before 4.2.0 allows a remote attacker to cause a denial of service via the wsutil/to_str.c, and format_fractional_part_nsecs components. NOTE: this is disputed by the vendor because neither release 4.2.0 nor any other release was affected.",Affected
20240301,CVE-2024-26458,7.5,,1220770,krb5,https://www.suse.com/security/cve/CVE-2024-26458,"Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.",Analysis
20240301,CVE-2024-26461,7.5,,1220771,krb5,https://www.suse.com/security/cve/CVE-2024-26461,"Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.",Analysis
20240301,CVE-2024-26462,7.5,,1220772,krb5,https://www.suse.com/security/cve/CVE-2024-26462,"Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/kdc/ndr.c.",Analysis
20240306,CVE-2023-52591,,,1221044,kernel-source,https://www.suse.com/security/cve/CVE-2023-52591,"In the Linux kernel, the following vulnerability has been resolved:  reiserfs: Avoid touching renamed directory if parent does not change  The VFS will not be locking moved directory if its parent does not change. Change reiserfs rename code to avoid touching renamed directory if its parent does not change as without locking that can corrupt the filesystem.",Analysis